diff --git a/.github/workflows/cosmos_api_cd.yaml b/.github/workflows/cosmos_api_cd.yaml
deleted file mode 100644
index 4f069c120..000000000
--- a/.github/workflows/cosmos_api_cd.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-name: Continuous Delivery on cosmos-api
-
-on:
- workflow_dispatch:
- push:
- branches:
- - main
- paths:
- - "src/cosmos-api/**"
-
-jobs:
- release_prod:
- uses: ./.github/workflows/call_release.yaml
- name: Deploy Infrastructure
- secrets: inherit
- with:
- environment: prod
- dir: "src/cosmos-api/prod"
diff --git a/.github/workflows/cosmos_api_ci.yaml b/.github/workflows/cosmos_api_ci.yaml
deleted file mode 100644
index fcd1d978f..000000000
--- a/.github/workflows/cosmos_api_ci.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-name: Continuous Integration on cosmos-api
-
-on:
- workflow_dispatch:
- pull_request:
- types:
- - opened
- - edited
- - synchronize
- - reopened
- - ready_for_review
- paths:
- - "src/cosmos-api/**"
- - ".github/workflows/cosmos_api_**"
-
-jobs:
- code_review_prod:
- uses: ./.github/workflows/call_code_review.yaml
- name: Code Review Infrastructure Plan
- secrets: inherit
- with:
- environment: prod
- dir: "src/cosmos-api/prod"
diff --git a/.github/workflows/static_analysis.yml b/.github/workflows/static_analysis.yml
index f0de305d9..72b95f453 100644
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -44,7 +44,6 @@ jobs:
newmap[src/domains/profile-app]="."
newmap[src/domains/profile-common]="."
newmap[src/domains/functions]="."
- newmap[src/cosmos-api]="./prod"
newmap[src/github-runner]="."
newmap[src/packer]="."
diff --git a/src/common/_modules/cosmos_api/cosmos_account.tf b/src/common/_modules/cosmos_api/cosmos_account.tf
new file mode 100644
index 000000000..71b8b802e
--- /dev/null
+++ b/src/common/_modules/cosmos_api/cosmos_account.tf
@@ -0,0 +1,43 @@
+resource "azurerm_cosmosdb_account" "this" {
+ name = "${var.project}-cosmos-api"
+ resource_group_name = var.resource_groups.internal
+ location = var.location
+
+ offer_type = "Standard"
+ free_tier_enabled = false
+
+ automatic_failover_enabled = true
+ ip_range_filter = join(",", local.ip_range_filter)
+
+ geo_location {
+ location = var.location
+ failover_priority = 0
+ zone_redundant = true
+ }
+
+ dynamic "geo_location" {
+ for_each = var.secondary_location != null ? [var.secondary_location] : []
+ content {
+ location = geo_location.value
+ failover_priority = 1
+ zone_redundant = false
+ }
+ }
+
+ consistency_policy {
+ consistency_level = "Strong" # TODO: Consider returning to BoundedSession
+ }
+
+ public_network_access_enabled = true
+ is_virtual_network_filter_enabled = true
+
+ dynamic "virtual_network_rule" {
+ for_each = var.allowed_subnets_ids
+
+ content {
+ id = virtual_network_rule.value
+ }
+ }
+
+ tags = var.tags
+}
diff --git a/src/cosmos-api/prod/cosmos_containers.tf b/src/common/_modules/cosmos_api/cosmos_containers.tf
similarity index 91%
rename from src/cosmos-api/prod/cosmos_containers.tf
rename to src/common/_modules/cosmos_api/cosmos_containers.tf
index 461bde121..323eb8afb 100644
--- a/src/cosmos-api/prod/cosmos_containers.tf
+++ b/src/common/_modules/cosmos_api/cosmos_containers.tf
@@ -10,6 +10,7 @@ resource "azurerm_cosmosdb_sql_container" "these" {
partition_key_path = each.value.partition_key_path
partition_key_version = lookup(each.value, "partition_key_version", 2)
throughput = lookup(each.value, "throughput", null)
+ default_ttl = lookup(each.value, "default_ttl", null)
dynamic "autoscale_settings" {
for_each = lookup(each.value, "autoscale_settings", null) != null ? [1] : []
diff --git a/src/cosmos-api/prod/cosmos_database.tf b/src/common/_modules/cosmos_api/cosmos_database.tf
similarity index 100%
rename from src/cosmos-api/prod/cosmos_database.tf
rename to src/common/_modules/cosmos_api/cosmos_database.tf
diff --git a/src/cosmos-api/prod/locals.tf b/src/common/_modules/cosmos_api/locals.tf
similarity index 91%
rename from src/cosmos-api/prod/locals.tf
rename to src/common/_modules/cosmos_api/locals.tf
index bd791073c..697681719 100644
--- a/src/cosmos-api/prod/locals.tf
+++ b/src/common/_modules/cosmos_api/locals.tf
@@ -1,20 +1,5 @@
locals {
- prefix = "io"
- env_short = "p"
- project = "${local.prefix}-${local.env_short}"
- location = "westeurope"
- secondary_location = "northeurope"
-
- resource_group_name_internal = "${local.project}-rg-internal"
-
- tags = {
- CostCenter = "TS310 - PAGAMENTI & SERVIZI"
- CreatedBy = "Terraform"
- Environment = "Prod"
- Owner = "IO"
- Source = "https://github.com/pagopa/io-infra/blob/main/src/cosmos-api/prod"
- }
-
