Revert admin role change as this prevents auto-ops from managing KMS keys via TF.

mfjarvis · mfjarvis · commit 17010c00e32b · 2025-08-20T14:21:29.000+01:00
diff --git a/infra/environments/dev/variables.tfvars b/infra/environments/dev/variables.tfvars
@@ -4,4 +4,4 @@ admin_role               = "root" # We shouldn't be using the root account. Ther
 dev_ops_role             = "role/DevOps"
 dspp_admin_role          = "root"
 environment              = "dev"
-blue_green_split = false
+blue_green_split         = false
diff --git a/infra/environments/preprod/variables.tfvars b/infra/environments/preprod/variables.tfvars
@@ -1,7 +1,8 @@
 imms_account_id          = "084828561157"
 dspp_account_id          = "603871901111"
-admin_role               = "role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Admin_acce656dcacf6f4c"
+# admin_role               = "role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Admin_acce656dcacf6f4c"
+admin_role               = "root"
 dev_ops_role             = "role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Devops_1d28e4f37b940bcd"
 dspp_admin_role          = "root"
 environment              = "preprod"
-blue_green_split = true
+blue_green_split         = true
diff --git a/infra/environments/prod/variables.tfvars b/infra/environments/prod/variables.tfvars
@@ -1,7 +1,8 @@
 imms_account_id          = "664418956997"
 dspp_account_id          = "232116723729"
-admin_role               = "role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PROD-IMMS-Admin_edd6691e4b74064e"
+# admin_role               = "role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PROD-IMMS-Admin_edd6691e4b74064e"
+admin_role               = "root"
 dev_ops_role             = "role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PROD-IMMS-Devops_8f32c62195d56b76"
 dspp_admin_role          = "root"
 environment              = "prod"
-blue_green_split = true
+blue_green_split         = true
diff --git a/infra/variables.tf b/infra/variables.tf
@@ -1,39 +1,40 @@
 variable "aws_region" {
-    type = string
+  type    = string
   default = "eu-west-2"
 }
 variable "imms_account_id" {
-    description = "Immunisation AWS account ID"
-    type = string
+  description = "Immunisation AWS account ID"
+  type        = string
 }
 variable "dspp_account_id" {
-    description = "DSPP Core AWS account ID"
-    type = string
+  description = "DSPP Core AWS account ID"
+  type        = string
 }
 variable "auto_ops_role" {
-    default = "role/auto-ops"
-    type = string
+  default = "role/auto-ops"
+  type    = string
 }
 variable "admin_role" {
-    type = string
+  default = "root"
+  type    = string
 }
 variable "dev_ops_role" {
-    type = string
+  type = string
 }
 variable "dspp_admin_role" {
-    type = string
+  type = string
 }
 variable "build_agent_account_id" {
-    type = string
+  type    = string
   default = "958002497996"
 }
 variable "environment" {
-    type = string
-    description = "Immunisation AWS account name (dev / preprod / prod)"
-  default = "dev"
+  type        = string
+  description = "Immunisation AWS account name (dev / preprod / prod)"
+  default     = "dev"
 }
 variable "blue_green_split" {
-    type = bool
-    description = "Whether this account uses blue / green split deployments"
-    default = false
+  type        = bool
+  description = "Whether this account uses blue / green split deployments"
+  default     = false
 }
