feature/PI-407-immutable_backups Move shared api_worker module and account wide only modules

Author: megan-bower4

infrastructure/terraform/modules/api_worker/api_lambda/lambda.tf

@@ -0,0 +1,37 @@
+module "lambda_function" {
+  source  = "terraform-aws-modules/lambda/aws"
+  version = "6.0.0"
+
+  function_name = var.lambda_name
+  description   = "${replace(var.name, "_", "-")} lambda function"
+  handler       = "api.${var.name}.index.handler"
+  runtime       = var.python_version
+  timeout       = 10
+  memory_size   = var.memory_size
+
+  timeouts = {
+    create = "5m"
+    update = "5m"
+    delete = "5m"
+  }
+
+  create_current_version_allowed_triggers = false
+  allowed_triggers                        = var.allowed_triggers
+  environment_variables                   = var.environment_variables
+
+  create_package         = false
+  local_existing_package = var.source_path
+
+  tags = {
+    Name = replace(var.name, "_", "-")
+  }
+
+  layers = var.layers
+
+  trusted_entities   = var.trusted_entities
+  attach_policy_json = var.attach_policy_json
+  policy_json        = var.policy_json
+
+  attach_policy_statements = var.attach_policy_statements
+  policy_statements        = var.policy_statements
+}

infrastructure/terraform/modules/api_worker/api_lambda/outputs.tf

@@ -0,0 +1,19 @@
+output "lambda_arn" {
+  value = module.lambda_function.lambda_function_arn
+}
+
+output "lambda_role_arn" {
+  value = module.lambda_function.lambda_role_arn
+}
+
+output "lambda_role_name" {
+  value = module.lambda_function.lambda_role_name
+}
+
+output "metadata" {
+  value = {
+    lambda_invoke_arn   = module.lambda_function.lambda_function_invoke_arn
+    authoriser_iam_role = module.lambda_function.lambda_role_arn
+    authoriser_name     = var.lambda_name
+  }
+}

infrastructure/terraform/modules/api_worker/api_lambda/vars.tf

@@ -0,0 +1,46 @@
+variable "name" {}
+
+variable "python_version" {
+}
+
+variable "lambda_name" {
+  default = ""
+}
+
+variable "layers" {
+  type = list(string)
+}
+
+variable "source_path" {}
+
+variable "attach_policy_json" {
+  default = false
+}
+
+variable "policy_json" {
+  default = ""
+}
+
+variable "trusted_entities" {
+  default = []
+}
+
+variable "allowed_triggers" {
+  default = {}
+}
+
+variable "environment_variables" {
+  default = {}
+}
+
+variable "attach_policy_statements" {
+  default = false
+}
+
+variable "policy_statements" {
+  default = {}
+}
+
+variable "memory_size" {
+  default = 128
+}

…nt/modules/api_worker/api_layer/layer.tf …rm/modules/api_worker/api_layer/layer.tfinfrastructure/terraform/per_account/modules/api_worker/api_layer/layer.tf renamed to infrastructure/terraform/modules/api_worker/api_layer/layer.tf infrastructure/terraform/per_account/modules/api_worker/api_layer/layer.tf renamed to infrastructure/terraform/modules/api_worker/api_layer/layer.tf

@@ -16,7 +16,7 @@ resource "aws_kms_key" "destination_backup_key" {
 }
 
 module "destination" {
-  source = "../../modules/aws-backup-destination"
+  source = "../modules/aws-backup-destination"
 
   source_account_name     = "test" # please note that the assigned value would be the prefix in aws_backup_vault.vault.name - change to dev/prod
   account_id              = var.assume_account

…/modules/api_worker/api_layer/outputs.tf …/modules/api_worker/api_layer/outputs.tfinfrastructure/terraform/per_account/modules/api_worker/api_layer/outputs.tf renamed to infrastructure/terraform/modules/api_worker/api_layer/outputs.tf infrastructure/terraform/per_account/modules/api_worker/api_layer/outputs.tf renamed to infrastructure/terraform/modules/api_worker/api_layer/outputs.tf

@@ -109,7 +109,7 @@ resource "aws_kms_alias" "backup_notifications" {
 # Now we can deploy the source and destination modules, referencing the resources we've created above.
 
 module "source" {
-  source = "../../modules/aws-backup-source"
+  source = "../modules/aws-backup-source"
 
   backup_copy_vault_account_id = data.aws_secretsmanager_secret_version.destination_account_id.secret_string
   backup_copy_vault_arn        = data.aws_secretsmanager_secret_version.destination_vault_arn.secret_string
@@ -144,7 +144,7 @@ module "source" {
 
 
 module "notify" {
-  source = "../../modules/notify/"
+  source = "../modules/notify/"
 
   assume_account        = var.assume_account
   project_name          = local.project

…unt/modules/api_worker/api_layer/vars.tf …orm/modules/api_worker/api_layer/vars.tfinfrastructure/terraform/per_account/modules/api_worker/api_layer/vars.tf renamed to infrastructure/terraform/modules/api_worker/api_layer/vars.tf infrastructure/terraform/per_account/modules/api_worker/api_layer/vars.tf renamed to infrastructure/terraform/modules/api_worker/api_layer/vars.tf

@@ -98,7 +98,7 @@ resource "aws_route53_zone" "dev-ns" {
 
 module "layers" {
   for_each       = toset(var.layers)
-  source         = "../modules/api_worker/api_layer"
+  source         = "../../modules/api_worker/api_layer"
   name           = each.key
   python_version = var.python_version
   layer_name     = "${local.project}--${replace(terraform.workspace, "_", "-")}--${replace(each.key, "_", "-")}"
@@ -107,7 +107,7 @@ module "layers" {
 
 module "third_party_layers" {
   for_each       = toset(var.third_party_layers)
-  source         = "../modules/api_worker/api_layer"
+  source         = "../../modules/api_worker/api_layer"
   name           = each.key
   python_version = var.python_version
   layer_name     = "${local.project}--${replace(terraform.workspace, "_", "-")}--${replace(each.key, "_", "-")}"