Create filters on SNS topic subscriptions

Author: stevebux

infrastructure/terraform/components/api/module_sqs_letter_updates.tf

@@ -16,6 +16,7 @@ module "sqs_letter_updates" {
   sqs_policy_overload = data.aws_iam_policy_document.letter_updates_queue_policy.json
 }
 
+
 data "aws_iam_policy_document" "letter_updates_queue_policy" {
   version = "2012-10-17"
   statement {
@@ -41,31 +42,4 @@ data "aws_iam_policy_document" "letter_updates_queue_policy" {
       values   = [module.eventsub.sns_topic.arn]
     }
   }
-
-  statement {
-    sid    = "AllowSNSPermissions"
-    effect = "Allow"
-
-    principals {
-      type        = "Service"
-      identifiers = ["sns.amazonaws.com"]
-    }
-
-    actions = [
-      "sqs:SendMessage",
-      "sqs:ListQueueTags",
-      "sqs:GetQueueUrl",
-      "sqs:GetQueueAttributes",
-    ]
-
-    resources = [
-      "arn:aws:sqs:${var.region}:${var.aws_account_id}:${var.project}-${var.environment}-${var.component}-letter-updates-queue"
-    ]
-
-    condition {
-      test     = "ArnEquals"
-      variable = "aws:SourceArn"
-      values   = [module.eventsub.sns_topic.arn]
-    }
-  }
 }

infrastructure/terraform/components/api/sns_topic_subscription_eventsub_sqs_letter_updates.tf

@@ -2,4 +2,11 @@ resource "aws_sns_topic_subscription" "eventsub_sqs_letter_updates" {
   topic_arn = module.eventsub.sns_topic.arn
   protocol  = "sqs"
   endpoint  = module.sqs_letter_updates.sqs_queue_arn
+
+  raw_message_delivery = true
+
+  filter_policy_scope = "MessageBody"
+  filter_policy = jsonencode({
+    type = [{ prefix = "uk.nhs.notify.supplier-api.letter" }]
+  })
 }

infrastructure/terraform/components/api/sns_topic_subscription_eventsub_sqs_supplier_allocator.tf

@@ -0,0 +1,13 @@
+resource "aws_sns_topic_subscription" "eventsub_sqs_supplier_allocator" {
+  # The supplier allocator queue will be introduced by another ticket. For now, route events directly to the letter updates queue.
+  topic_arn = module.eventsub.sns_topic.arn
+  protocol  = "sqs"
+  endpoint  = module.sqs_letter_updates.sqs_queue_arn
+
+  raw_message_delivery = true
+
+  filter_policy_scope = "MessageBody"
+  filter_policy = jsonencode({
+    type = [{ prefix = "uk.nhs.notify.letter-rendering.letter-request.prepared" }]
+  })
+}