Sharing production DPR data (#6586)

* Sharing production DPR data

* 🤖 Update .github/dependabot.yml

---------

Co-authored-by: Ministry of Justice Data Platform Robot <[email protected]>

.github/dependabot.yml

@@ -60,6 +60,7 @@ updates:
       - "terraform/aws/analytical-platform-data-production/ingestion-egress"
       - "terraform/aws/analytical-platform-data-production/joiners-movers-leavers"
       - "terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-preproduction"
+      - "terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production"
       - "terraform/aws/analytical-platform-data-production/openmetadata"
       - "terraform/aws/analytical-platform-data-production/powerbi-gateway"
       - "terraform/aws/analytical-platform-data-production/rds-s3-exports"

terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/data.tf

@@ -0,0 +1,25 @@
+##################################################
+# AWS
+##################################################
+
+data "aws_caller_identity" "session" {
+  provider = aws.session
+}
+
+data "aws_iam_session_context" "session" {
+  provider = aws.session
+
+  arn = data.aws_caller_identity.session.arn
+}
+
+### Account Information
+
+data "aws_secretsmanager_secret" "account_ids" {
+  provider = aws.session
+  name     = "analytical-platform/platform-account-ids"
+}
+
+data "aws_secretsmanager_secret_version" "account_ids_version" {
+  provider  = aws.session
+  secret_id = data.aws_secretsmanager_secret.account_ids.id
+}

terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/locals.tf

@@ -0,0 +1,22 @@
+locals {
+  data_locations = [
+    {
+      data_location = "arn:aws:s3:::dpr-structured-historical-production"
+      hybrid_access = true
+      register      = true
+      share         = true
+
+    }
+  ]
+
+  databases = [
+    {
+      name                         = "curated_prisons_history"
+      share_all_tables             = true
+      share_all_tables_permissions = ["DESCRIBE", "SELECT"]
+
+    }
+  ]
+
+  account_ids = jsondecode(data.aws_secretsmanager_secret_version.account_ids_version.secret_string)
+}

terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/main.tf

@@ -0,0 +1,13 @@
+# Module: lake_formation_analytical_platform_data_prod
+module "lake_formation_analytical_platform_data_prod" {
+  source = "github.com/ministryofjustice/terraform-aws-analytical-platform-lakeformation?ref=6fab8677e457c2e276fa1feec8ee83bbccc1220a"
+
+
+  providers = {
+    aws.source      = aws.digital_prisons_reporting_prod_eu_west_2
+    aws.destination = aws
+  }
+
+  data_locations     = local.data_locations
+  databases_to_share = local.databases
+}

terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/terraform.tf

@@ -0,0 +1,57 @@
+terraform {
+  backend "s3" {
+    acl            = "private"
+    bucket         = "global-tf-state-aqsvzyd5u9"
+    encrypt        = true
+    key            = "aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/terraform.tfstate"
+    region         = "eu-west-2"
+    dynamodb_table = "global-tf-state-aqsvzyd5u9-locks"
+  }
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.82.2"
+    }
+  }
+
+  required_version = "~> 1.5"
+}
+
+provider "aws" {
+  alias  = "session"
+  region = "eu-west-2"
+}
+
+provider "aws" {
+  alias  = "digital_prisons_reporting_prod_eu_west_2"
+  region = "eu-west-2"
+  assume_role {
+    role_arn = "arn:aws:iam::${local.account_ids["digital-prisons-reporting-production"]}:role/analytical-platform-data-production-share-role"
+  }
+  default_tags {
+    tags = var.tags
+  }
+}
+
+provider "aws" {
+  region = "eu-west-1"
+  assume_role {
+    role_arn = "arn:aws:iam::${local.account_ids["analytical-platform-data-production"]}:role/GlobalGitHubActionAdmin"
+  }
+  default_tags {
+    tags = var.tags
+  }
+}
+
+
+provider "aws" {
+  alias  = "analytical_platform_management_production"
+  region = "eu-west-1"
+  assume_role {
+    role_arn = can(regex("AdministratorAccess", data.aws_iam_session_context.session.issuer_arn)) ? null : "arn:aws:iam::${local.account_ids["analytical-platform-management-production"]}:role/GlobalGitHubActionAdmin"
+  }
+  default_tags {
+    tags = var.tags
+  }
+}

terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/terraform.tfvars

@@ -0,0 +1,14 @@
+##################################################
+# General
+##################################################
+
+tags = {
+  business-unit          = "Platforms"
+  application            = "lakeformation-external-data/digital-prisons-reporting-production"
+  component              = "lakeformation-external-data/digital-prisons-reporting-production"
+  environment            = "production"
+  is-production          = "true"
+  owner                  = "data-platform:[email protected]"
+  infrastructure-support = "data-platform:[email protected]"
+  source-code            = "github.com/ministryofjustice/data-platform/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production"
+}

terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/variables.tf

@@ -0,0 +1,8 @@
+##################################################
+# General
+##################################################
+
+variable "tags" {
+  type        = map(string)
+  description = "Map of tags to apply to resources"
+}