Merge branch 'main' into ELI-623

Karthikeyannhs · web-flow · commit 58a54f2f9b81 · 2026-02-02T14:40:58.000Z
diff --git a/.github/workflows/base-deploy.yml b/.github/workflows/base-deploy.yml
@@ -203,6 +203,7 @@ jobs:
           TF_VAR_SPLUNK_HEC_TOKEN: ${{ secrets.SPLUNK_HEC_TOKEN }}
           TF_VAR_SPLUNK_HEC_ENDPOINT: ${{ secrets.SPLUNK_HEC_ENDPOINT }}
           TF_VAR_OPERATOR_EMAILS: ${{ vars.SECRET_ROTATION_OPERATOR_EMAILS }}
+          TF_VAR_PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }}
 
         working-directory: ./infrastructure
         shell: bash
diff --git a/.github/workflows/cicd-2-publish.yaml b/.github/workflows/cicd-2-publish.yaml
@@ -103,6 +103,7 @@ jobs:
           TF_VAR_SPLUNK_HEC_TOKEN: ${{ secrets.SPLUNK_HEC_TOKEN }}
           TF_VAR_SPLUNK_HEC_ENDPOINT: ${{ secrets.SPLUNK_HEC_ENDPOINT }}
           TF_VAR_OPERATOR_EMAILS: ${{ vars.SECRET_ROTATION_OPERATOR_EMAILS }}
+          TF_VAR_PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }}
 
         run: |
           mkdir -p ./build
diff --git a/.github/workflows/cicd-3-test-deploy.yaml b/.github/workflows/cicd-3-test-deploy.yaml
@@ -90,6 +90,7 @@ jobs:
           TF_VAR_SPLUNK_HEC_TOKEN: ${{ secrets.SPLUNK_HEC_TOKEN }}
           TF_VAR_SPLUNK_HEC_ENDPOINT: ${{ secrets.SPLUNK_HEC_ENDPOINT }}
           TF_VAR_OPERATOR_EMAILS: ${{ vars.SECRET_ROTATION_OPERATOR_EMAILS }}
+          TF_VAR_PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }}
 
         run: |
           mkdir -p ./build
diff --git a/.github/workflows/release-candidate.yml b/.github/workflows/release-candidate.yml
@@ -237,6 +237,8 @@ jobs:
           TF_VAR_SPLUNK_HEC_TOKEN: ${{ secrets.SPLUNK_HEC_TOKEN }}
           TF_VAR_SPLUNK_HEC_ENDPOINT: ${{ secrets.SPLUNK_HEC_ENDPOINT }}
           TF_VAR_OPERATOR_EMAILS: ${{ vars.SECRET_ROTATION_OPERATOR_EMAILS }}
+          TF_VAR_PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }}
+
         run: |
           mkdir -p ./build
           echo "🚀 Deploying ${{ needs.validate.outputs.dev_tag }} to TEST"
@@ -353,8 +355,9 @@ jobs:
         id: release
         env:
           DEV_TAG: ${{ needs.validate.outputs.dev_tag }}
-          RELEASE_TYPE: ${{ inputs.release_type }}
+          INPUT_RELEASE_TYPE: ${{ inputs.release_type }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ENVIRONMENT: preprod
         run: |
           pip install requests
           python scripts/workflow/tag_and_release.py
diff --git a/infrastructure/stacks/api-layer/s3_buckets.tf b/infrastructure/stacks/api-layer/s3_buckets.tf
@@ -9,7 +9,7 @@ module "s3_rules_bucket" {
 
 module "s3_consumer_mappings_bucket" {
   source       = "../../modules/s3"
-  bucket_name  = "eli-consumer-map"
+  bucket_name  = "consumer-map"
   environment  = var.environment
   project_name = var.project_name
   stack_name   = local.stack_name
diff --git a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf
@@ -209,16 +209,16 @@ resource "aws_iam_policy" "s3_management" {
         Resource = [
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-rules",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-rules/*",
-          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-consumer-map",
-          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-consumer-map/*",
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-consumer-map",
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-consumer-map/*",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-audit",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-audit/*",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-rules-access-logs",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-rules-access-logs/*",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-audit-access-logs",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-audit-access-logs/*",
-          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-consumer-map-access-logs",
-          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-consumer-map-access-logs/*",
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-consumer-map-access-logs",
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-consumer-map-access-logs/*",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore/*",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore-access-logs",
diff --git a/infrastructure/stacks/networking/ssm.tf b/infrastructure/stacks/networking/ssm.tf
@@ -1,4 +1,5 @@
 resource "aws_ssm_parameter" "proxygen_private_key" {
+  count = var.environment == "dev" ? 1 : 0
   name  = "/${var.environment}/proxygen/private_key"
   type  = "SecureString"
   key_id = aws_kms_key.networking_ssm_key.id

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`resource "aws_ssm_parameter" "proxygen_private_key" {`
	`2`	`+ count = var.environment == "dev" ? 1 : 0`
`2`	`3`	`name = "/${var.environment}/proxygen/private_key"`
`3`	`4`	`type = "SecureString"`
`4`	`5`	`key_id = aws_kms_key.networking_ssm_key.id`