diff --git a/terraform/key-vault-tfvars-secrets.tf b/terraform/key-vault-tfvars-secrets.tf index ad17c1c17..702267ff1 100644 --- a/terraform/key-vault-tfvars-secrets.tf +++ b/terraform/key-vault-tfvars-secrets.tf @@ -1,14 +1,14 @@ module "azurerm_key_vault" { source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.4.0" - environment = local.environment - project_name = local.project_name - existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name - azure_location = local.azure_location - key_vault_access_users = local.key_vault_access_users - key_vault_access_ipv4 = local.key_vault_access_ipv4 - tfvars_filename = local.tfvars_filename - diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id - diagnostic_eventhub_name = local.enable_event_hub ? module.azure_container_apps_hosting.azurerm_eventhub_container_app.name : "" - tags = local.tags + environment = local.environment + project_name = local.project_name + existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name + azure_location = local.azure_location + key_vault_access_use_rbac_authorization = true + key_vault_access_ipv4 = local.key_vault_access_ipv4 + tfvars_filename = local.tfvars_filename + diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id + diagnostic_eventhub_name = local.enable_event_hub ? module.azure_container_apps_hosting.azurerm_eventhub_container_app.name : "" + tags = local.tags } diff --git a/terraform/locals.tf b/terraform/locals.tf index f4a26a5ec..5dc755355 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -30,7 +30,6 @@ locals { cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains cdn_frontdoor_host_redirects = var.cdn_frontdoor_host_redirects cdn_frontdoor_health_probe_protocol = var.cdn_frontdoor_health_probe_protocol - key_vault_access_users = toset(var.key_vault_access_users) key_vault_access_ipv4 = var.key_vault_access_ipv4 tfvars_filename = var.tfvars_filename enable_monitoring = var.enable_monitoring diff --git a/terraform/variables.tf b/terraform/variables.tf index 832957caa..6a8a04c79 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -3,11 +3,6 @@ variable "environment" { type = string } -variable "key_vault_access_users" { - description = "List of users that require access to the Key Vault where tfvars are stored. This should be a list of User Principle Names (Found in Active Directory) that need to run terraform" - type = list(string) -} - variable "key_vault_access_ipv4" { description = "List of IPv4 Addresses that are permitted to access the Key Vault" type = list(string)