From 1b09ae139926f8ce23dfc4e2c6acb8e3cf634f27 Mon Sep 17 00:00:00 2001
From: tajewole-moj <tunde.ajewole@digital.justice.gov.uk>
Date: Mon, 14 Aug 2023 12:53:25 +0100
Subject: [PATCH 01/12] new acm-cert for dev.legal.service

---
 terraform/environments/portal/acm_certificate.tf   | 14 ++++++++++++++
 .../environments/portal/application_variables.json |  4 ++--
 2 files changed, 16 insertions(+), 2 deletions(-)
 create mode 100644 terraform/environments/portal/acm_certificate.tf

diff --git a/terraform/environments/portal/acm_certificate.tf b/terraform/environments/portal/acm_certificate.tf
new file mode 100644
index 00000000000..848915de358
--- /dev/null
+++ b/terraform/environments/portal/acm_certificate.tf
@@ -0,0 +1,14 @@
+resource "aws_acm_certificate" "dev_legalservices_cert" {
+  domain_name = "${local.application_data.accounts[local.environment].acm_domain_name}"
+  validation_method = "DNS"
+   
+   
+   tags = merge(
+    local.tags,
+    { Name = "laa-${local.application_name}-${local.environment}" }
+  )
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/environments/portal/application_variables.json b/terraform/environments/portal/application_variables.json
index d2b615a8e51..638d15848cf 100644
--- a/terraform/environments/portal/application_variables.json
+++ b/terraform/environments/portal/application_variables.json
@@ -33,8 +33,8 @@
       "lb_access_logs_existing_bucket_name": "",
       "url": "s3://laa-portal-development-archive-mp",
       "maintenance_window_name": "diagnostics-log-archive-poc",
-      "hosted_zone": "aws.dev.legalservices.gov.uk"
-
+      "hosted_zone": "aws.dev.legalservices.gov.uk",
+      "acm_domain_name": ["dev.legalservices.gov.uk, *.dev.legalservices.gov.uk"]
 
     },
     "test": {

From 21d64c03d20822da12958d699349b514d16a7943 Mon Sep 17 00:00:00 2001
From: tajewole-moj <tunde.ajewole@digital.justice.gov.uk>
Date: Mon, 14 Aug 2023 13:01:30 +0100
Subject: [PATCH 02/12] new acm-cert for dev.legal.service- add san attribute

---
 terraform/environments/portal/acm_certificate.tf         | 1 +
 terraform/environments/portal/application_variables.json | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/terraform/environments/portal/acm_certificate.tf b/terraform/environments/portal/acm_certificate.tf
index 848915de358..c1049b9acf4 100644
--- a/terraform/environments/portal/acm_certificate.tf
+++ b/terraform/environments/portal/acm_certificate.tf
@@ -1,5 +1,6 @@
 resource "aws_acm_certificate" "dev_legalservices_cert" {
   domain_name = "${local.application_data.accounts[local.environment].acm_domain_name}"
+  subject_alternative_names = ["${local.application_data.accounts[local.environment].acm_alt_domain_name}"]
   validation_method = "DNS"
    
    
diff --git a/terraform/environments/portal/application_variables.json b/terraform/environments/portal/application_variables.json
index 638d15848cf..009f7e1bf13 100644
--- a/terraform/environments/portal/application_variables.json
+++ b/terraform/environments/portal/application_variables.json
@@ -34,7 +34,8 @@
       "url": "s3://laa-portal-development-archive-mp",
       "maintenance_window_name": "diagnostics-log-archive-poc",
       "hosted_zone": "aws.dev.legalservices.gov.uk",
-      "acm_domain_name": ["dev.legalservices.gov.uk, *.dev.legalservices.gov.uk"]
+      "acm_domain_name": "dev.legalservices.gov.uk,",
+      "acm_alt_domain_name": ["*.dev.legalservices.gov.uk"]
 
     },
     "test": {

From 8d2c25621689b119fb490e9986dbbd394f69eaea Mon Sep 17 00:00:00 2001
From: tajewole-moj <tunde.ajewole@digital.justice.gov.uk>
Date: Mon, 14 Aug 2023 13:07:14 +0100
Subject: [PATCH 03/12] change to string

---
 terraform/environments/portal/acm_certificate.tf         | 2 +-
 terraform/environments/portal/application_variables.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/terraform/environments/portal/acm_certificate.tf b/terraform/environments/portal/acm_certificate.tf
index c1049b9acf4..d5eeaac571f 100644
--- a/terraform/environments/portal/acm_certificate.tf
+++ b/terraform/environments/portal/acm_certificate.tf
@@ -1,6 +1,6 @@
 resource "aws_acm_certificate" "dev_legalservices_cert" {
   domain_name = "${local.application_data.accounts[local.environment].acm_domain_name}"
-  subject_alternative_names = ["${local.application_data.accounts[local.environment].acm_alt_domain_name}"]
+  subject_alternative_names = "${local.application_data.accounts[local.environment].acm_alt_domain_name}"
   validation_method = "DNS"
    
    
diff --git a/terraform/environments/portal/application_variables.json b/terraform/environments/portal/application_variables.json
index 009f7e1bf13..829bd691081 100644
--- a/terraform/environments/portal/application_variables.json
+++ b/terraform/environments/portal/application_variables.json
@@ -35,7 +35,7 @@
       "maintenance_window_name": "diagnostics-log-archive-poc",
       "hosted_zone": "aws.dev.legalservices.gov.uk",
       "acm_domain_name": "dev.legalservices.gov.uk,",
-      "acm_alt_domain_name": ["*.dev.legalservices.gov.uk"]
+      "acm_alt_domain_name": "*.dev.legalservices.gov.uk"
 
