From 32c77a961edd8d0db29f97b0698f1f24007fa80f Mon Sep 17 00:00:00 2001 From: Will Gibson <8738245+WillGibson@users.noreply.github.com> Date: Tue, 9 Apr 2024 09:33:37 +0100 Subject: [PATCH 1/4] test: DBTP-854 Add more monitoring module tests (#48) --- monitoring/locals.tf | 7 ++ monitoring/main.tf | 4 +- monitoring/tests/monitoring.tftest.hcl | 109 +++++++++++++++++++++++-- 3 files changed, 111 insertions(+), 9 deletions(-) diff --git a/monitoring/locals.tf b/monitoring/locals.tf index 54a975c29..93130bc45 100644 --- a/monitoring/locals.tf +++ b/monitoring/locals.tf @@ -1,2 +1,9 @@ locals { + tags = { + application = var.application + environment = var.environment + managed-by = "DBT Platform - Terraform" + copilot-application = var.application + copilot-environment = var.environment + } } diff --git a/monitoring/main.tf b/monitoring/main.tf index 8fd981487..874e693b5 100644 --- a/monitoring/main.tf +++ b/monitoring/main.tf @@ -81,11 +81,11 @@ resource "aws_resourcegroups_group" "application-insights-resources" { ResourceTypeFilters = ["AWS::AllSupported"] TagFilters = [ { - Key = "copilot-application", + Key = "copilot-application" Values = [var.application] }, { - Key = "copilot-environment", + Key = "copilot-environment" Values = [var.environment] } ] diff --git a/monitoring/tests/monitoring.tftest.hcl b/monitoring/tests/monitoring.tftest.hcl index cb654ef51..f582ce260 100644 --- a/monitoring/tests/monitoring.tftest.hcl +++ b/monitoring/tests/monitoring.tftest.hcl @@ -7,22 +7,117 @@ variables { } } +# Compute dashboard run "test_compute_dashboard_is_created" { command = plan - variables { - application = "my_app" - environment = "my_env" - vpc_name = "terraform-tests-vpc" + assert { + condition = aws_cloudwatch_dashboard.compute.dashboard_name == "test-application-test-environment-compute" + error_message = "dashboard_name is incorrect" + } + + # Test widgets are created + # Not checking the whole queries as we would just have to replicate the code from the manifest, which would not add much value, so we're just going to check that the expected widgets exist. + assert { + condition = jsondecode(aws_cloudwatch_dashboard.compute.dashboard_body).widgets[0].properties.title == "All Fargate Tasks Configuration and Consumption Details (CPU and Memory)" + error_message = "Configuration and Consumption Details (CPU and Memory) widget is not created" + } + + assert { + condition = jsondecode(aws_cloudwatch_dashboard.compute.dashboard_body).widgets[1].properties.title == "Top 10 Fargate Tasks with Optimization Opportunities (CPU)" + error_message = "Optimization Opportunities (CPU) widget is not created" + } + + assert { + condition = jsondecode(aws_cloudwatch_dashboard.compute.dashboard_body).widgets[2].properties.title == "Top 10 Fargate Tasks with Optimization Opportunities (Memory)" + error_message = "Optimization Opportunities (Memory) widget is not created" + } + + assert { + condition = jsondecode(aws_cloudwatch_dashboard.compute.dashboard_body).widgets[3].properties.title == "CPU Reserved Vs Avg Usage (All Fargate Tasks)" + error_message = "CPU Reserved Vs Avg Usage widget is not created" + } + + assert { + condition = jsondecode(aws_cloudwatch_dashboard.compute.dashboard_body).widgets[4].properties.title == "Memory Reserved Vs Avg Usage (All Fargate Tasks)" + error_message = "Memory Reserved Vs Avg Usage widget is not created" + } +} + +# Application insights +run "test_application_insights_resource_group_is_created" { + command = plan + + assert { + condition = aws_resourcegroups_group.application-insights-resources.name == "test-application-test-environment-application-insights-resources" + error_message = "name is incorrect" + } + + assert { + condition = aws_resourcegroups_group.application-insights-resources.resource_query[0].type == "TAG_FILTERS_1_0" + error_message = "resource_query type is incorrect" + } + + assert { + condition = jsondecode(aws_resourcegroups_group.application-insights-resources.resource_query[0].query).ResourceTypeFilters == [ + "AWS::AllSupported" + ] + error_message = "ResourceTypeFilters is incorrect" + } + + assert { + condition = contains( + jsondecode(aws_resourcegroups_group.application-insights-resources.resource_query[0].query).TagFilters, + { + Key = "copilot-application" + Values = ["test-application"] + } + ) + error_message = "Application TagFilter is incorrect" + } + assert { + condition = contains( + jsondecode(aws_resourcegroups_group.application-insights-resources.resource_query[0].query).TagFilters, + { + Key = "copilot-environment" + Values = ["test-environment"] + } + ) + error_message = "Environment TagFilter is incorrect" + } +} + +run "test_application_insights_application_is_created" { + command = plan + + assert { + condition = aws_applicationinsights_application.application-insights.resource_group_name == "test-application-test-environment-application-insights-resources" + error_message = "resource_group_name is incorrect" + } + + assert { + condition = aws_applicationinsights_application.application-insights.auto_config_enabled == true + error_message = "auto_config_enabled should be true" + } + + assert { + condition = aws_applicationinsights_application.application-insights.ops_center_enabled == true + error_message = "ops_center_enabled should be true" + } +} + +run "test_application_insights_application_can_be_created_with_ops_center_disabled" { + command = plan + + variables { config = { enable_ops_center = false } } - # Compute Dashboard assert { - condition = aws_cloudwatch_dashboard.compute.dashboard_name == "my_app-my_env-compute" - error_message = "dashboard_name is incorrect" + condition = aws_applicationinsights_application.application-insights.ops_center_enabled == false + error_message = "ops_center_enabled should be false" } } From c51bb7abec366599ead5da15861059d97ece7eb4 Mon Sep 17 00:00:00 2001 From: Adam Wozencroft <106593773+adamwozencroft@users.noreply.github.com> Date: Tue, 9 Apr 2024 13:39:58 +0100 Subject: [PATCH 2/4] feat: (DBTP-855) Add tests for Postgres (#30) Co-authored-by: James Moore Co-authored-by: Will Gibson <8738245+WillGibson@users.noreply.github.com> Co-authored-by: Anthony Roy <81255001+antroy-madetech@users.noreply.github.com> Co-authored-by: Jayesh Patel Co-authored-by: Lyndon Garvey <237923+lgarvey@users.noreply.github.com> --- postgres/tests/postgres.tftest.hcl | 464 +++++++++++++++++++++++++++++ 1 file changed, 464 insertions(+) create mode 100644 postgres/tests/postgres.tftest.hcl diff --git a/postgres/tests/postgres.tftest.hcl b/postgres/tests/postgres.tftest.hcl new file mode 100644 index 000000000..5cb77561f --- /dev/null +++ b/postgres/tests/postgres.tftest.hcl @@ -0,0 +1,464 @@ +override_data { + target = data.aws_security_group.rds-endpoint + values = { + name = "sandbox-postgres-rds-endpoint-sg" + } +} + +override_data { + target = data.aws_vpc.vpc + values = { + id = "vpc-00112233aabbccdef" + cidr_block = "10.0.0.0/16" + } +} +override_data { + target = data.aws_subnets.private-subnets + values = { + ids = ["subnet-000111222aaabbb01"] + } +} + +variables { + application = "test-application" + environment = "test-environment" + name = "test-name" + vpc_name = "sandbox-postgres" + config = { + version = 14, + deletion_protection = true, + multi_az = false, + } +} + + +run "aws_security_group_unit_test" { + command = plan + + assert { + condition = aws_security_group.default.name == "test-application-test-environment-test-name" + error_message = "Invalid name for aws_security_group.default" + } + + assert { + condition = aws_security_group.default.revoke_rules_on_delete == false + error_message = "Config for aws_security_group.default.revoke_rules_on_delete should be false." + } + + assert { + condition = aws_security_group.default.tags.application == "test-application" + error_message = "Invalid tags for aws_security_group.default application" + } + + assert { + condition = aws_security_group.default.tags.environment == "test-environment" + error_message = "Invalid tags for aws_security_group.default copilot-environment" + } + + assert { + condition = aws_security_group.default.tags.copilot-application == "test-application" + error_message = "Invalid tags for aws_security_group.default application" + } + + assert { + condition = aws_security_group.default.tags.copilot-environment == "test-environment" + error_message = "Invalid tags for aws_security_group.default copilot-environment" + } + + assert { + condition = aws_security_group.default.tags.managed-by == "DBT Platform - Terraform" + error_message = "Invalid tags for aws_security_group.default managed-by" + } +} + +run "aws_db_parameter_group_unit_test" { + command = plan + + assert { + condition = aws_db_parameter_group.default.name == "test-application-test-environment-test-name-postgres14" + error_message = "Invalid name for aws_db_parameter_group.default" + } + + assert { + condition = aws_db_parameter_group.default.family == "postgres14" + error_message = "Invalid family for aws_db_parameter_group.default" + } + + assert { + condition = [for el in aws_db_parameter_group.default.parameter : el.value if el.name == "client_encoding"][0] == "utf8" + error_message = "Invalid value for for aws_db_parameter_group.default client_encoding parameter" + } + + assert { + condition = [for el in aws_db_parameter_group.default.parameter : el.value if el.name == "log_statement"][0] == "ddl" + error_message = "Invalid value for for aws_db_parameter_group.default log_statement parameter" + } + + assert { + condition = [for el in aws_db_parameter_group.default.parameter : el.value if el.name == "log_statement_sample_rate"][0] == "1.0" + error_message = "Invalid value for for aws_db_parameter_group.default log_statement_sample_rate parameter" + } +} + + +run "aws_db_subnet_group_unit_test" { + command = plan + + assert { + condition = aws_db_subnet_group.default.name == "test-application-test-environment-test-name" + error_message = "Invalid name for aws_db_subnet_group.default" + } + + assert { + condition = length(aws_db_subnet_group.default.subnet_ids) == 1 + error_message = "Invalid number of subnet_ids for aws_db_subnet_group.default, should be 1" + } +} + +run "aws_kms_key_unit_test" { + command = plan + + assert { + condition = aws_kms_key.default.description == "test-application-test-environment-test-name KMS key" + error_message = "Invalid description for aws_kms_key.default" + } + + assert { + condition = aws_kms_key.default.is_enabled == true + error_message = "Invalid config for aws_kms_key.default is_enabled parameter, should be true" + } + + assert { + condition = aws_kms_key.default.bypass_policy_lockout_safety_check == false + error_message = "Invalid config for aws_kms_key.default bypass_policy_lockout_safety_check parameter, should be false" + } + + assert { + condition = aws_kms_key.default.enable_key_rotation == false + error_message = "Invalid config for aws_kms_key.default enable_key_rotation parameter, should be false" + } + + assert { + condition = aws_kms_key.default.key_usage == "ENCRYPT_DECRYPT" + error_message = "Invalid config for aws_kms_key.default key_usage parameter, should be ENCRYPT_DECRYPT" + } + + assert { + condition = aws_kms_key.default.customer_master_key_spec == "SYMMETRIC_DEFAULT" + error_message = "Invalid config for aws_kms_key.default customer_master_key_spec parameter, should be SYMMETRIC_DEFAULT" + } +} + +run "aws_db_instance_unit_test" { + command = plan + + # Test aws_db_instance.default resource version + assert { + condition = aws_db_instance.default.db_name == "main" + error_message = "Invalid db_name for aws_db_instance.default" + } + + assert { + condition = aws_db_instance.default.db_subnet_group_name == "test-application-test-environment-test-name" + error_message = "Invalid db_subnet_group_name for aws_db_instance.default" + } + + assert { + condition = aws_db_instance.default.engine == "postgres" + error_message = "Invalid config for aws_db_instance.default engine parameter, should