cds-snc · ben851 · Oct 25, 2023 · Oct 5, 2023 · Oct 5, 2023 · Oct 5, 2023
@@ -0,0 +1,79 @@
+# MX Records - To Be Automated
+
+resource "aws_route53_record" "dev-notification-sandbox-MX" {
+  count    = var.env == "dev" ? 1 : 0
+  provider = aws.dns
+  zone_id  = var.route_53_zone_arn
+  name     = var.domain
+  type     = "MX"
+  ttl      = "300"
+  records  = ["10 inbound-smtp.us-east-1.amazonaws.com"]
+}
+
+resource "aws_route53_record" "bounce-dev-notification-sandbox-MX" {
+  count    = var.env == "dev" ? 1 : 0
+  provider = aws.dns
+  zone_id  = var.route_53_zone_arn
+  name     = "bounce.${var.domain}"
+  type     = "MX"
+  ttl      = "300"
+  records  = ["10 feedback-smtp.ca-central-1.amazonses.com"]
+}
+
+resource "aws_route53_record" "bounce-dev-custom-notification-sandbox-MX" {
+  count    = var.env == "dev" ? 1 : 0
+  provider = aws.dns
+  zone_id  = var.route_53_zone_arn
+  name     = "bounce.custom-sending-domain.${var.domain}"
+  type     = "MX"
+  ttl      = "300"
+  records  = ["10 feedback-smtp.ca-central-1.amazonses.com"]
+}
+
+# SES TXT Record - To Be Automated
+
+resource "aws_route53_record" "ses-dev-notification-sandbox-TXT" {
+  count    = var.env == "dev" ? 1 : 0
+  provider = aws.dns
+  zone_id  = var.route_53_zone_arn
+  name     = "_amazonses.${var.domain}"
+  type     = "TXT"
+  ttl      = "300"
+  records = ["vJFwJM0wnPRWKFXsoiVl9/gLXFP4RL5Xfl4C9JTp3VI=",
+    "AwTGEoIByR4QGirawhDmRdJmxFO/U0fX3NMrSOJpuI4="
+  ]
+}
+
+resource "aws_route53_record" "dmarc-dev-notification-sandbox-TXT" {
+  count    = var.env == "dev" ? 1 : 0
+  provider = aws.dns
+  zone_id  = var.route_53_zone_arn
+  name     = "_dmarc.${var.domain}"
+  type     = "TXT"
+  ttl      = "300"
+  records  = ["v=DMARC1; p=reject; sp=reject; pct=100; rua=mailto:[email protected]; ruf=mailto:[email protected]"]
+}
+
+# Google Site Verification
+
+resource "aws_route53_record" "dev-notification-sandbox-TXT" {
+  count    = var.env == "dev" ? 1 : 0
+  provider = aws.dns
+  zone_id  = var.route_53_zone_arn
+  name     = var.domain
+  type     = "TXT"
+  ttl      = "300"
+  records = ["v=spf1 include:amazonses.com ~all",
+    "google-site-verification=u0zkO-jbYi1qW2G65mfXbuNl14BCO1O9uk-BV2wTlD8"
+  ]
+}
+
+resource "aws_route53_record" "bounce-dev-notification-sandbox-TXT" {
+  count    = var.env == "dev" ? 1 : 0
+  provider = aws.dns
+  zone_id  = var.route_53_zone_arn
+  name     = "bounce.${var.domain}"
+  type     = "TXT"
+  ttl      = "300"
+  records  = ["v=spf1 include:amazonses.com ~all"]
+}
@@ -1,9 +1,18 @@
 resource "aws_shield_protection" "notification-canada-ca" {
+  depends_on   = [null_resource.aws_shield_subscription]
   name         = "notification-canada-ca"
   resource_arn = aws_alb.notification-canada-ca.arn
 }
 
 resource "aws_shield_protection" "assets-notification-canada-ca" {
+  depends_on   = [null_resource.aws_shield_subscription]
   name         = "notification-canada-ca"
   resource_arn = var.cloudfront_assets_arn
 }
+
+
+resource "null_resource" "aws_shield_subscription" {
+  provisioner "local-exec" {
+    command = "aws shield create-subscription 2> /dev/null || true"
+  }
+}
@@ -183,4 +183,4 @@ variable "enable_delete_protection" {
 variable "notification_base_url_regex_arn" {
   type        = string
   description = "The ARN of the regex for the notify base URL"
-}
+}
@@ -0,0 +1,29 @@
+dependencies {
+  paths = ["../common"]
+}
+
+dependency "common" {
+  config_path = "../common"
+
+  # Configure mock outputs for the `validate` command that are returned when there are no outputs available (e.g the
+  # module hasn't been applied yet.
