From 85120af64b8b5ee498bfa8ba61f7c8c718d3fd49 Mon Sep 17 00:00:00 2001
From: Daniel Yip <daniel.yip4@nhs.net>
Date: Tue, 21 Oct 2025 09:16:11 +0100
Subject: [PATCH 1/2] Attempt to fix terraform instability on first apply

---
 infrastructure/instance/Makefile                      | 3 +++
 infrastructure/instance/ecs_batch_processor_config.tf | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/infrastructure/instance/Makefile b/infrastructure/instance/Makefile
index b22640187c..02c1dabe0c 100644
--- a/infrastructure/instance/Makefile
+++ b/infrastructure/instance/Makefile
@@ -53,6 +53,9 @@ destroy: workspace
 	$(tf_cmd) workspace select default
 	$(tf_cmd) workspace delete $(sub_environment)
 
+graph: workspace
+	$(tf_cmd) graph 
+
 output:
 	$(tf_cmd) output -raw $(name)
 
diff --git a/infrastructure/instance/ecs_batch_processor_config.tf b/infrastructure/instance/ecs_batch_processor_config.tf
index 8d438e5fa6..54d3a87c30 100644
--- a/infrastructure/instance/ecs_batch_processor_config.tf
+++ b/infrastructure/instance/ecs_batch_processor_config.tf
@@ -258,6 +258,7 @@ resource "aws_iam_role" "fifo_pipe_role" {
     ]
   })
 }
+
 resource "aws_iam_policy" "fifo_pipe_policy" {
   name = "${local.short_prefix}-fifo-pipe-policy"
   policy = jsonencode({
@@ -356,6 +357,10 @@ resource "aws_pipes_pipe" "fifo_pipe" {
       log_group_arn = aws_cloudwatch_log_group.pipe_log_group.arn
     }
   }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.fifo_pipe_policy_attachment
+  ]
 }
 
 # Custom Log Group

From 6ee3b81c4c1f969bfea7e11d3a57551c95c89945 Mon Sep 17 00:00:00 2001
From: Daniel Yip <daniel.yip4@nhs.net>
Date: Tue, 21 Oct 2025 09:28:00 +0100
Subject: [PATCH 2/2] Try fix, although need to destroy and retry fresh after

---
 infrastructure/instance/redis_sync_lambda.tf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/instance/redis_sync_lambda.tf b/infrastructure/instance/redis_sync_lambda.tf
index aa27115120..18cfa4efcd 100644
--- a/infrastructure/instance/redis_sync_lambda.tf
+++ b/infrastructure/instance/redis_sync_lambda.tf
@@ -262,6 +262,10 @@ resource "aws_s3_bucket_notification" "config_lambda_notification" {
     lambda_function_arn = aws_lambda_function.redis_sync_lambda.arn
     events              = ["s3:ObjectCreated:*"]
   }
+
+  depends_on = [
+    aws_lambda_function.redis_sync_lambda
+  ]
 }
 
 # Permission for the new S3 bucket to invoke the Lambda function