Working Changes

dvsa · Jun 21, 2024 · a073e8d · a073e8d
1 parent a2d442b
commit a073e8d
Show file tree

Hide file tree

Showing 33 changed files with 480 additions and 377 deletions.
diff --git a/infrastructure/api_deployment.tf b/infrastructure/api_deployment.tf
diff --git a/infrastructure/api_enquiry.tf b/infrastructure/api_enquiry.tf
diff --git a/infrastructure/api_gateway.tf b/infrastructure/api_gateway.tf
diff --git a/infrastructure/cw_alarm.tf b/infrastructure/cw_alarm.tf
@@ -1,15 +1,15 @@
 locals {
-  service_name = "${local.csi}-enquiry-evl-push-lambda"
+  service_name = "${local.csi}-${var.api_service_name}-evl-push-lambda"
 }
 
-resource "aws_sqs_queue" "enquiry_evl_push_lambda" {
+resource "aws_sqs_queue" "evl_push_lambda" {
   name                      = "${local.service_name}-dlq"
   message_retention_seconds = 1209600
   tags                      = local.default_tags
   sqs_managed_sse_enabled   = true
 }
 
-resource "aws_cloudwatch_metric_alarm" "deadletter_alarm_enquiry_evl_push_lambda" {
+resource "aws_cloudwatch_metric_alarm" "deadletter_alarm_evl_push_lambda" {
   alarm_name          = "${local.service_name}-dlq-not-empty-alarm"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = "1"
@@ -18,15 +18,15 @@ resource "aws_cloudwatch_metric_alarm" "deadletter_alarm_enquiry_evl_push_lambda
   period              = "120"
   statistic           = "Sum"
   threshold           = "1"
-  alarm_description   = "Items are on the ${aws_sqs_queue.enquiry_evl_push_lambda.name} queue"
+  alarm_description   = "Items are on the ${aws_sqs_queue.evl_push_lambda.name} queue"
   treat_missing_data  = "notBreaching"
   tags                = local.default_tags
   dimensions = {
-    "QueueName" = aws_sqs_queue.enquiry_evl_push_lambda.name
+    "QueueName" = aws_sqs_queue.evl_push_lambda.name
   }
 }
 
-resource "aws_cloudwatch_metric_alarm" "enquiry_evl_push_lambda_errors" {
+resource "aws_cloudwatch_metric_alarm" "evl_push_lambda_errors" {
   alarm_name          = "${local.service_name}-errors-alarm"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 2
@@ -38,11 +38,11 @@ resource "aws_cloudwatch_metric_alarm" "enquiry_evl_push_lambda_errors" {
   metric_name = "Errors"
   statistic   = "Maximum"
   dimensions = {
-    FunctionName = module.enquiry_sftp_file_push.function_name
+    FunctionName = module.sftp_file_push.function_name
   }
 }
 
-resource "aws_cloudwatch_metric_alarm" "enquiry_evl_push_lambda_timeouts" {
+resource "aws_cloudwatch_metric_alarm" "evl_push_lambda_timeouts" {
   alarm_name          = "${local.service_name}-timeouts-alarm"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 2
@@ -55,6 +55,6 @@ resource "aws_cloudwatch_metric_alarm" "enquiry_evl_push_lambda_timeouts" {
   statistic   = "Maximum"
   dimensions = {
     Environment = terraform.workspace
-    Service     = "/aws/lambda/${module.enquiry_sftp_file_push.function_name}"
+    Service     = "/aws/lambda/${module.sftp_file_push.function_name}"
   }
 }
diff --git a/infrastructure/data.tf b/infrastructure/data.tf
@@ -1,10 +1,7 @@
 data "aws_api_gateway_rest_api" "remote_gateway" {
-  name = "cb2-11925"
+  name = terraform.workspace
 }
 
-output "gateway" {
-  value = data.aws_api_gateway_rest_api.remote_gateway
-}
 
 data "aws_caller_identity" "current" {}
 data "aws_region" "current" {}
@@ -36,7 +33,7 @@ data "aws_iam_policy_document" "fh_cw_assume" {
 
 data "terraform_remote_state" "current_or_dev" {
   backend   = "s3"
-  workspace = var.remote_state
+  workspace = terraform.workspace
   config = {
     bucket         = "cvs-tf-environment"
     key            = "tf_state"
@@ -58,19 +55,34 @@ data "aws_iam_role" "firehose_metrics" {
 }
 
 ## Secrets Data
-data "aws_secretsmanager_secret" "enquiry-api-key" {
-  name = "${var.GITHUB_ENVIRONMENT}/enquiry/api-key"
+data "aws_secretsmanager_secret" "api-key" {
+  name = "${var.GITHUB_ENVIRONMENT}/${var.api_service_name}/api-key"
 }
 
