fix(EMS-2186): azure IaC fix

UK-Export-Finance · Jul 16, 2024 · 84d3b57 · 84d3b57
1 parent 993e52b
commit 84d3b57
Showing 1 changed file with 12 additions and 12 deletions.
diff --git a/.github/workflows/infrastructure.yml b/.github/workflows/infrastructure.yml
@@ -373,6 +373,18 @@ jobs:
           inlineScript: |
             az extension add --name front-door
 
+      - name: Key Vault 🔑
+        uses: azure/cli@v2
+        with:
+          inlineScript: |
+            az keyvault create \
+            --name kv-${{ env.PRODUCT }}${{ env.TARGET }}${{ vars.VERSION }} \
+            --default-action Deny \
+            --enable-purge-protection true \
+            --public-network-access Disabled \
+            --network-acls-ips ${{ secrets.WAF_ALLOWED_IP }} \
+            --network-acls-vnets $(az network vnet subnet list --vnet-name vnet-${{ env.PRODUCT }}-${{ env.TARGET }}-${{ vars.VERSION }} --query '[?contains(name, `keyvault`)].id' -o tsv)
+
       - name: Private endpoint 🔏
         uses: azure/cli@v2
         with:
@@ -555,18 +567,6 @@ jobs:
             --name IPAllowListRule \
             --policy-name waf${{ env.PRODUCT }}${{ env.TARGET }}${{ vars.VERSION }}
 
-      - name: Key Vault 🔑
-        uses: azure/cli@v2
-        with:
-          inlineScript: |
-            az keyvault create \
-            --name kv-${{ env.PRODUCT }}${{ env.TARGET }}${{ vars.VERSION }} \
-            --default-action Deny \
-            --enable-purge-protection true \
-            --public-network-access Disabled \
-            --network-acls-ips ${{ secrets.WAF_ALLOWED_IP }} \
-            --network-acls-vnets $(az network vnet subnet list --vnet-name vnet-${{ env.PRODUCT }}-${{ env.TARGET }}-${{ vars.VERSION }} --query '[?contains(name, `keyvault`)].id' -o tsv)
-
   # 4. WebApp configuration
   webapp:
     name: Web App 🔧