From 0b54d7d18965d39da2e4a0ac26457572c2e65d9f Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Mon, 16 Oct 2023 12:35:39 +0100
Subject: [PATCH] Added Statuscake TLS Monitor
* This will allow us to get Slack alerts as the day of expiry approaches
---
terraform/.terraform.lock.hcl | 23 +++++++++++++++++++++++
terraform/README.md | 4 ++++
terraform/locals.tf | 4 ++++
terraform/statuscake-tls-monitor.tf | 12 ++++++++++++
terraform/variables.tf | 18 ++++++++++++++++++
5 files changed, 61 insertions(+)
create mode 100644 terraform/statuscake-tls-monitor.tf
diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index 0e1ada0ad..5a17d79fb 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -78,3 +78,26 @@ provider "registry.terraform.io/hashicorp/null" {
"zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694",
]
}
+
+provider "registry.terraform.io/statuscakedev/statuscake" {
+ version = "2.2.1"
+ constraints = ">= 2.1.0"
+ hashes = [
+ "h1:v9Zsszr6aXmjl0Zf6XfN+qOlIo+fJJL7iV1YLXuF/78=",
+ "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7",
+ "zh:443c840fd4ea0c7e8a45197c4823e7b122f087c7fac4f6ea96e9df1c499b9a39",
+ "zh:5c4a0f20dc321d45ba24207db0d21509a99a0531e150d989bf81c77ff3492ad1",
+ "zh:631e1bcab1703d6b722aeed3b709815575655b6bd28fca6ed48af64ee9205949",
+ "zh:6670e7dd4ac0a7e1ebb7370ad18d4a6d26a991602a138ba536538aa3b8a1cbc7",
+ "zh:6fa0b4200f08e088e382221095b75614e2a710e0185d28282a467a64fea84e3e",
+ "zh:8acff0f15c098f94643f0ecf7d3302f266869a53d97f7f647c8429d2b94f7ec1",
+ "zh:9007669557420a006ccbe7d03b1fb447a7a2770bde0db15909e0df63a89b936d",
+ "zh:93f0a45edbd4b851edca0ab49329a1de69261c26ac981c2aec985045bd60cf46",
+ "zh:99084f140c2be88b2554853fb5382f753e6809dadaa97b289f7cc92259c0d4d9",
+ "zh:d046b0d8b9fc512b3b483731f17edd8ee221f1dcaec649a8b8dcdde5400a90c4",
+ "zh:d0c966677d7a073d21605b351f2b3a83174901bcb6f25d4b4eb5b7822dac2d05",
+ "zh:dbd5ebfa764c0b58e764721704524c4f7028e70c8cb0b22efe494d588bf65cc0",
+ "zh:e492bdc2ddd32fe73532566affd6a9a22c0b75c042583d5450881f6c523441f8",
+ "zh:ee8f95766dbc1e1d2c41c6c837582af16b3e7ed5698c23471f1376011c7fa1a7",
+ ]
+}
diff --git a/terraform/README.md b/terraform/README.md
index 3783e98ef..2b3c3c73d 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -141,6 +141,7 @@ If everything looks good, answer `yes` and wait for the new infrastructure to be
|------|--------|---------|
| [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.1.0 |
| [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.2.1 |
+| [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.1 |
## Resources
@@ -201,6 +202,9 @@ If everything looks good, answer `yes` and wait for the new infrastructure to be
| [project\_name](#input\_project\_name) | Project name. Will be used along with `environment` as a prefix for all resources. | `string` | n/a | yes |
| [redis\_cache\_capacity](#input\_redis\_cache\_capacity) | Redis Cache Capacity | `number` | n/a | yes |
| [redis\_cache\_sku](#input\_redis\_cache\_sku) | Redis Cache SKU | `string` | n/a | yes |
+| [statuscake\_api\_token](#input\_statuscake\_api\_token) | API token for StatusCake | `string` | n/a | yes |
+| [statuscake\_contact\_group\_integrations](#input\_statuscake\_contact\_group\_integrations) | List of Integration IDs to connect to your Contact Group | `list(string)` | `[]` | no |
+| [statuscake\_contact\_group\_name](#input\_statuscake\_contact\_group\_name) | Name of the contact group in StatusCake | `string` | `""` | no |
| [tags](#input\_tags) | Tags to be applied to all resources | `map(string)` | n/a | yes |
| [tfvars\_filename](#input\_tfvars\_filename) | tfvars filename. This file is uploaded and stored encrypted within Key Vault, to ensure that the latest tfvars are stored in a shared place. | `string` | n/a | yes |
| [virtual\_network\_address\_space](#input\_virtual\_network\_address\_space) | Virtual network address space CIDR | `string` | n/a | yes |
diff --git a/terraform/locals.tf b/terraform/locals.tf
index 4974067ff..ead5d3932 100644
--- a/terraform/locals.tf
+++ b/terraform/locals.tf
@@ -49,4 +49,8 @@ locals {
key_vault_access_users = var.key_vault_access_users
key_vault_access_ipv4 = var.key_vault_access_ipv4
tfvars_filename = var.tfvars_filename
+ statuscake_api_token = var.statuscake_api_token
+ statuscake_monitored_resource_address = "https://${local.dns_zone_domain_name}${local.monitor_endpoint_healthcheck}"
+ statuscake_contact_group_name = var.statuscake_contact_group_name
+ statuscake_contact_group_integrations = var.statuscake_contact_group_integrations
}
diff --git a/terraform/statuscake-tls-monitor.tf b/terraform/statuscake-tls-monitor.tf
new file mode 100644
index 000000000..955195128
--- /dev/null
+++ b/terraform/statuscake-tls-monitor.tf
@@ -0,0 +1,12 @@
+module "statuscake-tls-monitor" {
+ source = "github.com/dfe-digital/terraform-statuscake-tls-monitor?ref=v0.1.1"
+
+ statuscake_api_token = local.statuscake_api_token
+ statuscake_monitored_resource_address = local.statuscake_monitored_resource_address
+ statuscake_alert_at = [ # days to alert on
+ 14, 7, 3
+ ]
+ statuscake_contact_group_name = local.statuscake_contact_group_name
+ statuscake_contact_group_integrations = local.statuscake_contact_group_integrations
+ statuscake_contact_group_email_addresses = local.monitor_email_receivers
+}
diff --git a/terraform/variables.tf b/terraform/variables.tf
index a777182c4..e694bb6ae 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -277,3 +277,21 @@ variable "tfvars_filename" {
description = "tfvars filename. This file is uploaded and stored encrypted within Key Vault, to ensure that the latest tfvars are stored in a shared place."
type = string
}
+
+variable "statuscake_api_token" {
+ description = "API token for StatusCake"
+ type = string
+ sensitive = true
+}
+
+variable "statuscake_contact_group_name" {
+ description = "Name of the contact group in StatusCake"
+ type = string
+ default = ""
+}
+
+variable "statuscake_contact_group_integrations" {
+ description = "List of Integration IDs to connect to your Contact Group"
+ type = list(string)
+ default = []
+}