Sandbox-v4.38.1 (#14524)

2026-05-23 00:49:03 +00:00 · 2023-10-13 15:35:42 -05:00 · 2023-10-13 15:35:42 -05:00 · eb0babe51a
commit eb0babe51a
parent 910e26b93e
7 changed files with 9 additions and 17 deletions
--- a/infrastructure/sandbox/JITProvisioner/jitprovisioner.tf
+++ b/infrastructure/sandbox/JITProvisioner/jitprovisioner.tf
@ -131,7 +131,7 @@ resource "aws_lambda_function" "jitprovisioner" {
  role                           = aws_iam_role.jitprovisioner.arn
  reserved_concurrent_executions = -1
  kms_key_arn                    = var.kms_key.arn
-  timeout                        = 5
+  timeout                        = 10
  memory_size                    = 512
  vpc_config {
    security_group_ids = [aws_security_group.jitprovisioner.id]
--- a/infrastructure/sandbox/PreProvisioner/main.tf
+++ b/infrastructure/sandbox/PreProvisioner/main.tf
@ -136,7 +136,7 @@ data "aws_iam_policy_document" "lambda" {
      "kms:GenerateDataKey*",
      "kms:Describe*"
    ]
-    resources = [aws_kms_key.ecr.arn, var.kms_key.arn, var.installer_kms_key.arn]
+    resources = [aws_kms_key.ecr.arn, var.kms_key.arn]
  }

  statement {
@ -289,7 +289,7 @@ resource "aws_ecs_task_definition" "main" {
          },
          {
            name  = "TF_VAR_kms_key_arn"
-            value = var.installer_kms_key.arn
+            value = var.kms_key.arn
          },
          {
            name  = "TF_VAR_ecr_url"
--- a/infrastructure/sandbox/PreProvisioner/variables.tf
+++ b/infrastructure/sandbox/PreProvisioner/variables.tf
@ -8,7 +8,6 @@ variable "redis_cluster" {}
 variable "base_domain" {}
 variable "ecs_cluster" {}
 variable "kms_key" {}
-variable "installer_kms_key" {}
 variable "installer_bucket" {}
 variable "oidc_provider_arn" {}
 variable "oidc_provider" {}
--- a/infrastructure/sandbox/SharedInfrastructure/rds.tf
+++ b/infrastructure/sandbox/SharedInfrastructure/rds.tf
@ -51,7 +51,7 @@ module "main" {

  name           = var.prefix
  engine         = "aurora-mysql"
-  engine_version = "5.7.mysql_aurora.2.08.3"
+  engine_version = "5.7.mysql_aurora.2.11.3"
  engine_mode    = "serverless"

  storage_encrypted            = true
@ -79,8 +79,8 @@ module "main" {

  scaling_configuration = {
    auto_pause               = true
-    min_capacity             = 2
-    max_capacity             = 16
+    min_capacity             = 32
+    max_capacity             = 64
    seconds_until_auto_pause = 300
    timeout_action           = "ForceApplyCapacityChange"
  }
--- a/infrastructure/sandbox/SharedInfrastructure/s3.tf
+++ b/infrastructure/sandbox/SharedInfrastructure/s3.tf
@ -23,12 +23,3 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "installers" {
 output "installer_bucket" {
  value = aws_s3_bucket.installers
 }
-
-resource "aws_kms_key" "installers" {
-  deletion_window_in_days = 10
-  enable_key_rotation     = true
-}
-
-output "installer_kms_key" {
-  value = aws_kms_key.installers
-}
--- a/infrastructure/sandbox/main.tf
+++ b/infrastructure/sandbox/main.tf
@ -187,7 +187,6 @@ module "pre-provisioner" {
  prefix            = local.prefix
  vpc               = module.vpc
  kms_key           = aws_kms_key.main
-  installer_kms_key = module.SharedInfrastructure.installer_kms_key
  dynamodb_table    = aws_dynamodb_table.lifecycle-table
  remote_state      = module.remote_state
  mysql_secret      = module.shared-infrastructure.mysql_secret
--- a/infrastructure/sandbox/tools/upgrade_ecr_ecs.sh
+++ b/infrastructure/sandbox/tools/upgrade_ecr_ecs.sh
@ -34,6 +34,9 @@ esac

 EXPECTED_VARIABLES=(
 	TF_VAR_slack_webhook
+	TF_VAR_apm_token
+	TF_VAR_apm_url
+	TF_VAR_license_key
 	CLOUDFLARE_API_TOKEN
 	FLEET_VERSION
 	ECR_IMAGE_VERSION