---
parameter-store-path-prefix: /dalmatian-variables/

account-bootstrap:
  variables:
    region: eu-west-2
    root_domain_zone: dalmatian.dxw.net
    dalmatian_read_users:
      - Joe
      - Ashley
    dalmatian_admin_users:
      - Harper
      - Pat

ci:
  variables:
    region: eu-west-2
    prci_github_owner: dxw
    prci_github_repository: dalmatian
    prci_codebuild_image: thedxw/testing-terraform-docker:latest
    bpsp_source_branch: master
    bpbp_codebuild_compute_type: BUILD_GENERAL1_SMALL
    bpbp_codebuild_image: thedxw/testing-terraform-docker:latest

infrastructure-defaults:
  variables:
    region: eu-west-2
    cidr: 10.0.0.0/16
    root_domain_zone: dalmatian.dxw.net
    internal_domain_zone: dalmatian.internal
    ecs_private_subnets:
      - availability_zone: "eu-west-2a"
        cidr: 10.0.128.0/24
      - availability_zone: "eu-west-2b"
        cidr: 10.0.129.0/24
      - availability_zone: "eu-west-2c"
        cidr: 10.0.130.0/24
    extra_public_subnets:
      - availability_zone: eu-west-2a
        cidr: 10.0.0.0/24
      - availability_zone: eu-west-2b
        cidr: 10.0.1.0/24
      - availability_zone: eu-west-2c
        cidr: 10.0.2.0/24
    instances_key_name: dalmatian-ecs-instances
    instance_type: t2.medium
    min_servers: 2
    max_servers: 4
    max_instance_lifetime: 86400
    associate_public_ip_address: 0
    docker_storage_size: 40
    dockerhub_email: ''
    dockerhub_token: ''
    enable_efs: "false"
    encrypt_efs: true
    efs_dirs: []
    monitoring_docs_path: https://github.com/dxw/dalmatian/docs/monitoring-alarms/

infrastructures:
  new-dedicated-cluster:
    dalmatian_config_source:
      - git@github.com:dxw/awesome-app-dalmatian-config
    account_id: 123456789012
    vpn_customer_gateway:
      - name: test-vpn
        bgp_asn: 65000
        ip_address: 1.2.3.4
    s3:
      - name: 'test'
        enable_s3_versioning: true
        encrypted: true
        acl: 'private'
        policy:
          staging:
            rw:
              services:
                - test-service
        service_cloudfront_read_access:
          - test-service-staging
        cloudfront:
          create: true
          domain_names:
            - example.com
            - example2.com
          certificate: 'arn:aws:acm:lb-region-0:000000000000:certificate/00000000-0000-0000-0000-000000000000'
    hosted_zones:
      - domain: "example-domain-name.com"
        ns_records:
          - name: delegated
            value:
              - ns1.aws.com
        a_records:
          - name: some-service
            value:
              - 1.2.3.4
          - name: mail
            value:
              - 5.6.7.8
        alias_records:
          - name: example-domain-name.com
            value: cf-distribution.aws.net
          - name: www
            value: cf-distribution.aws.net
        cname_records:
          - name: alb
            value:
              - aws-alb.aws.net
        mx_records:
          - name: mail
            value:
              - 0 mail.example-domain-name.com
        txt_records:
          - name: mail
            value:
              - "v=spf1 a ip4:9.10.11.0/24 mx ~all"
        srv_records:
          - name: "@"
            value:
              - "_imaps._tcp.gmail.com. 86400 IN SRV 5 0 993 imap.gmail.com"
    cluster:
      create: true
    rds:
      - identifier: testservice
        in_use_by:
          - test-service
        engine: 'postgres'
        instance_class:
          staging: 'db.t2.micro'
          production: 'db.t2.small'
        engine_version: '11.4'
        allocated_storage: 20
        storage_encrypted: true
        storage_type: 'gp3'
        db_name: 'testapp'
        port: 5432
        maintenance_window: 'mon:19:00-mon:19:30'
        backup_window: '09:00-10:00'
        backup_retention_period: 31
        force_ssl: true
        parameter_store_path_db_url_name: 'DATABASE_URL'
        sql_backup_scheduled_task_environment_variables:
          - name: "foo"
            value: "bar"
        check_sql_backup_scheduled_task_environment_variables:
          - name: "foo"
            value: "bar"
        codebuild_access:
          - service-name
    elasticache_cluster:
      - identifier: testredis
        in_use_by:
          - test-service
        engine: 'redis'
        node_type: 'cache.t2.micro'
        node_count: 1
        engine: 'redis'
        engine_version: '5.0.6'
        port: 6379
        maintenance_window: 'mon:19:00-mon:22:00'
        snapshot_window: '09:00-10:00'
        parameter_store_path_elasticache_cluster_url_name: 'REDIS_URL'
    opensearch_cluster:
      - identifier: testos
        in_use_by:
          - test-service
        version: '1.2'
        master_enabled: true
        master_count: '1'
        master_type: 'c6g.large.search'
        instance_count: '3'
        instance_type: 't3.small.search'
        warm_enabled: true
        warm_count: '2'
        warm_type: 'ultrawarm1.medium.search'
        volume_size: '20'
        parameter_store_path_opensearch_cluster_url_name: 'ELASTICSEARCH_URL'
    services:
      - name: test-service
        blue_green:
          production:
            enabled: true
            db_copy:
              from_db_host_ps_key: /test-app/other-test-service/production/DB_HOST
              from_db_name_ps_key: /test-app/other-test-service/production/DB_NAME
              from_db_user_ps_key: /test-app/other-test-service/production/DB_USER
              from_db_pass_ps_key: /test-app/other-test-service/production/DB_PASSWORD
              blue_green_db_name_ps_key: /test-app/test-service/production/DB_HOST
              blue_green_db_user_ps_key: /test-app/test-service/production/DB_USER
              blue_green_db_pass_ps_key: /test-app/test-service/production/DB_PASSWORD
              sql_backups_s3_bucket: new-dedicated-cluster-testservice-production-sql-backup
            db_rewrites:
              - from: other-test-service.example.com
                to: test-service.example.com
            directory_copy:
              - from: /mnt/efs/other-test-service-media
                to: /mnt/efs/test-service-media
                chown: "33:33"
            asset_copy_trigger_ps_key: /test-app/test-service/production/BLUE_GREEN_ASSET_COPY_TRIGGER
          staging:
            enabled: false
        launch_on:
          - production
          - staging
        launch_on_cluster: "test"
        monitoring:
          production:
            opsgenie_alerts:
              enabled: true
              cloudfront_5xx:
                enabled: true
                threshold: "95"
                evaluation_periods: "15"
          staging:
            opsgenie_alerts:
              enabled: false
            ghost_inspector:
              enabled: false
        parameter_store_path:
          staging: '/test-path'
        parameter_store_key:
          staging: 'arn:aws:kms:eu-west-2:000000000000:key/00000000-0000-0000-0000-000000000000'
        container_count: "2"
        enable_max_one_container_per_instance: true
        cloudfront:
          create: true
          managed_cache_policy: "CachingDisabled"
          managed_origin_policy: "AllViewerExceptHostHeader"
          managed_response_headers_policy: "CORS-with-preflight-and-SecurityHeadersPolicy"
          tls_protocol_version:
            production: 'TLSv1.2_2019'
            staging: 'TLSv1.2_2021'
          bypass_protection:
            production:
              enabled: true
              exclude_domains:
                - example.com
