From 1caf51175e388786065fc1c0e988f1e0b6b1bbed Mon Sep 17 00:00:00 2001
From: Jo <jdbass@users.noreply.github.com>
Date: Wed, 17 Apr 2024 15:36:26 -0400
Subject: [PATCH] db secrets access & tls requirement

---
 tofu/modules/data-store/database/main.tf | 2 +-
 tofu/modules/network/vpc/main.tf         | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/tofu/modules/data-store/database/main.tf b/tofu/modules/data-store/database/main.tf
index 43782d0d4..ba8589f9c 100644
--- a/tofu/modules/data-store/database/main.tf
+++ b/tofu/modules/data-store/database/main.tf
@@ -45,7 +45,7 @@ module "db" {
   parameters = [
     {
       name  = "require_secure_transport"
-      value = 1
+      value = 0
     }
   ]
 
diff --git a/tofu/modules/network/vpc/main.tf b/tofu/modules/network/vpc/main.tf
index cf07f88da..015a96f36 100644
--- a/tofu/modules/network/vpc/main.tf
+++ b/tofu/modules/network/vpc/main.tf
@@ -132,7 +132,8 @@ resource "aws_iam_policy" "appointment_secrets_policy" {
                 "secretsmanager:GetSecretValue"
             ],
             "Resource": [
-              "arn:aws:secretsmanager:${var.region}:768512802988:secret:${var.environment}/appointment/*"
+              "arn:aws:secretsmanager:${var.region}:768512802988:secret:staging/appointment/*",
+              "arn:aws:secretsmanager:${var.region}:768512802988:secret:${var.name_prefix}-db-secret-*"
             ]
         }
     ]