diff --git a/src/domains/fdr-common/.terraform.lock.hcl b/src/domains/fdr-common/.terraform.lock.hcl index 46f4652a0b..6115a66cde 100644 --- a/src/domains/fdr-common/.terraform.lock.hcl +++ b/src/domains/fdr-common/.terraform.lock.hcl @@ -1,74 +1,86 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/azure/azapi" { + version = "1.13.1" + constraints = "<= 1.13.1" + hashes = [ + "h1:2cnqo8u7YMuBexFZv8/lXGxIn1dXuEnC44LAL90GAa0=", + "h1:EHLgSlpuzCcWaDBCB3J1D5xkHKoEeX8TkeYNlnRA1qc=", + "zh:1f2aceddd67ceeb82a75c2f15dc01e54781e9aed5968507dbc29590c165b2e2b", + "zh:397f0bfbac899d48e23cecf38d362c27562150aa20b19157b5bd370b8e6801ee", + "zh:652263b7d00623684e29ef7b8ff285a17c5bd7cc8ba7d22967c66d0b3a3c568a", + "zh:652c53320a41434942877515780296a1509be03f32d54e60178f39200f960a67", + "zh:666426faf686401e54ec09fe06e9d7c06a6455ec398764f70558440c73aeb7f9", + "zh:6aa91ae8ba78f2494f99b4c99e66d15ed0b14d735cd1f77adc12ff9dfa075807", + "zh:a529e5a13c37d1805c469227f08cdbe7527d04dd64d18709d26627c6a0b588b1", + "zh:a589c049205e8e5bf94a13d56b28f400d908ad27e13e16df64408ee82eb8a0ff", + "zh:a9a50defdee230f315f74be6c77ff104fe2610a1b3ad6b87326f555e80d13b18", + "zh:ba49ef70d96e13795e2dbffd6cb2ff976dfe84e0373a5971ebe3b4c9c9b7af60", + "zh:d3ed50efe5f8c80d3d7d464ab9a13ccf82440d871c9ce3032ce476845364c6b9", + "zh:e3eb48ee8c36ee4f81850d8a21fc59b81886c729d7c3b7adece4a25f355bed2f", + ] +} + provider "registry.terraform.io/hashicorp/azuread" { - version = "2.30.0" - constraints = "2.30.0" + version = "2.47.0" + constraints = "<= 2.47.0" hashes = [ - "h1:MimDtBEnmdMwbriZQzga/kCjDZ1G0+QLVQjrYdBEpdc=", - "h1:Uw4TcmJBEJ71h+oCwwidlkk5jFpyFRDPAFCMs/bT/cw=", - "h1:WnSPiREAFwnBUKREokMdHQ8Cjs47MzvS9pG8VS1ktec=", - "h1:eMxghqjmi2DCdps3dgo2SVOUfebzCatA3OdsTowlqXw=", - "h1:xzNKb+lWPsBTxJiaAJ8ECZnY+D6QNM9tA1qpEncIba0=", + "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", + "h1:iRwDQBdXBpVBoYwM9au2RG01RQuJSm3TGQ2kioFVAas=", + "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:2e62c193030e04ebb10cc0526119cf69824bf2d7e4ea5a2f45bd5d5fb7221d36", - "zh:2f3c7a35257332d68b778cefc5201a5f044e4914dd03794a4da662ddfe756483", - "zh:35d0d3a1b58fdb8b8c4462d6b7e7016042da43ea9cc734ce897f52a73407d9b0", - "zh:47ede0cd0206ec953d40bf4a80aa6e59af64e26cbbd877614ac424533dbb693b", - "zh:48c190307d4d42ea67c9b8cc544025024753f46cef6ea64db84735e7055a72da", - "zh:6fff9b2c6a962252a70a15b400147789ab369b35a781e9d21cce3804b04d29af", - "zh:7646980cf3438bff29c91ffedb74458febbb00a996638751fbd204ab1c628c9b", - "zh:77aa2fa7ca6d5446afa71d4ff83cb87b70a2f3b72110fc442c339e8e710b2928", - "zh:e20b2b2c37175b89dd0db058a096544d448032e28e3b56e2db368343533a9684", - "zh:eab175b1dfe9865ad9404dccb6d5542899f8c435095aa7c679314b811c717ce7", - "zh:efc862bd78c55d2ff089729e2a34c1831ab4b0644fc11b36ee4ebed00a4797ba", + "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", + "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f", + "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17", + "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569", + "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a", + "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e", + "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee", + "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57", + "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb", + "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811", ] } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.45.0" - constraints = ">= 3.30.0, >= 3.45.0, <= 3.45.0, <= 3.53.0, <= 3.71.0, <= 3.84.0" + version = "3.107.0" + constraints = "~> 3.30, ~> 3.76, != 3.97.0, != 3.97.1, <= 3.107.0" hashes = [ - "h1:4BOYXFMiLk4ozEZHUhquRnE5urebcWvaCUV3uys646o=", - "h1:V3CLlXij3vZzxw51hvCBnqriy73llPG21NjO+7sLr+U=", - "h1:VQWxV5+qelZeUCjpdLvZ7iAom4RvG+fVVgK6ELvw/cs=", - "h1:WupjURkT1JPNBRzKmrSsD1Y8zhuQnL3ctKBpNLZBsLA=", - "h1:gQLNY1I5e9kcle1p/VYEWb0eteQ/t5kUfnqVu2/GBNY=", - "zh:04c5dbb8845366ce5eb0dc2d55e151270cc2c0ace20993867fdae9af43b953ad", - "zh:2589585da615ccae341400d45d672ee3fae413fdd88449b5befeff12a85a44b2", - "zh:603869ed98fff5d9bf841a51afd9e06b628533c59356c8433aef4b15df63f5f7", - "zh:853fecab9c987b6772c8d9aa10362675f6c626b60ebc7118aa33ce91366fcc38", - "zh:979848c45e8e058862c36ba3a661457f7c81ef26ebb6634f479600de9c203d65", - "zh:9b512c8588ecc9c1b803b746a3a8517422561a918f0dfb0faaa707ed53ef1760", - "zh:a9601ffb58043426bcff1220662d6d137f0b2857a24f2dcf180aeac2c9cea688", - "zh:d52d2652328f0ed3ba202561d88cb9f43c174edbfaab1abf69f772125dbfe15e", - "zh:d92d91ca597c47f575bf3ae129f4b723be9b7dcb71b906ec6ec740fac29b1aaa", - "zh:ded73b730e4197b70fda9e83447c119f92f75dc37be3ff2ed45730c8f0348c28", - "zh:ec37ac332d50f8ca5827f97198346b0f8ecbf470e2e3ba1e027bb389d826b902", + "h1:IuCRZEfFU0lp1h3nhBT4cnyB3oOIXTDNFtrQ5/Aywp4=", + "h1:gk6yMuxWOxN01e68uTwJvQ91x8roEwyeYJBwNrYFHIk=", + "zh:0a5bfcdef1dad509c4f45c0ada2c8e2cc058cf9542ddec48fbee18c4097bce9e", + "zh:0b56736691e4b28ea15b381a4711ff39719ff83a40ce97cd283eb21988f471f6", + "zh:13d55030c8be466b5de4819e4a8b84da69a40b15bfa0cc2588f5270b4682fa89", + "zh:1eac398718cd0973f94015e49ff69a6ed8c860d69e4adbd192c7bea775af2941", + "zh:7b1984b60abc7f53298950680bda504eca8d70c9d0d906d6dee2aac6a827f9d6", + "zh:86f63ad98576d698c6ba8defa9165160633f086145a1f060014a93f5c2fb384e", + "zh:afc78e7e0e76b4d2593ca2ec78b064c896888d03c6cb82f2c5bd37e815e056e7", + "zh:b84997b287c673b297ede08404133279dbc72f070c8d6e4284bf62637de4bfb4", + "zh:dd1d21c8a37938082a5c2497eacd76bacb1ac459bc9d38ee782443fa87a2247d", + "zh:edcaca84c6473427d36f940748e5ce4d1d50b393012f6f6c0ec4303792f607d9", + "zh:f0892ecd0eea0c06710056048d8bb75c4c3bda74de7ba41afa60d7b9c9a3b0ca", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } provider "registry.terraform.io/hashicorp/null" { - version = "3.1.1" - constraints = "3.1.1, <= 3.2.1" + version = "3.2.2" + constraints = "~> 3.2, <= 3.2.2" hashes = [ - "h1:1J3nqAREzuaLE7x98LEELCCaMV6BRiawHSg9MmFvfQo=", - "h1:71sNUDvmiJcijsvfXpiLCz0lXIBSsEJjMxljt7hxMhw=", - "h1:Pctug/s/2Hg5FJqjYcTM0kPyx3AoYK1MpRWO0T9V2ns=", - "h1:YvH6gTaQzGdNv+SKTZujU1O0bO+Pw6vJHOPhqgN8XNs=", - "h1:ZD4wyZ0KJzt5s2mD0xD7paJlVONNicLvZKdgtezz02I=", - "zh:063466f41f1d9fd0dd93722840c1314f046d8760b1812fa67c34de0afcba5597", - "zh:08c058e367de6debdad35fc24d97131c7cf75103baec8279aba3506a08b53faf", - "zh:73ce6dff935150d6ddc6ac4a10071e02647d10175c173cfe5dca81f3d13d8afe", + "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=", + "h1:vWAsYRd7MjYr3adj8BVKRohVfHpWQdvkIwUQ2Jf5FVM=", + "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", + "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", + "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", + "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", + "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", + "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", + "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8fdd792a626413502e68c195f2097352bdc6a0df694f7df350ed784741eb587e", - "zh:976bbaf268cb497400fd5b3c774d218f3933271864345f18deebe4dcbfcd6afa", - "zh:b21b78ca581f98f4cdb7a366b03ae9db23a73dfa7df12c533d7c19b68e9e72e5", - "zh:b7fc0c1615dbdb1d6fd4abb9c7dc7da286631f7ca2299fb9cd4664258ccfbff4", - "zh:d1efc942b2c44345e0c29bc976594cb7278c38cfb8897b344669eafbc3cddf46", - "zh:e356c245b3cd9d4789bab010893566acace682d7db877e52d40fc4ca34a50924", - "zh:ea98802ba92fcfa8cf12cbce2e9e7ebe999afbf8ed47fa45fc847a098d89468b", - "zh:eff8872458806499889f6927b5d954560f3d74bf20b6043409edf94d26cd906f", + "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", + "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", + "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", + "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", ] } diff --git a/src/domains/fdr-common/01_network.tf b/src/domains/fdr-common/01_network.tf index 596847dcc6..f1c0772595 100644 --- a/src/domains/fdr-common/01_network.tf +++ b/src/domains/fdr-common/01_network.tf @@ -60,7 +60,7 @@ data "azurerm_private_dns_zone" "privatelink_queue_azure_com" { module "fdr_storage_snet" { count = var.env_short == "d" ? 0 : 1 - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v6.7.0" + source = "./.terraform/modules/__v3__/subnet" name = "${local.project}-storage-snet" address_prefixes = var.cidr_subnet_storage_account @@ -75,7 +75,7 @@ module "fdr_storage_snet" { } module "cosmosdb_fdr_snet" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v6.3.1" + source = "./.terraform/modules/__v3__/subnet" name = "${local.project}-cosmosb-snet" address_prefixes = var.cidr_subnet_cosmosdb_fdr resource_group_name = local.vnet_resource_group_name diff --git a/src/domains/fdr-common/03_cosmos_mongodb_fdr.tf b/src/domains/fdr-common/03_cosmos_mongodb_fdr.tf index b17f62da05..e125d38812 100644 --- a/src/domains/fdr-common/03_cosmos_mongodb_fdr.tf +++ b/src/domains/fdr-common/03_cosmos_mongodb_fdr.tf @@ -1,5 +1,5 @@ module "cosmosdb_account_mongodb" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account?ref=v6.3.1" + source = "./.terraform/modules/__v3__/cosmosdb_account" domain = null name = "${local.project}-cosmos-account" location = var.location @@ -14,7 +14,7 @@ module "cosmosdb_account_mongodb" { public_network_access_enabled = var.cosmos_mongo_db_fdr_params.public_network_access_enabled private_endpoint_enabled = var.cosmos_mongo_db_fdr_params.private_endpoint_enabled subnet_id = module.cosmosdb_fdr_snet.id - private_dns_zone_ids = [data.azurerm_private_dns_zone.cosmos.id] + private_dns_zone_mongo_ids = [data.azurerm_private_dns_zone.cosmos.id] is_virtual_network_filter_enabled = var.cosmos_mongo_db_fdr_params.is_virtual_network_filter_enabled allowed_virtual_network_subnet_ids = var.cosmos_mongo_db_fdr_params.public_network_access_enabled ? [] : [data.azurerm_subnet.aks_subnet.id] @@ -167,7 +167,7 @@ locals { } module "cosmosdb_fdr_collections" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_mongodb_collection?ref=v6.3.1" + source = "./.terraform/modules/__v3__/cosmosdb_mongodb_collection" for_each = { for index, coll in local.collections : diff --git a/src/domains/fdr-common/03_cosmos_mongodb_fdr_re.tf b/src/domains/fdr-common/03_cosmos_mongodb_fdr_re.tf index a052753ffd..9cd666045e 100644 --- a/src/domains/fdr-common/03_cosmos_mongodb_fdr_re.tf +++ b/src/domains/fdr-common/03_cosmos_mongodb_fdr_re.tf @@ -1,5 +1,5 @@ module "cosmosdb_account_mongodb_fdr_re" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account?ref=v6.3.1" + source = "./.terraform/modules/__v3__/cosmosdb_account" domain = var.domain name = "${local.project}-re-cosmos-account" location = var.location @@ -14,7 +14,7 @@ module "cosmosdb_account_mongodb_fdr_re" { public_network_access_enabled = var.cosmos_mongo_db_fdr_re_params.public_network_access_enabled private_endpoint_enabled = var.cosmos_mongo_db_fdr_re_params.private_endpoint_enabled subnet_id = module.cosmosdb_fdr_snet.id - private_dns_zone_ids = [data.azurerm_private_dns_zone.cosmos.id] + private_dns_zone_mongo_ids = [data.azurerm_private_dns_zone.cosmos.id] is_virtual_network_filter_enabled = var.cosmos_mongo_db_fdr_re_params.is_virtual_network_filter_enabled allowed_virtual_network_subnet_ids = var.cosmos_mongo_db_fdr_re_params.public_network_access_enabled ? [] : [data.azurerm_subnet.aks_subnet.id] @@ -65,7 +65,7 @@ locals { } module "cosmosdb_fdr_re_collections" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_mongodb_collection?ref=v6.3.1" + source = "./.terraform/modules/__v3__/cosmosdb_mongodb_collection" for_each = { for index, coll in local.fdr_re_collections : diff --git a/src/domains/fdr-common/03_postgresql.tf b/src/domains/fdr-common/03_postgresql.tf index 9eb3908b74..45c62b6a58 100644 --- a/src/domains/fdr-common/03_postgresql.tf +++ b/src/domains/fdr-common/03_postgresql.tf @@ -17,7 +17,7 @@ data "azurerm_key_vault_secret" "pgres_flex_admin_pwd" { # Postgres Flexible Server subnet module "postgres_flexible_snet" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v6.2.1" + source = "./.terraform/modules/__v3__/subnet" name = "${local.project}-pgres-flexible-snet" address_prefixes = var.cidr_subnet_flex_dbms resource_group_name = data.azurerm_resource_group.rg_vnet.name @@ -37,31 +37,37 @@ module "postgres_flexible_snet" { } module "postgres_flexible_server_fdr" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//postgres_flexible_server?ref=v7.23.0" - name = "${local.project}-flexible-postgresql" - location = azurerm_resource_group.db_rg.location - resource_group_name = azurerm_resource_group.db_rg.name - private_endpoint_enabled = var.pgres_flex_params.pgres_flex_private_endpoint_enabled - private_dns_zone_id = var.env_short != "d" ? data.azurerm_private_dns_zone.postgres[0].id : null - delegated_subnet_id = var.env_short != "d" ? module.postgres_flexible_snet.id : null - high_availability_enabled = var.pgres_flex_params.pgres_flex_ha_enabled - standby_availability_zone = var.env_short != "d" ? var.pgres_flex_params.standby_zone : null - pgbouncer_enabled = var.pgres_flex_params.pgres_flex_pgbouncer_enabled - diagnostic_settings_enabled = var.pgres_flex_params.pgres_flex_diagnostic_settings_enabled - administrator_login = data.azurerm_key_vault_secret.pgres_flex_admin_login.value - administrator_password = data.azurerm_key_vault_secret.pgres_flex_admin_pwd.value + source = "./.terraform/modules/__v3__/postgres_flexible_server" + + name = "${local.project}-flexible-postgresql" + location = azurerm_resource_group.db_rg.location + resource_group_name = azurerm_resource_group.db_rg.name + + private_endpoint_enabled = var.pgres_flex_params.pgres_flex_private_endpoint_enabled + private_dns_zone_id = var.env_short != "d" ? data.azurerm_private_dns_zone.postgres[0].id : null + delegated_subnet_id = module.postgres_flexible_snet.id + public_network_access_enabled = var.pgres_flex_params.public_network_access_enabled + + administrator_login = data.azurerm_key_vault_secret.pgres_flex_admin_login.value + administrator_password = data.azurerm_key_vault_secret.pgres_flex_admin_pwd.value sku_name = var.pgres_flex_params.sku_name db_version = var.pgres_flex_params.db_version storage_mb = var.pgres_flex_params.storage_mb - zone = var.env_short == "d" ? 2 : var.pgres_flex_params.zone + zone = var.pgres_flex_params.zone backup_retention_days = var.pgres_flex_params.backup_retention_days - geo_redundant_backup_enabled = var.pgres_flex_params.geo_redundant_backup_enabled create_mode = var.pgres_flex_params.create_mode + geo_redundant_backup_enabled = var.pgres_flex_params.geo_redundant_backup_enabled + + high_availability_enabled = var.pgres_flex_params.pgres_flex_ha_enabled + standby_availability_zone = var.pgres_flex_params.standby_zone + pgbouncer_enabled = var.pgres_flex_params.pgres_flex_pgbouncer_enabled + diagnostic_settings_enabled = var.pgres_flex_params.pgres_flex_diagnostic_settings_enabled + log_analytics_workspace_id = var.env_short != "d" ? data.azurerm_log_analytics_workspace.log_analytics.id : null - log_analytics_workspace_id = var.env_short != "d" ? data.azurerm_log_analytics_workspace.log_analytics.id : null - custom_metric_alerts = var.custom_metric_alerts + custom_metric_alerts = var.custom_metric_alerts + alerts_enabled = var.pgres_flex_params.alerts_enabled alert_action = [ { action_group_id = data.azurerm_monitor_action_group.email.id @@ -124,11 +130,29 @@ resource "azurerm_postgresql_flexible_server_configuration" "fdr_db_flex_min_poo server_id = module.postgres_flexible_server_fdr.id value = var.pgres_flex_params.pgbouncer_min_pool_size } -resource "azurerm_postgresql_flexible_server_configuration" "fdr_db_flex_default_pool_size" { - count = var.pgres_flex_params.pgres_flex_pgbouncer_enabled ? 