Merge branch 'master' into dependabot/pip/lambdas/recordprocessor/werkzeug-3.1.4

Author: dlzhry2nhs

infrastructure/instance/modules/api_gateway/api.tf

@@ -38,7 +38,8 @@ resource "aws_apigatewayv2_domain_name" "service_api_domain_name" {
     security_policy = "TLS_1_2"
   }
   mutual_tls_authentication {
-    truststore_uri = "s3://${aws_s3_bucket.truststore_bucket.bucket}/${local.truststore_file_name}"
+    truststore_uri     = "s3://${aws_s3_bucket.truststore_bucket.bucket}/${local.truststore_file_name}"
+    truststore_version = aws_s3_object_copy.copy_cert_from_storage.version_id
   }
   tags = {
     Name = "${var.prefix}-api-domain-name"

infrastructure/instance/modules/api_gateway/mtls_cert.tf

@@ -12,13 +12,27 @@ data "aws_s3_object" "cert" {
   key    = local.truststore_file_name
 }
 
+resource "terraform_data" "cert_etag" {
+  input = data.aws_s3_object.cert.etag
+}
+
 resource "aws_s3_bucket" "truststore_bucket" {
   bucket        = "${var.prefix}-truststores"
   force_destroy = true
 }
 
+resource "aws_s3_bucket_versioning" "truststore_bucket" {
+  bucket = aws_s3_bucket.truststore_bucket.bucket
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
 resource "aws_s3_object_copy" "copy_cert_from_storage" {
   bucket = aws_s3_bucket.truststore_bucket.bucket
   key    = local.truststore_file_name
   source = "${data.aws_s3_object.cert.bucket}/${local.truststore_file_name}"
+  lifecycle {
+    replace_triggered_by = [terraform_data.cert_etag]
+  }
 }