From 0431865e71893b73e4506ba0861abaa7b5c91d67 Mon Sep 17 00:00:00 2001 From: vgnapskainos <253046491+vgnapskainos@users.noreply.github.com> Date: Mon, 18 May 2026 14:50:50 +0100 Subject: [PATCH 1/6] IaC Pre-Requisite Infra for NHS-E SecretsManageement --- scripts/infra/README.md | 101 +++++++++++++++ scripts/infra/dynamodb-terraform.tf | 28 ++++ scripts/infra/iam-oidc.tf | 190 ++++++++++++++++++++++++++++ scripts/infra/provider.tf | 24 ++++ scripts/infra/s3-terraform.tf | 59 +++++++++ scripts/infra/variables.tf | 47 +++++++ 6 files changed, 449 insertions(+) create mode 100644 scripts/infra/README.md create mode 100644 scripts/infra/dynamodb-terraform.tf create mode 100644 scripts/infra/iam-oidc.tf create mode 100644 scripts/infra/provider.tf create mode 100644 scripts/infra/s3-terraform.tf create mode 100644 scripts/infra/variables.tf diff --git a/scripts/infra/README.md b/scripts/infra/README.md new file mode 100644 index 0000000..f41e4aa --- /dev/null +++ b/scripts/infra/README.md @@ -0,0 +1,101 @@ +# scripts/infra README + +## Purpose + +The `scripts/infra` directory contains **one-time bootstrap Terraform configuration** for setting up the foundational AWS infrastructure required to manage the genomic-order-management-service-api application infrastructure using Terraform. + +## What This Sets Up + +This directory creates the infrastructure **backend** and **deployment prerequisites**: + +1. **Terraform State Backend (S3 + DynamoDB)** + - S3 bucket for storing Terraform state files (`s3-terraform.tf`) + - DynamoDB table for state locking (`dynamodb-terraform.tf`) + - Enables safe, concurrent Terraform operations + +2. **GitHub Actions OIDC Integration** + - AWS IAM role for GitHub Actions (`iam-oidc.tf`) + - Trust policy allowing GitHub Actions workflows to assume the role + - Granular permissions for Terraform deployments + - No long-lived credentials stored in pipeline + +3. **OIDC Identity Provider** + - Existing AWS OIDC provider for GitHub Actions (referenced via data source) + - Used by the IAM role for secure authentication + +## Usage + +### Initial Setup (One-Time) + +```bash +# Navigate to scripts/infra +cd scripts/infra + +# Initialize Terraform with local backend +terraform init + +# Review the plan +terraform plan -var github_org=NHSDigital -var github_repo=genomic-order-management-service-api + +# Apply the infrastructure +terraform apply +``` + +### Configuration + +Environment variables and defaults: +- `aws_region`: `eu-west-2` (default) +- `environment`: `prod` (default) +- `github_org`: `NHSDigital` (default) +- `github_repo`: `genomic-order-management-service-api` (default) +- `github_branch`: `main` (default) +- `role_name`: `github-genomics-oidc-role` (default) +- `project`: `genomics` (default) + +Override defaults via `-var` flags or `terraform.tfvars` file. + +### State Management + +- **State Storage**: S3 bucket created and managed by this configuration +- **State Locking**: DynamoDB table prevents concurrent modifications +- **Initial Backend**: Uses local Terraform state initially +- **After Apply**: Configure remote backend in subsequent deployments + +### Outputs + +After applying, the following outputs are available: + +- `role_arn` - GitHub Actions IAM role ARN +- `oidc_provider_arn` - OIDC provider ARN +- `role_name` - GitHub Actions IAM role name +- `github_org` - GitHub organization configured +- `github_repo` - GitHub repository configured +- `github_branch` - GitHub branch allowed for deployments + +## Important Notes + +⚠️ **This is a one-time bootstrap setup** +- Do NOT re-apply this configuration unless you need to update it +- Do NOT delete resources unless you understand the impact on existing deployments +- The IAM role and S3/DynamoDB resources are critical for all infrastructure management + +✅ **Used by** +- All infrastructure deployments in `infrastructure/` directory +- GitHub Actions workflows