1 : 0 - name = "pgbouncer.default_pool_size" + + +# CDC https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-logical +resource "azurerm_postgresql_flexible_server_configuration" "fdr_db_flex_max_worker_process" { + name = "max_worker_processes" + server_id = module.postgres_flexible_server_fdr.id + value = var.pgres_flex_params.max_worker_process # var.env_short == "d" ? 16 : 32 +} + +resource "azurerm_postgresql_flexible_server_configuration" "fdr_db_flex_wal_level" { + count = var.pgres_flex_params.wal_level != null ? 1 : 0 + + name = "wal_level" + server_id = module.postgres_flexible_server_fdr.id + value = var.pgres_flex_params.wal_level # "logical", ... +} + +resource "azurerm_postgresql_flexible_server_configuration" "fdr_db_flex_shared_preoload_libraries" { + count = var.pgres_flex_params.wal_level != null ? 1 : 0 + + name = "shared_preload_libraries" server_id = module.postgres_flexible_server_fdr.id - value = var.pgres_flex_params.pgbouncer_default_pool_size + value = var.pgres_flex_params.shared_preoload_libraries # "pg_failover_slots" } diff --git a/src/domains/fdr-common/03_postgresql_replica.tf b/src/domains/fdr-common/03_postgresql_replica.tf index d9a0bafccc..709b3f61f3 100644 --- a/src/domains/fdr-common/03_postgresql_replica.tf +++ b/src/domains/fdr-common/03_postgresql_replica.tf @@ -1,8 +1,7 @@ - # Postgres Flexible Server subnet module "postgres_flexible_snet_replica" { count = var.geo_replica_enabled ? 1 : 0 - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v6.2.1" + source = "./.terraform/modules/__v3__/subnet" name = "${local.project_replica}-pgres-flexible-snet" address_prefixes = var.geo_replica_cidr_subnet_postgresql resource_group_name = data.azurerm_resource_group.rg_vnet.name @@ -24,7 +23,7 @@ module "postgres_flexible_snet_replica" { module "postgresql_fdr_replica_db" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//postgres_flexible_server_replica?ref=v7.22.0" + source = "./.terraform/modules/__v3__/postgres_flexible_server_replica" count = var.geo_replica_enabled ? 1 : 0 name = "${local.project_replica}-flexible-postgresql" @@ -35,10 +34,13 @@ module "postgresql_fdr_replica_db" { delegated_subnet_id = module.postgres_flexible_snet_replica[0].id private_endpoint_enabled = var.pgres_flex_params.pgres_flex_private_endpoint_enabled - sku_name = var.pgres_flex_params.sku_name + sku_name = var.pgres_flex_params.sku_name + storage_mb = var.pgres_flex_params.storage_mb high_availability_enabled = false pgbouncer_enabled = var.pgres_flex_params.pgres_flex_pgbouncer_enabled + max_connections = var.pgres_flex_params.max_connections + max_worker_process = var.pgres_flex_params.max_worker_process source_server_id = module.postgres_flexible_server_fdr.id @@ -81,4 +83,3 @@ resource "azurerm_private_dns_cname_record" "cname_record" { ttl = 300 record = "${null_resource.virtual_endpoint[0].triggers.ve_name}.writer.postgres.database.azure.com" } - diff --git a/src/domains/fdr-common/03_storage_account_fdr.tf b/src/domains/fdr-common/03_storage_account_fdr.tf index a075217bca..2b4e1b8149 100644 --- a/src/domains/fdr-common/03_storage_account_fdr.tf +++ b/src/domains/fdr-common/03_storage_account_fdr.tf @@ -6,7 +6,7 @@ resource "azurerm_resource_group" "fdr_rg" { } module "fdr_conversion_sa" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account?ref=v7.18.0" + source = "./.terraform/modules/__v3__/storage_account" name = replace("${local.project}-sa", "-", "") account_kind = var.fdr_storage_account.account_kind diff --git a/src/domains/fdr-common/03_storage_account_fdr_history.tf b/src/domains/fdr-common/03_storage_account_fdr_history.tf index d0e003a320..d0dc6dd3bc 100644 --- a/src/domains/fdr-common/03_storage_account_fdr_history.tf +++ b/src/domains/fdr-common/03_storage_account_fdr_history.tf @@ -6,7 +6,7 @@ resource "azurerm_resource_group" "fdr_history_rg" { } module "fdr_history_sa" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account?ref=v7.18.0" + source = "./.terraform/modules/__v3__/storage_account" name = replace("${local.project}-history-sa", "-", "") account_kind = var.fdr_history_storage_account.account_kind diff --git a/src/domains/fdr-common/03_storage_account_fdr_re.tf b/src/domains/fdr-common/03_storage_account_fdr_re.tf index 7fc95e0663..313d762783 100644 --- a/src/domains/fdr-common/03_storage_account_fdr_re.tf +++ b/src/domains/fdr-common/03_storage_account_fdr_re.tf @@ -6,7 +6,7 @@ resource "azurerm_resource_group" "fdr_re_rg" { } module "fdr_re_sa" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account?ref=v7.18.0" + source = "./.terraform/modules/__v3__/storage_account" name = replace("${local.project}-re-sa", "-", "") account_kind = var.fdr_re_storage_account.account_kind diff --git a/src/domains/fdr-common/03_storage_account_reporting_fdr.tf b/src/domains/fdr-common/03_storage_account_reporting_fdr.tf index 6e4e427836..5d7f063ff5 100644 --- a/src/domains/fdr-common/03_storage_account_reporting_fdr.tf +++ b/src/domains/fdr-common/03_storage_account_reporting_fdr.tf @@ -4,7 +4,7 @@ data "azurerm_resource_group" "reporting_fdr_rg" { ## Flows Storage Account module "fdr_flows_sa" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account?ref=v6.17.0" + source = "./.terraform/modules/__v3__/storage_account" name = replace("${local.product}-fdr-flows-sa", "-", "") account_kind = "StorageV2" diff --git a/src/domains/fdr-common/10_github_identity.tf b/src/domains/fdr-common/10_github_identity.tf index 6b4153dc37..71b4b08156 100644 --- a/src/domains/fdr-common/10_github_identity.tf +++ b/src/domains/fdr-common/10_github_identity.tf @@ -55,7 +55,7 @@ locals { # create a module for each 20 repos module "identity_cd_01" { - source = "github.com/pagopa/terraform-azurerm-v3//github_federated_identity?ref=v7.45.0" + source = "github.com/pagopa/terraform-azurerm-v3//github_federated_identity" # pagopa---github--identity prefix = var.prefix env_short = var.env_short @@ -80,7 +80,7 @@ module "identity_cd_01" { # create a module for each 20 repos module "identity_ci_01" { count = var.env_short == "p" ? 0 : 1 - source = "github.com/pagopa/terraform-azurerm-v3//github_federated_identity?ref=v7.45.0" + source = "github.com/pagopa/terraform-azurerm-v3//github_federated_identity" # pagopa---github--identity prefix = var.prefix env_short = var.env_short diff --git a/src/domains/fdr-common/99_main.tf b/src/domains/fdr-common/99_main.tf index 4d01bc7f79..ba5879b866 100644 --- a/src/domains/fdr-common/99_main.tf +++ b/src/domains/fdr-common/99_main.tf @@ -1,16 +1,20 @@ terraform { required_providers { + azapi = { + source = "azure/azapi" + version = "<= 1.13.1" + } azurerm = { source = "hashicorp/azurerm" - version = ">= 3.45.0" + version = "<= 3.107.0" } azuread = { source = "hashicorp/azuread" - version = "2.30.0" + version = "<= 2.47.0" } null = { source = "hashicorp/null" - version = "= 3.1.1" + version = "<= 3.2.2" } } @@ -28,3 +32,7 @@ provider "azurerm" { data "azurerm_subscription" "current" {} data "azurerm_client_config" "current" {} + +module "__v3__" { + source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=ce3200bf6673671bd6e641722e6c9d7500043fda" +} diff --git a/src/domains/fdr-common/99_variables.tf b/src/domains/fdr-common/99_variables.tf index 5203b11e96..09a48b8d9b 100644 --- a/src/domains/fdr-common/99_variables.tf +++ b/src/domains/fdr-common/99_variables.tf @@ -149,7 +149,6 @@ variable "cidr_subnet_flex_dbms" { # Postgres Flexible variable "pgres_flex_params" { type = object({ - enabled = bool sku_name = string db_version = string storage_mb = string @@ -162,9 +161,13 @@ variable "pgres_flex_params" { pgres_flex_ha_enabled = bool pgres_flex_pgbouncer_enabled = bool pgres_flex_diagnostic_settings_enabled = bool + alerts_enabled = bool max_connections = number pgbouncer_min_pool_size = number - pgbouncer_default_pool_size = number + max_worker_process = number + wal_level = string + shared_preoload_libraries = string + public_network_access_enabled = bool }) } @@ -383,74 +386,80 @@ variable "fdr_storage_account" { variable "fdr_re_storage_account" { type = object({ - account_kind = string - account_tier = string - account_replication_type = string - advanced_threat_protection = bool - blob_versioning_enabled = bool - public_network_access_enabled = bool - blob_delete_retention_days = number - enable_low_availability_alert = bool - backup_enabled = optional(bool, false) - backup_retention = optional(number, 0) + account_kind = string + account_tier = string + account_replication_type = string + advanced_threat_protection = bool + advanced_threat_protection_enabled = bool + blob_versioning_enabled = bool + public_network_access_enabled = bool + blob_delete_retention_days = number + enable_low_availability_alert = bool + backup_enabled = optional(bool, false) + backup_retention = optional(number, 0) }) default = { - account_kind = "StorageV2" - account_tier = "Standard" - account_replication_type = "LRS" - blob_versioning_enabled = false - advanced_threat_protection = true - public_network_access_enabled = false - blob_delete_retention_days = 30 - enable_low_availability_alert = false - backup_enabled = false - backup_retention = 0 + account_kind = "StorageV2" + account_tier = "Standard" + account_replication_type = "LRS" + blob_versioning_enabled = false + advanced_threat_protection = true + advanced_threat_protection_enabled = true + public_network_access_enabled = false + blob_delete_retention_days = 30 + enable_low_availability_alert = false + backup_enabled = false + backup_retention = 0 } } variable "fdr_history_storage_account" { type = object({ - account_kind = string - account_tier = string - account_replication_type = string - advanced_threat_protection = bool - blob_versioning_enabled = bool - public_network_access_enabled = bool - blob_delete_retention_days = number - enable_low_availability_alert = bool - backup_enabled = optional(bool, false) - backup_retention = optional(number, 0) + account_kind = string + account_tier = string + account_replication_type = string + advanced_threat_protection = bool + advanced_threat_protection_enabled = bool + blob_versioning_enabled = bool + public_network_access_enabled = bool + blob_delete_retention_days = number + enable_low_availability_alert = bool + backup_enabled = optional(bool, false) + backup_retention = optional(number, 0) }) default = { - account_kind = "StorageV2" - account_tier = "Standard" - account_replication_type = "LRS" - blob_versioning_enabled = false - advanced_threat_protection = true - public_network_access_enabled = false - blob_delete_retention_days = 30 - enable_low_availability_alert = false - backup_enabled = false - backup_retention = 0 + account_kind = "StorageV2" + account_tier = "Standard" + account_replication_type = "LRS" + blob_versioning_enabled = false + advanced_threat_protection = true + advanced_threat_protection_enabled = true + public_network_access_enabled = false + blob_delete_retention_days = 30 + enable_low_availability_alert = false + backup_enabled = false + backup_retention = 0 } } variable "reporting_fdr_storage_account" { type = object({ - advanced_threat_protection = bool - blob_versioning_enabled = bool - blob_delete_retention_days = number - account_replication_type = string + advanced_threat_protection = bool + advanced_threat_protection_enabled = bool + blob_versioning_enabled = bool + blob_delete_retention_days = number + account_replication_type = string }) default = { - advanced_threat_protection = false - blob_versioning_enabled = false - blob_delete_retention_days = 30 - account_replication_type = "LRS" + advanced_threat_protection = false + advanced_threat_protection_enabled = false + blob_versioning_enabled = false + blob_delete_retention_days = 30 + account_replication_type = "LRS" } } diff --git a/src/domains/fdr-common/README.md b/src/domains/fdr-common/README.md index 8ebe7b6b37..a802c6a9aa 100644 --- a/src/domains/fdr-common/README.md +++ b/src/domains/fdr-common/README.md @@ -6,30 +6,32 @@ | Name | Version | |------|---------| -| [azuread](#requirement\_azuread) | 2.30.0 | -| [azurerm](#requirement\_azurerm) | >= 3.45.0 | -| [null](#requirement\_null) | = 3.1.1 | +| [azapi](#requirement\_azapi) | <= 1.13.1 | +| [azuread](#requirement\_azuread) | <= 2.47.0 | +| [azurerm](#requirement\_azurerm) | <= 3.107.0 | +| [null](#requirement\_null) | <= 3.2.2 | ## Modules | Name | Source | Version | |------|--------|---------| -| [cosmosdb\_account\_mongodb](#module\_cosmosdb\_account\_mongodb) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account | v6.3.1 | -| [cosmosdb\_account\_mongodb\_fdr\_re](#module\_cosmosdb\_account\_mongodb\_fdr\_re) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account | v6.3.1 | -| [cosmosdb\_fdr\_collections](#module\_cosmosdb\_fdr\_collections) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_mongodb_collection | v6.3.1 | -| [cosmosdb\_fdr\_re\_collections](#module\_cosmosdb\_fdr\_re\_collections) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_mongodb_collection | v6.3.1 | -| [cosmosdb\_fdr\_snet](#module\_cosmosdb\_fdr\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | -| [fdr\_conversion\_sa](#module\_fdr\_conversion\_sa) | git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account | v7.18.0 | -| [fdr\_flows\_sa](#module\_fdr\_flows\_sa) | git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account | v6.17.0 | -| [fdr\_history\_sa](#module\_fdr\_history\_sa) | git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account | v7.18.0 | -| [fdr\_re\_sa](#module\_fdr\_re\_sa) | git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account | v7.18.0 | -| [fdr\_storage\_snet](#module\_fdr\_storage\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.7.0 | -| [identity\_cd\_01](#module\_identity\_cd\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | v7.45.0 | -| [identity\_ci\_01](#module\_identity\_ci\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | v7.45.0 | -| [postgres\_flexible\_server\_fdr](#module\_postgres\_flexible\_server\_fdr) | git::https://github.com/pagopa/terraform-azurerm-v3.git//postgres_flexible_server | v7.23.0 | -| [postgres\_flexible\_snet](#module\_postgres\_flexible\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.2.1 | -| [postgres\_flexible\_snet\_replica](#module\_postgres\_flexible\_snet\_replica) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.2.1 | -| [postgresql\_fdr\_replica\_db](#module\_postgresql\_fdr\_replica\_db) | git::https://github.com/pagopa/terraform-azurerm-v3.git//postgres_flexible_server_replica | v7.22.0 | +| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 91622428555c2fe3342fe174bf16388be1698df4 | +| [cosmosdb\_account\_mongodb](#module\_cosmosdb\_account\_mongodb) | ./.terraform/modules/__v3__/cosmosdb_account | n/a | +| [cosmosdb\_account\_mongodb\_fdr\_re](#module\_cosmosdb\_account\_mongodb\_fdr\_re) | ./.terraform/modules/__v3__/cosmosdb_account | n/a | +| [cosmosdb\_fdr\_collections](#module\_cosmosdb\_fdr\_collections) | ./.terraform/modules/__v3__/cosmosdb_mongodb_collection | n/a | +| [cosmosdb\_fdr\_re\_collections](#module\_cosmosdb\_fdr\_re\_collections) | ./.terraform/modules/__v3__/cosmosdb_mongodb_collection | n/a | +| [cosmosdb\_fdr\_snet](#module\_cosmosdb\_fdr\_snet) | ./.terraform/modules/__v3__/subnet | n/a | +| [fdr\_conversion\_sa](#module\_fdr\_conversion\_sa) | ./.terraform/modules/__v3__/storage_account | n/a | +| [fdr\_flows\_sa](#module\_fdr\_flows\_sa) | ./.terraform/modules/__v3__/storage_account | n/a | +| [fdr\_history\_sa](#module\_fdr\_history\_sa) | ./.terraform/modules/__v3__/storage_account | n/a | +| [fdr\_re\_sa](#module\_fdr\_re\_sa) | ./.terraform/modules/__v3__/storage_account | n/a | +| [fdr\_storage\_snet](#module\_fdr\_storage\_snet) | ./.terraform/modules/__v3__/subnet | n/a | +| [identity\_cd\_01](#module\_identity\_cd\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | n/a | +| [identity\_ci\_01](#module\_identity\_ci\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | n/a | +| [postgres\_flexible\_server\_fdr](#module\_postgres\_flexible\_server\_fdr) | ./.terraform/modules/__v3__/postgres_flexible_server | n/a | +| [postgres\_flexible\_snet](#module\_postgres\_flexible\_snet) | ./.terraform/modules/__v3__/subnet | n/a | +| [postgres\_flexible\_snet\_replica](#module\_postgres\_flexible\_snet\_replica) | ./.terraform/modules/__v3__/subnet | n/a | +| [postgresql\_fdr\_replica\_db](#module\_postgresql\_fdr\_replica\_db) | ./.terraform/modules/__v3__/postgres_flexible_server_replica | n/a | ## Resources @@ -60,10 +62,12 @@ | [azurerm_key_vault_secret.test_org_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | | [azurerm_key_vault_secret.test_psp_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | | [azurerm_monitor_scheduled_query_rules_alert.fdr_parsing_0_flows_alert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource | -| [azurerm_postgresql_flexible_server_configuration.fdr_db_flex_default_pool_size](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_configuration) | resource | | [azurerm_postgresql_flexible_server_configuration.fdr_db_flex_ignore_startup_parameters](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_configuration) | resource | | [azurerm_postgresql_flexible_server_configuration.fdr_db_flex_max_connection](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_configuration) | resource | +| [azurerm_postgresql_flexible_server_configuration.fdr_db_flex_max_worker_process](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_configuration) | resource | | [azurerm_postgresql_flexible_server_configuration.fdr_db_flex_min_pool_size](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_configuration) | resource | +| [azurerm_postgresql_flexible_server_configuration.fdr_db_flex_shared_preoload_libraries](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_configuration) | resource | +| [azurerm_postgresql_flexible_server_configuration.fdr_db_flex_wal_level](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_configuration) | resource | | [azurerm_postgresql_flexible_server_database.fdr_db](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_database) | resource | | [azurerm_postgresql_flexible_server_database.fdr_replica_db](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_database) | resource | | [azurerm_private_dns_a_record.ingress](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource | @@ -92,10 +96,10 @@ | [azurerm_storage_table.fdr_publish_history_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_table) | resource | | [azurerm_storage_table.fdr_re_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_table) | resource | | [azurerm_storage_table.xml_share_file_error_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_table) | resource | -| [null_resource.change_auth_fdr_blob_container](https://registry.terraform.io/providers/hashicorp/null/3.1.1/docs/resources/resource) | resource | -| [null_resource.github_runner_app_permissions_to_namespace_cd_01](https://registry.terraform.io/providers/hashicorp/null/3.1.1/docs/resources/resource) | resource | -| [null_resource.github_runner_app_permissions_to_namespace_ci_01](https://registry.terraform.io/providers/hashicorp/null/3.1.1/docs/resources/resource) | resource | -| [null_resource.virtual_endpoint](https://registry.terraform.io/providers/hashicorp/null/3.1.1/docs/resources/resource) | resource | +| [null_resource.change_auth_fdr_blob_container](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [null_resource.github_runner_app_permissions_to_namespace_cd_01](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [null_resource.github_runner_app_permissions_to_namespace_ci_01](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [null_resource.virtual_endpoint](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [azurerm_api_management.apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source | | [azurerm_api_management_product.fdr_internal_product](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source | | [azurerm_api_management_product.fdr_org_product](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source | @@ -139,9 +143,9 @@ | [cidr\_subnet\_cosmosdb\_fdr](#input\_cidr\_subnet\_cosmosdb\_fdr) | Cosmos DB address space for fdr. | `list(string)` | n/a | yes | | [cidr\_subnet\_flex\_dbms](#input\_cidr\_subnet\_flex\_dbms) | Postgresql network address space. | `list(string)` | n/a | yes | | [cidr\_subnet\_storage\_account](#input\_cidr\_subnet\_storage\_account) | Storage account network address space. | `list(string)` | n/a | yes | -| [cosmos\_mongo\_db\_fdr\_params](#input\_cosmos\_mongo\_db\_fdr\_params) | n/a | 
object({
    enabled        = bool
    capabilities   = list(string)
    offer_type     = string
    server_version = string
    kind           = string
    consistency_policy = object({
      consistency_level       = string
      max_interval_in_seconds = number
      max_staleness_prefix    = number
    })
    main_geo_location_zone_redundant = bool
    enable_free_tier                 = bool
    additional_geo_locations = list(object({
      location          = string
      failover_priority = number
      zone_redundant    = bool
    }))
    private_endpoint_enabled          = bool
    public_network_access_enabled     = bool
    is_virtual_network_filter_enabled = bool
    backup_continuous_enabled         = bool
    enable_serverless                 = bool
    enable_autoscaling                = bool
    throughput                        = number
    max_throughput                    = number
    container_default_ttl             = number
  })
| n/a | yes | -| [cosmos\_mongo\_db\_fdr\_re\_params](#input\_cosmos\_mongo\_db\_fdr\_re\_params) | n/a | 
object({
    capabilities   = list(string)
    offer_type     = string
    server_version = string
    kind           = string
    consistency_policy = object({
      consistency_level       = string
      max_interval_in_seconds = number
      max_staleness_prefix    = number
    })
    main_geo_location_zone_redundant = bool
    enable_free_tier                 = bool
    additional_geo_locations = list(object({
      location          = string
      failover_priority = number
      zone_redundant    = bool
    }))
    private_endpoint_enabled          = bool
    public_network_access_enabled     = bool
    is_virtual_network_filter_enabled = bool
    backup_continuous_enabled         = bool
    enable_serverless                 = bool
    enable_autoscaling                = bool
    throughput                        = number
    max_throughput                    = number
    container_default_ttl             = number
  })
| n/a | yes | -| [custom\_metric\_alerts](#input\_custom\_metric\_alerts) | Map of name = criteria objects | 
