parameterise

Signed-off-by: Jacob Woffenden <jacob.woffenden@justice.gov.uk>
ministryofjustice · Nov 13, 2024 · 85408a1 · 85408a1
1 parent c568602
commit 85408a1
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/terraform/environments/analytical-platform-ingestion/environment-configuration.tf b/terraform/environments/analytical-platform-ingestion/environment-configuration.tf
@@ -31,6 +31,9 @@ locals {
       target_buckets          = ["mojap-land-dev"]
       datasync_target_buckets = ["mojap-land-dev"]
 
+      /* Target KMS */
+      mojap_land_kms_key = "arn:aws:kms:eu-west-1:${local.environment_management.account_ids["analytical-plaform-data-production"]}:key/8c53fbac-3106-422a-8f3d-409bb3b0c94d"
+
       /* Transfer Server */
       transfer_server_hostname   = "sftp.development.ingestion.analytical-platform.service.justice.gov.uk"
       transfer_server_sftp_users = {}
@@ -76,6 +79,9 @@ locals {
       target_buckets          = ["mojap-land"]
       datasync_target_buckets = ["mojap-land"]
 
+      /* Target KMS */
+      mojap_land_kms_key = "arn:aws:kms:eu-west-1:${local.environment_management.account_ids["analytical-plaform-data-production"]}:key/2855ac30-4e14-482e-85ca-53258e01f64c"
+
       /* Transfer Server */
       transfer_server_hostname   = "sftp.ingestion.analytical-platform.service.justice.gov.uk"
       transfer_server_sftp_users = {}

diff --git a/terraform/environments/analytical-platform-ingestion/iam-policies.tf b/terraform/environments/analytical-platform-ingestion/iam-policies.tf
@@ -98,7 +98,7 @@ data "aws_iam_policy_document" "datasync_replication" {
       "kms:Encrypt",
       "kms:GenerateDataKey"
     ]
-    resources = ["arn:aws:kms:eu-west-1:593291632749:key/2855ac30-4e14-482e-85ca-53258e01f64c"]
+    resources = [local.environment_configuration.mojap_land_kms_key]
   }
   statement {
     sid    = "SourceBucketKMSKey"

diff --git a/terraform/environments/analytical-platform-ingestion/s3.tf b/terraform/environments/analytical-platform-ingestion/s3.tf
@@ -190,14 +190,14 @@ module "datasync_bucket" {
         }
 
         destination = {
-          account_id    = "593291632749" // TODO: replace with local.environment_management account ID
+          account_id    = local.environment_management.account_ids["analytical-plaform-data-production"]
           bucket        = "arn:aws:s3:::${local.environment_configuration.datasync_target_buckets[0]}"
           storage_class = "STANDARD"
           access_control_translation = {
             owner = "Destination"
           }
           encryption_configuration = {
-            replica_kms_key_id = "arn:aws:kms:eu-west-1:593291632749:key/2855ac30-4e14-482e-85ca-53258e01f64c"
+            replica_kms_key_id = local.environment_configuration.mojap_land_kms_key
           }
           metrics = {
             status  = "Enabled"