Template infra deploy #9573927323

navapbc · Jun 19, 2024 · fc5181f · fc5181f
1 parent e861516
commit fc5181f
Show file tree

Hide file tree

Showing 7 changed files with 15 additions and 3 deletions.
diff --git a/.template-version b/.template-version
@@ -1 +1 @@
-7c3f8da1b49e75cf00d27f1cd2ed09cedf95fb39
+1b738bce63b990648b3e6f7c24cced8cf3dbc6d2
diff --git a/infra/modules/database/backups.tf b/infra/modules/database/backups.tf
@@ -18,6 +18,9 @@ resource "aws_backup_plan" "backup_plan" {
 resource "aws_backup_vault" "backup_vault" {
   name        = "${var.name}-db-backup-vault"
   kms_key_arn = data.aws_kms_key.backup_vault_key.arn
+
+  # Use a separate line to support automated terraform destroy commands
+  force_destroy = false
 }
 
 # KMS Key for the vault

diff --git a/infra/modules/database/main.tf b/infra/modules/database/main.tf
@@ -41,11 +41,13 @@ resource "aws_rds_cluster" "db" {
   # checkov:skip=CKV_AWS_128:Auth decision needs to be ironed out
   # checkov:skip=CKV_AWS_162:Auth decision needs to be ironed out
   iam_database_authentication_enabled = true
-  deletion_protection                 = true
   copy_tags_to_snapshot               = true
   # final_snapshot_identifier = "${var.name}-final"
   skip_final_snapshot = true
 
+  # Use a separate line to support automated terraform destroy commands
+  deletion_protection = true
+
   serverlessv2_scaling_configuration {
     max_capacity = 1.0
     min_capacity = 0.5

diff --git a/infra/modules/service/access-logs.tf b/infra/modules/service/access-logs.tf
@@ -21,7 +21,10 @@ locals {
 
 resource "aws_s3_bucket" "access_logs" {
   bucket_prefix = "${var.service_name}-access-logs"
+
+  # Use a separate line to support automated terraform destroy commands
   force_destroy = false
+
   # checkov:skip=CKV2_AWS_62:Event notification not necessary for this bucket expecially due to likely use of lifecycle rules
   # checkov:skip=CKV_AWS_18:Access logging was not considered necessary for this bucket
   # checkov:skip=CKV_AWS_144:Not considered critical to the point of cross region replication

diff --git a/infra/modules/service/load-balancer.tf b/infra/modules/service/load-balancer.tf
@@ -11,6 +11,7 @@ resource "aws_lb" "alb" {
   security_groups = [aws_security_group.alb.id]
   subnets         = var.public_subnet_ids
 
+  # Use a separate line to support automated terraform destroy commands
   # checkov:skip=CKV_AWS_150:Allow deletion for automated tests
   enable_deletion_protection = !var.is_temporary
 

diff --git a/infra/modules/storage/main.tf b/infra/modules/storage/main.tf
@@ -1,5 +1,7 @@
 resource "aws_s3_bucket" "storage" {
-  bucket        = var.name
+  bucket = var.name
+
+  # Use a separate line to support automated terraform destroy commands
   force_destroy = false
 
   # checkov:skip=CKV_AWS_18:TODO(https://github.com/navapbc/template-infra/issues/507) Implement access logging

diff --git a/infra/modules/terraform-backend-s3/main.tf b/infra/modules/terraform-backend-s3/main.tf
@@ -52,6 +52,7 @@ resource "aws_s3_bucket" "tf_state" {
 
   # Prevent accidental destruction a developer executing terraform destory in the wrong directory. Contains terraform state files.
   lifecycle {
+    # Use a separate line to support automated terraform destroy commands
     prevent_destroy = true
   }
 }
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		7c3f8da1b49e75cf00d27f1cd2ed09cedf95fb39
		1b738bce63b990648b3e6f7c24cced8cf3dbc6d2