diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..5e33874c --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @UKHSA-Internal/data-dashboard-engineers \ No newline at end of file diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml index a4b43379..354d2be6 100644 --- a/.github/workflows/production.yml +++ b/.github/workflows/production.yml @@ -102,6 +102,7 @@ jobs: aws-region: ${{ env.AWS_REGION }} tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }} + - uses: ./.github/actions/setup-terraform - uses: ./.github/actions/setup-zsh - name: Terraform output diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 6ec0e183..8abfcc11 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -193,6 +193,7 @@ jobs: aws-region: ${{ env.AWS_REGION }} tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }} + - uses: ./.github/actions/setup-terraform - uses: ./.github/actions/setup-zsh - uses: ./.github/actions/short-sha diff --git a/.github/workflows/well-known-environment.yml b/.github/workflows/well-known-environment.yml index bb195336..e3336833 100644 --- a/.github/workflows/well-known-environment.yml +++ b/.github/workflows/well-known-environment.yml @@ -126,6 +126,7 @@ jobs: aws-region: ${{ env.AWS_REGION }} tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }} + - uses: ./.github/actions/setup-terraform - uses: ./.github/actions/setup-zsh - uses: ./.github/actions/well-known-environment-name with: diff --git a/terraform/20-app/aurora-db.app.tf b/terraform/20-app/aurora-db.app.tf index e9e44597..73825b15 100644 --- a/terraform/20-app/aurora-db.app.tf +++ b/terraform/20-app/aurora-db.app.tf @@ -14,11 +14,12 @@ module "aurora_db_app" { database_name = "cms" master_username = "api_user" - monitoring_interval = 0 - apply_immediately = true - skip_final_snapshot = true - publicly_accessible = local.enable_public_db - deletion_protection = local.use_prod_sizing + monitoring_interval = 0 + apply_immediately = true + skip_final_snapshot = true + publicly_accessible = local.enable_public_db + deletion_protection = local.use_prod_sizing + enabled_cloudwatch_logs_exports = ["postgresql"] instance_class = "db.serverless" serverlessv2_scaling_configuration = { diff --git a/terraform/20-app/aurora-db.feature-flags.tf b/terraform/20-app/aurora-db.feature-flags.tf index 0365dea3..d7603831 100644 --- a/terraform/20-app/aurora-db.feature-flags.tf +++ b/terraform/20-app/aurora-db.feature-flags.tf @@ -9,14 +9,16 @@ module "aurora_db_feature_flags" { storage_encrypted = true publicly_accessible = true + deletion_protection = local.use_prod_sizing manage_master_user_password = true database_name = "unleash" master_username = "unleash_user" - monitoring_interval = 60 - apply_immediately = true - skip_final_snapshot = true + monitoring_interval = 60 + apply_immediately = true + skip_final_snapshot = true + enabled_cloudwatch_logs_exports = ["postgresql"] instance_class = "db.serverless" serverlessv2_scaling_configuration = { diff --git a/terraform/20-app/ip-allow-lists.tf b/terraform/20-app/ip-allow-lists.tf index 6f1e1dc6..a6bcf1de 100644 --- a/terraform/20-app/ip-allow-lists.tf +++ b/terraform/20-app/ip-allow-lists.tf @@ -13,7 +13,7 @@ locals { "35.179.30.107/32", # UKHSA test EC2 "18.133.111.70/32", # UKHSA test gateway "81.108.89.51/32", # Krishna - Macbook - "165.225.197.26/32", # Krishna - Windows + "147.161.236.99/32", # Krishna - Windows "80.7.227.61/32", # Kiran "92.234.44.48/32", # Zesh "51.241.222.137/32", # Temitope Akinsoto