Merge pull request #66 from Virtual-Finland-Development/VFD-276-siirretaan-users-api-n-vpc-n-infra-vastuu-pois-jaetuista-resursseista

Own the VPC instead of using shared

Author: lsipii

VirtualFinland.UsersAPI.Deployment/Common/Models/StackSetup.cs

@@ -8,5 +8,4 @@ public record StackSetup
     public bool IsProductionEnvironment;
     public string Environment = default!;
     public string ProjectName = default!;
-    public VpcSetup VpcSetup = default!;
 }

VirtualFinland.UsersAPI.Deployment/Common/Models/VpcSetup.cs

@@ -12,7 +12,7 @@ namespace VirtualFinland.UsersAPI.Deployment.Features;
 
 class DatabaseMigratorLambda
 {
-    public DatabaseMigratorLambda(Config config, StackSetup stackSetup, SecretsManager secretsManager)
+    public DatabaseMigratorLambda(Config config, StackSetup stackSetup, VpcSetup vpcSetup, SecretsManager secretsManager)
     {
         // Lambda function
         var execRole = new Role($"{stackSetup.ProjectName}-DatabaseMigratorLambdaRole-{stackSetup.Environment}", new RoleArgs
@@ -76,14 +76,14 @@ public DatabaseMigratorLambda(Config config, StackSetup stackSetup, SecretsManag
 
         var defaultSecurityGroup = Pulumi.Aws.Ec2.GetSecurityGroup.Invoke(new GetSecurityGroupInvokeArgs()
         {
-            VpcId = stackSetup.VpcSetup.VpcId,
+            VpcId = vpcSetup.VpcId,
             Name = "default"
         });
 
         var functionVpcArgs = new FunctionVpcConfigArgs()
         {
             SecurityGroupIds = defaultSecurityGroup.Apply(o => $"{o.Id}"),
-            SubnetIds = stackSetup.VpcSetup.PrivateSubnetIds
+            SubnetIds = vpcSetup.PrivateSubnetIds
         };
 
         var appArtifactPath = Environment.GetEnvironmentVariable("DB_MIGRATOR_ARTIFACT_PATH") ?? config.Require("dbMigratorArtifactPath");

VirtualFinland.UsersAPI.Deployment/Features/DatabaseMigratorLambda.cs

@@ -16,7 +16,7 @@ namespace VirtualFinland.UsersAPI.Deployment.Features;
 /// </summary>
 class LambdaFunctionUrl
 {
-    public LambdaFunctionUrl(Config config, StackSetup stackSetup, SecretsManager secretsManager)
+    public LambdaFunctionUrl(Config config, StackSetup stackSetup, VpcSetup vpcSetup, SecretsManager secretsManager)
     {
         // External references
         var codesetStackReference = new StackReference($"{Pulumi.Deployment.Instance.OrganizationName}/codesets/{stackSetup.Environment}");
@@ -84,14 +84,14 @@ public LambdaFunctionUrl(Config config, StackSetup stackSetup, SecretsManager se
 
         var defaultSecurityGroup = Pulumi.Aws.Ec2.GetSecurityGroup.Invoke(new GetSecurityGroupInvokeArgs()
         {
-            VpcId = stackSetup.VpcSetup.VpcId,
+            VpcId = vpcSetup.VpcId,
             Name = "default"
         });
 
         var functionVpcArgs = new FunctionVpcConfigArgs()
         {
             SecurityGroupIds = defaultSecurityGroup.Apply(o => $"{o.Id}"),
-            SubnetIds = stackSetup.VpcSetup.PrivateSubnetIds
+            SubnetIds = vpcSetup.PrivateSubnetIds
         };
 
         var appArtifactPath = Environment.GetEnvironmentVariable("APPLICATION_ARTIFACT_PATH") ?? config.Require("appArtifactPath");

VirtualFinland.UsersAPI.Deployment/Features/LambdaFunctionUrl.cs

@@ -1,3 +1,5 @@
+using System.Collections.Immutable;
+using System.Linq;
 using Pulumi;
 using Pulumi.Aws.Rds;
 using Pulumi.Random;
@@ -11,11 +13,19 @@ namespace VirtualFinland.UsersAPI.Deployment.Features;
 /// </summary>
 public class PostgresDatabase
 {
-    public PostgresDatabase(Config config, StackSetup stackSetup)
+    public PostgresDatabase(Config config, StackSetup stackSetup, VpcSetup vpcSetup)
     {
-        var dbSubNetGroup = new Pulumi.Aws.Rds.SubnetGroup("dbsubnets", new()
+        // @TODO: Remove oldDbSubNetGroup once the the new subnet group is deployed
+        var infraStackReference = new StackReference($"{Pulumi.Deployment.Instance.OrganizationName}/{config.Require("infraStackReferenceName")}/{stackSetup.Environment}");
+        var infraStackReferencePrivateSubnetIds = infraStackReference.RequireOutput("PrivateSubnetIds");
+        var oldDbSubNetGroup = new Pulumi.Aws.Rds.SubnetGroup("dbsubnets", new()
         {
-            SubnetIds = stackSetup.VpcSetup.PrivateSubnetIds,
+            SubnetIds = infraStackReferencePrivateSubnetIds.Apply(o => ((ImmutableArray<object>)(o ?? new ImmutableArray<object>())).Select(x => x.ToString())),
+        });
+
+        var dbSubNetGroup = new Pulumi.Aws.Rds.SubnetGroup($"{stackSetup.ProjectName}-dbsubnets-{stackSetup.Environment}", new()
+        {
+            SubnetIds = vpcSetup.PrivateSubnetIds,
         });
 
