Revert "Migrate supplier updates so that they pass through new topic"

This reverts commit d39ec64.

Author: stevebux

infrastructure/terraform/components/api/locals.tf

@@ -27,7 +27,7 @@ locals {
     SUPPLIER_ID_HEADER       = "nhsd-supplier-id",
     APIM_CORRELATION_HEADER  = "nhsd-correlation-id",
     DOWNLOAD_URL_TTL_SECONDS = 60
-    AMENDMENTS_TOPIC_ARN     = "${module.eventsub.amendments_topic.arn}",
+    SNS_TOPIC_ARN            = "${module.eventsub.eventsub_topic.arn}",
     EVENT_SOURCE             = "/data-plane/supplier-api/${var.group}/${var.environment}/letters"
   }
 

infrastructure/terraform/components/api/module_lambda_amendment_event_transformer.tf

@@ -91,7 +91,7 @@ data "aws_iam_policy_document" "amendment_event_transformer" {
     ]
 
     resources = [
-      module.eventsub.amendments_topic.arn
+      module.eventsub.eventsub_topic.arn
     ]
   }
 }

infrastructure/terraform/components/api/module_sqs_letter_updates.tf

@@ -18,6 +18,29 @@ module "sqs_letter_updates" {
 
 data "aws_iam_policy_document" "letter_updates_queue_policy" {
   version = "2012-10-17"
+  statement {
+    sid    = "AllowSNSToSendMessage"
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["sns.amazonaws.com"]
+    }
+
+    actions = [
+      "sqs:SendMessage"
+    ]
+
+    resources = [
+      "arn:aws:sqs:${var.region}:${var.aws_account_id}:${var.project}-${var.environment}-${var.component}-letter-updates-queue"
+    ]
+
+    condition {
+      test     = "ArnEquals"
+      variable = "aws:SourceArn"
+      values   = [module.eventsub.eventsub_topic.arn]
+    }
+  }
 
   statement {
     sid    = "AllowSNSPermissions"
@@ -42,7 +65,7 @@ data "aws_iam_policy_document" "letter_updates_queue_policy" {
     condition {
       test     = "ArnEquals"
       variable = "aws:SourceArn"
-      values   = [module.eventsub.eventsub_topic.arn, module.eventsub.amendments_topic.arn]
+      values   = [module.eventsub.eventsub_topic.arn]
     }
   }
 }

infrastructure/terraform/components/api/sns_topic_subscription_eventsub_sqs_letter_updates.tf

@@ -3,9 +3,3 @@ resource "aws_sns_topic_subscription" "eventsub_sqs_letter_updates" {
   protocol  = "sqs"
   endpoint  = module.sqs_letter_updates.sqs_queue_arn
 }
-
-resource "aws_sns_topic_subscription" "amendments_sqs_letter_updates" {
-  topic_arn = module.eventsub.amendments_topic.arn
-  protocol  = "sqs"
-  endpoint  = module.sqs_letter_updates.sqs_queue_arn
-}

infrastructure/terraform/modules/eventsub/cloudwatch_log_group_sns_delivery_logging_failure.tf

@@ -7,13 +7,3 @@ resource "aws_cloudwatch_log_group" "sns_delivery_logging_failure" {
   kms_key_id        = var.kms_key_arn
   retention_in_days = var.log_retention_in_days
 }
-
-resource "aws_cloudwatch_log_group" "amendments_sns_delivery_logging_failure" {
-  count = var.enable_sns_delivery_logging ? 1 : 0
-
-  # SNS doesn't allow specifying a log group and is derived as: sns/${region}/${account_id}/${name_of_sns_topic}/Failure
-  # (for failure logs)
-  name              = "sns/${var.region}/${var.aws_account_id}/${local.csi}-amendments/Failure"
-  kms_key_id        = var.kms_key_arn
-  retention_in_days = var.log_retention_in_days
-}

infrastructure/terraform/modules/eventsub/cloudwatch_log_group_sns_delivery_logging_success.tf

