Skip to content

Commit 2e790ca

Browse files
chrisbloechrisbloe
committed
Terraform tweaks
1 parent 08f9d38 commit 2e790ca

10 files changed

Lines changed: 24 additions & 38 deletions

infrastructure/cloudwatch_rum.tf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ resource "aws_iam_policy" "cloudwatch_rum_cognito_access" {
3939
{
4040
"Effect" : "Allow",
4141
"Action" : "rum:PutRumEvents",
42-
"Resource" : "arn:aws:rum:${local.current_region}:${local.current_account_id}:appmonitor/${aws_rum_app_monitor.ndr.id}"
42+
"Resource" : "arn:aws:rum:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:appmonitor/${aws_rum_app_monitor.ndr.id}"
4343
}
4444
]
4545
})
@@ -63,7 +63,7 @@ resource "aws_cloudwatch_log_resource_policy" "rum_log" {
6363
"logs:DeleteLogGroup",
6464
"logs:DescribeLogGroups"
6565
],
66-
Resource = "arn:aws:logs:${local.current_region}:${local.current_account_id}:log-group:/aws/vendedlogs/RUMService_*"
66+
Resource = "arn:aws:logs:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:log-group:/aws/vendedlogs/RUMService_*"
6767
}
6868
]
6969
})

infrastructure/dynamo_db.tf

Lines changed: 2 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@ module "document_reference_dynamodb_table" {
33
table_name = var.docstore_dynamodb_table_name
44
hash_key = "ID"
55
deletion_protection_enabled = var.deletion_protection_enabled
6-
stream_enabled = true
76
stream_view_type = "OLD_IMAGE"
87
ttl_enabled = true
98
ttl_attribute_name = "TTL"
@@ -46,7 +45,6 @@ module "cloudfront_edge_dynamodb_table" {
4645
table_name = var.cloudfront_edge_table_name
4746
hash_key = "ID"
4847
deletion_protection_enabled = var.deletion_protection_enabled
49-
stream_enabled = false
5048
ttl_enabled = true
5149
ttl_attribute_name = "TTL"
5250
point_in_time_recovery_enabled = !local.is_sandbox
@@ -67,7 +65,6 @@ module "lloyd_george_reference_dynamodb_table" {
6765
table_name = var.lloyd_george_dynamodb_table_name
6866
hash_key = "ID"
6967
deletion_protection_enabled = var.deletion_protection_enabled
70-
stream_enabled = true
7168
stream_view_type = "OLD_IMAGE"
7269
ttl_enabled = true
7370
ttl_attribute_name = "TTL"
@@ -133,7 +130,6 @@ module "unstitched_lloyd_george_reference_dynamodb_table" {
133130
table_name = var.unstitched_lloyd_george_dynamodb_table_name
134131
hash_key = "ID"
135132
deletion_protection_enabled = var.deletion_protection_enabled
136-
stream_enabled = true
137133
stream_view_type = "OLD_IMAGE"
138134
ttl_enabled = true
139135
ttl_attribute_name = "TTL"
@@ -176,7 +172,7 @@ module "zip_store_reference_dynamodb_table" {
176172
table_name = var.zip_store_dynamodb_table_name
177173
hash_key = "ID"
178174
deletion_protection_enabled = var.deletion_protection_enabled
179-
stream_enabled = true
175+
stream_view_type = "NEW_AND_OLD_IMAGES"
180176
ttl_enabled = false
181177

182178
attributes = [
@@ -207,7 +203,7 @@ module "stitch_metadata_reference_dynamodb_table" {
207203
table_name = var.stitch_metadata_dynamodb_table_name
208204
hash_key = "ID"
209205
deletion_protection_enabled = var.deletion_protection_enabled
210-
stream_enabled = true
206+
stream_view_type = "NEW_AND_OLD_IMAGES"
211207
ttl_enabled = true
212208
ttl_attribute_name = "ExpireAt"
213209

@@ -239,7 +235,6 @@ module "auth_state_dynamodb_table" {
239235
table_name = var.auth_state_dynamodb_table_name
240236
hash_key = "State"
241237
deletion_protection_enabled = var.deletion_protection_enabled
242-
stream_enabled = false
243238
ttl_enabled = true
244239
ttl_attribute_name = "TimeToExist"
245240
attributes = [
@@ -266,7 +261,6 @@ module "auth_session_dynamodb_table" {
266261
table_name = var.auth_session_dynamodb_table_name
267262
hash_key = "NDRSessionId"
268263
deletion_protection_enabled = var.deletion_protection_enabled
269-
stream_enabled = false
270264
ttl_enabled = true
271265
ttl_attribute_name = "TimeToExist"
272266
attributes = [
@@ -293,7 +287,6 @@ module "bulk_upload_report_dynamodb_table" {
293287
table_name = var.bulk_upload_report_dynamodb_table_name
294288
hash_key = "ID"
295289
deletion_protection_enabled = var.deletion_protection_enabled
296-
stream_enabled = false
297290
ttl_enabled = false
298291
point_in_time_recovery_enabled = !local.is_sandbox
299292

