NHSDigital
diff --git a/‎infrastructure/instance/modules/api_gateway/api.tf‎
Lines changed: 2 additions & 1 deletion b/‎infrastructure/instance/modules/api_gateway/api.tf‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎infrastructure/instance/modules/api_gateway/mtls_cert.tf‎
Lines changed: 14 additions & 0 deletions b/‎infrastructure/instance/modules/api_gateway/mtls_cert.tf‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎lambdas/ack_backend/poetry.lock‎
Lines changed: 5 additions & 5 deletions b/‎lambdas/ack_backend/poetry.lock‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎lambdas/backend/poetry.lock‎
Lines changed: 5 additions & 5 deletions b/‎lambdas/backend/poetry.lock‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎lambdas/delta_backend/poetry.lock‎
Lines changed: 5 additions & 5 deletions b/‎lambdas/delta_backend/poetry.lock‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎lambdas/filenameprocessor/poetry.lock‎
Lines changed: 5 additions & 5 deletions b/‎lambdas/filenameprocessor/poetry.lock‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎lambdas/id_sync/poetry.lock‎
Lines changed: 5 additions & 5 deletions b/‎lambdas/id_sync/poetry.lock‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎lambdas/mesh_processor/poetry.lock‎
Lines changed: 5 additions & 5 deletions b/‎lambdas/mesh_processor/poetry.lock‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎lambdas/recordforwarder/poetry.lock‎
Lines changed: 9 additions & 9 deletions b/‎lambdas/recordforwarder/poetry.lock‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎lambdas/recordprocessor/poetry.lock‎
Lines changed: 5 additions & 5 deletions b/‎lambdas/recordprocessor/poetry.lock‎
Lines changed: 5 additions & 5 deletions
@@ -38,7 +38,8 @@ resource "aws_apigatewayv2_domain_name" "service_api_domain_name" {
     security_policy = "TLS_1_2"
   }
   mutual_tls_authentication {
-    truststore_uri = "s3://${aws_s3_bucket.truststore_bucket.bucket}/${local.truststore_file_name}"
+    truststore_uri     = "s3://${aws_s3_bucket.truststore_bucket.bucket}/${local.truststore_file_name}"
+    truststore_version = aws_s3_object_copy.copy_cert_from_storage.version_id
   }
   tags = {
     Name = "${var.prefix}-api-domain-name"
 
@@ -12,13 +12,27 @@ data "aws_s3_object" "cert" {
   key    = local.truststore_file_name
 }
 
+resource "terraform_data" "cert_etag" {
+  input = data.aws_s3_object.cert.etag
+}
+
 resource "aws_s3_bucket" "truststore_bucket" {
   bucket        = "${var.prefix}-truststores"
   force_destroy = true
 }
 
+resource "aws_s3_bucket_versioning" "truststore_bucket" {
+  bucket = aws_s3_bucket.truststore_bucket.bucket
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
 resource "aws_s3_object_copy" "copy_cert_from_storage" {
   bucket = aws_s3_bucket.truststore_bucket.bucket
   key    = local.truststore_file_name
   source = "${data.aws_s3_object.cert.bucket}/${local.truststore_file_name}"
+  lifecycle {
+    replace_triggered_by = [terraform_data.cert_etag]
+  }
 }
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,8 @@ resource "aws_apigatewayv2_domain_name" "service_api_domain_name" {`
`38`	`38`	`security_policy = "TLS_1_2"`
`39`	`39`	`}`
`40`	`40`	`mutual_tls_authentication {`
`41`		`- truststore_uri = "s3://${aws_s3_bucket.truststore_bucket.bucket}/${local.truststore_file_name}"`
	`41`	`+ truststore_uri = "s3://${aws_s3_bucket.truststore_bucket.bucket}/${local.truststore_file_name}"`
	`42`	`+ truststore_version = aws_s3_object_copy.copy_cert_from_storage.version_id`
`42`	`43`	`}`
`43`	`44`	`tags = {`
`44`	`45`	`Name = "${var.prefix}-api-domain-name"`