     },
     "test": {

From 0860373b6928b05b07f63f097ecd8f1ad29c872e Mon Sep 17 00:00:00 2001
From: tajewole-moj <tunde.ajewole@digital.justice.gov.uk>
Date: Mon, 14 Aug 2023 13:11:51 +0100
Subject: [PATCH 04/12] add string v1

---
 terraform/environments/portal/application_variables.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/environments/portal/application_variables.json b/terraform/environments/portal/application_variables.json
index 829bd691081..8b8e8181c61 100644
--- a/terraform/environments/portal/application_variables.json
+++ b/terraform/environments/portal/application_variables.json
@@ -34,7 +34,7 @@
       "url": "s3://laa-portal-development-archive-mp",
       "maintenance_window_name": "diagnostics-log-archive-poc",
       "hosted_zone": "aws.dev.legalservices.gov.uk",
-      "acm_domain_name": "dev.legalservices.gov.uk,",
+      "acm_domain_name": "dev.legalservices.gov.uk",
       "acm_alt_domain_name": "*.dev.legalservices.gov.uk"
 
     },

From 16c6b286521434565f1e329664c7fdb52ca4e249 Mon Sep 17 00:00:00 2001
From: tajewole-moj <tunde.ajewole@digital.justice.gov.uk>
Date: Mon, 14 Aug 2023 13:17:34 +0100
Subject: [PATCH 05/12] added sqaure brackets

---
 terraform/environments/portal/acm_certificate.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/environments/portal/acm_certificate.tf b/terraform/environments/portal/acm_certificate.tf
index d5eeaac571f..c1049b9acf4 100644
--- a/terraform/environments/portal/acm_certificate.tf
+++ b/terraform/environments/portal/acm_certificate.tf
@@ -1,6 +1,6 @@
 resource "aws_acm_certificate" "dev_legalservices_cert" {
   domain_name = "${local.application_data.accounts[local.environment].acm_domain_name}"
-  subject_alternative_names = "${local.application_data.accounts[local.environment].acm_alt_domain_name}"
+  subject_alternative_names = ["${local.application_data.accounts[local.environment].acm_alt_domain_name}"]
   validation_method = "DNS"
    
    

From 8f718c6d1d423a90c2dccbd9e8859ebd41217f2a Mon Sep 17 00:00:00 2001
From: tajewole-moj <tunde.ajewole@digital.justice.gov.uk>
Date: Tue, 15 Aug 2023 12:50:26 +0100
Subject: [PATCH 06/12] merge portal files with my branch to prevent terrafrom
 destroying resources

---
 terraform/environments/portal/idm_ec2.tf |  2 ++
 terraform/environments/portal/oam_ec2.tf |  2 ++
 terraform/environments/portal/ohs_ec2.tf |  2 ++
 terraform/environments/portal/oim_ec2.tf |  2 ++
 terraform/environments/portal/route53.tf | 17 +++++++++++++++++
 5 files changed, 25 insertions(+)

diff --git a/terraform/environments/portal/idm_ec2.tf b/terraform/environments/portal/idm_ec2.tf
index 0ccb88e2363..44d981480ea 100644
--- a/terraform/environments/portal/idm_ec2.tf
+++ b/terraform/environments/portal/idm_ec2.tf
@@ -276,6 +276,7 @@ resource "aws_instance" "idm_instance_1" {
   user_data_replace_on_change = true
 
   tags = merge(
+    {"instance-scheduling" = "skip-scheduling"},
     local.tags,
     { "Name" = "${local.application_name} IDM Instance 1" },
     local.environment != "production" ? { "snapshot-with-daily-35-day-retention" = "yes" } : { "snapshot-with-hourly-35-day-retention" = "yes" }
@@ -294,6 +295,7 @@ resource "aws_instance" "idm_instance_2" {
   user_data_base64       = base64encode(local.oam_2_userdata)
 
   tags = merge(
+    {"instance-scheduling" = "skip-scheduling"},
     local.tags,
     { "Name" = "${local.application_name} IDM Instance 2" },
     local.environment != "production" ? { "snapshot-with-daily-35-day-retention" = "yes" } : { "snapshot-with-hourly-35-day-retention" = "yes" }
diff --git a/terraform/environments/portal/oam_ec2.tf b/terraform/environments/portal/oam_ec2.tf
index 3befb9d780d..472ab9a9d50 100644
--- a/terraform/environments/portal/oam_ec2.tf
+++ b/terraform/environments/portal/oam_ec2.tf
@@ -227,6 +227,7 @@ resource "aws_instance" "oam_instance_1" {
   user_data_replace_on_change = true
 