+ ip_range_filter = ["52.174.88.118", "40.91.208.65", "13.69.64.208/28", "13.69.71.192/27", "13.93.36.78", "20.86.93.32/27", "20.86.93.64/28", "20.126.243.151", "20.126.241.238", "20.103.132.139", "20.103.131.1"]
cosmosdb_containers = [
{
name = "activations"
@@ -68,6 +53,7 @@ locals {
name = "message-status"
partition_key_path = "/messageId"
partition_key_version = null
+ default_ttl = -1
autoscale_settings = {
max_throughput = 67000
}
@@ -84,6 +70,7 @@ locals {
name = "messages"
partition_key_path = "/fiscalCode"
partition_key_version = null
+ default_ttl = -1
autoscale_settings = {
max_throughput = 46000
}
diff --git a/src/cosmos-api/prod/networking.tf b/src/common/_modules/cosmos_api/networking.tf
similarity index 81%
rename from src/cosmos-api/prod/networking.tf
rename to src/common/_modules/cosmos_api/networking.tf
index 74a208bc5..a380d2061 100644
--- a/src/cosmos-api/prod/networking.tf
+++ b/src/common/_modules/cosmos_api/networking.tf
@@ -3,7 +3,7 @@ resource "azurerm_private_endpoint" "sql" {
name = "${azurerm_cosmosdb_account.this.name}-sql-endpoint"
location = azurerm_cosmosdb_account.this.location
resource_group_name = azurerm_cosmosdb_account.this.resource_group_name
- subnet_id = data.azurerm_subnet.pep.id
+ subnet_id = var.pep_snet.id
private_service_connection {
name = "${azurerm_cosmosdb_account.this.name}-sql"
@@ -14,8 +14,8 @@ resource "azurerm_private_endpoint" "sql" {
private_dns_zone_group {
name = "private-dns-zone-group"
- private_dns_zone_ids = [data.azurerm_private_dns_zone.documents.id]
+ private_dns_zone_ids = [var.documents_dns_zone.id]
}
- tags = local.tags
+ tags = var.tags
}
diff --git a/src/common/_modules/cosmos_api/variables.tf b/src/common/_modules/cosmos_api/variables.tf
new file mode 100644
index 000000000..da1c17ebb
--- /dev/null
+++ b/src/common/_modules/cosmos_api/variables.tf
@@ -0,0 +1,63 @@
+variable "project" {
+ type = string
+ description = "IO prefix, short environment and short location"
+}
+
+variable "location" {
+ type = string
+ description = "Azure region"
+}
+
+variable "location_short" {
+ type = string
+ description = "Azure region short name"
+}
+
+variable "tags" {
+ type = map(any)
+ description = "Resource tags"
+}
+
+variable "resource_groups" {
+ type = map(string)
+ description = "Resource group names"
+}
+
+variable "vnet_common" {
+ type = object({
+ id = string
+ name = string
+ address_space = list(string)
+ resource_group_name = string
+ })
+ description = "Information of the common VNet"
+}
+
+variable "pep_snet" {
+ type = object({
+ id = string
+ name = string
+ address_prefixes = list(string)
+ })
+}
+
+variable "secondary_location" {
+ type = string
+ description = "The secondary location used for geo_replication of the cosmos database. If omitted, geo replication is not enabled."
+
+ default = null
+}
+
+variable "documents_dns_zone" {
+ type = object({
+ id = string
+ name = string
+ resource_group_name = string
+ })
+ description = "Private link documents dns zone information"
+}
+
+variable "allowed_subnets_ids" {
+ type = list(string)
+ description = "List of the IDs of the subnets allowed to contact the cosmos account"
+}
\ No newline at end of file
diff --git a/src/common/_modules/global/modules/dns/outputs.tf b/src/common/_modules/global/modules/dns/outputs.tf
index a281b0458..645cb0a26 100644
--- a/src/common/_modules/global/modules/dns/outputs.tf
+++ b/src/common/_modules/global/modules/dns/outputs.tf
@@ -34,6 +34,7 @@ output "public_dns_zones" {
output "private_dns_zones" {
value = {
servicebus = azurerm_private_dns_zone.privatelink_servicebus
+ documents = azurerm_private_dns_zone.privatelink_documents
}
}
diff --git a/src/common/prod/README.md b/src/common/prod/README.md
index df0742fa8..126e48640 100644
--- a/src/common/prod/README.md
+++ b/src/common/prod/README.md
@@ -13,6 +13,7 @@
| [apim\_weu](#module\_apim\_weu) | ../_modules/apim | n/a |
| [application\_gateway\_weu](#module\_application\_gateway\_weu) | ../_modules/application_gateway | n/a |
| [assets\_cdn\_weu](#module\_assets\_cdn\_weu) | ../_modules/assets_cdn | n/a |
+| [cosmos\_api\_weu](#module\_cosmos\_api\_weu) | ../_modules/cosmos_api | n/a |
| [event\_hubs\_weu](#module\_event\_hubs\_weu) | ../_modules/event_hubs | n/a |
| [github\_runner\_itn](#module\_github\_runner\_itn) | ../_modules/github_runner | n/a |
| [global](#module\_global) | ../_modules/global | n/a |
@@ -31,6 +32,7 @@
| [azurerm_linux_web_app.firmaconio_selfcare_web_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_web_app) | data source |
