Attempt Cloudwatch alarm setup

dlzhry2nhs · dlzhry2nhs · commit 4eca9baef6f2 · 2025-09-08T12:43:13.000+01:00
diff --git a/terraform/batch_processor_errors_sns_topic.tf b/terraform/batch_processor_errors_sns_topic.tf
@@ -0,0 +1,27 @@
+resource "aws_sns_topic" "batch_processor_errors" {
+  name = "${local.short_prefix}-batch-processor-errors"
+}
+
+resource "aws_sns_topic_policy" "batch_processor_errors_topic_policy" {
+  arn    = aws_sns_topic.batch_processor_errors.arn
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Sid       = "AllowCloudWatchToPublish",
+        Effect    = "Allow",
+        Principal = {
+          Service = "cloudwatch.amazonaws.com"
+        },
+        Action    = "SNS:Publish",
+        Resource  = aws_sns_topic.batch_processor_errors.arn
+      }
+    ]
+  })
+}
+
+resource "aws_sns_topic_subscription" "batch_processor_errors_email_target" {
+  topic_arn     = aws_sns_topic.batch_processor_errors.arn
+  protocol      = "email"
+  endpoint      = var.batch_processor_errors_target_email
+}
diff --git a/terraform/file_name_processor.tf b/terraform/file_name_processor.tf
@@ -318,3 +318,29 @@ resource "aws_cloudwatch_log_group" "file_name_processor_log_group" {
   name              = "/aws/lambda/${local.short_prefix}-filenameproc_lambda"
   retention_in_days = 30
 }
+
+resource "aws_cloudwatch_log_metric_filter" "file_name_processor_error_logs" {
+  name           = "${local.short_prefix}-FilenameProcessorErrorLogsFilter"
+  pattern        = "%\\[ERROR\\]|\\[CRITICAL\\]%"
+  log_group_name = aws_cloudwatch_log_group.file_name_processor_log_group.name
+
+  metric_transformation {
+    name      = "${local.short_prefix}-FilenameProcessorErrorLogs"
+    namespace = "${local.short_prefix}-FilenameProcessorLambda"
+    value     = "1"
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "file_name_processor_error_alarm" {
+  alarm_name          = "${local.short_prefix}-file-name-processor-lambda-error"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 1
+  metric_name         = "${local.short_prefix}-FilenameProcessorErrorLogs"
+  namespace           = "${local.short_prefix}-FilenameProcessorLambda"
+  period              = 60
+  statistic           = "Count"
+  threshold           = 1
+  alarm_description   = "This sets off an alarm for any error logs found in the file name processor Lambda function"
+  alarm_actions       = [aws_sns_topic.batch_processor_errors.arn]
+  treat_missing_data  = "notBreaching"
+}
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -7,6 +7,14 @@ variable "sub_environment" {
 variable "immunisation_account_id" {}
 variable "dspp_core_account_id" {}
 
+# TODO - change this. Get a shared mailbox/switch to Lambda -> Slack integration
+# Also should have different config for Prod vs PTL
+variable "batch_processor_errors_target_email" {
+  default     = "daniel.yip4@nhs.net"
+  description = "The target email address for the Batch Processor Errors SNS topic"
+  type        = "string"
+}
+
 variable "create_mesh_processor" {
   default = false
 }
