Delete environment w/ aws-nuke (#1567)

* removing us-east login * wait on vpn * sandbox common * sandbox * nuke * Sandbox deleting, hopefully everything deleting * [review] cleanup * increase retry limit on 2nd aws-nuke run * Parameterizing * patch k8s ami now uses 1pass
cds-snc · Oct 8, 2024 · 9a33a39 · 9a33a39
1 parent 39d9623
commit 9a33a39
Show file tree

Hide file tree

Showing 33 changed files with 2,598 additions and 780 deletions.
diff --git a/.github/workflows/terragrunt_destroy_environment.yml b/.github/workflows/terragrunt_destroy_environment.yml
diff --git a/aws/dns/notification.cdssandbox.xyz.tf b/aws/dns/notification.cdssandbox.xyz.tf
@@ -4,95 +4,112 @@ resource "aws_route53_zone" "notification-sandbox" {
 }
 
 resource "aws_route53_record" "notification-sandbox-MX" {
-  count    = var.env == "staging" ? 1 : 0
-  provider = aws.dns
-  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
-  name     = var.domain
-  type     = "MX"
-  ttl      = "300"
-  records  = ["10 inbound-smtp.us-east-1.amazonaws.com"]
+  count           = var.env == "production" ? 0 : 1
+  provider        = aws.dns
+  allow_overwrite = true
+
+  zone_id = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
+  name    = var.domain
+  type    = "MX"
+  ttl     = "300"
+  records = ["10 inbound-smtp.us-east-1.amazonaws.com"]
 }
 
 resource "aws_route53_record" "bounce-notification-sandbox-MX" {
-  count    = var.env == "staging" ? 1 : 0
-  provider = aws.dns
-  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
-  name     = "bounce.${var.domain}"
-  type     = "MX"
-  ttl      = "300"
-  records  = ["10 feedback-smtp.ca-central-1.amazonses.com"]
+  count           = var.env == "production" ? 0 : 1
+  provider        = aws.dns
+  allow_overwrite = true
+
+  zone_id = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
+  name    = "bounce.${var.domain}"
+  type    = "MX"
+  ttl     = "300"
+  records = ["10 feedback-smtp.ca-central-1.amazonses.com"]
 }
 
 resource "aws_route53_record" "bounce-custom-notification-sandbox-MX" {
-  count    = var.env == "staging" ? 1 : 0
-  provider = aws.dns
-  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
-  name     = "bounce.custom-sending-domain.${var.domain}"
-  type     = "MX"
-  ttl      = "300"
-  records  = ["10 feedback-smtp.ca-central-1.amazonses.com"]
+  count           = var.env == "production" ? 0 : 1
+  provider        = aws.dns
+  allow_overwrite = true
+
+  zone_id = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
+  name    = "bounce.custom-sending-domain.${var.domain}"
+  type    = "MX"
+  ttl     = "300"
+  records = ["10 feedback-smtp.ca-central-1.amazonses.com"]
 }
 
 resource "aws_route53_record" "ses-notification-sandbox-TXT" {
-  count    = var.env == "staging" ? 1 : 0
-  provider = aws.dns
-  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
-  name     = "_amazonses.${var.domain}"
-  type     = "TXT"
-  ttl      = "300"
+  count           = var.env == "production" ? 0 : 1
+  provider        = aws.dns
+  allow_overwrite = true
+  zone_id         = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
+  name            = "_amazonses.${var.domain}"
+  type            = "TXT"
+  ttl             = "300"
   records = ["vJFwJM0wnPRWKFXsoiVl9/gLXFP4RL5Xfl4C9JTp3VI=",
     "AwTGEoIByR4QGirawhDmRdJmxFO/U0fX3NMrSOJpuI4="
   ]
 }
 
 resource "aws_route53_record" "dmarc-notification-sandbox-TXT" {
-  count    = var.env == "staging" ? 1 : 0
-  provider = aws.dns
-  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
-  name     = "_dmarc.${var.domain}"
-  type     = "TXT"
-  ttl      = "300"
-  records  = ["v=DMARC1; p=reject; sp=reject; pct=100; rua=mailto:[email protected]; ruf=mailto:[email protected]"]
+  count           = var.env == "production" ? 0 : 1
+  provider        = aws.dns
+  allow_overwrite = true
+
+  zone_id = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
+  name    = "_dmarc.${var.domain}"
+  type    = "TXT"
+  ttl     = "300"
+  records = ["v=DMARC1; p=reject; sp=reject; pct=100; rua=mailto:[email protected]; ruf=mailto:[email protected]"]
 }
 
 resource "aws_route53_record" "notification-sandbox-TXT" {
-  count    = var.env == "staging" ? 1 : 0
-  provider = aws.dns
-  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
-  name     = var.domain
-  type     = "TXT"
-  ttl      = "300"
+  count           = var.env == "production" ? 0 : 1
+  provider        = aws.dns
+  allow_overwrite = true
+
+  zone_id = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
+  name    = var.domain
+  type    = "TXT"
+  ttl     = "300"
   records = ["v=spf1 include:amazonses.com ~all",
     "google-site-verification=u0zkO-jbYi1qW2G65mfXbuNl14BCO1O9uk-BV2wTlD8"
   ]
 }
 
