Don't reserve concurrency on PR deploys to avoid hitting account limits. (#400)

mfjarvis · web-flow · commit a9b33b4d5eef · 2025-05-01T15:44:33.000+01:00
diff --git a/terraform/ack_lambda.tf b/terraform/ack_lambda.tf
@@ -115,17 +115,17 @@ resource "aws_iam_policy" "ack_lambda_exec_policy" {
           "s3:DeleteObject"
         ]
         Resource = [
-          "arn:aws:s3:::immunisation-batch-${local.env}-data-sources",       
+          "arn:aws:s3:::immunisation-batch-${local.env}-data-sources",
           "arn:aws:s3:::immunisation-batch-${local.env}-data-sources/*",
-          "${data.aws_s3_bucket.existing_destination_bucket.arn}",       
-          "${data.aws_s3_bucket.existing_destination_bucket.arn}/*"         
+          "${data.aws_s3_bucket.existing_destination_bucket.arn}",
+          "${data.aws_s3_bucket.existing_destination_bucket.arn}/*"
         ]
       },
       {
         Effect   = "Allow"
         Action   = "lambda:InvokeFunction"
         Resource = [
-          data.aws_lambda_function.existing_file_name_proc_lambda.arn,               
+          data.aws_lambda_function.existing_file_name_proc_lambda.arn,
         ]
       },
       {
@@ -139,13 +139,13 @@ resource "aws_iam_policy" "ack_lambda_exec_policy" {
           "arn:aws:dynamodb:${var.aws_region}:${local.local_account_id}:table/${data.aws_dynamodb_table.audit-table.name}/index/*",
         ]
       },
-      { 
-        Effect = "Allow", 
-        Action = [ 
-                  "sqs:ReceiveMessage", 
-                  "sqs:DeleteMessage", 
-                  "sqs:GetQueueAttributes" 
-                  ], 
+      {
+        Effect = "Allow",
+        Action = [
+                  "sqs:ReceiveMessage",
+                  "sqs:DeleteMessage",
+                  "sqs:GetQueueAttributes"
+                  ],
         Resource = "arn:aws:sqs:eu-west-2:${local.local_account_id}:${local.short_prefix}-ack-metadata-queue.fifo" },
       {
         "Effect": "Allow",
@@ -205,10 +205,10 @@ resource "aws_lambda_function" "ack_processor_lambda" {
   architectures   = ["x86_64"]
   timeout         = 900
   memory_size    = 2048
-  ephemeral_storage { 
-      size = 2048  
+  ephemeral_storage {
+      size = 2048
   }
-  
+
   environment {
     variables = {
       ACK_BUCKET_NAME     = data.aws_s3_bucket.existing_destination_bucket.bucket
@@ -219,15 +219,15 @@ resource "aws_lambda_function" "ack_processor_lambda" {
     }
   }
 
-  reserved_concurrent_executions = 20
+  reserved_concurrent_executions = startswith(local.environment, "pr-") ? -1 : 20
   depends_on = [
     aws_cloudwatch_log_group.ack_lambda_log_group
   ]
 }
 
-resource "aws_lambda_event_source_mapping" "sqs_to_lambda"{ 
-  event_source_arn = aws_sqs_queue.fifo_queue.arn 
-  function_name = aws_lambda_function.ack_processor_lambda.arn 
+resource "aws_lambda_event_source_mapping" "sqs_to_lambda"{
+  event_source_arn = aws_sqs_queue.fifo_queue.arn
+  function_name = aws_lambda_function.ack_processor_lambda.arn
   batch_size = 10
-  enabled = true 
-}
+  enabled = true
+}
diff --git a/terraform/file_name_processor.tf b/terraform/file_name_processor.tf
@@ -115,8 +115,8 @@ resource "aws_iam_policy" "filenameprocessor_lambda_exec_policy" {
           "s3:DeleteObject"
         ]
         Resource = [
-          "arn:aws:s3:::${local.batch_prefix}-data-sources",           
-          "arn:aws:s3:::${local.batch_prefix}-data-sources/*"        
+          "arn:aws:s3:::${local.batch_prefix}-data-sources",
+          "arn:aws:s3:::${local.batch_prefix}-data-sources/*"
         ]
       },
       {
@@ -127,8 +127,8 @@ resource "aws_iam_policy" "filenameprocessor_lambda_exec_policy" {
           "s3:ListBucket"
         ]
         Resource = [
-          "${data.aws_s3_bucket.existing_destination_bucket.arn}",       
-          "${data.aws_s3_bucket.existing_destination_bucket.arn}/*"         
+          "${data.aws_s3_bucket.existing_destination_bucket.arn}",
+          "${data.aws_s3_bucket.existing_destination_bucket.arn}/*"
         ]
       },
       {
@@ -148,8 +148,8 @@ resource "aws_iam_policy" "filenameprocessor_lambda_exec_policy" {
           "s3:ListBucket"
         ]
         Resource = [
-          "arn:aws:s3:::${data.aws_s3_bucket.existing_config_bucket.bucket}",           
-          "arn:aws:s3:::${data.aws_s3_bucket.existing_config_bucket.bucket}/*"        
+          "arn:aws:s3:::${data.aws_s3_bucket.existing_config_bucket.bucket}",
+          "arn:aws:s3:::${data.aws_s3_bucket.existing_config_bucket.bucket}/*"
         ]
       },
       {
@@ -164,7 +164,7 @@ resource "aws_iam_policy" "filenameprocessor_lambda_exec_policy" {
         Effect   = "Allow"
         Action   = "lambda:InvokeFunction"
         Resource = [
-          "arn:aws:lambda:${var.aws_region}:${local.local_account_id}:function:imms-${local.env}-filenameproc_lambda",               
+          "arn:aws:lambda:${var.aws_region}:${local.local_account_id}:function:imms-${local.env}-filenameproc_lambda",
         ]
       }
     ]
@@ -294,12 +294,12 @@ resource "aws_lambda_function" "file_processor_lambda" {
     }
   }
   kms_key_arn = data.aws_kms_key.existing_lambda_encryption_key.arn
-  reserved_concurrent_executions = 20
+  reserved_concurrent_executions = startswith(local.environment, "pr-") ? -1 : 20
   depends_on = [
     aws_cloudwatch_log_group.file_name_processor_log_group,
     aws_iam_policy.filenameprocessor_lambda_exec_policy
   ]
-  
+
 }
 
 
@@ -421,4 +421,4 @@ resource "aws_iam_role_policy_attachment" "elasticache_policy_attachment" {
 resource "aws_cloudwatch_log_group" "file_name_processor_log_group" {
   name              = "/aws/lambda/${local.short_prefix}-filenameproc_lambda"
   retention_in_days = 30
-}
+}
diff --git a/terraform/forwarder_lambda.tf b/terraform/forwarder_lambda.tf
@@ -116,8 +116,8 @@ resource "aws_iam_policy" "forwarding_lambda_exec_policy" {
           "s3:ListBucket"
         ]
         Resource = [
-          "arn:aws:s3:::${local.batch_prefix}-data-sources",           
-          "arn:aws:s3:::${local.batch_prefix}-data-sources/*"        
+          "arn:aws:s3:::${local.batch_prefix}-data-sources",
+          "arn:aws:s3:::${local.batch_prefix}-data-sources/*"
         ]
       },
       {
@@ -128,8 +128,8 @@ resource "aws_iam_policy" "forwarding_lambda_exec_policy" {
           "s3:ListBucket"
         ]
         Resource = [
-          "${data.aws_s3_bucket.existing_destination_bucket.arn}",       
-          "${data.aws_s3_bucket.existing_destination_bucket.arn}/*"        
+          "${data.aws_s3_bucket.existing_destination_bucket.arn}",
+          "${data.aws_s3_bucket.existing_destination_bucket.arn}/*"
         ]
       },
       {
@@ -198,8 +198,8 @@ resource "aws_lambda_function" "forwarding_lambda" {
   image_uri      = module.forwarding_docker_image.image_uri
   timeout        = 900
   memory_size    = 2048
-  ephemeral_storage { 
-      size = 1024  
+  ephemeral_storage {
+      size = 1024
   }
 
   environment {
@@ -215,8 +215,8 @@ resource "aws_lambda_function" "forwarding_lambda" {
     aws_iam_role_policy_attachment.forwarding_lambda_exec_policy_attachment,
     aws_cloudwatch_log_group.forwarding_lambda_log_group
   ]
-  
-  reserved_concurrent_executions = 20
+
+  reserved_concurrent_executions = startswith(local.environment, "pr-") ? -1 : 20
 }
 
  resource "aws_lambda_event_source_mapping" "kinesis_event_source_mapping_forwarder_lambda" {
@@ -228,8 +228,8 @@ resource "aws_lambda_function" "forwarding_lambda" {
 
