Skip to content

Commit 44eb355

Browse files
stevebuxstevebux
committed
POC: Use lambda to forward from FIFO SNS topic to firehose
1 parent a618820 commit 44eb355

16 files changed

Lines changed: 1212 additions & 174 deletions

File tree

infrastructure/terraform/components/api/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@ No requirements.
5555
| <a name="module_post_letters"></a> [post\_letters](#module\_post\_letters) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-lambda.zip | n/a |
5656
| <a name="module_post_mi"></a> [post\_mi](#module\_post\_mi) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip | n/a |
5757
| <a name="module_s3bucket_test_letters"></a> [s3bucket\_test\_letters](#module\_s3bucket\_test\_letters) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-s3bucket.zip | n/a |
58+
| <a name="module_supplier_events_forwarder_lambda"></a> [supplier\_events\_forwarder\_lambda](#module\_supplier\_events\_forwarder\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip | n/a |
5859
| <a name="module_supplier_requests_queue"></a> [supplier\_requests\_queue](#module\_supplier\_requests\_queue) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
5960
| <a name="module_supplier_ssl"></a> [supplier\_ssl](#module\_supplier\_ssl) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-ssl.zip | n/a |
6061
| <a name="module_upsert_letter"></a> [upsert\_letter](#module\_upsert\_letter) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip | n/a |

infrastructure/terraform/components/api/module_lambda_supplier_events_forwarder.tf

Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,71 @@
1+
module "supplier_events_forwarder_lambda" {
2+
source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip"
3+
4+
function_name = "supplier_events_forwarder"
5+
description = "Lambda function for forwarding supplier events to Firehose"
6+
7+
aws_account_id = var.aws_account_id
8+
component = var.component
9+
environment = var.environment
10+
project = var.project
11+
region = var.region
12+
group = var.group
13+
14+
log_retention_in_days = var.log_retention_in_days
15+
kms_key_arn = module.kms.key_arn
16+
17+
iam_policy_document = {
18+
body = data.aws_iam_policy_document.supplier_events_forwarder_lambda.json
19+
}
20+
21+
function_s3_bucket = local.acct.s3_buckets["lambda_function_artefacts"]["id"]
22+
function_code_base_path = local.aws_lambda_functions_dir_path
23+
function_code_dir = "supplier-events-forwarder/dist"
24+
function_include_common = true
25+
handler_function_name = "handler"
26+
runtime = "nodejs22.x"
27+
memory = 128
28+
timeout = 29
29+
log_level = var.log_level
30+
31+
force_lambda_code_deploy = var.force_lambda_code_deploy
32+
enable_lambda_insights = false
33+
34+
send_to_firehose = true
35+
log_destination_arn = local.destination_arn
36+
log_subscription_role_arn = local.acct.log_subscription_role_arn
37+
38+
lambda_env_vars = {
39+
FIREHOSE_DELIVERY_STREAM_NAME = module.eventsub.firehose_delivery_stream.name
40+
}
41+
}
42+
43+
data "aws_iam_policy_document" "supplier_events_forwarder_lambda" {
44+
statement {
45+
sid = "KMSPermissions"
46+
effect = "Allow"
47+
48+
actions = [
49+
"kms:Decrypt",
50+
"kms:GenerateDataKey",
51+
]
52+
53+
resources = [
54+
module.kms.key_arn,
55+
]
56+
}
57+
58+
statement {
59+
sid = "FirehosePermissions"
60+
effect = "Allow"
61+
62+
actions = [
63+
"firehose:PutRecord",
64+
"firehose:PutRecordBatch",
65+
]
66+
67+
resources = [
68+
module.eventsub.firehose_delivery_stream.arn,
69+
]
70+
}
71+
}

infrastructure/terraform/components/api/sns_topic_subscription_supplier_events_forwarder_lambda.tf

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
resource "aws_sns_topic_subscription" "supplier_events_forwarder_lambda" {
2+
topic_arn = module.eventsub.sns_topic_supplier.arn
3+
protocol = "lambda"
4+
endpoint = module.supplier_events_forwarder_lambda.function_arn
5+
}
6+
7+
resource "aws_lambda_permission" "supplier_events_forwarder_lambda_sns" {
8+
statement_id = "AllowExecutionFromSNS"
9+
action = "lambda:InvokeFunction"
10+
function_name = module.supplier_events_forwarder_lambda.function_name
11+
principal = "sns.amazonaws.com"
12+
source_arn = module.eventsub.sns_topic_supplier.arn
13+
}

infrastructure/terraform/modules/eventsub/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@
3939