map(object({
    # criteria.*.aggregation to be one of [Average Count Minimum Maximum Total]
    aggregation = string
    metric_name = string
    # "Insights.Container/pods" "Insights.Container/nodes"
    metric_namespace = string
    # criteria.0.operator to be one of [Equals NotEquals GreaterThan GreaterThanOrEqual LessThan LessThanOrEqual]
    operator  = string
    threshold = number
    # Possible values are PT1M, PT5M, PT15M, PT30M and PT1H
    frequency = string
    # Possible values are PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H and P1D.
    window_size = string
    # severity: The severity of this Metric Alert. Possible values are 0, 1, 2, 3 and 4. Defaults to 3.
    severity = number
  }))
| 
{
  "active_connections": {
    "aggregation": "Average",
    "frequency": "PT5M",
    "metric_name": "active_connections",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT30M"
  },
  "connections_failed": {
    "aggregation": "Total",
    "frequency": "PT5M",
    "metric_name": "connections_failed",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT30M"
  },
  "cpu_percent": {
    "aggregation": "Average",
    "frequency": "PT5M",
    "metric_name": "cpu_percent",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 4500,
    "window_size": "PT30M"
  },
  "memory_percent": {
    "aggregation": "Average",
    "frequency": "PT5M",
    "metric_name": "memory_percent",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT30M"
  },
  "storage_percent": {
    "aggregation": "Average",
    "frequency": "PT5M",
    "metric_name": "storage_percent",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT30M"
  }
}
| no | +| [cosmos\_mongo\_db\_fdr\_params](#input\_cosmos\_mongo\_db\_fdr\_params) | n/a | 
object({
    enabled        = bool
    capabilities   = list(string)
    offer_type     = string
    server_version = string
    kind           = string
    consistency_policy = object({
      consistency_level       = string
      max_interval_in_seconds = number
      max_staleness_prefix    = number
    })
    main_geo_location_zone_redundant = bool
    enable_free_tier                 = bool
    additional_geo_locations = list(object({
      location          = string
      failover_priority = number
      zone_redundant    = bool
    }))
    private_endpoint_enabled          = bool
    public_network_access_enabled     = bool
    is_virtual_network_filter_enabled = bool
    backup_continuous_enabled         = bool
    enable_serverless                 = bool
    enable_autoscaling                = bool
    throughput                        = number
    max_throughput                    = number
    container_default_ttl             = number
  })
| n/a | yes | +| [cosmos\_mongo\_db\_fdr\_re\_params](#input\_cosmos\_mongo\_db\_fdr\_re\_params) | n/a | 
object({
    capabilities   = list(string)
    offer_type     = string
    server_version = string
    kind           = string
    consistency_policy = object({
      consistency_level       = string
      max_interval_in_seconds = number
      max_staleness_prefix    = number
    })
    main_geo_location_zone_redundant = bool
    enable_free_tier                 = bool
    additional_geo_locations = list(object({
      location          = string
      failover_priority = number
      zone_redundant    = bool
    }))
    private_endpoint_enabled          = bool
    public_network_access_enabled     = bool
    is_virtual_network_filter_enabled = bool
    backup_continuous_enabled         = bool
    enable_serverless                 = bool
    enable_autoscaling                = bool
    throughput                        = number
    max_throughput                    = number
    container_default_ttl             = number
  })
| n/a | yes | +| [custom\_metric\_alerts](#input\_custom\_metric\_alerts) | Map of name = criteria objects | 
map(object({
    # criteria.*.aggregation to be one of [Average Count Minimum Maximum Total]
    aggregation = string
    metric_name = string
    # "Insights.Container/pods" "Insights.Container/nodes"
    metric_namespace = string
    # criteria.0.operator to be one of [Equals NotEquals GreaterThan GreaterThanOrEqual LessThan LessThanOrEqual]
    operator  = string
    threshold = number
    # Possible values are PT1M, PT5M, PT15M, PT30M and PT1H
    frequency = string
    # Possible values are PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H and P1D.
    window_size = string
    # severity: The severity of this Metric Alert. Possible values are 0, 1, 2, 3 and 4. Defaults to 3.
    severity = number
  }))
| 
{
  "active_connections": {
    "aggregation": "Average",
    "frequency": "PT5M",
    "metric_name": "active_connections",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT30M"
  },
  "connections_failed": {
    "aggregation": "Total",
    "frequency": "PT5M",
    "metric_name": "connections_failed",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT30M"
  },
  "cpu_percent": {
    "aggregation": "Average",
    "frequency": "PT5M",
    "metric_name": "cpu_percent",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 4500,
    "window_size": "PT30M"
  },
  "memory_percent": {
    "aggregation": "Average",
    "frequency": "PT5M",
    "metric_name": "memory_percent",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT30M"
  },
  "storage_percent": {
    "aggregation": "Average",
    "frequency": "PT5M",
    "metric_name": "storage_percent",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT30M"
  }
}
| no | | [dns\_zone\_internal\_prefix](#input\_dns\_zone\_internal\_prefix) | The dns subdomain. | `string` | `null` | no | | [domain](#input\_domain) | n/a | `string` | n/a | yes | | [enable\_iac\_pipeline](#input\_enable\_iac\_pipeline) | If true create the key vault policy to allow used by azure devops iac pipelines. | `bool` | `false` | no | @@ -149,15 +153,15 @@ | [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | | [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no | | [fdr\_convertion\_delete\_retention\_days](#input\_fdr\_convertion\_delete\_retention\_days) | Number of days to retain deleted. | `number` | `30` | no | -| [fdr\_history\_storage\_account](#input\_fdr\_history\_storage\_account) | n/a | 
object({
    account_kind                  = string
    account_tier                  = string
    account_replication_type      = string
    advanced_threat_protection    = bool
    blob_versioning_enabled       = bool
    public_network_access_enabled = bool
    blob_delete_retention_days    = number
    enable_low_availability_alert = bool
    backup_enabled                = optional(bool, false)
    backup_retention              = optional(number, 0)
  })
| 
{
  "account_kind": "StorageV2",
  "account_replication_type": "LRS",
  "account_tier": "Standard",
  "advanced_threat_protection": true,
  "backup_enabled": false,
  "backup_retention": 0,
  "blob_delete_retention_days": 30,
  "blob_versioning_enabled": false,
  "enable_low_availability_alert": false,
  "public_network_access_enabled": false
}
| no | +| [fdr\_history\_storage\_account](#input\_fdr\_history\_storage\_account) | n/a | 
object({
    account_kind                       = string
    account_tier                       = string
    account_replication_type           = string
    advanced_threat_protection         = bool
    advanced_threat_protection_enabled = bool
    blob_versioning_enabled            = bool
    public_network_access_enabled      = bool
    blob_delete_retention_days         = number
    enable_low_availability_alert      = bool
    backup_enabled                     = optional(bool, false)
    backup_retention                   = optional(number, 0)
  })
| 
{
  "account_kind": "StorageV2",
  "account_replication_type": "LRS",
  "account_tier": "Standard",
  "advanced_threat_protection": true,
  "advanced_threat_protection_enabled": true,
  "backup_enabled": false,
  "backup_retention": 0,
  "blob_delete_retention_days": 30,
  "blob_versioning_enabled": false,
  "enable_low_availability_alert": false,
  "public_network_access_enabled": false
}
| no | | [fdr\_re\_advanced\_threat\_protection](#input\_fdr\_re\_advanced\_threat\_protection) | Enable contract threat advanced protection | `bool` | `false` | no | | [fdr\_re\_delete\_retention\_days](#input\_fdr\_re\_delete\_retention\_days) | Number of days to retain deleted. | `number` | `30` | no | -| [fdr\_re\_storage\_account](#input\_fdr\_re\_storage\_account) | n/a | 
object({
    account_kind                  = string
    account_tier                  = string
    account_replication_type      = string
    advanced_threat_protection    = bool
    blob_versioning_enabled       = bool
    public_network_access_enabled = bool
    blob_delete_retention_days    = number
    enable_low_availability_alert = bool
    backup_enabled                = optional(bool, false)
    backup_retention              = optional(number, 0)
  })
| 
{
  "account_kind": "StorageV2",
  "account_replication_type": "LRS",
  "account_tier": "Standard",
  "advanced_threat_protection": true,
  "backup_enabled": false,
  "backup_retention": 0,
  "blob_delete_retention_days": 30,
  "blob_versioning_enabled": false,
  "enable_low_availability_alert": false,
  "public_network_access_enabled": false
}
| no | +| [fdr\_re\_storage\_account](#input\_fdr\_re\_storage\_account) | n/a | 
object({
    account_kind                       = string
    account_tier                       = string
    account_replication_type           = string
