NHSDigital · nhsd-david-wass · Feb 19, 2026 · Feb 20, 2026 · Feb 23, 2026 · Feb 23, 2026
@@ -161,7 +161,8 @@ jobs:
             --targetAccountGroup "nhs-notify-supplier-api-dev" \
             --terraformAction "apply" \
             --overrideProjectName "nhs" \
-            --overrideRoleName "nhs-main-acct-supplier-api-github-deploy"
+            --overrideRoleName "nhs-main-acct-supplier-api-github-deploy" \
+            --internalRef "feature/CCM-15148"
   artefact-proxies:
     name: "Build proxies"
     runs-on: ubuntu-latest

@@ -34,7 +34,7 @@ No requirements.
 | <a name="input_group"></a> [group](#input\_group) | The group variables are being inherited from (often synonmous with account short-name) | `string` | n/a | yes |
 | <a name="input_kms_deletion_window"></a> [kms\_deletion\_window](#input\_kms\_deletion\_window) | When a kms key is deleted, how long should it wait in the pending deletion state? | `string` | `"30"` | no |
 | <a name="input_letter_table_ttl_hours"></a> [letter\_table\_ttl\_hours](#input\_letter\_table\_ttl\_hours) | Number of hours to set as TTL on letters table | `number` | `24` | no |
-| <a name="input_letter_variant_map"></a> [letter\_variant\_map](#input\_letter\_variant\_map) | n/a | `map(object({ supplierId = string, specId = string }))` | <pre>{<br/>  "lv1": {<br/>    "specId": "spec1",<br/>    "supplierId": "supplier1"<br/>  },<br/>  "lv2": {<br/>    "specId": "spec2",<br/>    "supplierId": "supplier1"<br/>  },<br/>  "lv3": {<br/>    "specId": "spec3",<br/>    "supplierId": "supplier2"<br/>  }<br/>}</pre> | no |
+| <a name="input_letter_variant_map"></a> [letter\_variant\_map](#input\_letter\_variant\_map) | n/a | `map(object({ supplierId = string, specId = string, billingId = string }))` | <pre>{<br/>  "lv1": {<br/>    "billingId": "billing1",<br/>    "specId": "spec1",<br/>    "supplierId": "supplier1"<br/>  },<br/>  "lv2": {<br/>    "billingId": "billing2",<br/>    "specId": "spec2",<br/>    "supplierId": "supplier1"<br/>  },<br/>  "lv3": {<br/>    "billingId": "billing3",<br/>    "specId": "spec3",<br/>    "supplierId": "supplier2"<br/>  }<br/>}</pre> | no |
 | <a name="input_log_level"></a> [log\_level](#input\_log\_level) | The log level to be used in lambda functions within the component. Any log with a lower severity than the configured value will not be logged: https://docs.python.org/3/library/logging.html#levels | `string` | `"INFO"` | no |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite | `number` | `0` | no |
 | <a name="input_manually_configure_mtls_truststore"></a> [manually\_configure\_mtls\_truststore](#input\_manually\_configure\_mtls\_truststore) | Manually manage the truststore used for API Gateway mTLS (e.g. for prod environment) | `bool` | `false` | no |

@@ -0,0 +1,59 @@
+resource "aws_dynamodb_table" "supplier-configuration" {
+  name         = "${local.csi}-supplier-config"
+  billing_mode = "PAY_PER_REQUEST"
+
+  hash_key  = "PK"
+  range_key = "SK"
+
+  ttl {
+    attribute_name = "ttl"
+    enabled        = true
+  }
+
+  attribute {
+    name = "PK"
+    type = "S"
+  }
+
+  attribute {
+    name = "SK"
+    type = "S"
+  }
+
+  attribute {
+    name = "entityType"
+    type = "S"
+  }
+
+  attribute {
+    name = "volumeGroup"
+    type = "S"
+  }
+
+  // The type-index GSI allows us to query for all supplier configurations of a given type (e.g. all letter supplier configurations)
+  global_secondary_index {
+    name            = "EntityTypeIndex"
+    hash_key        = "entityType"
+    range_key       = "SK"
+    projection_type = "ALL"
+  }
+
+  global_secondary_index {
+    name            = "volumeGroup-index"
+    hash_key        = "PK"
+    range_key       = "volumeGroup"
+    projection_type = "ALL"
+  }
+
+  point_in_time_recovery {
+    enabled = true
+  }
+
+  tags = merge(
+    local.default_tags,
+    {
+      NHSE-Enable-Dynamo-Backup-Acct = "True"
+    }
+  )
+
+}
@@ -20,15 +20,16 @@ locals {
   destination_arn = "arn:aws:logs:${var.region}:${var.shared_infra_account_id}:destination:nhs-main-obs-firehose-logs"
 
   common_lambda_env_vars = {
-    LETTERS_TABLE_NAME       = aws_dynamodb_table.letters.name,
-    MI_TABLE_NAME            = aws_dynamodb_table.mi.name,
-    LETTER_TTL_HOURS         = 12960, # 18 months * 30 days * 24 hours
-    MI_TTL_HOURS             = 2160   # 90 days * 24 hours
-    SUPPLIER_ID_HEADER       = "nhsd-supplier-id",
-    APIM_CORRELATION_HEADER  = "nhsd-correlation-id",
-    DOWNLOAD_URL_TTL_SECONDS = 60
-    SNS_TOPIC_ARN            = "${module.eventsub.sns_topic.arn}",
-    EVENT_SOURCE             = "/data-plane/supplier-api/${var.group}/${var.environment}/letters"
+    LETTERS_TABLE_NAME         = aws_dynamodb_table.letters.name,
+    MI_TABLE_NAME              = aws_dynamodb_table.mi.name,
+    LETTER_TTL_HOURS           = 12960, # 18 months * 30 days * 24 hours
+    MI_TTL_HOURS               = 2160   # 90 days * 24 hours
+    SUPPLIER_ID_HEADER         = "nhsd-supplier-id",
+    APIM_CORRELATION_HEADER    = "nhsd-correlation-id",
+    DOWNLOAD_URL_TTL_SECONDS   = 60
+    SNS_TOPIC_ARN              = "${module.eventsub.sns_topic.arn}",
+    EVENT_SOURCE               = "/data-plane/supplier-api/${var.group}/${var.environment}/letters"
+    SUPPLIER_CONFIG_TABLE_NAME = aws_dynamodb_table.supplier-configuration.name
   }
 
