From 481e4550749651bb86ac376520e4af1ab72357ec Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Tue, 3 Mar 2026 13:58:57 +0000 Subject: [PATCH 1/7] [PRMP-1465] adding env var --- infrastructure/lambda-create-user-restriction.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/infrastructure/lambda-create-user-restriction.tf b/infrastructure/lambda-create-user-restriction.tf index f70b4ede..e3b047dd 100644 --- a/infrastructure/lambda-create-user-restriction.tf +++ b/infrastructure/lambda-create-user-restriction.tf @@ -18,6 +18,7 @@ module "create_user_restriction_lambda" { APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id WORKSPACE = terraform.workspace RESTRICTIONS_TABLE_NAME = module.user_restriction_table.table_name + HEALTHCARE_WORKER_API_URL = module.healthcare_worker_api_base_url.value } depends_on = [ From b7e9ce024907e9514de378a3a6315c3ed3ab5059 Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Tue, 3 Mar 2026 14:17:32 +0000 Subject: [PATCH 2/7] [PRMP-1465] adding data --- infrastructure/lambda-create-user-restriction.tf | 14 +++++++------- infrastructure/ssm_parameters_user_restrictions.tf | 5 +++++ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/infrastructure/lambda-create-user-restriction.tf b/infrastructure/lambda-create-user-restriction.tf index e3b047dd..d52a7d88 100644 --- a/infrastructure/lambda-create-user-restriction.tf +++ b/infrastructure/lambda-create-user-restriction.tf @@ -13,12 +13,12 @@ module "create_user_restriction_lambda" { http_methods = ["POST"] api_execution_arn = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn lambda_environment_variables = { - APPCONFIG_APPLICATION = module.ndr-app-config.app_config_application_id - APPCONFIG_ENVIRONMENT = module.ndr-app-config.app_config_environment_id - APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id - WORKSPACE = terraform.workspace - RESTRICTIONS_TABLE_NAME = module.user_restriction_table.table_name - HEALTHCARE_WORKER_API_URL = module.healthcare_worker_api_base_url.value + APPCONFIG_APPLICATION = module.ndr-app-config.app_config_application_id + APPCONFIG_ENVIRONMENT = module.ndr-app-config.app_config_environment_id + APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id + WORKSPACE = terraform.workspace + RESTRICTIONS_TABLE_NAME = module.user_restriction_table.table_name + HEALTHCARE_WORKER_API_URL = local.is_sandbox ? "" : data.aws_ssm_parameter.hcw_api_url[0].value } depends_on = [ @@ -64,4 +64,4 @@ module "create_user_restriction_lambda_alarm_topic" { } ] }) -} \ No newline at end of file +} diff --git a/infrastructure/ssm_parameters_user_restrictions.tf b/infrastructure/ssm_parameters_user_restrictions.tf index 641f985e..c226e880 100644 --- a/infrastructure/ssm_parameters_user_restrictions.tf +++ b/infrastructure/ssm_parameters_user_restrictions.tf @@ -10,3 +10,8 @@ module "healthcare_worker_api_base_url" { ignore_value_changes = true } +data "aws_ssm_parameter" "hcw_api_url" { + count = local.is_sandbox ? 0 : 1 + name = "/ndr/${terraform.workspace}/hcw_api_url" +} + From 5a3387dd872c8687c505c7cc8125dc5069c4500d Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Thu, 12 Mar 2026 11:13:48 +0000 Subject: [PATCH 3/7] [PRMP-1465] adding read policy to lambda --- infrastructure/lambda-create-user-restriction.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/infrastructure/lambda-create-user-restriction.tf b/infrastructure/lambda-create-user-restriction.tf index d52a7d88..38bc8056 100644 --- a/infrastructure/lambda-create-user-restriction.tf +++ b/infrastructure/lambda-create-user-restriction.tf @@ -5,7 +5,8 @@ module "create_user_restriction_lambda" { iam_role_policy_documents = [ module.ndr-app-config.app_config_policy, aws_iam_policy.ssm_access_policy.policy, - module.user_restriction_table.dynamodb_write_policy_document + module.user_restriction_table.dynamodb_write_policy_document, + module.user_restriction_table.dynamodb_read_policy_document ] kms_deletion_window = var.kms_deletion_window rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api.id From 5a134fb00b42488619e607a42442719cd997c70f Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Thu, 12 Mar 2026 16:26:02 +0000 Subject: [PATCH 4/7] [PRMP-1465] correcting data for ssm param --- infrastructure/ssm_parameters_user_restrictions.tf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/infrastructure/ssm_parameters_user_restrictions.tf b/infrastructure/ssm_parameters_user_restrictions.tf index c226e880..2d16fe92 100644 --- a/infrastructure/ssm_parameters_user_restrictions.tf +++ b/infrastructure/ssm_parameters_user_restrictions.tf @@ -10,8 +10,7 @@ module "healthcare_worker_api_base_url" { ignore_value_changes = true } -data "aws_ssm_parameter" "hcw_api_url" { - count = local.is_sandbox ? 0 : 1 - name = "/ndr/${terraform.workspace}/hcw_api_url" +data "aws_ssm_parameter" "healthcare_worker_api_base_url" { + name = "/ndr/${var.shared_infra_workspace}/hcw_api_url" } From c54e9dcd73bd905415ffdd982bc6aa0f27fe74b2 Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Fri, 13 Mar 2026 10:42:07 +0000 Subject: [PATCH 5/7] [PRMP-1465] ssm parameter correction --- infrastructure/lambda-create-user-restriction.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/lambda-create-user-restriction.tf b/infrastructure/lambda-create-user-restriction.tf index 38bc8056..7403bcc1 100644 --- a/infrastructure/lambda-create-user-restriction.tf +++ b/infrastructure/lambda-create-user-restriction.tf @@ -19,7 +19,7 @@ module "create_user_restriction_lambda" { APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id WORKSPACE = terraform.workspace RESTRICTIONS_TABLE_NAME = module.user_restriction_table.table_name - HEALTHCARE_WORKER_API_URL = local.is_sandbox ? "" : data.aws_ssm_parameter.hcw_api_url[0].value + HEALTHCARE_WORKER_API_URL = local.is_sandbox ? "" : data.aws_ssm_parameter.healthcare_worker_api_base_url.value } depends_on = [ From 6ae0a2ebc349fcbe15ebf425fff011741bab1d76 Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Mon, 16 Mar 2026 13:48:29 +0000 Subject: [PATCH 6/7] [PRMP-1465] adding RS folder to UR lambda handler path --- infrastructure/lambda-create-user-restriction.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/lambda-create-user-restriction.tf b/infrastructure/lambda-create-user-restriction.tf index 7403bcc1..142b5cc3 100644 --- a/infrastructure/lambda-create-user-restriction.tf +++ b/infrastructure/lambda-create-user-restriction.tf @@ -1,7 +1,7 @@ module "create_user_restriction_lambda" { source = "./modules/lambda" name = "CreateUserRestriction" - handler = "handlers.create_user_restriction_handler.lambda_handler" + handler = "handlers.user_restrictions.create_user_restriction_handler.lambda_handler" iam_role_policy_documents = [ module.ndr-app-config.app_config_policy, aws_iam_policy.ssm_access_policy.policy, From b0f24ec36a21f00540356f757bf7366296884f38 Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Wed, 18 Mar 2026 15:06:30 +0000 Subject: [PATCH 7/7] [PRMP-1465] removing the subdir as makefile flattens on FE --- infrastructure/lambda-create-user-restriction.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/lambda-create-user-restriction.tf b/infrastructure/lambda-create-user-restriction.tf index 142b5cc3..7403bcc1 100644 --- a/infrastructure/lambda-create-user-restriction.tf +++ b/infrastructure/lambda-create-user-restriction.tf @@ -1,7 +1,7 @@ module "create_user_restriction_lambda" { source = "./modules/lambda" name = "CreateUserRestriction" - handler = "handlers.user_restrictions.create_user_restriction_handler.lambda_handler" + handler = "handlers.create_user_restriction_handler.lambda_handler" iam_role_policy_documents = [ module.ndr-app-config.app_config_policy, aws_iam_policy.ssm_access_policy.policy,