Skip to content

Commit 3afdb22

Browse files
stevebuxstevebux
committed
Added supplier events queue and forwarder
1 parent ba90142 commit 3afdb22

8 files changed

Lines changed: 160 additions & 24 deletions

infrastructure/terraform/components/api/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,8 @@ No requirements.
5757
| <a name="module_post_mi"></a> [post\_mi](#module\_post\_mi) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
5858
| <a name="module_s3bucket_test_letters"></a> [s3bucket\_test\_letters](#module\_s3bucket\_test\_letters) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-s3bucket.zip | n/a |
5959
| <a name="module_sqs_letter_updates"></a> [sqs\_letter\_updates](#module\_sqs\_letter\_updates) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-sqs.zip | n/a |
60+
| <a name="module_supplier_events_forwarder_lambda"></a> [supplier\_events\_forwarder\_lambda](#module\_supplier\_events\_forwarder\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip | n/a |
61+
| <a name="module_supplier_events_queue"></a> [supplier\_events\_queue](#module\_supplier\_events\_queue) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-sqs.zip | n/a |
6062
| <a name="module_supplier_ssl"></a> [supplier\_ssl](#module\_supplier\_ssl) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-ssl.zip | n/a |
6163
| <a name="module_upsert_letter"></a> [upsert\_letter](#module\_upsert\_letter) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
6264
## Outputs

infrastructure/terraform/components/api/lambda_event_source_mapping_forwarder.tf

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
resource "aws_lambda_event_source_mapping" "supplier_events_forwarder" {
2+
event_source_arn = module.supplier_events_queue.sqs_queue_arn
3+
function_name = module.supplier_events_forwarder_lambda.function_arn
4+
batch_size = 10
5+
function_response_types = [
6+
"ReportBatchItemFailures"
7+
]
8+
}

infrastructure/terraform/components/api/module_lambda_supplier_events_forwarder.tf

Lines changed: 86 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,86 @@
1+
module "supplier_events_forwarder_lambda" {
2+
source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip"
3+
4+
function_name = "supplier_events_forwarder"
5+
description = "Lambda function for forwarding supplier events to Firehose"
6+
7+
aws_account_id = var.aws_account_id
8+
component = var.component
9+
environment = var.environment
10+
project = var.project
11+
region = var.region
12+
group = var.group
13+
14+
log_retention_in_days = var.log_retention_in_days
15+
kms_key_arn = module.kms.key_arn
16+
17+
iam_policy_document = {
18+
body = data.aws_iam_policy_document.supplier_events_forwarder_lambda.json
19+
}
20+
21+
function_s3_bucket = local.acct.s3_buckets["lambda_function_artefacts"]["id"]
22+
function_code_base_path = local.aws_lambda_functions_dir_path
23+
function_code_dir = "supplier-events-forwarder/dist"
24+
function_include_common = true
25+
handler_function_name = "handler"
26+
runtime = "nodejs22.x"
27+
memory = 128
28+
timeout = 29
29+
log_level = var.log_level
30+
31+
force_lambda_code_deploy = var.force_lambda_code_deploy
32+
enable_lambda_insights = false
33+
34+
send_to_firehose = true
35+
log_destination_arn = local.destination_arn
36+
log_subscription_role_arn = local.acct.log_subscription_role_arn
37+
38+
lambda_env_vars = {
39+
FIREHOSE_DELIVERY_STREAM_NAME = module.eventsub.firehose_delivery_stream.name
40+
}
41+
}
42+
43+
data "aws_iam_policy_document" "supplier_events_forwarder_lambda" {
44+
statement {
45+
sid = "KMSPermissions"
46+
effect = "Allow"
47+
48+
actions = [
49+
"kms:Decrypt",
50+
"kms:GenerateDataKey",
51+
]
52+
53+
resources = [
54+
module.kms.key_arn,
55+
]
56+
}
57+
58+
statement {
59+
sid = "FirehosePermissions"
60+
effect = "Allow"
61+
62+
actions = [
63+
"firehose:PutRecord",
64+
"firehose:PutRecordBatch",
65+
]
66+
67+
resources = [
68+
module.eventsub.firehose_delivery_stream.arn,
69+
]
70+
}
71+
72+
statement {
73+
sid = "SQSPermissions"
74+
effect = "Allow"
75+
76+
actions = [
77+
"sqs:ReceiveMessage",
78+
"sqs:DeleteMessage",
79+
"sqs:GetQueueAttributes",
80+
]
81+
82+
resources = [
83+
module.supplier_events_queue.sqs_queue_arn,
84+
]
85+
}
86+
}

infrastructure/terraform/components/api/module_sqs_letter_updates.tf

Lines changed: 0 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -18,30 +18,6 @@ module "sqs_letter_updates" {
1818

