VED-26: Attach endpoint Lambda functions to the VPC so they can connect to Redis.

mfjarvis · nhsdevws · commit 41168f8cb8d2 · 2025-07-03T09:05:04.000+01:00
diff --git a/terraform/endpoints.tf b/terraform/endpoints.tf
@@ -2,7 +2,6 @@
 
 locals {
   policy_path     = "${path.root}/policies"
-  domain_name_url = "https://${local.service_domain_name}"
 }
 
 data "aws_iam_policy_document" "logs_policy_document" {
@@ -60,12 +59,14 @@ module "imms_event_endpoint_lambdas" {
   source = "./lambda"
   count  = length(local.imms_endpoints)
 
-  prefix        = local.prefix
-  short_prefix  = local.short_prefix
-  function_name = local.imms_endpoints[count.index]
-  image_uri     = module.docker_image.image_uri
-  policy_json   = data.aws_iam_policy_document.imms_policy_document.json
-  environments  = local.imms_lambda_env_vars
+  prefix                 = local.prefix
+  short_prefix           = local.short_prefix
+  function_name          = local.imms_endpoints[count.index]
+  image_uri              = module.docker_image.image_uri
+  policy_json            = data.aws_iam_policy_document.imms_policy_document.json
+  environments           = local.imms_lambda_env_vars
+  vpc_subnet_ids         = data.aws_subnets.default.ids
+  vpc_security_group_ids = [data.aws_security_group.existing_securitygroup.id]
 }
 
 locals {
diff --git a/terraform/lambda/lambda.tf b/terraform/lambda/lambda.tf
@@ -13,6 +13,9 @@ module "lambda_function_container_image" {
     architectures = ["x86_64"]
     timeout = 6
 
+    vpc_subnet_ids = var.vpc_subnet_ids
+    vpc_security_group_ids = var.vpc_security_group_ids
+
     # A JWT encode took 7 seconds at default memory size of 128 and 0.8 seconds at 1024.
     # 2048 gets it down to around 0.5 but since Lambda is charged at GB * ms then it costs more for minimal benefit.
     memory_size = 1024
diff --git a/terraform/lambda/variables.tf b/terraform/lambda/variables.tf
@@ -1,9 +1,34 @@
-variable "prefix" {}
-variable "short_prefix" {}
-variable "function_name" {}
-variable "image_uri" {}
+variable "prefix" {
+    type = string
+}
+
+variable "short_prefix" {
+    type = string
+}
+
+variable "function_name" {
+    type = string
+}
+
+variable "image_uri" {
+    type = string
+}
+
 variable "environments" {
+    type = map(string)
     default = {}
 }
 
-variable "policy_json" {}
+variable "policy_json" {
+    type = string
+}
+
+variable "vpc_security_group_ids" {
+    type = list(string)
+    default = null
+}
+
+variable "vpc_subnet_ids" {
+    type = list(string)
+    default = null
+}
