dms1981
dms1981
I think @ep-93 has covered a lot of this, but I would see the following as *platform* components that would need to be reconstituted in the event of a region...
These two aren't *platform* components specifically, but would also need consideration: - `MOJ Master` account - AWS Organizations Service Control Policies restricting use of AWS outside of `eu-west-2` - `MOJ...
With regards our KMS keys, the answer here might be to look more deeply into the provision of [kms_replica_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_replica_key) resources, as also discussed [here](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html).
With regards to AWS Backup, we can also duplicate them into a separate region: ``` resource "aws_backup_plan" "replica" { ... rule { copy_action { destination_vault_arn = "arn:aws:backup:*:*:backup-vault:replica" lifecycle {} }...
So I think this gives us the following runbooks in need of creation for platform components: - [ ] Modernisation Platform account - [ ] AWS resources (IAM roles, accounts,...
We do also have our secure analysis tools to check these things.
I'll refine this - I think it's a spike, but if I spent some time having a think about it I can rewrite this so it's ready for the team...
We actually do make use of `plan` outputs in our modernisation-platform-environments workflows now.
I can see evidence of this check succeeding, but no evidence of it failing. As mentioned by @bellbrothers there's a six month old AWS document that references the need for...
https://github.com/hashicorp/terraform-provider-aws/issues/29842 According to Hashicorp, enhancements to how default tags are supported are due in the next major release of the Terraform AWS provider