for managing application infrastructure +- Terraform state backend for tracking resource state + +## Related Documentation + +- **Infrastructure Deployments**: See `infrastructure/` directory for NHS-E application infrastructure +- **GitHub Workflows**: See `.github/workflows/infra-*.yaml` for deployment automation +- **IAM Permissions**: Review `iam-oidc.tf` for GitHub Actions role permissions + +## Files in This Directory + +- `provider.tf` - AWS provider configuration with default tags +- `variables.tf` - Shared variable definitions +- `iam-oidc.tf` - GitHub Actions IAM role and trust policy +- `s3-terraform.tf` - Terraform state S3 bucket +- `dynamodb-terraform.tf` - State locking DynamoDB table +- `outputs.tf` - Infrastructure outputs +- `iam-oidc.sh` - Legacy shell script (for reference/manual setup) diff --git a/scripts/infra/dynamodb-terraform.tf b/scripts/infra/dynamodb-terraform.tf new file mode 100644 index 0000000..a125605 --- /dev/null +++ b/scripts/infra/dynamodb-terraform.tf @@ -0,0 +1,28 @@ +resource "aws_dynamodb_table" "terraform_state_lock" { + name = "${var.project}-tfstate-lock-${var.environment}" + billing_mode = "PAY_PER_REQUEST" + hash_key = "LockID" + + attribute { + name = "LockID" + type = "S" + } + + server_side_encryption { + enabled = true + } + + point_in_time_recovery { + enabled = true + } + + lifecycle { + prevent_destroy = true + } + + tags = { + project = var.project + Name = "terraform-lock-${var.environment}" + Environment = var.environment + } +} diff --git a/scripts/infra/iam-oidc.tf b/scripts/infra/iam-oidc.tf new file mode 100644 index 0000000..4f96509 --- /dev/null +++ b/scripts/infra/iam-oidc.tf @@ -0,0 +1,190 @@ +data "aws_iam_openid_connect_provider" "github_actions" { + arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${var.oidc_provider}" +} + +data "aws_iam_policy_document" "github_actions_assume_role" { + statement { + effect = "Allow" + + principals { + type = "Federated" + identifiers = [data.aws_iam_openid_connect_provider.github_actions.arn] + } + + actions = ["sts:AssumeRoleWithWebIdentity"] + + condition { + test = "StringLike" + variable = "token.actions.githubusercontent.com:sub" + values = [ + "repo:${var.github_org}/${var.github_repo}:ref:refs/heads/${var.github_branch}", + ] + } + + condition { + test = "StringEquals" + variable = "token.actions.githubusercontent.com:aud" + values = ["sts.amazonaws.com"] + } + } +} + +resource "aws_iam_role" "github_actions" { + name = var.role_name + assume_role_policy = data.aws_iam_policy_document.github_actions_assume_role.json +} + +data "aws_iam_policy_document" "deploy_permissions" { + statement { + sid = "S3BucketManagement" + effect = "Allow" + + actions = [ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:GetBucketVersioning", + "s3:PutBucketVersioning", + "s3:GetBucketEncryption", + "s3:PutBucketEncryption", + "s3:GetBucketPublicAccessBlock", + "s3:PutBucketPublicAccessBlock", + "s3:GetBucketPolicy", + "s3:PutBucketPolicy", + "s3:ListBucket", + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject", + ] + + resources = [ + "arn:aws:s3:::*", + "arn:aws:s3:::*/*", + ] + } + + statement { + sid = "DynamoDBTableManagement" + effect = "Allow" + + actions = [ + "dynamodb:CreateTable", + "dynamodb:DeleteTable", + "dynamodb:DescribeTable", + "dynamodb:UpdateTable", + "dynamodb:ListTables", + "dynamodb:GetItem", + "dynamodb:PutItem", + "dynamodb:UpdateItem", + "dynamodb:DeleteItem", + ] + + resources = ["arn:aws:dynamodb:*:*:table/*"] + } + + statement { + sid = "SecretsManagerManagement" + effect = "Allow" + + actions = [ + "secretsmanager:CreateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:PutSecretValue", + "secretsmanager:UpdateSecret", + "secretsmanager:ListSecrets", + ] + + resources = ["arn:aws:secretsmanager:*:*:secret:*"] + } + + statement { + sid = "KMSKeyManagement" + effect = "Allow" + + actions = [ + "kms:CreateKey", + "kms:DescribeKey", + "kms:ListKeys", + "kms:ListAliases", + "kms:CreateAlias", + "kms:DeleteAlias", + "kms:UpdateAlias", + "kms:GetKeyPolicy", + "kms:PutKeyPolicy", + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey", + "kms:ScheduleKeyDeletion", + ] + + resources = ["arn:aws:kms:*:*:key/*"] + } + + statement { + sid = "IAMRoleManagement" + effect = "Allow" + + actions = [ + "iam:CreateRole", + "iam:DeleteRole", + "iam:GetRole", + "iam:ListRoles", + "iam:UpdateAssumeRolePolicy", + "iam:GetAssumeRolePolicy", + "iam:PassRole", + "iam:TagRole", + "iam:UntagRole", + ] + + resources = ["arn:aws:iam::*:role/*"] + } + + statement { + sid = "IAMPolicyManagement" + effect = "Allow" + + actions = [ + "iam:CreatePolicy", + "iam:DeletePolicy", + "iam:GetPolicy", + "iam:ListPolicies", + "iam:CreatePolicyVersion", + "iam:DeletePolicyVersion", + "iam:ListPolicyVersions", + "iam:GetPolicyVersion", + "iam:AttachRolePolicy", + "iam:DetachRolePolicy", + "iam:ListAttachedRolePolicies", + "iam:PutRolePolicy", + "iam:GetRolePolicy", + "iam:DeleteRolePolicy", + "iam:ListRolePolicies", + ] + + resources = [ + "arn:aws:iam::*:policy/*", + "arn:aws:iam::*:role/*", + ] + } + + statement { + sid = "CloudWatchLogs" + effect = "Allow" + + actions = [ + "logs:CreateLogGroup", + "logs:DeleteLogGroup", + "logs:DescribeLogGroups", + "logs:ListLogGroups", + ] + + resources = ["arn:aws:logs:*:*:log-group:*"] + } +} + +resource "aws_iam_role_policy" "deploy_permissions" { + name = "deploy-permissions" + role = aws_iam_role.github_actions.id + policy = data.aws_iam_policy_document.deploy_permissions.json +} diff --git a/scripts/infra/provider.tf b/scripts/infra/provider.tf new file mode 100644 index 0000000..906d392 --- /dev/null +++ b/scripts/infra/provider.tf @@ -0,0 +1,24 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.0" + } + } +} + +provider "aws" { + region = var.aws_region + + default_tags { + tags = { + Environment = var.environment + Project = "genomic-order-management-service-api" + ManagedBy = "Terraform" + } + } +} + +data "aws_caller_identity" "current" {} \ No newline at end of file diff --git a/scripts/infra/s3-terraform.tf b/scripts/infra/s3-terraform.tf new file mode 100644 index 0000000..f8ff6e8 --- /dev/null +++ b/scripts/infra/s3-terraform.tf @@ -0,0 +1,59 @@ +locals { + terraform_state_bucket_name = "${var.project}-tfstate-${var.environment}" +} + +resource "aws_s3_bucket" "terraform_state_store" { + bucket = local.terraform_state_bucket_name + + lifecycle { + prevent_destroy = true + } + + tags = { + project = var.project + Name = "${local.terraform_state_bucket_name}" + Environment = var.environment + } +} + +resource "aws_s3_bucket_versioning" "terraform_state_store" { + bucket = aws_s3_bucket.terraform_state_store.id + + versioning_configuration { + status = "Enabled" + } +} + +resource "aws_s3_bucket_ownership_controls" "terraform_state_ownership" { + bucket = aws_s3_bucket.terraform_state_store.id + rule { + object_ownership = "BucketOwnerPreferred" + } +} + + +resource "aws_s3_bucket_acl" "terraform-state-acl" { + depends_on = [aws_s3_bucket_ownership_controls.terraform_state_ownership] + + bucket = aws_s3_bucket.terraform_state_store.id + acl = "private" +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "terraform_state_store" { + bucket = aws_s3_bucket.terraform_state_store.id + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + +resource "aws_s3_bucket_public_access_block" "terraform_state_store" { + bucket = aws_s3_bucket.terraform_state_store.id + + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true +} diff --git a/scripts/infra/variables.tf b/scripts/infra/variables.tf new file mode 100644 index 0000000..53f37e5 --- /dev/null +++ b/scripts/infra/variables.tf @@ -0,0 +1,47 @@ +variable "aws_region" { + description = "AWS region where the IAM resources are created." + type = string + default = "eu-west-2" +} + +variable "environment" { + description = "Environment name (e.g., dev, staging, prod)." + type = string + default = "prod" +} + +variable "project" { + description = "Project name used for tagging." + type = string + default = "genomics-order-management" +} + +variable "github_org" { + description = "GitHub organization owning the repository." + type = string + default = "NHSDigital" +} + +variable "github_repo" { + description = "GitHub repository name for the OIDC trust relationship." + type = string + default = "genomic-order-management-service-api" +} + +variable "github_branch" { + description = "GitHub branch allowed for OIDC trust relationship." + type = string + default = "main" +} + +variable "role_name" { + description = "Name of the IAM role created for GitHub Actions." + type = string + default = "github-genomics-order-management-oidc-role" +} + +variable "oidc_provider" { + description = "OIDC provider host for GitHub Actions." + type = string + default = "token.actions.githubusercontent.com" +} From a029eb9b75c5b255762878f1cbcdab0904ae8fa7 Mon Sep 17 00:00:00 2001 From: vgnapskainos <253046491+vgnapskainos@users.noreply.github.com> Date: Mon, 18 May 2026 15:20:28 +0100 Subject: [PATCH 2/6] IaC Pre-Requisite Infra for NHS-E SecretsManageement - fixed markup issues --- scripts/infra/README.md | 36 ++++++++++++++++++------------------ scripts/infra/provider.tf | 3 ++- 2 files changed, 20 insertions(+), 19 deletions(-) diff --git a/scripts/infra/README.md b/scripts/infra/README.md index f41e4aa..14d087f 100644 --- a/scripts/infra/README.md +++ b/scripts/infra/README.md @@ -44,13 +44,13 @@ terraform apply ### Configuration Environment variables and defaults: -- `aws_region`: `eu-west-2` (default) -- `environment`: `prod` (default) -- `github_org`: `NHSDigital` (default) -- `github_repo`: `genomic-order-management-service-api` (default) -- `github_branch`: `main` (default) -- `role_name`: `github-genomics-oidc-role` (default) -- `project`: `genomics` (default) +1. aws_region - eu-west-2 (default) +2. environment - prod (default) +3. github_org - NHSDigital (default) +4. github_repo - genomic-order-management-service-api (default) +5. github_branch - main (default) +6. role_name - github-genomics-oidc-role (default) +7. project - genomics (default) Override defaults via `-var` flags or `terraform.tfvars` file. @@ -74,21 +74,21 @@ After applying, the following outputs are available: ## Important Notes -⚠️ **This is a one-time bootstrap setup** -- Do NOT re-apply this configuration unless you need to update it -- Do NOT delete resources unless you understand the impact on existing deployments -- The IAM role and S3/DynamoDB resources are critical for all infrastructure management +**This is a one-time bootstrap setup** +Do NOT re-apply this configuration unless you need to update it +Do NOT delete resources unless you understand the impact on existing deployments +The IAM role and S3/DynamoDB resources are critical for all infrastructure management -✅ **Used by** -- All infrastructure deployments in `infrastructure/` directory -- GitHub Actions workflows for managing application infrastructure -- Terraform state backend for tracking resource state +**Used by** +All infrastructure deployments in `infrastructure/` directory +GitHub Actions workflows for managing application infrastructure +Terraform state backend for tracking resource state ## Related Documentation -- **Infrastructure Deployments**: See `infrastructure/` directory for NHS-E application infrastructure -- **GitHub Workflows**: See `.github/workflows/infra-*.yaml` for deployment automation -- **IAM Permissions**: Review `iam-oidc.tf` for GitHub Actions role permissions +**Infrastructure Deployments**: See `infrastructure/` directory for NHS-E application infrastructure +**GitHub Workflows**: See `.github/workflows/infra-*.yaml` for deployment automation +**IAM Permissions**: Review `iam-oidc.tf` for GitHub