diff --git a/terraform/environments/apex/platform_providers.tf b/terraform/environments/apex/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/apex/platform_providers.tf +++ b/terraform/environments/apex/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/ccms-ebs/platform_providers.tf b/terraform/environments/ccms-ebs/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/ccms-ebs/platform_providers.tf +++ b/terraform/environments/ccms-ebs/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/cooker/platform_providers.tf b/terraform/environments/cooker/platform_providers.tf index 12faa5c44f0..5a1cbfe08ee 100644 --- a/terraform/environments/cooker/platform_providers.tf +++ b/terraform/environments/cooker/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/corporate-staff-rostering/platform_providers.tf b/terraform/environments/corporate-staff-rostering/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/corporate-staff-rostering/platform_providers.tf +++ b/terraform/environments/corporate-staff-rostering/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/dacp/platform_providers.tf b/terraform/environments/dacp/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/dacp/platform_providers.tf +++ b/terraform/environments/dacp/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/data-and-insights-wepi/platform_providers.tf b/terraform/environments/data-and-insights-wepi/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/data-and-insights-wepi/platform_providers.tf +++ b/terraform/environments/data-and-insights-wepi/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/data-platform-apps-and-tools/platform_providers.tf b/terraform/environments/data-platform-apps-and-tools/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/data-platform-apps-and-tools/platform_providers.tf +++ b/terraform/environments/data-platform-apps-and-tools/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/data-platform/platform_providers.tf b/terraform/environments/data-platform/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/data-platform/platform_providers.tf +++ b/terraform/environments/data-platform/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/delius-core/platform_providers.tf b/terraform/environments/delius-core/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/delius-core/platform_providers.tf +++ b/terraform/environments/delius-core/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/delius-iaps/platform_providers.tf b/terraform/environments/delius-iaps/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/delius-iaps/platform_providers.tf +++ b/terraform/environments/delius-iaps/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/delius-jitbit/platform_providers.tf b/terraform/environments/delius-jitbit/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/delius-jitbit/platform_providers.tf +++ b/terraform/environments/delius-jitbit/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/digital-prison-reporting/platform_providers.tf b/terraform/environments/digital-prison-reporting/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/digital-prison-reporting/platform_providers.tf +++ b/terraform/environments/digital-prison-reporting/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/equip/platform_providers.tf b/terraform/environments/equip/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/equip/platform_providers.tf +++ b/terraform/environments/equip/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/eric/platform_providers.tf b/terraform/environments/eric/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/eric/platform_providers.tf +++ b/terraform/environments/eric/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/example/platform_providers.tf b/terraform/environments/example/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/example/platform_providers.tf +++ b/terraform/environments/example/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/example/ssm.tf b/terraform/environments/example/ssm.tf new file mode 100644 index 00000000000..e4d6f952f03 --- /dev/null +++ b/terraform/environments/example/ssm.tf @@ -0,0 +1,17 @@ +module "ssm-auto-patching" { + source = "github.com/ministryofjustice/modernisation-platform-terraform-ssm-patching.git?ref=v1.0.0" + providers = { + aws.bucket-replication = aws + } + + + account_number = local.environment_management.account_ids[terraform.workspace] + application_name = local.application_name + patch_schedule = "cron(30 17 ? * MON *)" + tags = merge( + local.tags, + { + Name = "ssm-patching" + }, + ) +} diff --git a/terraform/environments/hmpps-domain-services/platform_providers.tf b/terraform/environments/hmpps-domain-services/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/hmpps-domain-services/platform_providers.tf +++ b/terraform/environments/hmpps-domain-services/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/hmpps-intelligence-management/platform_providers.tf b/terraform/environments/hmpps-intelligence-management/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/hmpps-intelligence-management/platform_providers.tf +++ b/terraform/environments/hmpps-intelligence-management/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/hmpps-oem/platform_providers.tf b/terraform/environments/hmpps-oem/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/hmpps-oem/platform_providers.tf +++ b/terraform/environments/hmpps-oem/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/laa-ccms-infra-azure-ad-sso/platform_providers.tf b/terraform/environments/laa-ccms-infra-azure-ad-sso/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/laa-ccms-infra-azure-ad-sso/platform_providers.tf +++ b/terraform/environments/laa-ccms-infra-azure-ad-sso/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/laa-oem/platform_providers.tf b/terraform/environments/laa-oem/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/laa-oem/platform_providers.tf +++ b/terraform/environments/laa-oem/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/long-term-storage/platform_providers.tf b/terraform/environments/long-term-storage/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/long-term-storage/platform_providers.tf +++ b/terraform/environments/long-term-storage/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/maat/platform_providers.tf b/terraform/environments/maat/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/maat/platform_providers.tf +++ b/terraform/environments/maat/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/maatdb/platform_providers.tf b/terraform/environments/maatdb/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/maatdb/platform_providers.tf +++ b/terraform/environments/maatdb/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/mlra/platform_providers.tf