IE Terraform Stack

Docs for the Ireland country deployment terraform

Requirements

Name Version
terraform >= 1.0
azuread =1.6.0
azurerm =2.71.0
helm =2.2.0
kubectl =1.11.2
kubernetes =2.4.1
null =3.1.0
random =3.1.0

Providers

Name Version
azuread 1.6.0
azurerm 2.71.0
helm 2.2.0
kubernetes 2.4.1
null 3.1.0
random 3.1.0
terraform n/a

Modules

Name Source Version
base_infra ../terraform-modules/base-infrastructure n/a

Resources

Name Type
azuread_application.msal_authentication resource
azuread_application_password.msal_authentication resource
azuread_service_principal.msal_authentication resource
azurerm_key_vault_certificate.dsc_key_store_certificate resource
azurerm_key_vault_certificate.tls_key_store_certificate resource
azurerm_key_vault_certificate.upload_key_store_certificate resource
azurerm_key_vault_secret.dsc_key_store_alias resource
azurerm_key_vault_secret.msal_authentication_client_secret resource
azurerm_key_vault_secret.tls_key_store_alias resource
azurerm_key_vault_secret.tls_trust_store_content resource
azurerm_key_vault_secret.tls_trust_store_password resource
azurerm_key_vault_secret.trustanchor_alias resource
azurerm_key_vault_secret.trustanchor_content resource
azurerm_key_vault_secret.trustanchor_password resource
azurerm_key_vault_secret.upload_key_store_alias resource
azurerm_mysql_database.businessrule_service_db resource
azurerm_mysql_database.issuance_service_db resource
azurerm_mysql_database.verifier_service_db resource
azurerm_role_assignment.dgca_businessrule_service_kv_role_assignment resource
azurerm_role_assignment.dgca_issuance_service_kv_role_assignment resource
azurerm_role_assignment.dgca_issuance_service_public_kv_role_assignment resource
azurerm_role_assignment.dgca_verifier_service_kv_role_assignment resource
azurerm_role_assignment.msal_identity_kv_role_assignment resource
azurerm_user_assigned_identity.dgca_businessrule_service_identity resource
azurerm_user_assigned_identity.dgca_issuance_service_identity resource
azurerm_user_assigned_identity.dgca_issuance_service_public_identity resource
azurerm_user_assigned_identity.dgca_issuance_web_identity resource
azurerm_user_assigned_identity.dgca_verifier_service_identity resource
azurerm_user_assigned_identity.msal_authentication resource
helm_release.dgca_businessrule_service resource
helm_release.dgca_issuance_service resource
helm_release.dgca_issuance_service_public resource
helm_release.dgca_issuance_web resource
helm_release.dgca_verifier_service resource
helm_release.msal_authentication resource
kubernetes_namespace.dgca_businessrule_service resource
kubernetes_namespace.dgca_issuance_service resource
kubernetes_namespace.dgca_issuance_service_public resource
kubernetes_namespace.dgca_issuance_web resource
kubernetes_namespace.dgca_verifier_service resource
null_resource.upsert_rules resource
random_uuid.web_auth_oauth2_scope resource
azuread_client_config.current data source
terraform_remote_state.dev data source
terraform_remote_state.eu data source

Inputs

Name Description Type Default Required
administrator_group_oid OID of the Group to grant Administrator permissions. This is used to allow access to the jumpboxes for deployments and troubleshooting string n/a yes
ghcr_password GitHub Container Registry Password string n/a yes
ghcr_username GitHub Container Registry Username string n/a yes
jump_box_identity_file The RSA Key for the Jump Box, required for remote executing code over SSH string n/a yes
jump_box_identity_host The Host address for the Jump Box, required for remote executing code over SSH string n/a yes
jump_box_identity_user The User for the Jump Box to authenticate, required for remote executing code over SSH string n/a yes
location Location Name string n/a yes
parent_dns_zone_name Parent DNS Zone Name string n/a yes
parent_dns_zone_rg_name Parent DNS Zone Resource Group Name string n/a yes
subscription_id Subscription to deploy into string n/a yes
tenant_id Tenant to deploy into string n/a yes
businessrule_service_version Version Number of the Business Rules Service string "1.1.2-b0be8f4-azure-0.0.1-1293959" no
enable_azure_policy Enable the creation of policy_set_definitions and resource_group_policy_assignment or not bool false no
enable_log_analytics_workspace Enable the creation of azurerm_log_analytics_workspace and azurerm_log_analytics_solution or not bool false no
generation Generation number to be appended to certain resource names (e.g. Purge Protected Key Vault’s). Changing this value can only be done during a fresh deployment. number 1 no
issuance_service_version Version Number of the Issuance Service string "1.0.5-7408b55-azure-0.0.1-1293959" no
issuance_web_version Version Number of the Issuance Web string "1.1.2-45daa28-azure-0.0.1-1293959" no
log_analytics_cluster_id Enable the sending of Azure Log Workspace to Log Analytics Analytics Custer ID supplied string null no
msal_proxy_version version of the msal docker image to use string "latest" no
nginx_image_tag Tag of the Nginx Image to import string "1.21.1" no
prefix Resource Name Prefix. Should be less than 6 chars. This is used to make sure some resource names are globally unique for some azure resources that require unique names (like Key Vault and Azure Container Registries) string "" no
utility_image_tag Tag of the Utility Image to import string "0.0.1-c5b4119" no
verifier_service_version Version Number of the Verifier Service string "1.0.4-5888cb7-azure-0.0.1-1293959" no

Outputs

Name Description
businessrule_service_url The url where the business rule backend can be accessed
issuance_service_url The url where the issuance backend can be accessed
issuance_web_address The web address where the issuance website can be accessed
verifier_service_url The url where the verifier service backend can be accessed