    advanced_threat_protection         = bool
    advanced_threat_protection_enabled = bool
    blob_versioning_enabled            = bool
    public_network_access_enabled      = bool
    blob_delete_retention_days         = number
    enable_low_availability_alert      = bool
    backup_enabled                     = optional(bool, false)
    backup_retention                   = optional(number, 0)
  })
| 
{
  "account_kind": "StorageV2",
  "account_replication_type": "LRS",
  "account_tier": "Standard",
  "advanced_threat_protection": true,
  "advanced_threat_protection_enabled": true,
  "backup_enabled": false,
  "backup_retention": 0,
  "blob_delete_retention_days": 30,
  "blob_versioning_enabled": false,
  "enable_low_availability_alert": false,
  "public_network_access_enabled": false
}
| no | | [fdr\_re\_versioning](#input\_fdr\_re\_versioning) | Enable sa versioning | `bool` | `false` | no | -| [fdr\_storage\_account](#input\_fdr\_storage\_account) | n/a | 
object({
    account_kind                  = string
    account_tier                  = string
    account_replication_type      = string
    advanced_threat_protection    = bool
    blob_versioning_enabled       = bool
    public_network_access_enabled = bool
    blob_delete_retention_days    = number
    enable_low_availability_alert = bool
    backup_enabled                = optional(bool, false)
    backup_retention              = optional(number, 0)
  })
| 
{
  "account_kind": "StorageV2",
  "account_replication_type": "LRS",
  "account_tier": "Standard",
  "advanced_threat_protection": true,
  "backup_enabled": false,
  "backup_retention": 0,
  "blob_delete_retention_days": 30,
  "blob_versioning_enabled": false,
  "enable_low_availability_alert": false,
  "public_network_access_enabled": false
}
| no | +| [fdr\_storage\_account](#input\_fdr\_storage\_account) | n/a | 
object({
    account_kind                  = string
    account_tier                  = string
    account_replication_type      = string
    advanced_threat_protection    = bool
    blob_versioning_enabled       = bool
    public_network_access_enabled = bool
    blob_delete_retention_days    = number
    enable_low_availability_alert = bool
    backup_enabled                = optional(bool, false)
    backup_retention              = optional(number, 0)
  })
| 
{
  "account_kind": "StorageV2",
  "account_replication_type": "LRS",
  "account_tier": "Standard",
  "advanced_threat_protection": true,
  "backup_enabled": false,
  "backup_retention": 0,
  "blob_delete_retention_days": 30,
  "blob_versioning_enabled": false,
  "enable_low_availability_alert": false,
  "public_network_access_enabled": false
}
| no | | [geo\_replica\_cidr\_subnet\_postgresql](#input\_geo\_replica\_cidr\_subnet\_postgresql) | Address prefixes replica subnet postgresql | `list(string)` | `null` | no | | [geo\_replica\_enabled](#input\_geo\_replica\_enabled) | (Optional) True if geo replica should be active for key data components i.e. PostgreSQL Flexible servers | `bool` | `false` | no | -| [github](#input\_github) | n/a | 
object({
    org = string
  })
| 
{
  "org": "pagopa"
}
| no | +| [github](#input\_github) | n/a | 
object({
    org = string
  })
| 
{
  "org": "pagopa"
}
| no | | [ingress\_load\_balancer\_ip](#input\_ingress\_load\_balancer\_ip) | n/a | `string` | n/a | yes | | [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | | [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no | @@ -169,13 +173,13 @@ | [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes | | [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes | | [pgres\_flex\_fdr\_db\_name](#input\_pgres\_flex\_fdr\_db\_name) | FdR DB name | `string` | `"fdr"` | no | -| [pgres\_flex\_params](#input\_pgres\_flex\_params) | Postgres Flexible | 
object({
    enabled                                = bool
    sku_name                               = string
    db_version                             = string
    storage_mb                             = string
    zone                                   = number
    standby_zone                           = optional(number, 1)
    backup_retention_days                  = number
    geo_redundant_backup_enabled           = bool
    create_mode                            = string
    pgres_flex_private_endpoint_enabled    = bool
    pgres_flex_ha_enabled                  = bool
    pgres_flex_pgbouncer_enabled           = bool
    pgres_flex_diagnostic_settings_enabled = bool
    max_connections                        = number
    pgbouncer_min_pool_size                = number
    pgbouncer_default_pool_size            = number
  })
| n/a | yes | +| [pgres\_flex\_params](#input\_pgres\_flex\_params) | Postgres Flexible | 
object({
    sku_name                               = string
    db_version                             = string
    storage_mb                             = string
    zone                                   = number
    standby_zone                           = optional(number, 1)
    backup_retention_days                  = number
    geo_redundant_backup_enabled           = bool
    create_mode                            = string
    pgres_flex_private_endpoint_enabled    = bool
    pgres_flex_ha_enabled                  = bool
    pgres_flex_pgbouncer_enabled           = bool
    pgres_flex_diagnostic_settings_enabled = bool
    alerts_enabled                         = bool
    max_connections                        = number
    pgbouncer_min_pool_size                = number
    max_worker_process                     = number
    wal_level                              = string
    shared_preoload_libraries              = string
    public_network_access_enabled          = bool
  })
| n/a | yes | | [postgres\_dns\_registration\_enabled](#input\_postgres\_dns\_registration\_enabled) | (Optional) If true, adds a CNAME record for the database FQDN in the db private dns | `bool` | `false` | no | | [postgres\_dns\_registration\_virtual\_endpoint\_enabled](#input\_postgres\_dns\_registration\_virtual\_endpoint\_enabled) | (Optional) If true, adds a CNAME record for the database VE in the db private dns | `bool` | `false` | no | | [prefix](#input\_prefix) | n/a | `string` | n/a | yes | | [reporting\_fdr\_blobs\_retention\_days](#input\_reporting\_fdr\_blobs\_retention\_days) | The number of day for storage\_management\_policy | `number` | `30` | no | -| [reporting\_fdr\_storage\_account](#input\_reporting\_fdr\_storage\_account) | n/a | 
object({
    advanced_threat_protection = bool
    blob_versioning_enabled    = bool
    blob_delete_retention_days = number
    account_replication_type   = string
  })
| 
{
  "account_replication_type": "LRS",
  "advanced_threat_protection": false,
  "blob_delete_retention_days": 30,
  "blob_versioning_enabled": false
}
| no | -| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | +| [reporting\_fdr\_storage\_account](#input\_reporting\_fdr\_storage\_account) | n/a | 
object({
    advanced_threat_protection         = bool
    advanced_threat_protection_enabled = bool
    blob_versioning_enabled            = bool
    blob_delete_retention_days         = number
    account_replication_type           = string
  })
| 
{
  "account_replication_type": "LRS",
  "advanced_threat_protection": false,
  "advanced_threat_protection_enabled": false,
  "blob_delete_retention_days": 30,
  "blob_versioning_enabled": false
}
| no | +| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | ## Outputs diff --git a/src/domains/fdr-common/env/weu-dev/terraform.tfvars b/src/domains/fdr-common/env/weu-dev/terraform.tfvars index 733f3a88c2..f3306188f9 100644 --- a/src/domains/fdr-common/env/weu-dev/terraform.tfvars +++ b/src/domains/fdr-common/env/weu-dev/terraform.tfvars @@ -34,9 +34,8 @@ enable_iac_pipeline = true pgres_flex_params = { - enabled = true - sku_name = "GP_Standard_D4ds_v4" - db_version = "13" + sku_name = "GP_Standard_D2ds_v4" + db_version = "15" # Possible values are 32768, 65536, 131072, 262144, 524288, 1048576, # 2097152, 4194304, 8388608, 16777216, and 33554432. storage_mb = 32768 @@ -47,10 +46,15 @@ pgres_flex_params = { pgres_flex_private_endpoint_enabled = false pgres_flex_ha_enabled = false pgres_flex_pgbouncer_enabled = true + standby_availability_zone = 2 pgres_flex_diagnostic_settings_enabled = false - max_connections = 1700 - pgbouncer_min_pool_size = 100 - pgbouncer_default_pool_size = 100 + alerts_enabled = false + max_connections = 1000 + pgbouncer_min_pool_size = 1 + max_worker_process = 16 + wal_level = "logical" + shared_preoload_libraries = "pg_failover_slots" + public_network_access_enabled = true } custom_metric_alerts = { @@ -170,36 +174,39 @@ cosmos_mongo_db_fdr_re_params = { # Storage Account cidr_subnet_storage_account = ["10.1.179.0/24"] fdr_storage_account = { - account_kind = "StorageV2" - account_tier = "Standard" - account_replication_type = "LRS" - blob_versioning_enabled = false - advanced_threat_protection = false - public_network_access_enabled = true - blob_delete_retention_days = 30 - enable_low_availability_alert = false + account_kind = "StorageV2" + account_tier = "Standard" + account_replication_type = "LRS" + blob_versioning_enabled = false + advanced_threat_protection = false + advanced_threat_protection_enabled = false + public_network_access_enabled = true + blob_delete_retention_days = 30 + enable_low_availability_alert = false } fdr_re_storage_account = { - account_kind = "StorageV2" - account_tier = "Standard" - account_replication_type = "LRS" - blob_versioning_enabled = false - advanced_threat_protection = false - public_network_access_enabled = true - blob_delete_retention_days = 30 - enable_low_availability_alert = false + account_kind = "StorageV2" + account_tier = "Standard" + account_replication_type = "LRS" + blob_versioning_enabled = false + advanced_threat_protection = false + advanced_threat_protection_enabled = false + public_network_access_enabled = true + blob_delete_retention_days = 30 + enable_low_availability_alert = false } fdr_history_storage_account = { - account_kind = "StorageV2" - account_tier = "Standard" - account_replication_type = "LRS" - blob_versioning_enabled = false - advanced_threat_protection = false - public_network_access_enabled = true - blob_delete_retention_days = 30 - enable_low_availability_alert = false + account_kind = "StorageV2" + account_tier = "Standard" + account_replication_type = "LRS" + blob_versioning_enabled = false + advanced_threat_protection = false + advanced_threat_protection_enabled = false + public_network_access_enabled = true + blob_delete_retention_days = 30 + enable_low_availability_alert = false } diff --git a/src/domains/fdr-common/env/weu-prod/terraform.tfvars b/src/domains/fdr-common/env/weu-prod/terraform.tfvars index be96dbcc58..9997dbbf60 100644 --- a/src/domains/fdr-common/env/weu-prod/terraform.tfvars +++ b/src/domains/fdr-common/env/weu-prod/terraform.tfvars @@ -35,24 +35,28 @@ enable_iac_pipeline = true pgres_flex_params = { - enabled = true sku_name = "GP_Standard_D4ds_v4" - db_version = "13" + db_version = "15" # Possible values are 32768, 65536, 131072, 262144, 524288, 1048576, # 2097152, 4194304, 8388608, 16777216, and 33554432. - storage_mb = 32768 - zone = 1 - standby_zone = 2 + storage_mb = 1048576 # 1Tib + zone = 2 + standby_zone = 1 backup_retention_days = 30 geo_redundant_backup_enabled = true create_mode = "Default" pgres_flex_private_endpoint_enabled = true pgres_flex_ha_enabled = true pgres_flex_pgbouncer_enabled = true + standby_availability_zone = 2 pgres_flex_diagnostic_settings_enabled = false - max_connections = 1700 - pgbouncer_min_pool_size = 500 - pgbouncer_default_pool_size = 1000 + alerts_enabled = false + max_connections = 5000 + pgbouncer_min_pool_size = 10 + max_worker_process = 32 + wal_level = "logical" + shared_preoload_libraries = "pg_failover_slots" + public_network_access_enabled = false } custom_metric_alerts = { @@ -183,53 +187,57 @@ cosmos_mongo_db_fdr_re_params = { cidr_subnet_storage_account = ["10.1.179.0/24"] fdr_storage_account = { - account_kind = "StorageV2" - account_tier = "Standard" - account_replication_type = "GZRS" - blob_versioning_enabled = true - advanced_threat_protection = true - public_network_access_enabled = false - blob_delete_retention_days = 90 - enable_low_availability_alert = false - backup_enabled = true - backup_retention = 30 + account_kind = "StorageV2" + account_tier = "Standard" + account_replication_type = "GZRS" + blob_versioning_enabled = true + advanced_threat_protection = true + advanced_threat_protection_enabled = false + public_network_access_enabled = false + blob_delete_retention_days = 90 + enable_low_availability_alert = false + backup_enabled = true + backup_retention = 30 } fdr_re_storage_account = { - account_kind = "StorageV2" - account_tier = "Standard" - account_replication_type = "GZRS" - blob_versioning_enabled = true - advanced_threat_protection = true - public_network_access_enabled = false - blob_delete_retention_days = 90 - enable_low_availability_alert = false - backup_enabled = true - backup_retention = 30 + account_kind = "StorageV2" + account_tier = "Standard" + account_replication_type = "GZRS" + blob_versioning_enabled = true + advanced_threat_protection = true + advanced_threat_protection_enabled = false + public_network_access_enabled = false + blob_delete_retention_days = 90 + enable_low_availability_alert = false + backup_enabled = true + backup_retention = 30 } fdr_history_storage_account = { - account_kind = "StorageV2" - account_tier = "Standard" - account_replication_type = "GZRS" - blob_versioning_enabled = true - advanced_threat_protection = true - public_network_access_enabled = false - blob_delete_retention_days = 90 - enable_low_availability_alert = false - backup_enabled = true - backup_retention = 30 + account_kind = "StorageV2" + account_tier = "Standard" + account_replication_type = "GZRS" + blob_versioning_enabled = true + advanced_threat_protection = true + advanced_threat_protection_enabled = false + public_network_access_enabled = false + blob_delete_retention_days = 90 + enable_low_availability_alert = false + backup_enabled = true + backup_retention = 30 } fdr_flow_storage_account = { - account_kind = "StorageV2" - account_tier = "Standard" - account_replication_type = "GZRS" - blob_versioning_enabled = false - advanced_threat_protection = true - public_network_access_enabled = false - blob_delete_retention_days = 90 - enable_low_availability_alert = false + account_kind = "StorageV2" + account_tier = "Standard" + account_replication_type = "GZRS" + blob_versioning_enabled = false + advanced_threat_protection = true + advanced_threat_protection_enabled = false + public_network_access_enabled = false + blob_delete_retention_days = 90 + enable_low_availability_alert = false } # @@ -247,8 +255,9 @@ postgres_dns_registration_virtual_endpoint_enabled = true reporting_fdr_storage_account = { - advanced_threat_protection = false - blob_versioning_enabled = false - blob_delete_retention_days = 30 - account_replication_type = "GZRS" + advanced_threat_protection = false + advanced_threat_protection_enabled = false + blob_versioning_enabled = false + blob_delete_retention_days = 30 + account_replication_type = "GZRS" } diff --git a/src/domains/fdr-common/env/weu-uat/terraform.tfvars b/src/domains/fdr-common/env/weu-uat/terraform.tfvars index c00fcb7c28..af6653ceda 100644 --- a/src/domains/fdr-common/env/weu-uat/terraform.tfvars +++ b/src/domains/fdr-common/env/weu-uat/terraform.tfvars @@ -34,9 +34,8 @@ enable_iac_pipeline = true pgres_flex_params = { - enabled = true sku_name = "GP_Standard_D4ds_v4" - db_version = "13" + db_version = "15" # Possible values are 32768, 65536, 131072, 262144, 524288, 1048576, # 2097152, 4194304, 8388608, 16777216, and 33554432. storage_mb = 32768 @@ -47,10 +46,15 @@ pgres_flex_params = { pgres_flex_private_endpoint_enabled = true pgres_flex_ha_enabled = false pgres_flex_pgbouncer_enabled = true + standby_availability_zone = 2 pgres_flex_diagnostic_settings_enabled = false - max_connections = 1700 - pgbouncer_min_pool_size = 500 - pgbouncer_default_pool_size = 1000 + alerts_enabled = false + max_connections = 5000 + pgbouncer_min_pool_size = 10 + max_worker_process = 32 + wal_level = "logical" + shared_preoload_libraries = "pg_failover_slots" + public_network_access_enabled = false } custom_metric_alerts = { @@ -134,7 +138,7 @@ cosmos_mongo_db_fdr_params = { enable_serverless = false enable_autoscaling = true - max_throughput = 2000 + max_throughput = 15000 throughput = 1000 } @@ -163,7 +167,7 @@ cosmos_mongo_db_fdr_re_params = { enable_serverless = false enable_autoscaling = true - max_throughput = 2000 + max_throughput = 10000 throughput = 1000 } @@ -172,36 +176,48 @@ cosmos_mongo_db_fdr_re_params = { cidr_subnet_storage_account = ["10.1.179.0/24"] fdr_storage_account = { - account_kind = "StorageV2" - account_tier = "Standard" - account_replication_type = "LRS" - blob_versioning_enabled = false - advanced_threat_protection = false - public_network_access_enabled = false - blob_delete_retention_days = 90 - enable_low_availability_alert = false + account_kind = "StorageV2" + account_tier = "Standard" + account_replication_type = "LRS" + blob_versioning_enabled = false + advanced_threat_protection = true + advanced_threat_protection_enabled = false + public_network_access_enabled = true + blob_delete_retention_days = 90 + enable_low_availability_alert = false +} + +reporting_fdr_storage_account = { + advanced_threat_protection = true + advanced_threat_protection_enabled = false + blob_versioning_enabled = false + blob_delete_retention_days = 30 + account_replication_type = "LRS" + public_network_access_enabled = true } fdr_re_storage_account = { - account_kind = "StorageV2" - account_tier = "Standard" - account_replication_type = "LRS" - blob_versioning_enabled = false - advanced_threat_protection = false - public_network_access_enabled = false - blob_delete_retention_days = 90 - enable_low_availability_alert = false + account_kind = "StorageV2" + account_tier = "Standard" + account_replication_type = "LRS" + blob_versioning_enabled = false + advanced_threat_protection = true + advanced_threat_protection_enabled = false + public_network_access_enabled = true + blob_delete_retention_days = 90 + enable_low_availability_alert = false } fdr_history_storage_account = { - account_kind = "StorageV2" - account_tier = "Standard" - account_replication_type = "LRS" - blob_versioning_enabled = false - advanced_threat_protection = false - public_network_access_enabled = false - blob_delete_retention_days = 90 - enable_low_availability_alert = false + account_kind = "StorageV2" + account_tier = "Standard" + account_replication_type = "LRS" + blob_versioning_enabled = false + advanced_threat_protection = true + advanced_threat_protection_enabled = false + public_network_access_enabled = true + blob_delete_retention_days = 90 + enable_low_availability_alert = false }