-data "aws_secretsmanager_secret_version" "enquiry-api-key" {
-  secret_id = data.aws_secretsmanager_secret.enquiry-api-key.id
+data "aws_secretsmanager_secret_version" "api-key" {
+  secret_id = data.aws_secretsmanager_secret.api-key.id
 }
 
 
 data "aws_appconfig_environments" "app_config_environments" {
   application_id = var.app_config_ids["app_config_id"]
 }
 
+
+data "aws_api_gateway_authorizer" "lambda_auth" {
+  rest_api_id      = data.aws_api_gateway_rest_api.remote_gateway.id
+  authorizer_id    = data.terraform_remote_state.current_or_dev.outputs.lambda_authorizer_id
+}
 # output "app_env" {
 #   value = data.aws_appconfig_environments.app_config_environments
-# }
+# }
+
+## S3 Access Logging
+data "aws_kms_key" "access_logging_s3" {
+  key_id = "alias/s3-access-logging-${terraform.workspace}"
+}
+
+data "aws_s3_bucket" "access_logging" {
+  #checkov:skip=CKV_AWS_144:This bucket does not require cross region replication.
+  bucket = "cvs-s3-access-logs-${terraform.workspace}"
+}
diff --git a/infrastructure/data/iam_s3.json.tftpl b/infrastructure/data/iam_s3.json.tftpl
@@ -2,7 +2,7 @@
   "Version": "2012-10-17",
   "Statement": [
     {
-      "Sid": "CVSS3Bucket${ title(action)}",
+      "Sid": "CVSS3Bucket${title(action)}",
       "Effect": "Allow",
 
       "Action": [

diff --git a/infrastructure/data/iam_secrets_manager.json.tftpl b/infrastructure/data/iam_secrets_manager.json.tftpl
@@ -6,9 +6,9 @@
       "Effect": "Allow",
 
       "Action": [
-        "secretsmanager:ListSecrets",
-        "secretsmanager:DescribeSecret",
-        "secretsmanager:GetSecretValue"
+        "SecretsManager:ListSecrets",
+        "SecretsManager:DescribeSecret",
+        "SecretsManager:GetSecretValue"
       ],
 
       "Resource": ${ jsonencode(resource) }

diff --git a/infrastructure/environments/develop.tfvars b/infrastructure/environments/develop.tfvars
@@ -1 +1,11 @@
-aws_account = "006106226016"
+aws_environment = "nonprod"
+sub_domain = "develop"
+app_config_ids = {
+  app_config_id  = "j7jocye",
+  vtx_profile_id = "t5s9wuc",
+  vtm_profile_id = "4j8oc9c",
+  vta_profile_id = "mlkqqmj",
+}
+app_config_environment_id = "42yaqu1"
+api_version = "v1"
+api_service_name = "enquiry"
diff --git a/infrastructure/environments/feature.tfvars b/infrastructure/environments/feature.tfvars
@@ -1,8 +1,11 @@
 aws_environment = "nonprod"
 sub_domain = "develop"
-app_config = {
-    app_config_id  = "j7jocye",
-    vtx_profile_id = "t5s9wuc",
-    vtm_profile_id = "4j8oc9c",
-    vta_profile_id = "mlkqqmj",
+app_config_ids = {
+  app_config_id  = "j7jocye",
+  vtx_profile_id = "t5s9wuc",
+  vtm_profile_id = "4j8oc9c",
+  vta_profile_id = "mlkqqmj",
 }
+app_config_environment_id = "42yaqu1"
+api_version = "v1"
+api_service_name = "enquiry"
diff --git a/infrastructure/eventbridge_schedule.tf b/infrastructure/eventbridge_schedule.tf
@@ -1,13 +1,13 @@
-resource "aws_cloudwatch_event_rule" "enquiry_lambda_trigger" {
-  for_each            = toset(["evl", "tfl"])
+resource "aws_cloudwatch_event_rule" "lambda_trigger" {
+  for_each            = local.scheduled_tasks
   name                = "${terraform.workspace}-trigger-${each.value}-feed-every-day"
   description         = "${var.schedule_day[each.value]} at ${var.schedule_hour[var.aws_environment]}00hrs"
   schedule_expression = "cron(0 ${var.schedule_hour[var.aws_environment]} ? * ${var.schedule_day[each.value]} *)"
 }
 
-resource "aws_cloudwatch_event_target" "enquiry_lambda_trigger" {
-  for_each = toset(["evl", "tfl"])
-  rule     = aws_cloudwatch_event_rule.enquiry_lambda_trigger[each.value].name
+resource "aws_cloudwatch_event_target" "lambda_trigger" {
+  for_each = local.scheduled_tasks
+  rule     = aws_cloudwatch_event_rule.lambda_trigger[each.value].name
   arn      = module.enquiry_lambda.arn
   input    = templatefile("./data/enquiry_lambda_trigger.json.tftpl", { client = each.value })
 }