1919
data "aws_iam_policy_document" "letter_updates_queue_policy" {
2020
version = "2012-10-17"
21-
statement {
22-
sid = "AllowSNSToSendMessage"
23-
effect = "Allow"
24-
25-
principals {
26-
type = "Service"
27-
identifiers = ["sns.amazonaws.com"]
28-
}
29-
30-
actions = [
31-
"sqs:SendMessage"
32-
]
33-
34-
resources = [
35-
"arn:aws:sqs:${var.region}:${var.aws_account_id}:${var.project}-${var.environment}-${var.component}-letter-updates-queue"
36-
]
37-
38-
condition {
39-
test = "ArnEquals"
40-
variable = "aws:SourceArn"
41-
values = [module.eventsub.sns_topic.arn]
42-
}
43-
}
44-
4521
statement {
4622
sid = "AllowSNSPermissions"
4723
effect = "Allow"

infrastructure/terraform/components/api/module_sqs_supplier_events_queue.tf

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
module "supplier_events_queue" {
2+
source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-sqs.zip"
3+
4+
aws_account_id = var.aws_account_id
5+
component = var.component
6+
environment = var.environment
7+
project = var.project
8+
region = var.region
9+
name = "supplier-events-queue"
10+
11+
sqs_kms_key_arn = module.kms.key_arn
12+
13+
visibility_timeout_seconds = 60
14+
15+
create_dlq = true
16+
sqs_policy_overload = data.aws_iam_policy_document.supplier_events_queue_policy.json
17+
}
18+
19+
data "aws_iam_policy_document" "supplier_events_queue_policy" {
20+
version = "2012-10-17"
21+
statement {
22+
sid = "AllowSNSPermissions"
23+
effect = "Allow"
24+
25+
principals {
26+
type = "Service"
27+
identifiers = ["sns.amazonaws.com"]
28+
}
29+
30+
actions = [
31+
"sqs:SendMessage",
32+
"sqs:ListQueueTags",
33+
"sqs:GetQueueUrl",
34+
"sqs:GetQueueAttributes",
35+
]
36+
37+
resources = [
38+
"arn:aws:sqs:${var.region}:${var.aws_account_id}:${var.project}-${var.environment}-${var.component}-letter-updates-queue"
39+
]
40+
41+
condition {
42+
test = "ArnEquals"
43+
variable = "aws:SourceArn"
44+
values = [
45+
module.eventsub.sns_topic_clone.arn
46+
]
47+
}
48+
}
49+
}

infrastructure/terraform/components/api/sns_topic_subscription_supplier_events_forwarder_lambda.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
resource "aws_sns_topic_subscription" "supplier_events_queue" {
2+
topic_arn = module.eventsub.sns_topic_clone.arn
3+
protocol = "sqs"
4+
endpoint = module.supplier_events_queue.sqs_queue_arn
5+
raw_message_delivery = false
6+
}

infrastructure/terraform/modules/eventsub/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@
3939

4040
| Name | Description |
4141
|------|-------------|
42+
| <a name="output_firehose_delivery_stream"></a> [firehose\_delivery\_stream](#output\_firehose\_delivery\_stream) | Kinesis Firehose Delivery Stream ARN and Name |
4243
| <a name="output_s3_bucket_event_cache"></a> [s3\_bucket\_event\_cache](#output\_s3\_bucket\_event\_cache) | S3 Bucket ARN and Name for event cache |
4344
| <a name="output_sns_topic"></a> [sns\_topic](#output\_sns\_topic) | SNS Topic ARN and Name |
4445
| <a name="output_sns_topic_clone"></a> [sns\_topic\_clone](#output\_sns\_topic\_clone) | SNS Topic ARN and Name |

infrastructure/terraform/modules/eventsub/outputs.tf

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,3 +21,11 @@ output "s3_bucket_event_cache" {
2121
bucket = module.s3bucket_event_cache[0].bucket
2222
} : {}
2323
}
24+
25+
output "firehose_delivery_stream" {
26+
description = "Kinesis Firehose Delivery Stream ARN and Name"
27+
value = {
28+
arn = aws_kinesis_firehose_delivery_stream.main[0].arn
29+
name = aws_kinesis_firehose_delivery_stream.main[0].name
30+
}
31+
}

0 commit comments

Comments
 (0)