diff --git a/spire/templates/apps/augury.yml b/spire/templates/apps/augury.yml index 4dac43dd..d4a8d2f0 100644 --- a/spire/templates/apps/augury.yml +++ b/spire/templates/apps/augury.yml @@ -302,7 +302,7 @@ Resources: Effect: Allow Resource: - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Augury/* - - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Terra/new-relic-lite-api-key + - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Spire/new-relic-lite-api-key Sid: AllowAppParameterRead Version: "2012-10-17" PolicyName: ContainerSecrets @@ -539,7 +539,7 @@ Resources: - Name: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Augury/ar-encryption-key-derivation-salt - Name: NEW_RELIC_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: @@ -710,7 +710,7 @@ Resources: - Name: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Augury/ar-encryption-key-derivation-salt - Name: NEW_RELIC_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: @@ -1155,7 +1155,7 @@ Resources: - Name: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Augury/ar-encryption-key-derivation-salt - Name: NEW_RELIC_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key Cpu: "4096" ExecutionRoleArn: !GetAtt ExecutionRole.Arn Memory: "16384" diff --git a/spire/templates/apps/castle.yml b/spire/templates/apps/castle.yml index 986f565e..dda76fb5 100644 --- a/spire/templates/apps/castle.yml +++ b/spire/templates/apps/castle.yml @@ -185,7 +185,7 @@ Resources: Effect: Allow Resource: - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Castle/* - - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Terra/new-relic-lite-api-key + - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Spire/new-relic-lite-api-key Sid: AllowAppParameterRead Version: "2012-10-17" PolicyName: ContainerSecrets @@ -306,7 +306,7 @@ Resources: - Name: PG_USER ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Castle/database-username - Name: NEW_RELIC_LICENSE_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: diff --git a/spire/templates/apps/cms.yml b/spire/templates/apps/cms.yml index 921472cb..af4daa5e 100644 --- a/spire/templates/apps/cms.yml +++ b/spire/templates/apps/cms.yml @@ -330,7 +330,7 @@ Resources: Effect: Allow Resource: - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/${EnvironmentTypeAbbreviation}/Spire/CMS/* - - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Terra/new-relic-lite-api-key + - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Spire/new-relic-lite-api-key Sid: AllowAppParameterRead Version: "2012-10-17" PolicyName: ContainerSecrets @@ -508,7 +508,7 @@ Resources: - Name: RAILS_SECRET_KEY ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/CMS/rails-secret-key - Name: NEW_RELIC_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: @@ -625,7 +625,7 @@ Resources: - Name: RAILS_SECRET_KEY ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/CMS/rails-secret-key - Name: NEW_RELIC_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: diff --git a/spire/templates/apps/dovetail-insights.yml b/spire/templates/apps/dovetail-insights.yml index b1d23d1d..b6e788bf 100644 --- a/spire/templates/apps/dovetail-insights.yml +++ b/spire/templates/apps/dovetail-insights.yml @@ -84,7 +84,7 @@ Resources: Effect: Allow Resource: - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Insights/* - - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Terra/new-relic-lite-api-key + - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Spire/new-relic-lite-api-key Sid: AllowAppParameterRead Version: "2012-10-17" PolicyName: ContainerSecrets @@ -302,7 +302,7 @@ Resources: - Name: SECRET_KEY_BASE ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Insights/secret-key-base - Name: NEW_RELIC_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: diff --git a/spire/templates/apps/dovetail-router.yml b/spire/templates/apps/dovetail-router.yml index 6d8de4df..10b3055f 100644 --- a/spire/templates/apps/dovetail-router.yml +++ b/spire/templates/apps/dovetail-router.yml @@ -679,9 +679,7 @@ Resources: Sid: AllowAppParameterRead - Action: ssm:GetParameters Effect: Allow - Resource: - - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Spire/* - - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Terra/* + Resource: !