@@ -7,13 +7,3 @@ resource "aws_cloudwatch_log_group" "sns_delivery_logging_success" {
   kms_key_id        = var.kms_key_arn
   retention_in_days = var.log_retention_in_days
 }
-
-resource "aws_cloudwatch_log_group" "amendments_sns_delivery_logging_success" {
-  count = var.enable_sns_delivery_logging ? 1 : 0
-
-  # SNS doesn't allow specifying a log group and is derived as: sns/${region}/${account_id}/${name_of_sns_topic}
-  # (for success logs)
-  name              = "sns/${var.region}/${var.aws_account_id}/${local.csi}-amendments"
-  kms_key_id        = var.kms_key_arn
-  retention_in_days = var.log_retention_in_days
-}

infrastructure/terraform/modules/eventsub/iam_policy_sns_delivery_logging_cloudwatch.tf

@@ -39,10 +39,6 @@ data "aws_iam_policy_document" "sns_delivery_logging_cloudwatch" {
       "${aws_cloudwatch_log_group.sns_delivery_logging_success[0].arn}:log-stream:*",
       aws_cloudwatch_log_group.sns_delivery_logging_failure[0].arn,
       "${aws_cloudwatch_log_group.sns_delivery_logging_failure[0].arn}:log-stream:*",
-      aws_cloudwatch_log_group.amendments_sns_delivery_logging_success[0].arn,
-      "${aws_cloudwatch_log_group.amendments_sns_delivery_logging_success[0].arn}:log-stream:*",
-      aws_cloudwatch_log_group.amendments_sns_delivery_logging_failure[0].arn,
-      "${aws_cloudwatch_log_group.amendments_sns_delivery_logging_failure[0].arn}:log-stream:*",
     ]
   }
 }

lambdas/api-handler/src/config/__tests__/env.test.ts

@@ -26,7 +26,7 @@ describe("lambdaEnv", () => {
     process.env.MAX_LIMIT = "2500";
     process.env.QUEUE_URL = "url";
     process.env.EVENT_SOURCE = "supplier-api";
-    process.env.AMENDMENTS_TOPIC_ARN = "sns-topic.arn";
+    process.env.SNS_TOPIC_ARN = "sns-topic.arn";
 
     const { envVars } = require("../env");
 
@@ -41,7 +41,7 @@ describe("lambdaEnv", () => {
       MAX_LIMIT: 2500,
       QUEUE_URL: "url",
       EVENT_SOURCE: "supplier-api",
-      AMENDMENTS_TOPIC_ARN: "sns-topic.arn",
+      SNS_TOPIC_ARN: "sns-topic.arn",
     });
   });
 
@@ -66,7 +66,7 @@ describe("lambdaEnv", () => {
     process.env.MI_TTL_HOURS = "2160";
     process.env.DOWNLOAD_URL_TTL_SECONDS = "60";
     process.env.EVENT_SOURCE = "supplier-api";
-    process.env.AMENDMENTS_TOPIC_ARN = "sns-topic.arn";
+    process.env.SNS_TOPIC_ARN = "sns-topic.arn";
 
     const { envVars } = require("../env");
 
@@ -80,7 +80,7 @@ describe("lambdaEnv", () => {
       DOWNLOAD_URL_TTL_SECONDS: 60,
       MAX_LIMIT: undefined,
       EVENT_SOURCE: "supplier-api",
-      AMENDMENTS_TOPIC_ARN: "sns-topic.arn",
+      SNS_TOPIC_ARN: "sns-topic.arn",
     });
   });
 });

lambdas/api-handler/src/config/env.ts

@@ -12,7 +12,7 @@ const EnvVarsSchema = z.object({
   QUEUE_URL: z.coerce.string().optional(),
   PINO_LOG_LEVEL: z.coerce.string().optional(),
   EVENT_SOURCE: z.string(),
-  AMENDMENTS_TOPIC_ARN: z.string(),
+  SNS_TOPIC_ARN: z.string(),
 });
 
 export type EnvVars = z.infer<typeof EnvVarsSchema>;

lambdas/api-handler/src/handlers/__tests__/amendment-event-transformer.test.ts

@@ -117,7 +117,7 @@ describe("createLetterStatusUpdateHandler", () => {
         i + 1,
         expect.objectContaining({
           input: expect.objectContaining({
-            TopicArn: mockedDeps.env.AMENDMENTS_TOPIC_ARN,
+            TopicArn: mockedDeps.env.SNS_TOPIC_ARN,
             Message: JSON.stringify(
               mapLetterToCloudEvent(
                 updateLetterCommands[i] as Letter,