From 2c19bef97de159e7777de46e3de5f4ae24ad0586 Mon Sep 17 00:00:00 2001 From: ep-93 <109581241+ep-93@users.noreply.github.com> Date: Wed, 20 Dec 2023 11:03:34 +0000 Subject: [PATCH] Revert "secret manager replica test" --- terraform/environments/secrets.tf | 3 --- .../modernisation-platform-account/locals.tf | 2 -- .../modernisation-platform-account/secrets.tf | 22 +------------------ terraform/pagerduty/aws.tf | 9 -------- terraform/pagerduty/locals.tf | 2 -- 5 files changed, 1 insertion(+), 37 deletions(-) diff --git a/terraform/environments/secrets.tf b/terraform/environments/secrets.tf index 5f73184d0..1d1565ec9 100644 --- a/terraform/environments/secrets.tf +++ b/terraform/environments/secrets.tf @@ -7,9 +7,6 @@ resource "aws_secretsmanager_secret" "environment_management" { kms_key_id = aws_kms_key.environment_management.id policy = data.aws_iam_policy_document.environment_management.json tags = local.environments - replica { - region = "eu-west-1" - } } resource "aws_secretsmanager_secret_version" "environment_management" { diff --git a/terraform/modernisation-platform-account/locals.tf b/terraform/modernisation-platform-account/locals.tf index 6d8723975..b086831dd 100644 --- a/terraform/modernisation-platform-account/locals.tf +++ b/terraform/modernisation-platform-account/locals.tf @@ -18,6 +18,4 @@ locals { is-production = true owner = "Modernisation Platform: modernisation-platform@digital.justice.gov.uk" } - - replica_region = "eu-west-1" } diff --git a/terraform/modernisation-platform-account/secrets.tf b/terraform/modernisation-platform-account/secrets.tf index 5096b6057..d07f28049 100644 --- a/terraform/modernisation-platform-account/secrets.tf +++ b/terraform/modernisation-platform-account/secrets.tf @@ -10,9 +10,6 @@ resource "aws_secretsmanager_secret" "slack_webhook_url" { name = "slack_webhook_url" description = "Slack channel modernisation-platform-notifications webhook url for sending notifications to slack" tags = local.tags - replica { - region = local.replica_region - } } # Github CI user PAT @@ -27,9 +24,6 @@ resource "aws_secretsmanager_secret" "github_ci_user_pat" { name = "github_ci_user_pat" description = "GitHub CI user PAT used for generated resources in GitHub via Terraform" tags = local.tags - replica { - region = local.replica_region - } } # Github CI user environments repo PAT @@ -44,9 +38,6 @@ resource "aws_secretsmanager_secret" "github_ci_user_environments_repo_pat" { name = "github_ci_user_environments_repo_pat" description = "This PAT token is used in reusable pipelines of the modernisation-platform-environments repository. This is so that the CI user can post comments in PRs, e.g. tf plan/apply output. Expires on Tue, Apr 9 2024." tags = local.tags - replica { - region = local.replica_region - } } # Github CI user password @@ -61,9 +52,6 @@ resource "aws_secretsmanager_secret" "github_ci_user_password" { name = "github_ci_user_password" description = "GitHub CI user password" tags = local.tags - replica { - region = local.replica_region - } } # Account IDs to be excluded from auto-nuke @@ -76,9 +64,6 @@ resource "aws_secretsmanager_secret" "nuke_account_blocklist" { name = "nuke_account_blocklist" description = "Account IDs to be excluded from auto-nuke. AWS-Nuke (https://github.com/rebuy-de/aws-nuke) requires at least one Account ID to be present in this blocklist, while it is recommended to add every production account to this blocklist." tags = local.tags - replica { - region = local.replica_region - } } # Account IDs to be auto-nuked on weekly basis @@ -91,9 +76,6 @@ resource "aws_secretsmanager_secret" "nuke_account_ids" { name = "nuke_account_ids" description = "Account IDs to be auto-nuked on weekly basis. CAUTION: Any account ID you add here will be automatically nuked! This secret is used by GitHub actions job nuke.yml inside the environments repo, to find the Account IDs to be nuked." tags = local.tags - replica { - region = local.replica_region - } } # Reflection of what is in member accounts, needed here as well so that the same code works for collaborators @@ -102,6 +84,7 @@ resource "aws_ssm_parameter" "modernisation_platform_account_id" { name = "modernisation_platform_account_id" type = "SecureString" value = data.aws_caller_identity.current.id + tags = local.tags } @@ -112,9 +95,6 @@ resource "aws_secretsmanager_secret" "circleci" { # checkov:skip=CKV2_AWS_57:Auto rotation not possible name = "mod-platform-circleci" description = "CircleCI organisation ID for ministryofjustice, used for OIDC IAM policies" - replica { - region = local.replica_region - } } resource "aws_secretsmanager_secret_version" "circleci" { diff --git a/terraform/pagerduty/aws.tf b/terraform/pagerduty/aws.tf index 6dbbc64b3..be4169a87 100644 --- a/terraform/pagerduty/aws.tf +++ b/terraform/pagerduty/aws.tf @@ -10,9 +10,6 @@ resource "aws_secretsmanager_secret" "pagerduty_integration_keys" { name = "pagerduty_integration_keys" policy = data.aws_iam_policy_document.pagerduty_secret.json tags = local.tags - replica { - region = local.replica_region - } } resource "aws_secretsmanager_secret_version" "pagerduty_integration_keys" { @@ -71,9 +68,6 @@ resource "aws_secretsmanager_secret" "pagerduty_token" { name = "pagerduty_token" description = "PagerDuty api token, used by PagerDuty Terraform to manage most PagerDuty resources" tags = local.tags - replica { - region = local.replica_region - } } # Pagerduty user token @@ -85,7 +79,4 @@ resource "aws_secretsmanager_secret" "pagerduty_user_token" { name = "pagerduty_userapi_token" description = "PagerDuty api user level token, used to link services to Slack channels. A valid PD and Slack user needed (to authorise against a slack user), needed in addition to the org level token" tags = local.tags - replica { - region = local.replica_region - } } diff --git a/terraform/pagerduty/locals.tf b/terraform/pagerduty/locals.tf index fd434d689..1a3b29b4e 100644 --- a/terraform/pagerduty/locals.tf +++ b/terraform/pagerduty/locals.tf @@ -60,8 +60,6 @@ locals { is-production = true owner = "Modernisation Platform: modernisation-platform@digital.justice.gov.uk" } - - replica_region = "eu-west-1" } # existing users