NRL-853 use different tags for S3 an dynamodb resources

Author: katebobyn-nhs

terraform/account-wide-infrastructure/dev/aws-backups.tf

@@ -9,9 +9,9 @@ variable "destination_vault_arn" {
   default     = ""
 }
 
-#data "aws_arn" "destination_vault_arn" {
-#  arn = var.destination_vault_arn
-#}
+data "aws_arn" "destination_vault_arn" {
+  arn = var.destination_vault_arn
+}
 
 data "aws_secretsmanager_secret" "backup-account-secret" {
   name = "nhsd-nrlf--dev--test-backup-account-id"
@@ -138,11 +138,11 @@ module "source" {
   source = "../modules/backup-source"
 
   backup_copy_vault_account_id = local.destination_account_id
-  #  backup_copy_vault_arn              = data.aws_arn.destination_vault_arn.arn
-  environment_name      = local.environment_name
-  bootstrap_kms_key_arn = aws_kms_key.backup_notifications.arn
-  project_name          = local.project_name
-  reports_bucket        = aws_s3_bucket.backup_reports.bucket
+  backup_copy_vault_arn        = data.aws_arn.destination_vault_arn.arn
+  environment_name             = local.environment_name
+  bootstrap_kms_key_arn        = aws_kms_key.backup_notifications.arn
+  project_name                 = local.project_name
+  reports_bucket               = aws_s3_bucket.backup_reports.bucket
   #terraform_role_arn                = data.aws_caller_identity.current.arn
   terraform_role_arn = "arn:aws:iam::${var.assume_account}:role/${var.assume_role}"
 
@@ -164,7 +164,7 @@ module "source" {
         "schedule" : "cron(0 0 * * ? *)"
       }
     ],
-    "selection_tag" : "NHSE-Enable-Backup"
+    "selection_tag" : "NHSE-Enable-S3-Backup"
   }
 
   backup_plan_config_dynamodb = {
@@ -184,6 +184,6 @@ module "source" {
         "schedule" : "cron(0 0 * * ? *)"
       }
     ],
-    "selection_tag" : "NHSE-Enable-Backup"
+    "selection_tag" : "NHSE-Enable-DDB-Backup"
   }
 }

terraform/account-wide-infrastructure/modules/permissions-store-bucket/s3.tf

@@ -2,13 +2,10 @@ resource "aws_s3_bucket" "authorization-store" {
   bucket        = "${var.name_prefix}-authorization-store"
   force_destroy = var.enable_bucket_force_destroy
 
-  tags = var.enable_backups ? {
-    Name               = "authorization store"
-    Environment        = "${var.name_prefix}"
-    NHSE-Enable-Backup = "true"
-    } : {
-    Name        = "authorization store"
-    Environment = "${var.name_prefix}"
+  tags = {
+    Name                  = "authorization store"
+    Environment           = "${var.name_prefix}"
+    NHSE-Enable-S3-Backup = "${var.enable_backups}"
   }
 }
 

terraform/account-wide-infrastructure/modules/pointers-table/dynamodb.tf

@@ -52,5 +52,5 @@ resource "aws_dynamodb_table" "pointers" {
     enabled = var.enable_pitr
   }
 
-  tags = var.enable_backups ? { NHSE-Enable-Backup = "true" } : {}
+  tags = { NHSE-Enable-DDB-Backup = "${var.enable_backups}" }
 }

terraform/account-wide-infrastructure/modules/truststore-bucket/s3.tf

@@ -1,7 +1,7 @@
 resource "aws_s3_bucket" "api_truststore" {
   bucket        = "${var.name_prefix}-api-truststore"
   force_destroy = var.enable_bucket_force_destroy
-  tags          = var.enable_backups ? { NHSE-Enable-Backup = "true" } : {}
+  tags          = { NHSE-Enable-S3-Backup = "${var.enable_backups}" }
 }
 
 resource "aws_s3_bucket_policy" "api_truststore_bucket_policy" {