| [azurerm_resource_group.common_weu](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.internal_weu](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
+| [azurerm_subnet.cosmos_api_allowed](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
| [azurerm_virtual_network.weu_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
| [azurerm_virtual_network.weu_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
| [terraform_remote_state.core](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
diff --git a/src/common/prod/data.tf b/src/common/prod/data.tf
index 3b831ff5b..0e6962fb1 100644
--- a/src/common/prod/data.tf
+++ b/src/common/prod/data.tf
@@ -48,4 +48,13 @@ data "azurerm_linux_web_app" "app_backendl2" {
data "azurerm_linux_function_app" "function_assets_cdn" {
name = "${local.project_weu_legacy}-assets-cdn-fn"
resource_group_name = "${local.project_weu_legacy}-assets-cdn-rg"
-}
\ No newline at end of file
+}
+
+# Cosmos API
+data "azurerm_subnet" "cosmos_api_allowed" {
+ for_each = toset(local.cosmos_api.allowed_subnets)
+
+ name = each.value
+ virtual_network_name = local.core.networking.weu.vnet_common.name
+ resource_group_name = local.core.networking.weu.vnet_common.resource_group_name
+}
diff --git a/src/common/prod/locals.tf b/src/common/prod/locals.tf
index dfbca0922..3bed1cdff 100644
--- a/src/common/prod/locals.tf
+++ b/src/common/prod/locals.tf
@@ -36,6 +36,10 @@ locals {
}
}
+ cosmos_api = {
+ allowed_subnets = ["fn3admin", "fn3app1", "fn3app2", "fn3appasync", "fn3assets", "fn3public", "fn3services", "fn3slackbot"]
+ }
+
eventhubs = [
{
name = "io-cosmosdb-services"
diff --git a/src/common/prod/westeurope.tf b/src/common/prod/westeurope.tf
index 16faa024e..8f7ce03cc 100644
--- a/src/common/prod/westeurope.tf
+++ b/src/common/prod/westeurope.tf
@@ -380,5 +380,22 @@ module "assets_cdn_weu" {
hostname = data.azurerm_linux_function_app.function_assets_cdn.default_hostname
}
+ tags = local.tags
+}
+
+module "cosmos_api_weu" {
+ source = "../_modules/cosmos_api"
+
+ location = data.azurerm_resource_group.common_weu.location
+ location_short = local.location_short[data.azurerm_resource_group.common_weu.location]
+ project = local.project_weu_legacy
+
+ resource_groups = local.resource_groups[local.location_short[data.azurerm_resource_group.common_weu.location]]
+ vnet_common = local.core.networking.weu.vnet_common
+ pep_snet = local.core.networking.weu.pep_snet
+ secondary_location = "northeurope"
+ documents_dns_zone = module.global.dns.private_dns_zones.documents
+ allowed_subnets_ids = values(data.azurerm_subnet.cosmos_api_allowed)[*].id
+
tags = local.tags
}
\ No newline at end of file
diff --git a/src/core/README.md b/src/core/README.md
index 7690f1689..8aa8fbec3 100644
--- a/src/core/README.md
+++ b/src/core/README.md
@@ -40,12 +40,8 @@
| [appservice\_app\_backendl2\_slot\_staging](#module\_appservice\_app\_backendl2\_slot\_staging) | github.com/pagopa/terraform-azurerm-v3//app_service_slot | v8.31.0 |
| [appservice\_app\_backendli](#module\_appservice\_app\_backendli) | github.com/pagopa/terraform-azurerm-v3//app_service | v8.31.0 |
| [appservice\_app\_backendli\_slot\_staging](#module\_appservice\_app\_backendli\_slot\_staging) | github.com/pagopa/terraform-azurerm-v3//app_service_slot | v8.31.0 |
-| [locked\_profiles\_storage](#module\_locked\_profiles\_storage) | github.com/pagopa/terraform-azurerm-v3//storage_account | v8.27.0 |
| [redis\_common\_backup\_zrs](#module\_redis\_common\_backup\_zrs) | github.com/pagopa/terraform-azurerm-v3//storage_account | v8.27.0 |
| [redis\_common\_snet](#module\_redis\_common\_snet) | github.com/pagopa/terraform-azurerm-v3//subnet | v8.27.0 |
-| [storage\_api](#module\_storage\_api) | github.com/pagopa/terraform-azurerm-v3//storage_account | v8.27.0 |
-| [storage\_api\_object\_replication\_to\_replica](#module\_storage\_api\_object\_replication\_to\_replica) | github.com/pagopa/terraform-azurerm-v3//storage_object_replication | v8.27.0 |
-| [storage\_api\_replica](#module\_storage\_api\_replica) | github.com/pagopa/terraform-azurerm-v3//storage_account | v8.27.0 |
## Resources
@@ -80,22 +76,13 @@
| [azurerm_key_vault_secret.appinsights_instrumentation_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_monitor_autoscale_setting.appservice_app_backendli](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
| [azurerm_monitor_metric_alert.cosmos_api_throttling_alert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
-| [azurerm_monitor_metric_alert.iopstapi_throttling_low_availability](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
