From f303cf29284c91eca565baae16519b53c5188c9b Mon Sep 17 00:00:00 2001
From: Dominic Robinson <65237317+drobinson-moj@users.noreply.github.com>
Date: Fri, 15 Dec 2023 16:43:28 +0000
Subject: [PATCH] updated README for get-modernisation-platform-facts role
 (#452)

---
 .../README.md                                 | 22 +++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/get-modernisation-platform-facts/README.md b/ansible/roles/get-modernisation-platform-facts/README.md
index f2aca287b..c7a11bf85 100644
--- a/ansible/roles/get-modernisation-platform-facts/README.md
+++ b/ansible/roles/get-modernisation-platform-facts/README.md
@@ -4,8 +4,26 @@ Note that the `environment_management` secret stored in `modernisation_platform`
 is not shared with EC2 instances. So this role relies on a copy being stored
 as a SSM parameter `account_ids`.
 
-See nomis for an example of how this parameter is created using the
-`baseline` and `baseline_presets` module.
+For applications that use baseline module (Nomis, Oasys etc.), the value
+is automatically created via the `baseline` module. Otherwise, add terraform
+like this
+
+```
+resource "aws_ssm_parameter" "account_ids" {
+  name        = "account_ids"
+  description = "Selected modernisation platform AWS account IDs for use by ansible"
+  type        = "SecureString"
+  key_id      = data.aws_kms_key.general_shared.arn
+  value = jsonencode({
+    for key, value in local.environment_management.account_ids :
+    key => value if contains(["hmpps-oem-${local.environment}"], key)
+  })
+
+  tags = merge(local.tags, {
+    Name = "account_ids"
+  })
+}
+```
 
 Facts are set as follows:
 - `account_ids` is a map of account IDs where account name is the key