be postgres" + } + + assert { + condition = aws_db_instance.default.engine_version == "14" + error_message = "Invalid config for aws_db_instance.default engine_version parameter, should be 14" + } + + assert { + condition = aws_db_instance.default.username == "postgres" + error_message = "Invalid config for aws_db_instance.default username parameter, should be postgres" + } + + # Test aws_db_instance.default resource storage + assert { + condition = aws_db_instance.default.storage_encrypted == true + error_message = "Invalid config for aws_db_instance.default storage_encrypted parameter, should be true" + } + + assert { + condition = aws_db_instance.default.publicly_accessible == false + error_message = "Invalid config for aws_db_instance.default publicly_accessible parameter, should be false" + } + + assert { + condition = aws_db_instance.default.iam_database_authentication_enabled == false + error_message = "Invalid config for aws_db_instance.default iam_database_authentication_enabled parameter, should be false" + } + + assert { + condition = aws_db_instance.default.multi_az == false + error_message = "Invalid config for aws_db_instance.default multi_az parameter, should be false" + } + + assert { + condition = aws_db_instance.default.backup_retention_period == 7 + error_message = "Invalid config for aws_db_instance.default backup_retention_period, should be 7" + } + + assert { + condition = aws_db_instance.default.backup_window == "07:00-09:00" + error_message = "Invalid config for aws_db_instance.default backup_window, should be 07:00-09:00" + } + + assert { + condition = aws_db_instance.default.allocated_storage == 20 + error_message = "Invalid config for aws_db_instance.default allocated_storage, should be 20" + } + + assert { + condition = aws_db_instance.default.manage_master_user_password == true + error_message = "Invalid config for aws_db_instance.default manage_master_user_password, should be true" + } + + assert { + condition = aws_db_instance.default.copy_tags_to_snapshot == true + error_message = "Invalid config for aws_db_instance.default copy_tags_to_snapshot , should be true" + } + + # Test aws_db_instance.default resource monitoring + assert { + condition = aws_db_instance.default.performance_insights_enabled == true + error_message = "Invalid config for aws_db_instance.default performance_insights_enabled parameter, should be true" + } + + assert { + condition = aws_db_instance.default.performance_insights_retention_period == 7 + error_message = "Invalid config for aws_db_instance.default performance_insights_retention_period parameter, should be 7" + } + + assert { + condition = aws_db_instance.default.monitoring_interval == 15 + error_message = "Invalid config for aws_db_instance.default monitoring_interval parameter, should be 15" + } + + # Test aws_db_instance.default resource upgrades + assert { + condition = aws_db_instance.default.allow_major_version_upgrade == true + error_message = "Invalid config for aws_db_instance.default allow_major_version_upgrade, should be true" + } + + assert { + condition = aws_db_instance.default.apply_immediately == false + error_message = "Invalid config for aws_db_instance.default apply_immediately, should be false" + } + + assert { + condition = aws_db_instance.default.auto_minor_version_upgrade == true + error_message = "Invalid config for aws_db_instance.default auto_minor_version_upgrade, should be true" + } + + assert { + condition = aws_db_instance.default.maintenance_window == "mon:00:00-mon:03:00" + error_message = "Invalid config for aws_db_instance.default maintenance_window, should be mon:00:00-mon:03:00" + } + +} + +run "aws_iam_role_unit_test" { + command = plan + + # Test aws_iam_role.enhanced-monitoring resource + assert { + condition = aws_iam_role.enhanced-monitoring.name_prefix == "rds-enhanced-monitoring-" + error_message = "Invalid name_prefix for aws_iam_role.enhanced-monitoring" + } + + assert { + condition = aws_iam_role.enhanced-monitoring.max_session_duration == 3600 + error_message = "Invalid config for aws_iam_role.enhanced-monitoring max_session_duration, should be 3600" + } + + assert { + condition = jsondecode(aws_iam_role.enhanced-monitoring.assume_role_policy).Statement[0].Action == "sts:AssumeRole" + error_message = "Invalid config for aws_iam_role.enhanced-monitoring assume_role_policy Action, should be sts:AssumeRole" + } + + assert { + condition = jsondecode(aws_iam_role.enhanced-monitoring.assume_role_policy).Statement[0].Effect == "Allow" + error_message = "Invalid config for aws_iam_role.enhanced-monitoring max_session_duration Effect, should be Allow" + } + + assert { + condition = jsondecode(aws_iam_role.enhanced-monitoring.assume_role_policy).Statement[0].Principal.Service == "monitoring.rds.amazonaws.com" + error_message = "Invalid config for aws_iam_role.enhanced-monitoring max_session_duration Principal.Service, should be monitoring.rds.amazonaws.com" + } + + assert { + condition = jsondecode(aws_iam_role.enhanced-monitoring.assume_role_policy).Version == "2012-10-17" + error_message = "Invalid config for aws_iam_role.enhanced-monitoring assume_role_policy Version, should be 2012-10-17" + } + + # Test aws_iam_role_policy_attachment.enhanced-monitoring resource + assert { + condition = aws_iam_role_policy_attachment.enhanced-monitoring.policy_arn == "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" + error_message = "Invalid policy_arn for aws_iam_role_policy_attachment.enhanced-monitoring" + } + + # Test aws_iam_role.lambda-execution-role resource + assert { + condition = aws_iam_role.lambda-execution-role.name == "test-application-test-environment-test-name-lambda-role" + error_message = "Invalid name for aws_iam_role.lambda-execution-role" + } + + assert { + condition = aws_iam_role.lambda-execution-role.max_session_duration == 3600 + error_message = "Invalid config for aws_iam_role.lambda-execution-role max_session_duration, should be 3600" + } + + assert { + condition = jsondecode(aws_iam_role.lambda-execution-role.assume_role_policy).Statement[0].Action == "sts:AssumeRole" + error_message = "Invalid config for aws_iam_role.lambda-execution-role assume_role_policy Action, should be sts:AssumeRole" + } + + assert { + condition = jsondecode(aws_iam_role.lambda-execution-role.assume_role_policy).Statement[0].Effect == "Allow" + error_message = "Invalid config for aws_iam_role.lambda-execution-role max_session_duration Effect, should be Allow" + } + + assert { + condition = jsondecode(aws_iam_role.lambda-execution-role.assume_role_policy).Statement[0].Principal.Service == "lambda.amazonaws.com" + error_message = "Invalid config for aws_iam_role.lambda-execution-role max_session_duration Principal.Service, should be lambda.amazonaws.com" + } + + assert { + condition = jsondecode(aws_iam_role.lambda-execution-role.assume_role_policy).Version == "2012-10-17" + error_message = "Invalid config for aws_iam_role.lambda-execution-role assume_role_policy Version, should be 2012-10-17" + } +} + +run "aws_cloudwatch_log_rds_subscription_filter_unit_test" { + command = plan + + assert { + condition = aws_cloudwatch_log_subscription_filter.rds.name == "/aws/rds/instance/test-application/test-environment/test-name/postgresql" + error_message = "Invalid name for aws_cloudwatch_log_subscription_filter.rds" + } + + assert { + condition = endswith(aws_cloudwatch_log_subscription_filter.rds.role_arn, ":role/CWLtoSubscriptionFilterRole") == true + error_message = "Invalid role_arn for aws_cloudwatch_log_subscription_filter.rds" + } + + assert { + condition = aws_cloudwatch_log_subscription_filter.rds.distribution == "ByLogStream" + error_message = "Invalid config for aws_cloudwatch_log_subscription_filter.rds distribution parameter, should be ByLogStream" + } +} + +run "aws_lambda_function_unit_test" { + command = plan + + assert { + condition = aws_lambda_function.lambda.filename == "./manage_users.zip" + error_message = "Invalid config for aws_lambda_function.lambda