VED-1170: CloudWatch Alarm without actions

ariagraham-nhs · ariagraham-nhs · commit c74884d9c39e · 2026-05-01T16:47:03.000+01:00
diff --git a/infrastructure/account/fhir_api_perf_errors_slack_chatbot.tf b/infrastructure/account/fhir_api_perf_errors_slack_chatbot.tf
@@ -0,0 +1,24 @@
+resource "aws_chatbot_slack_channel_configuration" "fhir_api_perf_alerts" {
+  configuration_name = "${var.environment}-fhir-api-perf-alerts-slack-channel-config"
+  iam_role_arn       = aws_iam_role.fhir_api_perf_alerts_chatbot.arn
+  slack_channel_id   = var.environment == "prod" ? "C0B11MJPQ6A" : "C0B1GKZ5S4R"
+  slack_team_id      = "TJ00QR03U"
+  sns_topic_arns     = [aws_sns_topic.fhir_api_perf_alerts.arn]
+}
+
+resource "aws_iam_role" "fhir_api_perf_alerts_chatbot" {
+  name = "${var.environment}-fhir-api-perf-alerts-chatbot-channel-role"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = "AssumeChatbotRole"
+        Principal = {
+          Service = "chatbot.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
diff --git a/infrastructure/account/fhir_api_perf_errors_sns_topic.tf b/infrastructure/account/fhir_api_perf_errors_sns_topic.tf
@@ -0,0 +1,22 @@
+resource "aws_sns_topic" "fhir_api_perf_alerts" {
+  name              = "${var.environment}-fhir-api-perf-alerts"
+  kms_master_key_id = aws_kms_key.error_alerts_sns_encryption_key.arn
+}
+
+resource "aws_sns_topic_policy" "fhir_api_perf_alerts_topic_policy" {
+  arn = aws_sns_topic.fhir_api_perf_alerts.arn
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Sid    = "AllowCloudWatchToPublish",
+        Effect = "Allow",
+        Principal = {
+          Service = "cloudwatch.amazonaws.com"
+        },
+        Action   = "SNS:Publish",
+        Resource = aws_sns_topic.fhir_api_perf_alerts.arn
+      }
+    ]
+  })
+}
diff --git a/infrastructure/account/kms.tf b/infrastructure/account/kms.tf
@@ -225,3 +225,9 @@ resource "aws_kms_alias" "fhir_api_errors_sns_encryption_key" {
   name          = "alias/${var.environment}-fhir-api-errors-imms-sns-encryption"
   target_key_id = aws_kms_key.error_alerts_sns_encryption_key.key_id
 }
+
+resource "aws_kms_alias" "fhir_api_perf_alerts_sns_encryption_key" {
+  name          = "alias/${var.environment}-fhir-api-perf-alerts-imms-sns-encryption"
+  target_key_id = aws_kms_key.error_alerts_sns_encryption_key.key_id
+}
+