@@ -340,7 +333,6 @@ module "statistics_dynamodb_table" {
340333
hash_key = "Date"
341334
sort_key = "StatisticID"
342335
deletion_protection_enabled = var.deletion_protection_enabled
343-
stream_enabled = false
344336
ttl_enabled = false
345337
point_in_time_recovery_enabled = !local.is_sandbox
346338

@@ -378,7 +370,6 @@ module "access_audit_dynamodb_table" {
378370
hash_key = "Type"
379371
sort_key = "ID"
380372
deletion_protection_enabled = var.deletion_protection_enabled
381-
stream_enabled = false
382373
ttl_enabled = false
383374
point_in_time_recovery_enabled = !local.is_sandbox
384375

@@ -432,7 +423,6 @@ module "pdm_dynamodb_table" {
432423
table_name = var.pdm_dynamodb_table_name
433424
hash_key = "ID"
434425
deletion_protection_enabled = var.deletion_protection_enabled
435-
stream_enabled = true
436426
stream_view_type = "OLD_IMAGE"
437427
ttl_enabled = true
438428
ttl_attribute_name = "TTL"
@@ -505,7 +495,6 @@ module "core_dynamodb_table" {
505495
hash_key = "NhsNumber"
506496
sort_key = "ID"
507497
deletion_protection_enabled = var.deletion_protection_enabled
508-
stream_enabled = true
509498
stream_view_type = "OLD_IMAGE"
510499
ttl_enabled = true
511500
ttl_attribute_name = "TTL"
@@ -544,7 +533,6 @@ module "alarm_state_history_table" {
544533
sort_key = "TimeCreated"
545534
deletion_protection_enabled = var.deletion_protection_enabled
546535
point_in_time_recovery_enabled = false
547-
stream_enabled = false
548536
ttl_enabled = true
549537
ttl_attribute_name = "TimeToExist"
550538

@@ -569,7 +557,6 @@ module "bulk_upload_contact_lookup_table" {
569557
hash_key = "OdsCode"
570558
deletion_protection_enabled = var.deletion_protection_enabled
571559
point_in_time_recovery_enabled = !local.is_sandbox
572-
stream_enabled = false
573560
ttl_enabled = false
574561

575562
attributes = [

infrastructure/dynamo_db_review.tf

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@ module "document_upload_review_dynamodb_table" {
44
hash_key = "ID"
55
sort_key = "Version"
66
deletion_protection_enabled = local.is_production
7-
stream_enabled = false
87
ttl_enabled = false
98
point_in_time_recovery_enabled = !local.is_sandbox
109

infrastructure/lambda-migration-dynamodb-segment.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ data "aws_iam_policy_document" "migration_dynamodb_access" {
2525
"dynamodb:DescribeTable"
2626
]
2727
resources = [
28-
"arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/${terraform.workspace}_*"
28+
"arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/${terraform.workspace}_*"
2929
]
3030
}
3131
}

infrastructure/lambda-send-feedback.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -121,7 +121,7 @@ resource "aws_iam_policy" "ses_send_email_policy" {
121121
"ses:SendEmail",
122122
],
123123
Resource = [
124-
"arn:aws:ses:${local.current_region}:${local.current_account_id}:identity/*",
124+
"arn:aws:ses:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:identity/*",
125125
]
126126
}
127127
]

