var enviornment changes and addressed comments

Author: robertnovac1

infra/.terraform.lock.hcl

@@ -214,11 +214,6 @@ resource "aws_vpc_endpoint" "kinesis_stream_endpoint" {
   }
 }
 
-# TODO - remove and use the key we manage in this Terraform workspace
-data "aws_kms_key" "existing_lambda_env_encryption" {
-  count  = var.environment == "non-prod" ? 1 : 0
-  key_id = "648c8c6f-54bf-4b79-ad72-0be6e8d72423"
-}
 
 resource "aws_vpc_endpoint" "kms_endpoint" {
   vpc_id            = aws_vpc.default.id
@@ -242,15 +237,10 @@ resource "aws_vpc_endpoint" "kms_endpoint" {
           "kms:Encrypt",
           "kms:GenerateDataKey*"
         ],
-        Resource = var.environment == "prod" ? [
+        Resource = [
           aws_kms_key.lambda_env_encryption.arn,
           aws_kms_key.s3_shared_key.arn
-          ] : concat([
-            aws_kms_key.lambda_env_encryption.arn,
-            aws_kms_key.s3_shared_key.arn
-            ], length(data.aws_kms_key.existing_lambda_env_encryption) > 0 ? [
-            data.aws_kms_key.existing_lambda_env_encryption[0].arn
-        ] : [])
+        ]
       }
     ]
   })

infra/endpoints.tf

@@ -4,6 +4,6 @@ admin_role               = "root" # We shouldn't be using the root account. Ther
 dev_ops_role             = "role/DevOps"
 auto_ops_role            = "role/auto-ops"
 dspp_admin_role          = "root"
-environment              = "non-prod"
+environment              = "dev"
 parent_route53_zone_name = "dev.vds.platform.nhs.uk"
 child_route53_zone_name  = "imms.dev.vds.platform.nhs.uk"

infra/environments/non-prod/variables.tfvars

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 5"
+      version = "~> 6"
     }
   }
   backend "s3" {

infra/main.tf

@@ -13,15 +13,14 @@ locals {
       availability_zone = "eu-west-2c"
     }
   ]
-  environment = var.environment == "non-prod" ? "dev" : var.environment
 }
 
 resource "aws_vpc" "default" {
   cidr_block           = "172.31.0.0/16"
   enable_dns_support   = true
   enable_dns_hostnames = true
   tags = {
-    Name = "imms-${local.environment}-fhir-api-vpc"
+    Name = "imms-${var.environment}-fhir-api-vpc"
   }
 }
 
@@ -36,14 +35,14 @@ resource "aws_subnet" "default_subnets" {
 resource "aws_internet_gateway" "default" {
   vpc_id = aws_vpc.default.id
   tags = {
-    Name = "imms-${local.environment}-fhir-api-igw"
+    Name = "imms-${var.environment}-fhir-api-igw"
   }
 }
 
 resource "aws_route_table" "default" {
   vpc_id = aws_vpc.default.id
   tags = {
-    Name = "imms-${local.environment}-fhir-api-rtb"
+    Name = "imms-${var.environment}-fhir-api-rtb"
   }
 }
 

infra/networking.tf

@@ -54,18 +54,6 @@ resource "aws_s3_bucket_policy" "batch_data_source_bucket_policy" {
   })
 }
 
-# resource "aws_s3_bucket_server_side_encryption_configuration" "s3_batch_source_encryption" {
-#   count = local.environment == "prod" ? 1 : 0
-#   bucket = aws_s3_bucket.batch_data_source_bucket[0].bucket
-
-#   rule {
-#     apply_server_side_encryption_by_default {
-#       kms_master_key_id = data.aws_kms_key.existing_s3_encryption_key.arn
-#       sse_algorithm     = "aws:kms"
-#     }
-#   }
-# }
-
 resource "aws_s3_bucket_lifecycle_configuration" "datasources_lifecycle" {
   count  = var.environment == "prod" ? 1 : 0
   bucket = aws_s3_bucket.batch_data_source_bucket[0].bucket