UML-3138 Various TF fixes

ministryofjustice · Oct 25, 2023 · dac44e3 · dac44e3
1 parent cf797ee
commit dac44e3
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 22 deletions.
diff --git a/terraform/account/region/cloudwatch.tf b/terraform/account/region/cloudwatch.tf
@@ -10,7 +10,7 @@ resource "aws_cloudwatch_log_group" "use-an-lpa" {
 }
 
 data "aws_kms_alias" "cloudwatch_mrk" {
-  name = "alias/cloudwatch-encryption-mrk"
+  name = "alias/cloudwatch_encryption"
 
   provider = aws.region
 }

diff --git a/terraform/account/region/modules/s3_bucket/main.tf b/terraform/account/region/modules/s3_bucket/main.tf
@@ -1,12 +1,6 @@
 resource "aws_s3_bucket" "bucket" {
   bucket        = var.bucket_name
   force_destroy = var.force_destroy
-
-  # Temporary workaround to prevent the bucket being destroyed
-  lifecycle {
-    ignore_changes = [bucket]
-  }
-
 }
 
 resource "aws_s3_bucket_acl" "bucket_acl" {

diff --git a/terraform/account/region/network.tf b/terraform/account/region/network.tf
@@ -1,3 +1,10 @@
+locals {
+  availability_zones = [
+    "eu-west-1a",
+    "eu-west-1b",
+    "eu-west-1c",
+  ]
+}
 resource "aws_default_vpc" "default" {
   tags = { "Name" = "default" }
 
@@ -8,27 +15,34 @@ data "aws_availability_zones" "default" {
   provider = aws.region
 }
 
+# TODO: Remove this once the above data source has been put into state
+resource "aws_key_pair" "foo" {
+  count      = 3
+  key_name   = "temporary-testing-keypair-${element(data.aws_availability_zones.default.names, count.index)}"
+  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 temporary-testing-keypair"
+}
+
+#TODO: Fix this by changing availability_zone to a data source
 resource "aws_default_subnet" "public" {
-  count                   = 3
-  availability_zone       = element(data.aws_availability_zones.default.names, count.index)
+  count             = 3
+  availability_zone = local.availability_zones[count.index]
+  # availability_zone       = data.aws_availability_zones.default.names[count.index]
   map_public_ip_on_launch = false
   tags                    = { "Name" = "public" }
 
   provider = aws.region
 }
 
+#TODO: Fix this by changing availability_zone to a data source
 resource "aws_subnet" "private" {
-  count                   = 3
-  cidr_block              = cidrsubnet(aws_default_vpc.default.cidr_block, 4, count.index + 3)
-  vpc_id                  = aws_default_vpc.default.id
-  availability_zone       = element(data.aws_availability_zones.default.names, count.index)
+  count             = 3
+  cidr_block        = cidrsubnet(aws_default_vpc.default.cidr_block, 4, count.index + 3)
+  vpc_id            = aws_default_vpc.default.id
+  availability_zone = local.availability_zones[count.index]
+  # availability_zone       = element(data.aws_availability_zones.default.names, count.index)
   map_public_ip_on_launch = false
   tags                    = { "Name" = "private" }
 
-  # Ignore changes to the availability zone - this is a temporary workaround to prevent recreation of the subnets
-  lifecycle {
-    ignore_changes = [availability_zone]
-  }
   provider = aws.region
 }
 

diff --git a/terraform/account/region/s3_redacted_logs.tf b/terraform/account/region/s3_redacted_logs.tf
@@ -1,8 +1,9 @@
 module "redacted-logs" {
   source = "./modules/s3_bucket"
-
-  account_name    = var.environment_name
-  bucket_name     = "opg-use-an-lpa-redacted-logs-${var.environment_name}-${data.aws_region.current.name}"
+  #TODO: Fix this by changing availability_zone to a data source
+  account_name = var.environment_name
+  bucket_name  = "opg-use-an-lpa-redacted-logs-${var.environment_name}-eu-west-1"
+  # bucket_name     = "opg-use-an-lpa-redacted-logs-${var.environment_name}-${data.aws_region.current.name}"
   expiration_days = 400 # Log Retention is 13 Months/400 Days as Policy
   force_destroy   = false
   kms_key         = aws_kms_key.redacted_s3

diff --git a/terraform/account/region/vpc_endpoints.tf b/terraform/account/region/vpc_endpoints.tf
@@ -1,11 +1,12 @@
 resource "aws_security_group" "vpc_endpoints_private" {
-  name_prefix = "vpc-endpoint-access-private-subnets-${data.aws_region.current.name}"
+  #TODO: Fix name_prefix
+  name_prefix = "vpc-endpoint-access-private-subnets-eu-west-1"
+  # name_prefix = "vpc-endpoint-access-private-subnets-${data.aws_region.current.name}"
   description = "vpc endpoint private sg"
   vpc_id      = aws_default_vpc.default.id
   tags        = { Name = "vpc-endpoint-access-private-subnets-${data.aws_region.current.name}" }
   lifecycle {
     create_before_destroy = true
-    ignore_changes        = [name_prefix]
   }
 
   provider = aws.region