Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UML-3138 Move TF account to region #2379

Merged
merged 11 commits into from
Oct 25, 2023
Merged

UML-3138 Move TF account to region #2379

merged 11 commits into from
Oct 25, 2023

Conversation

ntse
Copy link
Contributor

@ntse ntse commented Oct 24, 2023
edited
Loading

Purpose

Move account resources into region

Fixes UML-3138

Approach

Explain how your code addresses the purpose of the change

Learning

Any tips and tricks, blog posts or tools which helped you. Plus anything notable you've discovered about the Use a Lasting Power of Attorney service

Checklist

  • I have performed a self-review of my own code
  • I have added relevant logging with appropriate levels to my code
  • New event_codes have been documented on the wiki page
  • I have updated documentation (Confluence/GitHub wiki/tech debt doc) where relevant
  • I have added tests to prove my work
  • I have added welsh translation tags and updated translation files
  • I have run an accessibility tool on any pages I have made changes to and fixed any issues found
  • I have notified the Interaction Designer of any content changes so that appropriate screenshots/flow diagram changes can be made
  • The product team have tested these changes

@ntse ntse requested a review from a team as a code owner October 24, 2023 11:14
andrewpearce-digital
andrewpearce-digital reviewed Oct 24, 2023
View reviewed changes
terraform/account/region/cloudwatch.tf
}

resource "aws_kms_key" "cloudwatch" {
description = "Cloudwatch encryption ${local.environment}"
description = "Cloudwatch encryption ${var.environment_name}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this could be the multi region kms key module

andrewpearce-digital
andrewpearce-digital reviewed Oct 24, 2023
View reviewed changes
terraform/account/secretsmanager.tf
kms_key_id = module.secrets_manager_mrk.key_id

replica {
kms_key_id = module.secrets_manager_mrk.key_id
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this needs to be the id of the key in the region of the replicated secret, so the id of the replicated/secondary kms key.

This would have an affect if you needed to reference the key ARN (which has the region)

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret#replica

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Related multi-Region keys have the same key ID. Happy to change if it will reduce ambiguity

@ntse ntse merged commit 1ffc690 into main Oct 25, 2023
22 checks passed
@ntse ntse deleted the UML-3138 branch October 25, 2023 16:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewpearce-digital andrewpearce-digital andrewpearce-digital approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ntse @andrewpearce-digital