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Spire/* Sid: AllowGlobalParameterRead Version: "2012-10-17" PolicyName: ContainerSecrets @@ -839,7 +837,7 @@ Resources: - Name: MAXMIND_LICENSE_KEY ValueFrom: /prx/global/Spire/maxmind/license-key - Name: NEW_RELIC_LICENSE_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key Ulimits: - HardLimit: 8192 Name: nofile diff --git a/spire/templates/apps/dovetail-spots.yml b/spire/templates/apps/dovetail-spots.yml index e38701bc..9b14cb2c 100644 --- a/spire/templates/apps/dovetail-spots.yml +++ b/spire/templates/apps/dovetail-spots.yml @@ -94,7 +94,7 @@ Resources: Effect: Allow Resource: - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Spots/* - - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Terra/new-relic-lite-api-key + - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Spire/new-relic-lite-api-key Sid: AllowAppParameterRead Version: "2012-10-17" PolicyName: ContainerSecrets @@ -349,7 +349,7 @@ Resources: - Name: SECRET_KEY_BASE ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Spots/secret-key-base - Name: NEW_RELIC_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: @@ -479,7 +479,7 @@ Resources: - Name: SECRET_KEY_BASE ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Spots/secret-key-base - Name: NEW_RELIC_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: diff --git a/spire/templates/apps/exchange.yml b/spire/templates/apps/exchange.yml index 225f79f1..d72d6c40 100644 --- a/spire/templates/apps/exchange.yml +++ b/spire/templates/apps/exchange.yml @@ -301,7 +301,7 @@ Resources: Effect: Allow Resource: - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/${EnvironmentTypeAbbreviation}/Spire/Exchange/* - - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Terra/new-relic-lite-api-key + - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Spire/new-relic-lite-api-key Sid: AllowAppParameterRead Version: "2012-10-17" PolicyName: ContainerSecrets @@ -590,7 +590,7 @@ Resources: ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Exchange/chef-validation-certificate - !Ref AWS::NoValue - Name: NEW_RELIC_LICENSE_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: @@ -829,7 +829,7 @@ Resources: ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Exchange/chef-validation-certificate - !Ref AWS::NoValue - Name: NEW_RELIC_LICENSE_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: diff --git a/spire/templates/apps/feeder.yml b/spire/templates/apps/feeder.yml index 9cef98ba..b50f86ad 100644 --- a/spire/templates/apps/feeder.yml +++ b/spire/templates/apps/feeder.yml @@ -576,7 +576,7 @@ Resources: Effect: Allow Resource: - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Feeder/* - - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Terra/new-relic-lite-api-key + - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Spire/new-relic-lite-api-key Sid: AllowAppParameterRead - Action: ssm:GetParameters Effect: Allow @@ -956,7 +956,7 @@ Resources: - Name: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Feeder/ar-encryption-key-derivation-salt - Name: NEW_RELIC_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: @@ -1149,7 +1149,7 @@ Resources: - Name: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Feeder/ar-encryption-key-derivation-salt - Name: NEW_RELIC_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: diff --git a/spire/templates/apps/id.yml b/spire/templates/apps/id.yml index 93ff0cc7..aea72923 100644 --- a/spire/templates/apps/id.yml +++ b/spire/templates/apps/id.yml @@ -186,7 +186,7 @@ Resources: Effect: Allow Resource: - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/${EnvironmentTypeAbbreviation}/Spire/ID/* - - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Terra/new-relic-lite-api-key + - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Spire/new-relic-lite-api-key Sid: AllowAppParameterRead Version: "2012-10-17" PolicyName: ContainerSecrets @@ -389,7 +389,7 @@ Resources: - Name: LOCKBOX_MASTER_KEY ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/ID/lockbox-master-key - Name: NEW_RELIC_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: diff --git a/spire/templates/apps/networks.yml b/spire/templates/apps/networks.yml index d6c36eec..20c0c53e 100644 --- a/spire/templates/apps/networks.yml +++ b/spire/templates/apps/networks.yml @@ -299,7 +299,7 @@ Resources: Effect: Allow Resource: - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/${EnvironmentTypeAbbreviation}/Spire/Networks/* - - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Terra/new-relic-lite-api-key + - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Spire/new-relic-lite-api-key Sid: AllowAppParameterRead Version: "2012-10-17" PolicyName: ContainerSecrets @@ -444,7 +444,7 @@ Resources: - Name: RAILS_SESSION_SECRET ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Networks/rails-session-secret - Name: NEW_RELIC_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt PublicWebExecutionRole.Arn NetworkMode: bridge Tags: @@ -722,7 +722,7 @@ Resources: Effect: Allow Resource: - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/${EnvironmentTypeAbbreviation}/Spire/Networks/* - - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Terra/new-relic-lite-api-key + - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Spire/new-relic-lite-api-key Sid: AllowAppParameterRead Version: "2012-10-17" PolicyName: ContainerSecrets @@ -868,7 +868,7 @@ Resources: - Name: RAILS_SESSION_SECRET ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Networks/rails-session-secret - Name: NEW_RELIC_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt SphinxServerExecutionRole.Arn NetworkMode: awsvpc Tags: diff --git a/spire/templates/apps/remix.yml b/spire/templates/apps/remix.yml index d605c2a3..f098889c 100644 --- a/spire/templates/apps/remix.yml +++ b/spire/templates/apps/remix.yml @@ -150,7 +150,7 @@ Resources: Effect: Allow Resource: - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/${EnvironmentTypeAbbreviation}/Spire/Remix/* - - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Terra/new-relic-lite-api-key + - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Spire/new-relic-lite-api-key Sid: AllowAppParameterRead Version: "2012-10-17" PolicyName: ContainerSecrets @@ -374,7 +374,7 @@ Resources: - Name: PORTER_CALLBACK_TOKEN ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Remix/porter-callback-token - Name: NEW_RELIC_LICENSE_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: @@ -491,7 +491,7 @@ Resources: - Name: PORTER_CALLBACK_TOKEN ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Remix/porter-callback-token - Name: NEW_RELIC_LICENSE_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: diff --git a/spire/templates/apps/the-castle.yml b/spire/templates/apps/the-castle.yml index cf131059..bc67a284 100644 --- a/spire/templates/apps/the-castle.yml +++ b/spire/templates/apps/the-castle.yml @@ -150,7 +150,7 @@ Resources: Effect: Allow Resource: - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/${EnvironmentTypeAbbreviation}/Spire/The_Castle/* - - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Terra/new-relic-lite-api-key + - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Spire/new-relic-lite-api-key Sid: AllowAppParameterRead Version: "2012-10-17" PolicyName: ContainerSecrets @@ -332,7 +332,7 @@ Resources: - Name: MEDIAJOINT_PASSWORD ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/The_Castle/mediajoint-password - Name: NEW_RELIC_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: @@ -438,7 +438,7 @@ Resources: - Name: MEDIAJOINT_PASSWORD ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/The_Castle/mediajoint-password - Name: NEW_RELIC_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: diff --git a/spire/templates/apps/wfmt.yml b/spire/templates/apps/wfmt.yml index 53bcd7d2..4d90e384 100644 --- a/spire/templates/apps/wfmt.yml +++ b/spire/templates/apps/wfmt.yml @@ -324,7 +324,7 @@ Resources: Effect: Allow Resource: - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/${EnvironmentTypeAbbreviation}/Spire/WFMT/* - - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Terra/new-relic-lite-api-key + - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/prx/global/Spire/new-relic-lite-api-key Sid: AllowAppParameterRead Version: "2012-10-17" PolicyName: ContainerSecrets @@ -572,7 +572,7 @@ Resources: - Name: DEVISE_SECRET_KEY ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/WFMT/devise-secret - Name: NEW_RELIC_LICENSE_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: @@ -728,7 +728,7 @@ Resources: - Name: DEVISE_SECRET_KEY ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/WFMT/devise-secret - Name: NEW_RELIC_LICENSE_KEY - ValueFrom: /prx/global/Terra/new-relic-lite-api-key + ValueFrom: /prx/global/Spire/new-relic-lite-api-key ExecutionRoleArn: !GetAtt ExecutionRole.Arn NetworkMode: bridge Tags: