Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deploy to prod #357

Merged
merged 72 commits into from
Oct 27, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
72 commits
Select commit Hold shift + click to select a range
00d39d0
feat: add event trigger for when pre-releases or releases are published
angela-tran Sep 26, 2023
ade17c6
refactor: make pre-releases/releases use the correct deploy environment
angela-tran Sep 26, 2023
d613425
refactor: move concurrency config to workflow level instead of job level
angela-tran Sep 26, 2023
c93ac27
feat: make git hash available in static file
angela-tran Sep 28, 2023
f4dcaca
Feat: make git hash available in static file (#335)
angela-tran Sep 28, 2023
340f2b2
feat: pipdeptree to a static file
angela-tran Sep 28, 2023
c3c010c
fix: add step to create static directory needed for various static files
angela-tran Sep 29, 2023
02063e8
Feat: pipdeptree (#336)
angela-tran Sep 29, 2023
9218a01
feat: run tests before deploying if triggered by pre-release/release
angela-tran Sep 27, 2023
07a2e2e
refactor: remove unneeded conditions from test if expression
angela-tran Sep 29, 2023
1ec8099
refactor: extract out deploy-environment name as environment variable
angela-tran Sep 29, 2023
f36ca19
feat: create Docker tag with deployment environment name
angela-tran Sep 29, 2023
659c5c8
refactor: remove unneeded and redundant usage of always()
angela-tran Sep 29, 2023
0586d73
chore: add comment explaining 'deploy' job condition
angela-tran Sep 29, 2023
874473a
feat(frontdoor): allow access to static files dir
thekaveman Sep 29, 2023
b910707
Feat: deploy for pre-release or release (#329)
angela-tran Oct 2, 2023
e1b4e08
fix: 'env' context is not available in the places we need it
angela-tran Oct 2, 2023
382cc09
Feat: allow access to static files dir (#338)
thekaveman Oct 2, 2023
ba9af5a
Fix: inline expression for deployment environment (#339)
angela-tran Oct 2, 2023
f530f36
fix: custom rule names can only consist of letters and numbers
angela-tran Oct 3, 2023
9e32f19
Fix: custom rule name (#341)
angela-tran Oct 3, 2023
f9ecd71
refactor: move pipeline stages out into template
angela-tran Oct 3, 2023
26b95e5
refactor: extract out agency-specific name
angela-tran Oct 3, 2023
393953a
chore: format template code
angela-tran Oct 3, 2023
01b2936
refactor: variables don't work in templates, try pipeline
angela-tran Oct 3, 2023
100697e
chore: fix syntax for using variable in expression
angela-tran Oct 3, 2023
bc2379a
chore: prevent this noise from appearing in terraform plan
angela-tran Oct 3, 2023
2ea9a89
refactor: variablize Terraform state resources
angela-tran Oct 3, 2023
ee93b21
refactor: extract out subscription name from init script
angela-tran Oct 3, 2023
3803ffa
fix: move agency-specific backend configuration to command options
angela-tran Oct 5, 2023
8af3d32
feat(terraform): create agency-specific backend config for local dev
angela-tran Oct 5, 2023
e5545dd
refactor(terraform): create workspace if it doesn't exist
angela-tran Oct 5, 2023
3bbc6a7
refactor(terraform): remove unneeded variables
angela-tran Oct 5, 2023
3ad714e
refactor(terraform): rename local backend config file
angela-tran Oct 5, 2023
f94534b
refactor: move agency-specific pipeline into folder, simplify params
angela-tran Oct 5, 2023
626eb25
Refactor: pipeline template with runtime parameters (#343)
