diff --git a/infrastructure/sandbox/JITProvisioner/jitprovisioner.tf b/infrastructure/sandbox/JITProvisioner/jitprovisioner.tf index fe78454409..024b5bead2 100644 --- a/infrastructure/sandbox/JITProvisioner/jitprovisioner.tf +++ b/infrastructure/sandbox/JITProvisioner/jitprovisioner.tf @@ -131,7 +131,7 @@ resource "aws_lambda_function" "jitprovisioner" { role = aws_iam_role.jitprovisioner.arn reserved_concurrent_executions = -1 kms_key_arn = var.kms_key.arn - timeout = 5 + timeout = 10 memory_size = 512 vpc_config { security_group_ids = [aws_security_group.jitprovisioner.id] diff --git a/infrastructure/sandbox/PreProvisioner/main.tf b/infrastructure/sandbox/PreProvisioner/main.tf index 5a86aaaca6..f196c79312 100644 --- a/infrastructure/sandbox/PreProvisioner/main.tf +++ b/infrastructure/sandbox/PreProvisioner/main.tf @@ -136,7 +136,7 @@ data "aws_iam_policy_document" "lambda" { "kms:GenerateDataKey*", "kms:Describe*" ] - resources = [aws_kms_key.ecr.arn, var.kms_key.arn, var.installer_kms_key.arn] + resources = [aws_kms_key.ecr.arn, var.kms_key.arn] } statement { @@ -289,7 +289,7 @@ resource "aws_ecs_task_definition" "main" { }, { name = "TF_VAR_kms_key_arn" - value = var.installer_kms_key.arn + value = var.kms_key.arn }, { name = "TF_VAR_ecr_url" diff --git a/infrastructure/sandbox/PreProvisioner/variables.tf b/infrastructure/sandbox/PreProvisioner/variables.tf index 44a44ea341..64e8585888 100644 --- a/infrastructure/sandbox/PreProvisioner/variables.tf +++ b/infrastructure/sandbox/PreProvisioner/variables.tf @@ -8,7 +8,6 @@ variable "redis_cluster" {} variable "base_domain" {} variable "ecs_cluster" {} variable "kms_key" {} -variable "installer_kms_key" {} variable "installer_bucket" {} variable "oidc_provider_arn" {} variable "oidc_provider" {} diff --git a/infrastructure/sandbox/SharedInfrastructure/rds.tf b/infrastructure/sandbox/SharedInfrastructure/rds.tf index 3f8d9483c7..8d97bea0a5 100644 --- a/infrastructure/sandbox/SharedInfrastructure/rds.tf +++ b/infrastructure/sandbox/SharedInfrastructure/rds.tf @@ -51,7 +51,7 @@ module "main" { name = var.prefix engine = "aurora-mysql" - engine_version = "5.7.mysql_aurora.2.08.3" + engine_version = "5.7.mysql_aurora.2.11.3" engine_mode = "serverless" storage_encrypted = true @@ -79,8 +79,8 @@ module "main" { scaling_configuration = { auto_pause = true - min_capacity = 2 - max_capacity = 16 + min_capacity = 32 + max_capacity = 64 seconds_until_auto_pause = 300 timeout_action = "ForceApplyCapacityChange" } diff --git a/infrastructure/sandbox/SharedInfrastructure/s3.tf b/infrastructure/sandbox/SharedInfrastructure/s3.tf index 4f10b98682..8f8708fc3e 100644 --- a/infrastructure/sandbox/SharedInfrastructure/s3.tf +++ b/infrastructure/sandbox/SharedInfrastructure/s3.tf @@ -23,12 +23,3 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "installers" { output "installer_bucket" { value = aws_s3_bucket.installers } - -resource "aws_kms_key" "installers" { - deletion_window_in_days = 10 - enable_key_rotation = true -} - -output "installer_kms_key" { - value = aws_kms_key.installers -} diff --git a/infrastructure/sandbox/main.tf b/infrastructure/sandbox/main.tf index acff8777ff..d6f1e2df12 100644 --- a/infrastructure/sandbox/main.tf +++ b/infrastructure/sandbox/main.tf @@ -187,7 +187,6 @@ module "pre-provisioner" { prefix = local.prefix vpc = module.vpc kms_key = aws_kms_key.main - installer_kms_key = module.SharedInfrastructure.installer_kms_key dynamodb_table = aws_dynamodb_table.lifecycle-table remote_state = module.remote_state mysql_secret = module.shared-infrastructure.mysql_secret diff --git a/infrastructure/sandbox/tools/upgrade_ecr_ecs.sh b/infrastructure/sandbox/tools/upgrade_ecr_ecs.sh index d8afb1189e..dab23dbc58 100755 --- a/infrastructure/sandbox/tools/upgrade_ecr_ecs.sh +++ b/infrastructure/sandbox/tools/upgrade_ecr_ecs.sh @@ -34,6 +34,9 @@ esac EXPECTED_VARIABLES=( TF_VAR_slack_webhook + TF_VAR_apm_token + TF_VAR_apm_url + TF_VAR_license_key CLOUDFLARE_API_TOKEN FLEET_VERSION ECR_IMAGE_VERSION