Skip to content

Commit d49caba

Browse files
committed
Migrate supplier updates so that they pass through new topic
1 parent a7b23d2 commit d49caba

11 files changed

Lines changed: 40 additions & 33 deletions

infrastructure/terraform/components/api/locals.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ locals {
2727
SUPPLIER_ID_HEADER = "nhsd-supplier-id",
2828
APIM_CORRELATION_HEADER = "nhsd-correlation-id",
2929
DOWNLOAD_URL_TTL_SECONDS = 60
30-
SNS_TOPIC_ARN = "${module.eventsub.eventsub_topic.arn}",
30+
AMENDMENTS_TOPIC_ARN = "${module.eventsub.amendments_topic.arn}",
3131
EVENT_SOURCE = "/data-plane/supplier-api/${var.group}/${var.environment}/letters"
3232
}
3333

infrastructure/terraform/components/api/module_lambda_letter_status_update.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,7 @@ data "aws_iam_policy_document" "letter_status_update" {
9191
]
9292

9393
resources = [
94-
module.eventsub.eventsub_topic.arn
94+
module.eventsub.amendments_topic.arn
9595
]
9696
}
9797
}

infrastructure/terraform/components/api/module_sqs_letter_updates.tf

Lines changed: 1 addition & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -18,29 +18,6 @@ module "sqs_letter_updates" {
1818

1919
data "aws_iam_policy_document" "letter_updates_queue_policy" {
2020
version = "2012-10-17"
21-
statement {
22-
sid = "AllowSNSToSendMessage"
23-
effect = "Allow"
24-
25-
principals {
26-
type = "Service"
27-
identifiers = ["sns.amazonaws.com"]
28-
}
29-
30-
actions = [
31-
"sqs:SendMessage"
32-
]
33-
34-
resources = [
35-
"arn:aws:sqs:${var.region}:${var.aws_account_id}:${var.project}-${var.environment}-${var.component}-letter-updates-queue"
36-
]
37-
38-
condition {
39-
test = "ArnEquals"
40-
variable = "aws:SourceArn"
41-
values = [module.eventsub.eventsub_topic.arn]
42-
}
43-
}
4421

4522
statement {
4623
sid = "AllowSNSPermissions"
@@ -65,7 +42,7 @@ data "aws_iam_policy_document" "letter_updates_queue_policy" {
6542
condition {
6643
test = "ArnEquals"
6744
variable = "aws:SourceArn"
68-
values = [module.eventsub.eventsub_topic.arn]
45+
values = [module.eventsub.eventsub_topic.arn, module.eventsub.amendments_topic.arn]
6946
}
7047
}
7148
}

infrastructure/terraform/components/api/sns_topic_subscription_eventsub_sqs_letter_updates.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,3 +3,9 @@ resource "aws_sns_topic_subscription" "eventsub_sqs_letter_updates" {
33
protocol = "sqs"
44
endpoint = module.sqs_letter_updates.sqs_queue_arn
55
}
6+
7+
resource "aws_sns_topic_subscription" "amendments_sqs_letter_updates" {
8+
topic_arn = module.eventsub.amendments_topic.arn
9+
protocol = "sqs"
10+
endpoint = module.sqs_letter_updates.sqs_queue_arn
11+
}

infrastructure/terraform/modules/eventsub/cloudwatch_log_group_sns_delivery_logging_failure.tf

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,3 +7,13 @@ resource "aws_cloudwatch_log_group" "sns_delivery_logging_failure" {
77
kms_key_id = var.kms_key_arn
88
retention_in_days = var.log_retention_in_days
99
}
10+
11+
resource "aws_cloudwatch_log_group" "amendments_sns_delivery_logging_failure" {
12+
count = var.enable_sns_delivery_logging ? 1 : 0
13+
14+
# SNS doesn't allow specifying a log group and is derived as: sns/${region}/${account_id}/${name_of_sns_topic}/Failure
15+
# (for failure logs)
16+
name = "sns/${var.region}/${var.aws_account_id}/${local.csi}-amendments/Failure"
17+
kms_key_id = var.kms_key_arn
18+
retention_in_days = var.log_retention_in_days
19+
}

infrastructure/terraform/modules/eventsub/cloudwatch_log_group_sns_delivery_logging_success.tf

