From a8d0fd8026b520c26a9e80b961f60e562e753701 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Fri, 16 Jan 2026 11:39:23 +0000 Subject: [PATCH 01/18] CCM-13905: Gateway Improvements --- .../reporting/ssm_maintenance_window_task_patch_task.tf | 4 ++++ infrastructure/terraform/components/reporting/variables.tf | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/infrastructure/terraform/components/reporting/ssm_maintenance_window_task_patch_task.tf b/infrastructure/terraform/components/reporting/ssm_maintenance_window_task_patch_task.tf index a5b62955..4ebcf7ea 100644 --- a/infrastructure/terraform/components/reporting/ssm_maintenance_window_task_patch_task.tf +++ b/infrastructure/terraform/components/reporting/ssm_maintenance_window_task_patch_task.tf @@ -18,6 +18,10 @@ resource "aws_ssm_maintenance_window_task" "patch_task" { name = "Operation" values = ["Install"] } + parameter { + name = "RebootOption" + values = ["RebootIfNeeded"] + } } } diff --git a/infrastructure/terraform/components/reporting/variables.tf b/infrastructure/terraform/components/reporting/variables.tf index ede4b17c..4c504ac0 100644 --- a/infrastructure/terraform/components/reporting/variables.tf +++ b/infrastructure/terraform/components/reporting/variables.tf @@ -154,7 +154,7 @@ variable "spot_max_price" { variable "root_volume_size" { type = number description = "Size of root volume for the Power BI On-Premises Gateway instances - 30GB minimum for Windows Server" - default = 30 + default = 80 } variable "scale_out_recurrence_schedule" { From 47ae1bbc6d21212a8d5aec28f5036fb59b26e9c2 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Fri, 16 Jan 2026 11:42:13 +0000 Subject: [PATCH 02/18] CCM-13905: Gateway Improvements --- .../components/reporting/ssm_maintenance_window_patch_window.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/terraform/components/reporting/ssm_maintenance_window_patch_window.tf b/infrastructure/terraform/components/reporting/ssm_maintenance_window_patch_window.tf index 605433ec..4bc1ecd7 100644 --- a/infrastructure/terraform/components/reporting/ssm_maintenance_window_patch_window.tf +++ b/infrastructure/terraform/components/reporting/ssm_maintenance_window_patch_window.tf @@ -3,7 +3,7 @@ resource "aws_ssm_maintenance_window" "patch_window" { name = "${local.csi}-windows-patch-window" description = "Windows Server 2022 Patch Window" - schedule = "cron(0 3 ? * SUN *)" # Every Sunday at 3 AM + schedule = "cron(0 3 ? * * *)" # Every day at 3 AM duration = 4 cutoff = 1 allow_unassociated_targets = true From ee57b4e639b3feb9d88ec3cf26c12974325a601e Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Fri, 16 Jan 2026 11:43:24 +0000 Subject: [PATCH 03/18] CCM-13905: Gateway Improvements --- infrastructure/terraform/components/reporting/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/terraform/components/reporting/README.md b/infrastructure/terraform/components/reporting/README.md index 9f1f25ed..d129f641 100644 --- a/infrastructure/terraform/components/reporting/README.md +++ b/infrastructure/terraform/components/reporting/README.md @@ -45,7 +45,7 @@ No requirements. | [project](#input\_project) | The name of the Project we are bootstrapping tfscaffold for | `string` | n/a | yes | | [public\_subnet\_cidrs](#input\_public\_subnet\_cidrs) | List of CIDR blocks for public subnets. | `list(string)` | `[]` | no | | [region](#input\_region) | The AWS Region | `string` | n/a | yes | -| [root\_volume\_size](#input\_root\_volume\_size) | Size of root volume for the Power BI On-Premises Gateway instances - 30GB minimum for Windows Server | `number` | `30` | no | +| [root\_volume\_size](#input\_root\_volume\_size) | Size of root volume for the Power BI On-Premises Gateway instances - 30GB minimum for Windows Server | `number` | `80` | no | | [scale\_in\_recurrence\_schedule](#input\_scale\_in\_recurrence\_schedule) | The cron expression for the scale in schedule. Set to null if no recurrence is needed. | `string` | `null` | no | | [scale\_out\_recurrence\_schedule](#input\_scale\_out\_recurrence\_schedule) | The cron expression for the scale out schedule. Set to null if no recurrence is needed. | `string` | `null` | no | | [shared\_infra\_account\_id](#input\_shared\_infra\_account\_id) | The AWS Account ID of the shared infrastructure account | `string` | `"000000000000"` | no | From b81d71b686ccd496625d48d2df9af975160b60c7 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Fri, 16 Jan 2026 11:45:13 +0000 Subject: [PATCH 04/18] CCM-13905: Gateway Improvements --- .../components/reporting/templates/cloudinit_config.