infrastructure/modules/dynamo_db/README.md

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,6 @@ module "document_reference_dynamodb_table" {
4747
ttl_attribute_name = "TTL"
4848
4949
# Optional: enable streams
50-
stream_enabled = true
5150
stream_view_type = "OLD_IMAGE"
5251
5352
# Optional: point-in-time recovery
@@ -107,7 +106,6 @@ module "document_reference_dynamodb_table" {
107106
| <a name="input_owner"></a> [owner](#input\_owner) | Identifies the team or person responsible for the resource (used for tagging). | `string` | n/a | yes |
108107
| <a name="input_point_in_time_recovery_enabled"></a> [point\_in\_time\_recovery\_enabled](#input\_point\_in\_time\_recovery\_enabled) | Enables PITR for backups. | `bool` | `false` | no |
109108
| <a name="input_sort_key"></a> [sort\_key](#input\_sort\_key) | Optional range/sort key for composite primary key. | `string` | `null` | no |
110-
| <a name="input_stream_enabled"></a> [stream\_enabled](#input\_stream\_enabled) | Whether DynamoDB Streams are enabled. | `bool` | `false` | no |
111109
| <a name="input_stream_view_type"></a> [stream\_view\_type](#input\_stream\_view\_type) | Type of stream view (e.g., OLD\_IMAGE). | `string` | `"NEW_AND_OLD_IMAGES"` | no |
112110
| <a name="input_table_name"></a> [table\_name](#input\_table\_name) | Name of the DynamoDB table. | `string` | `null` | no |
113111
| <a name="input_ttl_attribute_name"></a> [ttl\_attribute\_name](#input\_ttl\_attribute\_name) | Name of the TTL attribute. | `string` | `""` | no |

infrastructure/modules/dynamo_db/main.tf

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ resource "aws_dynamodb_table" "ndr_dynamodb_table" {
33
hash_key = var.hash_key
44
range_key = var.sort_key
55
billing_mode = var.billing_mode
6-
stream_enabled = var.stream_enabled
6+
stream_enabled = var.stream_view_type != null
77
stream_view_type = var.stream_view_type
88
deletion_protection_enabled = var.deletion_protection_enabled
99

@@ -26,9 +26,20 @@ resource "aws_dynamodb_table" "ndr_dynamodb_table" {
2626

2727
content {
2828
name = global_secondary_index.value.name
29-
hash_key = global_secondary_index.value.hash_key
3029
projection_type = global_secondary_index.value.projection_type
31-
range_key = lookup(global_secondary_index.value, "range_key", null)
30+
31+
key_schema {
32+
attribute_name = global_secondary_index.value.hash_key
33+
key_type = "HASH"
34+
}
35+
36+
dynamic "key_schema" {
37+
for_each = lookup(global_secondary_index.value, "range_key", null) != null ? [global_secondary_index.value.range_key] : []
38+
content {
39+
attribute_name = key_schema.value
40+
key_type = "RANGE"
41+
}
42+
}
3243
}
3344
}
3445

infrastructure/modules/dynamo_db/variable.tf

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -52,16 +52,10 @@ variable "deletion_protection_enabled" {
5252
default = null
5353
}
5454

55-
variable "stream_enabled" {
56-
description = "Whether DynamoDB Streams are enabled."
57-
type = bool
58-
default = false
59-
}
60-
6155
variable "stream_view_type" {
6256
description = "Type of stream view (e.g., OLD_IMAGE)."
6357
type = string
64-
default = "NEW_AND_OLD_IMAGES"
58+
default = null
6559
}
6660

6761
variable "environment" {

infrastructure/step-function-migration-dynmodb.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -62,9 +62,9 @@ data "aws_iam_policy_document" "sfn_permissions" {
6262
"states:ListMapRuns"
6363
]
6464
resources = [
65-
"arn:aws:states:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:stateMachine:${terraform.workspace}_migration_dynamodb_step_function",
66-
"arn:aws:states:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:execution:${terraform.workspace}_migration_dynamodb_step_function/*",
67-
"arn:aws:states:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:mapRun:${terraform.workspace}_migration_dynamodb_step_function/*"
65+
"arn:aws:states:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:stateMachine:${terraform.workspace}_migration_dynamodb_step_function",
66+
"arn:aws:states:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:execution:${terraform.workspace}_migration_dynamodb_step_function/*",
67+
"arn:aws:states:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:mapRun:${terraform.workspace}_migration_dynamodb_step_function/*"
6868
]
6969
}
7070

infrastructure/variable.tf

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -300,9 +300,6 @@ locals {
300300

301301
cloudfront_full_domain_name = contains(["prod"], terraform.workspace) ? "${var.cloudfront_subdomain}${var.domain}" : "${var.cloudfront_subdomain}${terraform.workspace}.${var.domain}"
302302

303-
current_region = data.aws_region.current.name
304-
current_account_id = data.aws_caller_identity.current.account_id
305-
306303
apim_api_url = "https://${var.apim_environment}api.service.nhs.uk/national-document-repository/FHIR/R4"
307304

308305
truststore_bucket_id = local.is_sandbox ? "ndr-dev-${var.truststore_bucket_name}" : module.ndr-truststore[0].bucket_id

0 commit comments

Comments
 (0)