Infrastructure tweaks

TheOneFromNorway · TheOneFromNorway · commit f1ad0aea5675 · 2025-09-01T13:02:37.000+01:00
- Unique secret names on re-creation
- Unique names for security groups
diff --git a/terraform/app/ssm_parameters.tf b/terraform/app/ssm_parameters.tf
@@ -25,21 +25,27 @@ resource "aws_ssm_parameter" "cloud_variables" {
 }
 
 resource "aws_secretsmanager_secret" "jwt_sign" {
-  name                    = "rep-jwt-signing-secret-${var.environment}"
+  name                    = "rep-jwt-signing-secret-${var.environment}-${substr(uuid(), 0, 4)}"
   description             = "Secret for jwt signing"
   recovery_window_in_days = 7
   tags = {
     Name = "jwt-signing-${var.environment}"
   }
+  lifecycle {
+    ignore_changes = [name]
+  }
 }
 
 resource "aws_secretsmanager_secret" "reporting_flask" {
-  name                    = "reporting-cookie-secret-${var.environment}"
+  name                    = "reporting-cookie-secret-${var.environment}-${substr(uuid(), 0, 4)}"
   description             = "Secret for signing cookies in the reporting service"
   recovery_window_in_days = 7
   tags = {
     Name = "reporting-cookie-secret-${var.environment}"
   }
+  lifecycle {
+    ignore_changes = [name]
+  }
 }
 
 ephemeral "aws_secretsmanager_random_password" "reporting_flask" {
diff --git a/terraform/app/valkey.tf b/terraform/app/valkey.tf
@@ -112,7 +112,7 @@ resource "aws_cloudwatch_log_group" "valkey_engine_log" {
 }
 
 resource "aws_security_group" "reporting_valkey" {
-  name        = "mavis-cache-${var.environment}"
+  name        = "mavis-cache-reporting-${var.environment}"
   description = "Security group for Valkey ElastiCache for the reporting service"
   vpc_id      = aws_vpc.application_vpc.id
 
diff --git a/terraform/app/variables.tf b/terraform/app/variables.tf
@@ -121,9 +121,9 @@ variable "enable_enhanced_db_monitoring" {
 locals {
   is_production = var.environment == "production"
   parameter_store_variables = tomap({ #TODO: Remove once all variables are sourced from application config
-    MAVIS__ACADEMIC_YEAR_TODAY_OVERRIDE             = ""
-    MAVIS__ACADEMIC_YEAR_NUMBER_OF_PREPARATION_DAYS = ""
-    MAVIS__PDS__ENQUEUE_BULK_UPDATES                = ""
+    MAVIS__ACADEMIC_YEAR_TODAY_OVERRIDE             = "a"
+    MAVIS__ACADEMIC_YEAR_NUMBER_OF_PREPARATION_DAYS = "a"
+    MAVIS__PDS__ENQUEUE_BULK_UPDATES                = "a"
     MAVIS__PDS__RATE_LIMIT_PER_SECOND               = 5
     GOOD_JOB_MAX_THREADS                            = 5
     SIDEKIQ_CONCURRENCY                             = 5

Original file line number	Diff line number	Diff line change
`@@ -25,21 +25,27 @@ resource "aws_ssm_parameter" "cloud_variables" {`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`resource "aws_secretsmanager_secret" "jwt_sign" {`
`28`		`- name = "rep-jwt-signing-secret-${var.environment}"`
	`28`	`+ name = "rep-jwt-signing-secret-${var.environment}-${substr(uuid(), 0, 4)}"`
`29`	`29`	`description = "Secret for jwt signing"`
`30`	`30`	`recovery_window_in_days = 7`
`31`	`31`	`tags = {`
`32`	`32`	`Name = "jwt-signing-${var.environment}"`
`33`	`33`	`}`
	`34`	`+ lifecycle {`
	`35`	`+ ignore_changes = [name]`
	`36`	`+ }`
`34`	`37`	`}`
`35`	`38`
`36`	`39`	`resource "aws_secretsmanager_secret" "reporting_flask" {`
`37`		`- name = "reporting-cookie-secret-${var.environment}"`
	`40`	`+ name = "reporting-cookie-secret-${var.environment}-${substr(uuid(), 0, 4)}"`
`38`	`41`	`description = "Secret for signing cookies in the reporting service"`
`39`	`42`	`recovery_window_in_days = 7`
`40`	`43`	`tags = {`
`41`	`44`	`Name = "reporting-cookie-secret-${var.environment}"`
`42`	`45`	`}`
	`46`	`+ lifecycle {`
	`47`	`+ ignore_changes = [name]`
	`48`	`+ }`
`43`	`49`	`}`
`44`	`50`
`45`	`51`	`ephemeral "aws_secretsmanager_random_password" "reporting_flask" {`
Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,7 @@ resource "aws_cloudwatch_log_group" "valkey_engine_log" {`
`112`	`112`	`}`
`113`	`113`
`114`	`114`	`resource "aws_security_group" "reporting_valkey" {`
`115`		`- name = "mavis-cache-${var.environment}"`
	`115`	`+ name = "mavis-cache-reporting-${var.environment}"`
`116`	`116`	`description = "Security group for Valkey ElastiCache for the reporting service"`
`117`	`117`	`vpc_id = aws_vpc.application_vpc.id`
`118`	`118`