   tags = merge(
+    {"instance-scheduling" = "skip-scheduling"},
     local.tags,
     { "Name" = "${local.application_name} OAM Instance 1" },
     local.environment != "production" ? { "snapshot-with-daily-35-day-retention" = "yes" } : { "snapshot-with-hourly-35-day-retention" = "yes" }
@@ -247,6 +248,7 @@ resource "aws_instance" "oam_instance_2" {
   user_data_base64 = base64encode(local.oam_2_userdata)
 
   tags = merge(
+    {"instance-scheduling" = "skip-scheduling"},
     local.tags,
     { "Name" = "${local.application_name} OAM Instance 2" },
     local.environment != "production" ? { "snapshot-with-daily-35-day-retention" = "yes" } : { "snapshot-with-hourly-35-day-retention" = "yes" }
diff --git a/terraform/environments/portal/ohs_ec2.tf b/terraform/environments/portal/ohs_ec2.tf
index ca6e2ffc964..5f7b9f8a181 100644
--- a/terraform/environments/portal/ohs_ec2.tf
+++ b/terraform/environments/portal/ohs_ec2.tf
@@ -116,6 +116,7 @@ resource "aws_instance" "ohs_instance_1" {
   user_data_replace_on_change = true
 
   tags = merge(
+    {"instance-scheduling" = "skip-scheduling"},
     local.tags,
     { "Name" = "${local.application_name} OHS Instance 1" },
     local.environment != "production" ? { "snapshot-with-daily-35-day-retention" = "yes" } : { "snapshot-with-hourly-35-day-retention" = "yes" }
@@ -145,6 +146,7 @@ resource "aws_instance" "ohs_instance_2" {
 
 
   tags = merge(
+    {"instance-scheduling" = "skip-scheduling"},
     local.tags,
     { "Name" = "${local.application_name} OHS Instance 2" },
     local.environment != "production" ? { "snapshot-with-daily-35-day-retention" = "yes" } : { "snapshot-with-hourly-35-day-retention" = "yes" }
diff --git a/terraform/environments/portal/oim_ec2.tf b/terraform/environments/portal/oim_ec2.tf
index be5e204461f..6b1c88059a2 100644
--- a/terraform/environments/portal/oim_ec2.tf
+++ b/terraform/environments/portal/oim_ec2.tf
@@ -147,6 +147,7 @@ resource "aws_instance" "oim_instance_1" {
   # }
 
   tags = merge(
+    {"instance-scheduling" = "skip-scheduling"},
     local.tags,
     { "Name" = "${local.application_name} OIM Instance 1" },
     local.environment != "production" ? { "snapshot-with-daily-35-day-retention" = "yes" } : { "snapshot-with-hourly-35-day-retention" = "yes" }
@@ -177,6 +178,7 @@ resource "aws_instance" "oim_instance_2" {
 
 
   tags = merge(
+    {"instance-scheduling" = "skip-scheduling"},
     local.tags,
     { "Name" = "${local.application_name} OIM Instance 2" },
     local.environment != "production" ? { "snapshot-with-daily-35-day-retention" = "yes" } : { "snapshot-with-hourly-35-day-retention" = "yes" }
diff --git a/terraform/environments/portal/route53.tf b/terraform/environments/portal/route53.tf
index 43e16719245..6cf3fae4f42 100644
--- a/terraform/environments/portal/route53.tf
+++ b/terraform/environments/portal/route53.tf
@@ -310,4 +310,21 @@ resource "aws_route53_record" "igdb" {
   type     = "CNAME"
   ttl      = 300
   records  = [aws_db_instance.appdb1.address]
+}
+
+###############################################################################################################
+########################         OHS External DUMMY Route 53 records               ############################
+###############################################################################################################
+
+resource "aws_route53_record" "ohs_external" {
+  provider = aws.core-vpc
+  zone_id  = data.aws_route53_zone.external.zone_id
+  name     = "portal-ohs-external.${data.aws_route53_zone.external.name}" # portal-ohs-external.laa-development.modernisation-platform.service.justice.gov.uk
+  type     = "A"
+
+  alias {
+    name                   = aws_lb.external.dns_name
+    zone_id                = aws_lb.external.zone_id
+    evaluate_target_health = true
+  }
 }
\ No newline at end of file

From 8f7c7a5997f8f6db1e143f364e744bc81f0fcb59 Mon Sep 17 00:00:00 2001
From: tajewole-moj <tunde.ajewole@digital.justice.gov.uk>
Date: Wed, 16 Aug 2023 12:06:30 +0100
Subject: [PATCH 07/12] DNS validation and oid route53 record

