Add cronjob to run org list sync

Author: chao-xian

infra/deployments/forms/forms-admin/main.tf

@@ -25,6 +25,7 @@ module "forms_admin" {
   analytics_enabled                 = var.forms_admin_settings.analytics_enabled
   act_as_user_enabled               = var.forms_admin_settings.act_as_user_enabled
   enable_mailchimp_sync             = var.forms_admin_settings.synchronize_to_mailchimp
+  enable_organisations_sync         = var.forms_admin_settings.synchronize_orgs_from_govuk
   deploy_account_id                 = var.deploy_account_id
   repeatable_page_enabled           = var.forms_admin_settings.repeatable_page_enabled
   vpc_id                            = data.terraform_remote_state.forms_environment.outputs.vpc_id

infra/deployments/forms/inputs.tf

@@ -129,19 +129,20 @@ EOF
 variable "forms_admin_settings" {
   description = "Forms Admin configuration values"
   type = object({
-    cpu                        = number
-    memory                     = number
-    min_capacity               = number
-    max_capacity               = number
-    enable_maintenance_mode    = bool
-    auth_provider              = string
-    previous_auth_provider     = string
-    cloudwatch_metrics_enabled = bool
-    analytics_enabled          = bool
-    act_as_user_enabled        = bool
-    govuk_app_domain           = string
-    synchronize_to_mailchimp   = bool
-    repeatable_page_enabled    = bool
+    cpu                         = number
+    memory                      = number
+    min_capacity                = number
+    max_capacity                = number
+    enable_maintenance_mode     = bool
+    auth_provider               = string
+    previous_auth_provider      = string
+    cloudwatch_metrics_enabled  = bool
+    analytics_enabled           = bool
+    act_as_user_enabled         = bool
+    govuk_app_domain            = string
+    synchronize_to_mailchimp    = bool
+    synchronize_orgs_from_govuk = bool
+    repeatable_page_enabled     = bool
   })
   nullable = false
 }

infra/deployments/forms/tfvars/dev.tfvars

@@ -67,19 +67,20 @@ container_registry      = "711966560482.dkr.ecr.eu-west-2.amazonaws.com"
 dlq_arn                 = "arn:aws:sqs:eu-west-2:711966560482:eventbridge-dead-letter-queue"
 send_logs_to_cyber      = true
 forms_admin_settings = {
-  cpu                        = 256
-  memory                     = 512
-  min_capacity               = 3
-  max_capacity               = 3
-  enable_maintenance_mode    = false
-  auth_provider              = "auth0"
-  previous_auth_provider     = "gds_sso"
-  cloudwatch_metrics_enabled = true
-  analytics_enabled          = true
-  act_as_user_enabled        = true
-  govuk_app_domain           = "integration.publishing.service.gov.uk"
-  synchronize_to_mailchimp   = false
-  repeatable_page_enabled    = true
+  cpu                         = 256
+  memory                      = 512
+  min_capacity                = 3
+  max_capacity                = 3
+  enable_maintenance_mode     = false
+  auth_provider               = "auth0"
+  previous_auth_provider      = "gds_sso"
+  cloudwatch_metrics_enabled  = true
+  analytics_enabled           = true
+  act_as_user_enabled         = true
+  govuk_app_domain            = "integration.publishing.service.gov.uk"
+  synchronize_orgs_from_govuk = false
+  synchronize_to_mailchimp    = false
+  repeatable_page_enabled     = true
 }
 forms_product_page_settings = {
   cpu          = 256

infra/deployments/forms/tfvars/production.tfvars

@@ -123,19 +123,20 @@ container_registry      = "711966560482.dkr.ecr.eu-west-2.amazonaws.com"
 dlq_arn                 = "arn:aws:sqs:eu-west-2:711966560482:eventbridge-dead-letter-queue"
 send_logs_to_cyber      = true
 forms_admin_settings = {
-  cpu                        = 512
-  memory                     = 1024
-  min_capacity               = 6
-  max_capacity               = 36
-  enable_maintenance_mode    = false
-  auth_provider              = "auth0"
-  previous_auth_provider     = "gds_sso"
-  cloudwatch_metrics_enabled = true
-  analytics_enabled          = true
-  act_as_user_enabled        = false
-  govuk_app_domain           = "publishing.service.gov.uk"
-  synchronize_to_mailchimp   = true
-  repeatable_page_enabled    = true
+  cpu                         = 512
+  memory                      = 1024
+  min_capacity                = 6
+  max_capacity                = 36
+  enable_maintenance_mode     = false
+  auth_provider               = "auth0"
+  previous_auth_provider      = "gds_sso"
+  cloudwatch_metrics_enabled  = true
+  analytics_enabled           = true
+  act_as_user_enabled         = false
+  govuk_app_domain            = "publishing.service.gov.uk"
+  synchronize_to_mailchimp    = true
+  synchronize_orgs_from_govuk = true
+  repeatable_page_enabled     = true
 }
 forms_product_page_settings = {
   cpu          = 256

