VED-874: Add missing values for TF vars. (#937)

mfjarvis · web-flow · commit 2e3f61573bd3 · 2025-10-27T14:17:13.000Z
diff --git a/infrastructure/account/environments/dev/variables.tfvars b/infrastructure/account/environments/dev/variables.tfvars
@@ -1,10 +1,8 @@
 imms_account_id  = "345594581768"
 dspp_account_id  = "603871901111"
 mns_account_id   = "631615744739"
-csoc_account_id  = "693466633220"
 admin_role       = "root" # We shouldn't be using the root account. There should be an Admin role
 dev_ops_role     = "role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_DEV-IMMS-Devops_745af4f208886ecc"
 dspp_admin_role  = "root"
-mns_admin_role   = "role/nhs-mns-events-lambda-delivery"
 environment      = "dev"
 blue_green_split = false
diff --git a/infrastructure/account/environments/preprod/variables.tfvars b/infrastructure/account/environments/preprod/variables.tfvars
@@ -1,11 +1,9 @@
 imms_account_id = "084828561157"
 dspp_account_id = "603871901111"
 mns_account_id  = "631615744739"
-csoc_account_id = "693466633220"
 # admin_role               = "role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Admin_acce656dcacf6f4c"
 admin_role       = "root"
 dev_ops_role     = "role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Devops_1d28e4f37b940bcd"
 dspp_admin_role  = "root"
-mns_admin_role   = "role/nhs-mns-events-lambda-delivery"
 environment      = "preprod"
 blue_green_split = true
diff --git a/infrastructure/account/environments/prod/variables.tfvars b/infrastructure/account/environments/prod/variables.tfvars
@@ -1,11 +1,9 @@
 imms_account_id = "664418956997"
 dspp_account_id = "232116723729"
 mns_account_id  = "758334270304"
-csoc_account_id = "693466633220"
 # admin_role               = "role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PROD-IMMS-Admin_edd6691e4b74064e"
 admin_role       = "root"
 dev_ops_role     = "role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PROD-IMMS-Devops_8f32c62195d56b76"
 dspp_admin_role  = "root"
-mns_admin_role   = "role/nhs-mns-events-lambda-delivery"
 environment      = "prod"
 blue_green_split = true
diff --git a/infrastructure/account/kms.tf b/infrastructure/account/kms.tf
@@ -71,7 +71,7 @@ locals {
     Sid    = "AllowMNSLambdaDelivery",
     Effect = "Allow",
     Principal = {
-      AWS = "arn:aws:iam::${var.mns_account_id}:${var.mns_admin_role}"
+      AWS = "arn:aws:iam::${var.mns_account_id}:${var.mns_delivery_role}"
     },
     Action   = "kms:GenerateDataKey",
     Resource = "*"
diff --git a/infrastructure/account/variables.tf b/infrastructure/account/variables.tf
@@ -11,9 +11,13 @@ variable "dspp_account_id" {
   type        = string
 }
 variable "csoc_account_id" {
-  description = "CSOC Core AWS account ID"
+  description = "CSOC AWS account ID - destination for log forwarding"
   type        = string
-
+  default     = "693466633220"
+}
+variable "mns_account_id" {
+  type        = string
+  description = "MNS AWS account ID - trusted source for MNS notifications"
 }
 
 variable "auto_ops_role" {
@@ -30,6 +34,11 @@ variable "dev_ops_role" {
 variable "dspp_admin_role" {
   type = string
 }
+variable "mns_delivery_role" {
+  type    = string
+  default = "role/nhs-mns-events-lambda-delivery"
+}
+
 variable "build_agent_account_id" {
   type    = string
   default = "958002497996"
@@ -44,6 +53,3 @@ variable "blue_green_split" {
   description = "Whether this account uses blue / green split deployments"
   default     = false
 }
-
-variable "mns_account_id" {}
-variable "mns_admin_role" {}
diff --git a/infrastructure/instance/environments/dev/int/variables.tfvars b/infrastructure/instance/environments/dev/int/variables.tfvars
@@ -1,7 +1,6 @@
 environment                       = "dev"
 immunisation_account_id           = "345594581768"
 dspp_core_account_id              = "603871901111"
-csoc_account_id                   = "693466633220"
 pds_environment                   = "int"
 batch_error_notifications_enabled = true
 pds_check_enabled                 = false
diff --git a/infrastructure/instance/environments/dev/internal-dev/variables.tfvars b/infrastructure/instance/environments/dev/internal-dev/variables.tfvars
@@ -1,7 +1,6 @@
 environment                       = "dev"
 immunisation_account_id           = "345594581768"
 dspp_core_account_id              = "603871901111"
-csoc_account_id                   = "693466633220"
 pds_environment                   = "int"
 batch_error_notifications_enabled = true
 pds_check_enabled                 = true
diff --git a/infrastructure/instance/environments/dev/pr/variables.tfvars b/infrastructure/instance/environments/dev/pr/variables.tfvars
@@ -1,7 +1,6 @@
 environment                       = "dev"
 immunisation_account_id           = "345594581768"
 dspp_core_account_id              = "603871901111"
-csoc_account_id                   = "693466633220"
 pds_environment                   = "int"
 batch_error_notifications_enabled = false
 pds_check_enabled                 = true
diff --git a/infrastructure/instance/environments/dev/ref/variables.tfvars b/infrastructure/instance/environments/dev/ref/variables.tfvars
@@ -1,7 +1,6 @@
 environment                       = "dev"
 immunisation_account_id           = "345594581768"
 dspp_core_account_id              = "603871901111"
-csoc_account_id                   = "693466633220"
 pds_environment                   = "ref"
 batch_error_notifications_enabled = true
 pds_check_enabled                 = true
diff --git a/infrastructure/instance/variables.tf b/infrastructure/instance/variables.tf
@@ -6,7 +6,9 @@ variable "sub_environment" {
 
 variable "immunisation_account_id" {}
 variable "dspp_core_account_id" {}
-variable "csoc_account_id" {}
+variable "csoc_account_id" {
+  default = "693466633220"
+}
 
 variable "create_mesh_processor" {
   default = false
