Hosted zone import and variables change

robertnovac1 · robertnovac1 · commit f7f74169d125 · 2025-06-25T09:39:02.000+01:00
diff --git a/infra/environments/int/variables.tfvars b/infra/environments/int/variables.tfvars
@@ -1,7 +1,8 @@
-imms_account_id = "084828561157"
-dspp_account_id = "603871901111"
-admin_role      = "aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Admin_acce656dcacf6f4c"
-dev_ops_role    = "aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Devops_1d28e4f37b940bcd"
-auto_ops_role   = "auto-ops"
-dspp_admin_role = "root"
-environment     = "int"
+imms_account_id   = "084828561157"
+dspp_account_id   = "603871901111"
+admin_role        = "role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Admin_acce656dcacf6f4c"
+dev_ops_role      = "role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Devops_1d28e4f37b940bcd"
+auto_ops_role     = "role/auto-ops"
+dspp_admin_role   = "root"
+environment       = "int"
+route53_zone_name = "imms.int.vds.platform.nhs.uk"
diff --git a/infra/environments/non-prod/variables.tfvars b/infra/environments/non-prod/variables.tfvars
@@ -1,7 +1,8 @@
-imms_account_id = "345594581768"
-dspp_account_id = "603871901111"
-admin_role      = "root" # We shouldn't be using the root account. There should be an Admin role
-dev_ops_role    = "DevOps"
-auto_ops_role   = "auto-ops"
-dspp_admin_role = "root"
-environment     = "non-prod"
+imms_account_id   = "345594581768"
+dspp_account_id   = "603871901111"
+admin_role        = "root" # We shouldn't be using the root account. There should be an Admin role
+dev_ops_role      = "role/DevOps"
+auto_ops_role     = "role/auto-ops"
+dspp_admin_role   = "root"
+environment       = "non-prod"
+route53_zone_name = "imms.dev.vds.platform.nhs.uk"
diff --git a/infra/environments/prod/variables.tfvars b/infra/environments/prod/variables.tfvars
@@ -1,8 +1,9 @@
 imms_account_id = "664418956997"
 dspp_account_id = "232116723729"
 # TODO: Fill in the values below
-admin_role      = "" # We shouldn't be using the root account. There should be an Admin role
-dev_ops_role    = ""
-auto_ops_role   = "auto-ops"
-dspp_admin_role = "root"
-environment     = "prod"
+admin_role        = "" # We shouldn't be using the root account. There should be an Admin role
+dev_ops_role      = ""
+auto_ops_role     = "role/auto-ops"
+dspp_admin_role   = "root"
+environment       = "prod"
+route53_zone_name = "imms.prod.vds.platform.nhs.uk" #TBC 
diff --git a/infra/kms.tf b/infra/kms.tf
@@ -4,7 +4,7 @@ locals {
     Sid    = "AllowKeyAdministration",
     Effect = "Allow",
     Principal = {
-      AWS = "arn:aws:iam::${var.imms_account_id}:role/${var.admin_role}"
+      AWS = "arn:aws:iam::${var.imms_account_id}:${var.admin_role}"
     },
     Action = [
       "kms:Create*",
@@ -30,7 +30,7 @@ locals {
     Sid    = "KMSKeyUserAccess",
     Effect = "Allow",
     Principal = {
-      AWS = "arn:aws:iam::${var.imms_account_id}:role/${var.auto_ops_role}"
+      AWS = "arn:aws:iam::${var.imms_account_id}:${var.auto_ops_role}"
     },
     Action = [
       "kms:Encrypt",
@@ -43,7 +43,7 @@ locals {
     Sid    = "KMSKeyUserAccessForDevOps",
     Effect = "Allow",
     Principal = {
-      AWS = "arn:aws:iam::${var.imms_account_id}:role/${var.dev_ops_role}"
+      AWS = "arn:aws:iam::${var.imms_account_id}:${var.dev_ops_role}"
     },
     Action = [
       "kms:Encrypt",
diff --git a/infra/networking.tf b/infra/networking.tf
@@ -52,3 +52,7 @@ resource "aws_route" "igw_route" {
   destination_cidr_block = "0.0.0.0/16"
   gateway_id             = aws_internet_gateway.default.id
 }
+
+resource "aws_route53_zone" "hosted_zone" {
+  name = var.route53_zone_name
+}
diff --git a/infra/variables.tf b/infra/variables.tf
@@ -8,6 +8,7 @@ variable "auto_ops_role" {}
 variable "admin_role" {}
 variable "dev_ops_role" {}
 variable "dspp_admin_role" {}
+variable "route53_zone_name" {}
 variable "build_agent_account_id" {
   default = "958002497996"
 }

Original file line number	Diff line number	Diff line change
`@@ -52,3 +52,7 @@ resource "aws_route" "igw_route" {`
`52`	`52`	`destination_cidr_block = "0.0.0.0/16"`
`53`	`53`	`gateway_id = aws_internet_gateway.default.id`
`54`	`54`	`}`
	`55`	`+`
	`56`	`+resource "aws_route53_zone" "hosted_zone" {`
	`57`	`+ name = var.route53_zone_name`
	`58`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ variable "auto_ops_role" {}`
`8`	`8`	`variable "admin_role" {}`
`9`	`9`	`variable "dev_ops_role" {}`
`10`	`10`	`variable "dspp_admin_role" {}`
	`11`	`+variable "route53_zone_name" {}`
`11`	`12`	`variable "build_agent_account_id" {`
`12`	`13`	`default = "958002497996"`
`13`	`14`	`}`