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/terraform/components/reporting/templates/cloudinit_config.tmpl b/infrastructure/terraform/components/reporting/templates/cloudinit_config.tmpl index a54f609c..923ff32e 100644 --- a/infrastructure/terraform/components/reporting/templates/cloudinit_config.tmpl +++ b/infrastructure/terraform/components/reporting/templates/cloudinit_config.tmpl @@ -29,7 +29,7 @@ choco install -y vim choco install -y powershell-core # Install Amazon Athena ODBC 2.x Driver -`$athenaDriverUrl = "https://s3.amazonaws.com/athena-downloads/drivers/ODBC/v2.0.3.0/Windows/AmazonAthenaODBC-2.0.3.0.msi" +`$athenaDriverUrl = "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.0.6.0/Windows/AmazonAthenaODBC-2.0.6.0.msi" `$athenaDriverInstaller = "C:\scripts\SimbaAthenaODBC.msi" Invoke-WebRequest -Uri `$athenaDriverUrl -OutFile `$athenaDriverInstaller From 06c679a1ed6cbb4e164ff859eb2624ffa24b2000 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Fri, 16 Jan 2026 12:01:43 +0000 Subject: [PATCH 05/18] CCM-13905: Gateway Improvements --- ...loudwatch_metric_alarm_patch_task_failed.tf | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_patch_task_failed.tf diff --git a/infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_patch_task_failed.tf b/infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_patch_task_failed.tf new file mode 100644 index 00000000..bf230769 --- /dev/null +++ b/infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_patch_task_failed.tf @@ -0,0 +1,18 @@ +resource "aws_cloudwatch_metric_alarm" "patch_task_failed" { + count = var.enable_powerbi_gateway ? 1 : 0 + + alarm_name = "${local.csi}-patch-task-failed" + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 1 + metric_name = "FailedCommands" + namespace = "AWS/SSM-RunCommand" + period = 300 + statistic = "Sum" + threshold = 1 + alarm_description = "Alarm when the AWS-RunPatchBaseline maintenance window task reports a failed run" + treat_missing_data = "notBreaching" + + dimensions = { + DocumentName = "AWS-RunPatchBaseline" + } +} From d437d95743ec2897182b5f0c4ff012e5d0bb546f Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Fri, 16 Jan 2026 12:10:13 +0000 Subject: [PATCH 06/18] CCM-13905: Gateway Improvements --- infrastructure/terraform/etc/env_eu-west-2_main.tfvars | 2 +- infrastructure/terraform/etc/env_eu-west-2_prod.tfvars | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/infrastructure/terraform/etc/env_eu-west-2_main.tfvars b/infrastructure/terraform/etc/env_eu-west-2_main.tfvars index f717770f..be72036e 100644 --- a/infrastructure/terraform/etc/env_eu-west-2_main.tfvars +++ b/infrastructure/terraform/etc/env_eu-west-2_main.tfvars @@ -29,7 +29,7 @@ private_subnet_cidrs = [ ] instance_type = "t3.medium" -root_volume_size = 30 +root_volume_size = 80 desired_capacity = 1 min_size = 1 max_size = 1 diff --git a/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars b/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars index 148a03fb..c7cfaec3 100644 --- a/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars +++ b/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars @@ -24,8 +24,8 @@ private_subnet_cidrs = [ "10.0.6.0/24" ] -instance_type = "t3.medium" -root_volume_size = 30 +instance_type = "t3.xlarge" +root_volume_size = 200 desired_capacity = 1 min_size = 1 max_size = 1 From dfa384134c2782109ce5849447287dc6abad4644 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Fri, 16 Jan 2026 12:12:13 +0000 Subject: [PATCH 07/18] CCM-13905: Gateway Improvements --- infrastructure/terraform/etc/env_eu-west-2_int.tfvars | 8 -------- infrastructure/terraform/etc/env_eu-west-2_main.tfvars | 8 -------- infrastructure/terraform/etc/env_eu-west-2_prod.tfvars | 5 ----- infrastructure/terraform/etc/env_eu-west-2_ref.tfvars | 8 -------- infrastructure/terraform/etc/env_eu-west-2_uat.tfvars | 8 -------- 5 files changed, 37 deletions(-) diff --git a/infrastructure/terraform/etc/env_eu-west-2_int.tfvars b/infrastructure/terraform/etc/env_eu-west-2_int.tfvars index 28dd77f9..e0ecde25 100644 --- a/infrastructure/terraform/etc/env_eu-west-2_int.tfvars +++ b/infrastructure/terraform/etc/env_eu-west-2_int.tfvars @@ -22,14 +22,6 @@ private_subnet_cidrs = [ "10.0.6.0/24" ] -instance_type = "t3.medium" -root_volume_size = 30 -desired_capacity = 1 -min_size = 1 -max_size = 1 -enable_spot = false -spot_max_price = "0.3" - enable_s3_backup = false shared_infra_account_id = "099709604300" diff --git a/infrastructure/terraform/etc/env_eu-west-2_main.tfvars b/infrastructure/terraform/etc/env_eu-west-2_main.tfvars index be72036e..d3662737 100644 --- a/infrastructure/terraform/etc/env_eu-west-2_main.tfvars +++ b/infrastructure/terraform/etc/env_eu-west-2_main.tfvars @@ -28,14 +28,6 @@ private_subnet_cidrs = [ "10.0.6.0/24" ] -instance_type = "t3.medium" -root_volume_size = 80 -desired_capacity = 1 -min_size = 1 -max_size = 1 -enable_spot = false -spot_max_price = "0.3" - shared_infra_account_id = "099709604300" destination_backup_vault_arn = "arn:aws:backup:eu-west-2:390844765011:backup-vault:nhs-notify-reporting-dev-backup-vault" diff --git a/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars b/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars index c7cfaec3..d94a602e 100644 --- a/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars +++ b/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars @@ -26,11 +26,6 @@ private_subnet_cidrs = [ instance_type = "t3.xlarge" root_volume_size = 200 -desired_capacity = 1 -min_size = 1 -max_size = 1 -enable_spot = false -spot_max_price = "0.3" batch_client_ids = [ "c10ab104-86ae-48dc-b243-4906760952d3", diff --git a/infrastructure/terraform/etc/env_eu-west-2_ref.tfvars b/infrastructure/terraform/etc/env_eu-west-2_ref.tfvars index bcc8c97f..609bbaa5 100644 --- a/infrastructure/terraform/etc/env_eu-west-2_ref.tfvars +++ b/infrastructure/terraform/etc/env_eu-west-2_ref.tfvars @@ -22,14 +22,6 @@ private_subnet_cidrs = [ "10.0.6.0/24" ] -instance_type = "t3.medium" -root_volume_size = 30 -desired_capacity = 1 -min_size = 1 -max_size = 1 -enable_spot = false -spot_max_price = "0.3" - batch_client_ids = [ "perf-test-client-1", "perf-test-client-2" diff --git a/infrastructure/terraform/etc/env_eu-west-2_uat.tfvars b/infrastructure/terraform/etc/env_eu-west-2_uat.tfvars index 72f697a0..030a0b98 100644 --- a/infrastructure/terraform/etc/env_eu-west-2_uat.tfvars +++ b/infrastructure/terraform/etc/env_eu-west-2_uat.tfvars @@ -22,14 +22,6 @@ private_subnet_cidrs = [ "10.0.6.0/24" ] -instance_type = "t3.medium" -root_volume_size = 30 -desired_capacity = 1 -min_size = 1 -max_size = 1 -enable_spot = false -spot_max_price = "0.3" - enable_s3_backup = false shared_infra_account_id = "099709604300" From 2b8eb90756679b6d397bc71dc346ef43086cdd4f Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Fri, 16 Jan 2026 13:26:29 +0000 Subject: [PATCH 08/18] CCM-13905: Gateway Improvements --- .../components/reporting/templates/cloudinit_config.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/terraform/components/reporting/templates/cloudinit_config.tmpl b/infrastructure/terraform/components/reporting/templates/cloudinit_config.tmpl index 923ff32e..5555c9f1 100644 --- a/infrastructure/terraform/components/reporting/templates/cloudinit_config.tmpl +++ b/infrastructure/terraform/components/reporting/templates/cloudinit_config.tmpl @@ -19,7 +19,7 @@ if (-not (Get-Command choco -ErrorAction SilentlyContinue)) { } # Install PowerBI On-Premises Gateway and Desktop -choco install -y powerbigateway --version=3000.230.14 --ignore-checksums +choco install -y powerbigateway --version=3000.298.8 --ignore-checksums choco install -y powerbi --ignore-checksums # Install vim From dc493f072afcbe54894cecc12e6e5a75eec3107d Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Wed, 21 Jan 2026 15:09:35 +0000 Subject: [PATCH 09/18] CCM-13905: Gateway Improvements --- infrastructure/terraform/etc/env_eu-west-2_main.tfvars | 3 +++ infrastructure/terraform/etc/env_eu-west-2_prod.tfvars | 2 ++ 2 files changed, 5 insertions(+) diff --git a/infrastructure/terraform/etc/env_eu-west-2_main.tfvars b/infrastructure/terraform/etc/env_eu-west-2_main.tfvars index d3662737..79ef4f12 100644 --- a/infrastructure/terraform/etc/env_eu-west-2_main.tfvars +++ b/infrastructure/terraform/etc/env_eu-west-2_main.tfvars @@ -15,6 +15,9 @@ core_account_ids = [ # PowerBI On-Premises Gateway variables: enable_powerbi_gateway = true +min_size = 2 +max_size = 2 + public_subnet_cidrs = [ "10.0.1.0/24", diff --git a/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars b/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars index d94a602e..341cf24f 100644 --- a/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars +++ b/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars @@ -11,6 +11,8 @@ core_account_ids = [ # PowerBI On-Premises Gateway variables: enable_powerbi_gateway = true +min_size = 2 +max_size = 2 public_subnet_cidrs = [ "10.0.1.0/24", From 072d8a72c71d57e3baa7df1a92ac184c80910180 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Thu, 22 Jan 2026 09:44:33 +0000 Subject: [PATCH 10/18] CCM-13905: Gateway Improvements --- infrastructure/terraform/etc/env_eu-west-2_main.tfvars | 3 --- infrastructure/terraform/etc/env_eu-west-2_prod.tfvars | 2 -- 2 files changed, 5 deletions(-) diff --git a/infrastructure/terraform/etc/env_eu-west-2_main.tfvars b/infrastructure/terraform/etc/env_eu-west-2_main.tfvars index 79ef4f12..d3662737 100644 --- a/infrastructure/terraform/etc/env_eu-west-2_main.tfvars +++ b/infrastructure/terraform/etc/env_eu-west-2_main.tfvars @@ -15,9 +15,6 @@ core_account_ids = [ # PowerBI On-Premises Gateway variables: enable_powerbi_gateway = true -min_size = 2 -max_size = 2 - public_subnet_cidrs = [ "10.0.1.0/24", diff --git a/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars b/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars index 341cf24f..d94a602e 100644 --- a/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars +++ b/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars @@ -11,8 +11,6 @@ core_account_ids = [ # PowerBI On-Premises Gateway variables: enable_powerbi_gateway = true -min_size = 2 -max_size = 2 public_subnet_cidrs = [ "10.0.1.0/24", From 29796424e3e838b243fecea26116bc14f1e84677 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Thu, 22 Jan 2026 10:47:13 +0000 Subject: [PATCH 11/18] CCM-13905: Gateway Improvements --- .../reporting/ssm_maintenance_window_patch_window.tf | 4 ++-- .../reporting/ssm_maintenance_window_task_patch_task.