adding dataart dev 2025 env files

devops/backend/dataart-dev-2025/main.tf

@@ -0,0 +1,98 @@
+locals {
+  project_name        = var.project_name
+  environment         = var.environment
+  bucket_name         = "tf-backend-${local.project_name}-${local.environment}"
+  dynamodb_table_name = "tf-backend-lock-${local.project_name}-${local.environment}"
+  tags = {
+    project     = local.project_name
+    terraformed = "true"
+  }
+}
+resource "aws_s3_bucket" "default" {
+  bucket_prefix = local.bucket_name
+  lifecycle {
+    #    prevent_destroy = true
+  }
+  tags = merge(
+    local.tags,
+    {
+      "Description" = "Terraform State bucket"
+    }
+  )
+}
+
+resource "aws_s3_bucket_versioning" "default" {
+  bucket = aws_s3_bucket.default.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_bucket_ownership_controls" "default" {
+  bucket = aws_s3_bucket.default.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+
+resource "aws_s3_bucket_acl" "default" {
+  depends_on = [
+    aws_s3_bucket_ownership_controls.default,
+  ]
+  bucket = aws_s3_bucket.default.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "default" {
+  bucket = aws_s3_bucket.default.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
+resource "aws_dynamodb_table" "default" {
+  name         = local.dynamodb_table_name
+  hash_key     = "LockID"
+  billing_mode = "PAY_PER_REQUEST"
+  server_side_encryption {
+    enabled = false
+  }
+
+  point_in_time_recovery {
+    enabled = false
+  }
+
+  attribute {
+    name = "LockID"
+    type = "S"
+  }
+
+  tags = merge(
+    local.tags,
+    {
+      "Description" = "Terraform State Lock table"
+    }
+  )
+}
+
+output "Description" {
+  value = "Check bellow aws_account_* are equal!"
+}
+
+data "aws_caller_identity" "current" {}
+
+output "aws_account_current" {
+  description = "check into which AWS account you just have deployed a state bucket and a dynamodb table"
+  value       = data.aws_caller_identity.current.account_id
+}
+
+output "dynamodb_table" {
+  value = local.dynamodb_table_name
+}
+
+output "bucket" {
+  value = local.bucket_name
+}

devops/backend/dataart-dev-2025/provider.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.54.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "us-east-1"
+}

devops/backend/dataart-dev-2025/variables.tf

@@ -0,0 +1,10 @@
+# global
+variable "project_name" {
+  type        = string
+  description = "Project name. Will be used for as prefix for naming resources."
+}
+
+variable "environment" {
+  type        = string
+  description = "Name of the environment to be deployed to. Will be used as prefix for naming resources."
+}

devops/envs/dataart-dev-2025/bastion.tf

@@ -0,0 +1,52 @@
+# Latest Amazon Linux 2 AMI
+locals {
+  ec2_instance_type = var.low_cost_implementation ? "t3.nano" : "t3.small"
+  iam_ec2_role_name = module.roles.role_name["ec2"]
+}
+
+# EC2 bastion instance
+resource "aws_instance" "amazon_linux_2" {
+  ami                  = data.aws_ami.amazon_linux_2_latest.id
+  instance_type        = local.ec2_instance_type
+  availability_zone    = "${local.aws_region}a"
+  iam_instance_profile = module.roles.instance_profile_name["ec2"]
+  subnet_id            = module.vpc.public_subnets[0]
+  security_groups      = [module.sg.security_group_id["bastion"]]
+
+  root_block_device {
+    volume_size           = var.low_cost_implementation ? "8" : "20"
+    volume_type           = "gp3"
+    encrypted             = true
+    delete_on_termination = true
+  }
+
+  tags = merge(
+    {
+      Name = "${local.prefix}-bastion"
+    }
+  )
+
+  lifecycle {
+    ignore_changes = [
+      disable_api_termination,
+      ebs_optimized,
+      hibernation,
+      credit_specification,
+      security_groups,
+      network_interface,
+      ephemeral_block_device,
+      ami
+    ]
+  }
+
+  associate_public_ip_address = true
+}
+
+resource "aws_eip" "amazon_linux_2" {
+  domain = "vpc"
+}
+
+resource "aws_eip_association" "eip_assoc" {
+  instance_id   = aws_instance.amazon_linux_2.id
+  allocation_id = aws_eip.amazon_linux_2.id
+}

devops/envs/dataart-dev-2025/chatbot.tf

@@ -0,0 +1,32 @@
+resource "aws_chatbot_teams_channel_configuration" "notif_channel" {
+  count                 = var.chatbot_notifs_implementation ? 1 : 0
+  tenant_id             = jsondecode(data.aws_secretsmanager_secret_version.ms_teams_current[0].secret_string)["TENANT_ID"]
+  team_id               = jsondecode(data.aws_secretsmanager_secret_version.ms_teams_current[0].secret_string)["GROUP_ID"]
+  channel_id            = jsondecode(data.aws_secretsmanager_secret_version.ms_teams_current[0].secret_string)["CHANNEL_ID"]
+  channel_name          = "AWS ${var.environment} env StepFunction failures"
+  configuration_name    = "${local.prefix}-step-func-failure-teams-channel-notif"
+  iam_role_arn          = aws_iam_role.chatbot_role[0].arn
+  sns_topic_arns        = [resource.aws_sns_topic.step-func-fail[0].arn]
+  guardrail_policy_arns = ["arn:aws:iam::aws:policy/ReadOnlyAccess"]
+  logging_level         = "INFO"
+}
+
+resource "aws_iam_role" "chatbot_role" {
+  count = var.chatbot_notifs_implementation ? 1 : 0
+  name  = "${local.prefix}-alarm-chatbot-role"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "chatbot.amazonaws.com"
+      },
+      "Effect": "Allow"
+    }
+  ]
+}
+EOF
+}