         var password = new RandomPassword("password", new()
@@ -36,7 +46,7 @@ public PostgresDatabase(Config config, StackSetup stackSetup)
             Username = config.Require("dbAdmin"),
             Password = password.Result,
             Tags = stackSetup.Tags,
-            PubliclyAccessible = !stackSetup.IsProductionEnvironment, // DEV: For Production set to FALSE
+            PubliclyAccessible = false,
             SkipFinalSnapshot = !stackSetup.IsProductionEnvironment, // DEV: For production set to FALSE to avoid accidental deletion of the cluster, data safety measure and is the default for AWS.
             //SnapshotIdentifier = "" // See README.database.md for more information
         });

VirtualFinland.UsersAPI.Deployment/Features/PostgresDatabase.cs

@@ -0,0 +1,28 @@
+using System.Collections.Immutable;
+using Pulumi;
+using Pulumi.Awsx.Ec2;
+using Pulumi.Awsx.Ec2.Inputs;
+
+namespace VirtualFinland.UsersAPI.Deployment.Common.Models;
+
+public class VpcSetup
+{
+    public VpcSetup(StackSetup stackSetup)
+    {
+        var vpc = new Vpc($"{stackSetup.ProjectName}-vf-vpc-{stackSetup.Environment}", new VpcArgs()
+        {
+            Tags = stackSetup.Tags,
+            EnableDnsHostnames = true,
+            NatGateways = new NatGatewayConfigurationArgs
+            {
+                Strategy = stackSetup.IsProductionEnvironment ? NatGatewayStrategy.OnePerAz : NatGatewayStrategy.Single
+            }
+        });
+
+        this.VpcId = vpc.VpcId;
+        this.PrivateSubnetIds = vpc.PrivateSubnetIds;
+    }
+
+    public Input<string>? VpcId = default!;
+    public Output<ImmutableArray<string>> PrivateSubnetIds = default!;
+}

VirtualFinland.UsersAPI.Deployment/Features/VpcSetup.cs

@@ -1,6 +1,3 @@
-using System.Collections.Generic;
-using System.Collections.Immutable;
-using System.Linq;
 using Pulumi;
 using VirtualFinland.UsersAPI.Deployment.Common;
 using VirtualFinland.UsersAPI.Deployment.Common.Models;
@@ -17,11 +14,6 @@ public UsersApiStack()
         var environment = Pulumi.Deployment.Instance.StackName;
         var projectName = Pulumi.Deployment.Instance.ProjectName;
 
-        var infraStackReference = new StackReference($"{Pulumi.Deployment.Instance.OrganizationName}/{config.Require("infraStackReferenceName")}/{environment}");
-        var infraStackReferencePrivateSubnetIds = infraStackReference.RequireOutput("PrivateSubnetIds");
-        var infraStackReferencePrivateSubnetIdsAsList = infraStackReferencePrivateSubnetIds.Apply(o => ((ImmutableArray<object>)(o ?? new ImmutableArray<object>())).Select(x => x.ToString()));
-        var infraStackReferenceVpcId = infraStackReference.RequireOutput("VpcId");
-
         InputMap<string> tags = new InputMap<string>()
         {
             {
@@ -38,22 +30,18 @@ public UsersApiStack()
             Environment = environment,
             IsProductionEnvironment = isProductionEnvironment,
             Tags = tags,
-            VpcSetup = new VpcSetup()
-            {
-                VpcId = Output.Format($"{infraStackReferenceVpcId}"),
-                PrivateSubnetIds = infraStackReferencePrivateSubnetIdsAsList as Output<IEnumerable<string>>
-            }
         };
 
-        var dbConfigs = new PostgresDatabase(config, stackSetup);
+        var vpcSetup = new VpcSetup(stackSetup);
+        var dbConfigs = new PostgresDatabase(config, stackSetup, vpcSetup);
         var secretManagerSecret = new SecretsManager(config, stackSetup, dbConfigs);
 
-        var lambdaFunctionConfigs = new LambdaFunctionUrl(config, stackSetup, secretManagerSecret);
+        var lambdaFunctionConfigs = new LambdaFunctionUrl(config, stackSetup, vpcSetup, secretManagerSecret);
         ApplicationUrl = lambdaFunctionConfigs.ApplicationUrl;
         LambdaId = lambdaFunctionConfigs.LambdaFunctionId;
         DBIdentifier = dbConfigs.DBIdentifier;
 
-        var databaseMigratorLambda = new DatabaseMigratorLambda(config, stackSetup, secretManagerSecret);
+        var databaseMigratorLambda = new DatabaseMigratorLambda(config, stackSetup, vpcSetup, secretManagerSecret);
         DatabaseMigratorLambdaArn = databaseMigratorLambda.LambdaFunctionArn;
     }