b/terraform/environments/mlra/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/mlra/platform_providers.tf +++ b/terraform/environments/mlra/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/mojfin/platform_providers.tf b/terraform/environments/mojfin/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/mojfin/platform_providers.tf +++ b/terraform/environments/mojfin/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/ncas/platform_providers.tf b/terraform/environments/ncas/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/ncas/platform_providers.tf +++ b/terraform/environments/ncas/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/nomis-combined-reporting/platform_providers.tf b/terraform/environments/nomis-combined-reporting/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/nomis-combined-reporting/platform_providers.tf +++ b/terraform/environments/nomis-combined-reporting/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/nomis-data-hub/platform_providers.tf b/terraform/environments/nomis-data-hub/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/nomis-data-hub/platform_providers.tf +++ b/terraform/environments/nomis-data-hub/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/nomis/platform_providers.tf b/terraform/environments/nomis/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/nomis/platform_providers.tf +++ b/terraform/environments/nomis/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/oas/platform_providers.tf b/terraform/environments/oas/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/oas/platform_providers.tf +++ b/terraform/environments/oas/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/oasys/platform_providers.tf b/terraform/environments/oasys/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/oasys/platform_providers.tf +++ b/terraform/environments/oasys/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/observability-platform/platform_providers.tf b/terraform/environments/observability-platform/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/observability-platform/platform_providers.tf +++ b/terraform/environments/observability-platform/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/performance-hub/platform_providers.tf b/terraform/environments/performance-hub/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/performance-hub/platform_providers.tf +++ b/terraform/environments/performance-hub/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/planetfm/platform_providers.tf b/terraform/environments/planetfm/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/planetfm/platform_providers.tf +++ b/terraform/environments/planetfm/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/portal/platform_providers.tf b/terraform/environments/portal/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/portal/platform_providers.tf +++ b/terraform/environments/portal/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/ppud/platform_providers.tf b/terraform/environments/ppud/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/ppud/platform_providers.tf +++ b/terraform/environments/ppud/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/pra-register/platform_providers.tf b/terraform/environments/pra-register/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/pra-register/platform_providers.tf +++ b/terraform/environments/pra-register/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/refer-monitor/platform_providers.tf b/terraform/environments/refer-monitor/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/refer-monitor/platform_providers.tf +++ b/terraform/environments/refer-monitor/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/sprinkler/platform_providers.tf b/terraform/environments/sprinkler/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/sprinkler/platform_providers.tf +++ b/terraform/environments/sprinkler/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/tariff/platform_providers.tf b/terraform/environments/tariff/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/tariff/platform_providers.tf +++ b/terraform/environments/tariff/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/tipstaff/platform_providers.tf b/terraform/environments/tipstaff/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/tipstaff/platform_providers.tf +++ b/terraform/environments/tipstaff/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/tribunals/platform_providers.tf b/terraform/environments/tribunals/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/tribunals/platform_providers.tf +++ b/terraform/environments/tribunals/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/wardship/platform_providers.tf b/terraform/environments/wardship/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/wardship/platform_providers.tf +++ b/terraform/environments/wardship/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/xhibit-portal/platform_providers.tf b/terraform/environments/xhibit-portal/platform_providers.tf index a2a23f30e45..ac450a6ba4d 100644 --- a/terraform/environments/xhibit-portal/platform_providers.tf +++ b/terraform/environments/xhibit-portal/platform_providers.tf @@ -35,7 +35,7 @@ provider "aws" { alias = "core-network-services" region = "eu-west-2" assume_role { - role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" + role_arn = !can(regex("githubactionsrolesession|AdministratorAccess", data.aws_caller_identity.original_session.arn)) ? "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" : "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/modify-dns-records" } } diff --git a/terraform/environments/xhibit-portal/providers.tf.gh b/terraform/environments/xhibit-portal/providers.tf.gh index 41f3c85a5f4..04585a30582 100644 --- a/terraform/environments/xhibit-portal/providers.tf.gh +++ b/terraform/environments/xhibit-portal/providers.tf.gh @@ -78,7 +78,7 @@ provider "aws" { # region = "eu-west-2" # assume_role { -# role_arn = "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" +# role_arn = "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" # } # } ######################### Run Terraform Plan Locally Only ################################## \ No newline at end of file diff --git a/terraform/environments/xhibit-portal/providers.tf.local b/terraform/environments/xhibit-portal/providers.tf.local index a23d4856c49..a883c4317a9 100644 --- a/terraform/environments/xhibit-portal/providers.tf.local +++ b/terraform/environments/xhibit-portal/providers.tf.local @@ -78,7 +78,7 @@ provider "aws" { region = "eu-west-2" assume_role { - role_arn = "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-dns-records" + role_arn = "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/read-log-records" } } ######################### Run Terraform Plan Locally Only ################################## \ No newline at end of file