+  mock_outputs_allowed_terraform_commands = ["validate"]
+  mock_outputs = {
+    asset_bucket_regional_domain_name = ""
+  }
+}
+
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  asset_bucket_regional_domain_name         = dependency.common.outputs.asset_bucket_regional_domain_name
+  s3_bucket_asset_bucket_id                 = dependency.common.outputs.s3_bucket_asset_bucket_id
+  s3_bucket_asset_bucket_arn                = dependency.common.outputs.s3_bucket_asset_bucket_arn
+}
+
+terraform {
+  source = "../../../aws//cloudfront"
+}
+
@@ -0,0 +1,38 @@
+terraform {
+  source = "../../../aws//common"
+}
+
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  sns_monthly_spend_limit                                            = 1
+  sns_monthly_spend_limit_us_west_2                                  = 1
+  alarm_warning_document_download_bucket_size_gb                     = 0.5
+  alarm_warning_inflight_processed_created_delta_threshold           = 100
+  alarm_critical_inflight_processed_created_delta_threshold          = 200
+  alarm_warning_priority_inflight_processed_created_delta_threshold  = 100
+  alarm_critical_priority_inflight_processed_created_delta_threshold = 300
+  alarm_warning_normal_inflight_processed_created_delta_threshold    = 100
+  alarm_critical_normal_inflight_processed_created_delta_threshold   = 200
+  alarm_warning_bulk_inflight_processed_created_delta_threshold      = 100
+  alarm_critical_bulk_inflight_processed_created_delta_threshold     = 200
+  alarm_warning_bulk_processed_created_delta_threshold               = 5000
+  alarm_critical_bulk_processed_created_delta_threshold              = 10000
+  alarm_warning_priority_bulk_processed_created_delta_threshold      = 5000
+  alarm_critical_priority_bulk_processed_created_delta_threshold     = 10000
+  alarm_warning_normal_bulk_processed_created_delta_threshold        = 5000
+  alarm_critical_normal_bulk_processed_created_delta_threshold       = 10000
+  alarm_warning_bulk_bulk_processed_created_delta_threshold          = 5000
+  alarm_critical_bulk_bulk_processed_created_delta_threshold         = 10000
+  alarm_critical_expired_inflights_threshold                         = 10
+  billing_tag_value                                                  = "notification-canada-ca-dev"
+  sqs_priority_db_tasks_queue_name                                   = "priority-database-tasks.fifo"
+  sqs_normal_db_tasks_queue_name                                     = "normal-database-tasks"
+  sqs_bulk_db_tasks_queue_name                                       = "bulk-database-tasks"
+  eks_cluster_name                                                   = "notification-canada-ca-dev-eks-cluster"  
+}
+
+# See QueueNames in
+# https://github.com/cds-snc/notification-api/blob/master/app/config.py
@@ -0,0 +1,55 @@
+dependencies {
+  paths = ["../common", "../eks", "../rds"]
+}
+
+dependency "common" {
+  config_path = "../common"
+
+  # Configure mock outputs for the `validate` command that are returned when there are no outputs available (e.g the
+  # module hasn't been applied yet.
+  mock_outputs_allowed_terraform_commands = ["init", "fmt", "validate", "plan", "show"]
+  mock_outputs = {
+    vpc_id = ""
+    vpc_private_subnets = [
+      "",
+      "",
+      "",
+    ]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+
+  # Configure mock outputs for the `validate` command that are returned when there are no outputs available (e.g the
+  # module hasn't been applied yet.
+  mock_outputs_allowed_terraform_commands = ["validate", "plan", "init", "fmt", "show"]
+  mock_outputs_merge_with_state           = true
+  mock_outputs = {
+    database-tools-securitygroup    = ""
+    database-tools-db-securitygroup = ""
+  }
+}
+
+dependency "rds" {
+  config_path = "../rds"
+}
+
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  vpc_private_subnets               = dependency.common.outputs.vpc_private_subnets
+  vpc_id                            = dependency.common.outputs.vpc_id
+  billing_tag_key                   = "CostCenter"
+  billing_tag_value                 = "notification-canada-ca-dev"
+  blazer_image_tag                  = "latest"
+  database-tools-securitygroup      = dependency.eks.outputs.database-tools-securitygroup
+  database-tools-db-securitygroup   = dependency.eks.outputs.database-tools-db-securitygroup
+  database_read_only_proxy_endpoint = dependency.rds.outputs.database_read_only_proxy_endpoint
+}
+
+terraform {
+  source = "../../../aws//database-tools"
+}