Skip to content

Commit e73a0c6

Browse files
mattdean3-nhsmattdean3-nhs
committed
[NRL-1386] Don't provision infra firehose streams for ephem envs
1 parent 950d036 commit e73a0c6

File tree

7 files changed

+21
-34
lines changed

7 files changed

+21
-34
lines changed

terraform/infrastructure/firehose.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
module "firehose__processor" {
2+
count = var.use_shared_resources ? 1 : 0
23
source = "./modules/firehose"
34
assume_account = local.aws_account_id
45
prefix = local.prefix

terraform/infrastructure/lambda.tf

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ module "consumer__readDocumentReference" {
1111
PREFIX = "${local.prefix}--"
1212
ENVIRONMENT = local.environment
1313
POWERTOOLS_LOG_LEVEL = local.log_level
14-
SPLUNK_INDEX = module.firehose__processor.splunk.index
14+
SPLUNK_INDEX = local.splunk_index
1515
AUTH_STORE = local.auth_store_id
1616
TABLE_NAME = local.pointers_table_name
1717
}
@@ -39,7 +39,7 @@ module "consumer__countDocumentReference" {
3939
ENVIRONMENT = local.environment
4040
AUTH_STORE = local.auth_store_id
4141
POWERTOOLS_LOG_LEVEL = local.log_level
42-
SPLUNK_INDEX = module.firehose__processor.splunk.index
42+
SPLUNK_INDEX = local.splunk_index
4343
TABLE_NAME = local.pointers_table_name
4444
}
4545
additional_policies = [
@@ -66,7 +66,7 @@ module "consumer__searchDocumentReference" {
6666
ENVIRONMENT = local.environment
6767
AUTH_STORE = local.auth_store_id
6868
POWERTOOLS_LOG_LEVEL = local.log_level
69-
SPLUNK_INDEX = module.firehose__processor.splunk.index
69+
SPLUNK_INDEX = local.splunk_index
7070
TABLE_NAME = local.pointers_table_name
7171
}
7272
additional_policies = [
@@ -93,7 +93,7 @@ module "consumer__searchPostDocumentReference" {
9393
ENVIRONMENT = local.environment
9494
AUTH_STORE = local.auth_store_id
9595
POWERTOOLS_LOG_LEVEL = local.log_level
96-
SPLUNK_INDEX = module.firehose__processor.splunk.index
96+
SPLUNK_INDEX = local.splunk_index
9797
TABLE_NAME = local.pointers_table_name
9898
}
9999
additional_policies = [
@@ -119,7 +119,7 @@ module "producer__createDocumentReference" {
119119
PREFIX = "${local.prefix}--"
120120
ENVIRONMENT = local.environment
121121
AUTH_STORE = local.auth_store_id
122-
SPLUNK_INDEX = module.firehose__processor.splunk.index
122+
SPLUNK_INDEX = local.splunk_index
123123
POWERTOOLS_LOG_LEVEL = local.log_level
124124
TABLE_NAME = local.pointers_table_name
125125
}
@@ -148,7 +148,7 @@ module "producer__deleteDocumentReference" {
148148
ENVIRONMENT = local.environment
149149
AUTH_STORE = local.auth_store_id
150150
POWERTOOLS_LOG_LEVEL = local.log_level
151-
SPLUNK_INDEX = module.firehose__processor.splunk.index
151+
SPLUNK_INDEX = local.splunk_index
152152
TABLE_NAME = local.pointers_table_name
153153
}
154154
additional_policies = [
@@ -176,7 +176,7 @@ module "producer__readDocumentReference" {
176176
ENVIRONMENT = local.environment
177177
AUTH_STORE = local.auth_store_id
178178
POWERTOOLS_LOG_LEVEL = local.log_level
179-
SPLUNK_INDEX = module.firehose__processor.splunk.index
179+
SPLUNK_INDEX = local.splunk_index
180180
TABLE_NAME = local.pointers_table_name
181181
}
182182
additional_policies = [
@@ -203,7 +203,7 @@ module "producer__searchDocumentReference" {
203203
ENVIRONMENT = local.environment
204204
AUTH_STORE = local.auth_store_id
205205
POWERTOOLS_LOG_LEVEL = local.log_level
206-
SPLUNK_INDEX = module.firehose__processor.splunk.index
206+
SPLUNK_INDEX = local.splunk_index
207207
TABLE_NAME = local.pointers_table_name
208208
}
209209
additional_policies = [
@@ -230,7 +230,7 @@ module "producer__searchPostDocumentReference" {
230230
ENVIRONMENT = local.environment
231231
AUTH_STORE = local.auth_store_id
232232
POWERTOOLS_LOG_LEVEL = local.log_level
233-
SPLUNK_INDEX = module.firehose__processor.splunk.index
233+
SPLUNK_INDEX = local.splunk_index
234234
TABLE_NAME = local.pointers_table_name
235235
}
236236
additional_policies = [
@@ -257,7 +257,7 @@ module "producer__updateDocumentReference" {
257257
ENVIRONMENT = local.environment
258258
AUTH_STORE = local.auth_store_id
259259
POWERTOOLS_LOG_LEVEL = local.log_level
260-
SPLUNK_INDEX = module.firehose__processor.splunk.index
260+
SPLUNK_INDEX = local.splunk_index
261261
TABLE_NAME = local.pointers_table_name
262262
}
263263
additional_policies = [
@@ -285,7 +285,7 @@ module "producer__upsertDocumentReference" {
285285
ENVIRONMENT = local.environment
286286
AUTH_STORE = local.auth_store_id
287287
POWERTOOLS_LOG_LEVEL = local.log_level
288-
SPLUNK_INDEX = module.firehose__processor.splunk.index
288+
SPLUNK_INDEX = local.splunk_index
289289
TABLE_NAME = local.pointers_table_name
290290
}
291291
additional_policies = [
@@ -313,7 +313,7 @@ module "consumer__status" {
313313
ENVIRONMENT = local.environment
314314
AUTH_STORE = local.auth_store_id
315315
POWERTOOLS_LOG_LEVEL = local.log_level
316-
SPLUNK_INDEX = module.firehose__processor.splunk.index
316+
SPLUNK_INDEX = local.splunk_index
317317
DYNAMODB_TIMEOUT = local.dynamodb_timeout_seconds
318318
TABLE_NAME = local.pointers_table_name
319319
}
@@ -342,7 +342,7 @@ module "producer__status" {
342342
ENVIRONMENT = local.environment
343343
AUTH_STORE = local.auth_store_id
344344
POWERTOOLS_LOG_LEVEL = local.log_level
345-
SPLUNK_INDEX = module.firehose__processor.splunk.index
345+
SPLUNK_INDEX = local.splunk_index
346346
DYNAMODB_TIMEOUT = local.dynamodb_timeout_seconds
347347
TABLE_NAME = local.pointers_table_name
348348
}