angela-tran Oct 5, 2023
8ad2323
chore(pre-commit): autoupdate hooks
pre-commit-ci[bot] Oct 9, 2023
885ddd5
chore(pre-commit): autoupdate hooks (#344)
angela-tran Oct 10, 2023
0a7caab
chore: run terraform fmt
angela-tran Oct 10, 2023
220bb39
chore(terraform): update comment documenting where terraform version is
angela-tran Oct 10, 2023
dbbd0d7
Chore: Terraform code cleanup (#345)
angela-tran Oct 10, 2023
bb61628
feat(terraform): pass variables to Terraform from pipeline
angela-tran Oct 10, 2023
9a3a267
feat(terraform): add usage of variable template to TerraformApply stage
angela-tran Oct 10, 2023
0728b4a
refactor(pipeline): move agency-specific pipeline values into file
angela-tran Oct 10, 2023
1097508
refactor: rename local env file to be clearer
angela-tran Oct 10, 2023
d6d9407
refactor: rename file that provides Azure vars
angela-tran Oct 10, 2023
3e58216
chore: remove outdated comments, add comment clarifying weird path
angela-tran Oct 10, 2023
af9b5ab
feat: use AGENCY_CARD variable
angela-tran Oct 10, 2023
086aa95
refactor(infra): use AGENCY_CARD variable for environment app service
angela-tran Oct 10, 2023
b33cc73
refactor(terraform): extract storage account name prefix as variable
angela-tran Oct 10, 2023
c09ddea
refactor(terraform): make ETL-related names more generic
angela-tran Oct 10, 2023
dbe9111
chore: reorder variables to be more organized
angela-tran Oct 10, 2023
50fbd28
chore: make description for ETL app object ID variable more generic
angela-tran Oct 10, 2023
e1ae46e
refactor(terraform): extract separate variable for resource group name
angela-tran Oct 10, 2023
c22124e
chore: make naming more consistent
angela-tran Oct 11, 2023
05a7f35
Feat: agency-specific Terraform variables (#346)
angela-tran Oct 11, 2023
7f81779
feat: add files for local development of SBMTD Terraform
angela-tran Oct 12, 2023
93bf003
feat: add SBMTD-specific pipeline definition and variables
angela-tran Oct 12, 2023
9514c56
docs(infra): update access restrictions to mention /static path
angela-tran Oct 12, 2023
b165ec6
docs(infra): update docs on init script taking agency param
angela-tran Oct 12, 2023
f871893
docs(infra): update docs that mention environment resource groups
angela-tran Oct 12, 2023
4a35baf
docs(infra): update reference to Terraform version location
angela-tran Oct 12, 2023
8c713d2
docs(infra): add details on steps to be done manually
angela-tran Oct 12, 2023
7f547e2
docs(infra): move terraform README into docs file structure
angela-tran Oct 12, 2023
2eacbad
chore(pre-commit): autoupdate hooks
pre-commit-ci[bot] Oct 23, 2023
eb82b9b
docs: add steps about requesting parallelism grant
angela-tran Oct 23, 2023
a488cc6
Docs: infrastructure (#350)
angela-tran Oct 23, 2023
1fd6140
chore(pre-commit): autoupdate hooks (#351)
thekaveman Oct 23, 2023
81976d1
Feat: SBMTD infra pipeline (#349)
angela-tran Oct 25, 2023
2ecb49c
fix: use agency card as prefix for key vault name
angela-tran Oct 25, 2023
3f49b0f
Fix: use agency card as prefix for key vault name (#354)
angela-tran Oct 25, 2023
b213928
Deploy to test (#355)
angela-tran Oct 26, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 39 additions & 2 deletions .github/workflows/docker-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,21 +7,57 @@ on:
- dev
- test
- prod
release:
types:
- published

