From e9cd59dd79552e5931cd984bd706685d21751e6c Mon Sep 17 00:00:00 2001 From: Joe Fong Date: Tue, 23 Jul 2024 09:59:55 +0100 Subject: [PATCH 1/2] [PRMP-614] bump up lambda runtime python version (and terraform aws provider version) --- terraform/main.tf | 2 +- terraform/modules/suspension-service/lambda.tf | 5 +---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/terraform/main.tf b/terraform/main.tf index c4d61643..762f7391 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -7,7 +7,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "3.76.1" + version = "5.32.0" } } } diff --git a/terraform/modules/suspension-service/lambda.tf b/terraform/modules/suspension-service/lambda.tf index f0839242..9027da31 100644 --- a/terraform/modules/suspension-service/lambda.tf +++ b/terraform/modules/suspension-service/lambda.tf @@ -9,15 +9,12 @@ locals { } resource "aws_lambda_function" "lambda" { - # If the file is not in the current working directory you will need to include a - # path.module in the filename. filename = data.archive_file.lambda.output_path function_name = "${var.environment}_${local.ingestion_lambda_name}" role = aws_iam_role.lambda_execution_role.arn handler = "${local.ingestion_lambda_name}.lambda_handler" source_code_hash = data.archive_file.lambda.output_base64sha256 - # Remark: better to use python3.11 . For now we only have 3.8 as we are use a very old (3.44) terraform provider version - runtime = "python3.8" + runtime = "python3.12" timeout = 30 memory_size = 128 From c958eb5b640f06e60ca910b60b6ab5e825b04289 Mon Sep 17 00:00:00 2001 From: Joe Fong Date: Tue, 23 Jul 2024 15:43:02 +0100 Subject: [PATCH 2/2] run formatter --- terraform/backend.tf | 14 +++++------ terraform/cloudwatch.tf | 50 ++++++++++++++++++------------------- terraform/dynamodb.tf | 8 +++--- terraform/ecs-service.tf | 2 +- terraform/ecs-task.tf | 12 ++++----- terraform/encryption-key.tf | 36 +++++++++++++------------- terraform/iam.tf | 18 ++++++------- terraform/main.tf | 2 +- terraform/queue.tf | 10 ++++---- terraform/sns-topic.tf | 48 +++++++++++++++++------------------ terraform/variables.tf | 8 +++--- 11 files changed, 104 insertions(+), 104 deletions(-) diff --git a/terraform/backend.tf b/terraform/backend.tf index 4b963f83..c02b5e54 100644 --- a/terraform/backend.tf +++ b/terraform/backend.tf @@ -1,8 +1,8 @@ -terraform{ - backend "s3" { - bucket = "prm-deductions-terraform-state" - key = "suspension-service/terraform.tfstate" - region = "eu-west-2" - encrypt = true - } +terraform { + backend "s3" { + bucket = "prm-deductions-terraform-state" + key = "suspension-service/terraform.tfstate" + region = "eu-west-2" + encrypt = true + } } diff --git a/terraform/cloudwatch.tf b/terraform/cloudwatch.tf index 7fbb86fe..afcf762d 100644 --- a/terraform/cloudwatch.tf +++ b/terraform/cloudwatch.tf @@ -53,15 +53,15 @@ resource "aws_cloudwatch_metric_alarm" "not_suspended_sns_topic_error_log_alarm" period = "60" metric_name = local.sns_topic_error_logs_metric_name namespace = local.sns_topic_namespace - dimensions = { + dimensions = { TopicName = local.not_suspended_sns_topic_name } - statistic = "Sum" - alarm_description = "This alarm monitors errors logs in ${local.not_suspended_sns_topic_name}" - treat_missing_data = "notBreaching" - actions_enabled = "true" - alarm_actions = [data.aws_sns_topic.alarm_notifications.arn] - ok_actions = [data.aws_sns_topic.alarm_notifications.arn] + statistic = "Sum" + alarm_description = "This alarm monitors errors logs in ${local.not_suspended_sns_topic_name}" + treat_missing_data = "notBreaching" + actions_enabled = "true" + alarm_actions = [data.aws_sns_topic.alarm_notifications.arn] + ok_actions = [data.aws_sns_topic.alarm_notifications.arn] } resource "aws_cloudwatch_metric_alarm" "suspension_out_of_order_audit" { @@ -74,11 +74,11 @@ resource "aws_cloudwatch_metric_alarm" "suspension_out_of_order_audit" { alarm_description = "This alarm triggers when messages on the out of order audit queue is not polled by splunk in last 15 mins" statistic = "Maximum" period = "900" - dimensions = { + dimensions = { QueueName = aws_sqs_queue.event_out_of_order_audit.name } - alarm_actions = [data.aws_sns_topic.alarm_notifications.arn] - ok_actions = [data.aws_sns_topic.alarm_notifications.arn] + alarm_actions = [data.aws_sns_topic.alarm_notifications.arn] + ok_actions = [data.aws_sns_topic.alarm_notifications.arn] } resource "aws_cloudwatch_metric_alarm" "suspension_not_suspended_audit" { @@ -91,11 +91,11 @@ resource "aws_cloudwatch_metric_alarm" "suspension_not_suspended_audit" { alarm_description = "This alarm triggers when messages on the not suspended audit queue is not polled by splunk in last 15 mins" statistic = "Maximum" period = "900" - dimensions = { + dimensions = { QueueName = aws_sqs_queue.not_suspended_audit.name } - alarm_actions = [data.aws_sns_topic.alarm_notifications.arn] - ok_actions = [data.aws_sns_topic.alarm_notifications.arn] + alarm_actions = [data.aws_sns_topic.alarm_notifications.arn] + ok_actions = [data.aws_sns_topic.alarm_notifications.arn] } resource "aws_cloudwatch_metric_alarm" "suspension_mof_not_updated_audit" { @@ -108,11 +108,11 @@ resource "aws_cloudwatch_metric_alarm" "suspension_mof_not_updated_audit" { alarm_description = "This alarm triggers when messages on the MOF not updated audit queue is not polled by splunk in last 15 mins" statistic = "Maximum" period = "900" - dimensions = { + dimensions = { QueueName = aws_sqs_queue.mof_not_updated_audit.name } - alarm_actions = [data.aws_sns_topic.alarm_notifications.arn] - ok_actions = [data.aws_sns_topic.alarm_notifications.arn] + alarm_actions = [data.aws_sns_topic.alarm_notifications.arn] + ok_actions = [data.aws_sns_topic.alarm_notifications.arn] } resource "aws_cloudwatch_metric_alarm" "suspension_mof_updated_audit" { @@ -125,11 +125,11 @@ resource "aws_cloudwatch_metric_alarm" "suspension_mof_updated_audit" { alarm_description = "This alarm triggers when messages on the MOF updated audit queue is not polled by splunk in last 15 mins" statistic = "Maximum" period = "900" - dimensions = { + dimensions = { QueueName = aws_sqs_queue.mof_updated_audit.name } - alarm_actions = [data.aws_sns_topic.alarm_notifications.arn] - ok_actions = [data.aws_sns_topic.alarm_notifications.arn] + alarm_actions = [data.aws_sns_topic.alarm_notifications.arn] + ok_actions = [data.aws_sns_topic.alarm_notifications.arn] } resource "aws_cloudwatch_metric_alarm" "suspension_deceased_patient_audit" { @@ -142,11 +142,11 @@ resource "aws_cloudwatch_metric_alarm" "suspension_deceased_patient_audit" { alarm_description = "This alarm triggers when messages on the deceased patient audit queue is not polled by splunk in last 15 mins" statistic = "Maximum" period = "900" - dimensions = { + dimensions = { QueueName = aws_sqs_queue.deceased_patient_audit.name } - alarm_actions = [data.aws_sns_topic.alarm_notifications.arn] - ok_actions = [data.aws_sns_topic.alarm_notifications.arn] + alarm_actions = [data.aws_sns_topic.alarm_notifications.arn] + ok_actions = [data.aws_sns_topic.alarm_notifications.arn] } resource "aws_cloudwatch_metric_alarm" "suspension_invalid_suspension_dlq_audit" { @@ -159,9 +159,9 @@ resource "aws_cloudwatch_metric_alarm" "suspension_invalid_suspension_dlq_audit" alarm_description = "This alarm triggers when messages on the invalid suspensions dlq audit queue is not polled by splunk in last 15 mins" statistic = "Maximum" period = "900" - dimensions = { + dimensions = { QueueName = aws_sqs_queue.invalid_suspension_audit.name } - alarm_actions = [data.aws_sns_topic.alarm_notifications.arn] - ok_actions = [data.aws_sns_topic.alarm_notifications.arn] + alarm_actions = [data.aws_sns_topic.alarm_notifications.arn] + ok_actions = [data.aws_sns_topic.alarm_notifications.arn] } diff --git a/terraform/dynamodb.tf b/terraform/dynamodb.tf index 82a546bb..a618ebcc 100644 --- a/terraform/dynamodb.tf +++ b/terraform/dynamodb.tf @@ -1,8 +1,8 @@ resource "aws_dynamodb_table" "suspensions" { - name = "${var.environment}-${var.component_name}-dynamodb" - billing_mode = "PAY_PER_REQUEST" - hash_key = "nhs_number" -# deletion_protection_enabled = true + name = "${var.environment}-${var.component_name}-dynamodb" + billing_mode = "PAY_PER_REQUEST" + hash_key = "nhs_number" + # deletion_protection_enabled = true server_side_encryption { enabled = true diff --git a/terraform/ecs-service.tf b/terraform/ecs-service.tf index 4aed269e..59ed731d 100644 --- a/terraform/ecs-service.tf +++ b/terraform/ecs-service.tf @@ -1,6 +1,6 @@ locals { ecs_cluster_id = aws_ecs_cluster.ecs-cluster.id - ecs_task_sg_id = aws_security_group.ecs-tasks-sg.id + ecs_task_sg_id = aws_security_group.ecs-tasks-sg.id private_subnets = split(",", data.aws_ssm_parameter.deductions_private_private_subnets.value) } diff --git a/terraform/ecs-task.tf b/terraform/ecs-task.tf index df80ff14..bc8fb930 100644 --- a/terraform/ecs-task.tf +++ b/terraform/ecs-task.tf @@ -1,8 +1,8 @@ locals { - task_role_arn = aws_iam_role.component-ecs-role.arn - task_execution_role = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.environment}-${var.component_name}-EcsTaskRole" - task_ecr_url = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com" - task_log_group = "/nhs/deductions/${var.environment}-${data.aws_caller_identity.current.account_id}/${var.component_name}" + task_role_arn = aws_iam_role.component-ecs-role.arn + task_execution_role = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.environment}-${var.component_name}-EcsTaskRole" + task_ecr_url = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com" + task_log_group = "/nhs/deductions/${var.environment}-${data.aws_caller_identity.current.account_id}/${var.component_name}" environment_variables = [ { name = "COMPONENT_NAME", value = var.component_name }, { name = "METRIC_NAMESPACE", value = var.metric_namespace }, @@ -29,11 +29,11 @@ locals { { name = "CAN_UPDATE_MANAGING_ORGANISATION_TO_REPO", value = tostring(var.can_update_managing_organisation_to_repo) }, { name = "DYNAMODB_TABLE_NAME", value = aws_dynamodb_table.suspensions.name }, { - name = "PDS_ADAPTOR_URL", + name = "PDS_ADAPTOR_URL", value = "https://pds-adaptor.