 resource "aws_route53_record" "bounce-notification-sandbox-TXT" {
-  count    = var.env == "staging" ? 1 : 0
-  provider = aws.dns
-  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
-  name     = "bounce.${var.domain}"
-  type     = "TXT"
-  ttl      = "300"
-  records  = ["v=spf1 include:amazonses.com ~all"]
+  count           = var.env == "production" ? 0 : 1
+  provider        = aws.dns
+  allow_overwrite = true
+
+  zone_id = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
+  name    = "bounce.${var.domain}"
+  type    = "TXT"
+  ttl     = "300"
+  records = ["v=spf1 include:amazonses.com ~all"]
 }
 
 resource "aws_route53_record" "custom-domain-aws-ses-sandbox-TXT" {
-  count    = var.env == "staging" ? 1 : 0
-  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
-  provider = aws.dns
-  name     = "_amazonses.custom-sending-domain.${var.domain}"
-  type     = "TXT"
-  ttl      = "300"
-  records  = ["fXT/J45wZcUoBSnJAwPyfnHVf5E2b7aNayCC5PeQltg="]
+  count           = var.env == "production" ? 0 : 1
+  zone_id         = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
+  provider        = aws.dns
+  allow_overwrite = true
+
+  name    = "_amazonses.custom-sending-domain.${var.domain}"
+  type    = "TXT"
+  ttl     = "300"
+  records = ["fXT/J45wZcUoBSnJAwPyfnHVf5E2b7aNayCC5PeQltg="]
 }
 
 resource "aws_route53_record" "custom-domain-ses-sandbox-TXT" {
-  count    = var.env == "staging" ? 1 : 0
-  provider = aws.dns
-  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
-  name     = "custom-sending-domain.${var.domain}"
-  type     = "TXT"
-  ttl      = "300"
-  records  = ["amazonses:fXT/J45wZcUoBSnJAwPyfnHVf5E2b7aNayCC5PeQltg="]
-}
+  count           = var.env == "production" ? 0 : 1
+  provider        = aws.dns
+  allow_overwrite = true
+
+  zone_id = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
+  name    = "custom-sending-domain.${var.domain}"
+  type    = "TXT"
+  ttl     = "300"
+  records = ["amazonses:fXT/J45wZcUoBSnJAwPyfnHVf5E2b7aNayCC5PeQltg="]
+}
diff --git a/aws/eks/dns.tf b/aws/eks/dns.tf
@@ -1,9 +1,10 @@
 resource "aws_route53_record" "notification-root" {
 
-  provider = aws.dns
-  zone_id  = var.route53_zone_id
-  name     = var.domain
-  type     = "A"
+  provider        = aws.dns
+  zone_id         = var.route53_zone_id
+  name            = var.domain
+  type            = "A"
+  allow_overwrite = true
 
   alias {
     name                   = aws_alb.notification-canada-ca.dns_name
@@ -14,10 +15,11 @@ resource "aws_route53_record" "notification-root" {
 
 resource "aws_route53_record" "notification-www-root" {
 
-  provider = aws.dns
-  zone_id  = var.route53_zone_id
-  name     = "www.${var.domain}"
-  type     = "CNAME"
+  provider        = aws.dns
+  zone_id         = var.route53_zone_id
+  name            = "www.${var.domain}"
+  type            = "CNAME"
+  allow_overwrite = true
 
   records = [
     aws_alb.notification-canada-ca.dns_name
@@ -28,10 +30,11 @@ resource "aws_route53_record" "notification-www-root" {
 
 resource "aws_route53_record" "notificatio-root-WC" {
 
-  provider = aws.dns
-  name     = "*.${var.domain}"
-  zone_id  = var.route53_zone_id
-  type     = "A"
+  provider        = aws.dns
+  name            = "*.${var.domain}"
+  zone_id         = var.route53_zone_id
+  type            = "A"
+  allow_overwrite = true
 
   alias {
     name                   = aws_alb.notification-canada-ca.dns_name
@@ -42,43 +45,52 @@ resource "aws_route53_record" "notificatio-root-WC" {
 }
 
 resource "aws_route53_record" "doc-notification-canada-ca-cname" {
-  provider = aws.dns
-  zone_id  = var.route53_zone_id
-  name     = "doc.${var.domain}"
-  type     = "CNAME"
+  provider        = aws.dns
+  zone_id         = var.route53_zone_id
+  name            = "doc.${var.domain}"
+  type            = "CNAME"
+  allow_overwrite = true
+
   records = [
     aws_alb.notification-canada-ca.dns_name
   ]
   ttl = "300"
 }
 
 resource "aws_route53_record" "document-notification-canada-ca-cname" {
-  provider = aws.dns
-  zone_id  = var.route53_zone_id
-  name     = "document.${var.domain}"
-  type     = "CNAME"
+  provider        = aws.dns
+  zone_id         = var.route53_zone_id
+  name            = "document.${var.domain}"
+  type            = "CNAME"
+  allow_overwrite = true
+
+
   records = [
     aws_alb.notification-canada-ca.dns_name
   ]
   ttl = "300"
 }
 
