diff --git a/src/common/_modules/application_gateway/data.tf b/src/common/_modules/application_gateway/data.tf index 82cf54d2e..31abecf22 100644 --- a/src/common/_modules/application_gateway/data.tf +++ b/src/common/_modules/application_gateway/data.tf @@ -12,11 +12,16 @@ data "azurerm_linux_web_app" "appservice_continua" { resource_group_name = "${var.project}-continua-rg" } -data "azurerm_linux_web_app" "session_manager" { +data "azurerm_linux_web_app" "session_manager_03" { name = "io-p-weu-session-manager-app-03" resource_group_name = "io-p-weu-session-manager-rg-01" } +data "azurerm_linux_web_app" "session_manager_04" { + name = "io-p-weu-session-manager-app-04" + resource_group_name = "io-p-weu-session-manager-rg-01" +} + data "azurerm_linux_web_app" "fims_op_app" { name = "io-p-weu-fims-op-app-01" resource_group_name = "io-p-weu-fims-rg-01" @@ -112,4 +117,4 @@ data "azurerm_key_vault_secret" "app_gw_mtls_header_name" { data "azuread_service_principal" "app_gw_uai_kvreader" { display_name = format("%s-uai-kvreader", var.project) -} \ No newline at end of file +} diff --git a/src/common/_modules/application_gateway/main.tf b/src/common/_modules/application_gateway/main.tf index 2a9b0eeea..ed618c045 100644 --- a/src/common/_modules/application_gateway/main.tf +++ b/src/common/_modules/application_gateway/main.tf @@ -48,7 +48,8 @@ module "app_gw" { port = 443 ip_addresses = null # with null value use fqdns fqdns = [ - data.azurerm_linux_web_app.session_manager.default_hostname + data.azurerm_linux_web_app.session_manager_03.default_hostname, + data.azurerm_linux_web_app.session_manager_04.default_hostname ] probe = "/healthcheck" probe_name = "probe-session-manager-app" diff --git a/src/common/_modules/cosmos_api/locals.tf b/src/common/_modules/cosmos_api/locals.tf index 697681719..20b57ab82 100644 --- a/src/common/_modules/cosmos_api/locals.tf +++ b/src/common/_modules/cosmos_api/locals.tf @@ -55,7 +55,7 @@ locals { partition_key_version = null default_ttl = -1 autoscale_settings = { - max_throughput = 67000 + max_throughput = 200000 } }, { @@ -72,7 +72,7 @@ locals { partition_key_version = null default_ttl = -1 autoscale_settings = { - max_throughput = 46000 + max_throughput = 100000 } }, { @@ -124,7 +124,7 @@ locals { partition_key_path = "/fiscalCode" partition_key_version = null autoscale_settings = { - max_throughput = 48000 + max_throughput = 100000 } }, { diff --git a/src/common/prod/data.tf b/src/common/prod/data.tf index 72bcfc9ee..bfe0800d0 100644 --- a/src/common/prod/data.tf +++ b/src/common/prod/data.tf @@ -88,7 +88,7 @@ data "azurerm_linux_function_app" "io_sign_user" { data "azurerm_linux_function_app" "wallet_user" { resource_group_name = "${local.project_itn}-wallet-rg-01" - name = "${local.project_itn}-wallet-user-func-01" + name = "${local.project_itn}-wallet-user-func-02" } data "azurerm_api_management" "trial_system" { diff --git a/src/domains/cgn/_modules/functions_apps/data.tf b/src/domains/cgn/_modules/functions_apps/data.tf index 4cef775f9..a1e509d22 100644 --- a/src/domains/cgn/_modules/functions_apps/data.tf +++ b/src/domains/cgn/_modules/functions_apps/data.tf @@ -27,6 +27,12 @@ data "azurerm_subnet" "snet_backendl2" { resource_group_name = local.resource_group_name_common } +data "azurerm_subnet" "snet_backendl3" { + name = "appbackendl3" + virtual_network_name = local.vnet_name_common + resource_group_name = local.resource_group_name_common +} + data "azurerm_subnet" "snet_backendli" { name = "appbackendli" virtual_network_name = local.vnet_name_common @@ -82,3 +88,14 @@ data "azurerm_monitor_action_group" "error_action_group" { name = "${replace("${var.project}", "-", "")}error" resource_group_name = local.resource_group_name_common } + +data "azurerm_subnet" "private_endpoints_subnet" { + name = "pendpoints" + virtual_network_name = local.vnet_name_common + resource_group_name = local.resource_group_name_common +} + +data "azurerm_private_dns_zone" "function_app" { + name = "privatelink.azurewebsites.net" + resource_group_name = local.resource_group_name_common +} \ No newline at end of file diff --git a/src/domains/cgn/_modules/functions_apps/function_app_cgn.tf b/src/domains/cgn/_modules/functions_apps/function_app_cgn.tf index 39024a609..0fe525f58 100644 --- a/src/domains/cgn/_modules/functions_apps/function_app_cgn.tf +++ b/src/domains/cgn/_modules/functions_apps/function_app_cgn.tf @@ -42,6 +42,7 @@ module "function_cgn" { data.azurerm_subnet.snet_backendl2.id, data.azurerm_subnet.snet_backendli.id, data.azurerm_subnet.snet_apim_v2.id, + data.azurerm_subnet.snet_backendl3.id ] sticky_app_setting_names = [ @@ -91,7 +92,50 @@ module "function_cgn_staging_slot" { data.azurerm_subnet.snet_backendl2.id, data.azurerm_subnet.snet_backendli.id, data.azurerm_subnet.snet_apim_v2.id, + data.azurerm_subnet.snet_backendl3.id, ] tags = var.tags } + +resource "azurerm_private_endpoint" "function_sites" { + name = "${var.project}-cgn-fn-pep" + location = var.location + resource_group_name = var.resource_group_name + subnet_id = data.azurerm_subnet.private_endpoints_subnet.id + + private_service_connection { + name = "${var.project}-cgn-fn-pep" + private_connection_resource_id = module.function_cgn.id + is_manual_connection = false + subresource_names = ["sites"] + } + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] + } + + tags = var.tags +} + +resource "azurerm_private_endpoint" "staging_function_sites" { + name = "${var.project}-cgn-fn-staging-pep" + location = var.location + resource_group_name = var.resource_group_name + subnet_id = data.azurerm_subnet.private_endpoints_subnet.id + + private_service_connection { + name = "${var.project}-cgn-fn-pep" + private_connection_resource_id = module.function_cgn.id + is_manual_connection = false + subresource_names = ["sites-${module.function_cgn_staging_slot.name}"] + } + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] + } + + tags = var.tags +} \ No newline at end of file diff --git a/src/domains/cgn/prod/locals.tf b/src/domains/cgn/prod/locals.tf index f0b60b087..68428aadb 100644 --- a/src/domains/cgn/prod/locals.tf +++ b/src/domains/cgn/prod/locals.tf @@ -4,7 +4,7 @@ locals { project = "${local.prefix}-${local.env_short}" location = "westeurope" - secondary_location = "northeurope" + secondary_location = "italynorth" tags = { CostCenter = "TS310 - PAGAMENTI & SERVIZI" diff --git a/src/domains/citizen-auth-app/01_network.tf b/src/domains/citizen-auth-app/01_network.tf index 4a4e5d44d..155b75b9a 100644 --- a/src/domains/citizen-auth-app/01_network.tf +++ b/src/domains/citizen-auth-app/01_network.tf @@ -74,6 +74,12 @@ data "azurerm_subnet" "app_backend_l2_snet" { resource_group_name = local.vnet_common_resource_group_name } +data "azurerm_subnet" "app_backend_l3_snet" { + name = "appbackendl3" + virtual_network_name = local.vnet_common_name + resource_group_name = local.vnet_common_resource_group_name +} + data "azurerm_subnet" "ioweb_profile_snet" { name = format("%s-ioweb-profile-snet", local.common_project) virtual_network_name = local.vnet_common_name diff --git a/src/domains/citizen-auth-app/07_function_fast_login.tf b/src/domains/citizen-auth-app/07_function_fast_login.tf index b50797eb2..7646f546f 100644 --- a/src/domains/citizen-auth-app/07_function_fast_login.tf +++ b/src/domains/citizen-auth-app/07_function_fast_login.tf @@ -273,6 +273,7 @@ module "function_fast_login" { data.azurerm_subnet.app_backend_l2_snet.id, data.azurerm_subnet.ioweb_profile_snet.id, module.session_manager_snet.id, + data.azurerm_subnet.app_backend_l3_snet.id ] # Action groups for alerts @@ -321,7 +322,8 @@ module "function_fast_login_staging_slot" { data.azurerm_subnet.azdoa_snet[0].id, data.azurerm_subnet.apim_v2_snet.id, data.azurerm_subnet.app_backend_l1_snet.id, - data.azurerm_subnet.app_backend_l2_snet.id + data.azurerm_subnet.app_backend_l2_snet.id, + data.azurerm_subnet.app_backend_l3_snet.id ] tags = var.tags diff --git a/src/domains/citizen-auth-app/09_function_profile.tf b/src/domains/citizen-auth-app/09_function_profile.tf index 687074dd4..4acbc26db 100644 --- a/src/domains/citizen-auth-app/09_function_profile.tf +++ b/src/domains/citizen-auth-app/09_function_profile.tf @@ -274,7 +274,7 @@ resource "azurerm_monitor_autoscale_setting" "function_profile" { capacity = { default = 10 - minimum = 3 + minimum = 5 maximum = 30 } }, @@ -288,7 +288,7 @@ resource "azurerm_monitor_autoscale_setting" "function_profile" { capacity = { default = 10 - minimum = 3 + minimum = 5 maximum = 30 } }, @@ -302,7 +302,7 @@ resource "azurerm_monitor_autoscale_setting" "function_profile" { capacity = { default = 10 - minimum = 4 + minimum = 5 maximum = 30 } }, @@ -316,7 +316,7 @@ resource "azurerm_monitor_autoscale_setting" "function_profile" { capacity = { default = 10 - minimum = 3 + minimum = 5 maximum = 30 } } diff --git a/src/domains/citizen-auth-app/README.md b/src/domains/citizen-auth-app/README.md index 4bae09cc3..c2dc1641f 100644 --- a/src/domains/citizen-auth-app/README.md +++ b/src/domains/citizen-auth-app/README.md @@ -154,6 +154,7 @@ | [azurerm_subnet.apim_v2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.app_backend_l1_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.app_backend_l2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | +| [azurerm_subnet.app_backend_l3_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.appgateway_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.azdoa_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.fims_op_app_snet_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | diff --git a/src/domains/eucovidcert/_modules/function_apps/data.tf b/src/domains/eucovidcert/_modules/function_apps/data.tf index 2fe0f7f91..e0cc679ce 100644 --- a/src/domains/eucovidcert/_modules/function_apps/data.tf +++ b/src/domains/eucovidcert/_modules/function_apps/data.tf @@ -27,8 +27,8 @@ data "azurerm_subnet" "snet_backendl2" { resource_group_name = local.resource_group_name_common } -data "azurerm_subnet" "snet_pblevtdispatcher" { - name = "fnpblevtdispatcherout" +data "azurerm_subnet" "snet_backendl3" { + name = "appbackendl3" virtual_network_name = local.vnet_name_common resource_group_name = local.resource_group_name_common } @@ -112,4 +112,4 @@ data "azurerm_key_vault_secret" "fn_eucovidcert_FNSERVICES_API_KEY" { data "azurerm_monitor_action_group" "error_action_group" { name = "${replace("${var.project}", "-", "")}error" resource_group_name = local.resource_group_name_common -} +} \ No newline at end of file diff --git a/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf b/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf index d6f0a96b0..e717bed04 100644 --- a/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf +++ b/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf @@ -38,8 +38,8 @@ module "function_eucovidcert" { var.subnet_id, data.azurerm_subnet.snet_backendl1.id, data.azurerm_subnet.snet_backendl2.id, - data.azurerm_subnet.snet_pblevtdispatcher.id, data.azurerm_subnet.snet_apim_v2.id, + data.azurerm_subnet.snet_backendl3.id ] tags = var.tags @@ -77,8 +77,8 @@ module "function_eucovidcert_staging_slot" { var.subnet_id, data.azurerm_subnet.snet_backendl1.id, data.azurerm_subnet.snet_backendl2.id, - data.azurerm_subnet.snet_pblevtdispatcher.id, data.azurerm_subnet.snet_apim_v2.id, + data.azurerm_subnet.snet_backendl3.id ] tags = var.tags diff --git a/src/domains/functions/data.tf b/src/domains/functions/data.tf index 67877d5a7..2674b6e1e 100644 --- a/src/domains/functions/data.tf +++ b/src/domains/functions/data.tf @@ -187,3 +187,9 @@ data "azurerm_subnet" "app_backendl2_snet" { resource_group_name = local.rg_common_name virtual_network_name = local.vnet_common_name } + +data "azurerm_subnet" "app_backendl3_snet" { + name = "appbackendl3" + resource_group_name = local.rg_common_name + virtual_network_name = local.vnet_common_name +} diff --git a/src/domains/functions/function_app.tf b/src/domains/functions/function_app.tf index c086e8482..de0cd2fee 100644 --- a/src/domains/functions/function_app.tf +++ b/src/domains/functions/function_app.tf @@ -239,6 +239,7 @@ module "function_app" { data.azurerm_subnet.app_backendli_snet.id, data.azurerm_subnet.ioweb_profile_snet.id, data.azurerm_subnet.session_manager_snet.id, + data.azurerm_subnet.app_backendl3_snet.id ] sticky_app_setting_names = concat([ @@ -291,6 +292,7 @@ module "function_app_staging_slot" { data.azurerm_subnet.app_backendl1_snet.id, data.azurerm_subnet.app_backendl2_snet.id, data.azurerm_subnet.app_backendli_snet.id, + data.azurerm_subnet.app_backendl3_snet.id ] tags = var.tags diff --git a/src/domains/messages-app/01_network.tf b/src/domains/messages-app/01_network.tf index 487969240..5497bb69f 100644 --- a/src/domains/messages-app/01_network.tf +++ b/src/domains/messages-app/01_network.tf @@ -64,6 +64,12 @@ data "azurerm_subnet" "app_backendl2_snet" { resource_group_name = local.vnet_common_resource_group_name } +data "azurerm_subnet" "app_backendl3_snet" { + name = "appbackendl3" + virtual_network_name = local.vnet_common_name + resource_group_name = local.vnet_common_resource_group_name +} + data "azurerm_subnet" "apim_snet" { name = "apimv2api" virtual_network_name = local.vnet_common_name @@ -76,6 +82,12 @@ data "azurerm_subnet" "azdoa_snet" { resource_group_name = local.vnet_common_resource_group_name } +data "azurerm_subnet" "github_snet" { + name = "io-p-github-runner-snet" + virtual_network_name = local.vnet_common_name + resource_group_name = local.vnet_common_resource_group_name +} + data "azurerm_private_dns_zone" "privatelink_servicebus_windows_net" { name = "privatelink.servicebus.windows.net" resource_group_name = format("%s-evt-rg", local.product) diff --git a/src/domains/messages-app/10_function_messages.tf b/src/domains/messages-app/10_function_messages.tf index bd9681195..bfcfb0581 100644 --- a/src/domains/messages-app/10_function_messages.tf +++ b/src/domains/messages-app/10_function_messages.tf @@ -168,6 +168,7 @@ module "app_messages_function" { data.azurerm_subnet.app_backendl1_snet.id, data.azurerm_subnet.app_backendl2_snet.id, data.azurerm_subnet.apim_snet.id, + data.azurerm_subnet.app_backendl3_snet.id ] allowed_ips = concat( @@ -221,6 +222,7 @@ module "app_messages_function_staging_slot" { data.azurerm_subnet.app_backendl1_snet.id, data.azurerm_subnet.app_backendl2_snet.id, data.azurerm_subnet.azdoa_snet.id, + data.azurerm_subnet.app_backendl3_snet.id ] allowed_ips = concat( diff --git a/src/domains/messages-app/10_function_messages_xl.tf b/src/domains/messages-app/10_function_messages_xl.tf index a1de2adeb..7b15a5d3f 100644 --- a/src/domains/messages-app/10_function_messages_xl.tf +++ b/src/domains/messages-app/10_function_messages_xl.tf @@ -1,3 +1,8 @@ +data "azurerm_nat_gateway" "nat_gateway" { + name = "${local.product}-natgw" + resource_group_name = local.vnet_common_resource_group_name +} + resource "azurerm_resource_group" "app_messages_rg_xl" { name = format("%s-weu-com-rg-01", local.product) location = var.location @@ -75,13 +80,14 @@ module "app_messages_function_xl" { } ) - subnet_id = module.app_messages_snet[count.index].id + subnet_id = module.app_messages_snet_xl[count.index].id allowed_subnets = [ - module.app_messages_snet[count.index].id, + module.app_messages_snet_xl[count.index].id, data.azurerm_subnet.app_backendl1_snet.id, data.azurerm_subnet.app_backendl2_snet.id, data.azurerm_subnet.apim_snet.id, + data.azurerm_subnet.app_backendl3_snet.id ] allowed_ips = concat( @@ -134,13 +140,15 @@ module "app_messages_function_staging_slot_xl" { } ) - subnet_id = module.app_messages_snet[count.index].id + subnet_id = module.app_messages_snet_xl[count.index].id allowed_subnets = [ - module.app_messages_snet[count.index].id, + module.app_messages_snet_xl[count.index].id, data.azurerm_subnet.app_backendl1_snet.id, data.azurerm_subnet.app_backendl2_snet.id, data.azurerm_subnet.azdoa_snet.id, + data.azurerm_subnet.github_snet.id, + data.azurerm_subnet.app_backendl3_snet.id ] allowed_ips = concat( @@ -403,7 +411,7 @@ resource "azurerm_monitor_autoscale_setting" "app_messages_function_xl" { capacity { default = 10 - minimum = 20 + minimum = 3 maximum = 30 } @@ -501,7 +509,7 @@ resource "azurerm_monitor_autoscale_setting" "app_messages_function_xl" { capacity { default = 10 - minimum = 20 + minimum = 3 maximum = 30 } @@ -611,3 +619,9 @@ resource "azurerm_monitor_autoscale_setting" "app_messages_function_xl" { tags = var.tags } + +resource "azurerm_subnet_nat_gateway_association" "net_gateway_association_subnet_citizen_func_xl" { + count = var.app_messages_count + nat_gateway_id = data.azurerm_nat_gateway.nat_gateway.id + subnet_id = module.app_messages_snet_xl[count.index].id +} \ No newline at end of file diff --git a/src/domains/messages-app/README.md b/src/domains/messages-app/README.md index ff61479b4..2a33730e0 100644 --- a/src/domains/messages-app/README.md +++ b/src/domains/messages-app/README.md @@ -55,6 +55,7 @@ | [azurerm_resource_group.push_notif_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_storage_container.services_storage_messages](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource | | [azurerm_storage_management_policy.services_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_management_policy) | resource | +| [azurerm_subnet_nat_gateway_association.net_gateway_association_subnet_citizen_func_xl](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource | | [helm_release.cert-mounter](https://registry.terraform.io/providers/hashicorp/helm/2.8.0/docs/resources/release) | resource | | [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/2.8.0/docs/resources/release) | resource | | [helm_release.tls_cert_check](https://registry.terraform.io/providers/hashicorp/helm/2.8.0/docs/resources/release) | resource | @@ -91,6 +92,7 @@ | [azurerm_monitor_action_group.error_action_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | | [azurerm_monitor_action_group.io_com_action_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | | [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | +| [azurerm_nat_gateway.nat_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/nat_gateway) | data source | | [azurerm_notification_hub.common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/notification_hub) | data source | | [azurerm_notification_hub.common_partition](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/notification_hub) | data source | | [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | @@ -109,7 +111,9 @@ | [azurerm_subnet.apim_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.app_backendl1_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.app_backendl2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | +| [azurerm_subnet.app_backendl3_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.azdoa_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | +| [azurerm_subnet.github_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.private_endpoints_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | | [azurerm_virtual_network.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |