From 1da66c717cfeb21391b56ff17c5396dad5d06a5a Mon Sep 17 00:00:00 2001
From: Sam Simpson <sam.simpson@digital.cabinet-office.gov.uk>
Date: Tue, 3 Dec 2024 12:03:08 +0000
Subject: [PATCH 1/2] Remove shared redis instance

---
 .../outputs.tf                                |  4 --
 .../security.tf                               | 24 ----------
 .../shared_redis.tf                           | 45 -------------------
 .../variables.tf                              |  5 ---
 .../variables-integration.tf                  |  3 +-
 .../tfc-configuration/variables-production.tf |  5 +--
 .../tfc-configuration/variables-staging.tf    |  3 +-
 7 files changed, 4 insertions(+), 85 deletions(-)
 delete mode 100644 terraform/deployments/govuk-publishing-infrastructure/shared_redis.tf

diff --git a/terraform/deployments/govuk-publishing-infrastructure/outputs.tf b/terraform/deployments/govuk-publishing-infrastructure/outputs.tf
index 16f6922c1..9c6dc319f 100644
--- a/terraform/deployments/govuk-publishing-infrastructure/outputs.tf
+++ b/terraform/deployments/govuk-publishing-infrastructure/outputs.tf
@@ -1,7 +1,3 @@
-output "shared_redis_cluster_host" {
-  value = aws_route53_record.shared_redis_cluster.fqdn
-}
-
 output "eks_ingress_www_origin_security_group_name" {
   value = aws_security_group.eks_ingress_www_origin.name
 }
diff --git a/terraform/deployments/govuk-publishing-infrastructure/security.tf b/terraform/deployments/govuk-publishing-infrastructure/security.tf
index 9788dd684..25811fc4b 100644
--- a/terraform/deployments/govuk-publishing-infrastructure/security.tf
+++ b/terraform/deployments/govuk-publishing-infrastructure/security.tf
@@ -13,30 +13,6 @@ data "aws_ec2_managed_prefix_list" "cloudfront" {
   name = "com.amazonaws.global.cloudfront.origin-facing"
 }
 
-#
-# Redis
-#
-
-resource "aws_security_group_rule" "shared_redis_cluster_to_any_any" {
-  description       = "Redis cluster sends requests to anywhere over any protocol"
-  type              = "egress"
-  from_port         = 0
-  to_port           = 0
-  protocol          = -1
-  cidr_blocks       = ["0.0.0.0/0"]
-  security_group_id = aws_security_group.shared_redis_cluster.id
-}
-
-resource "aws_security_group_rule" "shared_redis_cluster_from_any" {
-  description              = "Shared Redis cluster for EKS accepts requests from EKS nodes"
-  type                     = "ingress"
-  from_port                = 6379
-  to_port                  = 6379
-  protocol                 = "tcp"
-  security_group_id        = aws_security_group.shared_redis_cluster.id
-  source_security_group_id = data.tfe_outputs.cluster_infrastructure.nonsensitive_values.node_security_group_id
-}
-
 #
 # Frontend memcached
 #
diff --git a/terraform/deployments/govuk-publishing-infrastructure/shared_redis.tf b/terraform/deployments/govuk-publishing-infrastructure/shared_redis.tf
deleted file mode 100644
index 699422c43..000000000
--- a/terraform/deployments/govuk-publishing-infrastructure/shared_redis.tf
+++ /dev/null
@@ -1,45 +0,0 @@
-locals {
-  shared_redis_name = "shared-redis-${local.cluster_name}"
-}
-
-resource "aws_elasticache_subnet_group" "shared_redis_cluster" {
-  name       = local.shared_redis_name
-  subnet_ids = local.elasticache_subnets
-}
-
-resource "aws_security_group" "shared_redis_cluster" {
-  name        = local.shared_redis_name
-  vpc_id      = data.tfe_outputs.vpc.nonsensitive_values.id
-  description = "${local.shared_redis_name} Redis cluster"
-  tags = {
-    Name   = local.shared_redis_name
-    System = "Sidekiq"
-  }
-}
-
-resource "aws_elasticache_replication_group" "shared_redis_cluster" {
-  apply_immediately          = var.govuk_environment != "production"
-  replication_group_id       = local.shared_redis_name
-  description                = "Redis for Sidekiq queues"
-  node_type                  = var.shared_redis_cluster_node_type
-  num_cache_clusters         = var.govuk_environment == "production" ? 2 : 1
-  automatic_failover_enabled = var.govuk_environment == "production"
-  multi_az_enabled           = var.govuk_environment == "production"
-  parameter_group_name       = "default.redis6.x"
-  engine_version             = "6.x"
-  subnet_group_name          = aws_elasticache_subnet_group.shared_redis_cluster.name
-  security_group_ids         = [aws_security_group.shared_redis_cluster.id]
-  tags = {
-    Name   = local.shared_redis_name
-    System = "Sidekiq"
-  }
-}
-
-resource "aws_route53_record" "shared_redis_cluster" {
-  zone_id = local.internal_dns_zone_id
-  # TODO: consider removing EKS suffix once the old EC2 environments are gone.
-  name    = "${local.shared_redis_name}.eks"
-  type    = "CNAME"
-  ttl     = 300
-  records = [aws_elasticache_replication_group.shared_redis_cluster.primary_endpoint_address]
-}
diff --git a/terraform/deployments/govuk-publishing-infrastructure/variables.tf b/terraform/deployments/govuk-publishing-infrastructure/variables.tf
index 31679f16b..6d07efcdc 100644
--- a/terraform/deployments/govuk-publishing-infrastructure/variables.tf
+++ b/terraform/deployments/govuk-publishing-infrastructure/variables.tf
@@ -19,11 +19,6 @@ variable "frontend_memcached_node_type" {
   description = "Instance type for the Frontend memcached."
 }
 
