From 0b9615d3e9cc6a16278ef176eec50f4d3222a86e Mon Sep 17 00:00:00 2001
From: Andrew Pearce <andrew.pearce@digital.justice.gov.uk>
Date: Wed, 26 Jun 2024 12:18:37 +0100
Subject: [PATCH] MLPAB-2189 - Create a replicated secret in management account
 (#223)

---
 terraform/account/data_sources.tf | 11 +++++++++++
 terraform/account/secrets.tf      |  8 ++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 terraform/account/data_sources.tf
 create mode 100644 terraform/account/secrets.tf

diff --git a/terraform/account/data_sources.tf b/terraform/account/data_sources.tf
new file mode 100644
index 00000000..9031cde9
--- /dev/null
+++ b/terraform/account/data_sources.tf
@@ -0,0 +1,11 @@
+data "aws_default_tags" "default" {
+  provider = aws.eu_west_1
+}
+
+data "aws_region" "eu_west_1" {
+  provider = aws.eu_west_1
+}
+
+data "aws_region" "eu_west_2" {
+  provider = aws.eu_west_2
+}
diff --git a/terraform/account/secrets.tf b/terraform/account/secrets.tf
new file mode 100644
index 00000000..78ddf316
--- /dev/null
+++ b/terraform/account/secrets.tf
@@ -0,0 +1,8 @@
+resource "aws_secretsmanager_secret" "jwt_key" {
+  name        = "${data.aws_default_tags.default.tags.application}/${data.aws_default_tags.default.tags.account}/jwt-key"
+  description = "JWT key for ${data.aws_default_tags.default.tags.application} in ${data.aws_default_tags.default.tags.account}, for use with Make and Register, and Use a LPA"
+  replica {
+    region = data.aws_region.eu_west_2.name
+  }
+  provider = aws.management_eu_west_1
+}