Add app config variables and policy references to Lambda configurations

Signed-off-by: NogaNHS <127490765+NogaNHS@users.noreply.github.com>

Author: NogaNHS

infrastructure/lambda-get-document-fhir.tf

@@ -25,6 +25,7 @@ module "get-doc-fhir-lambda" {
   name    = "GetDocumentReference"
   handler = "handlers.get_fhir_document_reference_handler.lambda_handler"
   iam_role_policy_documents = [
+    module.ndr-app-config.app_config_policy,
     module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,
     module.core_dynamodb_table.dynamodb_read_policy_document,
     aws_iam_policy.ssm_access_policy.policy,
@@ -38,12 +39,15 @@ module "get-doc-fhir-lambda" {
   http_methods        = ["GET"]
   api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
   lambda_environment_variables = {
-    WORKSPACE             = terraform.workspace
-    ENVIRONMENT           = var.environment
-    PRESIGNED_ASSUME_ROLE = aws_iam_role.get_fhir_doc_presign_url_role.arn
-    OIDC_CALLBACK_URL     = local.oidc_callback_url
-    CLOUDFRONT_URL        = one(aws_cloudfront_distribution.s3_presign_mask.aliases)
-    PDS_FHIR_IS_STUBBED   = local.is_sandbox
+    APPCONFIG_APPLICATION   = module.ndr-app-config.app_config_application_id
+    APPCONFIG_ENVIRONMENT   = module.ndr-app-config.app_config_environment_id
+    APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id
+    WORKSPACE               = terraform.workspace
+    ENVIRONMENT             = var.environment
+    PRESIGNED_ASSUME_ROLE   = aws_iam_role.get_fhir_doc_presign_url_role.arn
+    OIDC_CALLBACK_URL       = local.oidc_callback_url
+    CLOUDFRONT_URL          = one(aws_cloudfront_distribution.s3_presign_mask.aliases)
+    PDS_FHIR_IS_STUBBED     = local.is_sandbox
   }
   depends_on = [
     aws_api_gateway_method.get_document_reference,

infrastructure/lambda-im-alerting.tf

@@ -22,13 +22,17 @@ module "im-alerting-lambda" {
     aws_iam_policy.ssm_access_policy.policy,
     aws_iam_policy.alerting_lambda_alarms.policy,
     aws_iam_policy.alerting_lambda_tags.policy,
+    module.ndr-app-config.app_config_policy,
     module.alarm_state_history_table.dynamodb_read_policy_document,
     module.alarm_state_history_table.dynamodb_write_policy_document
   ]
   kms_deletion_window = var.kms_deletion_window
   rest_api_id         = null
   api_execution_arn   = null
   lambda_environment_variables = {
+    APPCONFIG_APPLICATION       = module.ndr-app-config.app_config_application_id
+    APPCONFIG_ENVIRONMENT       = module.ndr-app-config.app_config_environment_id
+    APPCONFIG_CONFIGURATION     = module.ndr-app-config.app_config_configuration_profile_id
     WORKSPACE                   = terraform.workspace
     TEAMS_WEBHOOK_URL           = data.aws_ssm_parameter.teams_alerting_webhook_url.value
     CONFLUENCE_BASE_URL         = data.aws_ssm_parameter.im_alerting_confluence_url.value

infrastructure/lambda-mns-notification.tf

@@ -13,12 +13,16 @@ module "mns-notification-lambda" {
     module.user_restriction_table.dynamodb_read_policy_document,
     module.user_restriction_table.dynamodb_write_policy_document,
     aws_iam_policy.ssm_access_policy.policy,
+    module.ndr-app-config.app_config_policy,
     aws_iam_policy.kms_mns_lambda_access[0].policy,
   ]
   kms_deletion_window = var.kms_deletion_window
   rest_api_id         = null
   api_execution_arn   = null
   lambda_environment_variables = {
+    APPCONFIG_APPLICATION         = module.ndr-app-config.app_config_application_id
+    APPCONFIG_ENVIRONMENT         = module.ndr-app-config.app_config_environment_id
+    APPCONFIG_CONFIGURATION       = module.ndr-app-config.app_config_configuration_profile_id
     WORKSPACE                     = terraform.workspace
     LLOYD_GEORGE_DYNAMODB_NAME    = module.lloyd_george_reference_dynamodb_table.table_name
     DOCUMENT_REVIEW_DYNAMODB_NAME = module.document_upload_review_dynamodb_table.table_name