NHSDigital · anthony-nhs · Apr 28, 2026
diff --git a/.github/scripts/release_code.sh b/.github/scripts/release_code.sh
@@ -1,14 +1,23 @@
 #!/usr/bin/env bash
 
 echo "$COMMIT_ID"
-
-artifact_bucket=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "account-resources:ArtifactsBucket") | .Value' | grep -o '[^:]*$')
+CF_LONDON_EXPORTS=$(aws cloudformation list-exports --region eu-west-2 --output json)
+artifact_bucket=$(echo "$CF_LONDON_EXPORTS" | \
+        jq \
+        --arg EXPORT_NAME "account-resources-cdk-uk:Bucket:ArtifactsBucket:Arn" \
+        -r '.Exports[] | select(.Name == $EXPORT_NAME) | .Value')
 export artifact_bucket
 
-cloud_formation_execution_role=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "ci-resources:CloudFormationExecutionRole") | .Value' )
+cloud_formation_execution_role=$(echo "$CF_LONDON_EXPORTS" | \
+        jq \
+        --arg EXPORT_NAME "iam-cdk:IAM:CloudFormationExecutionRole:Arn" \
+        -r '.Exports[] | select(.Name == $EXPORT_NAME) | .Value')
 export cloud_formation_execution_role
 
-TRUSTSTORE_BUCKET_ARN=$(aws cloudformation describe-stacks --stack-name account-resources --query "Stacks[0].Outputs[?OutputKey=='TrustStoreBucket'].OutputValue" --output text)
+TRUSTSTORE_BUCKET_ARN=$(echo "$CF_LONDON_EXPORTS" | \
+        jq \
+        --arg EXPORT_NAME "account-resources-cdk-uk:Bucket:TrustStoreBucket:Arn" \
+        -r '.Exports[] | select(.Name == $EXPORT_NAME) | .Value')
 TRUSTSTORE_BUCKET_NAME=$(echo "${TRUSTSTORE_BUCKET_ARN}" | cut -d ":" -f 6)
 LATEST_TRUSTSTORE_VERSION=$(aws s3api list-object-versions --bucket "${TRUSTSTORE_BUCKET_NAME}" --prefix "${TRUSTSTORE_FILE}" --query 'Versions[?IsLatest].[VersionId]' --output text)
 export LATEST_TRUSTSTORE_VERSION

diff --git a/SAMtemplates/alarms/main.yaml b/SAMtemplates/alarms/main.yaml
@@ -44,8 +44,8 @@ Resources:
       TreatMissingData: notBreaching
       ActionsEnabled: !Ref EnableAlerts
       AlarmActions:
-        - !ImportValue lambda-resources:SlackAlertsSnsTopicArn
+        - !ImportValue account-resources-cdk-uk:SNS:SlackAlertsSnsTopicArn:Arn
       InsufficientDataActions:
-        - !ImportValue lambda-resources:SlackAlertsSnsTopicArn
+        - !ImportValue account-resources-cdk-uk:SNS:SlackAlertsSnsTopicArn:Arn
       OKActions:
-        - !ImportValue lambda-resources:SlackAlertsSnsTopicArn
+        - !ImportValue account-resources-cdk-uk:SNS:SlackAlertsSnsTopicArn:Arn
diff --git a/SAMtemplates/lambda_resources.yaml b/SAMtemplates/lambda_resources.yaml
@@ -87,8 +87,8 @@ Resources:
               Service: "lambda.amazonaws.com"
             Action: "sts:AssumeRole"
       ManagedPolicyArns:
-        - !ImportValue lambda-resources:LambdaInsightsLogGroupPolicy
-        - !ImportValue account-resources:LambdaEncryptCloudwatchKMSPolicy
+        - !ImportValue account-resources-cdk-uk:IAM:LambdaInsightsLogGroupPolicy:Arn
+        - !ImportValue account-resources-cdk-uk:IAM:LambdaEncryptCloudwatchKMSPolicy:Arn
 
   LambdaManagedPolicy:
     Type: AWS::IAM::ManagedPolicy

diff --git a/SAMtemplates/main_template.yaml b/SAMtemplates/main_template.yaml
@@ -51,9 +51,9 @@ Resources:
       Location: lambda_resources.yaml
       Parameters:
         StackName: !Ref AWS::StackName
-        CloudWatchKMSKey: !ImportValue account-resources:CloudwatchLogsKmsKeyArn
-        SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole
-        SplunkDeliveryStream: !ImportValue lambda-resources:SplunkDeliveryStream
+        CloudWatchKMSKey: !ImportValue account-resources-cdk-uk:KMS:CloudwatchLogsKmsKey:Arn
+        SplunkSubscriptionFilterRole: !ImportValue account-resources-cdk-uk:IAM:SplunkSubscriptionFilterRole:Arn
+        SplunkDeliveryStream: !ImportValue laaccount-resources-cdk-uk:Firehose:SplunkDeliveryStream:Arn
         EnableSplunk: "true"
         LambdaName: !Sub "${AWS::StackName}-FHIRValidatorUKCore"
         LambdaArn: !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${AWS::StackName}-FHIRValidatorUKCore