 resource "aws_route53_record" "api-document-notification-canada-ca-cname" {
-  provider = aws.dns
-  zone_id  = var.route53_zone_id
-  name     = "api.document.${var.domain}"
-  type     = "CNAME"
+  provider        = aws.dns
+  zone_id         = var.route53_zone_id
+  name            = "api.document.${var.domain}"
+  type            = "CNAME"
+  allow_overwrite = true
+
   records = [
     aws_alb.notification-canada-ca.dns_name
   ]
   ttl = "300"
 }
 
 resource "aws_route53_record" "documentation-notification-canada-ca-cname" {
-  provider = aws.dns
-  zone_id  = var.route53_zone_id
-  name     = "documentation.${var.domain}"
-  type     = "CNAME"
+  provider        = aws.dns
+  zone_id         = var.route53_zone_id
+  name            = "documentation.${var.domain}"
+  type            = "CNAME"
+  allow_overwrite = true
+
   records = [
     aws_alb.notification-canada-ca.dns_name
   ]
@@ -87,11 +99,12 @@ resource "aws_route53_record" "documentation-notification-canada-ca-cname" {
 
 resource "aws_route53_record" "notification-alt-root" {
   #TODO: For production
-  count    = var.env != "production" ? 1 : 0
-  provider = aws.dns
-  zone_id  = var.route53_zone_id
-  name     = var.alt_domain
-  type     = "A"
+  count           = var.env != "production" ? 1 : 0
+  provider        = aws.dns
+  zone_id         = var.route53_zone_id
+  name            = var.alt_domain
+  type            = "A"
+  allow_overwrite = true
 
   alias {
     name                   = aws_alb.notification-canada-ca.dns_name
@@ -102,11 +115,12 @@ resource "aws_route53_record" "notification-alt-root" {
 
 resource "aws_route53_record" "notification-alt-root-WC" {
   #TODO: For production
-  count    = var.env != "production" ? 1 : 0
-  provider = aws.dns
-  name     = "*.${var.alt_domain}"
-  zone_id  = var.route53_zone_id
-  type     = "A"
+  count           = var.env != "production" ? 1 : 0
+  provider        = aws.dns
+  name            = "*.${var.alt_domain}"
+  zone_id         = var.route53_zone_id
+  type            = "A"
+  allow_overwrite = true
 
   alias {
     name                   = aws_alb.notification-canada-ca.dns_name
@@ -118,21 +132,24 @@ resource "aws_route53_record" "notification-alt-root-WC" {
 
 
 resource "aws_route53_record" "api-k8s-scratch-notification-CNAME" {
-  provider = aws.dns
-  zone_id  = var.route53_zone_id
-  name     = "api-k8s.${var.domain}"
-  type     = "CNAME"
-  ttl      = "300"
-  records  = [aws_alb.notification-canada-ca.dns_name]
+  provider        = aws.dns
+  zone_id         = var.route53_zone_id
+  name            = "api-k8s.${var.domain}"
+  type            = "CNAME"
+  ttl             = "300"
+  allow_overwrite = true
+
+  records = [aws_alb.notification-canada-ca.dns_name]
 }
 
 resource "aws_route53_record" "api-weighted-0-scratch-notification-A" {
   # Send no API traffic to K8s
-  provider       = aws.dns
-  zone_id        = var.route53_zone_id
-  name           = "api.${var.domain}"
-  type           = "A"
-  set_identifier = "loadbalancer"
+  provider        = aws.dns
+  zone_id         = var.route53_zone_id
+  name            = "api.${var.domain}"
+  type            = "A"
+  set_identifier  = "loadbalancer"
+  allow_overwrite = true
 
   alias {
     name                   = aws_alb.notification-canada-ca.dns_name
@@ -148,9 +165,10 @@ resource "aws_route53_record" "api-weighted-0-scratch-notification-A" {
 # Dev Tools DNS
 
 resource "aws_route53_record" "notification_internal_dns" {
-  zone_id = var.internal_dns_zone_id
-  name    = var.internal_dns_name
-  type    = "A"
+  zone_id         = var.internal_dns_zone_id
+  name            = var.internal_dns_name
+  type            = "A"
+  allow_overwrite = true
 
   alias {
     name = aws_lb.internal_alb.dns_name
@@ -161,10 +179,11 @@ resource "aws_route53_record" "notification_internal_dns" {
 }
 
 resource "aws_route53_record" "wildcard_CNAME" {
-  zone_id = var.internal_dns_zone_id
-  name    = "*.${var.internal_dns_name}"
-  type    = "CNAME"
-  ttl     = "60"
-  records = [var.internal_dns_name]
+  zone_id         = var.internal_dns_zone_id
+  name            = "*.${var.internal_dns_name}"
+  type            = "CNAME"
+  ttl             = "60"
+  records         = [var.internal_dns_name]
+  allow_overwrite = true
 }