PR Upgrade Orca from v8.1.0 to v9.0.5

[krisstanton]

For this PR, here is what we do.

(Note: I'll add reviewers and do the usual PR process after I make the manual changes to UAT, so we don't run into collision problems when doing a UAT deploy)

• [x] Pull down the latest code

  git pull / git fetch 
  git checkout iss355__orca_upgrade_9_05
  git pull / git fetch 

• [x] Do your sandbox deploy (See UAT Changes described Below for easier to follow instructions)
  • [x] Follow the below manual AWS instructions for your sand box
  • [x] Run make all-init DOTENV=.env.sandbox make all-init
  • [x] Run make all-up-yes DOTENV=.env.sandbox make all-up-yes (or if just deploying only the Cumulus module: up-cumulus-yes)
• [x] Run a smoke test

  DOTENV=.env.sandbox make bash
  cumulus rules run --name PSScene3Band___1_SmokeTest 

If Smoke test works in your prod, please approve this pull request!

For UAT Deploy, there are a couple of extra steps I need to follow before we let github do the UAT deployment.

• [x] Complete the Release notes steps
  • [x] (Detailed Instruction: See Below what is done)

For a PROD Deploy, there are a couple of extra steps I need to follow before we let github do the PROD deployment.

• [x] Complete the Release notes steps
  • [x] (Detailed Instruction: See Below what was done for UAT)
• [x] Complete the Policy Fix on CBA DR PROD (that was already done on CBA DR UAT during the sandbox deploy)
  • [x] on the DR Archive bucket, Change policy: Remove line "s3:x-amz-acl": "bucket-owner-full-control"
  • [x] Also remove the comma on the line before it

See Ticket #355 for more details.

For Reference, Here is what I did to UAT

manual AWS instructions

-Remove the Lambdas that have "Application"=="ORCA"
    -Manually remove All Lambda functions with the tag "Application"=="ORCA" (19 total in sandbox 7894)
    https://us-west-2.console.aws.amazon.com/lambda/home?region=us-west-2#/functions?fo=and&k0=application&o0=%3D&v0=ORCA
    -Deleted 19 of them

-Remove Rule:               PREFIX-vpc-ingress-all-egress       // https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#SecurityGroup:groupId=sg-09a1b25077a9b8280        // sgr-01154ca5312ae2d26
    -sg-09a1b25077a9b8280
    -Inbound security group rules successfully modified on security group (sg-09a1b25077a9b8280 | cumulus-uat-vpc-ingress-all-egress)   // Details  // Revoke

-Remove the inbound rule ("sgr-01915d2b3ad2395dc PostgreSQL TCP Allows cumulus-kris-sbx7894 Orca lambda access.") that was attached to RDS cluster access ingress security group        // https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#SecurityGroup:groupId=sg-01f57f8b1758acb69
    -cumulus_rds_cluster_acess_ingress20230213165434378100000001
    -sgr-0ab8f9155dffc023f  PostgreSQL  TCP Allows cumulus-uat Orca lambda access.
    -Inbound security group rules successfully modified on security group (sg-01f57f8b1758acb69 | cumulus_rds_cluster_acess_ingress20230221232818225700000005)  // Details  //  Revoke

-Remove the Whole Group:    PREFIX-vpc-ingress-all-egress       // https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#SecurityGroup:group-id=sg-09a1b25077a9b8280 
    -cumulus-uat-vpc-ingress-all-egress         // sg-09a1b25077a9b8280 - cumulus-uat-vpc-ingress-all-egress
    https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#SecurityGroups:v=3;search=:cumulus-uat-vpc-ingress-all-egress
    Clicked the two network interfaces to remove them
    -Security group (sg-09a1b25077a9b8280 | cumulus-uat-vpc-ingress-all-egress) successfully deleted

-Remove the Target Group and then the HTTP listener from the load balancer
    -First Remove the target group (find it on the interface for the listener)  // https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#TargetGroup:targetGroupArn=arn:aws:elasticloadbalancing:us-west-2:201920261686:targetgroup/b6ab76cc-gql-a/095782963b6c57dd
    -Then remove the listener // https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#LoadBalancer:loadBalancerArn=arn:aws:elasticloadbalancing:us-west-2:201920261686:loadbalancer/app/cumulus-uat-gql-a/7f895496239367b0;tab=listeners

-Added the SSM Params to the UAT Server

[krisstanton]

Merging now, to trigger a UAT Deploy. Please do not approve the PROD Deploy, After I verify the UAT deploy works with a smoke test, then I have a set of steps that must be run against PROD before attempting a PROD deploy.

[krisstanton]

Ready to attempt a Prod Deploy now.