Chore: [AEA-0000] - add new secret for fhir facade (#773)

## Summary - Routine Change ### Details - add new secret for fhir facade - epsSigningCertChain
NHSDigital · Dec 11, 2024 · 51a33b9 · 51a33b9
1 parent 750e666
commit 51a33b9
Showing 1 changed file with 33 additions and 1 deletion.
diff --git a/cloudformation/secrets.yml b/cloudformation/secrets.yml
@@ -31,7 +31,27 @@ Resources:
       KmsKeyId: alias/SecretsKMSKeyAlias
       SecretString: ChangeMe
       Name: !Sub "${AWS::StackName}-Dispensing-ProxygenPublicKey"
-
+
+  epsSigningCertChain:
+    Type: AWS::SecretsManager::Secret
+    Properties:
+      Description: Cert chain used for signing prescriptions. Used to validate prescriptions are valid
+      KmsKeyId: alias/SecretsKMSKeyAlias
+      SecretString: ChangeMe
+      Name: !Sub "${AWS::StackName}-epsSigningCertChain"
+
+  epsSigningCertChainManagedPolicy:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      PolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Action:
+              - secretsmanager:GetSecretValue
+            Resource:
+              - !GetAtt epsSigningCertChain.Id
+
 Outputs:
   PrescribingProxygenPrivateKey:
     Description: PrescribingProxygenPrivateKey
@@ -80,3 +100,15 @@ Outputs:
     Value: !GetAtt DispensingProxygenPublicKey.Id
     Export:
       Name: !Join [":", [!Ref "AWS::StackName", "FhirDispensingProxygenPublicKey"]]
+
+  epsSigningCertChain:
+    Description: epsSigningCertChain
+    Value: !GetAtt epsSigningCertChain.Id
+    Export:
+      Name: !Join [":", [!Ref "AWS::StackName", "epsSigningCertChain"]]
+
+  epsSigningCertChainManagedPolicy:
+    Description: epsSigningCertChainManagedPolicy
+    Value: !GetAtt epsSigningCertChainManagedPolicy.PolicyArn
+    Export:
+      Name: !Join [":", [!Ref "AWS::StackName", "epsSigningCertChainManagedPolicy"]]