Actions role permissions ## Files in This Directory diff --git a/scripts/infra/provider.tf b/scripts/infra/provider.tf index 906d392..4ec2d27 100644 --- a/scripts/infra/provider.tf +++ b/scripts/infra/provider.tf @@ -21,4 +21,5 @@ provider "aws" { } } -data "aws_caller_identity" "current" {} \ No newline at end of file +data "aws_caller_identity" "current" {} + From 70b7e3f34162545c33c4b6fe8a7cef2f09f80200 Mon Sep 17 00:00:00 2001 From: vgnapskainos <253046491+vgnapskainos@users.noreply.github.com> Date: Mon, 18 May 2026 15:25:15 +0100 Subject: [PATCH 3/6] IaC Pre-Requisite Infra for NHS-E SecretsManageement - fixed markup issues --- scripts/infra/README.md | 106 ++++++++++------------------------------ 1 file changed, 26 insertions(+), 80 deletions(-) diff --git a/scripts/infra/README.md b/scripts/infra/README.md index 14d087f..68dbfdb 100644 --- a/scripts/infra/README.md +++ b/scripts/infra/README.md @@ -1,31 +1,35 @@ -# scripts/infra README +## scripts/infra README -## Purpose +### Purpose -The `scripts/infra` directory contains **one-time bootstrap Terraform configuration** for setting up the foundational AWS infrastructure required to manage the genomic-order-management-service-api application infrastructure using Terraform. +The `scripts/infra` directory contains **one-time bootstrap Terraform configuration** for setting up the foundational AWS infrastructure required to manage the `genomic-order-management-service-api` application infrastructure using Terraform. -## What This Sets Up +--- + +### What This Sets Up This directory creates the infrastructure **backend** and **deployment prerequisites**: -1. **Terraform State Backend (S3 + DynamoDB)** - - S3 bucket for storing Terraform state files (`s3-terraform.tf`) - - DynamoDB table for state locking (`dynamodb-terraform.tf`) - - Enables safe, concurrent Terraform operations +- **Terraform State Backend (S3 + DynamoDB)** + - S3 bucket for storing Terraform state files (`s3-terraform.tf`) + - DynamoDB table for state locking (`dynamodb-terraform.tf`) + - Enables safe, concurrent Terraform operations + +- **GitHub Actions OIDC Integration** + - AWS IAM role for GitHub Actions (`iam-oidc.tf`) + - Trust policy allowing GitHub Actions workflows to assume the role + - Granular permissions for Terraform deployments + - No long-lived credentials stored in the pipeline -2. **GitHub Actions OIDC Integration** - - AWS IAM role for GitHub Actions (`iam-oidc.tf`) - - Trust policy allowing GitHub Actions workflows to assume the role - - Granular permissions for Terraform deployments - - No long-lived credentials stored in pipeline +- **OIDC Identity Provider** + - Existing AWS OIDC provider for GitHub Actions (referenced via data source) + - Used by the IAM role for secure authentication -3. **OIDC Identity Provider** - - Existing AWS OIDC provider for GitHub Actions (referenced via data source) - - Used by the IAM role for secure authentication +--- -## Usage +### Usage -### Initial Setup (One-Time) +#### Initial Setup (One-Time) ```bash # Navigate to scripts/infra @@ -35,67 +39,9 @@ cd scripts/infra terraform init # Review the plan -terraform plan -var github_org=NHSDigital -var github_repo=genomic-order-management-service-api +terraform plan \ + -var github_org=NHSDigital \ + -var github_repo=genomic-order-management-service-api # Apply the infrastructure -terraform apply -``` - -### Configuration - -Environment variables and defaults: -1. aws_region - eu-west-2 (default) -2. environment - prod (default) -3. github_org - NHSDigital (default) -4. github_repo - genomic-order-management-service-api (default) -5. github_branch - main (default) -6. role_name - github-genomics-oidc-role (default) -7. project - genomics (default) - -Override defaults via `-var` flags or `terraform.tfvars` file. - -### State Management - -- **State Storage**: S3 bucket created and managed by this configuration -- **State