Update the API Terraform to reflect the new reality of Cloud.gov Notify

As we start to prep for the next version of Notify as a Cloud.gov product we need to get our infrastructure in order for a few reasons:

  • Account for any updated versions of Terraform itself, the providers we use, and third-party modules - see https://github.com/GSA-TTS/terraform-cloudgov/blob/main/UPGRADING.md for more details
  • Reflect the new environments and structure we'll have in Cloud.gov
  • Where possible and necessary, simplify and reorganize things to make future maintenance easier based on our lessons learned

A few caveats

As we embark on this effort, please bear in mind the following details:

  • We will only have 3 environments in Cloud.gov: dev, stage, and prod
  • We will only be deploying to the dev environment first
  • The new Cloud.gov org that we're using for this is called cloud-gov-notify-development and the GUID for it is 5b7451f2-d42d-4d2e-8315-bdd393391f01 - this is in Cloud.gov's staging environment, which is fr-stage.cloud.gov
  • Recall that we have 3 new AWS accounts managed by Cloud.gov to match the new dev, stage, and prod environments - we'll be working in the dev one first
  • Any references to AWS regions should be us-gov-west-1 by default; any deviations from that should still be pointing to only a us-gov-* region!

Implementation Sketch and Acceptance Criteria

  • Make sure we're running everything with the latest version of Terraform
  • Clean up and remove anything we don't need - that means removing the sandbox and demo environments entirely to start with
  • Copy the staging environment to make a new development environment to be managed
  • Update anything and everything to use the new cloudfoundry and aws providers where possible
  • Update anything and everything to use the latest version of the terraform-cloud.gov module
  • Think about and reorganize things currently set up as a shared module; perhaps we don't do this to make modifications across environments easier? Speak with the Cloud.gov team for ideas and recommendations!
  • Based on the findings we're already seeing in GitLab for Terraform formatting, naming conventions, etc. make updates and improvements to make sure the Terraform is as standardized as possible; rename services, resources, and modules to be more consistent and descriptive as necessary

Security Considerations

  • Getting our Terraform in the right shape it needs to be now, before we do any deployments and before we have any infrastructure running in the Cloud.gov boundary will make project maintenance much easier going forward.
  • All of our infrastructure will now be running strictly in the GovCloud region of AWS.
Edited by Ryan Ahearn