---
 .../environments/portal/acm_certificate.tf    | 40 ++++++++++++++++-
 terraform/environments/portal/locals.tf       | 44 +++++++++++++++++++
 terraform/environments/portal/route53.tf      | 15 +++++++
 3 files changed, 97 insertions(+), 2 deletions(-)

diff --git a/terraform/environments/portal/acm_certificate.tf b/terraform/environments/portal/acm_certificate.tf
index c1049b9acf4..c6d447dbbf7 100644
--- a/terraform/environments/portal/acm_certificate.tf
+++ b/terraform/environments/portal/acm_certificate.tf
@@ -1,4 +1,4 @@
-resource "aws_acm_certificate" "dev_legalservices_cert" {
+resource "aws_acm_certificate" "legalservices_cert" {
   domain_name = "${local.application_data.accounts[local.environment].acm_domain_name}"
   subject_alternative_names = ["${local.application_data.accounts[local.environment].acm_alt_domain_name}"]
   validation_method = "DNS"
@@ -12,4 +12,40 @@ resource "aws_acm_certificate" "dev_legalservices_cert" {
   lifecycle {
     create_before_destroy = true
   }
-}
\ No newline at end of file
+}
+
+resource "aws_route53_record" "external_lb_validation_core_network_services" {
+  provider = aws.core-network-services
+  for_each = {
+    for key, value in local.external_lb_validation_records : key => value if value.zone.provider == "core-network-services"
+  }
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  ttl             = 60
+  type            = each.value.type
+
+  # NOTE: value.zone is null indicates the validation zone could not be found
+  # Ensure route53_zones variable contains the given validation zone or
+  # explicitly provide the zone details in the validation variable.
+  zone_id = each.value.zone.zone_id
+
+  depends_on = [
+    aws_acm_certificate.legalservices_cert
+  ]
+}
+
+
+resource "aws_acm_certificate_validation" "external_lb_certificate_validation" {
+  count           = (length(local.validation_records_external_lb) == 0 || local.external_validation_records_created) ? 1 : 0
+  certificate_arn = aws_acm_certificate.legalservices_cert.arn
+  validation_record_fqdns = [
+    for key, value in local.validation_records_external_lb : replace(value.name, "/\\.$/", "")
+  ]
+  depends_on = [
+    aws_route53_record.external_lb_validation_core_network_services
+    # aws_route53_record.external_lb_validation_core_vpc,
+    # aws_route53_record.external_lb_validation_self
+  ]
+}
diff --git a/terraform/environments/portal/locals.tf b/terraform/environments/portal/locals.tf
index cb59d713641..57f81ae62f1 100644
--- a/terraform/environments/portal/locals.tf
+++ b/terraform/environments/portal/locals.tf
@@ -15,4 +15,48 @@ locals {
   # Temp local variable for environments where we wish to build out the EBS to be transfered to EFS
   ebs_conditional = ["testing", "preproduction", "production"]
 
+  external_lb_validation_records = {
+    for dvo in aws_acm_certificate.legalservices_cert.domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+      zone = lookup(
+        local.route53_zones,
+        dvo.domain_name,
+        lookup(
+          local.route53_zones,
+          replace(dvo.domain_name, "/^[^.]*./", ""),
+          lookup(
+            local.route53_zones,
+            replace(dvo.domain_name, "/^[^.]*.[^.]*./", ""),
+            { provider = "external" }
+      )))
+    }
+  }
+
+
+   route53_zones = merge({
+    for key, value in data.aws_route53_zone.core_network_services : key => merge(value, {
+      provider = "core-network-services"
+    })
+    }, {
+    for key, value in data.aws_route53_zone.core_vpc : key => merge(value, {
+      provider = "core-vpc"
+    })
+    }, {
+    for key, value in data.aws_route53_zone.self : key => merge(value, {
+      provider = "self"
+    })
+  })
+
+   validation_records_external_lb = {
+    for key, value in local.external_lb_validation_records : key => {
+      name   = value.name
+      record = value.record
+      type   = value.type
+    } if value.zone.provider == "external"
+  }
+
+    external_validation_records_created = false
+
 }
diff --git a/terraform/environments/portal/route53.tf b/terraform/environments/portal/route53.tf
index 6cf3fae4f42..bcd2aec7aff 100644
--- a/terraform/environments/portal/route53.tf
+++ b/terraform/environments/portal/route53.tf
@@ -192,6 +192,19 @@ resource "aws_route53_record" "oid_internal" {
   }
 }
 
+resource "aws_route53_record" "oid_lb" {
+  provider = aws.core-network-services
+  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
+  name     = "mp-${local.application_name}-oid.aws.${data.aws_route53_zone.portal-dev-private.name}"
+  type     = "A"
+
+  alias {
+    name                   = aws_elb.idm_lb.dns_name
+    zone_id                = aws_elb.idm_lb.zone_id
+    evaluate_target_health = true
+  }
+}
+
 
 ###############################################################################################################
 #########################              IDM / ODS Route 53 records               ###############################
@@ -225,6 +238,8 @@ resource "aws_route53_record" "idm_admin" {
   records  = [aws_instance.idm_instance_1.private_ip]
 }
 
+
+
 resource "aws_route53_record" "ods1_nonprod" {
   provider = aws.core-network-services
   zone_id  = data.aws_route53_zone.portal-dev-private.zone_id

