IE Terraform Stack

Docs for the Ireland country deployment terraform

Generated Content

This content in this section of the documentation is generated based on the Terraform source files.

Requirements

Name	Version
terraform	>= 1.0
azuread	=1.6.0
azurerm	=2.71.0
helm	=2.2.0
kubectl	=1.11.2
kubernetes	=2.4.1
null	=3.1.0
random	=3.1.0

Providers

Name	Version
azuread	1.6.0
azurerm	2.71.0
helm	2.2.0
kubernetes	2.4.1
null	3.1.0
random	3.1.0
terraform	n/a

Modules

Name	Source	Version
base_infra	../terraform-modules/base-infrastructure	n/a

Resources

Name	Type
azuread_application.msal_authentication	resource
azuread_application_password.msal_authentication	resource
azuread_service_principal.msal_authentication	resource
azurerm_key_vault_certificate.dsc_key_store_certificate	resource
azurerm_key_vault_certificate.tls_key_store_certificate	resource
azurerm_key_vault_certificate.upload_key_store_certificate	resource
azurerm_key_vault_secret.dsc_key_store_alias	resource
azurerm_key_vault_secret.msal_authentication_client_secret	resource
azurerm_key_vault_secret.tls_key_store_alias	resource
azurerm_key_vault_secret.tls_trust_store_content	resource
azurerm_key_vault_secret.tls_trust_store_password	resource
azurerm_key_vault_secret.trustanchor_alias	resource
azurerm_key_vault_secret.trustanchor_content	resource
azurerm_key_vault_secret.trustanchor_password	resource
azurerm_key_vault_secret.upload_key_store_alias	resource
azurerm_mysql_database.businessrule_service_db	resource
azurerm_mysql_database.issuance_service_db	resource
azurerm_mysql_database.verifier_service_db	resource
azurerm_role_assignment.dgca_businessrule_service_kv_role_assignment	resource
azurerm_role_assignment.dgca_issuance_service_kv_role_assignment	resource
azurerm_role_assignment.dgca_issuance_service_public_kv_role_assignment	resource
azurerm_role_assignment.dgca_verifier_service_kv_role_assignment	resource
azurerm_role_assignment.msal_identity_kv_role_assignment	resource
azurerm_user_assigned_identity.dgca_businessrule_service_identity	resource
azurerm_user_assigned_identity.dgca_issuance_service_identity	resource
azurerm_user_assigned_identity.dgca_issuance_service_public_identity	resource
azurerm_user_assigned_identity.dgca_issuance_web_identity	resource
azurerm_user_assigned_identity.dgca_verifier_service_identity	resource
azurerm_user_assigned_identity.msal_authentication	resource
helm_release.dgca_businessrule_service	resource
helm_release.dgca_issuance_service	resource
helm_release.dgca_issuance_service_public	resource
helm_release.dgca_issuance_web	resource
helm_release.dgca_verifier_service	resource
helm_release.msal_authentication	resource
kubernetes_namespace.dgca_businessrule_service	resource
kubernetes_namespace.dgca_issuance_service	resource
kubernetes_namespace.dgca_issuance_service_public	resource
kubernetes_namespace.dgca_issuance_web	resource
kubernetes_namespace.dgca_verifier_service	resource
null_resource.upsert_rules	resource
random_uuid.web_auth_oauth2_scope	resource
azuread_client_config.current	data source
terraform_remote_state.dev	data source
terraform_remote_state.eu	data source

Inputs

Name	Description	Type	Default	Required
administrator_group_oid	OID of the Group to grant Administrator permissions. This is used to allow access to the jumpboxes for deployments and troubleshooting	`string`	n/a	yes
ghcr_password	GitHub Container Registry Password	`string`	n/a	yes
ghcr_username	GitHub Container Registry Username	`string`	n/a	yes
jump_box_identity_file	The RSA Key for the Jump Box, required for remote executing code over SSH	`string`	n/a	yes
jump_box_identity_host	The Host address for the Jump Box, required for remote executing code over SSH	`string`	n/a	yes
jump_box_identity_user	The User for the Jump Box to authenticate, required for remote executing code over SSH	`string`	n/a	yes
location	Location Name	`string`	n/a	yes
parent_dns_zone_name	Parent DNS Zone Name	`string`	n/a	yes
parent_dns_zone_rg_name	Parent DNS Zone Resource Group Name	`string`	n/a	yes
subscription_id	Subscription to deploy into	`string`	n/a	yes
tenant_id	Tenant to deploy into	`string`	n/a	yes
businessrule_service_version	Version Number of the Business Rules Service	`string`	`"1.1.2-b0be8f4-azure-0.0.1-1293959"`	no
enable_azure_policy	Enable the creation of policy_set_definitions and resource_group_policy_assignment or not	`bool`	`false`	no
enable_log_analytics_workspace	Enable the creation of azurerm_log_analytics_workspace and azurerm_log_analytics_solution or not	`bool`	`false`	no
generation	Generation number to be appended to certain resource names (e.g. Purge Protected Key Vault’s). Changing this value can only be done during a fresh deployment.	`number`	`1`	no
issuance_service_version	Version Number of the Issuance Service	`string`	`"1.0.5-7408b55-azure-0.0.1-1293959"`	no
issuance_web_version	Version Number of the Issuance Web	`string`	`"1.1.2-45daa28-azure-0.0.1-1293959"`	no
log_analytics_cluster_id	Enable the sending of Azure Log Workspace to Log Analytics Analytics Custer ID supplied	`string`	`null`	no
msal_proxy_version	version of the msal docker image to use	`string`	`"latest"`	no
nginx_image_tag	Tag of the Nginx Image to import	`string`	`"1.21.1"`	no
prefix	Resource Name Prefix. Should be less than 6 chars. This is used to make sure some resource names are globally unique for some azure resources that require unique names (like Key Vault and Azure Container Registries)	`string`	`""`	no
utility_image_tag	Tag of the Utility Image to import	`string`	`"0.0.1-c5b4119"`	no
verifier_service_version	Version Number of the Verifier Service	`string`	`"1.0.4-5888cb7-azure-0.0.1-1293959"`	no

Outputs

Name	Description
businessrule_service_url	The url where the business rule backend can be accessed
issuance_service_url	The url where the issuance backend can be accessed
issuance_web_address	The web address where the issuance website can be accessed
verifier_service_url	The url where the verifier service backend can be accessed

Last modified January 10, 2022 : Use prebuilt DevContainer image by default (#67) (3d11e3a)