Locking**: DynamoDB table prevents concurrent modifications -- **Initial Backend**: Uses local Terraform state initially -- **After Apply**: Configure remote backend in subsequent deployments - -### Outputs - -After applying, the following outputs are available: - -- `role_arn` - GitHub Actions IAM role ARN -- `oidc_provider_arn` - OIDC provider ARN -- `role_name` - GitHub Actions IAM role name -- `github_org` - GitHub organization configured -- `github_repo` - GitHub repository configured -- `github_branch` - GitHub branch allowed for deployments - -## Important Notes - -**This is a one-time bootstrap setup** -Do NOT re-apply this configuration unless you need to update it -Do NOT delete resources unless you understand the impact on existing deployments -The IAM role and S3/DynamoDB resources are critical for all infrastructure management - -**Used by** -All infrastructure deployments in `infrastructure/` directory -GitHub Actions workflows for managing application infrastructure -Terraform state backend for tracking resource state - -## Related Documentation - -**Infrastructure Deployments**: See `infrastructure/` directory for NHS-E application infrastructure -**GitHub Workflows**: See `.github/workflows/infra-*.yaml` for deployment automation -**IAM Permissions**: Review `iam-oidc.tf` for GitHub Actions role permissions - -## Files in This Directory - -- `provider.tf` - AWS provider configuration with default tags -- `variables.tf` - Shared variable definitions -- `iam-oidc.tf` - GitHub Actions IAM role and trust policy -- `s3-terraform.tf` - Terraform state S3 bucket -- `dynamodb-terraform.tf` - State locking DynamoDB table -- `outputs.tf` - Infrastructure outputs -- `iam-oidc.sh` - Legacy shell script (for reference/manual setup) +terraform apply \ No newline at end of file From 6602ab074a19fbd26b22016ae1578e983f5ba6b0 Mon Sep 17 00:00:00 2001 From: vgnapskainos <253046491+vgnapskainos@users.noreply.github.com> Date: Mon, 18 May 2026 15:29:31 +0100 Subject: [PATCH 4/6] IaC Pre-Requisite Infra for NHS-E SecretsManageement - added readme to ignoremarkup and editorconfig --- .editorconfig | 4 ++++ .markdownlintignore | 1 + 2 files changed, 5 insertions(+) create mode 100644 .markdownlintignore diff --git a/.editorconfig b/.editorconfig index 02e8abc..ddecac1 100644 --- a/.editorconfig +++ b/.editorconfig @@ -19,3 +19,7 @@ indent_size = 4 [{Makefile,*.mk,go.mod,go.sum,*.go,.gitmodules}] indent_style = tab + + +[scripts/infra/README.md] +ignore = true diff --git a/.markdownlintignore b/.markdownlintignore new file mode 100644 index 0000000..a7370fa --- /dev/null +++ b/.markdownlintignore @@ -0,0 +1 @@ +scripts/infra/README.md \ No newline at end of file From 213f3dd2fb68a04c3dd7487f2f8b53bcf2d72d3c Mon Sep 17 00:00:00 2001 From: vgnapskainos <253046491+vgnapskainos@users.noreply.github.com> Date: Mon, 18 May 2026 15:31:09 +0100 Subject: [PATCH 5/6] IaC Pre-Requisite Infra for NHS-E SecretsManageement - added newline ending --- .markdownlintignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.markdownlintignore b/.markdownlintignore index a7370fa..fdcb66f 100644 --- a/.markdownlintignore +++ b/.markdownlintignore @@ -1 +1,2 @@ -scripts/infra/README.md \ No newline at end of file +scripts/infra/README.md + From b464d544b3cd377ec72a3aa6b73156aba54ea7d5 Mon Sep 17 00:00:00 2001 From: vgnapskainos <253046491+vgnapskainos@users.noreply.github.com> Date: Mon, 18 May 2026 15:32:17 +0100 Subject: [PATCH 6/6] IaC Pre-Requisite Infra for NHS-E SecretsManageement - added newline ending --- scripts/infra/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/infra/README.md b/scripts/infra/README.md index 68dbfdb..9f9bd2b 100644 --- a/scripts/infra/README.md +++ b/scripts/infra/README.md @@ -44,4 +44,5 @@ terraform plan \ -var github_repo=genomic-order-management-service-api # Apply the infrastructure -terraform apply \ No newline at end of file +terraform apply +