Add core infra terraform templates

templates/core/terraform/acr/acr.tf

@@ -0,0 +1,38 @@
+resource "azurerm_container_registry" "acr" {
+  name                     = "acr${var.resource_name_prefix}${var.environment}${var.tre_id}"
+  resource_group_name      = var.resource_group_name
+  location                 = var.location
+  sku                      = "Premium"
+  admin_enabled            = false
+}
+
+resource "azurerm_private_dns_zone" "azurecr" {
+  name                = "privatelink.azurecr.io"
+  resource_group_name = var.resource_group_name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "acrlink" {
+  name                  = "acr-link"
+  resource_group_name   = var.resource_group_name
+  private_dns_zone_name = azurerm_private_dns_zone.azurecr.name
+  virtual_network_id    = var.core_vnet
+}
+
+resource "azurerm_private_endpoint" "acrpe" {
+  name                = "pe-acr-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+  location            = var.location
+  resource_group_name = var.resource_group_name
+  subnet_id           = var.shared_subnet
+
+  private_dns_zone_group {
+    name                 = "private-dns-zone-group"
+    private_dns_zone_ids = [azurerm_private_dns_zone.azurecr.id]
+  }
+
+  private_service_connection {
+    name                           = "psc-acr-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+    private_connection_resource_id = azurerm_container_registry.acr.id
+    is_manual_connection           = false
+    subresource_names              = ["registry"]
+  }
+}

templates/core/terraform/acr/variables.tf

@@ -0,0 +1,7 @@
+variable "resource_name_prefix" {}
+variable "environment" {}
+variable "tre_id" {}
+variable "location" {}
+variable "resource_group_name" {}
+variable "core_vnet" {}
+variable "shared_subnet" {}

templates/core/terraform/api-webapp/api-webapp.tf

@@ -0,0 +1,205 @@
+resource "azurerm_app_service_plan" "core" {
+  name                = "plan-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+  resource_group_name = var.resource_group_name
+  location            = var.location
+  reserved            = true
+  kind                = "linux"
+  sku {
+    tier     = "PremiumV3"
+    capacity = 1
+    size     = "P1v3"
+  }
+}
+
+resource "azurerm_application_insights" "core" {
+  name                = "appi-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+  resource_group_name = var.resource_group_name
+  location            = var.location
+  application_type    = "web"
+}
+
+resource "azurerm_app_service" "management_api" {
+  name                = "api-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+  resource_group_name = var.resource_group_name
+  location            = var.location
+  app_service_plan_id = azurerm_app_service_plan.core.id
+
+
+  https_only = true
+  app_settings = {
+
+    "APPINSIGHTS_INSTRUMENTATIONKEY" = azurerm_application_insights.core.instrumentation_key
+  }
+
+  site_config {
+    app_command_line            = "gunicorn -w 2 -k uvicorn.workers.UvicornWorker main:app"
+    remote_debugging_enabled    = false
+    scm_use_main_ip_restriction = true
+    cors {
+      allowed_origins     = []
+      support_credentials = false
+    }
+    always_on       = true
+    min_tls_version = "1.2"
+    ip_restriction {
+      action     = "Deny"
+      ip_address = "0.0.0.0/0"
+      name       = "Deny all"
+      priority   = 2147483647
+    }
+    websockets_enabled = false
+  }
+
+  logs {
+    application_logs {
+      file_system_level = "Information"
+    }
+
+    http_logs {
+      file_system {
+        retention_in_days = 7
+        retention_in_mb   = 100
+      }
+    }
+  }
+}
+
+resource "azurerm_private_endpoint" "management_api_private_endpoint" {
+  name                = "pe-api-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+  resource_group_name = var.resource_group_name
+  location            = var.location
+  subnet_id           = var.shared_subnet
+  private_service_connection {
+    private_connection_resource_id = azurerm_app_service.management_api.id
+    name                           = "psc-api-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+    subresource_names              = ["sites"]
+    is_manual_connection           = false
+  }
+  private_dns_zone_group {
+    name                 = "privatelink.azurewebsites.net"
+    private_dns_zone_ids = [azurerm_private_dns_zone.azurewebsites.id]
+  }
+}
+
+resource "azurerm_private_dns_zone" "azurewebsites" {
+  name                = "privatelink.azurewebsites.net"
+  resource_group_name = var.resource_group_name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "azurewebsites" {
+  resource_group_name   = var.resource_group_name
+  virtual_network_id    = var.core_vnet
+  private_dns_zone_name = azurerm_private_dns_zone.azurewebsites.name
+  name                  = "azurewebsites-link"
+  registration_enabled  = false
+}
+
+resource "azurerm_app_service_virtual_network_swift_connection" "api-integrated-vnet" {
+  app_service_id = azurerm_app_service.management_api.id
+  subnet_id      = var.web_app_subnet
+}
+
+resource "azurerm_monitor_diagnostic_setting" "webapp_management_api" {
+  name                       = "diag-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+  target_resource_id         = azurerm_app_service.management_api.id
+  log_analytics_workspace_id = var.log_analytics_workspace_id
+
+  log {
+    category = "AppServiceHTTPLogs"
+    enabled  = true
+
+
+    retention_policy {
+      days    = 1
+      enabled = false
+    }
+  }
+
+  log {
+
+    category = "AppServiceConsoleLogs"
+    enabled  = true
+
+    retention_policy {
+      days    = 1
+      enabled = false
+    }
+  }
+
+
+  log {
+
+    category = "AppServiceAppLogs"
+    enabled  = true
+
+    retention_policy {
+      days    = 1
+      enabled = false
+    }
+  }
+
+
+
+  log {
+
+    category = "AppServiceFileAuditLogs"
+    enabled  = true
+
+    retention_policy {
+      days    = 1
+      enabled = false
+    }
+  }
+
+  log {
+
+    category = "AppServiceAuditLogs"
+    enabled  = true
+
+    retention_policy {
+      days    = 1
+      enabled = false
+    }
+  }
+
+  log {
+
+    category = "AppServiceIPSecAuditLogs"
+    enabled  = true
+
+    retention_policy {
+      days    = 1
+      enabled = false
+    }
+  }
+
+  log {
+
+    category = "AppServicePlatformLogs"
+    enabled  = true
+
+    retention_policy {
+      days    = 1
+      enabled = false
+    }
+  }
+
+  log {
+    category = "AppServiceAntivirusScanAuditLogs"
+    enabled  = true
+
+    retention_policy {
+      days    = 1
+      enabled = false
+    }
+  }
+
+  metric {
+    category = "AllMetrics"
+    enabled  = true
+
+    retention_policy {
+      enabled = false
+    }
+  }
+}