-variable "shared_redis_cluster_node_type" {
-  type        = string
-  description = "Instance type for the shared Redis cluster. t1 and t2 instances are not supported."
-}
-
 variable "licensify_documentdb_instance_count" {
   type        = number
   default     = 3
diff --git a/terraform/deployments/tfc-configuration/variables-integration.tf b/terraform/deployments/tfc-configuration/variables-integration.tf
index ba06b3881..ba01899b2 100644
--- a/terraform/deployments/tfc-configuration/variables-integration.tf
+++ b/terraform/deployments/tfc-configuration/variables-integration.tf
@@ -35,8 +35,7 @@ module "variable-set-integration" {
 
     publishing_service_domain = "integration.publishing.service.gov.uk"
 
-    frontend_memcached_node_type   = "cache.t4g.micro"
-    shared_redis_cluster_node_type = "cache.m6g.large"
+    frontend_memcached_node_type = "cache.t4g.micro"
 
     # Non-production-only access is sufficient to access tools in this cluster.
     github_read_write_team = "alphagov:gov-uk"
diff --git a/terraform/deployments/tfc-configuration/variables-production.tf b/terraform/deployments/tfc-configuration/variables-production.tf
index 61e21ba63..8a0430414 100644
--- a/terraform/deployments/tfc-configuration/variables-production.tf
+++ b/terraform/deployments/tfc-configuration/variables-production.tf
@@ -33,9 +33,8 @@ module "variable-set-production" {
 
     publishing_service_domain = "publishing.service.gov.uk"
 
-    workers_instance_types         = ["m6i.8xlarge", "m6a.8xlarge"]
-    frontend_memcached_node_type   = "cache.r6g.large"
-    shared_redis_cluster_node_type = "cache.r6g.xlarge"
+    workers_instance_types       = ["m6i.8xlarge", "m6a.8xlarge"]
+    frontend_memcached_node_type = "cache.r6g.large"
 
     ckan_s3_organogram_bucket = "datagovuk-production-ckan-organogram"
   }
diff --git a/terraform/deployments/tfc-configuration/variables-staging.tf b/terraform/deployments/tfc-configuration/variables-staging.tf
index a0e7175e6..ad5d346c6 100644
--- a/terraform/deployments/tfc-configuration/variables-staging.tf
+++ b/terraform/deployments/tfc-configuration/variables-staging.tf
@@ -34,8 +34,7 @@ module "variable-set-staging" {
 
     publishing_service_domain = "staging.publishing.service.gov.uk"
 
-    frontend_memcached_node_type   = "cache.t4g.medium"
-    shared_redis_cluster_node_type = "cache.r6g.large"
+    frontend_memcached_node_type = "cache.t4g.medium"
 
     desired_ha_replicas         = 2
     rds_backup_retention_period = 1

From 1a29825921f249bb6ca1fbff5dd841bf27c1698d Mon Sep 17 00:00:00 2001
From: Sam Simpson <sam.simpson@digital.cabinet-office.gov.uk>
Date: Tue, 3 Dec 2024 13:53:38 +0000
Subject: [PATCH 2/2] Non-prod team has been renamed

