diff --git a/operations/app/terraform/modules/init/key_vault.tf b/operations/app/terraform/modules/init/key_vault.tf index d8c1756ed29..36b69673f16 100644 --- a/operations/app/terraform/modules/init/key_vault.tf +++ b/operations/app/terraform/modules/init/key_vault.tf @@ -107,7 +107,7 @@ resource "azurerm_key_vault_access_policy" "init_tf" { key_vault_id = azurerm_key_vault.init[each.value].id tenant_id = data.azurerm_client_config.current.tenant_id // terraform-automation 5ab367bf-df15-45af-a027-47f95f2c75d8 - object_id = "4d81288c-27a3-4df8-b776-c9da8e688bc7" + object_id = "a58ee002-62c7-4a91-a2dc-4a837663aa00" key_permissions = [ "Create", diff --git a/operations/app/terraform/vars/demo/locals.tf b/operations/app/terraform/vars/demo/locals.tf index 52e3441efa8..72250bbb34a 100644 --- a/operations/app/terraform/vars/demo/locals.tf +++ b/operations/app/terraform/vars/demo/locals.tf @@ -26,7 +26,7 @@ locals { tf_secrets_vault = "pdh${local.init.environment}-keyvault${local.init.random_id}" } ad = { - terraform_object_id = "4d81288c-27a3-4df8-b776-c9da8e688bc7" + terraform_object_id = "a58ee002-62c7-4a91-a2dc-4a837663aa00" aad_object_keyvault_admin = "3c17896c-ff94-4298-a719-aaac248aa2c8" aad_group_postgres_admin = "f94409a9-12b1-4820-a1b6-e3e0a4fa282d" } diff --git a/operations/app/terraform/vars/prod/locals.tf b/operations/app/terraform/vars/prod/locals.tf index a64ee7953a8..78df2edc770 100644 --- a/operations/app/terraform/vars/prod/locals.tf +++ b/operations/app/terraform/vars/prod/locals.tf @@ -25,7 +25,7 @@ locals { tf_secrets_vault = "pdh${local.init.environment}-keyvault" } ad = { - terraform_object_id = "4d81288c-27a3-4df8-b776-c9da8e688bc7" + terraform_object_id = "a58ee002-62c7-4a91-a2dc-4a837663aa00" aad_object_keyvault_admin = "5c6a951e-a4c2-4890-b62c-0ed8179501bb" aad_group_postgres_admin = "c4031f1f-229c-4a8a-b3b9-23bae9dbf197" } diff --git a/operations/app/terraform/vars/staging/locals.tf b/operations/app/terraform/vars/staging/locals.tf index 47066309e34..3a221af96a7 100644 --- a/operations/app/terraform/vars/staging/locals.tf +++ b/operations/app/terraform/vars/staging/locals.tf @@ -25,7 +25,7 @@ locals { tf_secrets_vault = "pdh${local.init.environment}-keyvault" } ad = { - terraform_object_id = "4d81288c-27a3-4df8-b776-c9da8e688bc7" + terraform_object_id = "a58ee002-62c7-4a91-a2dc-4a837663aa00" aad_object_keyvault_admin = "b35a2a63-aeb2-438c-913b-bebeb821adfe" aad_group_postgres_admin = "c4031f1f-229c-4a8a-b3b9-23bae9dbf197" } diff --git a/operations/app/terraform/vars/test/locals.tf b/operations/app/terraform/vars/test/locals.tf index b229fad36f0..8ff6b711219 100644 --- a/operations/app/terraform/vars/test/locals.tf +++ b/operations/app/terraform/vars/test/locals.tf @@ -25,7 +25,7 @@ locals { tf_secrets_vault = "pdh${local.init.environment}-keyvault" } ad = { - terraform_object_id = "4d81288c-27a3-4df8-b776-c9da8e688bc7" + terraform_object_id = "a58ee002-62c7-4a91-a2dc-4a837663aa00" aad_object_keyvault_admin = "3c17896c-ff94-4298-a719-aaac248aa2c8" aad_group_postgres_admin = "f94409a9-12b1-4820-a1b6-e3e0a4fa282d" } diff --git a/prime-router/docs/docs-deprecated/environment-provisioning.md b/prime-router/docs/docs-deprecated/environment-provisioning.md index 83d62558c67..f9460ae2533 100644 --- a/prime-router/docs/docs-deprecated/environment-provisioning.md +++ b/prime-router/docs/docs-deprecated/environment-provisioning.md @@ -6,7 +6,7 @@ Any adjustments to the infrastructure provisining process should be noted here s 2. [Trial Frontend Environments](#trial-frontend-environments) ## Azure Prerequisites -We assume the following infrastructure has already been deployed by CMS. +We assume the following infrastructure has already been deployed by CMS. - Resource Group for underlying infrastructure - Storage Account - Used to store the terraform tf state. - You will need to authenticate the az command line application using your SU account: @@ -42,14 +42,14 @@ Push (or merge) code into any of the following branches: > 1. Navigate to `demo` Terraform directory using one of the following methods: > * `terraform -chdir=operations/app/terraform/vars/demo` > * `operations/app/terraform/vars/demo terraform` -> +> > 2. Specify `-var-file` and `-backend-config` from the desired demo directory (demo1, demo2, or demo3) > * `-var-file=demo1/env.tfvars.json` > * `-backend-config=demo1/env.tfbackend` -> +> > 3. Target the `init` Terraform module to `apply` base resources (vnets, key vaults, etc.) > * `-target=module.init` -> +> > 4. After base resources are created, run `apply` without a target ### Specify environment & Terraform path @@ -84,11 +84,11 @@ echo "init complete" # Import access polices that are shared with init and key_vault modules terraform -chdir=$path import -var-file=$env/env.tfvars.json \ module.key_vault.azurerm_key_vault_access_policy.terraform_app_config_access_policy[0] \ -"/subscriptions/7d1e3999-6577-4cd5-b296-f518e5c8e677/resourceGroups/prime-data-hub-$env/providers/Microsoft.KeyVault/vaults/pdh$env-appconfigmt8/objectId/4d81288c-27a3-4df8-b776-c9da8e688bc7" +"/subscriptions/7d1e3999-6577-4cd5-b296-f518e5c8e677/resourceGroups/prime-data-hub-$env/providers/Microsoft.KeyVault/vaults/pdh$env-appconfigmt8/objectId/a58ee002-62c7-4a91-a2dc-4a837663aa00" terraform -chdir=$path import -var-file=$env/env.tfvars.json \ module.key_vault.azurerm_key_vault_access_policy.terraform_access_policy[0] \ -"/subscriptions/7d1e3999-6577-4cd5-b296-f518e5c8e677/resourceGroups/prime-data-hub-$env/providers/Microsoft.KeyVault/vaults/pdh$env-keyvaultmt8/objectId/4d81288c-27a3-4df8-b776-c9da8e688bc7" +"/subscriptions/7d1e3999-6577-4cd5-b296-f518e5c8e677/resourceGroups/prime-data-hub-$env/providers/Microsoft.KeyVault/vaults/pdh$env-keyvaultmt8/objectId/a58ee002-62c7-4a91-a2dc-4a837663aa00" for i in {1..3}; do \ terraform -chdir=$path apply \