From e726fc6b725305a7d98759468e5a97a51e288ddc Mon Sep 17 00:00:00 2001
From: Sam Simpson <sam.simpson@digital.cabinet-office.gov.uk>
Date: Thu, 24 Oct 2024 15:33:07 +0100
Subject: [PATCH] Reuse existing security group for amazonmq

Amazon MQ doesn't support changing the security group associated with an instance
---
 .../amazonmq_security_groups.tf                   | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/terraform/deployments/govuk-publishing-infrastructure/amazonmq_security_groups.tf b/terraform/deployments/govuk-publishing-infrastructure/amazonmq_security_groups.tf
index 7e4de5bd3..3e7a8be7e 100644
--- a/terraform/deployments/govuk-publishing-infrastructure/amazonmq_security_groups.tf
+++ b/terraform/deployments/govuk-publishing-infrastructure/amazonmq_security_groups.tf
@@ -12,11 +12,20 @@
 # sg_rabbitmq_elb_id
 
 resource "aws_security_group" "rabbitmq" {
-  name        = "rabbitmq-access"
-  vpc_id      = data.tfe_outputs.vpc.values.id
+  name        = "govuk_rabbitmq_access"
+  vpc_id      = data.tfe_outputs.vpc.nonsensitive_values.id
   description = "Access to the rabbitmq host from its ELB"
 }
 
+data "aws_security_group" "rabbitmq" {
+  name = "govuk_rabbitmq_access"
+}
+
+import {
+  to = aws_security_group.rabbitmq
+  id = data.aws_security_group.rabbitmq.id
+}
+
 resource "aws_security_group_rule" "rabbitmq_ingress_rabbitmq_elb_amqp" {
   type      = "ingress"
   from_port = 5672
@@ -71,7 +80,7 @@ resource "aws_security_group_rule" "rabbitmq_ingress_rabbitmq_epmd" {
 
 resource "aws_security_group" "rabbitmq_elb" {
   name        = "rabbitmq-elb-access"
-  vpc_id      = data.tfe_outputs.vpc.values.id
+  vpc_id      = data.tfe_outputs.vpc.nonsensitive_values.id
   description = "Access the rabbitmq Internal ELB"
 }