From a4aadbb7b2b90312dfe68331e953ecb34b4f05b3 Mon Sep 17 00:00:00 2001
From: Buckingham <XC01857@lumen.com>
Date: Thu, 31 Oct 2024 14:30:44 +0000
Subject: [PATCH] Update_311024_3

---
 terraform/environments/ppud/iam.tf     | 14 +++++++-------
 terraform/environments/ppud/secrets.tf |  5 +++++
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/terraform/environments/ppud/iam.tf b/terraform/environments/ppud/iam.tf
index 07c1ed6b369..6002b9ed060 100644
--- a/terraform/environments/ppud/iam.tf
+++ b/terraform/environments/ppud/iam.tf
@@ -324,11 +324,11 @@ resource "aws_iam_policy" "iam_policy_for_lambda_cloudwatch_invoke_lambda_dev" {
         "lambda:InvokeFunction"
       ],
       "Resource": [
-      "arn:aws:ssm:eu-west-2:075585660276:*",
-      "arn:aws:cloudwatch:eu-west-2:075585660276:*",
-      "arn:aws:ssm:eu-west-2::document/AWS-RunPowerShellScript",
-      "arn:aws:lambda:eu-west-2:075585660276:*",
-      "arn:aws:ec2:eu-west-2:075585660276:*"
+      "arn:aws:ssm::${local.environment_management.account_ids["ppud-development"]}:*",
+      "arn:aws:cloudwatch::${local.environment_management.account_ids["ppud-development"]}:*",
+      "arn:aws:ssm::document/AWS-RunPowerShellScript",
+      "arn:aws:lambda::${local.environment_management.account_ids["ppud-development"]}:*",
+      "arn:aws:ec2::${local.environment_management.account_ids["ppud-development"]}:*"
       ]
    },
    {
@@ -343,8 +343,8 @@ resource "aws_iam_policy" "iam_policy_for_lambda_cloudwatch_invoke_lambda_dev" {
       "sqs:SendMessage"
       ],
     "Resource": [
-      "arn:aws:sqs:eu-west-2:075585660276:Lambda-Queue-DEV",
-      "arn:aws:sqs:eu-west-2:075585660276:Lambda-Deadletter-Queue-DEV"
+      "arn:aws:sqs::${local.environment_management.account_ids["ppud-development"]}:Lambda-Queue-DEV",
+      "arn:aws:sqs::${local.environment_management.account_ids["ppud-development"]}:Lambda-Deadletter-Queue-DEV"
     ]
    }
  ]
diff --git a/terraform/environments/ppud/secrets.tf b/terraform/environments/ppud/secrets.tf
index 4a597f0ecd4..677a39bce0c 100644
--- a/terraform/environments/ppud/secrets.tf
+++ b/terraform/environments/ppud/secrets.tf
@@ -1,3 +1,6 @@
+#####################
+# AWS Secrets Manager
+#####################
 
 # Firstly create a random generated password to use in secrets.
 
@@ -12,6 +15,8 @@ resource "random_password" "password" {
 # Creating a AWS secret versions for AWS managed AD
 
 resource "aws_secretsmanager_secret" "secretdirectoryservice" {
+  # checkov:skip=CKV_AWS_149: "Secrets manager secrets are encrypted by an AWS managed key by default, a customer managed key is not required."
+  # checkov:skip=CKV2_AWS_57: "Secrets manager uses an AWS managed key which is automatically rotated every 365 days."
   name                    = "AWSADPASS"
   recovery_window_in_days = 0
 }