Skip to content

Commit

Permalink
latest modules
Browse files Browse the repository at this point in the history
  • Loading branch information
ian-hoyle committed Dec 20, 2024
1 parent 364ae33 commit 33ac9b9
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 7 deletions.
5 changes: 4 additions & 1 deletion root.tf
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,10 @@ module "upload_file_cloudfront_dirty_s3" {
cloudfront_oai = module.cloudfront_upload.cloudfront_oai_iam_arn
cloudfront_distribution_arns = [module.cloudfront_upload.cloudfront_arn]
}

# This is the only module that uses the canonical user grants in the tdr-terraform-modules/s3 module
# Grants are no longer the recommended way to grant access to a bucket, so the s3 module will use the canonical user grants id
# in the bucket policy with permissions equivalent to 'FULL_CONTROL'
# Tdr-terraform-modules/s3 module will be deprecated in the future.
module "upload_file_cloudfront_logs" {
source = "./tdr-terraform-modules/s3"
project = var.project
Expand Down
19 changes: 15 additions & 4 deletions root_draft_metadata.tf
Original file line number Diff line number Diff line change
Expand Up @@ -48,11 +48,22 @@ module "draft_metadata_api_gateway" {
resource "aws_iam_role" "draft_metadata_api_gateway_execution_role" {
name = "TDRMetadataChecksAPIGatewayExecutionRole${title(local.environment)}"
assume_role_policy = templatefile("./templates/iam_policy/assume_role_policy.json.tpl", { service = "apigateway.amazonaws.com" })
}

inline_policy {
name = "TDRMetadataChecksAPIGatewayStepFunctionExecutionPolicy${title(local.environment)}"
policy = templatefile("./templates/iam_policy/api_gateway_state_machine_policy.json.tpl", { account_id = data.aws_caller_identity.current.account_id, state_machine_arn = module.draft_metadata_checks.step_function_arn })
}
resource "aws_iam_policy" "api_gateway_execution_policy" {
name = "TDRMetadataChecksAPIGatewayStepFunctionExecutionPolicy${title(local.environment)}"
policy = templatefile(
"./templates/iam_policy/api_gateway_state_machine_policy.json.tpl",
{
account_id = data.aws_caller_identity.current.account_id,
state_machine_arn = module.draft_metadata_checks.step_function_arn
}
)
}

resource "aws_iam_role_policy_attachment" "api_gateway_execution_policy" {
role = aws_iam_role.draft_metadata_api_gateway_execution_role.name
policy_arn = aws_iam_policy.api_gateway_execution_policy.arn
}

module "draft_metadata_bucket" {
Expand Down
2 changes: 1 addition & 1 deletion root_keycloak.tf
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ module "keycloak_database_instance" {
availability_zone = local.database_availability_zone
common_tags = local.common_tags
database_name = "keycloak"
database_version = "14.12"
database_version = local.environment == "prod" ? "14.12" : "16.3"
environment = local.environment
kms_key_id = module.encryption_key.kms_key_arn
private_subnets = module.shared_vpc.private_subnets
Expand Down

0 comments on commit 33ac9b9

Please sign in to comment.