CCM-5100: Move branch and auth client creation into separate module

NHSDigital · Jun 28, 2024 · acac2a1 · acac2a1
1 parent 508d658
commit acac2a1
Show file tree

Hide file tree

Showing 15 changed files with 179 additions and 11 deletions.
diff --git a/infrastructure/environments/dev/locals.tf b/infrastructure/environments/dev/locals.tf
@@ -1,3 +1,3 @@
 locals {
-  app_domain_name = "app.${var.environment}.${module.route53-zone.zone_name}"
+  app_domain_name = "app.${module.route53-zone.zone_name}"
 }
diff --git a/infrastructure/environments/dev/module-amplify-branch.tf b/infrastructure/environments/dev/module-amplify-branch.tf
@@ -10,4 +10,5 @@ module "amplify_branch" {
   amplify_app_id                            = module.amplify_app.app_id
   branch                                    = var.branch
   domain_name                               = local.app_domain_name
+  subdomain                                 = var.environment
 }
diff --git a/infrastructure/environments/dev/outputs.tf b/infrastructure/environments/dev/outputs.tf
@@ -0,0 +1,15 @@
+output "user_pool_id" {
+  value = module.userpool.user_pool_id
+}
+
+output "identity_provider_names" {
+  value = module.userpool.identity_provider_names
+}
+
+output "app_id" {
+  value = module.amplify_app.app_id
+}
+
+output "zone_name" {
+  value = module.route53-zone.zone_name
+}
diff --git a/infrastructure/environments/dynamic/.terraform.lock.hcl b/infrastructure/environments/dynamic/.terraform.lock.hcl
diff --git a/infrastructure/environments/dynamic/backend.tf b/infrastructure/environments/dynamic/backend.tf
@@ -0,0 +1,5 @@
+terraform {
+  backend "s3" {
+    region = "eu-west-2"
+  }
+}
diff --git a/infrastructure/environments/dynamic/dev.s3.tfbackend b/infrastructure/environments/dynamic/dev.s3.tfbackend
@@ -0,0 +1,3 @@
+bucket         = "tf-state-975050048865"
+key            = "dynamic/branch.tfstate"
+# dynamodb_table = "${project}-terraform-statelock"
diff --git a/infrastructure/environments/dynamic/locals.tf b/infrastructure/environments/dynamic/locals.tf
@@ -0,0 +1,17 @@
+data "aws_caller_identity" "current" {}
+
+data "terraform_remote_state" "state" {
+  backend = "s3"
+  config = {
+    region = "eu-west-2"
+    bucket = "tf-state-${data.aws_caller_identity.current.account_id}"
+    key    = "auth/dev.tfstate"
+  }
+}
+
+locals {
+  app_domain_name         = "app.${data.terraform_remote_state.state.outputs.zone_name}"
+  user_pool_id            = data.terraform_remote_state.state.outputs.user_pool_id
+  identity_provider_names = data.terraform_remote_state.state.outputs.identity_provider_names
+  app_id                  = data.terraform_remote_state.state.outputs.app_id
+}
diff --git a/infrastructure/environments/dynamic/module-amplify-branch.tf b/infrastructure/environments/dynamic/module-amplify-branch.tf
@@ -0,0 +1,14 @@
+module "amplify_branch" {
+  source      = "../../modules/amplify-branch"
+  domain      = var.domain
+  environment = var.environment
+  component   = var.component
+  stage       = var.stage
+
+  cognito_user_pool_id                      = local.user_pool_id
+  cognito_user_pool_identity_provider_names = local.identity_provider_names
+  amplify_app_id                            = local.app_id
+  branch                                    = "abcd01/CCM-1500-test" #var.branch # TODO get branch name from dynamic env setup
+  subdomain                                 = var.environment
+  domain_name                               = local.app_domain_name
+}
diff --git a/infrastructure/environments/dynamic/provider.tf b/infrastructure/environments/dynamic/provider.tf
@@ -0,0 +1,3 @@
+provider "aws" {
+  region = "eu-west-2"
+}
diff --git a/infrastructure/environments/dynamic/variables.tf b/infrastructure/environments/dynamic/variables.tf
@@ -0,0 +1,24 @@
+variable "domain" {
+  type    = string
+  default = "iam"
+}
+
+variable "stage" {
+  type    = string
+  default = "nonprod"
+}
+
+variable "environment" {
+  type    = string
+  default = "dynamic"
+}
+
+variable "component" {
+  type    = string
+  default = "auth"
+}
+
+variable "branch" {
+  type    = string
+  default = "custom-branch" # currently ignored
+}
diff --git a/infrastructure/environments/dynamic/versions.tf b/infrastructure/environments/dynamic/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.55.0"
+    }
+
+    awscc = {
+      source  = "hashicorp/awscc"
+      version = "0.74.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "3.4.2"
+    }
+  }
+
+  required_version = ">= 1.3.0"
+}
diff --git a/infrastructure/modules/amplify-app/amplify-app.tf b/infrastructure/modules/amplify-app/amplify-app.tf
@@ -7,7 +7,8 @@ resource "aws_amplify_app" "app" {
   access_token = var.github_pat
 
   # Only enable automation for dev environment
-  enable_auto_branch_creation = var.environment == "dev"
+  # TODO If we want to enable branch creation we need to move the setup in modules/amplify-branch to the CDK setup
+  enable_auto_branch_creation = false #var.environment == "dev"
   enable_branch_auto_build    = var.environment == "dev"
   auto_branch_creation_patterns = [
     "*",

diff --git a/infrastructure/modules/amplify-branch/amplify-branch.tf b/infrastructure/modules/amplify-branch/amplify-branch.tf
@@ -1,8 +1,8 @@
-resource "aws_amplify_branch" "main" {
+resource "aws_amplify_branch" "branch" {
   app_id       = var.amplify_app_id
   branch_name  = var.branch
   display_name = var.subdomain
-  description  = "Main branch used for this amplify app"
+  description  = "${var.branch}"
   enable_pull_request_preview = false # PR previews are not supported for public repos
 
   environment_variables = {
@@ -15,14 +15,14 @@ resource "aws_amplify_branch" "main" {
 
 resource "aws_amplify_domain_association" "domain" {
   app_id      = var.amplify_app_id
-  domain_name = var.domain_name
-  enable_auto_sub_domain = var.environment == "dev"
+  domain_name = "${var.subdomain}.${var.domain_name}"
+  enable_auto_sub_domain = false
 
   # Wait for domain verification in prod stage environments
   wait_for_verification = var.stage == "prod"
 
   sub_domain {
-    branch_name = aws_amplify_branch.main.branch_name
-    prefix      = var.subdomain
+    branch_name = aws_amplify_branch.branch.branch_name
+    prefix      = ""
   }
 }
diff --git a/infrastructure/modules/amplify-branch/locals.tf b/infrastructure/modules/amplify-branch/locals.tf
@@ -1,5 +1,3 @@
-data "aws_caller_identity" "current" {}
-
 locals {
   # Compound Scope Identifier
   csi = replace(

diff --git a/infrastructure/modules/amplify-branch/variables.tf b/infrastructure/modules/amplify-branch/variables.tf
@@ -44,5 +44,5 @@ variable "domain_name" {
 variable "subdomain" {
   type        = string
   default     = "main"
-  description = "Subdomain used as the 'release' branch alias"
+  description = "Subdomain used as the branch alias"
 }