[PRM-746] Add depends_on to S3 bucket notification to ensure lambda permission is created first (#634)

Author: chrisbloe

infrastructure/lambda-document-upload-check.tf

@@ -59,6 +59,7 @@ data "aws_security_groups" "virus_scanner_api" {
 resource "aws_s3_bucket_notification" "document_upload_check_lambda_trigger" {
   bucket      = module.ndr-bulk-staging-store.bucket_id
   eventbridge = true
+
   lambda_function {
     lambda_function_arn = module.document_upload_check_lambda.lambda_arn
     events              = ["s3:ObjectCreated:*"]
@@ -70,11 +71,16 @@ resource "aws_s3_bucket_notification" "document_upload_check_lambda_trigger" {
     events              = ["s3:ObjectCreated:*"]
     filter_prefix       = "fhir_upload"
   }
+
   lambda_function {
     lambda_function_arn = module.document_upload_check_lambda.lambda_arn
     events              = ["s3:ObjectCreated:*"]
     filter_prefix       = "review"
   }
+
+  depends_on = [
+    aws_lambda_permission.document_upload_check_lambda
+  ]
 }
 
 resource "aws_lambda_permission" "document_upload_check_lambda" {

infrastructure/modules/ecs/README.md

@@ -127,6 +127,7 @@ module "ecs_service" {
 | <a name="output_certificate_arn"></a> [certificate\_arn](#output\_certificate\_arn) | The arn of certificate that load balancer is using |
 | <a name="output_container_port"></a> [container\_port](#output\_container\_port) | The container port number of docker image, which was provided as input variable of this module |
 | <a name="output_dns_name"></a> [dns\_name](#output\_dns\_name) | n/a |
+| <a name="output_dns_zone_id"></a> [dns\_zone\_id](#output\_dns\_zone\_id) | n/a |
 | <a name="output_ecs_cluster_arn"></a> [ecs\_cluster\_arn](#output\_ecs\_cluster\_arn) | n/a |
 | <a name="output_load_balancer_arn"></a> [load\_balancer\_arn](#output\_load\_balancer\_arn) | The arn of the load balancer |
 | <a name="output_security_group_id"></a> [security\_group\_id](#output\_security\_group\_id) | n/a |

infrastructure/modules/route53/README.md

@@ -53,8 +53,9 @@ module "dns" {
 
 | Name | Type |
 |------|------|
-| [aws_route53_record.ndr_fargate_record](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.ndr_fargate_record_cname](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_route53_record.ndr_gateway_api_record](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.ndr_test_fargate_record_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_route53_zone.ndr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
 | [aws_route53_zone.ndr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
 
@@ -66,6 +67,7 @@ module "dns" {
 | <a name="input_api_gateway_subdomain_name"></a> [api\_gateway\_subdomain\_name](#input\_api\_gateway\_subdomain\_name) | Subdomain name for api gateway custom domain. Example: api-dev | `string` | n/a | yes |
 | <a name="input_api_gateway_zone_id"></a> [api\_gateway\_zone\_id](#input\_api\_gateway\_zone\_id) | The Route53 zone ID associated with the API Gateway custom domain. | `string` | n/a | yes |
 | <a name="input_dns_name"></a> [dns\_name](#input\_dns\_name) | The target DNS name for the record, typically the Fargate or Load Balancer endpoint. | `string` | n/a | yes |
+| <a name="input_dns_zone_id"></a> [dns\_zone\_id](#input\_dns\_zone\_id) | The Route53 zone ID of the load balancer. | `string` | `""` | no |
 | <a name="input_domain"></a> [domain](#input\_domain) | The root domain name used to find or create the Route53 hosted zone. | `string` | n/a | yes |
 | <a name="input_using_arf_hosted_zone"></a> [using\_arf\_hosted\_zone](#input\_using\_arf\_hosted\_zone) | Whether to use a shared hosted zone for ARF or multi-module deployments. | `bool` | `true` | no |