filename parameter, should be ./manage_users.zip" + } + + assert { + condition = aws_lambda_function.lambda.function_name == "test-application-test-environment-test-name-rds-create-user" + error_message = "Invalid config for aws_lambda_function.lambda function_name parameter, should be test-application-test-environment-test-name-rds-create-user" + } + + assert { + condition = aws_lambda_function.lambda.handler == "manage_users.handler" + error_message = "Invalid config for aws_lambda_function.lambda handler parameter, should be manage_users.handler" + } + + assert { + condition = aws_lambda_function.lambda.runtime == "python3.11" + error_message = "Invalid config for aws_lambda_function.lambda runtime parameter, should be python3.11" + } + + assert { + condition = aws_lambda_function.lambda.memory_size == 128 + error_message = "Invalid config for aws_lambda_function.lambda memory_size parameter, should be 128" + } + + assert { + condition = aws_lambda_function.lambda.timeout == 10 + error_message = "Invalid config for aws_lambda_function.lambda timeout parameter, should be 10" + } + + assert { + condition = length(aws_lambda_function.lambda.layers) == 1 + error_message = "Invalid number of layers for aws_lambda_function.lambda layers parameter, should be 1" + } + + assert { + condition = endswith(aws_lambda_function.lambda.layers[0], ":layer:python-postgres:1") == true + error_message = "Invalid config for aws_lambda_function.lambda layers parameter, should be end with layer:python-postgres:1" + } + + assert { + condition = [for el in aws_lambda_function.lambda.vpc_config : true if el.ipv6_allowed_for_dual_stack == false][0] == true + error_message = "Invalid vpc_config for aws_lambda_function.lambda ipv6_allowed_for_dual_stack parameter, should be false" + } +} + +run "aws_lambda_invocation_unit_test" { + command = plan + + # Test aws_lambda_invocation.create-application-user resource + assert { + condition = aws_lambda_invocation.create-application-user.function_name == "test-application-test-environment-test-name-rds-create-user" + error_message = "Invalid config for aws_lambda_invocation.create-application-user function_name parameter, should be test-application-test-environment-test-name-rds-create-user" + } + + assert { + condition = aws_lambda_invocation.create-application-user.lifecycle_scope == "CREATE_ONLY" + error_message = "Invalid config for aws_lambda_invocation.create-application-user lifecycle_scope parameter, should be CREATE_ONLY" + } + + assert { + condition = aws_lambda_invocation.create-application-user.qualifier == "$LATEST" + error_message = "Invalid config for aws_lambda_invocation.create-application-user qualifier parameter, should be $LATEST" + } + + assert { + condition = aws_lambda_invocation.create-application-user.terraform_key == "tf" + error_message = "Invalid config for aws_lambda_invocation.create-application-user terraform_key parameter, should be tf" + } + + # Test aws_lambda_invocation.create-readonly-user resource + assert { + condition = aws_lambda_invocation.create-readonly-user.function_name == "test-application-test-environment-test-name-rds-create-user" + error_message = "Invalid config for aws_lambda_invocation.create-readonly-user function_name parameter, should be test-application-test-environment-test-name-rds-create-user" + } + + assert { + condition = aws_lambda_invocation.create-readonly-user.lifecycle_scope == "CREATE_ONLY" + error_message = "Invalid config for aws_lambda_invocation.create-readonly-user lifecycle_scope parameter, should be CREATE_ONLY" + } + + assert { + condition = aws_lambda_invocation.create-readonly-user.qualifier == "$LATEST" + error_message = "Invalid config for aws_lambda_invocation.create-readonly-user qualifier parameter, should be $LATEST" + } + + assert { + condition = aws_lambda_invocation.create-readonly-user.terraform_key == "tf" + error_message = "Invalid config for aws_lambda_invocation.create-readonly-user terraform_key parameter, should be