---
 terraform/deployments/tfc-configuration/cdn-analytics.tf      | 4 ++--
 terraform/deployments/tfc-configuration/chat.tf               | 4 ++--
 .../deployments/tfc-configuration/cluster-infrastructure.tf   | 4 ++--
 terraform/deployments/tfc-configuration/cluster-services.tf   | 4 ++--
 .../deployments/tfc-configuration/datagovuk-infrastructure.tf | 4 ++--
 terraform/deployments/tfc-configuration/gcp-projects.tf       | 2 +-
 .../tfc-configuration/govuk-publishing-infrastructure.tf      | 4 ++--
 terraform/deployments/tfc-configuration/mobile-backend.tf     | 4 ++--
 terraform/deployments/tfc-configuration/opensearch.tf         | 4 ++--
 terraform/deployments/tfc-configuration/rds.tf                | 4 ++--
 terraform/deployments/tfc-configuration/vpc.tf                | 4 ++--
 11 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/terraform/deployments/tfc-configuration/cdn-analytics.tf b/terraform/deployments/tfc-configuration/cdn-analytics.tf
index 36dc6d31a..8d085c2a3 100644
--- a/terraform/deployments/tfc-configuration/cdn-analytics.tf
+++ b/terraform/deployments/tfc-configuration/cdn-analytics.tf
@@ -20,8 +20,8 @@ module "cdn-analytics-integration" {
   }
 
   team_access = {
-    "GOV.UK Non-Production" = "write"
-    "GOV.UK Production"     = "write"
+    "GOV.UK Non-Production (r/o)" = "write"
+    "GOV.UK Production"           = "write"
   }
 
   variable_set_names = [
diff --git a/terraform/deployments/tfc-configuration/chat.tf b/terraform/deployments/tfc-configuration/chat.tf
index 2abfd42ea..d076c3d25 100644
--- a/terraform/deployments/tfc-configuration/chat.tf
+++ b/terraform/deployments/tfc-configuration/chat.tf
@@ -20,8 +20,8 @@ module "chat-integration" {
   }
 
   team_access = {
-    "GOV.UK Non-Production" = "write"
-    "GOV.UK Production"     = "write"
+    "GOV.UK Non-Production (r/o)" = "write"
+    "GOV.UK Production"           = "write"
   }
 
   variable_set_names = [
diff --git a/terraform/deployments/tfc-configuration/cluster-infrastructure.tf b/terraform/deployments/tfc-configuration/cluster-infrastructure.tf
index 29803b6e3..4fd63df69 100644
--- a/terraform/deployments/tfc-configuration/cluster-infrastructure.tf
+++ b/terraform/deployments/tfc-configuration/cluster-infrastructure.tf
@@ -20,8 +20,8 @@ module "cluster-infrastructure-integration" {
   }
 
   team_access = {
-    "GOV.UK Non-Production" = "write"
-    "GOV.UK Production"     = "write"
+    "GOV.UK Non-Production (r/o)" = "write"
+    "GOV.UK Production"           = "write"
   }
 
   variable_set_names = [
diff --git a/terraform/deployments/tfc-configuration/cluster-services.tf b/terraform/deployments/tfc-configuration/cluster-services.tf
index a24ea49d6..431cdfd1f 100644
--- a/terraform/deployments/tfc-configuration/cluster-services.tf
+++ b/terraform/deployments/tfc-configuration/cluster-services.tf
@@ -19,8 +19,8 @@ module "cluster-services-integration" {
   }
 
   team_access = {
-    "GOV.UK Non-Production" = "write"
-    "GOV.UK Production"     = "write"
+    "GOV.UK Non-Production (r/o)" = "write"
+    "GOV.UK Production"           = "write"
   }
 
   variable_set_names = [
diff --git a/terraform/deployments/tfc-configuration/datagovuk-infrastructure.tf b/terraform/deployments/tfc-configuration/datagovuk-infrastructure.tf
index a2ddd1f8a..003e3e208 100644
--- a/terraform/deployments/tfc-configuration/datagovuk-infrastructure.tf
+++ b/terraform/deployments/tfc-configuration/datagovuk-infrastructure.tf
@@ -19,8 +19,8 @@ module "datagovuk-infrastructure-integration" {
   }
 
