Merge branch 'main' into feature/eja-eli-420-setting-custom-env

Author: eddalmond1

.github/workflows/regression-tests.yml

@@ -21,7 +21,7 @@ jobs:
           fetch-depth: 0
 
       - name: Cache asdf
-        uses: actions/cache@a7833574556fa59680c1b7cb190c1735db73ebf0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb
         with:
           path: |
             ~/.asdf

infrastructure/modules/splunk_forwarder/outputs.tf

@@ -9,3 +9,9 @@ output "firehose_kms_key_arn" {
   description = "ARN of the KMS key used for Firehose encryption"
   value       = aws_kms_key.firehose_splunk_cmk.arn
 }
+
+#
+output "firehose_delivery_stream_name" {
+  description = "Name of the Kinesis Firehose delivery stream for Splunk"
+  value       = aws_kinesis_firehose_delivery_stream.splunk_delivery_stream.name
+}

infrastructure/stacks/api-layer/cloudwatch_alarms.tf

@@ -491,3 +491,31 @@ resource "aws_cloudwatch_metric_alarm" "acm_expiry_alarms" {
 
   alarm_actions = [aws_sns_topic.cloudwatch_alarms.arn]
 }
+
+# Splunk backup S3 bucket delivery failure alarm
+resource "aws_cloudwatch_metric_alarm" "splunk_backup_delivery_failure" {
+  alarm_name          = "SplunkBackupS3DeliveryFailure"
+  alarm_description   = "Triggers when there is a delivery failure from Firehose to the Splunk backup S3 bucket"
+  metric_name         = "BackupToS3.Records"
+  namespace           = "AWS/Firehose"
+  statistic           = "Sum"
+  period              = 300
+  evaluation_periods  = 1
+  threshold           = 0
+  comparison_operator = "GreaterThanThreshold"
+  treat_missing_data  = "notBreaching"
+
+  dimensions = {
+    DeliveryStreamName = module.splunk_forwarder.firehose_delivery_stream_name
+  }
+
+  alarm_actions = [aws_sns_topic.cloudwatch_alarms.arn]
+
+  tags = {
+    Environment = var.environment
+    AlertType   = "data-delivery"
+    Service     = "firehose"
+    Severity    = "high"
+    ManagedBy   = "terraform"
+  }
+}

infrastructure/stacks/api-layer/gateway_responses.tf

@@ -11,6 +11,10 @@ resource "aws_api_gateway_gateway_response" "response_4xx" {
     "gatewayresponse.header.Strict-Transport-Security" = "'max-age=31536000; includeSubDomains'"
     "gatewayresponse.header.X-Content-Type-Options"    = "'nosniff'"
   }
+
+  lifecycle {
+    ignore_changes = [response_templates]
+  }
 }
 
 resource "aws_api_gateway_gateway_response" "response_5xx" {
@@ -22,6 +26,10 @@ resource "aws_api_gateway_gateway_response" "response_5xx" {
     "gatewayresponse.header.Strict-Transport-Security" = "'max-age=31536000; includeSubDomains'"
     "gatewayresponse.header.X-Content-Type-Options"    = "'nosniff'"
   }
+
+  lifecycle {
+    ignore_changes = [response_templates]
+  }
 }
 
 resource "aws_api_gateway_gateway_response" "unauthorized" {
@@ -34,6 +42,10 @@ resource "aws_api_gateway_gateway_response" "unauthorized" {
     "gatewayresponse.header.Strict-Transport-Security" = "'max-age=31536000; includeSubDomains'"
     "gatewayresponse.header.X-Content-Type-Options"    = "'nosniff'"
   }
+
+  lifecycle {
+    ignore_changes = [response_templates]
+  }
 }
 
 resource "aws_api_gateway_gateway_response" "access_denied" {
@@ -46,6 +58,10 @@ resource "aws_api_gateway_gateway_response" "access_denied" {
     "gatewayresponse.header.Strict-Transport-Security" = "'max-age=31536000; includeSubDomains'"
     "gatewayresponse.header.X-Content-Type-Options"    = "'nosniff'"
   }
+
+  lifecycle {
+    ignore_changes = [response_templates]
+  }
 }
 
 resource "aws_api_gateway_gateway_response" "throttled" {
@@ -58,4 +74,8 @@ resource "aws_api_gateway_gateway_response" "throttled" {
     "gatewayresponse.header.Strict-Transport-Security" = "'max-age=31536000; includeSubDomains'"
     "gatewayresponse.header.X-Content-Type-Options"    = "'nosniff'"
   }
+
+  lifecycle {
+    ignore_changes = [response_templates]
+  }
 }