   core_pdf_bucket_arn        = "arn:aws:s3:::comms-${var.core_account_id}-eu-west-2-${var.core_environment}-api-stg-pdf-pipeline"

@@ -82,4 +82,20 @@ data "aws_iam_policy_document" "supplier_allocator_lambda" {
       module.sqs_letter_updates.sqs_queue_arn
     ]
   }
+
+  statement {
+    sid    = "AllowDynamoDBAccess"
+    effect = "Allow"
+
+    actions = [
+      "dynamodb:GetItem",
+      "dynamodb:Query"
+    ]
+
+    resources = [
+      aws_dynamodb_table.supplier-configuration.arn,
+      "${aws_dynamodb_table.supplier-configuration.arn}/index/volumeGroup-index"
+
+    ]
+  }
 }
@@ -136,11 +136,11 @@ variable "eventpub_control_plane_bus_arn" {
 }
 
 variable "letter_variant_map" {
-  type = map(object({ supplierId = string, specId = string }))
+  type = map(object({ supplierId = string, specId = string, billingId = string }))
   default = {
-    "lv1" = { supplierId = "supplier1", specId = "spec1" },
-    "lv2" = { supplierId = "supplier1", specId = "spec2" },
-    "lv3" = { supplierId = "supplier2", specId = "spec3" }
+    "lv1" = { supplierId = "supplier1", specId = "spec1", billingId = "billing1" },
+    "lv2" = { supplierId = "supplier1", specId = "spec2", billingId = "billing2" },
+    "lv3" = { supplierId = "supplier2", specId = "spec3", billingId = "billing3" }
   }
 }
 

@@ -31,6 +31,9 @@ export const baseJestConfig: Config = {
 
   coveragePathIgnorePatterns: ["/__tests__/"],
   transform: { "^.+\\.ts$": "ts-jest" },
+  transformIgnorePatterns: [
+    "node_modules/(?!(@nhsdigital/nhs-notify-event-schemas-supplier-config)/)",
+  ],
   testPathIgnorePatterns: [".build"],
   testMatch: ["**/?(*.)+(spec|test).[jt]s?(x)"],
 

@@ -3,6 +3,7 @@
     "@aws-sdk/client-dynamodb": "^3.984.0",
     "@aws-sdk/lib-dynamodb": "^3.984.0",
     "@internal/helpers": "*",
+    "@nhsdigital/nhs-notify-event-schemas-supplier-config": "^1.0.1",
     "pino": "^10.3.0",
     "zod": "^4.1.11",
     "zod-mermaid": "^1.0.9"

@@ -36,6 +36,7 @@ export async function setupDynamoDBContainer() {
     lettersTtlHours: 1,
     letterQueueTtlHours: 1,
     miTtlHours: 1,
+    supplierConfigTableName: "supplier-config",
   };
 
   return {
@@ -145,6 +146,31 @@ const createLetterQueueTableCommand = new CreateTableCommand({
     { AttributeName: "queueTimestamp", AttributeType: "S" },
   ],
 });
+const createSupplierConfigTableCommand = new CreateTableCommand({
+  TableName: "supplier-config",
+  BillingMode: "PAY_PER_REQUEST",
+  KeySchema: [
+    { AttributeName: "PK", KeyType: "HASH" }, // Partition key
+    { AttributeName: "SK", KeyType: "RANGE" }, // Sort key
+  ],
+  GlobalSecondaryIndexes: [
+    {
+      IndexName: "volumeGroup-index",
+      KeySchema: [
+        { AttributeName: "PK", KeyType: "HASH" }, // Partition key for GSI
+        { AttributeName: "volumeGroup", KeyType: "RANGE" }, // Sort key for GSI
+      ],
+      Projection: {
+        ProjectionType: "ALL",
+      },
+    },
+  ],
+  AttributeDefinitions: [
+    { AttributeName: "PK", AttributeType: "S" },
+    { AttributeName: "SK", AttributeType: "S" },
+    { AttributeName: "volumeGroup", AttributeType: "S" },
+  ],
+});
 
 export async function createTables(context: DBContext) {
   const { ddbClient } = context;
@@ -155,6 +181,7 @@ export async function createTables(context: DBContext) {
   await ddbClient.send(createMITableCommand);
   await ddbClient.send(createSupplierTableCommand);
   await ddbClient.send(createLetterQueueTableCommand);
+  await ddbClient.send(createSupplierConfigTableCommand);
 }
 
 export async function deleteTables(context: DBContext) {
@@ -165,6 +192,7 @@ export async function deleteTables(context: DBContext) {
     "management-info",
     "suppliers",
     "letter-queue",
+    "supplier-config",
   ]) {
     await ddbClient.send(
       new DeleteTableCommand({

@@ -30,6 +30,7 @@ function createLetter(
     source: "/data-plane/letter-rendering/pdf",
     subject: `client/1/letter-request/${letterId}`,
     billingRef: "specification1",
+    specificationBillingId: "billing1",
   };
 }