infra/deployments/forms/tfvars/staging.tfvars

@@ -32,19 +32,20 @@ container_registry      = "711966560482.dkr.ecr.eu-west-2.amazonaws.com"
 dlq_arn                 = "arn:aws:sqs:eu-west-2:711966560482:eventbridge-dead-letter-queue"
 send_logs_to_cyber      = true
 forms_admin_settings = {
-  cpu                        = 256
-  memory                     = 512
-  min_capacity               = 3
-  max_capacity               = 3
-  enable_maintenance_mode    = false
-  auth_provider              = "auth0"
-  previous_auth_provider     = "gds_sso"
-  cloudwatch_metrics_enabled = true
-  analytics_enabled          = true
-  act_as_user_enabled        = true
-  govuk_app_domain           = "staging.publishing.service.gov.uk"
-  synchronize_to_mailchimp   = false
-  repeatable_page_enabled    = true
+  cpu                         = 256
+  memory                      = 512
+  min_capacity                = 3
+  max_capacity                = 3
+  enable_maintenance_mode     = false
+  auth_provider               = "auth0"
+  previous_auth_provider      = "gds_sso"
+  cloudwatch_metrics_enabled  = true
+  analytics_enabled           = true
+  act_as_user_enabled         = true
+  govuk_app_domain            = "staging.publishing.service.gov.uk"
+  synchronize_orgs_from_govuk = false
+  synchronize_to_mailchimp    = false
+  repeatable_page_enabled     = true
 }
 forms_product_page_settings = {
   cpu          = 256

infra/deployments/forms/tfvars/user-research.tfvars

@@ -30,19 +30,20 @@ container_registry      = "711966560482.dkr.ecr.eu-west-2.amazonaws.com"
 dlq_arn                 = "arn:aws:sqs:eu-west-2:711966560482:eventbridge-dead-letter-queue"
 send_logs_to_cyber      = true
 forms_admin_settings = {
-  cpu                        = 256
-  memory                     = 512
-  min_capacity               = 3
-  max_capacity               = 3
-  enable_maintenance_mode    = false
-  auth_provider              = "user_research"
-  previous_auth_provider     = null
-  cloudwatch_metrics_enabled = false
-  analytics_enabled          = false
-  act_as_user_enabled        = false
-  govuk_app_domain           = ""
-  synchronize_to_mailchimp   = false
-  repeatable_page_enabled    = true
+  cpu                         = 256
+  memory                      = 512
+  min_capacity                = 3
+  max_capacity                = 3
+  enable_maintenance_mode     = false
+  auth_provider               = "user_research"
+  previous_auth_provider      = null
+  cloudwatch_metrics_enabled  = false
+  analytics_enabled           = false
+  act_as_user_enabled         = false
+  govuk_app_domain            = ""
+  synchronize_orgs_from_govuk = false
+  synchronize_to_mailchimp    = false
+  repeatable_page_enabled     = true
 }
 forms_product_page_settings = {
   cpu          = 256

infra/modules/forms-admin/mailchimp-sync.tf

@@ -21,7 +21,7 @@ locals {
   )
 }
 
-resource "aws_ecs_task_definition" "cron_job" {
+resource "aws_ecs_task_definition" "mailchimp_cron_job" {
   count = var.enable_mailchimp_sync ? 1 : 0
 
   family                = "${var.env_name}_forms-admin_mailchimp_sync"
@@ -46,27 +46,27 @@ resource "aws_ecs_task_definition" "cron_job" {
 ##
 # EventBridge
 ##
-resource "aws_cloudwatch_event_rule" "sync_cron_job" {
+resource "aws_cloudwatch_event_rule" "sync_mailchimp_cron_job" {
   count = var.enable_mailchimp_sync ? 1 : 0
 