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/infrastructure/terraform/components/reporting/ssm_maintenance_window_patch_window.tf b/infrastructure/terraform/components/reporting/ssm_maintenance_window_patch_window.tf index 4bc1ecd7..339fa2c9 100644 --- a/infrastructure/terraform/components/reporting/ssm_maintenance_window_patch_window.tf +++ b/infrastructure/terraform/components/reporting/ssm_maintenance_window_patch_window.tf @@ -2,8 +2,8 @@ resource "aws_ssm_maintenance_window" "patch_window" { count = var.enable_powerbi_gateway ? 1 : 0 name = "${local.csi}-windows-patch-window" - description = "Windows Server 2022 Patch Window" - schedule = "cron(0 3 ? * * *)" # Every day at 3 AM + description = "Windows Server 2022 Sunday Patch Window" + schedule = "cron(0 3 ? * SUN *)" # Every Sunday at 3 AM duration = 4 cutoff = 1 allow_unassociated_targets = true diff --git a/infrastructure/terraform/components/reporting/ssm_maintenance_window_task_patch_task.tf b/infrastructure/terraform/components/reporting/ssm_maintenance_window_task_patch_task.tf index 4ebcf7ea..f53d1091 100644 --- a/infrastructure/terraform/components/reporting/ssm_maintenance_window_task_patch_task.tf +++ b/infrastructure/terraform/components/reporting/ssm_maintenance_window_task_patch_task.tf @@ -26,6 +26,6 @@ resource "aws_ssm_maintenance_window_task" "patch_task" { } priority = 1 - max_concurrency = "2" + max_concurrency = "1" max_errors = "1" } From 4ad3798a0ad7a6bca3a4a664122722626948d05d Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Thu, 22 Jan 2026 10:51:46 +0000 Subject: [PATCH 12/18] CCM-13905: Gateway Improvements --- infrastructure/terraform/etc/env_eu-west-2_main.tfvars | 3 +++ infrastructure/terraform/etc/env_eu-west-2_prod.tfvars | 2 ++ 2 files changed, 5 insertions(+) diff --git a/infrastructure/terraform/etc/env_eu-west-2_main.tfvars b/infrastructure/terraform/etc/env_eu-west-2_main.tfvars index d3662737..79ef4f12 100644 --- a/infrastructure/terraform/etc/env_eu-west-2_main.tfvars +++ b/infrastructure/terraform/etc/env_eu-west-2_main.tfvars @@ -15,6 +15,9 @@ core_account_ids = [ # PowerBI On-Premises Gateway variables: enable_powerbi_gateway = true +min_size = 2 +max_size = 2 + public_subnet_cidrs = [ "10.0.1.0/24", diff --git a/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars b/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars index d94a602e..341cf24f 100644 --- a/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars +++ b/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars @@ -11,6 +11,8 @@ core_account_ids = [ # PowerBI On-Premises Gateway variables: enable_powerbi_gateway = true +min_size = 2 +max_size = 2 public_subnet_cidrs = [ "10.0.1.0/24", From eec2dec9615666ce0fcef9de1222e6560f4ab85c Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Thu, 22 Jan 2026 11:17:28 +0000 Subject: [PATCH 13/18] CCM-13905: Gateway Improvements --- infrastructure/terraform/etc/env_eu-west-2_main.tfvars | 1 + infrastructure/terraform/etc/env_eu-west-2_prod.tfvars | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/infrastructure/terraform/etc/env_eu-west-2_main.tfvars b/infrastructure/terraform/etc/env_eu-west-2_main.tfvars index 79ef4f12..8180b2db 100644 --- a/infrastructure/terraform/etc/env_eu-west-2_main.tfvars +++ b/infrastructure/terraform/etc/env_eu-west-2_main.tfvars @@ -17,6 +17,7 @@ core_account_ids = [ enable_powerbi_gateway = true min_size = 2 max_size = 2 +desired_capacity = 2 public_subnet_cidrs = [ diff --git a/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars b/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars index 341cf24f..d3e79ce3 100644 --- a/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars +++ b/infrastructure/terraform/etc/env_eu-west-2_prod.tfvars @@ -13,6 +13,9 @@ core_account_ids = [ enable_powerbi_gateway = true min_size = 2 max_size = 2 +desired_capacity = 2 +instance_type = "t3.xlarge" +root_volume_size = 200 public_subnet_cidrs = [ "10.0.1.0/24", @@ -26,9 +29,6 @@ private_subnet_cidrs = [ "10.0.6.0/24" ] -instance_type = "t3.xlarge" -root_volume_size = 200 - batch_client_ids = [ "c10ab104-86ae-48dc-b243-4906760952d3", "688040bc-92ea-4037-89f4-d105c9ae59a4" From 