          origin_keepalive_timeout:
            staging: "10"
            production: "60"
          origin_read_timeout:
            staging: "40"
            production: "60"
          basic_auth:
            staging: true
          viewer_request_functions:
            - name: 'default'
              true_client_ip_header: true
              ip_subnet_allow_list:
                - '0.0.0.0/0'
              redirects:
                - from_hostname_pattern: example-old-domain-name.*
                  from_path_pattern: /*
                  to_hostname: example-domain-name.co.uk
                  to_path: /${path}
          offline_page_http_status:
            500: "/error-pages/500.html"
            501: "/error-pages/501.html"
            502: "/error-pages/502.html"
            503: "/error-pages/503.html"
            504: "/error-pages/504.html"
          custom_origins:
            staging:
              - origin: test-media-staging.s3.amazonaws.com
                id: test-media-staging-s3
            production:
              - origin: test-media-production.s3.amazonaws.com
                id: test-media-production-s3
          custom_behaviors:
            staging:
              - path_patterns:
                  - '/media/*'
                target_origin_id: test-media-staging-s3
                min_ttl: 1200
                default_ttl: 3600
                max_ttl: 86400
                associate_viewer_request_function: "default"
            production:
              - path_patterns:
                  - '/media/*'
                target_origin_id: test-media-production-s3
                min_ttl: 1200
                default_ttl: 3600
                max_ttl: 86400
                associate_viewer_request_function: "default"
                managed_cache_policy: "CachingDisabled"
                managed_origin_policy: "AllViewerExceptHostHeader"
                managed_response_headers_policy: "CORS-with-preflight-and-SecurityHeadersPolicy"
        lb_ip_whitelist:
          - name: public
            cidr: 0.0.0.0/0
        lb_idle_timeout: '60'
        global_accelerator:
          production: true
        health_check_path: '/check'
        health_check_grace_period: '0'
        serve_from_subdirectory: "/test-subdir"
        domain_names:
          staging:
            - example-domain-name.co.uk
        lb_ssl_certificate:
          staging: 'arn:aws:acm:lb-region-0:000000000000:certificate/00000000-0000-0000-0000-000000000000'
        cloudfront_ssl_certificate:
          staging: 'arn:aws:acm:us-east-1:000000000000:certificate/00000000-0000-0000-0000-000000000000'
        image_source: build_from_github_repo
        image_location: git@github.com:dxw/dalmatian-test-app
        custom_codestar_connection_arn: "arn:aws:codestar-connections:eu-west-2:000000000000:connection/00000000-0000-0000-0000-000000000000"
        buildspec: 'buildspec.yml'
        container_port: 3100
        container_command: ["/docker-entrypoint.sh", "rails", "server"]
        container_volumes:
          - name: test-volume
            host_path: /mnt/test
            container_path: /test
        container_extra_hosts:
          - hostname: "example.com"
            ipAddress: "127.0.0.1"
        scheduled_tasks:
          - name: old-scheduled-task
            command: ["rake", "do:cron"]
            schedule_expression: "cron(0 4 * * ? *)"
          - name: test-scheduled-task
            command: ["rake", "do:something"]
            schedule_expression:
              staging: "cron(0 12 * * ? *)"
              production: "cron(1 2 * * ? *)"
        workers:
          - name: test-worker
            command: ["bundle", "exec", sidekiq]
        proxy_configuration:
          staging:
            https_proxy: "dalmatian_tinyproxy"
            http_proxy: "http://my.test-proxy.com:8888"
            no_proxy:
              - "*.example.com"
              - "93.184.216.34/32"
        home_directory: "/home/user"
    shared_loadbalancer:
      - name: test-lb-1
        idle_timeout: '60'
        global_accelerator:
          production: true
          staging: false
        in_use_by:
          - test-service
    waf:
      - name: test-1
        action: "count"
        aws_managed_rules:
          - name: 'AWSManagedRulesSQLiRuleSet'
            excluded_path_patterns:
              - "/wp-admin/async-upload.php"
          - name: 'AWSManagedRulesCommonRuleSet'
            exclude_rules:
              - 'SizeRestrictions_BODY'
        associations:
          shared_loadbalancers:
            - "test-lb-1"
          service_cloudfront:
            - "test-service"
    environments:
      production:
        instance_type: t2.medium
        min_servers: 2
        max_servers: 4
      staging:
        instance_type: t2.small
        min_servers: 2
        max_servers: 4
        track_revision: feature/experiment
        extra_ecs_clusters:
          - name: "test"
            subnets_name: "extra_private_subnets"
            min_servers: "2"
            max_servers: "4"
            instance_type: "t3.small"
        tinyproxy:
          create: true

  shared-new-cluster:
    account_id: 123456789012
    cluster:
      create: true
    environments:
      production:
        instance_type: t2.medium
        min_servers: 2
        max_servers: 10
      staging:
        instance_type: t2.small
        min_servers: 2
        max_servers: 10

  existing-shared-cluster-staging:
    dalmatian_config_source:
      - git@github.com:dxw/funky-app-dalmatian-config
    account_id: 123456789012
    cluster:
      create: false
      name: shared-cluster
    environments:
      staging:
        example_var: foo

  existing-shared-cluster-production:
    dalmatian_config_source:
      - git@github.com:dxw/neat-app-dalmatian-config
    account_id: 123456789012
    cluster:
      create: false
      name: shared-cluster
    environments:
      production:
        example_var: bar
