Create an AWS Access Analyzer in each non-ephemeral account

samsimpson1 · samsimpson1 · commit d81c119c06de · 2025-05-21T11:37:36.000+01:00
diff --git a/terraform/deployments/vpc/iam_access_analyzer.tf b/terraform/deployments/vpc/iam_access_analyzer.tf
@@ -0,0 +1,4 @@
+resource "aws_accessanalyzer_analyzer" "govuk" {
+  count         = local.is_ephemeral ? 0 : 1
+  analyzer_name = "govuk"
+}
diff --git a/terraform/deployments/vpc/main.tf b/terraform/deployments/vpc/main.tf
@@ -27,3 +27,7 @@ provider "aws" {
     }
   }
 }
+
+locals {
+  is_ephemeral = startswith(var.govuk_environment, "eph-")
+}

Original file line number	Diff line number	Diff line change
`@@ -27,3 +27,7 @@ provider "aws" {`
`27`	`27`	`}`
`28`	`28`	`}`
`29`	`29`	`}`
	`30`	`+`
	`31`	`+locals {`
	`32`	`+ is_ephemeral = startswith(var.govuk_environment, "eph-")`
	`33`	`+}`