4239b7a25d0f6ed4454f34b7e4e7bc79202946ed Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Thu, 22 Jan 2026 12:11:39 +0000 Subject: [PATCH 14/18] CCM-13905: Gateway Improvements --- ...etric_alarm_powerbi_gateway_group_health.tf | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_powerbi_gateway_group_health.tf diff --git a/infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_powerbi_gateway_group_health.tf b/infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_powerbi_gateway_group_health.tf new file mode 100644 index 00000000..bf85a00c --- /dev/null +++ b/infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_powerbi_gateway_group_health.tf @@ -0,0 +1,18 @@ +resource "aws_cloudwatch_metric_alarm" "powerbi_gateway_group_health" { + count = var.enable_powerbi_gateway ? 1 : 0 + + alarm_name = "${local.csi}-powerbi-gateway-group-health" + comparison_operator = "LessThanThreshold" + evaluation_periods = 2 + metric_name = "GroupInServiceInstances" + namespace = "AWS/AutoScaling" + period = 300 + statistic = "Average" + threshold = var.desired_capacity + alarm_description = "Alarm when the Power BI gateway Auto Scaling group has fewer in-service instances than desired" + treat_missing_data = "breaching" + + dimensions = { + AutoScalingGroupName = aws_autoscaling_group.powerbi_gateway[0].name + } +} From 50ecf7c588296443ffa460f1900b89d386ddb63c Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Thu, 22 Jan 2026 16:10:25 +0000 Subject: [PATCH 15/18] CCM-13905: Gateway Improvements --- .../components/reporting/autoscaling_group_powerbi_gateway.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/infrastructure/terraform/components/reporting/autoscaling_group_powerbi_gateway.tf b/infrastructure/terraform/components/reporting/autoscaling_group_powerbi_gateway.tf index 5e7c6872..a43ab1db 100644 --- a/infrastructure/terraform/components/reporting/autoscaling_group_powerbi_gateway.tf +++ b/infrastructure/terraform/components/reporting/autoscaling_group_powerbi_gateway.tf @@ -22,4 +22,8 @@ resource "aws_autoscaling_group" "powerbi_gateway" { health_check_type = "EC2" health_check_grace_period = 300 wait_for_capacity_timeout = "0" + + enabled_metrics = [ + "GroupInServiceInstances" + ] } From fd0725c912430fd3a6903b8184932a67a827b934 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Fri, 23 Jan 2026 13:10:01 +0000 Subject: [PATCH 16/18] CCM-13905: Gateway Improvements --- .../ec2_instances_powerbi_gateway.tf | 13 ++++++ .../ssm_maintenance_window_patch_window.tf | 15 ++++++- ...tenance_window_target_windows_instances.tf | 36 +++++++++++++-- .../ssm_maintenance_window_task_patch_task.tf | 45 ++++++++++++++++--- .../components/reporting/variables.tf | 6 +++ 5 files changed, 104 insertions(+), 11 deletions(-) create mode 100644 infrastructure/terraform/components/reporting/ec2_instances_powerbi_gateway.tf diff --git a/infrastructure/terraform/components/reporting/ec2_instances_powerbi_gateway.tf b/infrastructure/terraform/components/reporting/ec2_instances_powerbi_gateway.tf new file mode 100644 index 00000000..9ab7739c --- /dev/null +++ b/infrastructure/terraform/components/reporting/ec2_instances_powerbi_gateway.tf @@ -0,0 +1,13 @@ +# Standalone EC2 instances launched directly from the Power BI gateway launch template. +resource "aws_instance" "powerbi_gateway_standalone" { + count = var.enable_powerbi_gateway ? var.powerbi_gateway_instance_count : 0 + + launch_template { + id = aws_launch_template.powerbi_gateway[0].id + version = "$Latest" + } + + tags = { + Name = format("%s-powerbi-gateway-standalone-%02d", local.csi, count.index + 1) + } +} diff --git a/infrastructure/terraform/components/reporting/ssm_maintenance_window_patch_window.tf b/infrastructure/terraform/components/reporting/ssm_maintenance_window_patch_window.tf index 339fa2c9..456bc65b 100644 --- a/infrastructure/terraform/components/reporting/ssm_maintenance_window_patch_window.tf +++ b/infrastructure/terraform/components/reporting/ssm_maintenance_window_patch_window.tf @@ -1,10 +1,21 @@ -resource "aws_ssm_maintenance_window" "patch_window" { +resource "aws_ssm_maintenance_window" "patch_window_sunday" { count = var.enable_powerbi_gateway ? 1 : 0 - name = "${local.csi}-windows-patch-window" + name = "${local.csi}-windows-patch-window-sun" description = "Windows Server 2022 Sunday Patch Window" schedule = "cron(0 3 ? * SUN *)" # Every Sunday at 3 AM duration = 4 cutoff = 1 allow_unassociated_targets = true } + +resource "aws_ssm_maintenance_window" "patch_window_wednesday" { + count = var.enable_powerbi_gateway ? 