From 1ef346ccc0b8950d953744c76cc59a9a99a0c366 Mon Sep 17 00:00:00 2001
From: tajewole-moj <tunde.ajewole@digital.justice.gov.uk>
Date: Wed, 16 Aug 2023 12:14:12 +0100
Subject: [PATCH 08/12] copied the data ref for core-network services

---
 terraform/environments/portal/data.tf   | 23 +++++++++++++++++++++++
 terraform/environments/portal/locals.tf | 10 ++++++++++
 2 files changed, 33 insertions(+)

diff --git a/terraform/environments/portal/data.tf b/terraform/environments/portal/data.tf
index 9701d96fdd1..e308e9fbe7f 100644
--- a/terraform/environments/portal/data.tf
+++ b/terraform/environments/portal/data.tf
@@ -5,5 +5,28 @@ data "aws_route53_zone" "portal-dev-private" {
   private_zone = true
 }
 
+data "aws_route53_zone" "core_network_services" {
+  for_each = local.core_network_services_domains
 
+  provider = aws.core-network-services
+
+  name         = each.value.zone_name
+  private_zone = false
+}
+
+data "aws_route53_zone" "core_vpc" {
+  for_each = local.core_vpc_domains
+
+  provider = aws.core-vpc
+
+  name         = each.value.zone_name
+  private_zone = false
+}
+
+data "aws_route53_zone" "self" {
+  for_each = local.self_domains
+
+  name         = each.value.zone_name
+  private_zone = false
+}
 
diff --git a/terraform/environments/portal/locals.tf b/terraform/environments/portal/locals.tf
index 57f81ae62f1..98edea75046 100644
--- a/terraform/environments/portal/locals.tf
+++ b/terraform/environments/portal/locals.tf
@@ -59,4 +59,14 @@ locals {
 
     external_validation_records_created = false
 
+   core_network_services_domains = {
+    for domain, value in var.validation : domain => value if value.account == "core-network-services"
+  }
+  core_vpc_domains = {
+    for domain, value in var.validation : domain => value if value.account == "core-vpc"
+  }
+  self_domains = {
+    for domain, value in var.validation : domain => value if value.account == "self"
+  }
+
 }

From 1b7a7204cd71093f829ffcddf86d20eeea2f377c Mon Sep 17 00:00:00 2001
From: tajewole-moj <tunde.ajewole@digital.justice.gov.uk>
Date: Wed, 16 Aug 2023 12:33:15 +0100
Subject: [PATCH 09/12] added new variables

---
 .../portal/application_variables.json         |  3 +-
 terraform/environments/portal/locals.tf       | 31 +++++++++++++++++--
 2 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/terraform/environments/portal/application_variables.json b/terraform/environments/portal/application_variables.json
index 8b8e8181c61..519619e6296 100644
--- a/terraform/environments/portal/application_variables.json
+++ b/terraform/environments/portal/application_variables.json
@@ -54,7 +54,8 @@
       "ohs_instance_type": "m5.xlarge",
       "url": "s3://laa-portal-production-archive-mp",
       "maintenance_window_name": "diagnostics-log-archive-production",
-      "hosted_zone": "aws.prd.legalservices.gov.uk"
+      "hosted_zone": "aws.prd.legalservices.gov.uk",
+      "acm_domain_name": "legalservices.gov.uk"
     }
   }
 }
diff --git a/terraform/environments/portal/locals.tf b/terraform/environments/portal/locals.tf
index 98edea75046..7b483edb43b 100644
--- a/terraform/environments/portal/locals.tf
+++ b/terraform/environments/portal/locals.tf
@@ -60,13 +60,38 @@ locals {
     external_validation_records_created = false
 
    core_network_services_domains = {
-    for domain, value in var.validation : domain => value if value.account == "core-network-services"
+    for domain, value in local.validation : domain => value if value.account == "core-network-services"
   }
   core_vpc_domains = {
-    for domain, value in var.validation : domain => value if value.account == "core-vpc"
+    for domain, value in local.validation : domain => value if value.account == "core-vpc"
   }
   self_domains = {
-    for domain, value in var.validation : domain => value if value.account == "self"
+    for domain, value in local.validation : domain => value if value.account == "self"
   }
 
+    non_prod_validation = {
+    "modernisation-platform.service.justice.gov.uk" = {
+      account   = "core-network-services"
+      zone_name = "modernisation-platform.service.justice.gov.uk."
+    }
+    "${local.application_name}.${var.networking[0].business-unit}-${local.environment}.${local.application_data.accounts[local.environment].acm_domain_name}" = {
+      account   = "core-vpc"
+      zone_name = "${local.vpc_name}-${local.environment}.modernisation-platform.service.justice.gov.uk."
+    }
+   "${local.application_data.accounts[local.environment].acm_domain_name}" = {
+      account   = "core-network-services"
+      zone_name = "${local.application_data.accounts[local.environment].acm_domain_name}"
+    }
+
+  }
+
+  prod_validation = {
+    "${local.application_data.accounts[local.environment].acm_domain_name}" = {
+      account   = "core-network-services"
+      zone_name = "${local.application_data.accounts[local.environment].acm_domain_name}"
+    }
+  }
+
+validation = local.environment == "production" ? local.prod_validation : local.non_prod_validation
+
 }

