Add allocation lambda

stevebux · stevebux · commit ad8235394cce · 2026-01-16T10:14:51.000Z
diff --git a/infrastructure/terraform/components/api/README.md b/infrastructure/terraform/components/api/README.md
@@ -38,6 +38,7 @@ No requirements.
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_allocation_lambda"></a> [allocation\_lambda](#module\_allocation\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip | n/a |
 | <a name="module_authorizer_lambda"></a> [authorizer\_lambda](#module\_authorizer\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_domain_truststore"></a> [domain\_truststore](#module\_domain\_truststore) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-s3bucket.zip | n/a |
 | <a name="module_eventpub"></a> [eventpub](#module\_eventpub) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-eventpub.zip | n/a |
diff --git a/infrastructure/terraform/components/api/module_lambda_allocation.tf b/infrastructure/terraform/components/api/module_lambda_allocation.tf
@@ -0,0 +1,72 @@
+module "allocation_lambda" {
+  source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip"
+
+  function_name = "allocate_supplier"
+  description   = "Lambda function for allocating supplier"
+
+  aws_account_id = var.aws_account_id
+  component      = var.component
+  environment    = var.environment
+  project        = var.project
+  region         = var.region
+  group          = var.group
+
+  log_retention_in_days = var.log_retention_in_days
+  kms_key_arn           = module.kms.key_arn
+
+  iam_policy_document = {
+    body = data.aws_iam_policy_document.allocation_lambda.json
+  }
+
+  function_s3_bucket      = local.acct.s3_buckets["lambda_function_artefacts"]["id"]
+  function_code_base_path = local.aws_lambda_functions_dir_path
+  function_code_dir       = "allocation/dist"
+  function_include_common = true
+  handler_function_name   = "handler"
+  runtime                 = "nodejs22.x"
+  memory                  = 128
+  timeout                 = 29
+  log_level               = var.log_level
+
+  force_lambda_code_deploy = var.force_lambda_code_deploy
+  enable_lambda_insights   = false
+
+  send_to_firehose          = true
+  log_destination_arn       = local.destination_arn
+  log_subscription_role_arn = local.acct.log_subscription_role_arn
+
+  lambda_env_vars = {
+    QUEUE_URL = module.amendments_queue.sqs_queue_url
+  }
+}
+
+
+data "aws_iam_policy_document" "allocation_lambda" {
+  statement {
+    sid    = "KMSPermissions"
+    effect = "Allow"
+
+    actions = [
+      "kms:Decrypt",
+      "kms:GenerateDataKey",
+    ]
+
+    resources = [
+      module.kms.key_arn,
+    ]
+  }
+
+  statement {
+    sid    = "AllowQueueAccess"
+    effect = "Allow"
+
+    actions = [
+      "sqs:SendMessage",
+      "sqs:GetQueueAttributes",
+    ]
+
+    resources = [
+      module.amendments_queue.sqs_queue_arn
+    ]
+  }
+}
diff --git a/infrastructure/terraform/components/api/module_sqs_letter_updates.tf b/infrastructure/terraform/components/api/module_sqs_letter_updates.tf
@@ -66,7 +66,6 @@ data "aws_iam_policy_document" "letter_updates_queue_policy" {
       test     = "ArnEquals"
       variable = "aws:SourceArn"
       values   = [
-        module.eventsub.sns_topic.arn,
         module.eventsub.sns_topic_clone.arn
       ]
     }
diff --git a/infrastructure/terraform/components/api/sns_topic_subscription_allocation_lambda.tf b/infrastructure/terraform/components/api/sns_topic_subscription_allocation_lambda.tf
@@ -0,0 +1,13 @@
+resource "aws_sns_topic_subscription" "allocation_lambda" {
+  topic_arn = module.eventsub.sns_topic_event_bus.arn
+  protocol  = "lambda"
+  endpoint  = module.allocation_lambda.function_arn
+}
+
+resource "aws_lambda_permission" "allocation_lambda_sns" {
+  statement_id  = "AllowExecutionFromSNS"
+  action        = "lambda:InvokeFunction"
+  function_name = module.allocation_lambda.function_name
+  principal     = "sns.amazonaws.com"
+  source_arn    = module.eventsub.sns_topic_event_bus.arn
+}
diff --git a/infrastructure/terraform/components/api/sns_topic_subscription_eventsub_sqs_letter_updates.tf b/infrastructure/terraform/components/api/sns_topic_subscription_eventsub_sqs_letter_updates.tf
@@ -1,9 +1,3 @@
-resource "aws_sns_topic_subscription" "eventsub_sqs_letter_updates" {
-  topic_arn = module.eventsub.sns_topic.arn
-  protocol  = "sqs"
-  endpoint  = module.sqs_letter_updates.sqs_queue_arn
-}
-
 resource "aws_sns_topic_subscription" "eventsub_sqs_letter_updates_clone" {
   topic_arn = module.eventsub.sns_topic_clone.arn
   protocol  = "sqs"

Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,6 @@ data "aws_iam_policy_document" "letter_updates_queue_policy" {`
`66`	`66`	`test = "ArnEquals"`
`67`	`67`	`variable = "aws:SourceArn"`
`68`	`68`	`values = [`
`69`		`- module.eventsub.sns_topic.arn,`
`70`	`69`	`module.eventsub.sns_topic_clone.arn`
`71`	`70`	`]`
`72`	`71`	`}`