Merge pull request #1598 from ministryofjustice/MLPAB-2626-remove-reg…

…ion-from-resource-names-when-not-needed-in-account-level-terraform MLPAB-2626 - remove region from vpc endpoint names/tagging
ministryofjustice · Nov 5, 2024 · e04065b · e04065b
2 parents 6d164ca + 622e7fc
commit e04065b
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 14 deletions.
diff --git a/terraform/account/opensearch.tf b/terraform/account/opensearch.tf
@@ -1,10 +1,3 @@
-data "aws_vpc_endpoint" "opensearch" {
-  tags = {
-    Name = "opensearch-eu-west-1"
-  }
-  provider = aws.eu_west_1
-}
-
 resource "aws_opensearchserverless_security_policy" "lpas_collection_encryption_policy" {
   name        = "policy-shared-${local.account_name}"
   type        = "encryption"
@@ -44,7 +37,7 @@ resource "aws_opensearchserverless_security_policy" "lpas_collection_network_pol
       ],
       AllowFromPublic = false,
       SourceVPCEs = [
-        data.aws_vpc_endpoint.opensearch.id
+        module.eu_west_1[0].opensearch_lpas_collection_vpc_endpoint.id,
       ]
     },
     {

diff --git a/terraform/account/region/outputs.tf b/terraform/account/region/outputs.tf
@@ -1,3 +1,7 @@
 output "ecs_autoscaling_alarm_sns_topic" {
   value = aws_sns_topic.ecs_autoscaling_alarms
 }
+
+output "opensearch_lpas_collection_vpc_endpoint" {
+  value = aws_opensearchserverless_vpc_endpoint.lpas_collection_vpc_endpoint
+}
diff --git a/terraform/account/region/vpc_endpoints.tf b/terraform/account/region/vpc_endpoints.tf
@@ -1,9 +1,9 @@
 resource "aws_security_group" "vpc_endpoints_private" {
   provider    = aws.region
-  name        = "vpc-endpoint-access-private-subnets-${data.aws_region.current.name}"
+  name        = "vpc-endpoint-access-private-subnets"
   description = "VPC Interface Endpoints Security Group"
   vpc_id      = module.network.vpc.id
-  tags        = { Name = "vpc-endpoint-access-private-subnets-${data.aws_region.current.name}" }
+  tags        = { Name = "vpc-endpoint-access-private-subnets" }
 }
 
 resource "aws_security_group_rule" "vpc_endpoints_private_subnet_ingress" {
@@ -53,7 +53,7 @@ resource "aws_vpc_endpoint" "private" {
   private_dns_enabled = true
   security_group_ids  = aws_security_group.vpc_endpoints_private[*].id
   subnet_ids          = module.network.application_subnets[*].id
-  tags                = { Name = "${each.value}-private-${data.aws_region.current.name}" }
+  tags                = { Name = "${each.value}-private" }
 }
 
 resource "aws_vpc_endpoint_policy" "private" {
@@ -93,7 +93,7 @@ resource "aws_vpc_endpoint" "s3" {
   route_table_ids   = tolist(data.aws_route_tables.application.ids)
   vpc_endpoint_type = "Gateway"
   policy            = data.aws_iam_policy_document.s3.json
-  tags              = { Name = "s3-private-${data.aws_region.current.name}" }
+  tags              = { Name = "s3-private" }
 }
 
 resource "aws_vpc_endpoint" "dynamodb" {
@@ -103,7 +103,7 @@ resource "aws_vpc_endpoint" "dynamodb" {
   route_table_ids   = tolist(data.aws_route_tables.application.ids)
   vpc_endpoint_type = "Gateway"
   policy            = data.aws_iam_policy_document.allow_account_access.json
-  tags              = { Name = "dynamodb-private-${data.aws_region.current.name}" }
+  tags              = { Name = "dynamodb-private" }
 }
 
 
@@ -148,7 +148,7 @@ data "aws_iam_policy_document" "s3_bucket_access" {
 }
 
 resource "aws_opensearchserverless_vpc_endpoint" "lpas_collection_vpc_endpoint" {
-  name               = "opensearch-${data.aws_region.current.name}"
+  name               = "opensearch"
   vpc_id             = module.network.vpc.id
   subnet_ids         = module.network.application_subnets[*].id
   security_group_ids = aws_security_group.vpc_endpoints_private[*].id