setting up account level config for slack and sns topic alerting

Akol125 · Akol125 · commit 93b19a6f8608 · 2025-12-15T16:13:19.000Z
diff --git a/infrastructure/account/fhir_api_errors_slack_chatbot.tf b/infrastructure/account/fhir_api_errors_slack_chatbot.tf
@@ -0,0 +1,24 @@
+resource "aws_chatbot_slack_channel_configuration" "fhir_api_errors" {
+  configuration_name = "${var.environment}-fhir-api-errors-slack-channel-config"
+  iam_role_arn       = aws_iam_role.fhir_api_errors_chatbot.arn
+  slack_channel_id   = var.environment == "prod" ? "C0A3LPKNKEE" : "C0A4F3G8J0G"
+  slack_team_id      = "TJ00QR03U"
+  sns_topic_arns     = [aws_sns_topic.fhir_api_errors.arn]
+}
+
+resource "aws_iam_role" "fhir_api_errors_chatbot" {
+  name = "${var.environment}-fhir-api-errors-chatbot-channel-role"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = "AssumeChatbotRole"
+        Principal = {
+          Service = "chatbot.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
diff --git a/infrastructure/account/fhir_api_errors_sns_topic.tf b/infrastructure/account/fhir_api_errors_sns_topic.tf
@@ -0,0 +1,22 @@
+resource "aws_sns_topic" "fhir_api_errors" {
+  name              = "${var.environment}-fhir-api-errors"
+  kms_master_key_id = aws_kms_key.fhir_api_errors_sns_encryption_key.arn
+}
+
+resource "aws_sns_topic_policy" "fhir_api_errors_topic_policy" {
+  arn = aws_sns_topic.fhir_api_errors.arn
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Sid    = "AllowCloudWatchToPublish",
+        Effect = "Allow",
+        Principal = {
+          Service = "cloudwatch.amazonaws.com"
+        },
+        Action   = "SNS:Publish",
+        Resource = aws_sns_topic.fhir_api_errors.arn
+      }
+    ]
+  })
+}
diff --git a/infrastructure/account/kms.tf b/infrastructure/account/kms.tf
@@ -179,7 +179,7 @@ resource "aws_kms_alias" "id_sync_sqs_encryption" {
   target_key_id = aws_kms_key.id_sync_sqs_encryption.key_id
 }
 
-resource "aws_kms_key" "batch_processor_errors_sns_encryption_key" {
+resource "aws_kms_key" "error_alerts_sns_encryption_key" {
   description             = "KMS key for encrypting the batch processor errors SNS Topic messages"
   deletion_window_in_days = 7
   enable_key_rotation     = true
@@ -218,5 +218,10 @@ resource "aws_kms_key" "batch_processor_errors_sns_encryption_key" {
 
 resource "aws_kms_alias" "batch_processor_errors_sns_encryption_key" {
   name          = "alias/${var.environment}-batch-processor-errors-imms-sns-encryption"
-  target_key_id = aws_kms_key.batch_processor_errors_sns_encryption_key.key_id
+  target_key_id = aws_kms_key.error_alerts_sns_encryption_key.key_id
+}
+
+resource "aws_kms_alias" "fhir_api_errors_sns_encryption_key" {
+  name          = "alias/${var.environment}-batch-processor-errors-imms-sns-encryption"
+  target_key_id = aws_kms_key.error_alerts_sns_encryption_key.key_id
 }