   team_access = {
-    "GOV.UK Non-Production" = "write"
-    "GOV.UK Production"     = "write"
+    "GOV.UK Non-Production (r/o)" = "write"
+    "GOV.UK Production"           = "write"
   }
 
   variable_set_names = [
diff --git a/terraform/deployments/tfc-configuration/gcp-projects.tf b/terraform/deployments/tfc-configuration/gcp-projects.tf
index 611d99529..f0a28806b 100644
--- a/terraform/deployments/tfc-configuration/gcp-projects.tf
+++ b/terraform/deployments/tfc-configuration/gcp-projects.tf
@@ -22,7 +22,7 @@ module "gcp-ga4-analytics" {
   team_access = {
     "GOV.UK Production"            = "write"
     "Google Cloud Data Production" = "write"
-    "GOV.UK Non-Production"        = "read"
+    "GOV.UK Non-Production (r/o)"  = "read"
   }
 
   variable_set_names = [
diff --git a/terraform/deployments/tfc-configuration/govuk-publishing-infrastructure.tf b/terraform/deployments/tfc-configuration/govuk-publishing-infrastructure.tf
index 458d50b2f..82f4c9bdc 100644
--- a/terraform/deployments/tfc-configuration/govuk-publishing-infrastructure.tf
+++ b/terraform/deployments/tfc-configuration/govuk-publishing-infrastructure.tf
@@ -19,8 +19,8 @@ module "govuk-publishing-infrastructure-integration" {
   }
 
   team_access = {
-    "GOV.UK Non-Production" = "write"
-    "GOV.UK Production"     = "write"
+    "GOV.UK Non-Production (r/o)" = "write"
+    "GOV.UK Production"           = "write"
   }
 
   variable_set_names = [
diff --git a/terraform/deployments/tfc-configuration/mobile-backend.tf b/terraform/deployments/tfc-configuration/mobile-backend.tf
index 7665dad9a..c20f2ce60 100644
--- a/terraform/deployments/tfc-configuration/mobile-backend.tf
+++ b/terraform/deployments/tfc-configuration/mobile-backend.tf
@@ -84,8 +84,8 @@ module "mobile-backend-integration" {
   }
 
   team_access = {
-    "GOV.UK Non-Production" = "write"
-    "GOV.UK Production"     = "write"
+    "GOV.UK Non-Production (r/o)" = "write"
+    "GOV.UK Production"           = "write"
   }
 
   variable_set_names = [
diff --git a/terraform/deployments/tfc-configuration/opensearch.tf b/terraform/deployments/tfc-configuration/opensearch.tf
index 7cd96b2d9..2af731b60 100644
--- a/terraform/deployments/tfc-configuration/opensearch.tf
+++ b/terraform/deployments/tfc-configuration/opensearch.tf
@@ -19,8 +19,8 @@ module "opensearch-integration" {
   }
 
   team_access = {
-    "GOV.UK Non-Production" = "write"
-    "GOV.UK Production"     = "write"
+    "GOV.UK Non-Production (r/o)" = "write"
+    "GOV.UK Production"           = "write"
   }
 
   variable_set_names = [
diff --git a/terraform/deployments/tfc-configuration/rds.tf b/terraform/deployments/tfc-configuration/rds.tf
index 5fffbcb19..366ec7043 100644
--- a/terraform/deployments/tfc-configuration/rds.tf
+++ b/terraform/deployments/tfc-configuration/rds.tf
@@ -20,8 +20,8 @@ module "rds-integration" {
   }
 
   team_access = {
-    "GOV.UK Non-Production" = "write"
-    "GOV.UK Production"     = "write"
+    "GOV.UK Non-Production (r/o)" = "write"
+    "GOV.UK Production"           = "write"
   }
 
   variable_set_names = [
diff --git a/terraform/deployments/tfc-configuration/vpc.tf b/terraform/deployments/tfc-configuration/vpc.tf
index ea153192a..4481b8ef3 100644
--- a/terraform/deployments/tfc-configuration/vpc.tf
+++ b/terraform/deployments/tfc-configuration/vpc.tf
@@ -20,8 +20,8 @@ module "vpc-integration" {
   }
 
   team_access = {
-    "GOV.UK Non-Production" = "write"
-    "GOV.UK Production"     = "write"
+    "GOV.UK Non-Production (r/o)" = "write"
+    "GOV.UK Production"           = "write"
   }
 
   variable_set_names = [