generated from ministryofjustice/template-repository
-
Notifications
You must be signed in to change notification settings - Fork 293
/
creating-resources.html.md.erb
58 lines (42 loc) · 4.03 KB
/
creating-resources.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
---
owner_slack: "#modernisation-platform"
title: Creating resources in the Modernisation Platform
last_reviewed_on: 2023-12-20
review_in: 6 months
---
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-NXTCMQ7ZX6"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-NXTCMQ7ZX6');
</script>
# <%= current_page.data.title %>
## Overview
Once your [environment](creating-environments.html) and [networking](creating-networking.html) have been created, now the fun begins and you can start building!
On environment creation, base [Terraform](https://terraform.io) resources are created for you in the [modernisation-platform-environments](https://github.com/ministryofjustice/modernisation-platform-environments/) repository in the environments folder.
These resources are preconfigured with a backend, providers etc, all that you need to start adding in infrastructure such as EC2s or RDS databases.
## Creating new resources
- Clone the [Modernisation Platform environments](https://github.com/ministryofjustice/modernisation-platform-environments) repository: `git clone git@github.com:ministryofjustice/modernisation-platform-environments.git`
- Create a new Terraform files or resources in your application folder under `terraform/environments/`
- We recommend following standard Terraform best practices, such as creating a `main.tf`, or logically named Terraform files, such as `database.tf` or `s3.tf`
- Environment specific variables can be passed in through an [application_variables.json](https://github.com/ministryofjustice/modernisation-platform/blob/main/terraform/templates/modernisation-platform-environments/application_variables.json), defined as a [local](https://github.com/ministryofjustice/modernisation-platform/blob/main/terraform/templates/modernisation-platform-environments/locals.tf#L41) and [referenced accordingly](https://github.com/ministryofjustice/modernisation-platform/blob/main/terraform/templates/modernisation-platform-environments/locals.tf#L40)
- Data lookups are provided for common things you may need from the platform such as subnets or DNS zones [here](https://github.com/ministryofjustice/modernisation-platform/blob/main/terraform/templates/modernisation-platform-environments/data.tf)
## GitHub Permissions
- For any files created in your application folder, your GitHub team will have permissions to create and merge pull requests.
- Your GitHub team will be assigned as a [codeowner](https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-code-owners) for your application folder, so someone in your team will be required to review any pull requests before they can be merged.
## Restrictions
- The following files you will not be able to amend without an approving review from the Modernisation Platform team.
- `providers.tf`
- `backend.tf`
- `subnet_share.tf`
- `networking.auto.tfvars.json`
- `platform_*.tf`
- The ability to create some resources will be restricted and will require assistance from the Modernisation Platform team.
## Next Steps
Once you have defined your infrastructure as code you can [deploy your infrastructure](deploying-your-infrastructure.html) to the Modernisation Platform.
## Non Standard infrastructure
In order to maintain security some actions are not allowed in the environments repository and do not have the relevant permissions, for example creating IAM users, or VPCs.
However there are times when an application may reasonably want to create these resources, for example create a user for use with SES.
If you need to create any infrastructure which is not allowed in the environments repository, it can be created here - [Modernisation Platform environments folders](https://github.com/ministryofjustice/modernisation-platform/tree/main/terraform/environments), in the relevant application folder. The Modernisation Platform team will need to approve any PRs adding code to this repository.