| [azurerm_monitor_metric_alert.too_many_http_5xx](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
-| [azurerm_private_endpoint.locked_profiles_storage_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
| [azurerm_resource_group.data](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.default_roleassignment_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.rg_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.rg_external](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.rg_internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.rg_linux](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
-| [azurerm_storage_container.storage_api_cached](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
-| [azurerm_storage_container.storage_api_message_content](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
-| [azurerm_storage_queue.storage_account_apievents_events_queue](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_queue) | resource |
-| [azurerm_storage_table.locked_profiles](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_table) | resource |
-| [azurerm_storage_table.storage_api_faileduserdataprocessing](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_table) | resource |
-| [azurerm_storage_table.storage_api_subscriptionsfeedbyday](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_table) | resource |
-| [azurerm_storage_table.storage_api_validationtokens](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_table) | resource |
| [azurerm_subnet_nat_gateway_association.app_backendl1_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
| [azurerm_subnet_nat_gateway_association.app_backendl2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
| [azurerm_subnet_nat_gateway_association.app_backendli_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
@@ -182,11 +169,11 @@
| [azurerm_resource_group.lollipop_function_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.notifications_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.sec_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
+| [azurerm_storage_account.locked_profiles_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_storage_account.logs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_storage_account.lollipop_assertions_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_storage_account.notifications](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_storage_account.push_notifications_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
-| [azurerm_storage_account.storage_apievents](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_subnet.admin_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
| [azurerm_subnet.apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
| [azurerm_subnet.appgateway_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
diff --git a/src/core/app_backend.tf b/src/core/app_backend.tf
index 50d99c7bd..dac7f148e 100644
--- a/src/core/app_backend.tf
+++ b/src/core/app_backend.tf
@@ -98,8 +98,8 @@ locals {
PUSH_NOTIFICATIONS_STORAGE_CONNECTION_STRING = data.azurerm_storage_account.push_notifications_storage.primary_connection_string
PUSH_NOTIFICATIONS_QUEUE_NAME = local.storage_account_notifications_queue_push_notifications
- LOCKED_PROFILES_STORAGE_CONNECTION_STRING = module.locked_profiles_storage.primary_connection_string
- LOCKED_PROFILES_TABLE_NAME = azurerm_storage_table.locked_profiles.name
+ LOCKED_PROFILES_STORAGE_CONNECTION_STRING = data.azurerm_storage_account.locked_profiles_storage.primary_connection_string
+ LOCKED_PROFILES_TABLE_NAME = "lockedprofiles"
// Feature flags
FF_BONUS_ENABLED = 1
diff --git a/src/core/data.tf b/src/core/data.tf
index 6a04abf4f..74b2b25ed 100644
--- a/src/core/data.tf
+++ b/src/core/data.tf
@@ -118,6 +118,11 @@ data "azurerm_key_vault_secret" "app_backend_PRE_SHARED_KEY" {
key_vault_id = data.azurerm_key_vault.key_vault_common.id
}
+data "azurerm_storage_account" "locked_profiles_storage" {
+ name = replace("${local.project}-locked-profiles-st", "-", "")
+ resource_group_name = "${local.project}-rg-internal"
+}
+
# -----------------------------------------------
# Alerts
@@ -172,38 +177,6 @@ resource "azurerm_monitor_metric_alert" "cosmos_api_throttling_alert" {
tags = var.tags
}
-
-resource "azurerm_monitor_metric_alert" "iopstapi_throttling_low_availability" {
-
- name = "[IO-COMMONS | ${module.storage_api.name}] Low Availability"
- resource_group_name = azurerm_resource_group.rg_linux.name
- scopes = [module.storage_api.id]
- # TODO: add Runbook for checking errors
- description = "The average availability is less than 99.8%. Runbook: not needed."
