NRL-1793 Add terraform dependency and aws restore account to mgmt policy

Author: axelkrastek1-nhs

terraform/account-wide-infrastructure/mgmt/data.tf

@@ -38,6 +38,10 @@ data "aws_secretsmanager_secret" "test_backup_account_id" {
   name = "${local.project}--mgmt--test-backup-account-id"
 }
 
+data "aws_secretsmanager_secret" "test_restore_account_id" {
+  name = "${local.project}--mgmt--test-restore-account-id"
+}
+
 data "aws_secretsmanager_secret_version" "dev_account_id" {
   secret_id = data.aws_secretsmanager_secret.dev_account_id.name
 }
@@ -49,3 +53,7 @@ data "aws_secretsmanager_secret_version" "test_account_id" {
 data "aws_secretsmanager_secret_version" "test_backup_account_id" {
   secret_id = data.aws_secretsmanager_secret.test_backup_account_id.name
 }
+
+data "aws_secretsmanager_secret_version" "test_restore_account_id" {
+  secret_id = data.aws_secretsmanager_secret.test_restore_account_id.name
+}

terraform/account-wide-infrastructure/mgmt/iam__developer-role.tf

@@ -63,7 +63,8 @@ module "developer_policy" {
       Resource = [
         "arn:aws:iam::${data.aws_secretsmanager_secret_version.dev_account_id.secret_string}:role/terraform",
         "arn:aws:iam::${data.aws_secretsmanager_secret_version.test_account_id.secret_string}:role/terraform",
-        "arn:aws:iam::${data.aws_secretsmanager_secret_version.test_backup_account_id.secret_string}:role/terraform"
+        "arn:aws:iam::${data.aws_secretsmanager_secret_version.test_backup_account_id.secret_string}:role/terraform",
+        "arn:aws:iam::${data.aws_secretsmanager_secret_version.test_restore_account_id.secret_string}:role/terraform"
       ]
     },
     {

terraform/account-wide-infrastructure/test/domain.tf

@@ -5,6 +5,7 @@ module "qa-custom-domain-name" {
   domain_zone                   = aws_route53_zone.test-qa-ns.name
   mtls_certificate_file         = "s3://${module.qa-truststore-bucket.bucket_name}/${module.qa-truststore-bucket.certificates_object_key}"
   mtls_certificate_file_version = module.qa-truststore-bucket.certificates_object_version
+  depends_on                    = [aws_route53_zone.test-qa-ns]
 }
 
 module "qasandbox-custom-domain-name" {
@@ -13,6 +14,7 @@ module "qasandbox-custom-domain-name" {
   domain_zone                   = aws_route53_zone.test-qa-ns.name
   mtls_certificate_file         = "s3://${module.qa-truststore-bucket.bucket_name}/${module.qa-truststore-bucket.certificates_object_key}"
   mtls_certificate_file_version = module.qa-truststore-bucket.certificates_object_version
+  depends_on                    = [aws_route53_zone.test-qa-ns]
 }
 
 module "int-custom-domain-name" {
@@ -21,6 +23,7 @@ module "int-custom-domain-name" {
   domain_zone                   = aws_route53_zone.test-int-ns.name
   mtls_certificate_file         = "s3://${module.int-truststore-bucket.bucket_name}/${module.int-truststore-bucket.certificates_object_key}"
   mtls_certificate_file_version = module.int-truststore-bucket.certificates_object_version
+  depends_on                    = [aws_route53_zone.test-int-ns]
 }
 
 module "intsandbox-custom-domain-name" {
@@ -29,6 +32,7 @@ module "intsandbox-custom-domain-name" {
   domain_zone                   = aws_route53_zone.test-int-ns.name
   mtls_certificate_file         = "s3://${module.int-truststore-bucket.bucket_name}/${module.int-truststore-bucket.certificates_object_key}"
   mtls_certificate_file_version = module.int-truststore-bucket.certificates_object_version
+  depends_on                    = [aws_route53_zone.test-int-ns]
 }
 
 module "ref-custom-domain-name" {
@@ -37,6 +41,7 @@ module "ref-custom-domain-name" {
   domain_zone                   = aws_route53_zone.test-ref-ns.name
   mtls_certificate_file         = "s3://${module.ref-truststore-bucket.bucket_name}/${module.ref-truststore-bucket.certificates_object_key}"
   mtls_certificate_file_version = module.ref-truststore-bucket.certificates_object_version
+  depends_on                    = [aws_route53_zone.test-ref-ns]
 }
 
 module "perftest-custom-domain-name" {