devops/envs/dataart-dev-2025/cloudfront.tf

@@ -0,0 +1,13 @@
+module "cloudfront" {
+  source                = "git::https://github.com/finddx/seq-treat-tbkb-terraform-modules.git//cloudfront?ref=cf-v1.8"
+  https_certificate_arn = var.aws_region == "us-east-1" ? data.aws_acm_certificate.main-region.arn : data.aws_acm_certificate.us-east-1[0].arn
+  dns_name              = var.cf_domain
+  elb_dns_name          = module.alb.load_balancer_dns_name["lb"]
+  frontend_port         = 80
+  frontend_ssl_port     = 443
+  waf_web_acl_id        = var.low_cost_implementation || !var.waf ? null : module.waf[0].web_acl_arn
+  restrictions          = var.cf_restrictions
+  project_name          = var.project_name
+  module_name           = var.module_name
+  environment           = var.environment
+}

devops/envs/dataart-dev-2025/cloudwatch.tf

@@ -0,0 +1,38 @@
+locals {
+  service_name = local.prefix
+  cw_log_group = "/aws/ecs/${local.prefix}"
+}
+
+resource "aws_cloudwatch_log_group" "backend_fargate_task" {
+  name = "${local.cw_log_group}-backend"
+  tags = {
+    Name = "${local.service_name}-backend",
+  }
+}
+
+resource "aws_cloudwatch_log_group" "migration_fargate_task" {
+  name = "${local.cw_log_group}-backend-migrations"
+  tags = {
+    Name = "${local.service_name}-backend-migrations",
+  }
+}
+
+resource "aws_cloudwatch_log_group" "django-delegate" {
+  name = "/backend/delegate-activity"
+  tags = {
+    Name = "${local.service_name}-django-delegate",
+  }
+}
+
+resource "aws_cloudwatch_log_group" "django-admin" {
+  name = "/backend/admin-activity"
+  tags = {
+    Name = "${local.service_name}-django-admin",
+  }
+}
+resource "aws_cloudwatch_log_group" "django-server" {
+  name = "/backend/server"
+  tags = {
+    Name = "${local.service_name}-django-server",
+  }
+}

devops/envs/dataart-dev-2025/data.tf

@@ -0,0 +1,50 @@
+data "aws_caller_identity" "current" {}
+
+data "aws_ami" "amazon_linux_2_latest" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["al2023-ami-2023*"]
+  }
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+
+  owners = ["amazon"]
+}
+
+data "aws_secretsmanager_secret" "ms_teams" {
+  count = var.chatbot_notifs_implementation ? 1 : 0
+  name  = "ms-teams"
+}
+
+data "aws_secretsmanager_secret_version" "ms_teams_current" {
+  count     = var.chatbot_notifs_implementation ? 1 : 0
+  secret_id = data.aws_secretsmanager_secret.ms_teams[0].id
+}
+
+data "aws_acm_certificate" "main-region" {
+  domain = var.cf_domain
+}
+
+data "aws_acm_certificate" "us-east-1" {
+  count    = var.aws_region != "us-east-1" ? 1 : 0
+  domain   = var.cf_domain
+  provider = aws.useast1
+}
+
+data "aws_ec2_managed_prefix_list" "s3_prefix_link" {
+  name = "com.amazonaws.${var.aws_region}.s3"
+}

devops/envs/dataart-dev-2025/ecr.tf

@@ -0,0 +1,32 @@
+locals {
+  ecr_app_repo_names = [
+    "backend",
+    "genomicsworkflow-agat",
+    "genomicsworkflow-bcftools",
+    "genomicsworkflow-bedtools",
+    "genomicsworkflow-biopython",
+    "genomicsworkflow-bwa",
+    "genomicsworkflow-delly",
+    "genomicsworkflow-fastqc",
+    "genomicsworkflow-fasttree",
+    "genomicsworkflow-freebayes",
+    "genomicsworkflow-gatk",
+    "genomicsworkflow-hail",
+    "genomicsworkflow-iqtree",
+    "genomicsworkflow-kraken",
+    "genomicsworkflow-mosdepth",
+    "genomicsworkflow-perl",
+    "genomicsworkflow-raxml",
+    "genomicsworkflow-samtools",
+    "genomicsworkflow-snpeff",
+    "genomicsworkflow-spades",
+    "genomicsworkflow-sra-tools",
+    "clamav"
+  ]
+}
+
+module "ecr" {
+  source             = "git::https://github.com/finddx/seq-treat-tbkb-terraform-modules.git//ecr?ref=ecr-v1.2"
+  ecr_app_repo_names = local.ecr_app_repo_names
+  project_name       = var.project_name
+}