defaults:
run:
shell: bash

concurrency:
# this expression gives us the name of the deployment environment. It works like a ternary operation (see https://github.com/actions/runner/issues/409#issuecomment-727565588)
group: ${{ github.event_name != 'release' && github.ref_name || github.event.release.prerelease && 'test' || 'prod' }}
cancel-in-progress: true

jobs:
test:
uses: ./.github/workflows/run-tests.yml
if: github.event_name == 'release'

deploy:
needs: test
# !cancelled() is needed because if the whole workflow was cancelled, we don't want this job to run.
# (github.event_name != 'release' || needs.test.result == 'success') is needed because if `test` did run, we only want this to run if `test` succeeded.
if: (!cancelled() && (github.event_name != 'release' || needs.test.result == 'success'))
runs-on: ubuntu-latest
environment: ${{ github.ref_name }}
concurrency: ${{ github.ref_name }}
environment: ${{ github.event_name != 'release' && github.ref_name || github.event.release.prerelease && 'test' || 'prod' }}

steps:
- name: Checkout
uses: actions/checkout@v4

- uses: actions/setup-python@v4
with:
python-version-file: .github/workflows/.python-version
cache: pip
cache-dependency-path: "**/pyproject.toml"

- name: Create /static directory
run: mkdir -p eligibility_server/static

- name: Write python packages to file
run: |
python -m venv .venv
source .venv/bin/activate
pip install pipdeptree
pip install -e .
pipdeptree
pipdeptree >> eligibility_server/static/requirements.txt

- name: Write commit SHA to file
run: echo "${{ github.sha }}" >> eligibility_server/static/sha.txt

- name: Docker Login to GitHub Container Registry
uses: docker/login-action@v3
with:
Expand All @@ -44,5 +80,6 @@ jobs:
file: Dockerfile
push: true
tags: |
ghcr.io/${{ github.repository }}:${{ github.event_name != 'release' && github.ref_name || github.event.release.prerelease && 'test' || 'prod' }}
ghcr.io/${{ github.repository }}:${{ github.ref_name }}
ghcr.io/${{ github.repository }}:${{ github.sha }}
1 change: 1 addition & 0 deletions .github/workflows/run-tests.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
name: Run pytests

on:
workflow_call:
pull_request:
branches: ["*"]

Expand Down
4 changes: 2 additions & 2 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ repos:
stages: [commit-msg]

- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
rev: v4.5.0
hooks:
- id: trailing-whitespace
args: [--markdown-linebreak-ext=md]
Expand All @@ -33,7 +33,7 @@ repos:
- id: check-added-large-files

- repo: https://github.com/psf/black
rev: 23.9.1
rev: 23.10.0
hooks:
- id: black
types:
Expand Down
2 changes: 2 additions & 0 deletions docs/deployment/.pages
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
nav:
- infrastructure.md
138 changes: 138 additions & 0 deletions docs/deployment/infrastructure.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
# Infrastructure

The infrastructure is configured as code via [Terraform](https://www.terraform.io/), for [various reasons](https://techcommunity.microsoft.com/t5/fasttrack-for-azure/the-benefits-of-infrastructure-as-code/ba-p/2069350).

## Architecture

## Resources outside of Terraform

The following things in Azure are managed outside of Terraform:

- Subcriptions
- Active Directory (users, groups, service principals, etc.)
- Service connections
- Configuration files, stored as blobs

## Environments

| Environment | Azure Resource Group | Terraform Workspace | Git Branch |
| ----------- | --------------------------------- | ------------------- | ---------- |
| Dev | `$(AGENCY_RESOURCE_GROUP_PREFIX)-eligibility-dev` | `dev` | `dev` |
| Test | `$(AGENCY_RESOURCE_GROUP_PREFIX)-eligibility-test` | `test` | `test` |
| Prod | `$(AGENCY_RESOURCE_GROUP_PREFIX)-eligibility-prod` | `default` | `prod` |

All resources in these Resource Groups should be reflected in Terraform in this repository. The exceptions are:

- Secrets, such as values under [Key Vault](https://azure.microsoft.com/en-us/services/key-vault/). [`prevent_destroy`](https://developer.hashicorp.com/terraform/tutorials/state/resource-lifecycle#prevent-resource-deletion) is used on these Resources.
- Things managed outside of [Terraform](#resources-outside-of-terraform)

For browsing the [Azure portal](https://portal.azure.com), you can [switch your `Default subscription filter`](https://docs.microsoft.com/en-us/azure/azure-portal/set-preferences).

## Access restrictions

We restrict which IP addresses that can access the app service by using a Web Application Firewall (WAF) configured on a Front Door. There is an exception for the `/healthcheck` and `/static` paths, which can be accessed by any IP address.

The app service itself gives access only to our Front Door and to Azure availability tests.

## Monitoring

We have [ping tests](https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability) set up to notify about availability of each environment. Alerts go to [#benefits-notify](https://cal-itp.slack.com/archives/C022HHSEE3F).

## Logs

Logs can be found a couple of places:

### Azure App Service Logs

[Open the `Logs` for the environment you are interested in.](https://docs.google.com/document/d/11EPDIROBvg7cRtU2V42c6VBxcW_o8HhcyORALNtL_XY/edit#heading=h.6pxjhslhxwvj) The following tables are likely of interest:

- `AppServiceConsoleLogs`: `stdout` and `stderr` coming from the container
- `AppServiceHTTPLogs`: requests coming through App Service
- `AppServicePlatformLogs`: deployment information

For some pre-defined queries, click `Queries`, then `Group by: Query type`, and look under `Query pack queries`.

### [Azure Monitor Logs](https://docs.microsoft.com/en-us/azure/azure-monitor/logs/data-platform-logs)

[Open the `Logs` for the environment you are interested in.](https://docs.google.com/document/d/11EPDIROBvg7cRtU2V42c6VBxcW_o8HhcyORALNtL_XY/edit#heading=h.n0oq4r1jo7zs)

The following [tables](https://docs.microsoft.com/en-us/azure/azure-monitor/app/opencensus-python#telemetry-type-mappings) are likely of interest:

- `requests`
- `traces`

In the latter two, you should see recent log output. Note [there is some latency](https://docs.microsoft.com/en-us/azure/azure-monitor/logs/data-ingestion-time).

See [`Failures`](https://docs.microsoft.com/en-us/azure/azure-monitor/app/asp-net-exceptions#diagnose-failures-using-the-azure-portal) in the sidebar (or `exceptions` under `Logs`) for application errors/exceptions.

### Live tail

After [setting up the Azure CLI](#making-changes), you can use the following command to [stream live logs](https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs#in-local-terminal):

```sh
az webapp log tail --resource-group <resource group name> --name <app service name> 2>&1 | grep -v /healthcheck
```

e.g.

```bash
az webapp log tail --resource-group courtesy-cards-eligibility-prod --name mst-courtesy-cards-eligibility-server-prod 2>&1 | grep -v /healthcheck
```

### SCM

Docker logs can be viewed in the Advanced Tools for the instance. The URL pattern is `https://<app service name>.scm.azurewebsites.net/api/logs/docker`

## Making changes

Terraform is [`plan`](https://www.terraform.io/cli/commands/plan)'d when code is pushed to any branch on GitHub, then [`apply`](https://www.terraform.io/cli/commands/apply)'d when merged to `dev`. While other automation for this project is done through GitHub Actions, we use an Azure Pipeline (above) for a couple of reasons:

- Easier authentication with the Azure API using a service connnection
- Log output is hidden, avoiding accidentally leaking secrets

### Local development

1. Get access to the Azure account.
1. Install dependencies:

- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
- [Terraform](https://www.terraform.io/downloads) - see exact version in [`pipeline/deploy.yml`](pipeline/deploy.yml)

1. [Authenticate using the Azure CLI](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/azure_cli).

```sh
az login
```

1. Outside the [dev container](https://docs.calitp.org/eligibility-server/getting-started/), navigate to the `terraform/` directory.
1. Create a [`terraform.tfvars` file](https://developer.hashicorp.com/terraform/language/values/variables#variable-definitions-tfvars-files) and specify the [variables](variables.tf).
1. [Initialize Terraform.](https://www.terraform.io/cli/commands/init) You can also use this script later to switch between [environments](#environments).

```sh
./init.sh <env> <agency>
```

1. Make changes to Terraform files.
1. Preview the changes, as necessary.

```sh
terraform plan
```

1. Submit the changes via pull request.

## Azure environment setup

The steps we took to set up MST's environment are documented in [a separate Google Doc](https://docs.google.com/document/d/12uzuKyvyabHAOaeQc6k2jQIG5pQprdEyBpfST_dY2ME/edit#heading=h.1vs880ltbo58).

In general, the steps that must be done manually before the pipeline can be run are:

- Create an Azure DevOps organization and project
- Request a free grant of parallel jobs using the form at [https://aka.ms/azpipelines-parallelism-request](https://aka.ms/azpipelines-parallelism-request)
- Create Resource Group and storage account dedicated to the Terraform state
- Create container in storage account for Terraform state
- Create environment Resource Group for each environment, Region: West US
- We create these manually to avoid having to give the pipeline service connection permissions for creating resource groups
- Create Terraform workspace for each environment
- Trigger a pipeline run to verify `plan` and `apply`
- Known chicken-and-egg problem: Terraform both creates the Key Vault and expects a secret within it, so will always fail on the first deploy. Add the Benefits slack email secret and re-run the pipeline.
123 changes: 1 addition & 122 deletions terraform/README.md
Original file line number Diff line number Diff line change
@@ -1,124 +1,3 @@
# Infrastructure

The infrastructure is configured as code via [Terraform](https://www.terraform.io/), for [various reasons](https://techcommunity.microsoft.com/t5/fasttrack-for-azure/the-benefits-of-infrastructure-as-code/ba-p/2069350).

## Architecture

## Resources outside of Terraform

The following things in Azure are managed outside of Terraform:

- Subcriptions
- Active Directory (users, groups, service principals, etc.)
- Service connections
- Configuration files, stored as blobs

## Environments

| Environment | Azure Resource Group | Terraform Workspace | Git Branch |
| ----------- | --------------------------------- | ------------------- | ---------- |
| Dev | `courtesy-cards-eligibility-dev` | `dev` | `dev` |
| Test | `courtesy-cards-eligibility-test` | `test` | `test` |
| Prod | `courtesy-cards-eligibility-prod` | `default` | `prod` |

All resources in these Resource Groups should be reflected in Terraform in this repository. The exceptions are:

- Secrets, such as values under [Key Vault](https://azure.microsoft.com/en-us/services/key-vault/). [`prevent_destroy`](https://developer.hashicorp.com/terraform/tutorials/state/resource-lifecycle#prevent-resource-deletion) is used on these Resources.
- Things managed outside of [Terraform](#resources-outside-of-terraform)

For browsing the [Azure portal](https://portal.azure.com), you can [switch your `Default subscription filter`](https://docs.microsoft.com/en-us/azure/azure-portal/set-preferences).

## Access restrictions

We restrict which IP addresses that can access the app service by using a Web Application Firewall (WAF) configured on a Front Door. There is an exception for the `/healthcheck` path, which can be accessed by any IP address.

The app service itself gives access only to our Front Door and to Azure availability tests.

## Monitoring

We have [ping tests](https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability) set up to notify about availability of each environment. Alerts go to [#benefits-notify](https://cal-itp.slack.com/archives/C022HHSEE3F).

## Logs

Logs can be found a couple of places:

### Azure App Service Logs

[Open the `Logs` for the environment you are interested in.](https://docs.google.com/document/d/11EPDIROBvg7cRtU2V42c6VBxcW_o8HhcyORALNtL_XY/edit#heading=h.6pxjhslhxwvj) The following tables are likely of interest:

- `AppServiceConsoleLogs`: `stdout` and `stderr` coming from the container
- `AppServiceHTTPLogs`: requests coming through App Service
- `AppServicePlatformLogs`: deployment information

For some pre-defined queries, click `Queries`, then `Group by: Query type`, and look under `Query pack queries`.

### [Azure Monitor Logs](https://docs.microsoft.com/en-us/azure/azure-monitor/logs/data-platform-logs)

[Open the `Logs` for the environment you are interested in.](https://docs.google.com/document/d/11EPDIROBvg7cRtU2V42c6VBxcW_o8HhcyORALNtL_XY/edit#heading=h.n0oq4r1jo7zs)

The following [tables](https://docs.microsoft.com/en-us/azure/azure-monitor/app/opencensus-python#telemetry-type-mappings) are likely of interest:

- `requests`
- `traces`

In the latter two, you should see recent log output. Note [there is some latency](https://docs.microsoft.com/en-us/azure/azure-monitor/logs/data-ingestion-time).