1 : 0 + + name = "${local.csi}-windows-patch-window-wed" + description = "Windows Server 2022 Wednesday Patch Window" + schedule = "cron(0 3 ? * WED *)" # Every Wednesday at 3 AM + duration = 4 + cutoff = 1 + allow_unassociated_targets = true +} diff --git a/infrastructure/terraform/components/reporting/ssm_maintenance_window_target_windows_instances.tf b/infrastructure/terraform/components/reporting/ssm_maintenance_window_target_windows_instances.tf index 9425386f..3abb17d5 100644 --- a/infrastructure/terraform/components/reporting/ssm_maintenance_window_target_windows_instances.tf +++ b/infrastructure/terraform/components/reporting/ssm_maintenance_window_target_windows_instances.tf @@ -1,13 +1,41 @@ -resource "aws_ssm_maintenance_window_target" "windows_instances" { +resource "aws_ssm_maintenance_window_target" "windows_instances_sunday_asg" { count = var.enable_powerbi_gateway ? 1 : 0 - description = "Windows Server 2022 Maintenance Window Target" - window_id = aws_ssm_maintenance_window.patch_window[0].id + description = "Windows Server 2022 Sunday Maintenance Window Target (ASG)" + window_id = aws_ssm_maintenance_window.patch_window_sunday[0].id resource_type = "INSTANCE" - name = "${local.csi}-maintenance-window-target" + name = "${local.csi}-maintenance-window-target-sun-asg" targets { key = "tag:Patch Group" values = ["${local.csi}-windows-group"] } } + +resource "aws_ssm_maintenance_window_target" "windows_instances_sunday_standalone" { + count = var.enable_powerbi_gateway && var.powerbi_gateway_instance_count >= 1 ? 1 : 0 + + description = "Windows Server 2022 Sunday Maintenance Window Target (Standalone)" + window_id = aws_ssm_maintenance_window.patch_window_sunday[0].id + resource_type = "INSTANCE" + name = "${local.csi}-maintenance-window-target-sun-standalone" + + targets { + key = "InstanceIds" + values = [aws_instance.powerbi_gateway_standalone[0].id] + } +} + +resource "aws_ssm_maintenance_window_target" "windows_instances_wednesday" { + count = var.enable_powerbi_gateway && var.powerbi_gateway_instance_count >= 2 ? 1 : 0 + + description = "Windows Server 2022 Wednesday Maintenance Window Target" + window_id = aws_ssm_maintenance_window.patch_window_wednesday[0].id + resource_type = "INSTANCE" + name = "${local.csi}-maintenance-window-target-wed" + + targets { + key = "InstanceIds" + values = [aws_instance.powerbi_gateway_standalone[1].id] + } +} diff --git a/infrastructure/terraform/components/reporting/ssm_maintenance_window_task_patch_task.tf b/infrastructure/terraform/components/reporting/ssm_maintenance_window_task_patch_task.tf index f53d1091..98dff887 100644 --- a/infrastructure/terraform/components/reporting/ssm_maintenance_window_task_patch_task.tf +++ b/infrastructure/terraform/components/reporting/ssm_maintenance_window_task_patch_task.tf @@ -1,19 +1,54 @@ -resource "aws_ssm_maintenance_window_task" "patch_task" { +resource "aws_ssm_maintenance_window_task" "patch_task_sunday" { count = var.enable_powerbi_gateway ? 1 : 0 - description = "Windows Server 2022 Patch Task" - window_id = aws_ssm_maintenance_window.patch_window[0].id + description = "Windows Server 2022 Sunday Patch Task" + window_id = aws_ssm_maintenance_window.patch_window_sunday[0].id + task_arn = "AWS-RunPatchBaseline" + task_type = "RUN_COMMAND" + + targets { + key = "WindowTargetIds" + values = concat( + [aws_ssm_maintenance_window_target.windows_instances_sunday_asg[0].id], + var.powerbi_gateway_instance_count >= 1 ? [aws_ssm_maintenance_window_target.windows_instances_sunday_standalone[0].id] : [] + ) + } + + task_invocation_parameters { + run_command_parameters { + comment = "Patching Sunday instances" + parameter { + name = "Operation" + values = ["Install"] + } + parameter { + name = "RebootOption" + values = ["RebootIfNeeded"] + } + } + } + + priority = 1 + max_concurrency = "1" + max_errors = "1" +} + +resource "aws_ssm_maintenance_window_task" "patch_task_wednesday" { + count = var.enable_powerbi_gateway && var.powerbi_gateway_instance_count >= 2 ? 1 : 0 + + description = "Windows Server 2022 Wednesday Patch Task" + window_id = aws_ssm_maintenance_window.patch_window_wednesday[0].id task_arn = "AWS-RunPatchBaseline" task_type = "RUN_COMMAND" targets { key = "WindowTargetIds" - values = [aws_ssm_maintenance_window_target.windows_instances[0].id] + values = [aws_ssm_maintenance_window_target.windows_instances_wednesday[0].id] } task_invocation_parameters { run_command_parameters { - comment = "Patching Windows Instances" + comment = "Patching Wednesday instance" parameter { name = "Operation" values = ["Install"] diff --git a/infrastructure/terraform/components/reporting/variables.tf b/infrastructure/terraform/components/reporting/variables.tf index 4c504ac0..fccc5200 100644 --- a/infrastructure/terraform/components/reporting/variables.tf +++ b/infrastructure/terraform/components/reporting/variables.tf @@ -103,6 +103,12 @@ variable "enable_powerbi_gateway" { default = true } +variable "powerbi_gateway_instance_count" { + description = "Number of standalone Power BI On-Premises Gateway instances created directly from the