From 7e024b0914a30d733f0451539f857a9e7e9e7f9d Mon Sep 17 00:00:00 2001
From: tajewole-moj <tunde.ajewole@digital.justice.gov.uk>
Date: Wed, 16 Aug 2023 12:45:02 +0100
Subject: [PATCH 10/12]  add more loops for private zone

---
 terraform/environments/portal/locals.tf | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/terraform/environments/portal/locals.tf b/terraform/environments/portal/locals.tf
index 7b483edb43b..c782cce5ddf 100644
--- a/terraform/environments/portal/locals.tf
+++ b/terraform/environments/portal/locals.tf
@@ -47,7 +47,14 @@ locals {
     for key, value in data.aws_route53_zone.self : key => merge(value, {
       provider = "self"
     })
-  })
+
+  
+    
+  },{
+    for key, value in data.aws_route53_zone.portal-dev-private : key => merge(value, {
+      provider = "core-network-services"
+    })
+    } )
 
    validation_records_external_lb = {
     for key, value in local.external_lb_validation_records : key => {

From 219b529208585b93f7dcc22bc0a346be24897ac8 Mon Sep 17 00:00:00 2001
From: tajewole-moj <tunde.ajewole@digital.justice.gov.uk>
Date: Wed, 16 Aug 2023 12:55:18 +0100
Subject: [PATCH 11/12] amend data ref

---
 terraform/environments/portal/locals.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/environments/portal/locals.tf b/terraform/environments/portal/locals.tf
index c782cce5ddf..dc4f79f9386 100644
--- a/terraform/environments/portal/locals.tf
+++ b/terraform/environments/portal/locals.tf
@@ -86,7 +86,7 @@ locals {
       zone_name = "${local.vpc_name}-${local.environment}.modernisation-platform.service.justice.gov.uk."
     }
    "${local.application_data.accounts[local.environment].acm_domain_name}" = {
-      account   = "core-network-services"
+      account   = "core-network-services-private"
       zone_name = "${local.application_data.accounts[local.environment].acm_domain_name}"
     }
 

From 1f26e7c8c9c8a2611750e75c5776de12dedd24a0 Mon Sep 17 00:00:00 2001
From: Vincent Cheung <vincent.cheung@digital.justice.gov.uk>
Date: Wed, 16 Aug 2023 13:16:15 +0100
Subject: [PATCH 12/12] Fixing cert validation for portal

---
 terraform/environments/portal/data.tf    |   2 +-
 terraform/environments/portal/locals.tf  |  10 +--
 terraform/environments/portal/route53.tf | 102 +++++++++++------------
 3 files changed, 57 insertions(+), 57 deletions(-)

diff --git a/terraform/environments/portal/data.tf b/terraform/environments/portal/data.tf
index e308e9fbe7f..134f3906294 100644
--- a/terraform/environments/portal/data.tf
+++ b/terraform/environments/portal/data.tf
@@ -1,4 +1,5 @@
 data "aws_route53_zone" "portal-dev-private" {
+  for_each = local.core_network_services_domains_private
   provider = aws.core-network-services
 
   name         = "dev.legalservices.gov.uk."
@@ -29,4 +30,3 @@ data "aws_route53_zone" "self" {
   name         = each.value.zone_name
   private_zone = false
 }
-
diff --git a/terraform/environments/portal/locals.tf b/terraform/environments/portal/locals.tf
index dc4f79f9386..a45a88a5022 100644
--- a/terraform/environments/portal/locals.tf
+++ b/terraform/environments/portal/locals.tf
@@ -47,14 +47,11 @@ locals {
     for key, value in data.aws_route53_zone.self : key => merge(value, {
       provider = "self"
     })
-
-  
-    
-  },{
+    }, {
     for key, value in data.aws_route53_zone.portal-dev-private : key => merge(value, {
       provider = "core-network-services"
     })
-    } )
+    })
 
    validation_records_external_lb = {
     for key, value in local.external_lb_validation_records : key => {
@@ -69,6 +66,9 @@ locals {
    core_network_services_domains = {
     for domain, value in local.validation : domain => value if value.account == "core-network-services"
   }
+  core_network_services_domains_private = {
+   for domain, value in local.validation : domain => value if value.account == "core-network-services-private"
+ }
   core_vpc_domains = {
     for domain, value in local.validation : domain => value if value.account == "core-vpc"
   }
diff --git a/terraform/environments/portal/route53.tf b/terraform/environments/portal/route53.tf
index bcd2aec7aff..548ca2ffcfe 100644
--- a/terraform/environments/portal/route53.tf
+++ b/terraform/environments/portal/route53.tf
@@ -11,8 +11,8 @@
 
 resource "aws_route53_record" "oam_internal" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-oam-internal.aws.${data.aws_route53_zone.portal-dev-private.name}"
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-oam-internal.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}"
   type     = "A"
 