- severity = 0
- window_size = "PT5M"
- frequency = "PT5M"
- auto_mitigate = false
-
- # Metric info
- # https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftstoragestorageaccounts
- criteria {
- metric_namespace = "Microsoft.Storage/storageAccounts"
- metric_name = "Availability"
- aggregation = "Average"
- operator = "LessThan"
- threshold = 99.8
- skip_metric_validation = false
- }
-
- action {
- action_group_id = data.azurerm_monitor_action_group.error_action_group.id
- webhook_properties = {}
- }
-
- tags = var.tags
-}
-
#
# Services App service and fn
#
diff --git a/src/core/storage_api.tf b/src/core/storage_api.tf
deleted file mode 100644
index 8528050c6..000000000
--- a/src/core/storage_api.tf
+++ /dev/null
@@ -1,119 +0,0 @@
-module "storage_api" {
- source = "github.com/pagopa/terraform-azurerm-v3//storage_account?ref=v8.27.0"
-
- name = replace("${local.project}stapi", "-", "")
- account_kind = "StorageV2"
- account_tier = "Standard"
- access_tier = "Hot"
- account_replication_type = "GZRS"
- resource_group_name = azurerm_resource_group.rg_internal.name
- location = azurerm_resource_group.rg_internal.location
- advanced_threat_protection = true
- use_legacy_defender_version = false
- allow_nested_items_to_be_public = false
- cross_tenant_replication_enabled = true
- public_network_access_enabled = true
-
- blob_versioning_enabled = true
- blob_container_delete_retention_days = 7
- blob_delete_retention_days = 7
- blob_change_feed_enabled = true
- blob_change_feed_retention_in_days = 10
- blob_storage_policy = {
- enable_immutability_policy = false
- blob_restore_policy_days = 6
- }
-
- tags = var.tags
-}
-
-resource "azurerm_storage_container" "storage_api_message_content" {
- name = "message-content"
- storage_account_name = module.storage_api.name
- container_access_type = "private"
-}
-
-resource "azurerm_storage_container" "storage_api_cached" {
- name = "cached"
- storage_account_name = module.storage_api.name
- container_access_type = "private"
-}
-
-resource "azurerm_storage_table" "storage_api_subscriptionsfeedbyday" {
- name = "SubscriptionsFeedByDay"
- storage_account_name = module.storage_api.name
-}
-
-resource "azurerm_storage_table" "storage_api_faileduserdataprocessing" {
- name = "FailedUserDataProcessing"
- storage_account_name = module.storage_api.name
-}
-
-resource "azurerm_storage_table" "storage_api_validationtokens" {
- name = "ValidationTokens"
- storage_account_name = module.storage_api.name
-}
-
-# Storage replica
-module "storage_api_replica" {
- source = "github.com/pagopa/terraform-azurerm-v3//storage_account?ref=v8.27.0"
-
- name = replace("${local.project}stapireplica", "-", "")
- account_kind = "StorageV2"
- account_tier = "Standard"
- access_tier = "Hot"
- account_replication_type = "GZRS"
- resource_group_name = azurerm_resource_group.rg_internal.name
- location = azurerm_resource_group.rg_internal.location
- advanced_threat_protection = true
- use_legacy_defender_version = false
- allow_nested_items_to_be_public = false
- cross_tenant_replication_enabled = true
- public_network_access_enabled = true
-
- blob_versioning_enabled = true
- blob_container_delete_retention_days = 7
-
- network_rules = {
- default_action = "Deny"
- ip_rules = []
- bypass = [
- "Logging",
- "Metrics",
- "AzureServices",
- ]
- virtual_network_subnet_ids = []
- }
-
- tags = var.tags
-}
-
-module "storage_api_object_replication_to_replica" {
- source = "github.com/pagopa/terraform-azurerm-v3//storage_object_replication?ref=v8.27.0"
-
- source_storage_account_id = module.storage_api.id
- destination_storage_account_id = module.storage_api_replica.id
-
- rules = [{
- source_container_name = azurerm_storage_container.storage_api_message_content.name
- destination_container_name = azurerm_storage_container.storage_api_message_content.name
- copy_blobs_created_after = "Everything"
- }]
-}
-
-moved {
- from = module.io_apist_replica.azurerm_storage_object_replication.this
- to = module.storage_api_object_replication_to_replica.azurerm_storage_object_replication.this
-}
-
-#-----------------------------------------------------
-
-data "azurerm_storage_account" "storage_apievents" {
- name = replace(format("%s-stapievents", local.project), "-", "")
- resource_group_name = azurerm_resource_group.rg_internal.name
-}
-
-resource "azurerm_storage_queue" "storage_account_apievents_events_queue" {
- name = "events"
- storage_account_name = data.azurerm_storage_account.storage_apievents.name
-}
diff --git a/src/cosmos-api/prod/.terraform.lock.hcl b/src/cosmos-api/prod/.terraform.lock.hcl
deleted file mode 100644
index 46da6eca1..000000000
--- a/src/cosmos-api/prod/.terraform.lock.hcl
+++ /dev/null
@@ -1,25 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/azurerm" {
- version = "3.103.1"
- constraints = "<= 3.103.1"
- hashes = [
- "h1:6SACEswBzcN+59PnuUqCwOyLuhEQSgjFX/23YJvJS5Y=",
- "h1:6bkftpJOwSmA74r2ewWu5JrIoSbwzWRAcsv7S/A+6fs=",
- "h1:ahmLlk8mjIu8OoRb/W9kVzACAHu/y4YFL259A0Yg0G0=",
- "h1:ptAxoEtEpgPxT3SVWShUaBnNVCjT9jK5AHfFIoB9rLc=",
- "zh:0e78a947c041893a47d2af804f2896d1337cc06230e730e3926db78d416ba883",
- "zh:21666ab923f659a2fb7a28eee464249acc8617a21eeb4a805fd1acce5f6c0768",
- "zh:357f7daa2f8cc88394d357192f736b21c2626aa99e31bf0dc0dc2fcf6956e555",
- "zh:3bfaaa2b1b20841093c44c863bd3cf31068fc6e51b72f85006aa6e656e6555c6",
- "zh:624d8eea3587b606209cbae89c51070aa85bf4877ea7d4ffeb4cb5d90d0cd3bb",
- "zh:b66a65f0f60e62b9dc911f5376e7801d481810b8c52ae5e36a58730be0779b8a",
- "zh:c0362821d82e9a989de4217527f7b9858cd71923508147ae65f47b32ffd85a0e",
- "zh:ca8d1fc6e67af8970d3655c8f47bccd4e799b2efb5c7ce402ace7462915f30b3",
- "zh:cd9aa496be3900b447a3c3e041e9d25aa6d10a6b0b4d1ebb1385cd6668d35b50",
- "zh:d2350210ad53f1dd18ec29b84255aa7b14877e0f1cb5ae77355f9b8ebe2ea209",
- "zh:f51cbed8c9b225fb346cc42d884c41bf43bb79c90d753e8cf2770362e4689d79",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- ]
-}
diff --git a/src/cosmos-api/prod/README.md b/src/cosmos-api/prod/README.md
deleted file mode 100644
index 140078afe..000000000
--- a/src/cosmos-api/prod/README.md
+++ /dev/null
@@ -1,40 +0,0 @@
-
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [azurerm](#requirement\_azurerm) | <= 3.103.1 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [azurerm_cosmosdb_account.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account) | resource |
-| [azurerm_cosmosdb_sql_container.these](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource |
-| [azurerm_cosmosdb_sql_database.db](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_database) | resource |
-| [azurerm_private_endpoint.sql](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
-| [azurerm_private_dns_zone.documents](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
-| [azurerm_subnet.fn3admin](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
-| [azurerm_subnet.fn3app1](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
-| [azurerm_subnet.fn3app2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
-| [azurerm_subnet.fn3appasync](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
-| [azurerm_subnet.fn3assets](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
-| [azurerm_subnet.fn3public](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
-| [azurerm_subnet.fn3services](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
-| [azurerm_subnet.fn3slackbot](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
-| [azurerm_subnet.pep](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
-| [azurerm_virtual_network.common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
-
-## Inputs
-
-No inputs.
