Merge branch 'master' into VED-26-add-config

Author: mfjarvis

README.md

@@ -108,11 +108,17 @@ Once connected, you should see the path as something similar to: `/mnt/d/Source/
 
 5. Configure pyenv.
     ```
-    pyenv install --list | grep "3.10"
-    pyenv install 3.10.16 #current latest
+    pyenv install --list | grep "3.11"
+    pyenv install 3.11.13 #current latest
     ```
 
-6. Install poetry 
+6. Install direnv if not already present, and hook it to the shell.
+    ```
+    sudo apt-get update && sudo apt-get install direnv
+    echo 'eval "$(direnv hook bash)"' >> ~/.bashrc
+    ```
+
+7. Install poetry 
     ```
     pip install poetry
     ```
@@ -125,8 +131,9 @@ For detailed instructions on running individual Lambdas, refer to the README.md
 Steps: 
 1. Set the python version in the folder with the code used by lambda for example `./backend` (see [lambdas](#lambdas)) folder.
     ```
-    pyenv local 3.10.16 # Set version in backend (this creates a .python-version file)
+    pyenv local 3.11.13 # Set version in backend (this creates a .python-version file)
     ```
+   Note: consult the lambda's `pyproject.toml` file to get the required Python version for this lambda. At the time of writing, this is `~3.10` for the batch lambdas and `~3.11` for all the others.
 
 2. Configure poetry
     ```
@@ -203,4 +210,13 @@ The root (`immunisation-fhir-api`) should point to `/mnt/d/Source/immunisation-f
 ## Verified commits
 Please note that this project requires that all commits are verified using a GPG key. 
 To set up a GPG key please follow the instructions specified here:
-https://docs.github.com/en/authentication/managing-commit-signature-verification
+https://docs.github.com/en/authentication/managing-commit-signature-verification
+
+
+## AWS configuration: Getting credentials for AWS federated user account
+
+In the 'Access keys' popup menu under AWS Access Portal:
+
+**NOTE** that AWS's 'Recommended' method of getting credentials **(AWS IAM Identity Center credentials)** will break mocking in unit tests; specifically any tests calling `dynamodb_client.create_table()` will fail with `botocore.errorfactory.ResourceInUseException: Table already exists`.
+
+Instead, use **Option 2 (Add a profile to your AWS credentials file)**.

infra/.env-default

@@ -0,0 +1,5 @@
+ENVIRONMENT=
+AWS_REGION=
+AWS_PROFILE=
+BUCKET_NAME=
+TF_VAR_key=

infra/.terraform.lock.hcl

@@ -0,0 +1,49 @@
+-include .env
+
+interactionId=$(ENVIRONMENT)
+
+tf_cmd = AWS_PROFILE=$(AWS_PROFILE) terraform
+tf_state= -backend-config="bucket=$(BUCKET_NAME)"
+tf_vars= -var-file=environments/$(ENVIRONMENT)/variables.tfvars
+
+.PHONY: lock-provider workspace init plan apply clean destroy output tf-%
+
+lock-provider:
+	# Run this only when you install a new terraform provider. This will generate sha code in lock file for all platform
+	echo "This may take a while. Be patient!"
+	$(tf_cmd) providers lock -platform=darwin_arm64 -platform=darwin_amd64 -platform=linux_amd64 -platform=windows_amd64
+
+workspace:
+	$(tf_cmd) workspace new $(ENVIRONMENT) || $(tf_cmd) workspace select $(ENVIRONMENT) && echo "Switched to workspace/environment: $(ENVIRONMENT)"
+
+init:
+	$(tf_cmd) init $(tf_state) -upgrade $(tf_vars)
+
+init-reconfigure:
+	$(tf_cmd) init $(tf_state) -upgrade $(tf_vars) -reconfigure
+
+plan: workspace
+	 $(tf_cmd) plan $(tf_vars)
+
+apply: workspace
+	$(tf_cmd) apply $(tf_vars) -auto-approve
+
+clean:
+	rm -rf build .terraform upload-key
+
+destroy: workspace
+	$(tf_cmd) destroy $(tf_vars) -auto-approve
+	$(tf_cmd) workspace select default
+	$(tf_cmd) workspace delete $(ENVIRONMENT)
+
+output:
+ifndef name
+	$(error name variable not set. Use 'make output name=...')
+endif
+	$(tf_cmd) output -raw $(name)
+
+import: 
+	$(tf_cmd) import $(tf_vars) $(to) $(id)
+
+tf-%:
+	$(tf_cmd) $*

infra/Makefile

@@ -0,0 +1,13 @@
+# About 
+Use .env-default as a reference for the required environment variables.
+You can use the commands defined in the Makefile to interact with the infrastructure resources.
+
+Currently, this process is run manually whenever we need to update the base layer of our infrastructure. These core resources remain consistent across all deployments.
+
+## Steps
+The general procedures are: 
+1. Configure your environment by copying and updating `.env` based on the `.env-default` file.
+2. Run `make init` to initialize the Terraform project.
+3. Run `make plan` to review the proposed infrastructure changes.
+
+4. Once you're confident in the plan and understand its impact, execute `make apply` to apply the changes.