launch template." + type = number + default = 2 +} + variable "public_subnet_cidrs" { description = "List of CIDR blocks for public subnets." type = list(string) From 0380cc5171d93a7333ca1883d2fcbd22ab1df54b Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Fri, 23 Jan 2026 13:13:31 +0000 Subject: [PATCH 17/18] CCM-13905: Gateway Improvements --- infrastructure/terraform/components/reporting/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/infrastructure/terraform/components/reporting/README.md b/infrastructure/terraform/components/reporting/README.md index d129f641..c47af7b0 100644 --- a/infrastructure/terraform/components/reporting/README.md +++ b/infrastructure/terraform/components/reporting/README.md @@ -41,6 +41,7 @@ No requirements. | [periodic\_s3backup\_copy\_retention\_days](#input\_periodic\_s3backup\_copy\_retention\_days) | number of days to retain weekly s3 backups in the destination vault | `number` | `31` | no | | [periodic\_s3backup\_retention\_days](#input\_periodic\_s3backup\_retention\_days) | number of days to retain weekly s3 backups | `number` | `31` | no | | [periodic\_s3backup\_schedule](#input\_periodic\_s3backup\_schedule) | Crontab formatted schedule for Periodic S3 Backups | `string` | `"cron(0 5 ? * 7 *)"` | no | +| [powerbi\_gateway\_instance\_count](#input\_powerbi\_gateway\_instance\_count) | Number of standalone Power BI On-Premises Gateway instances created directly from the launch template. | `number` | `2` | no | | [private\_subnet\_cidrs](#input\_private\_subnet\_cidrs) | List of CIDR blocks for private subnets. | `list(string)` | `[]` | no | | [project](#input\_project) | The name of the Project we are bootstrapping tfscaffold for | `string` | n/a | yes | | [public\_subnet\_cidrs](#input\_public\_subnet\_cidrs) | List of CIDR blocks for public subnets. | `list(string)` | `[]` | no | From e9be96298e971d575e789d3f2a83ddb1eea68370 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Fri, 23 Jan 2026 13:52:30 +0000 Subject: [PATCH 18/18] CCM-13905: Gateway Improvements --- .../autoscaling_group_powerbi_gateway.tf | 6 +- ...tric_alarm_powerbi_gateway_group_health.tf | 18 ----- ...alarm_powerbi_gateway_standalone_status.tf | 25 +++++++ .../ec2_instances_powerbi_gateway.tf | 2 +- ...=> launch_template_powerbi_gateway_asg.tf} | 6 +- ...nch_template_powerbi_gateway_standalone.tf | 67 +++++++++++++++++++ 6 files changed, 97 insertions(+), 27 deletions(-) delete mode 100644 infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_powerbi_gateway_group_health.tf create mode 100644 infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_powerbi_gateway_standalone_status.tf rename infrastructure/terraform/components/reporting/{launch_template_powerbi_gateway.tf => launch_template_powerbi_gateway_asg.tf} (92%) create mode 100644 infrastructure/terraform/components/reporting/launch_template_powerbi_gateway_standalone.tf diff --git a/infrastructure/terraform/components/reporting/autoscaling_group_powerbi_gateway.tf b/infrastructure/terraform/components/reporting/autoscaling_group_powerbi_gateway.tf index a43ab1db..5400b7d4 100644 --- a/infrastructure/terraform/components/reporting/autoscaling_group_powerbi_gateway.tf +++ b/infrastructure/terraform/components/reporting/autoscaling_group_powerbi_gateway.tf @@ -4,7 +4,7 @@ resource "aws_autoscaling_group" "powerbi_gateway" { name = local.csi launch_template { - id = aws_launch_template.powerbi_gateway[0].id + id = aws_launch_template.powerbi_gateway_asg[0].id version = "$Latest" } @@ -22,8 +22,4 @@ resource "aws_autoscaling_group" "powerbi_gateway" { health_check_type = "EC2" health_check_grace_period = 300 wait_for_capacity_timeout = "0" - - enabled_metrics = [ - "GroupInServiceInstances" - ] } diff --git a/infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_powerbi_gateway_group_health.tf b/infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_powerbi_gateway_group_health.tf deleted file mode 100644 index bf85a00c..00000000 --- a/infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_powerbi_gateway_group_health.tf +++ /dev/null @@ -1,18 +0,0 @@ -resource "aws_cloudwatch_metric_alarm" "powerbi_gateway_group_health" { - count = var.enable_powerbi_gateway ? 