See [`Failures`](https://docs.microsoft.com/en-us/azure/azure-monitor/app/asp-net-exceptions#diagnose-failures-using-the-azure-portal) in the sidebar (or `exceptions` under `Logs`) for application errors/exceptions.

### Live tail

After [setting up the Azure CLI](#making-changes), you can use the following command to [stream live logs](https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs#in-local-terminal):

```sh
az webapp log tail --resource-group courtesy-cards-eligibility-prod --name mst-courtesy-cards-eligibility-server-prod 2>&1 | grep -v /healthcheck
```

### SCM

[Docker logs](https://mst-courtesy-cards-eligibility-server-dev.scm.azurewebsites.net/api/logs/docker)

## Making changes

[![Build Status](https://dev.azure.com/mstransit/courtesy-cards/_apis/build/status/cal-itp.eligibility-server?branchName=dev)](https://dev.azure.com/mstransit/courtesy-cards/_build/latest?definitionId=1&branchName=dev)

Terraform is [`plan`](https://www.terraform.io/cli/commands/plan)'d when code is pushed to any branch on GitHub, then [`apply`](https://www.terraform.io/cli/commands/apply)'d when merged to `dev`. While other automation for this project is done through GitHub Actions, we use an Azure Pipeline (above) for a couple of reasons:

- Easier authentication with the Azure API using a service connnection
- Log output is hidden, avoiding accidentally leaking secrets

### Local development

1. Get access to the Azure account.
1. Install dependencies:

- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
- [Terraform](https://www.terraform.io/downloads) - see exact version in [`pipeline/azure-pipelines.yml`](pipeline/azure-pipelines.yml)

1. [Authenticate using the Azure CLI](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/azure_cli).

```sh
az login
```

1. Outside the [dev container](https://docs.calitp.org/eligibility-server/getting-started/), navigate to the `terraform/` directory.
1. Create a [`terraform.tfvars` file](https://developer.hashicorp.com/terraform/language/values/variables#variable-definitions-tfvars-files) and specify the [variables](variables.tf).
1. [Initialize Terraform.](https://www.terraform.io/cli/commands/init) You can also use this script later to switch between [environments](#environments).

```sh
./init.sh <env>
```

1. Make changes to Terraform files.
1. Preview the changes, as necessary.

```sh
terraform plan
```

1. Submit the changes via pull request.

## Azure environment setup

The steps we took to set up MST's environment are documented in [a separate Google Doc](https://docs.google.com/document/d/12uzuKyvyabHAOaeQc6k2jQIG5pQprdEyBpfST_dY2ME/edit#heading=h.1vs880ltbo58).

This is not a complete step-by-step guide; more a list of things to remember. This may be useful as part of incident response.
[Documentation](https://docs.calitp.org/eligibility-server/deployment/infrastructure/)
2 changes: 1 addition & 1 deletion terraform/app_service.tf
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ locals {

resource "azurerm_linux_web_app" "main" {
# name needs to be globally unique and is more specific because it's used in the app URL
name = "mst-courtesy-cards-eligibility-server-${local.env_name}"
name = "${var.AGENCY_CARD}-eligibility-server-${local.env_name}"
location = data.azurerm_resource_group.main.location
resource_group_name = data.azurerm_resource_group.main.name
service_plan_id = azurerm_service_plan.main.id
Expand Down
2 changes: 1 addition & 1 deletion terraform/environment.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,5 @@ locals {
}

data "azurerm_resource_group" "main" {
name = "courtesy-cards-eligibility-${local.env_name}"
name = "${var.AGENCY_RESOURCE_GROUP_PREFIX}-eligibility-${local.env_name}"
}
Loading
Loading