diff --git a/infrastructure/lambda-mns-notification.tf b/infrastructure/lambda-mns-notification.tf index 7034d49e..53926d59 100644 --- a/infrastructure/lambda-mns-notification.tf +++ b/infrastructure/lambda-mns-notification.tf @@ -1,15 +1,16 @@ module "mns-notification-lambda" { + count = 1 source = "./modules/lambda" name = "MNSNotificationLambda" handler = "handlers.mns_notification_handler.lambda_handler" iam_role_policy_documents = [ - module.sqs-mns-notification-queue.sqs_read_policy_document, - module.sqs-mns-notification-queue.sqs_write_policy_document, + module.sqs-mns-notification-queue[0].sqs_read_policy_document, + module.sqs-mns-notification-queue[0].sqs_write_policy_document, module.lloyd_george_reference_dynamodb_table.dynamodb_write_policy_document, module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document, aws_iam_policy.ssm_access_policy.policy, module.ndr-app-config.app_config_policy, - aws_iam_policy.kms_mns_lambda_access.policy, + aws_iam_policy.kms_mns_lambda_access[0].policy, ] kms_deletion_window = var.kms_deletion_window rest_api_id = null @@ -20,7 +21,7 @@ module "mns-notification-lambda" { APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id WORKSPACE = terraform.workspace LLOYD_GEORGE_DYNAMODB_NAME = "${terraform.workspace}_${var.lloyd_george_dynamodb_table_name}" - MNS_NOTIFICATION_QUEUE_URL = module.sqs-mns-notification-queue.sqs_url + MNS_NOTIFICATION_QUEUE_URL = module.sqs-mns-notification-queue[0].sqs_url PDS_FHIR_IS_STUBBED = local.is_sandbox } is_gateway_integration_needed = false @@ -29,26 +30,27 @@ module "mns-notification-lambda" { } resource "aws_lambda_event_source_mapping" "mns_notification_lambda" { - event_source_arn = module.sqs-mns-notification-queue.endpoint - function_name = module.mns-notification-lambda.lambda_arn + event_source_arn = module.sqs-mns-notification-queue[0].endpoint + function_name = module.mns-notification-lambda[0].lambda_arn } module "mns-notification-alarm" { source = "./modules/lambda_alarms" - lambda_function_name = module.mns-notification-lambda.function_name - lambda_timeout = module.mns-notification-lambda.timeout + lambda_function_name = module.mns-notification-lambda[0].function_name + lambda_timeout = module.mns-notification-lambda[0].timeout lambda_name = "mns_notification_handler" namespace = "AWS/Lambda" - alarm_actions = [module.mns-notification-alarm-topic.arn] - ok_actions = [module.mns-notification-alarm-topic.arn] + alarm_actions = [module.mns-notification-alarm-topic[0].arn] + ok_actions = [module.mns-notification-alarm-topic[0].arn] } module "mns-notification-alarm-topic" { + count = 1 source = "./modules/sns" sns_encryption_key_id = module.sns_encryption_key.id topic_name = "mns-notification-topic" topic_protocol = "lambda" - topic_endpoint = module.mns-notification-lambda.lambda_arn + topic_endpoint = module.mns-notification-lambda[0].lambda_arn delivery_policy = jsonencode({ "Version" : "2012-10-17", "Statement" : [ @@ -72,6 +74,7 @@ module "mns-notification-alarm-topic" { } resource "aws_iam_policy" "kms_mns_lambda_access" { + count = 1 name = "${terraform.workspace}_mns_notification_lambda_access_policy" description = "KMS policy to allow lambda to read and write MNS SQS messages" @@ -84,7 +87,7 @@ resource "aws_iam_policy" "kms_mns_lambda_access" { "kms:GenerateDataKey" ] Effect = "Allow" - Resource = module.mns_encryption_key.kms_arn + Resource = module.mns_encryption_key[0].kms_arn }, ] }) diff --git a/infrastructure/mns.tf b/infrastructure/mns.tf index 39a78636..e5aa5d18 100644 --- a/infrastructure/mns.tf +++ b/infrastructure/mns.tf @@ -4,6 +4,7 @@ data "aws_ssm_parameter" "mns_lambda_role" { module "mns_encryption_key" { + count = 1 source = "./modules/kms" kms_key_name = "alias/mns-notification-encryption-key-kms-${terraform.workspace}" kms_key_description = "Custom KMS Key to enable server side encryption for mns subscriptions" @@ -16,6 +17,7 @@ module "mns_encryption_key" { } module "sqs-mns-notification-queue" { + count = 1 source = "./modules/sqs" name = "mns-notification-queue" max_size_message = 256 * 1024 # allow message size up to 256 KB @@ -25,14 +27,14 @@ module "sqs-mns-notification-queue" { max_visibility = 901 delay = 60 enable_sse = null - kms_master_key_id = module.mns_encryption_key.id + kms_master_key_id = module.mns_encryption_key[0].id enable_dlq = true dlq_visibility_timeout = 0 max_receive_count = 3 } resource "aws_sqs_queue_policy" "mns_sqs_access" { - queue_url = module.sqs-mns-notification-queue.sqs_url + queue_url = module.sqs-mns-notification-queue[0].sqs_url policy = jsonencode({ Version = "2012-10-17" @@ -43,7 +45,7 @@ resource "aws_sqs_queue_policy" "mns_sqs_access" { AWS = data.aws_ssm_parameter.mns_lambda_role.value }, Action = "SQS:SendMessage", - Resource = module.sqs-mns-notification-queue.sqs_arn + Resource = module.sqs-mns-notification-queue[0].sqs_arn } ] }) @@ -62,7 +64,7 @@ resource "aws_cloudwatch_metric_alarm" "msn_dlq_new_message" { alarm_actions = [module.mns-dlq-alarm-topic.arn] dimensions = { - QueueName = module.sqs-mns-notification-queue.dlq_name + QueueName = module.sqs-mns-notification-queue[0].dlq_name } } @@ -93,5 +95,5 @@ module "mns-dlq-alarm-topic" { } ] }) - depends_on = [module.sqs-mns-notification-queue] + depends_on = [module.sqs-mns-notification-queue[0]] } diff --git a/infrastructure/sqs_alarms.tf b/infrastructure/sqs_alarms.tf index 9d8e5c3d..72553b67 100644 --- a/infrastructure/sqs_alarms.tf +++ b/infrastructure/sqs_alarms.tf @@ -5,11 +5,11 @@ locals { "stitching_main" = module.sqs-stitching-queue.sqs_name "lg_bulk_main" = module.sqs-lg-bulk-upload-metadata-queue.sqs_name "lg_inv_main" = module.sqs-lg-bulk-upload-invalid-queue.sqs_name - "mns_main" = module.sqs-mns-notification-queue.sqs_name + "mns_main" = module.sqs-mns-notification-queue[0].sqs_name # dead-letter queues "nrl_dlq" = module.sqs-nrl-queue.dlq_name "stitching_dlq" = module.sqs-stitching-queue.dlq_name - "mns_dlq" = module.sqs-mns-notification-queue.dlq_name + "mns_dlq" = module.sqs-mns-notification-queue[0].dlq_name }