From de2e9fb227c296830015abee1db886d6effeb7c7 Mon Sep 17 00:00:00 2001
From: David Sibley <david.sibley@digital.justice.gov.uk>
Date: Wed, 16 Oct 2024 22:33:08 +0100
Subject: [PATCH] add new local value to retrieve OU ARN, create IPAM pool and
 share with Modernisation Platform Core OU

tagged Modernisation Platform IPAM pools with an appropriate name tag

re-ran linter
---
 organisation-security/terraform/ipam.tf   | 37 +++++++++++++++++++++++
 organisation-security/terraform/locals.tf |  6 ++++
 2 files changed, 43 insertions(+)

diff --git a/organisation-security/terraform/ipam.tf b/organisation-security/terraform/ipam.tf
index 4c01e8a8..30d7bcbf 100644
--- a/organisation-security/terraform/ipam.tf
+++ b/organisation-security/terraform/ipam.tf
@@ -9,6 +9,12 @@ locals {
     "eu-west-3",
     "eu-central-1"
   ]
+  ipam_pools = {
+    modernisation_platform = [
+      "modernisation-platform-live-data",
+      "modernisation-platform-non-live-data"
+    ]
+  }
 }
 
 # Create IPAM
@@ -72,3 +78,34 @@ resource "aws_ram_principal_association" "network_operations_centre_production_b
   principal          = local.moj_network_operations_centre_production_account_id
   resource_share_arn = aws_ram_resource_share.network_operations_centre_byoip.arn
 }
+
+# Modernisation Platform
+resource "aws_vpc_ipam_pool" "modernisation_platform_private" {
+  for_each       = toset(local.ipam_pools.modernisation_platform)
+  address_family = "ipv4"
+  description    = "Modernisation Platform"
+  ipam_scope_id  = aws_vpc_ipam.main.private_default_scope_id
+  tags = {
+    "owner" = "Modernisation Platform",
+    "name"  = each.value
+  }
+}
+
+resource "aws_ram_resource_share" "modernisation_platform_private" {
+  name                      = "modernisation_platform_private"
+  allow_external_principals = false
+  permission_arns = [
+    "arn:aws:ram::aws:permission/AWSRAMDefaultPermissionsIpamPool"
+  ]
+}
+
+resource "aws_ram_resource_association" "modernisation_platform_private" {
+  for_each           = toset(local.ipam_pools.modernisation_platform)
+  resource_arn       = aws_vpc_ipam_pool.modernisation_platform_private[each.key].arn
+  resource_share_arn = aws_ram_resource_share.modernisation_platform_private.arn
+}
+
+resource "aws_ram_principal_association" "modernisation_platform_private" {
+  principal          = local.ou_modernisation_platform_core_arn
+  resource_share_arn = aws_ram_resource_share.modernisation_platform_private.arn
+}
diff --git a/organisation-security/terraform/locals.tf b/organisation-security/terraform/locals.tf
index 1d4b7e6c..3559eb44 100644
--- a/organisation-security/terraform/locals.tf
+++ b/organisation-security/terraform/locals.tf
@@ -110,6 +110,12 @@ locals {
   #   ou.id
   # ]
 
+  ou_modernisation_platform_core_arn = coalesce([
+    for ou in data.aws_organizations_organizational_units.modernisation_platform.children :
+    ou.arn
+    if ou.name == "Modernisation Platform Core"
+  ]...)
+
   ou_modernisation_platform_member_arn = coalesce([
     for ou in data.aws_organizations_organizational_units.modernisation_platform.children :
     ou.arn