Merge pull request #4542 from govuk-one-login/ATO-618/cloudfront-staging

Ato:618: Cloudfront configuration for staging
govuk-one-login · May 30, 2024 · ed5a8bb · ed5a8bb
2 parents 47b0458 + d720486
commit ed5a8bb
Show file tree

Hide file tree

Showing 11 changed files with 149 additions and 2 deletions.
diff --git a/ci/cloudfront-orchestration/cloudfront/README.md b/ci/cloudfront-orchestration/cloudfront/README.md
@@ -15,7 +15,7 @@ The list of permitted environments is set up in the script. The script will auto
 account and then create or update the Cloudformation stack using the parameters and tags provided.
 
 If you have not done so already, your AWS profiles will need to be configured using the
-script [here](../../../scripts/export_aws_creds.sh).
+script [here](../../../scripts/set-up-sso.sh).
 
 Note that the `dev` environment refers to the `oidc.sandpit.account.gov.uk` domain.
 

diff --git a/ci/cloudfront-orchestration/cloudfront/deploy.sh b/ci/cloudfront-orchestration/cloudfront/deploy.sh
@@ -96,7 +96,6 @@ if [[ $# == 2 ]] && [[ $2 == "--create" ]]; then
 else
     aws cloudformation update-stack \
         --region eu-west-2 \
-        --enable-termination-protection \
         --stack-name="$ENVIRONMENT-oidc-cloudfront" \
         --capabilities CAPABILITY_NAMED_IAM \
         --template-url ${TEMPLATE_URL} \

diff --git a/ci/cloudfront-orchestration/cloudfront/dev/parameters.json b/ci/cloudfront-orchestration/cloudfront/dev/parameters.json
@@ -18,5 +18,9 @@
   {
     "ParameterKey": "StandardLoggingEnabled",
     "ParameterValue": "true"
+  },
+  {
+    "ParameterKey": "LogDestination",
+    "ParameterValue":  "csls_cw_logs_destination_prodpython"
   }
 ]
diff --git a/ci/cloudfront-orchestration/cloudfront/staging/parameters.json b/ci/cloudfront-orchestration/cloudfront/staging/parameters.json
@@ -0,0 +1,26 @@
+[
+  {
+    "ParameterKey": "DistributionAlias",
+    "ParameterValue": "oidc.staging.account.gov.uk"
+  },
+  {
+    "ParameterKey": "CloudFrontCertArn",
+    "ParameterValue": "arn:aws:acm:us-east-1:758531536632:certificate/56a88729-5b5e-4eff-b131-23f8dfc91c66"
+  },
+  {
+    "ParameterKey": "FraudHeaderEnabled",
+    "ParameterValue": "false"
+  },
+  {
+    "ParameterKey": "CloudFrontWafACL",
+    "ParameterValue": "arn:aws:wafv2:us-east-1:758531536632:global/webacl/staging-oidc-cloudfront-waf/0a9c88b9-7a82-4294-9fb1-883b8a155af3"
+  },
+  {
+    "ParameterKey": "StandardLoggingEnabled",
+    "ParameterValue": "true"
+  },
+  {
+    "ParameterKey": "LogDestination",
+    "ParameterValue":  "csls_cw_logs_destination_prodpython"
+  }
+]
diff --git a/ci/cloudfront-orchestration/cloudfront/staging/tags.json b/ci/cloudfront-orchestration/cloudfront/staging/tags.json
@@ -0,0 +1,22 @@
+[
+  {
+    "Key": "Product",
+    "Value": "GOV.UK Sign In"
+  },
+  {
+    "Key": "System",
+    "Value": "Orchestration"
+  },
+  {
+    "Key": "Environment",
+    "Value": "staging"
+  },
+  {
+    "Key": "Owner",
+    "Value": "di-orchestration@digital.cabinet-office.gov.uk"
+  },
+  {
+    "Key": "Repository",
+    "Value": "govuk-one-login/authentication-api"
+  }
+]
diff --git a/ci/cloudfront-orchestration/monitoring/staging/parameters.json b/ci/cloudfront-orchestration/monitoring/staging/parameters.json
@@ -0,0 +1,14 @@
+[
+  {
+    "ParameterKey": "CloudfrontDistribution",
+    "ParameterValue": "E1ULCVNG0ES8DC"
+  },
+  {
+    "ParameterKey": "CloudFrontAdditionaldMetricsEnabled",
+    "ParameterValue": "true"
+  },
+  {
+    "ParameterKey": "CacheHitAlarmSNSTopicARN",
+    "ParameterValue": "arn:aws:sns:us-east-1:758531536632:staging-oidc-cloudfront-alerts"
+  }
+]
diff --git a/ci/cloudfront-orchestration/monitoring/staging/tags.json b/ci/cloudfront-orchestration/monitoring/staging/tags.json
@@ -0,0 +1,22 @@
+[
+  {
+    "Key": "Product",
+    "Value": "GOV.UK Sign In"
+  },
+  {
+    "Key": "System",
+    "Value": "Orchestration"
+  },
+  {
+    "Key": "Environment",
+    "Value": "staging"
+  },
+  {
+    "Key": "Owner",
+    "Value": "di-orchestration@digital.cabinet-office.gov.uk"
+  },
+  {
+    "Key": "Repository",
+    "Value": "govuk-one-login/authentication-api"
+  }
+]
diff --git a/ci/cloudfront-orchestration/tls-certificate/staging/parameters.json b/ci/cloudfront-orchestration/tls-certificate/staging/parameters.json
@@ -0,0 +1,10 @@
+[
+  {
+    "ParameterKey": "HostedZoneID",
+    "ParameterValue": "Z013545810R9Q9A5U2JW5"
+  },
+  {
+    "ParameterKey": "DomainName",
+    "ParameterValue": "oidc.staging.account.gov.uk"
+  }
+]
diff --git a/ci/cloudfront-orchestration/tls-certificate/staging/tags.json b/ci/cloudfront-orchestration/tls-certificate/staging/tags.json
@@ -0,0 +1,22 @@
+[
+  {
+    "Key": "Product",
+    "Value": "GOV.UK Sign In"
+  },
+  {
+    "Key": "System",
+    "Value": "Orchestration"
+  },
+  {
+    "Key": "Environment",
+    "Value": "staging"
+  },
+  {
+    "Key": "Owner",
+    "Value": "di-orchestration@digital.cabinet-office.gov.uk"
+  },
+  {
+    "Key": "Repository",
+    "Value": "govuk-one-login/authentication-api"
+  }
+]
diff --git a/ci/cloudfront-orchestration/waf/staging/parameters.json b/ci/cloudfront-orchestration/waf/staging/parameters.json
@@ -0,0 +1,6 @@
+[
+  {
+    "ParameterKey": "Environment",
+    "ParameterValue": "staging"
+  }
+]
diff --git a/ci/cloudfront-orchestration/waf/staging/tags.json b/ci/cloudfront-orchestration/waf/staging/tags.json
@@ -0,0 +1,22 @@
+[
+  {
+    "Key": "Product",
+    "Value": "GOV.UK Sign In"
+  },
+  {
+    "Key": "System",
+    "Value": "Orchestration"
+  },
+  {
+    "Key": "Environment",
+    "Value": "staging"
+  },
+  {
+    "Key": "Owner",
+    "Value": "di-orchestration@digital.cabinet-office.gov.uk"
+  },
+  {
+    "Key": "Repository",
+    "Value": "govuk-one-login/authentication-api"
+  }
+]