tf" + } +} + +run "aws_ssm_parameter_master_secret_arn_unit_test" { + command = plan + + assert { + condition = aws_ssm_parameter.master-secret-arn.name == "/copilot/test-application/test-environment/secrets/TEST_NAME_RDS_MASTER_ARN" + error_message = "Invalid config for aws_ssm_parameter.master-secret-arn name parameter, should be /copilot/test-application/test-environment/secrets/TEST_NAME_RDS_MASTER_ARN" + } + + assert { + condition = aws_ssm_parameter.master-secret-arn.type == "SecureString" + error_message = "Invalid config for aws_ssm_parameter.master-secret-arn type parameter, should be SecureString" + } +} From f2fd9f7055be1a30dba76047494311cc54ccd577 Mon Sep 17 00:00:00 2001 From: Will Gibson <8738245+WillGibson@users.noreply.github.com> Date: Tue, 9 Apr 2024 15:24:47 +0100 Subject: [PATCH 3/4] docs: Move using demodjango for testing to terraform-platform-modules (#55) --- README.md | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2e7b57a98..8e15c4b3e 100644 --- a/README.md +++ b/README.md @@ -99,7 +99,7 @@ This will provision a CloudWatch Compute Dashboard and Application Insights for Example usage in `extensions.yml`... ```yaml -demodjango-tf-monitoring: +demodjango-monitoring: type: monitoring environments: "*": @@ -108,3 +108,43 @@ demodjango-tf-monitoring: enable_ops_center: true ``` +## Using our `demodjango` application for testing + +Note: We are currently treating the `terraform-deployment` branch as our `main` branch for this work. + +- Terraform + - Edit the `environment` and `vpc_name` under `module.extensions-tf` in `terraform/demodjango.tf` + - `cd terraform` + - Create or select a Terraform workspace for your environment `terraform workspace new|select ` + - `terraform apply` +- AWS Copilot + - `cd ..` + - Make any required changes to have valid AWS Copilot configuration for your environment + - Copy the VPC IDs, Subnet IDs and certificate ARN from the AWS Console to your environment manifest + - Set the alias and copy the Application Load Balancer ARN from the AWS console to the `http` section for your environment in `copilot/web/manifest.yml` + ``` + : + http: + alb: arn:aws:elasticloadbalancing:eu-west-2:852676506468:loadbalancer/app/demodjango-willg/bc968fa0a4fcd257 + alias: internal.willg.demodjango.uktrade.digital + ``` + - Add the `DJANGO_SECRET_KEY` secret for you environment `copilot secret init --name DJANGO_SECRET_KEY --values =''` + - Deploy environment + - `copilot app init demodjango` + - `copilot env init --name --profile $AWS_PROFILE --default-config` + - `copilot env deploy --name ` + - Deploy the web service with bootstrap image + - Set the `web` service to use the `copilot-bootstrap` image for now + - `copilot svc init --name web` + - `IMAGE_TAG=tag-latest copilot svc deploy --name web --env ` + - Test it loads OK + - Swap to the proper image in the `web` manifest + - `IMAGE_TAG=tag-latest copilot svc deploy --name web --env ` + - Test it loads OK, Celery checks will still fail for now + - Deploy Celery services + - `copilot svc init --name celery-worker` + - `IMAGE_TAG=tag-latest copilot svc deploy --name celery-worker --env ` + - Skip next two, need to pull in the Celery Beat stuff from `main`... + - `copilot svc init --name celery-beat` + - `IMAGE_TAG=tag-latest copilot svc deploy --name celery-beat --env ` + - Test the web service loads OK, including Celery checks From 7f4cf3f5cb0065c6bf09aa7e18fc4458c6d02da8 Mon Sep 17 00:00:00 2001 From: James Moore Date: Tue, 9 Apr 2024 15:29:44 +0100 Subject: [PATCH 4/4] fix: (DBTP-881) tweak monitoring tests to not require aws credentials (#54) --- monitoring/tests/monitoring.tftest.hcl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/monitoring/tests/monitoring.tftest.hcl b/monitoring/tests/monitoring.tftest.hcl index f582ce260..ecf9ebe57 100644 --- a/monitoring/tests/monitoring.tftest.hcl +++ b/monitoring/tests/monitoring.tftest.hcl @@ -1,3 +1,5 @@ +mock_provider "aws" {} + variables { vpc_name = "test-vpc" application = "test-application"