DCES-538 create resources to enable deployment to staging environment.

[vvartakMoJ]

Copied missing files from the dev environment into staging and replaced "dev" with "staging" wherever applicable.

[sablumiah]

Terraform Plan Summary

<details "open">

Terraform Plan: 49 to be created, 0 to be destroyed, 1 to be updated, 0 to be replaced and 34 unchanged.

Resources to create:

+ aws_cognito_resource_server.resource
+ aws_cognito_user_pool.pool
+ aws_cognito_user_pool_client.client
+ aws_cognito_user_pool_domain.domain
+ aws_iam_access_key.admin_user_staging_key
+ aws_iam_access_key.advantis_upload_user_staging_key
+ aws_iam_access_key.dces_ca-admin_user_staging_key
+ aws_iam_user.admin_advantis_user_staging
+ aws_iam_user.advantis_upload_user_staging
+ aws_iam_user.dces_ca_admin_user_staging
+ aws_iam_user_policy.admin_policy
+ aws_iam_user_policy.dces-ca-admin_policy
+ aws_iam_user_policy.upload_policy
+ kubernetes_config_map.rds
+ kubernetes_secret.admin-advantis-user_staging
+ kubernetes_secret.advantis_upload_user_staging
+ kubernetes_secret.aws_cognito_user_pool_client
+ kubernetes_secret.dces_ca_admin_user_staging
+ kubernetes_secret.rds
+ kubernetes_secret.s3_advantis_bucket-secret
+ kubernetes_secret.s3_private_ca_bucket
+ module.irsa.kubernetes_service_account.generated_sa
+ module.irsa.module.iam_assumable_role.aws_iam_role.this[0]
+ module.irsa.module.iam_assumable_role.aws_iam_role_policy_attachment.this["s3"]
+ module.irsa.random_id.id
+ module.rds.aws_db_instance.rds
+ module.rds.aws_db_parameter_group.custom_parameters
+ module.rds.aws_db_subnet_group.db_subnet[0]
+ module.rds.aws_iam_policy.irsa
+ module.rds.aws_kms_alias.alias[0]
+ module.rds.aws_kms_key.kms[0]
+ module.rds.aws_security_group.rds-sg
+ module.rds.random_id.id
+ module.rds.random_password.password
+ module.rds.random_string.username
+ module.s3_advantis_bucket.aws_iam_policy.irsa
+ module.s3_advantis_bucket.aws_s3_bucket.bucket
+ module.s3_advantis_bucket.aws_s3_bucket_public_access_block.block_public_access[0]
+ module.s3_advantis_bucket.random_id.id
+ module.s3_private_ca_bucket.aws_iam_policy.irsa
+ module.s3_private_ca_bucket.aws_s3_bucket.bucket
+ module.s3_private_ca_bucket.aws_s3_bucket_public_access_block.block_public_access[0]
+ module.s3_private_ca_bucket.random_id.id
+ module.secrets_manager.aws_secretsmanager_secret.secret["dces-datasource"]
+ module.secrets_manager.aws_secretsmanager_secret.secret["dces-drc-integration-service-alert-webhook-staging"]
+ module.secrets_manager.kubernetes_manifest.external_secrets["dces-datasource"]
+ module.secrets_manager.kubernetes_manifest.external_secrets["dces-drc-integration-service-alert-webhook-staging"]
+ module.secrets_manager.random_id.secret_name["dces-datasource"]
+ module.secrets_manager.random_id.secret_name["dces-drc-integration-service-alert-webhook-staging"]

Resources to update:

! module.serviceaccount.kubernetes_role.github_actions_role

[sablumiah]

Terraform Plan Summary

<details "open">

Terraform Plan: 49 to be created, 0 to be destroyed, 1 to be updated, 0 to be replaced and 34 unchanged.

Resources to create:

+ aws_cognito_resource_server.resource
+ aws_cognito_user_pool.pool
+ aws_cognito_user_pool_client.client
+ aws_cognito_user_pool_domain.domain
+ aws_iam_access_key.admin_user_staging_key
+ aws_iam_access_key.advantis_upload_user_staging_key
+ aws_iam_access_key.dces_ca-admin_user_staging_key
+ aws_iam_user.admin_advantis_user_staging
+ aws_iam_user.advantis_upload_user_staging
+ aws_iam_user.dces_ca_admin_user_staging
+ aws_iam_user_policy.admin_policy
+ aws_iam_user_policy.dces-ca-admin_policy
+ aws_iam_user_policy.upload_policy
+ kubernetes_config_map.rds
+ kubernetes_secret.admin-advantis-user_staging
+ kubernetes_secret.advantis_upload_user_staging
+ kubernetes_secret.aws_cognito_user_pool_client
+ kubernetes_secret.dces_ca_admin_user_staging
+ kubernetes_secret.rds
+ kubernetes_secret.s3_advantis_bucket-secret
+ kubernetes_secret.s3_private_ca_bucket
+ module.irsa.kubernetes_service_account.generated_sa
+ module.irsa.module.iam_assumable_role.aws_iam_role.this[0]
+ module.irsa.module.iam_assumable_role.aws_iam_role_policy_attachment.this["s3"]
+ module.irsa.random_id.id
+ module.rds.aws_db_instance.rds
+ module.rds.aws_db_parameter_group.custom_parameters
+ module.rds.aws_db_subnet_group.db_subnet[0]
+ module.rds.aws_iam_policy.irsa
+ module.rds.aws_kms_alias.alias[0]
+ module.rds.aws_kms_key.kms[0]
+ module.rds.aws_security_group.rds-sg
+ module.rds.random_id.id
+ module.rds.random_password.password
+ module.rds.random_string.username
+ module.s3_advantis_bucket.aws_iam_policy.irsa
+ module.s3_advantis_bucket.aws_s3_bucket.bucket
+ module.s3_advantis_bucket.aws_s3_bucket_public_access_block.block_public_access[0]
+ module.s3_advantis_bucket.random_id.id
+ module.s3_private_ca_bucket.aws_iam_policy.irsa
+ module.s3_private_ca_bucket.aws_s3_bucket.bucket
+ module.s3_private_ca_bucket.aws_s3_bucket_public_access_block.block_public_access[0]
+ module.s3_private_ca_bucket.random_id.id
+ module.secrets_manager.aws_secretsmanager_secret.secret["dces-datasource"]
+ module.secrets_manager.aws_secretsmanager_secret.secret["dces-drc-integration-service-alert-webhook-staging"]
+ module.secrets_manager.kubernetes_manifest.external_secrets["dces-datasource"]
+ module.secrets_manager.kubernetes_manifest.external_secrets["dces-drc-integration-service-alert-webhook-staging"]
+ module.secrets_manager.random_id.secret_name["dces-datasource"]
+ module.secrets_manager.random_id.secret_name["dces-drc-integration-service-alert-webhook-staging"]

Resources to update:

! module.serviceaccount.kubernetes_role.github_actions_role

[cloud-platform-concourse-bot]

Your PR is applying in the build: https://concourse.cloud-platform.service.justice.gov.uk/teams/main/pipelines/environments-live/jobs/apply-namespace-changes-live/builds/8042