templates/core/terraform/api-webapp/variables.tf

@@ -0,0 +1,10 @@
+variable "resource_name_prefix" {}
+variable "environment" {}
+variable "tre_id" {}
+variable "location" {}
+variable "resource_group_name" {}
+variable "web_app_subnet" {}
+variable "core_vnet" {}
+variable "shared_subnet" {}
+variable "app_gw_subnet" {}
+variable "log_analytics_workspace_id" {}

templates/core/terraform/appgateway/appgateway.tf

@@ -0,0 +1,61 @@
+resource "azurerm_public_ip" "appgwpip" {
+  name                  = "pip-agw-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+  resource_group_name   = var.resource_group_name
+  location              = var.location
+  allocation_method     = "Static"
+  sku                   = "Standard"
+}
+
+resource "azurerm_application_gateway" "agw" {
+  name                = "agw-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+  resource_group_name = var.resource_group_name
+  location            = var.location
+
+  sku {
+    name     = "Standard_v2"
+    tier     = "Standard_v2"
+    capacity = 2
+  }
+
+  gateway_ip_configuration {
+    name      = "gateway-ip-configuration"
+    subnet_id = var.app_gw_subnet
+  }
+
+  frontend_port {
+    name = local.frontend_port_name
+    port = 80
+  }
+
+  frontend_ip_configuration {
+    name                 = local.frontend_ip_configuration_name
+    public_ip_address_id = azurerm_public_ip.appgwpip.id
+  }
+
+  backend_address_pool {
+    name = local.backend_address_pool_name
+  }
+
+  backend_http_settings {
+    name                  = local.http_setting_name
+    cookie_based_affinity = "Disabled"
+    port                  = 80
+    protocol              = "Http"
+    request_timeout       = 60
+  }
+
+  http_listener {
+    name                           = local.listener_name
+    frontend_ip_configuration_name = local.frontend_ip_configuration_name
+    frontend_port_name             = local.frontend_port_name
+    protocol                       = "Http"
+  }
+
+  request_routing_rule {
+    name                       = local.request_routing_rule_name
+    rule_type                  = "Basic"
+    http_listener_name         = local.listener_name
+    backend_address_pool_name  = local.backend_address_pool_name
+    backend_http_settings_name = local.http_setting_name
+  }
+}

templates/core/terraform/appgateway/locals.tf

@@ -0,0 +1,9 @@
+locals {
+  backend_address_pool_name      = "beap-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+  frontend_port_name             = "feport-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+  frontend_ip_configuration_name = "feip-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+  http_setting_name              = "be-htst-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+  listener_name                  = "httplstn-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+  request_routing_rule_name      = "rqrt-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+  redirect_configuration_name    = "rdrcfg-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
+}

templates/core/terraform/appgateway/variables.tf

@@ -0,0 +1,6 @@
+variable "resource_name_prefix" {}
+variable "environment" {}
+variable "tre_id" {}
+variable "location" {}
+variable "resource_group_name" {}
+variable "app_gw_subnet" {}