national-document-repository-infrastructure/infrastructure/lambda-migration-dynamodb-segment.tf at 0fa3c653cd7e9ca6c0eb68d18e3045a26ff39d49 · NHSDigital/national-document-repository-infrastructure · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
module "migration-dynamodb-segment-lambda" {
  source         = "./modules/lambda"
  name           = "MigrationDynamodbSegment"
  handler        = "handlers.migration_dynamodb_segment_handler.lambda_handler"
  lambda_timeout = 900
  iam_role_policy_documents = [
    module.migration-dynamodb-segment-store.s3_read_policy_document,
    module.migration-dynamodb-segment-store.s3_write_policy_document,
    data.aws_iam_policy_document.migration_dynamodb_access.json
  ]
  kms_deletion_window = var.kms_deletion_window

  lambda_environment_variables = {
    WORKSPACE                     = terraform.workspace
    MIGRATION_SEGMENT_BUCKET_NAME = "${terraform.workspace}-${var.migration_dynamodb_segment_store_bucket_name}"
  }
  is_gateway_integration_needed = false
  is_invoked_from_gateway       = false
}

data "aws_iam_policy_document" "migration_dynamodb_access" {
  statement {
    effect = "Allow"
    actions = [
      "dynamodb:DescribeTable"
    ]
    resources = [
      "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/${terraform.workspace}_*"
    ]
  }
}