-
-## Outputs
-
-No outputs.
-
diff --git a/src/cosmos-api/prod/cosmos_account.tf b/src/cosmos-api/prod/cosmos_account.tf
deleted file mode 100644
index 83eebcf7c..000000000
--- a/src/cosmos-api/prod/cosmos_account.tf
+++ /dev/null
@@ -1,63 +0,0 @@
-resource "azurerm_cosmosdb_account" "this" {
- name = "${local.project}-cosmos-api"
- resource_group_name = local.resource_group_name_internal
- location = local.location
-
- offer_type = "Standard"
- free_tier_enabled = false
-
- automatic_failover_enabled = true
-
- geo_location {
- location = local.location
- failover_priority = 0
- zone_redundant = true
- }
-
- geo_location {
- location = local.secondary_location
- failover_priority = 1
- zone_redundant = false
- }
-
- consistency_policy {
- consistency_level = "Strong" # TODO: Consider returning to BoundedSession
- }
-
- public_network_access_enabled = true
- is_virtual_network_filter_enabled = true
-
- virtual_network_rule {
- id = data.azurerm_subnet.fn3admin.id
- }
-
- virtual_network_rule {
- id = data.azurerm_subnet.fn3app1.id
- }
-
- virtual_network_rule {
- id = data.azurerm_subnet.fn3app2.id
- }
-
- virtual_network_rule {
- id = data.azurerm_subnet.fn3appasync.id
- }
-
- virtual_network_rule {
- id = data.azurerm_subnet.fn3assets.id
- }
-
- virtual_network_rule {
- id = data.azurerm_subnet.fn3public.id
- }
-
- virtual_network_rule {
- id = data.azurerm_subnet.fn3services.id
- }
-
- virtual_network_rule {
- id = data.azurerm_subnet.fn3slackbot.id
- }
-
- tags = local.tags
-}
diff --git a/src/cosmos-api/prod/data.tf b/src/cosmos-api/prod/data.tf
deleted file mode 100644
index 3bc88520e..000000000
--- a/src/cosmos-api/prod/data.tf
+++ /dev/null
@@ -1,63 +0,0 @@
-data "azurerm_virtual_network" "common" {
- name = "${local.project}-vnet-common"
- resource_group_name = "${local.project}-rg-common"
-}
-
-data "azurerm_subnet" "pep" {
- name = "pendpoints"
- virtual_network_name = data.azurerm_virtual_network.common.name
- resource_group_name = data.azurerm_virtual_network.common.resource_group_name
-}
-
-data "azurerm_subnet" "fn3admin" {
- name = "fn3admin"
- virtual_network_name = data.azurerm_virtual_network.common.name
- resource_group_name = data.azurerm_virtual_network.common.resource_group_name
-}
-
-data "azurerm_subnet" "fn3app1" {
- name = "fn3app1"
- virtual_network_name = data.azurerm_virtual_network.common.name
- resource_group_name = data.azurerm_virtual_network.common.resource_group_name
-}
-
-data "azurerm_subnet" "fn3app2" {
- name = "fn3app2"
- virtual_network_name = data.azurerm_virtual_network.common.name
- resource_group_name = data.azurerm_virtual_network.common.resource_group_name
-}
-
-data "azurerm_subnet" "fn3appasync" {
- name = "fn3appasync"
- virtual_network_name = data.azurerm_virtual_network.common.name
- resource_group_name = data.azurerm_virtual_network.common.resource_group_name
-}
-
-data "azurerm_subnet" "fn3assets" {
- name = "fn3assets"
- virtual_network_name = data.azurerm_virtual_network.common.name
- resource_group_name = data.azurerm_virtual_network.common.resource_group_name
-}
-
-data "azurerm_subnet" "fn3public" {
- name = "fn3public"
- virtual_network_name = data.azurerm_virtual_network.common.name
- resource_group_name = data.azurerm_virtual_network.common.resource_group_name
-}
-
-data "azurerm_subnet" "fn3services" {
- name = "fn3services"
- virtual_network_name = data.azurerm_virtual_network.common.name
- resource_group_name = data.azurerm_virtual_network.common.resource_group_name
-}
-
-data "azurerm_subnet" "fn3slackbot" {
- name = "fn3slackbot"
- virtual_network_name = data.azurerm_virtual_network.common.name
- resource_group_name = data.azurerm_virtual_network.common.resource_group_name
-}
-
-data "azurerm_private_dns_zone" "documents" {
- name = "privatelink.documents.azure.com"
- resource_group_name = "${local.project}-rg-common"
-}
diff --git a/src/cosmos-api/prod/main.tf b/src/cosmos-api/prod/main.tf
deleted file mode 100644
index cf3cad0d4..000000000
--- a/src/cosmos-api/prod/main.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-terraform {
- required_providers {
- azurerm = {
- source = "hashicorp/azurerm"
- version = "<= 3.103.1"
- }
- }
-
- backend "azurerm" {
- resource_group_name = "terraform-state-rg"
