diff --git a/terraform/environments/nomis/locals.tf b/terraform/environments/nomis/locals.tf index de16f075afb..d2d8f580c8f 100644 --- a/terraform/environments/nomis/locals.tf +++ b/terraform/environments/nomis/locals.tf @@ -44,14 +44,14 @@ locals { enable_ec2_user_keypair = true enable_s3_bucket = true enable_s3_db_backup_bucket = true + enable_s3_software_bucket = true enable_image_builder = true enable_hmpps_domain = true # Syscon users are collaborators so need domain creds to access nomis-client EC2s iam_policies_filter = ["ImageBuilderS3BucketWriteAndDeleteAccessPolicy"] iam_policies_ec2_default = ["EC2S3BucketWriteAndDeleteAccessPolicy", "ImageBuilderS3BucketWriteAndDeleteAccessPolicy"] - route53_resolver_rules = { - outbound-data-and-private-subnets = ["azure-fixngo-domain"] - } - s3_iam_policies = ["EC2S3BucketWriteAndDeleteAccessPolicy"] + route53_resolver_rules = { outbound-data-and-private-subnets = ["azure-fixngo-domain"] } + s3_iam_policies = ["EC2S3BucketWriteAndDeleteAccessPolicy"] + software_bucket_name = "ec2-image-builder-nomis" } } diff --git a/terraform/environments/nomis/locals_development.tf b/terraform/environments/nomis/locals_development.tf index 1a77135b4bb..6b193357891 100644 --- a/terraform/environments/nomis/locals_development.tf +++ b/terraform/environments/nomis/locals_development.tf @@ -476,15 +476,15 @@ locals { } s3_buckets = { - nomis-audit-archives = { - custom_kms_key = module.environment.kms_keys["general"].arn - iam_policies = module.baseline_presets.s3_iam_policies - lifecycle_rule = [module.baseline_presets.s3_lifecycle_rules.default] - } + # nomis-audit-archives = { + # custom_kms_key = module.environment.kms_keys["general"].arn + # iam_policies = module.baseline_presets.s3_iam_policies + # lifecycle_rule = [module.baseline_presets.s3_lifecycle_rules.rman_backup_one_month] + # } syscon-bucket = { custom_kms_key = module.environment.kms_keys["general"].arn iam_policies = module.baseline_presets.s3_iam_policies - lifecycle_rule = [module.baseline_presets.s3_lifecycle_rules.default] + lifecycle_rule = [module.baseline_presets.s3_lifecycle_rules.software] } } diff --git a/terraform/environments/nomis/locals_preproduction.tf b/terraform/environments/nomis/locals_preproduction.tf index d84038c0386..607eefdc3fc 100644 --- a/terraform/environments/nomis/locals_preproduction.tf +++ b/terraform/environments/nomis/locals_preproduction.tf @@ -521,13 +521,13 @@ locals { } s3_buckets = { - nomis-audit-archives = { - custom_kms_key = module.environment.kms_keys["general"].arn - iam_policies = module.baseline_presets.s3_iam_policies - lifecycle_rule = [ - module.baseline_presets.s3_lifecycle_rules.ninety_day_standard_ia_ten_year_expiry - ] - } + # nomis-audit-archives = { + # custom_kms_key = module.environment.kms_keys["general"].arn + # iam_policies = module.baseline_presets.s3_iam_policies + # lifecycle_rule = [ + # module.baseline_presets.s3_lifecycle_rules.ninety_day_standard_ia_ten_year_expiry + # ] + # } } secretsmanager_secrets = { diff --git a/terraform/environments/nomis/locals_test.tf b/terraform/environments/nomis/locals_test.tf index ab771bd3d4f..9272012e8ec 100644 --- a/terraform/environments/nomis/locals_test.tf +++ b/terraform/environments/nomis/locals_test.tf @@ -684,17 +684,6 @@ locals { iam_policies = module.baseline_presets.s3_iam_policies lifecycle_rule = [module.baseline_presets.s3_lifecycle_rules.default] } - - # use this bucket for storing artefacts for use across all accounts - ec2-image-builder-nomis = { - bucket_policy_v2 = [ - module.baseline_presets.s3_bucket_policies.ImageBuilderWriteAccessBucketPolicy, - module.baseline_presets.s3_bucket_policies.AllEnvironmentsWriteAccessBucketPolicy, - ] - custom_kms_key = module.environment.kms_keys["general"].arn - iam_policies = module.baseline_presets.s3_iam_policies - lifecycle_rule = [module.baseline_presets.s3_lifecycle_rules.default] - } } secretsmanager_secrets = {