4040
| Name | Description |
4141
|------|-------------|
42+
| <a name="output_firehose_delivery_stream"></a> [firehose\_delivery\_stream](#output\_firehose\_delivery\_stream) | Kinesis Firehose Delivery Stream ARN and Name |
4243
| <a name="output_s3_bucket_event_cache"></a> [s3\_bucket\_event\_cache](#output\_s3\_bucket\_event\_cache) | S3 Bucket ARN and Name for event cache |
4344
| <a name="output_sns_topic_event_bus"></a> [sns\_topic\_event\_bus](#output\_sns\_topic\_event\_bus) | SNS Topic ARN and Name |
4445
| <a name="output_sns_topic_supplier"></a> [sns\_topic\_supplier](#output\_sns\_topic\_supplier) | SNS Topic ARN and Name |

infrastructure/terraform/modules/eventsub/outputs.tf

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,14 @@ output "sns_topic_supplier" {
1414
}
1515
}
1616

17+
output "firehose_delivery_stream" {
18+
description = "Kinesis Firehose Delivery Stream ARN and Name"
19+
value = var.enable_event_cache ? {
20+
arn = aws_kinesis_firehose_delivery_stream.main[0].arn
21+
name = aws_kinesis_firehose_delivery_stream.main[0].name
22+
} : {}
23+
}
24+
1725
output "s3_bucket_event_cache" {
1826
description = "S3 Bucket ARN and Name for event cache"
1927
value = var.enable_event_cache ? {

lambdas/supplier-events-forwarder/.eslintignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
dist

lambdas/supplier-events-forwarder/.gitignore

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
.build
2+
coverage
3+
node_modules
4+
dist

lambdas/supplier-events-forwarder/jest.config.ts

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
import type { Config } from "jest";
2+
3+
export const baseJestConfig: Config = {
4+
preset: "ts-jest",
5+
6+
// Automatically clear mock calls, instances, contexts and results before every test
7+
clearMocks: true,
8+
9+
// Indicates whether the coverage information should be collected while executing the test
10+
collectCoverage: true,
11+
12+
// The directory where Jest should output its coverage files
13+
coverageDirectory: "./.reports/unit/coverage",
14+
15+
// Indicates which provider should be used to instrument code for coverage
16+
coverageProvider: "babel",
17+
18+
coverageThreshold: {
19+
global: {
20+
branches: 100,
21+
functions: 100,
22+
lines: 100,
23+
statements: -10,
24+
},
25+
},
26+
27+
coveragePathIgnorePatterns: ["/__tests__/"],
28+
transform: { "^.+\\.ts$": "ts-jest" },
29+
testPathIgnorePatterns: [".build"],
30+
testMatch: ["**/?(*.)+(spec|test).[jt]s?(x)"],
31+
32+
// Use this configuration option to add custom reporters to Jest
33+
reporters: [
34+
"default",
35+
[
36+
"jest-html-reporter",
37+
{
38+
pageTitle: "Test Report",
39+
outputPath: "./.reports/unit/test-report.html",
40+
includeFailureMsg: true,
41+
},
42+
],
43+
],
44+
45+
// The test environment that will be used for testing
46+
testEnvironment: "jsdom",
47+
};
48+
49+
const utilsJestConfig = {
50+
...baseJestConfig,
51+
52+
testEnvironment: "node",
53+
54+
coveragePathIgnorePatterns: [
55+
...(baseJestConfig.coveragePathIgnorePatterns ?? []),
56+
],
57+
};
58+
59+
export default utilsJestConfig;

lambdas/supplier-events-forwarder/package.json

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
{
2+
"dependencies": {
3+
"@aws-sdk/client-firehose": "^3.925.0",
4+
"aws-lambda": "^1.0.7",
5+
"esbuild": "^0.25.11",
6+
"pino": "^9.7.0",
7+
"zod": "^4.1.11"
8+
},
9+
"devDependencies": {
10+
"@tsconfig/node22": "^22.0.2",
11+
"@types/jest": "^30.0.0",
12+
"jest": "^30.2.0",
13+
"jest-mock-extended": "^4.0.0",
14+
"typescript": "^5.9.3"
15+
},
16+
"name": "nhs-notify-supplier-events-forwarder",
17+
"private": true,
18+
"scripts": {
19+
"lambda-build": "rm -rf dist && npx esbuild --bundle --minify --sourcemap --target=es2020 --platform=node --loader:.node=file --entry-names=[name] --outdir=dist src/index.ts",
20+
"lint": "eslint .",
21+
"lint:fix": "eslint . --fix",
22+
"test:unit": "jest",
23+
"typecheck": "tsc --noEmit"
24+
},
25+
"version": "0.0.1"
26+
}

0 commit comments

Comments
 (0)