1 : 0 - - alarm_name = "${local.csi}-powerbi-gateway-group-health" - comparison_operator = "LessThanThreshold" - evaluation_periods = 2 - metric_name = "GroupInServiceInstances" - namespace = "AWS/AutoScaling" - period = 300 - statistic = "Average" - threshold = var.desired_capacity - alarm_description = "Alarm when the Power BI gateway Auto Scaling group has fewer in-service instances than desired" - treat_missing_data = "breaching" - - dimensions = { - AutoScalingGroupName = aws_autoscaling_group.powerbi_gateway[0].name - } -} diff --git a/infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_powerbi_gateway_standalone_status.tf b/infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_powerbi_gateway_standalone_status.tf new file mode 100644 index 00000000..a84763fb --- /dev/null +++ b/infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_powerbi_gateway_standalone_status.tf @@ -0,0 +1,25 @@ +resource "aws_cloudwatch_metric_alarm" "powerbi_gateway_standalone_status_check_failed" { + for_each = var.enable_powerbi_gateway ? { + for idx, instance in aws_instance.powerbi_gateway_standalone : + idx => { + id = instance.id + name = format("%s-powerbi-gateway-standalone-%02d-status-check-failed", local.csi, idx + 1) + } + } : {} + + alarm_name = each.value.name + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 2 + datapoints_to_alarm = 2 + metric_name = "StatusCheckFailed" + namespace = "AWS/EC2" + period = 300 + statistic = "Maximum" + threshold = 1 + alarm_description = "Instance or system status check failed for a standalone Power BI gateway host" + treat_missing_data = "breaching" + + dimensions = { + InstanceId = each.value.id + } +} diff --git a/infrastructure/terraform/components/reporting/ec2_instances_powerbi_gateway.tf b/infrastructure/terraform/components/reporting/ec2_instances_powerbi_gateway.tf index 9ab7739c..5d4f189e 100644 --- a/infrastructure/terraform/components/reporting/ec2_instances_powerbi_gateway.tf +++ b/infrastructure/terraform/components/reporting/ec2_instances_powerbi_gateway.tf @@ -3,7 +3,7 @@ resource "aws_instance" "powerbi_gateway_standalone" { count = var.enable_powerbi_gateway ? var.powerbi_gateway_instance_count : 0 launch_template { - id = aws_launch_template.powerbi_gateway[0].id + id = aws_launch_template.powerbi_gateway_standalone[0].id version = "$Latest" } diff --git a/infrastructure/terraform/components/reporting/launch_template_powerbi_gateway.tf b/infrastructure/terraform/components/reporting/launch_template_powerbi_gateway_asg.tf similarity index 92% rename from infrastructure/terraform/components/reporting/launch_template_powerbi_gateway.tf rename to infrastructure/terraform/components/reporting/launch_template_powerbi_gateway_asg.tf index 00c0a657..08e14a75 100644 --- a/infrastructure/terraform/components/reporting/launch_template_powerbi_gateway.tf +++ b/infrastructure/terraform/components/reporting/launch_template_powerbi_gateway_asg.tf @@ -1,8 +1,8 @@ -resource "aws_launch_template" "powerbi_gateway" { +resource "aws_launch_template" "powerbi_gateway_asg" { count = var.enable_powerbi_gateway ? 1 : 0 - name = local.csi - description = "Template for the Power BI On-Premises Gateway" + name = "${local.csi}-asg" + description = "Template for the Power BI On-Premises Gateway (ASG)" update_default_version = true image_id = "resolve:ssm:/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-Base" instance_type = var.instance_type diff --git a/infrastructure/terraform/components/reporting/launch_template_powerbi_gateway_standalone.tf b/infrastructure/terraform/components/reporting/launch_template_powerbi_gateway_standalone.tf new file mode 100644 index 00000000..1199f786 --- /dev/null +++ b/infrastructure/terraform/components/reporting/launch_template_powerbi_gateway_standalone.tf @@ -0,0 +1,67 @@ +resource "aws_launch_template" "powerbi_gateway_standalone" { + count = var.enable_powerbi_gateway ? 1 : 0 + + name = "${local.csi}-standalone" + description = "Template for the Power BI On-Premises Gateway (standalone instances)" + update_default_version = true + image_id = "resolve:ssm:/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-Base" + instance_type = var.instance_type + user_data = data.cloudinit_config.powerbi_gateway[0].rendered + instance_initiated_shutdown_behavior = var.enable_spot ? "terminate" : "stop" + ebs_optimized = true + + block_device_mappings { + device_name = "/dev/sda1" + ebs { + delete_on_termination = true + encrypted = true + kms_key_id = aws_kms_key.ebs[0].arn + volume_size = var.root_volume_size + volume_type = "gp3" + } + } + + iam_instance_profile { + name = aws_iam_instance_profile.powerbi_gateway[0].name + } + + dynamic "instance_market_options" { + for_each = var.enable_spot ? [1] : [] + content { + market_type = "spot" + spot_options { + max_price = var.spot_max_price + spot_instance_type = "one-time" + } + } + } + + monitoring { + enabled = true + } + + network_interfaces { + delete_on_termination = true + associate_public_ip_address = false + security_groups = [ + aws_security_group.powerbi_gateway[0].id + ] + subnet_id = element(module.powerbi_gateway_vpc[0].private_subnets, count.index) + } + + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + http_put_response_hop_limit = 5 + } + + tag_specifications { + resource_type = "instance" + tags = local.deployment_default_tags + } + + tag_specifications { + resource_type = "volume" + tags = local.deployment_default_tags + } +}