From 14013f3a67a7e7b6945cc322b9c5cc5f7e84421e Mon Sep 17 00:00:00 2001
From: Andrew Pearce <andrew.pearce@digital.justice.gov.uk>
Date: Tue, 5 Nov 2024 09:37:46 +0000
Subject: [PATCH 1/3] remove revion from vpc endpoint names/tagging

---
 terraform/account/region/vpc_endpoints.tf | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/terraform/account/region/vpc_endpoints.tf b/terraform/account/region/vpc_endpoints.tf
index e6c4370e1e..3147b8346f 100644
--- a/terraform/account/region/vpc_endpoints.tf
+++ b/terraform/account/region/vpc_endpoints.tf
@@ -1,9 +1,9 @@
 resource "aws_security_group" "vpc_endpoints_private" {
   provider    = aws.region
-  name        = "vpc-endpoint-access-private-subnets-${data.aws_region.current.name}"
+  name        = "vpc-endpoint-access-private-subnets"
   description = "VPC Interface Endpoints Security Group"
   vpc_id      = module.network.vpc.id
-  tags        = { Name = "vpc-endpoint-access-private-subnets-${data.aws_region.current.name}" }
+  tags        = { Name = "vpc-endpoint-access-private-subnets" }
 }
 
 resource "aws_security_group_rule" "vpc_endpoints_private_subnet_ingress" {
@@ -53,7 +53,7 @@ resource "aws_vpc_endpoint" "private" {
   private_dns_enabled = true
   security_group_ids  = aws_security_group.vpc_endpoints_private[*].id
   subnet_ids          = module.network.application_subnets[*].id
-  tags                = { Name = "${each.value}-private-${data.aws_region.current.name}" }
+  tags                = { Name = "${each.value}-private" }
 }
 
 resource "aws_vpc_endpoint_policy" "private" {
@@ -93,7 +93,7 @@ resource "aws_vpc_endpoint" "s3" {
   route_table_ids   = tolist(data.aws_route_tables.application.ids)
   vpc_endpoint_type = "Gateway"
   policy            = data.aws_iam_policy_document.s3.json
-  tags              = { Name = "s3-private-${data.aws_region.current.name}" }
+  tags              = { Name = "s3-private" }
 }
 
 resource "aws_vpc_endpoint" "dynamodb" {
@@ -103,7 +103,7 @@ resource "aws_vpc_endpoint" "dynamodb" {
   route_table_ids   = tolist(data.aws_route_tables.application.ids)
   vpc_endpoint_type = "Gateway"
   policy            = data.aws_iam_policy_document.allow_account_access.json
-  tags              = { Name = "dynamodb-private-${data.aws_region.current.name}" }
+  tags              = { Name = "dynamodb-private" }
 }
 
 
@@ -148,7 +148,7 @@ data "aws_iam_policy_document" "s3_bucket_access" {
 }
 
 resource "aws_opensearchserverless_vpc_endpoint" "lpas_collection_vpc_endpoint" {
-  name               = "opensearch-${data.aws_region.current.name}"
+  name               = "opensearch"
   vpc_id             = module.network.vpc.id
   subnet_ids         = module.network.application_subnets[*].id
   security_group_ids = aws_security_group.vpc_endpoints_private[*].id

From cfada0c4f8a166cb54f13946b3657d1c59ab39f8 Mon Sep 17 00:00:00 2001
From: Andrew Pearce <andrew.pearce@digital.justice.gov.uk>
Date: Tue, 5 Nov 2024 09:53:40 +0000
Subject: [PATCH 2/3] use correct endpoint tag for opensearch

---
 terraform/account/opensearch.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/account/opensearch.tf b/terraform/account/opensearch.tf
index c398943c74..66dd5a7775 100644
--- a/terraform/account/opensearch.tf
+++ b/terraform/account/opensearch.tf
@@ -1,6 +1,6 @@
 data "aws_vpc_endpoint" "opensearch" {
   tags = {
-    Name = "opensearch-eu-west-1"
+    Name = "opensearch"
   }
   provider = aws.eu_west_1
 }

From 1dfb5e154cccb1676d4f3785dfe1ed60b68013ae Mon Sep 17 00:00:00 2001
From: Andrew Pearce <andrew.pearce@digital.justice.gov.uk>
Date: Tue, 5 Nov 2024 10:06:20 +0000
Subject: [PATCH 3/3] use module output for opensearch vpc endpoint

---
 terraform/account/opensearch.tf     | 9 +--------
 terraform/account/region/outputs.tf | 4 ++++
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/terraform/account/opensearch.tf b/terraform/account/opensearch.tf
index 66dd5a7775..c1327de7e7 100644
--- a/terraform/account/opensearch.tf
+++ b/terraform/account/opensearch.tf
@@ -1,10 +1,3 @@
-data "aws_vpc_endpoint" "opensearch" {
-  tags = {
-    Name = "opensearch"
-  }
-  provider = aws.eu_west_1
-}
-
 resource "aws_opensearchserverless_security_policy" "lpas_collection_encryption_policy" {
   name        = "policy-shared-${local.account_name}"
   type        = "encryption"
@@ -44,7 +37,7 @@ resource "aws_opensearchserverless_security_policy" "lpas_collection_network_pol
       ],
       AllowFromPublic = false,
       SourceVPCEs = [
-        data.aws_vpc_endpoint.opensearch.id
+        module.eu_west_1[0].opensearch_lpas_collection_vpc_endpoint.id,
       ]
     },
     {
diff --git a/terraform/account/region/outputs.tf b/terraform/account/region/outputs.tf
index 4dfd2a35b7..410a025bdf 100644
--- a/terraform/account/region/outputs.tf
+++ b/terraform/account/region/outputs.tf
@@ -1,3 +1,7 @@
 output "ecs_autoscaling_alarm_sns_topic" {
   value = aws_sns_topic.ecs_autoscaling_alarms
 }
+
+output "opensearch_lpas_collection_vpc_endpoint" {
+  value = aws_opensearchserverless_vpc_endpoint.lpas_collection_vpc_endpoint
+}