Retrieve LB protection ID programmatically (#7871)

ministryofjustice · Sep 27, 2024 · 8156a77 · 8156a77
1 parent 4c3c8f6
commit 8156a77
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/terraform/environments/xhibit-portal/shield.tf b/terraform/environments/xhibit-portal/shield.tf
@@ -1,11 +1,21 @@
+# Retrieve the protection ID of the ingestion-lb protection, so it can be excluded
+locals {
+  excluded_resource_arns = [aws_elb.ingestion_lb.arn]
+}
+
+data "aws_shield_protection" "excluded" {
+  for_each = toset(local.excluded_resource_arns)
+  resource_arn = each.key
+}
+
 module "shield" {
   source   = "../../modules/shield_advanced"
   for_each = local.is-production ? { "build" = true } : {}
   providers = {
     aws.modernisation-platform = aws.modernisation-platform
   }
   application_name     = local.application_name
-  excluded_protections = ["aec0eb6a-62b1-4433-a854-77fb8b275db5"]
+  excluded_protections = [for e in data.aws_shield_protection.excluded : e.id]
   resources = {
     prtg_lb = {
       action = "block"