-  name                = "${var.env_name}-forms-admin-sync-cron"
+  name                = "${var.env_name}-forms-admin-mailchimp-sync-cron"
   description         = "Trigger the forms-admin MailChimp synchronisation on a schedule"
   schedule_expression = "cron(30 10 * * ? *)" # 10:30AM daily. In office hours so that we can respond to failures
 }
 
-resource "aws_cloudwatch_event_target" "ecs_sync_job" {
+resource "aws_cloudwatch_event_target" "ecs_mailchimp_sync_job" {
   count = var.enable_mailchimp_sync ? 1 : 0
 
   arn      = var.ecs_cluster_arn
-  rule     = aws_cloudwatch_event_rule.sync_cron_job[0].name
-  role_arn = aws_iam_role.ecs_cron_scheduler[0].arn
+  rule     = aws_cloudwatch_event_rule.sync_mailchimp_cron_job[0].name
+  role_arn = aws_iam_role.ecs_mailchimp_cron_scheduler[0].arn
 
   ecs_target {
     # Construct ARN without revision number to always use the latest revision
     # Format: arn:aws:ecs:region:account:task-definition/family
     # This ensures the EventBridge rule always uses the latest revision
     # which is updated by the forms-admin deployment pipeline
-    task_definition_arn = "arn:aws:ecs:eu-west-2:${data.aws_caller_identity.current.account_id}:task-definition/${aws_ecs_task_definition.cron_job[0].family}"
+    task_definition_arn = "arn:aws:ecs:eu-west-2:${data.aws_caller_identity.current.account_id}:task-definition/${aws_ecs_task_definition.mailchimp_cron_job[0].family}"
     launch_type         = "FARGATE"
     platform_version    = "1.4.0"
 
@@ -83,8 +83,8 @@ resource "aws_cloudwatch_event_target" "ecs_sync_job" {
 }
 
 ## Monitor for failure
-resource "aws_cloudwatch_event_rule" "sync_cron_job_failed" {
-  name        = "${var.env_name}-forms-admin-sync-failed"
+resource "aws_cloudwatch_event_rule" "sync_mailchimp_cron_job_failed" {
+  name        = "${var.env_name}-forms-admin-mailchimp-sync-failed"
   description = "Trigger when the MailChimp sync job has exited with a non-zero exit code"
 
   event_pattern = jsonencode({
@@ -106,8 +106,8 @@ resource "aws_cloudwatch_event_rule" "sync_cron_job_failed" {
   })
 }
 
-resource "aws_cloudwatch_event_target" "sync_cron_job_alert_message" {
-  rule = aws_cloudwatch_event_rule.sync_cron_job_failed.name
+resource "aws_cloudwatch_event_target" "sync_mailchimp_cron_job_alert_message" {
+  rule = aws_cloudwatch_event_rule.sync_mailchimp_cron_job_failed.name
 
   # defined in 'environment' module. Sends alarms/errors via ZenDesk
   arn = var.zendesk_sns_topic_arn
@@ -134,7 +134,7 @@ resource "aws_cloudwatch_event_target" "sync_cron_job_alert_message" {
 ##
 # IAM
 ##
-resource "aws_iam_role" "ecs_cron_scheduler" {
+resource "aws_iam_role" "ecs_mailchimp_cron_scheduler" {
   count = var.enable_mailchimp_sync ? 1 : 0
 
   name = "${var.env_name}-forms-admin-ecs-cron-scheduler"
@@ -153,9 +153,19 @@ resource "aws_iam_role" "ecs_cron_scheduler" {
   })
 }
 
-resource "aws_iam_role_policy_attachment" "ecs_events_policy" {
+resource "aws_iam_role_policy_attachment" "ecs_mailchimp_events_policy" {
   count = var.enable_mailchimp_sync ? 1 : 0
 
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceEventsRole"
-  role       = aws_iam_role.ecs_cron_scheduler[0].name
+  role       = aws_iam_role.ecs_mailchimp_cron_scheduler[0].name
+}
+
+moved {
+  from = aws_cloudwatch_event_rule.sync_cron_job_failed
+  to   = aws_cloudwatch_event_rule.sync_mailchimp_cron_job_failed
+}
+
+moved {
+  from = aws_cloudwatch_event_target.sync_cron_job_alert_message
+  to   = aws_cloudwatch_event_target.sync_mailchimp_cron_job_alert_message
 }