From c74884d9c39ea2c6bf6ab40c1310cce361180117 Mon Sep 17 00:00:00 2001 From: ariagraham-nhs Date: Fri, 1 May 2026 16:47:03 +0100 Subject: [PATCH] VED-1170: CloudWatch Alarm without actions --- .../fhir_api_perf_errors_slack_chatbot.tf | 24 +++++++++++++++++++ .../account/fhir_api_perf_errors_sns_topic.tf | 22 +++++++++++++++++ infrastructure/account/kms.tf | 6 +++++ 3 files changed, 52 insertions(+) create mode 100644 infrastructure/account/fhir_api_perf_errors_slack_chatbot.tf create mode 100644 infrastructure/account/fhir_api_perf_errors_sns_topic.tf diff --git a/infrastructure/account/fhir_api_perf_errors_slack_chatbot.tf b/infrastructure/account/fhir_api_perf_errors_slack_chatbot.tf new file mode 100644 index 0000000000..88fe488df1 --- /dev/null +++ b/infrastructure/account/fhir_api_perf_errors_slack_chatbot.tf @@ -0,0 +1,24 @@ +resource "aws_chatbot_slack_channel_configuration" "fhir_api_perf_alerts" { + configuration_name = "${var.environment}-fhir-api-perf-alerts-slack-channel-config" + iam_role_arn = aws_iam_role.fhir_api_perf_alerts_chatbot.arn + slack_channel_id = var.environment == "prod" ? "C0B11MJPQ6A" : "C0B1GKZ5S4R" + slack_team_id = "TJ00QR03U" + sns_topic_arns = [aws_sns_topic.fhir_api_perf_alerts.arn] +} + +resource "aws_iam_role" "fhir_api_perf_alerts_chatbot" { + name = "${var.environment}-fhir-api-perf-alerts-chatbot-channel-role" + assume_role_policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Sid = "AssumeChatbotRole" + Principal = { + Service = "chatbot.amazonaws.com" + } + }, + ] + }) +} diff --git a/infrastructure/account/fhir_api_perf_errors_sns_topic.tf b/infrastructure/account/fhir_api_perf_errors_sns_topic.tf new file mode 100644 index 0000000000..00fcda4576 --- /dev/null +++ b/infrastructure/account/fhir_api_perf_errors_sns_topic.tf @@ -0,0 +1,22 @@ +resource "aws_sns_topic" "fhir_api_perf_alerts" { + name = "${var.environment}-fhir-api-perf-alerts" + kms_master_key_id = aws_kms_key.error_alerts_sns_encryption_key.arn +} + +resource "aws_sns_topic_policy" "fhir_api_perf_alerts_topic_policy" { + arn = aws_sns_topic.fhir_api_perf_alerts.arn + policy = jsonencode({ + Version = "2012-10-17", + Statement = [ + { + Sid = "AllowCloudWatchToPublish", + Effect = "Allow", + Principal = { + Service = "cloudwatch.amazonaws.com" + }, + Action = "SNS:Publish", + Resource = aws_sns_topic.fhir_api_perf_alerts.arn + } + ] + }) +} diff --git a/infrastructure/account/kms.tf b/infrastructure/account/kms.tf index 21e5e2a78e..563c7bdc72 100644 --- a/infrastructure/account/kms.tf +++ b/infrastructure/account/kms.tf @@ -225,3 +225,9 @@ resource "aws_kms_alias" "fhir_api_errors_sns_encryption_key" { name = "alias/${var.environment}-fhir-api-errors-imms-sns-encryption" target_key_id = aws_kms_key.error_alerts_sns_encryption_key.key_id } + +resource "aws_kms_alias" "fhir_api_perf_alerts_sns_encryption_key" { + name = "alias/${var.environment}-fhir-api-perf-alerts-imms-sns-encryption" + target_key_id = aws_kms_key.error_alerts_sns_encryption_key.key_id +} +