terraform/infrastructure/locals.tf

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@ locals {
66
prefix = "${local.project}--${local.stack_name}"
77
account_prefix = "${local.project}--${var.aws_account_name}"
88

9+
aws_account_id = data.aws_caller_identity.current.account_id
10+
911
kms = {
1012
deletion_window_in_days = 7
1113
}
@@ -28,22 +30,17 @@ locals {
2830
shared_prefix = "${local.project}--${local.environment}"
2931
public_domain = local.is_sandbox_env ? var.public_sandbox_domain : var.public_domain
3032

31-
# Logic / vars for reporting
3233
reporting_bucket_arn = data.aws_s3_bucket.source-data-bucket.arn
3334
reporting_kms_arn = data.aws_kms_key.glue.arn
34-
firehose_lambda_subscriptions = [
35+
firehose_lambda_subscriptions = var.use_shared_resources ? [
3536
module.firehose__processor.firehose_subscription,
3637
module.firehose__processor.firehose_reporting_subscription
37-
]
38-
39-
# Logic / vars for splunk environment
38+
] : []
4039
splunk_environment = local.is_sandbox_env ? "${var.account_name}sandbox" : var.account_name
4140
splunk_index = "aws_recordlocator_${local.splunk_environment}"
4241

4342
log_level = var.account_name == "dev" || var.account_name == "qa" ? "DEBUG" : "INFO"
4443

45-
aws_account_id = data.aws_caller_identity.current.account_id
46-
4744
auth_store_id = var.use_shared_resources ? data.aws_s3_bucket.authorization-store[0].id : module.ephemeral-s3-permission-store[0].bucket_id
4845
auth_store_read_policy_arn = var.use_shared_resources ? data.aws_iam_policy.auth-store-read-policy[0].arn : module.ephemeral-s3-permission-store[0].bucket_read_policy_arn
4946

terraform/infrastructure/modules/api_gateway/api_gateway.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,7 @@ resource "aws_api_gateway_method_settings" "api_gateway_method_settings" {
112112

113113
resource "aws_api_gateway_gateway_response" "api_access_denied" {
114114
rest_api_id = aws_api_gateway_rest_api.api_gateway_rest_api.id
115+
status_code = "403"
115116
response_type = "ACCESS_DENIED"
116117
response_templates = {
117118
"application/json" = jsonencode({

terraform/infrastructure/modules/firehose/kinesis.tf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ resource "aws_kinesis_firehose_delivery_stream" "reporting_stream" {
6868
buffering_interval = 600
6969

7070
processing_configuration {
71-
enabled = var.enable_reporting_stream
71+
enabled = true
7272

7373
processors {
7474
type = "Decompression"
@@ -90,7 +90,7 @@ resource "aws_kinesis_firehose_delivery_stream" "reporting_stream" {
9090
}
9191

9292
cloudwatch_logging_options {
93-
enabled = var.enable_reporting_stream
93+
enabled = true
9494
log_group_name = aws_cloudwatch_log_group.firehose_reporting.name
9595
log_stream_name = aws_cloudwatch_log_stream.firehose_reporting.name
9696
}

terraform/infrastructure/modules/firehose/output.tf

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -11,12 +11,6 @@ output "delivery_stream" {
1111
}
1212
}
1313

14-
output "splunk" {
15-
value = {
16-
index = var.splunk_index
17-
}
18-
}
19-
2014
output "firehose_subscription" {
2115
value = {
2216
destination = {

terraform/infrastructure/modules/firehose/vars.tf

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -36,12 +36,6 @@ variable "error_prefix" {
3636
}
3737

3838

39-
variable "enable_reporting_stream" {
40-
type = bool
41-
description = "Enable the reporting delivery stream"
42-
default = false
43-
44-
}
4539
variable "reporting_bucket_arn" {
4640
type = string
4741
default = null

0 commit comments

Comments
 (0)