decoupled api layer from networking, passed req env var to lambda

Karthikeyannhs · Karthikeyannhs · commit 68674bd4b90e · 2025-05-12T12:58:53.000+01:00
diff --git a/infrastructure/modules/lambda/lambda.tf b/infrastructure/modules/lambda/lambda.tf
@@ -9,12 +9,14 @@ resource "aws_lambda_function" "eligibility_signposting_lambda" {
   source_code_hash = filebase64sha256(var.file_name)
 
   runtime     = "python3.13"
-  timeout     = 30   # Default
+  timeout     = 30
   memory_size = 128 # Default
 
   environment {
     variables = {
-      foo = "bar"
+      ELIGIBILITY_TABLE_NAME = var.eligibility_status_table_name,
+      RULES_BUCKET_NAME      = var.eligibility_rules_bucket_name,
+      ENV                    = var.environment
     }
   }
   vpc_config {
diff --git a/infrastructure/modules/lambda/variables.tf b/infrastructure/modules/lambda/variables.tf
@@ -32,3 +32,14 @@ variable "handler" {
   description = "lambda handler name"
   type        = string
 }
+
+variable "eligibility_rules_bucket_name" {
+  description = "campaign config rules bucket name"
+  type        = string
+}
+
+variable "eligibility_status_table_name" {
+  description = "eligibility datastore table name"
+  type        = string
+}
+
diff --git a/infrastructure/modules/s3/outputs.tf b/infrastructure/modules/s3/outputs.tf
@@ -9,3 +9,7 @@ output "storage_bucket_access_logs_id" {
 output "storage_bucket_arn" {
   value = aws_s3_bucket.storage_bucket.arn
 }
+
+output "storage_bucket_name" {
+  value = aws_s3_bucket.storage_bucket.bucket
+}
diff --git a/infrastructure/stacks/api-layer/lambda.tf b/infrastructure/stacks/api-layer/lambda.tf
@@ -1,17 +1,26 @@
-module "networking" {
-  source = "../networking"
+data "aws_security_group" "main_sg" {
+  name = "main-security-group"
 }
 
+data "aws_subnet" "private_subnets" {
+  for_each = toset(["private-subnet-1", "private-subnet-2", "private-subnet-3"])
+
+  tags = {
+    Name = each.value
+  }
+}
 
 module "eligibility_signposting_lambda_function" {
-  source                      = "../../modules/lambda"
-  eligibility_lambda_role_arn = aws_iam_role.eligibility_lambda_role.arn
-  workspace                   = local.workspace
-  environment                 = var.environment
-  lambda_func_name            = "eligibility_signposting_api"
-  security_group_ids          = module.networking.security_group_ids
-  vpc_intra_subnets           = module.networking.vpc_intra_subnets
-  file_name                   = "../../../dist/lambda.zip"
-  handler                     = "eligibility_signposting_api.app.lambda_handler"
+  source                        = "../../modules/lambda"
+  eligibility_lambda_role_arn   = aws_iam_role.eligibility_lambda_role.arn
+  workspace                     = local.workspace
+  environment                   = var.environment
+  lambda_func_name              = "eligibility_signposting_api"
+  security_group_ids            = [data.aws_security_group.main_sg.id]
+  vpc_intra_subnets             = [for v in data.aws_subnet.private_subnets : v.id]
+  file_name                     = "../../../dist/lambda.zip"
+  handler                       = "eligibility_signposting_api.app.lambda_handler"
+  eligibility_rules_bucket_name = module.s3_rules_bucket.storage_bucket_name
+  eligibility_status_table_name = module.eligibility_status_table.table_name
 }
 
diff --git a/infrastructure/stacks/api-layer/s3_buckets.tf b/infrastructure/stacks/api-layer/s3_buckets.tf
@@ -1,13 +1,13 @@
 module "s3_rules_bucket" {
   source       = "../../modules/s3"
-  bucket_name  = "eli-rules-3"
+  bucket_name  = "eli-rules"
   environment  = var.environment
   project_name = var.project_name
 }
 
 module "s3_audit_bucket" {
   source                 = "../../modules/s3"
-  bucket_name            = "eli-audit-1"
+  bucket_name            = "eli-audit"
   environment            = var.environment
   project_name           = var.project_name
   bucket_expiration_days = 180
diff --git a/infrastructure/stacks/api-layer/src/lambda_function1.py b/infrastructure/stacks/api-layer/src/lambda_function1.py
diff --git a/infrastructure/stacks/networking/outputs.tf b/infrastructure/stacks/networking/outputs.tf

Original file line number	Diff line number	Diff line change
`@@ -9,3 +9,7 @@ output "storage_bucket_access_logs_id" {`
`9`	`9`	`output "storage_bucket_arn" {`
`10`	`10`	`value = aws_s3_bucket.storage_bucket.arn`
`11`	`11`	`}`
	`12`	`+`
	`13`	`+output "storage_bucket_name" {`
	`14`	`+ value = aws_s3_bucket.storage_bucket.bucket`
	`15`	`+}`