Merge pull request #122 from communitiesuk/FS-3519

FS-3519 - Bring all copilot/environments/addons directories into line

copilot/environments/addons/assessment-import-queue.yml

@@ -14,7 +14,7 @@ Resources:
   AssessmentImportQueue:
     Type: AWS::SQS::Queue
     Properties:
-      QueueName: !Sub ${FifoQueueName}.fifo
+      QueueName: !Sub ${FifoQueueName}-${Env}.fifo
       FifoQueue: true
       RedrivePolicy:
         deadLetterTargetArn: !GetAtt DeadLetterQueue.Arn
@@ -23,18 +23,28 @@ Resources:
     Type: AWS::SQS::Queue
     Properties:
       FifoQueue: true
+      QueueName: !Sub ${FifoQueueName}-${Env}-deadletter.fifo
+
 
 
 Outputs:
   AssessmentImportQueueURL:
     Description: Queue URL for Fifo queue
     Value: !Ref AssessmentImportQueue
+    Export:
+      Name: !Sub ${App}-${Env}-AssessmentImportQueueURL
   AssessmentImportQueueArn:
     Description: Queue Arn for FIFO queue
     Value: !GetAtt AssessmentImportQueue.Arn
+    Export:
+      Name: !Sub ${App}-${Env}-AssessmentImportQueueArn
   DeadLetterQueueURL:
     Description: "URL of dead-letter queue"
     Value: !Ref DeadLetterQueue
+    Export:
+      Name: !Sub ${App}-${Env}-DeadLetterQueueURL
   DeadLetterQueueARN:
     Description: "ARN of dead-letter queue"
     Value: !GetAtt DeadLetterQueue.Arn
+    Export:
+      Name: !Sub ${App}-${Env}-DeadLetterQueueARN

copilot/environments/addons/form-uploads.yml

@@ -13,6 +13,7 @@ Resources:
     Type: AWS::S3::Bucket
     Properties:
       AccessControl: Private
+      BucketName: !Sub fsd-form-uploads-${Env}
       BucketEncryption:
         ServerSideEncryptionConfiguration:
         - ServerSideEncryptionByDefault:
@@ -52,7 +53,7 @@ Outputs:
     Description: "The name of a user-defined bucket."
     Value: !Ref FormUploadsBucket
     Export:
-      Name: !Sub fsd-form-uploads-${Env}
+      Name: !Sub ${App}-${Env}-FormUploadsBucket
   FormUploadsBucketARN:
     Description: "The ARN of the form-uploads bucket."
     Value: !GetAtt FormUploadsBucket.Arn

copilot/environments/addons/funding-service-magic-links.yml

@@ -14,26 +14,15 @@ Resources:
       Description: Group of subnets to place Redis into
       SubnetIds: !Split [ ',', { 'Fn::ImportValue': !Sub '${App}-${Env}-PrivateSubnets' } ]
 
-  RedisSourceSecurityGroup:
-    Metadata:
-      'aws:copilot:description': 'An EC2 Security Group to add to our ECS Service, in order to consume Redis'
-    Type: AWS::EC2::SecurityGroup
-    Properties:
-      GroupDescription: "Redis Consumer Security Group"
-      VpcId:
-        Fn::ImportValue:
-          !Sub '${App}-${Env}-VpcId'
-      Tags:
-        - Key: Name
-          Value: !Sub 'copilot-${App}-${Env}-Redis'
-
   # Security group to add the Redis cluster to the VPC,
   # and to allow the Fargate containers to talk to Redis on port 6379
   RedisSecurityGroup:
     Type: AWS::EC2::SecurityGroup
     Properties:
       GroupDescription: "Redis Security Group"
-      VpcId: { 'Fn::ImportValue': !Sub '${App}-${Env}-VpcId' }
+      VpcId:
+        Fn::ImportValue:
+          !Sub '${App}-${Env}-VpcId'
 
   # Enable ingress from other ECS services created within the environment.
   RedisIngress:
@@ -44,8 +33,11 @@ Resources:
       IpProtocol: tcp
       FromPort: 6379
       ToPort: 6379
-      SourceSecurityGroupId: !GetAtt 'RedisSourceSecurityGroup.GroupId'
+      SourceSecurityGroupId:
+        Fn::ImportValue:
+          !Sub '${App}-${Env}-EnvironmentSecurityGroup'
 
+  # Secret Storage of access credentials
   RedisSecret:
     Metadata:
       'aws:copilot:description': 'A Secrets Manager secret to store your DB credentials'
@@ -59,35 +51,44 @@ Resources:
         IncludeSpace: false
         PasswordLength: 16
 
-  # The cluster itself.
-  Redis:
-    Type: AWS::ElastiCache::CacheCluster
+  # Creation of the cluster itself
+  RedisReplicationGroup:
+    Type: AWS::ElastiCache::ReplicationGroup
     Properties:
-      ClusterName: !Sub 'funding-service-magic-links-${Env}'
-      Engine: redis
+      ReplicationGroupId: !Sub 'funding-service-magic-links-${Env}'
+      ReplicationGroupDescription: !Sub '${Env} Funding Service Magic Links'
+      AutomaticFailoverEnabled: true
+      AtRestEncryptionEnabled: true
+      TransitEncryptionEnabled: true
+      AutoMinorVersionUpgrade: true
+      MultiAZEnabled: true
       CacheNodeType: cache.m5.large
-      NumCacheNodes: 1
       CacheSubnetGroupName: !Ref 'RedisSubnetGroup'
-      VpcSecurityGroupIds:
+      SecurityGroupIds:
         - !GetAtt 'RedisSecurityGroup.GroupId'
+      Engine: redis
+      NumCacheClusters: 2
 
   # Redis endpoint stored in SSM so that other services can retrieve the endpoint.
   RedisEndpointAddressParam:
     Type: AWS::SSM::Parameter
     Properties:
       Name: !Sub '/${App}/${Env}/redis'   # Other services can retrieve the endpoint from this path.
       Type: String
-      Value: !GetAtt 'Redis.RedisEndpoint.Address'
+      Value: !GetAtt 'RedisReplicationGroup.PrimaryEndPoint.Address'
 
 Outputs:
   RedisEndpoint:
     Description: The endpoint of the redis cluster
-    Value: !GetAtt 'Redis.RedisEndpoint.Address'
+    Value: !GetAtt 'RedisReplicationGroup.PrimaryEndPoint.Address'
+    Export:
+      Name: !Sub ${App}-${Env}-RedisEndpoint
   RedisInstanceURI:
     Description: "The URI of the redis cluster."
     Value:
       !Sub
-      - "rediss://:${PASSWORD}@${HOSTNAME}:${PORT}"
-      - PASSWORD: !Join [ "",  [ '{{resolve:secretsmanager:', !Ref 'RedisSecret', ":SecretString:password}}" ]]  # pragma: allowlist secret
-        HOSTNAME: !GetAtt 'Redis.RedisEndpoint.Address'
-        PORT: !GetAtt 'Redis.RedisEndpoint.Port'
+      - "rediss://${HOSTNAME}:${PORT}"
+      - HOSTNAME: !GetAtt 'RedisReplicationGroup.PrimaryEndPoint.Address'
+        PORT: !GetAtt 'RedisReplicationGroup.PrimaryEndPoint.Port'
+    Export:
+      Name: !Sub ${App}-${Env}-RedisInstanceURI