   alias {
@@ -24,8 +24,8 @@ resource "aws_route53_record" "oam_internal" {
 
 resource "aws_route53_record" "oam_console" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-oam-console.aws.${data.aws_route53_zone.portal-dev-private.name}"
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-oam-console.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}"
   type     = "A"
 
   alias {
@@ -37,8 +37,8 @@ resource "aws_route53_record" "oam_console" {
 
 resource "aws_route53_record" "oam_admin" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-oam-admin.aws.${data.aws_route53_zone.portal-dev-private.name}"
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-oam-admin.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}"
   type     = "A"
   ttl      = 60
   records  = [aws_instance.oam_instance_1.private_ip]
@@ -46,8 +46,8 @@ resource "aws_route53_record" "oam_admin" {
 
 resource "aws_route53_record" "oam1_nonprod" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-oam1-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-oam1-ms.aws.[env].legalservices.gov.uk
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-oam1-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-oam1-ms.aws.[env].legalservices.gov.uk
   type     = "A"
   ttl      = 60
   records  = [aws_instance.oam_instance_1.private_ip]
@@ -56,8 +56,8 @@ resource "aws_route53_record" "oam1_nonprod" {
 resource "aws_route53_record" "oam2_prod" {
   count    = contains(["development", "testing"], local.environment) ? 0 : 1
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-oam2-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-oam2-ms.aws.[env].legalservices.gov.uk
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-oam2-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-oam2-ms.aws.[env].legalservices.gov.uk
   type     = "A"
   ttl      = 60
   records  = [aws_instance.oam_instance_2[0].private_ip]
@@ -81,8 +81,8 @@ resource "aws_route53_record" "oam2_prod" {
 
 resource "aws_route53_record" "oim_internal" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-oim-internal.aws.${data.aws_route53_zone.portal-dev-private.name}"
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-oim-internal.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}"
   type     = "A"
 
   alias {
@@ -94,8 +94,8 @@ resource "aws_route53_record" "oim_internal" {
 
 resource "aws_route53_record" "oim_console" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-oim-console.aws.${data.aws_route53_zone.portal-dev-private.name}"
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-oim-console.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}"
   type     = "A"
 
   alias {
@@ -107,8 +107,8 @@ resource "aws_route53_record" "oim_console" {
 
 resource "aws_route53_record" "oim_admin" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-oim-admin.aws.${data.aws_route53_zone.portal-dev-private.name}" 
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-oim-admin.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}"
   type     = "A"
   ttl      = 60
   records  = [aws_instance.oim_instance_1.private_ip]
@@ -116,8 +116,8 @@ resource "aws_route53_record" "oim_admin" {
 
 resource "aws_route53_record" "oim1_nonprod" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-oim1-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-oim1-ms.aws.[env].legalservices.gov.uk
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-oim1-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-oim1-ms.aws.[env].legalservices.gov.uk
   type     = "A"
   ttl      = 60
   records  = [aws_instance.oim_instance_1.private_ip]
@@ -126,8 +126,8 @@ resource "aws_route53_record" "oim1_nonprod" {
 resource "aws_route53_record" "oim2_prod" {
   count    = contains(["development", "testing"], local.environment) ? 0 : 1
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-oim2-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-oim2-ms.aws.[env].legalservices.gov.uk
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-oim2-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-oim2-ms.aws.[env].legalservices.gov.uk
   type     = "A"
   ttl      = 60
   records  = [aws_instance.oim_instance_2[0].private_ip]
@@ -135,8 +135,8 @@ resource "aws_route53_record" "oim2_prod" {
 
 resource "aws_route53_record" "bip1_nonprod" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-bip1-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-bip1-ms.aws.[env].legalservices.gov.uk
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-bip1-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-bip1-ms.aws.[env].legalservices.gov.uk
   type     = "A"
   ttl      = 60
   records  = [aws_instance.oim_instance_1.private_ip]
@@ -145,8 +145,8 @@ resource "aws_route53_record" "bip1_nonprod" {
 resource "aws_route53_record" "bip2_prod" {
   count    = contains(["development", "testing"], local.environment) ? 0 : 1
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-bip2-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-bip2-ms.aws.[env].legalservices.gov.uk
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-bip2-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-bip2-ms.aws.[env].legalservices.gov.uk
   type     = "A"
   ttl      = 60
   records  = [aws_instance.oim_instance_2[0].private_ip]
@@ -154,8 +154,8 @@ resource "aws_route53_record" "bip2_prod" {
 
 resource "aws_route53_record" "soa1_nonprod" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-soa1-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-soa1-ms.aws.[env].legalservices.gov.uk
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-soa1-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-soa1-ms.aws.[env].legalservices.gov.uk
   type     = "A"
   ttl      = 60
   records  = [aws_instance.oim_instance_1.private_ip]
@@ -164,8 +164,8 @@ resource "aws_route53_record" "soa1_nonprod" {
 resource "aws_route53_record" "soa2_prod" {
   count    = contains(["development", "testing"], local.environment) ? 0 : 1
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-soa2-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-soa2-ms.aws.[env].legalservices.gov.uk
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-soa2-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-soa2-ms.aws.[env].legalservices.gov.uk
   type     = "A"
   ttl      = 60
   records  = [aws_instance.oim_instance_2[0].private_ip]
@@ -181,8 +181,8 @@ resource "aws_route53_record" "soa2_prod" {
 