- storage_account_name = "tfinfprodio"
- container_name = "terraform-state"
- key = "io-infra.cosmos-api.tfstate"
- }
-}
-
-provider "azurerm" {
- features {}
-}
diff --git a/src/domains/citizen-auth-app/.terraform.lock.hcl b/src/domains/citizen-auth-app/.terraform.lock.hcl
index 02981108e..de6385ac6 100644
--- a/src/domains/citizen-auth-app/.terraform.lock.hcl
+++ b/src/domains/citizen-auth-app/.terraform.lock.hcl
@@ -26,10 +26,12 @@ provider "registry.terraform.io/hashicorp/azuread" {
provider "registry.terraform.io/hashicorp/azurerm" {
version = "3.105.0"
- constraints = "~> 3.30, ~> 3.39, ~> 3.76, ~> 3.95, <= 3.105.0"
+ constraints = "~> 3.30, ~> 3.39, ~> 3.76, ~> 3.95, != 3.97.0, != 3.97.1, <= 3.105.0"
hashes = [
+ "h1:MK83TecMdabDD+HjbxdTt3emXp8G6djLj7KvvUGstM0=",
"h1:OtWRTAMNOruOmwVB72QSGXC5IIGGQcHwEqnCCmsGbGM=",
"h1:SOC7EdvKd5YowghQvb6hu209F1PQqtb8LulbQkxOZQQ=",
+ "h1:zWkzhP2fx0WQIAUp6Amk/We3WNcbtiWagpKF5PJP5+M=",
"zh:2f81bca6a3bf3d37604bf99fdb2c77d6118520aa379ab65fd28e6b76bed399cd",
"zh:3578eb79d175af9544b0dc543124d551c0fed4c48f51773ee17e1dc62e22833a",
"zh:377dbb56caea3fa1e6a6599193b55c8594204c40c054fc2ace4f576fdfe750a2",
diff --git a/src/domains/citizen-auth-app/06_storage.tf b/src/domains/citizen-auth-app/06_storage.tf
index 1c170fdea..c12938f79 100644
--- a/src/domains/citizen-auth-app/06_storage.tf
+++ b/src/domains/citizen-auth-app/06_storage.tf
@@ -13,12 +13,6 @@ data "azurerm_storage_account" "logs" {
resource_group_name = format("%s-rg-operations", local.product)
}
-
-data "azurerm_storage_account" "locked_profiles_storage" {
- name = replace(format("%s-locked-profiles-st", local.product), "-", "")
- resource_group_name = format("%s-rg-internal", local.product)
-}
-
data "azurerm_storage_account" "push_notifications_storage" {
name = replace(format("%s-weu-messages-notifst", local.product), "-", "")
resource_group_name = format("%s-weu-messages-notifications-rg", local.product)
diff --git a/src/domains/citizen-auth-app/08_session_manager.tf b/src/domains/citizen-auth-app/08_session_manager.tf
index 692765e96..dc3c4719e 100644
--- a/src/domains/citizen-auth-app/08_session_manager.tf
+++ b/src/domains/citizen-auth-app/08_session_manager.tf
@@ -168,8 +168,8 @@ locals {
BACKEND_HOST = "https://${trimsuffix(data.azurerm_dns_a_record.api_app_io_pagopa_it.fqdn, ".")}"
# Locked profile storage
- LOCKED_PROFILES_STORAGE_CONNECTION_STRING = data.azurerm_storage_account.locked_profiles_storage.primary_connection_string
- LOCKED_PROFILES_TABLE_NAME = "lockedprofiles"
+ LOCKED_PROFILES_STORAGE_CONNECTION_STRING = module.locked_profiles_storage.primary_connection_string
+ LOCKED_PROFILES_TABLE_NAME = azurerm_storage_table.locked_profiles.name
# Spid logs config
SPID_LOG_QUEUE_NAME = "spidmsgitems"
diff --git a/src/core/storage_locked_profiles.tf b/src/domains/citizen-auth-app/09_storage_locked_profiles.tf
similarity index 82%
rename from src/core/storage_locked_profiles.tf
rename to src/domains/citizen-auth-app/09_storage_locked_profiles.tf
index 16cb0fd47..db8ee0ddb 100644
--- a/src/core/storage_locked_profiles.tf
+++ b/src/domains/citizen-auth-app/09_storage_locked_profiles.tf
@@ -5,14 +5,14 @@
module "locked_profiles_storage" {
source = "github.com/pagopa/terraform-azurerm-v3//storage_account?ref=v8.27.0"
- name = replace(format("%s-locked-profiles-st", local.project), "-", "")
+ name = replace(format("%s-locked-profiles-st", local.product), "-", "")
domain = "IO-AUTH"
account_kind = "StorageV2"
account_tier = "Standard"
access_tier = "Hot"
account_replication_type = "GZRS"
- resource_group_name = azurerm_resource_group.rg_internal.name
- location = azurerm_resource_group.rg_internal.location
+ resource_group_name = "${local.product}-rg-internal"
+ location = var.location
advanced_threat_protection = true
enable_identity = true
public_network_access_enabled = false
@@ -23,8 +23,8 @@ module "locked_profiles_storage" {
resource "azurerm_private_endpoint" "locked_profiles_storage_table" {
depends_on = [module.locked_profiles_storage]
name = "${module.locked_profiles_storage.name}-table-endpoint"
- location = azurerm_resource_group.rg_internal.location
- resource_group_name = azurerm_resource_group.rg_internal.name
+ location = var.location
