Merge branch 'main' into feature/terb-ELID-131-automated-deployment-networking-api

TOEL2 · web-flow · commit 976913f0fb17 · 2025-06-04T09:27:39.000+01:00
diff --git a/.github/workflows/cicd-2-publish.yaml b/.github/workflows/cicd-2-publish.yaml
@@ -140,20 +140,14 @@ jobs:
       #     asset_path: ./build/lambda.zip
       #     asset_name: lambda-${{ needs.metadata.outputs.version }}.zip
       #     asset_content_type: application/zip
-  success:
-    name: "Success notification"
-    runs-on: ubuntu-latest
-    needs: [publish]
-    steps:
-      - name: "Check prerequisites for notification"
-        id: check
-        run: echo "secret_exist=${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL != '' }}" >> $GITHUB_OUTPUT
-      - name: "Notify on publishing packages"
-        if: steps.check.outputs.secret_exist == 'true'
-        uses: nhs-england-tools/notify-msteams-action@v1.0.0
+      - name: "Notify Slack on PR merge"
+        uses: slackapi/slack-github-action@v2.1.0
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          teams-webhook-url: ${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL }}
-          message-title: "Notification title"
-          message-text: "This is a notification body"
-          link: ${{ github.event.pull_request.html_url }}
+          webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
+          webhook-type: webhook-trigger
+          payload: |
+            status: "${{ job.status }}"
+            link: "https://github.com/${{ github.repository }}/commit/${{ github.sha }}"
+            Author: "${{ github.actor }}"
+            title: "Pushed to main"
+            version: "${{ needs.metadata.outputs.version }}"
diff --git a/infrastructure/stacks/api-layer/iam_policies.tf b/infrastructure/stacks/api-layer/iam_policies.tf
@@ -23,8 +23,9 @@ data "aws_iam_policy_document" "dynamodb_write_policy_doc" {
 
 # Attach dynamoDB write policy to external write role
 resource "aws_iam_role_policy" "external_dynamodb_write_policy" {
+  count  = length(aws_iam_role.write_access_role)
   name   = "DynamoDBWriteAccess"
-  role   = aws_iam_role.write_access_role.id
+  role   = aws_iam_role.write_access_role[count.index].id
   policy = data.aws_iam_policy_document.dynamodb_write_policy_doc.json
 }
 
@@ -160,5 +161,3 @@ resource "aws_kms_key_policy" "kms_key" {
   key_id = module.eligibility_status_table.dynamodb_kms_key_id
   policy = data.aws_iam_policy_document.kms_key_policy.json
 }
-
-

Original file line number	Diff line number	Diff line change
`@@ -23,8 +23,9 @@ data "aws_iam_policy_document" "dynamodb_write_policy_doc" {`
`23`	`23`
`24`	`24`	`# Attach dynamoDB write policy to external write role`
`25`	`25`	`resource "aws_iam_role_policy" "external_dynamodb_write_policy" {`
	`26`	`+ count = length(aws_iam_role.write_access_role)`
`26`	`27`	`name = "DynamoDBWriteAccess"`
`27`		`- role = aws_iam_role.write_access_role.id`
	`28`	`+ role = aws_iam_role.write_access_role[count.index].id`
`28`	`29`	`policy = data.aws_iam_policy_document.dynamodb_write_policy_doc.json`
`29`	`30`	`}`
`30`	`31`
`@@ -160,5 +161,3 @@ resource "aws_kms_key_policy" "kms_key" {`
`160`	`161`	`key_id = module.eligibility_status_table.dynamodb_kms_key_id`
`161`	`162`	`policy = data.aws_iam_policy_document.kms_key_policy.json`
`162`	`163`	`}`
`163`		`-`
`164`		`-`