fix: split Staging/Prod use of Scan Files service (#569)

Update the Scan Object integration to send Forms Staging scans to the Scan Files Staging environment. This will ensure that Staging environment performance and penetration testing does not impact the Scan Files Production service.
cds-snc · Jan 10, 2024 · d043405 · d043405
1 parent a7691b9
commit d043405
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/aws/file_scanning/vault_scan_object.tf b/aws/file_scanning/vault_scan_object.tf
@@ -1,6 +1,13 @@
+locals {
+  scan_files_account = var.env == "production" ? "806545929748" : "127893201980"
+}
+
 module "vault_scan_object" {
-  source = "github.com/cds-snc/terraform-modules//S3_scan_object?ref=v6.1.3"
+  source = "github.com/cds-snc/terraform-modules//S3_scan_object?ref=v9.0.0"
+
+  s3_upload_bucket_name   = var.vault_file_storage_id
+  s3_scan_object_role_arn = "arn:aws:iam::${local.scan_files_account}:role/s3-scan-object"
+  scan_files_role_arn     = "arn:aws:iam::${local.scan_files_account}:role/scan-files-api"
 
-  s3_upload_bucket_name = var.vault_file_storage_id
-  billing_tag_value     = var.billing_tag_value
+  billing_tag_value = var.billing_tag_value
 }