+ resource_group_name = "${local.product}-rg-internal"
subnet_id = data.azurerm_subnet.private_endpoints_subnet.id
private_service_connection {
@@ -36,7 +36,7 @@ resource "azurerm_private_endpoint" "locked_profiles_storage_table" {
private_dns_zone_group {
name = "private-dns-zone-group"
- private_dns_zone_ids = [data.azurerm_private_dns_zone.privatelink_table_core.id]
+ private_dns_zone_ids = [data.azurerm_private_dns_zone.privatelink_table_core_windows_net.id]
}
tags = var.tags
diff --git a/src/domains/citizen-auth-app/README.md b/src/domains/citizen-auth-app/README.md
index 1ab9014ed..981e341fd 100644
--- a/src/domains/citizen-auth-app/README.md
+++ b/src/domains/citizen-auth-app/README.md
@@ -19,6 +19,7 @@
| [function\_fast\_login\_staging\_slot](#module\_function\_fast\_login\_staging\_slot) | git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app_slot | v8.22.0 |
| [function\_lollipop\_itn](#module\_function\_lollipop\_itn) | github.com/pagopa/terraform-azurerm-v3//function_app | v8.28.2 |
| [function\_lollipop\_staging\_slot\_itn](#module\_function\_lollipop\_staging\_slot\_itn) | github.com/pagopa/terraform-azurerm-v3//function_app_slot | v8.28.2 |
+| [locked\_profiles\_storage](#module\_locked\_profiles\_storage) | github.com/pagopa/terraform-azurerm-v3//storage_account | v8.27.0 |
| [session\_manager\_snet](#module\_session\_manager\_snet) | github.com/pagopa/terraform-azurerm-v3//subnet | v8.22.0 |
| [session\_manager\_weu](#module\_session\_manager\_weu) | github.com/pagopa/terraform-azurerm-v3//app_service | v8.28.1 |
| [session\_manager\_weu\_staging](#module\_session\_manager\_weu\_staging) | github.com/pagopa/terraform-azurerm-v3//app_service_slot | v8.28.1 |
@@ -34,12 +35,14 @@
| [azurerm_monitor_scheduled_query_rules_alert_v2.samlresponse_missing_detection_alert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert_v2) | resource |
| [azurerm_private_dns_a_record.ingress](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource |
| [azurerm_private_endpoint.function_lollipop_itn_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
+| [azurerm_private_endpoint.locked_profiles_storage_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
| [azurerm_private_endpoint.session_manager_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
| [azurerm_private_endpoint.staging_function_lollipop_itn_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
| [azurerm_private_endpoint.staging_session_manager_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
| [azurerm_resource_group.fast_login_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.lollipop_rg_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.session_manager_rg_weu](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+| [azurerm_storage_table.locked_profiles](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_table) | resource |
| [azurerm_subnet.lollipop_snet_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource |
| [azurerm_subnet_nat_gateway_association.session_manager_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
| [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
@@ -96,7 +99,6 @@
| [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.rg_external](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_storage_account.immutable_lv_audit_logs_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
-| [azurerm_storage_account.locked_profiles_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_storage_account.logs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_storage_account.lollipop_assertion_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_storage_account.push_notifications_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
diff --git a/src/domains/elt/_modules/storage_accounts/outputs.tf b/src/domains/elt/_modules/storage_accounts/outputs.tf
index 22b38d21f..a35d5c139 100644
--- a/src/domains/elt/_modules/storage_accounts/outputs.tf
+++ b/src/domains/elt/_modules/storage_accounts/outputs.tf
@@ -11,7 +11,7 @@ output "storage_account_elt_primary_access_key" {
}
output "storage_account_elt_itn_primary_connection_string" {
- value = module.storage_account_itn_elt.primary_connection_string
+ value = module.storage_account_itn_elt_02.primary_connection_string
sensitive = true
}