${data.aws_ssm_parameter.environment_domain_name.value}" }, { name = "REPO_ODS_CODE", value = data.aws_ssm_parameter.repo_ods_code.value }, - { name = "SAFE_LISTED_ODS_CODES", value = data.aws_ssm_parameter.safe_listed_ods_codes.value}, + { name = "SAFE_LISTED_ODS_CODES", value = data.aws_ssm_parameter.safe_listed_ods_codes.value }, { name = "REPO_PROCESS_ONLY_SAFE_LISTED_ODS_CODES", value = tostring(var.repo_process_only_safe_listed_ods_codes) } ] } diff --git a/terraform/encryption-key.tf b/terraform/encryption-key.tf index 7885569f..4c5f2e8b 100644 --- a/terraform/encryption-key.tf +++ b/terraform/encryption-key.tf @@ -1,6 +1,6 @@ resource "aws_kms_key" "not_suspended" { - description = "Custom KMS Key to enable server side encryption for SNS and SQS" - policy = data.aws_iam_policy_document.kms_key_policy_doc.json + description = "Custom KMS Key to enable server side encryption for SNS and SQS" + policy = data.aws_iam_policy_document.kms_key_policy_doc.json enable_key_rotation = true tags = { @@ -61,8 +61,8 @@ data "aws_iam_policy_document" "kms_key_policy_doc" { } resource "aws_kms_key" "mof_updated" { - description = "Custom KMS Key to enable server side encryption for SNS and SQS" - policy = data.aws_iam_policy_document.kms_key_policy_doc.json + description = "Custom KMS Key to enable server side encryption for SNS and SQS" + policy = data.aws_iam_policy_document.kms_key_policy_doc.json enable_key_rotation = true tags = { @@ -78,8 +78,8 @@ resource "aws_kms_alias" "mof_updated_encryption" { } resource "aws_kms_key" "mof_not_updated" { - description = "Custom KMS Key to enable server side encryption for mof not updated topic" - policy = data.aws_iam_policy_document.kms_key_policy_doc.json + description = "Custom KMS Key to enable server side encryption for mof not updated topic" + policy = data.aws_iam_policy_document.kms_key_policy_doc.json enable_key_rotation = true tags = { @@ -95,8 +95,8 @@ resource "aws_kms_alias" "mof_not_updated_encryption" { } resource "aws_kms_key" "invalid_suspension" { - description = "Custom KMS Key to enable server side encryption for invalid suspension topic" - policy = data.aws_iam_policy_document.kms_key_policy_doc.json + description = "Custom KMS Key to enable server side encryption for invalid suspension topic" + policy = data.aws_iam_policy_document.kms_key_policy_doc.json enable_key_rotation = true tags = { @@ -112,8 +112,8 @@ resource "aws_kms_alias" "invalid_suspension_encryption" { } resource "aws_kms_key" "invalid_suspension_audit" { - description = "Custom KMS Key to enable server side encryption for invalid suspension audit topic" - policy = data.aws_iam_policy_document.kms_key_policy_doc.json + description = "Custom KMS Key to enable server side encryption for invalid suspension audit topic" + policy = data.aws_iam_policy_document.kms_key_policy_doc.json enable_key_rotation = true tags = { @@ -129,8 +129,8 @@ resource "aws_kms_alias" "invalid_suspension_audit_encryption" { } resource "aws_kms_key" "event_out_of_order" { - description = "Custom KMS Key to enable server side encryption for event out of order topic" - policy = data.aws_iam_policy_document.kms_key_policy_doc.json + description = "Custom KMS Key to enable server side encryption for event out of order topic" + policy = data.aws_iam_policy_document.kms_key_policy_doc.json enable_key_rotation = true tags = { @@ -146,8 +146,8 @@ resource "aws_kms_alias" "event_out_of_order_encryption" { } resource "aws_kms_key" "suspension_dynamodb_kms_key" { - description = "Custom KMS Key to enable server side encryption for Suspension DB" - policy = data.aws_iam_policy_document.kms_key_policy_doc.json + description = "Custom KMS Key to enable server side encryption for Suspension DB" + policy = data.aws_iam_policy_document.kms_key_policy_doc.json enable_key_rotation = true tags = { @@ -163,8 +163,8 @@ resource "aws_kms_alias" "suspension_dynamodb_encryption" { } resource "aws_kms_key" "deceased_patient" { - description = "Custom KMS Key to enable server side encryption for deceased patient topic" - policy = data.aws_iam_policy_document.kms_key_policy_doc.json + description = "Custom KMS Key to enable server side encryption for deceased patient topic" + policy = data.aws_iam_policy_document.kms_key_policy_doc.json enable_key_rotation = true tags = { @@ -180,8 +180,8 @@ resource "aws_kms_alias" "deceased_patient_encryption" { } resource "aws_kms_key" "active_suspensions" { - description = "Custom KMS Key to enable server side encryption for active-suspensions topic" - policy = data.aws_iam_policy_document.kms_key_policy_doc.json + description = "Custom KMS Key to enable server side encryption for active-suspensions topic" + policy = data.aws_iam_policy_document.kms_key_policy_doc.json enable_key_rotation = true tags = { diff --git a/terraform/iam.tf b/terraform/iam.tf index d5477dc5..5580a600 100644 --- a/terraform/iam.tf +++ b/terraform/iam.tf @@ -1,6 +1,6 @@ locals { - account_id = data.aws_caller_identity.current.account_id - sns_base_arns = [ + account_id = data.aws_caller_identity.current.account_id + sns_base_arns = [ aws_sns_topic.not_suspended.arn, aws_sns_topic.mof_updated.arn, aws_sns_topic.mof_not_updated.arn, @@ -19,7 +19,7 @@ data "aws_iam_policy_document" "ecs-assume-role-policy" { actions = ["sts:AssumeRole"] principals { - type = "Service" + type = "Service" identifiers = [ "ecs-tasks.amazonaws.com" ] @@ -99,7 +99,7 @@ resource "aws_iam_policy" "suspensions_processor_sqs" { data "aws_iam_policy_document" "sqs_suspensions_ecs_task" { statement { - actions = [ + actions = [ "sqs:GetQueue*", "sqs:ChangeMessageVisibility", "sqs:DeleteMessage", @@ -132,7 +132,7 @@ resource "aws_iam_role_policy_attachment" "suspension_service_sns" { data "aws_iam_policy_document" "sns_policy_doc" { statement { - actions = [ + actions = [ "sns:Publish", "sns:GetTopicAttributes" ] @@ -152,7 +152,7 @@ resource "aws_iam_policy" "suspensions_kms" { data "aws_iam_policy_document" "kms_policy_doc" { statement { - actions = [ + actions = [ "kms:*" ] resources = [ @@ -203,7 +203,7 @@ resource "aws_iam_role" "sns_failure_feedback_role" { data "aws_iam_policy_document" "sns_failure_feedback_policy" { statement { - actions = [ + actions = [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", @@ -231,7 +231,7 @@ data "aws_iam_policy_document" "sns_service_assume_role_policy" { actions = ["sts:AssumeRole"] principals { - type = "Service" + type = "Service" identifiers = [ "sns.amazonaws.com" ] @@ -488,7 +488,7 @@ data "aws_iam_policy_document" "event_out_of_order_policy_doc" { data "aws_iam_policy_document" "dynamodb-table-access" { statement { - actions = [ + actions = [ "dynamodb:GetItem", "dynamodb:PutItem" ] diff --git a/terraform/main.tf b/terraform/main.tf index 762f7391..ed044f2c 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -7,7 +7,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.32.0" + version = "5.59.0" } } } diff --git a/terraform/queue.tf b/terraform/queue.tf index 36315ff4..0589fa5a 100644 --- a/terraform/queue.tf +++ b/terraform/queue.tf @@ -112,7 +112,7 @@ resource "aws_sqs_queue" "invalid_suspension_audit" { deadLetterTargetArn = aws_sqs_queue.invalid_suspension_splunk_dlq.arn maxReceiveCount = 4 }) - tags = { + tags = { Name = local.invalid_suspension_audit_queue_name CreatedBy = var.repo_name Environment = var.environment @@ -143,7 +143,7 @@ resource "aws_sqs_queue" "not_suspended_audit" { name = local.not_suspended_audit_queue_name message_retention_seconds = 1209600 kms_master_key_id = aws_kms_key.not_suspended.id - redrive_policy = jsonencode({ + redrive_policy = jsonencode({ deadLetterTargetArn = aws_sqs_queue.not_suspended_audit_splunk_dlq.arn maxReceiveCount = 4 }) @@ -233,7 +233,7 @@ resource "aws_sqs_queue" "mof_not_updated_audit" { name = local.mof_not_updated_audit_queue_name message_retention_seconds = 1209600 kms_master_key_id = aws_kms_key.mof_not_updated.id - redrive_policy = jsonencode({ + redrive_policy = jsonencode({ deadLetterTargetArn = aws_sqs_queue.mof_not_updated_audit_splunk_dlq.arn maxReceiveCount = 4 }) @@ -268,7 +268,7 @@ resource "aws_sqs_queue" "mof_updated_audit" { name = local.mof_updated_audit_queue_name message_retention_seconds = 1209600 kms_master_key_id = aws_kms_key.mof_updated.id - redrive_policy = jsonencode({ + redrive_policy = jsonencode({ deadLetterTargetArn = aws_sqs_queue.mof_updated_audit_splunk_dlq.arn maxReceiveCount = 4 }) @@ -331,7 +331,7 @@ resource "aws_sqs_queue" "deceased_patient_audit" { deadLetterTargetArn = aws_sqs_queue.deceased_patient_audit_splunk_dlq.arn maxReceiveCount = 4 }) - tags = { + tags = { Name = local.deceased_patient_audit_queue_name CreatedBy = var.repo_name Environment = var.environment diff --git a/terraform/sns-topic.tf b/terraform/sns-topic.tf index fbf11ab1..e16f7924 100644 --- a/terraform/sns-topic.tf +++ b/terraform/sns-topic.tf @@ -1,94 +1,94 @@ resource "aws_sns_topic" "mof_updated" { - name = "${var.environment}-${var.component_name}-mof-updated-sns-topic" - kms_master_key_id = aws_kms_key.mof_updated.id + name = "${var.environment}-${var.component_name}-mof-updated-sns-topic" + kms_master_key_id = aws_kms_key.mof_updated.id sqs_failure_feedback_role_arn = aws_iam_role.sns_failure_feedback_role.arn tags = { - Name = "${var.environment}-${var.component_name}-mof-updated-sns-topic" + Name = "${var.environment}-${var.component_name}-mof-updated-sns-topic" CreatedBy = var.repo_name Environment = var.environment } } resource "aws_sns_topic" "mof_not_updated" { - name = "${var.environment}-${var.component_name}-mof-not-updated-sns-topic" - kms_master_key_id = aws_kms_key.mof_not_updated.id + name = "${var.environment}-${var.component_name}-mof-not-updated-sns-topic" + kms_master_key_id = aws_kms_key.mof_not_updated.id sqs_failure_feedback_role_arn = aws_iam_role.sns_failure_feedback_role.arn tags = { - Name = "${var.environment}-${var.component_name}-mof-updated-sns-topic" + Name = "${var.environment}-${var.component_name}-mof-updated-sns-topic" CreatedBy = var.repo_name Environment = var.environment } } resource "aws_sns_topic" "not_suspended" { - name = "${var.environment}-${var.component_name}-not-suspended-sns-topic" - kms_master_key_id = aws_kms_key.not_suspended.id + name = "${var.environment}-${var.component_name}-not-suspended-sns-topic" + kms_master_key_id = aws_kms_key.not_suspended.id sqs_failure_feedback_role_arn = aws_iam_role.sns_failure_feedback_role.arn tags = { - Name = "${var.environment}-${var.component_name}-not-suspended-sns-topic" + Name = "${var.environment}-${var.component_name}-not-suspended-sns-topic" CreatedBy = var.repo_name Environment = var.environment } } resource "aws_sns_topic" "invalid_suspension" { - name = "${var.environment}-${var.component_name}-invalid-suspension-sns-topic" - kms_master_key_id = aws_kms_key.invalid_suspension.id + name = "${var.environment}-${var.component_name}-invalid-suspension-sns-topic" + kms_master_key_id = aws_kms_key.invalid_suspension.id sqs_failure_feedback_role_arn = aws_iam_role.sns_failure_feedback_role.arn tags = { - Name = "${var.environment}-${var.component_name}-invalid-suspension-sns-topic" + Name = "${var.environment}-${var.component_name}-invalid-suspension-sns-topic" CreatedBy = var.repo_name Environment = var.environment } } resource "aws_sns_topic" "invalid_suspension_audit_topic" { - name = "${var.environment}-${var.component_name}-invalid-suspension-audit-sns-topic" - kms_master_key_id = aws_kms_key.invalid_suspension_audit.id + name = "${var.environment}-${var.component_name}-invalid-suspension-audit-sns-topic" + kms_master_key_id = aws_kms_key.invalid_suspension_audit.id sqs_failure_feedback_role_arn = aws_iam_role.sns_failure_feedback_role.arn tags = { - Name = "${var.environment}-${var.component_name}-invalid-suspension-audit-sns-topic" + Name = "${var.environment}-${var.component_name}-invalid-suspension-audit-sns-topic" CreatedBy = var.repo_name Environment = var.environment } } resource "aws_sns_topic" "event_out_of_order" { - name = "${var.environment}-${var.component_name}-event-out-of-order" - kms_master_key_id = aws_kms_key.event_out_of_order.id + name = "${var.environment}-${var.component_name}-event-out-of-order" + kms_master_key_id = aws_kms_key.event_out_of_order.id sqs_failure_feedback_role_arn = aws_iam_role.sns_failure_feedback_role.arn tags = { - Name = "${var.environment}-${var.component_name}-event-out-of-order-sns-topic" + Name = "${var.environment}-${var.component_name}-event-out-of-order-sns-topic" CreatedBy = var.repo_name Environment = var.environment } } resource "aws_sns_topic" "deceased_patient" { - name = "${var.environment}-${var.component_name}-deceased-patient" - kms_master_key_id = aws_kms_key.deceased_patient.id + name = "${var.environment}-${var.component_name}-deceased-patient" + kms_master_key_id = aws_kms_key.deceased_patient.id sqs_failure_feedback_role_arn = aws_iam_role.sns_failure_feedback_role.arn tags = { - Name = "${var.environment}-${var.component_name}-deceased-patient-sns-topic" + Name = "${var.environment}-${var.component_name}-deceased-patient-sns-topic" CreatedBy = var.repo_name Environment = var.environment } } resource "aws_sns_topic" "active_suspensions" { - name = "${var.environment}-${var.component_name}-active-suspensions-sns-topic" - kms_master_key_id = aws_kms_key.active_suspensions.id + name = "${var.environment}-${var.component_name}-active-suspensions-sns-topic" + kms_master_key_id = aws_kms_key.active_suspensions.id sqs_failure_feedback_role_arn = aws_iam_role.sns_failure_feedback_role.arn tags = { - Name = "${var.environment}-${var.component_name}-active-suspensions-sns-topic" + Name = "${var.environment}-${var.component_name}-active-suspensions-sns-topic" CreatedBy = var.repo_name Environment = var.environment } diff --git a/terraform/variables.tf b/terraform/variables.tf index 10746119..87e09647 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -23,7 +23,7 @@ variable "task_memory" { } variable "log_level" { - type = string + type = string default = "debug" } @@ -49,16 +49,16 @@ variable "enable_scale_action" { variable "can_update_managing_organisation_to_repo" { description = "Toggle to allow updating managing organisation to repo ODS code" - default = false + default = false } variable "is_end_of_transfer_service" { - type = bool + type = bool default = false } variable "image_name" { - type = string + type = string default = "suspension-service" }