NDR-213 Index truststore bucket

megan-bower4 · megan-bower4 · commit 3edfcc939c67 · 2025-09-11T15:39:10.000+01:00
diff --git a/infrastructure/api_mtls.tf b/infrastructure/api_mtls.tf
@@ -18,7 +18,8 @@ resource "aws_api_gateway_domain_name" "custom_api_domain_mtls" {
   }
 
   mutual_tls_authentication {
-    truststore_uri = "s3://${terraform.workspace}-${var.truststore_bucket_name}/${var.ca_pem_filename}"
+    truststore_uri = "s3://${module.ndr-truststore[0].bucket_id}/${var.ca_pem_filename}"
+    truststore_version = data.aws_s3_object.truststore_ext_cert.version_id
   }
 }
 
diff --git a/infrastructure/buckets.tf b/infrastructure/buckets.tf
@@ -128,6 +128,11 @@ module "ndr-truststore" {
   force_destroy            = local.is_force_destroy
 }
 
+data "aws_s3_object" "truststore_ext_cert" {
+  bucket = module.ndr_truststore[0].bucket_id
+  key    = var.ca_pem_filename
+}
+
 # Lifecycle Rules
 resource "aws_s3_bucket_lifecycle_configuration" "lg-lifecycle-rules" {
   bucket = module.ndr-lloyd-george-store.bucket_id

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,8 @@ resource "aws_api_gateway_domain_name" "custom_api_domain_mtls" {`
`18`	`18`	`}`
`19`	`19`
`20`	`20`	`mutual_tls_authentication {`
`21`		`- truststore_uri = "s3://${terraform.workspace}-${var.truststore_bucket_name}/${var.ca_pem_filename}"`
	`21`	`+ truststore_uri = "s3://${module.ndr-truststore[0].bucket_id}/${var.ca_pem_filename}"`
	`22`	`+ truststore_version = data.aws_s3_object.truststore_ext_cert.version_id`
`22`	`23`	`}`
`23`	`24`	`}`
`24`	`25`