diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 2103de88db..e14b2022e4 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -60,6 +60,7 @@ updates: - "terraform/aws/analytical-platform-data-production/ingestion-egress" - "terraform/aws/analytical-platform-data-production/joiners-movers-leavers" - "terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-preproduction" + - "terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production" - "terraform/aws/analytical-platform-data-production/openmetadata" - "terraform/aws/analytical-platform-data-production/powerbi-gateway" - "terraform/aws/analytical-platform-data-production/rds-s3-exports" diff --git a/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/.terraform.lock.hcl b/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/.terraform.lock.hcl new file mode 100644 index 0000000000..200d44f013 --- /dev/null +++ b/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.82.2" + constraints = "~> 5.0, 5.82.2" + hashes = [ + "h1:kQr3M8lD6q2CdFAGp/IeXzmkbRdMfCgwzWtFUNTwAZI=", + "zh:0262fc96012fb7e173e1b7beadd46dfc25b1dc7eaef95b90e936fc454724f1c8", + "zh:397413613d27f4f54d16efcbf4f0a43c059bd8d827fe34287522ae182a992f9b", + "zh:436c0c5d56e1da4f0a4c13129e12a0b519d12ab116aed52029b183f9806866f3", + "zh:4d942d173a2553d8d532a333a0482a090f4e82a2238acf135578f163b6e68470", + "zh:624aebc549bfbce06cc2ecfd8631932eb874ac7c10eb8466ce5b9a2fbdfdc724", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9e632dee2dfdf01b371cca7854b1ec63ceefa75790e619b0642b34d5514c6733", + "zh:a07567acb115b60a3df8f6048d12735b9b3bcf85ec92a62f77852e13d5a3c096", + "zh:ab7002df1a1be6432ac0eb1b9f6f0dd3db90973cd5b1b0b33d2dae54553dfbd7", + "zh:bc1ff65e2016b018b3e84db7249b2cd0433cb5c81dc81f9f6158f2197d6b9fde", + "zh:bcad84b1d767f87af6e1ba3dc97fdb8f2ad5de9224f192f1412b09aba798c0a8", + "zh:cf917dceaa0f9d55d9ff181b5dcc4d1e10af21b6671811b315ae2a6eda866a2a", + "zh:d8e90ecfb3216f3cc13ccde5a16da64307abb6e22453aed2ac3067bbf689313b", + "zh:d9054e0e40705df729682ad34c20db8695d57f182c65963abd151c6aba1ab0d3", + "zh:ecf3a4f3c57eb7e89f71b8559e2a71e4cdf94eea0118ec4f2cb37e4f4d71a069", + ] +} diff --git a/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/data.tf b/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/data.tf new file mode 100644 index 0000000000..531a601687 --- /dev/null +++ b/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/data.tf @@ -0,0 +1,25 @@ +################################################## +# AWS +################################################## + +data "aws_caller_identity" "session" { + provider = aws.session +} + +data "aws_iam_session_context" "session" { + provider = aws.session + + arn = data.aws_caller_identity.session.arn +} + +### Account Information + +data "aws_secretsmanager_secret" "account_ids" { + provider = aws.session + name = "analytical-platform/platform-account-ids" +} + +data "aws_secretsmanager_secret_version" "account_ids_version" { + provider = aws.session + secret_id = data.aws_secretsmanager_secret.account_ids.id +} diff --git a/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/locals.tf b/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/locals.tf new file mode 100644 index 0000000000..962fcca911 --- /dev/null +++ b/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/locals.tf @@ -0,0 +1,22 @@ +locals { + data_locations = [ + { + data_location = "arn:aws:s3:::dpr-structured-historical-production" + hybrid_access = true + register = true + share = true + + } + ] + + databases = [ + { + name = "curated_prisons_history" + share_all_tables = true + share_all_tables_permissions = ["DESCRIBE", "SELECT"] + + } + ] + + account_ids = jsondecode(data.aws_secretsmanager_secret_version.account_ids_version.secret_string) +} diff --git a/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/main.tf b/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/main.tf new file mode 100644 index 0000000000..936304cc9e --- /dev/null +++ b/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/main.tf @@ -0,0 +1,13 @@ +# Module: lake_formation_analytical_platform_data_prod +module "lake_formation_analytical_platform_data_prod" { + source = "github.com/ministryofjustice/terraform-aws-analytical-platform-lakeformation?ref=6fab8677e457c2e276fa1feec8ee83bbccc1220a" + + + providers = { + aws.source = aws.digital_prisons_reporting_prod_eu_west_2 + aws.destination = aws + } + + data_locations = local.data_locations + databases_to_share = local.databases +} diff --git a/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/terraform.tf b/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/terraform.tf new file mode 100644 index 0000000000..62d4162ebd --- /dev/null +++ b/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/terraform.tf @@ -0,0 +1,57 @@ +terraform { + backend "s3" { + acl = "private" + bucket = "global-tf-state-aqsvzyd5u9" + encrypt = true + key = "aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/terraform.tfstate" + region = "eu-west-2" + dynamodb_table = "global-tf-state-aqsvzyd5u9-locks" + } + + required_providers { + aws = { + source = "hashicorp/aws" + version = "5.82.2" + } + } + + required_version = "~> 1.5" +} + +provider "aws" { + alias = "session" + region = "eu-west-2" +} + +provider "aws" { + alias = "digital_prisons_reporting_prod_eu_west_2" + region = "eu-west-2" + assume_role { + role_arn = "arn:aws:iam::${local.account_ids["digital-prisons-reporting-production"]}:role/analytical-platform-data-production-share-role" + } + default_tags { + tags = var.tags + } +} + +provider "aws" { + region = "eu-west-1" + assume_role { + role_arn = "arn:aws:iam::${local.account_ids["analytical-platform-data-production"]}:role/GlobalGitHubActionAdmin" + } + default_tags { + tags = var.tags + } +} + + +provider "aws" { + alias = "analytical_platform_management_production" + region = "eu-west-1" + assume_role { + role_arn = can(regex("AdministratorAccess", data.aws_iam_session_context.session.issuer_arn)) ? null : "arn:aws:iam::${local.account_ids["analytical-platform-management-production"]}:role/GlobalGitHubActionAdmin" + } + default_tags { + tags = var.tags + } +} diff --git a/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/terraform.tfvars b/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/terraform.tfvars new file mode 100644 index 0000000000..707ce0de99 --- /dev/null +++ b/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/terraform.tfvars @@ -0,0 +1,14 @@ +################################################## +# General +################################################## + +tags = { + business-unit = "Platforms" + application = "lakeformation-external-data/digital-prisons-reporting-production" + component = "lakeformation-external-data/digital-prisons-reporting-production" + environment = "production" + is-production = "true" + owner = "data-platform:data-platform-tech@digital.justice.gov.uk" + infrastructure-support = "data-platform:data-platform-tech@digital.justice.gov.uk" + source-code = "github.com/ministryofjustice/data-platform/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production" +} diff --git a/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/variables.tf b/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/variables.tf new file mode 100644 index 0000000000..428f1fbb18 --- /dev/null +++ b/terraform/aws/analytical-platform-data-production/lakeformation-external-data/digital-prisons-reporting-production/variables.tf @@ -0,0 +1,8 @@ +################################################## +# General +################################################## + +variable "tags" { + type = map(string) + description = "Map of tags to apply to resources" +}