diff --git a/.github/workflows/ppud.yml b/.github/workflows/ppud.yml index 082cdc37543..446486b88ac 100644 --- a/.github/workflows/ppud.yml +++ b/.github/workflows/ppud.yml @@ -48,6 +48,7 @@ jobs: application: "${{ github.workflow }}" environment: "${{ matrix.target }}" action: "${{ matrix.action }}" + terraform_version: "1.9.8" secrets: modernisation_platform_environments: "${{ secrets.MODERNISATION_PLATFORM_ENVIRONMENTS }}" pipeline_github_token: "${{ secrets.MODERNISATION_PLATFORM_CI_USER_ENVIRONMENTS_REPO_PAT }}" diff --git a/terraform/environments/ppud/data.tf b/terraform/environments/ppud/data.tf index e8f961db48f..8e7087ed096 100644 --- a/terraform/environments/ppud/data.tf +++ b/terraform/environments/ppud/data.tf @@ -49,4 +49,14 @@ data "aws_acm_certificate" "WAM_PROD_ALB" { count = local.is-production == true ? 1 : 0 domain = "wam.ppud.justice.gov.uk" statuses = ["ISSUED"] +} + +# Klayers account ID - used by lambda layer ARNs - https://github.com/keithrozario/Klayers?tab=readme-ov-file +data "aws_ssm_parameter" "klayers_account" { + name = "klayers-account" + with_decryption = true +} + +output "klayers_account" { + value = data.aws_ssm_parameter.klayers_account.value } \ No newline at end of file diff --git a/terraform/environments/ppud/iam.tf b/terraform/environments/ppud/iam.tf index 5ab6eb99243..62506e7801b 100644 --- a/terraform/environments/ppud/iam.tf +++ b/terraform/environments/ppud/iam.tf @@ -1179,9 +1179,15 @@ resource "aws_iam_policy" "iam_policy_for_lambda_cloudwatch_get_metric_data_dev" "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], - "Resource" : [ - "arn:aws:cloudwatch:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:*" - ] + "Resource" : "*", + "Condition" : { + "StringEquals" : { + "cloudwatch:namespace" = "AWS/EC2" + } + } +# "Resource" : [ +# "arn:aws:cloudwatch:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:*" +# ] }, { "Sid" : "LogPolicy", diff --git a/terraform/environments/ppud/lambda.tf b/terraform/environments/ppud/lambda.tf index c10322387f0..1f12acf7131 100644 --- a/terraform/environments/ppud/lambda.tf +++ b/terraform/environments/ppud/lambda.tf @@ -516,6 +516,8 @@ resource "aws_lambda_function" "terraform_lambda_func_send_cpu_graph_dev" { layers = [ "arn:aws:lambda:eu-west-2:770693421928:layer:Klayers-p312-numpy:8", #Publically available ARN for numpy package "arn:aws:lambda:eu-west-2:770693421928:layer:Klayers-p312-pillow:1" #Publically available ARN for pillow package +# "arn:aws:lambda:eu-west-2:${data.aws_ssm_parameter.klayers_account.value}:layer:Klayers-p312-numpy:8", +# "arn:aws:lambda:eu-west-2:${data.aws_ssm_parameter.klayers_account.value}:layer:Klayers-p312-pillow:1" ] }