From 7b07dce9a15097041809778b8ba919aa65c8bd14 Mon Sep 17 00:00:00 2001
From: dms1981 <david.sibley@digital.justice.gov.uk>
Date: Fri, 13 Sep 2024 17:04:43 +0100
Subject: [PATCH] Manage `tipstaff-production` shield response team access
 through code (#7766)

* managed shield response team access through code

* set github provider locally to prevent implict use of latest version
---
 terraform/environments/tipstaff/platform_versions.tf | 4 ++++
 terraform/environments/tipstaff/shield.tf            | 7 +++++++
 2 files changed, 11 insertions(+)
 create mode 100644 terraform/environments/tipstaff/shield.tf

diff --git a/terraform/environments/tipstaff/platform_versions.tf b/terraform/environments/tipstaff/platform_versions.tf
index d75ac92aca1..84ea68086ec 100644
--- a/terraform/environments/tipstaff/platform_versions.tf
+++ b/terraform/environments/tipstaff/platform_versions.tf
@@ -12,6 +12,10 @@ terraform {
       source  = "hashicorp/null"
       version = "~> 3.2"
     }
+    github = {
+      source = "integrations/github"
+      version = "6.2.2"
+    }
   }
   required_version = "~> 1.0"
 }
diff --git a/terraform/environments/tipstaff/shield.tf b/terraform/environments/tipstaff/shield.tf
new file mode 100644
index 00000000000..5de4927c4e4
--- /dev/null
+++ b/terraform/environments/tipstaff/shield.tf
@@ -0,0 +1,7 @@
+data "aws_iam_role" "srt_access" {
+  name = "AWSSRTSupport"
+}
+
+resource "aws_shield_drt_access_role_arn_association" "srt_access" {
+  role_arn = data.aws_iam_role.srt_access.arn
+}