 resource "aws_route53_record" "oid_internal" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-oid.aws.${data.aws_route53_zone.portal-dev-private.name}"
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-oid.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}"
   type     = "A"
 
   alias {
@@ -194,8 +194,8 @@ resource "aws_route53_record" "oid_internal" {
 
 resource "aws_route53_record" "oid_lb" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "mp-${local.application_name}-oid.aws.${data.aws_route53_zone.portal-dev-private.name}"
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "mp-${local.application_name}-oid.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}"
   type     = "A"
 
   alias {
@@ -218,8 +218,8 @@ resource "aws_route53_record" "oid_lb" {
 
 resource "aws_route53_record" "idm_console" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-idm-console.aws.${data.aws_route53_zone.portal-dev-private.name}"
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-idm-console.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}"
   type     = "A"
 
   alias {
@@ -231,8 +231,8 @@ resource "aws_route53_record" "idm_console" {
 
 resource "aws_route53_record" "idm_admin" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-idm-admin.aws.${data.aws_route53_zone.portal-dev-private.name}" 
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-idm-admin.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}"
   type     = "A"
   ttl      = 60
   records  = [aws_instance.idm_instance_1.private_ip]
@@ -242,8 +242,8 @@ resource "aws_route53_record" "idm_admin" {
 
 resource "aws_route53_record" "ods1_nonprod" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-ods1-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-ods1-ms.aws.[env].legalservices.gov.uk
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-ods1-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-ods1-ms.aws.[env].legalservices.gov.uk
   type     = "A"
   ttl      = 60
   records  = [aws_instance.idm_instance_1.private_ip]
@@ -252,8 +252,8 @@ resource "aws_route53_record" "ods1_nonprod" {
 resource "aws_route53_record" "ods2_prod" {
   count    = contains(["development", "testing"], local.environment) ? 0 : 1
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-ods2-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-ods2-ms.aws.[env].legalservices.gov.uk
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-ods2-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-ods2-ms.aws.[env].legalservices.gov.uk
   type     = "A"
   ttl      = 60
   records  = [aws_instance.idm_instance_2[0].private_ip]
@@ -271,8 +271,8 @@ resource "aws_route53_record" "ods2_prod" {
 
 resource "aws_route53_record" "ohs_internal" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-ohs-internal.aws.${data.aws_route53_zone.portal-dev-private.name}"
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-ohs-internal.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}"
   type     = "A"
 
   alias {
@@ -284,8 +284,8 @@ resource "aws_route53_record" "ohs_internal" {
 
 resource "aws_route53_record" "ohs1_nonprod" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-ohs1.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-ohs1.aws.[env].legalservices.gov.uk
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-ohs1.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-ohs1.aws.[env].legalservices.gov.uk
   type     = "A"
   ttl      = 60
   records  = [aws_instance.ohs_instance_1.private_ip]
@@ -294,8 +294,8 @@ resource "aws_route53_record" "ohs1_nonprod" {
 resource "aws_route53_record" "ohs2_prod" {
   count    = contains(["development", "testing"], local.environment) ? 0 : 1
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "${local.application_name}-ohs2.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-ohs2.aws.[env].legalservices.gov.uk
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "${local.application_name}-ohs2.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-ohs2.aws.[env].legalservices.gov.uk
   type     = "A"
   ttl      = 60
   records  = [aws_instance.ohs_instance_2[0].private_ip]
@@ -311,8 +311,8 @@ resource "aws_route53_record" "ohs2_prod" {
 
 resource "aws_route53_record" "iadb" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "db-portal-iadb.aws.${data.aws_route53_zone.portal-dev-private.name}" # db-portal-iadb.aws.[env].legalservices.gov.uk
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "db-portal-iadb.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # db-portal-iadb.aws.[env].legalservices.gov.uk
   type     = "CNAME"
   ttl      = 300
   records  = [aws_db_instance.appdb2.address]
@@ -320,8 +320,8 @@ resource "aws_route53_record" "iadb" {
 
 resource "aws_route53_record" "igdb" {
   provider = aws.core-network-services
-  zone_id  = data.aws_route53_zone.portal-dev-private.zone_id
-  name     = "db-portal-igdb.aws.${data.aws_route53_zone.portal-dev-private.name}" # db-portal-igdb.aws.dev.legalservices.gov.uk
+  zone_id  = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id
+  name     = "db-portal-igdb.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # db-portal-igdb.aws.dev.legalservices.gov.uk
   type     = "CNAME"
   ttl      = 300
   records  = [aws_db_instance.appdb1.address]
@@ -342,4 +342,4 @@ resource "aws_route53_record" "ohs_external" {
     zone_id                = aws_lb.external.zone_id
     evaluate_target_health = true
   }
-}
\ No newline at end of file
+}