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,3 +7,13 @@ resource "aws_cloudwatch_log_group" "sns_delivery_logging_success" {
77
kms_key_id = var.kms_key_arn
88
retention_in_days = var.log_retention_in_days
99
}
10+
11+
resource "aws_cloudwatch_log_group" "amendments_sns_delivery_logging_success" {
12+
count = var.enable_sns_delivery_logging ? 1 : 0
13+
14+
# SNS doesn't allow specifying a log group and is derived as: sns/${region}/${account_id}/${name_of_sns_topic}
15+
# (for success logs)
16+
name = "sns/${var.region}/${var.aws_account_id}/${local.csi}-amendments"
17+
kms_key_id = var.kms_key_arn
18+
retention_in_days = var.log_retention_in_days
19+
}

infrastructure/terraform/modules/eventsub/iam_policy_sns_delivery_logging_cloudwatch.tf

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,10 @@ data "aws_iam_policy_document" "sns_delivery_logging_cloudwatch" {
3939
"${aws_cloudwatch_log_group.sns_delivery_logging_success[0].arn}:log-stream:*",
4040
aws_cloudwatch_log_group.sns_delivery_logging_failure[0].arn,
4141
"${aws_cloudwatch_log_group.sns_delivery_logging_failure[0].arn}:log-stream:*",
42+
aws_cloudwatch_log_group.amendments_sns_delivery_logging_success[0].arn,
43+
"${aws_cloudwatch_log_group.amendments_sns_delivery_logging_success[0].arn}:log-stream:*",
44+
aws_cloudwatch_log_group.amendments_sns_delivery_logging_failure[0].arn,
45+
"${aws_cloudwatch_log_group.amendments_sns_delivery_logging_failure[0].arn}:log-stream:*",
4246
]
4347
}
4448
}

lambdas/api-handler/src/config/__tests__/env.test.ts

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ describe("lambdaEnv", () => {
2626
process.env.MAX_LIMIT = "2500";
2727
process.env.QUEUE_URL = "url";
2828
process.env.EVENT_SOURCE = "supplier-api";
29-
process.env.SNS_TOPIC_ARN = "sns-topic.arn";
29+
process.env.AMENDMENTS_TOPIC_ARN = "sns-topic.arn";
3030

3131
const { envVars } = require("../env");
3232

@@ -41,7 +41,7 @@ describe("lambdaEnv", () => {
4141
MAX_LIMIT: 2500,
4242
QUEUE_URL: "url",
4343
EVENT_SOURCE: "supplier-api",
44-
SNS_TOPIC_ARN: "sns-topic.arn",
44+
AMENDMENTS_TOPIC_ARN: "sns-topic.arn",
4545
});
4646
});
4747

@@ -66,7 +66,7 @@ describe("lambdaEnv", () => {
6666
process.env.MI_TTL_HOURS = "2160";
6767
process.env.DOWNLOAD_URL_TTL_SECONDS = "60";
6868
process.env.EVENT_SOURCE = "supplier-api";
69-
process.env.SNS_TOPIC_ARN = "sns-topic.arn";
69+
process.env.AMENDMENTS_TOPIC_ARN = "sns-topic.arn";
7070

7171
const { envVars } = require("../env");
7272

@@ -80,7 +80,7 @@ describe("lambdaEnv", () => {
8080
DOWNLOAD_URL_TTL_SECONDS: 60,
8181
MAX_LIMIT: undefined,
8282
EVENT_SOURCE: "supplier-api",
83-
SNS_TOPIC_ARN: "sns-topic.arn",
83+
AMENDMENTS_TOPIC_ARN: "sns-topic.arn",
8484
});
8585
});
8686
});

lambdas/api-handler/src/config/env.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ const EnvVarsSchema = z.object({
1111
MAX_LIMIT: z.coerce.number().int().optional(),
1212
QUEUE_URL: z.coerce.string().optional(),
1313
EVENT_SOURCE: z.string(),
14-
SNS_TOPIC_ARN: z.string(),
14+
AMENDMENTS_TOPIC_ARN: z.string(),
1515
});
1616

1717
export type EnvVars = z.infer<typeof EnvVarsSchema>;

lambdas/api-handler/src/handlers/__tests__/letter-status-update.test.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -117,7 +117,7 @@ describe("createLetterStatusUpdateHandler", () => {
117117
i + 1,
118118
expect.objectContaining({
119119
input: expect.objectContaining({
120-
TopicArn: mockedDeps.env.SNS_TOPIC_ARN,
120+
TopicArn: mockedDeps.env.AMENDMENTS_TOPIC_ARN,
121121
Message: JSON.stringify(
122122
mapLetterToCloudEvent(
123123
updateLetterCommands[i] as Letter,

0 commit comments

Comments
 (0)