    depends_on = [aws_lambda_function.forwarding_lambda]
  }
- 
+
  resource "aws_cloudwatch_log_group" "forwarding_lambda_log_group" {
   name              = "/aws/lambda/${local.short_prefix}-forwarding_lambda"
   retention_in_days = 30
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -115,8 +115,8 @@ resource "aws_iam_policy" "filenameprocessor_lambda_exec_policy" {`
`115`	`115`	`"s3:DeleteObject"`
`116`	`116`	`]`
`117`	`117`	`Resource = [`
`118`		`- "arn:aws:s3:::${local.batch_prefix}-data-sources",`
`119`		`- "arn:aws:s3:::${local.batch_prefix}-data-sources/*"`
	`118`	`+ "arn:aws:s3:::${local.batch_prefix}-data-sources",`
	`119`	`+ "arn:aws:s3:::${local.batch_prefix}-data-sources/*"`
`120`	`120`	`]`
`121`	`121`	`},`
`122`	`122`	`{`
`@@ -127,8 +127,8 @@ resource "aws_iam_policy" "filenameprocessor_lambda_exec_policy" {`
`127`	`127`	`"s3:ListBucket"`
`128`	`128`	`]`
`129`	`129`	`Resource = [`
`130`		`- "${data.aws_s3_bucket.existing_destination_bucket.arn}",`
`131`		`- "${data.aws_s3_bucket.existing_destination_bucket.arn}/*"`
	`130`	`+ "${data.aws_s3_bucket.existing_destination_bucket.arn}",`
	`131`	`+ "${data.aws_s3_bucket.existing_destination_bucket.arn}/*"`
`132`	`132`	`]`
`133`	`133`	`},`
`134`	`134`	`{`
`@@ -148,8 +148,8 @@ resource "aws_iam_policy" "filenameprocessor_lambda_exec_policy" {`
`148`	`148`	`"s3:ListBucket"`
`149`	`149`	`]`
`150`	`150`	`Resource = [`
`151`		`- "arn:aws:s3:::${data.aws_s3_bucket.existing_config_bucket.bucket}",`
`152`		`- "arn:aws:s3:::${data.aws_s3_bucket.existing_config_bucket.bucket}/*"`
	`151`	`+ "arn:aws:s3:::${data.aws_s3_bucket.existing_config_bucket.bucket}",`
	`152`	`+ "arn:aws:s3:::${data.aws_s3_bucket.existing_config_bucket.bucket}/*"`
`153`	`153`	`]`
`154`	`154`	`},`
`155`	`155`	`{`
`@@ -164,7 +164,7 @@ resource "aws_iam_policy" "filenameprocessor_lambda_exec_policy" {`
`164`	`164`	`Effect = "Allow"`
`165`	`165`	`Action = "lambda:InvokeFunction"`
`166`	`166`	`Resource = [`
`167`		`- "arn:aws:lambda:${var.aws_region}:${local.local_account_id}:function:imms-${local.env}-filenameproc_lambda",`
	`167`	`+ "arn:aws:lambda:${var.aws_region}:${local.local_account_id}:function:imms-${local.env}-filenameproc_lambda",`
`168`	`168`	`]`
`169`	`169`	`}`
`170`	`170`	`]`
`@@ -294,12 +294,12 @@ resource "aws_lambda_function" "file_processor_lambda" {`
`294`	`294`	`}`
`295`	`295`	`}`
`296`	`296`	`kms_key_arn = data.aws_kms_key.existing_lambda_encryption_key.arn`
`297`		`- reserved_concurrent_executions = 20`
	`297`	`+ reserved_concurrent_executions = startswith(local.environment, "pr-") ? -1 : 20`
`298`	`298`	`depends_on = [`
`299`	`299`	`aws_cloudwatch_log_group.file_name_processor_log_group,`
`300`	`300`	`aws_iam_policy.filenameprocessor_lambda_exec_policy`
`301`	`301`	`]`
`302`		`-`
	`302`	`+`
`303`	`303`	`}`
`304`	`304`
`305`	`305`
`@@ -421,4 +421,4 @@ resource "aws_iam_role_policy_attachment" "elasticache_policy_attachment" {`
`421`	`421`	`resource "aws_cloudwatch_log_group" "file_name_processor_log_group" {`
`422`	`422`	`name = "/aws/lambda/${local.short_prefix}-filenameproc_lambda"`
`423`	`423`	`retention_in_days = 30`
`424`		`-}`
	`424`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -116,8 +116,8 @@ resource "aws_iam_policy" "forwarding_lambda_exec_policy" {`
`116`	`116`	`"s3:ListBucket"`
`117`	`117`	`]`
`118`	`118`	`Resource = [`
`119`		`- "arn:aws:s3:::${local.batch_prefix}-data-sources",`
`120`		`- "arn:aws:s3:::${local.batch_prefix}-data-sources/*"`
	`119`	`+ "arn:aws:s3:::${local.batch_prefix}-data-sources",`
	`120`	`+ "arn:aws:s3:::${local.batch_prefix}-data-sources/*"`
`121`	`121`	`]`
`122`	`122`	`},`
`123`	`123`	`{`
`@@ -128,8 +128,8 @@ resource "aws_iam_policy" "forwarding_lambda_exec_policy" {`
`128`	`128`	`"s3:ListBucket"`
`129`	`129`	`]`
`130`	`130`	`Resource = [`
`131`		`- "${data.aws_s3_bucket.existing_destination_bucket.arn}",`
`132`		`- "${data.aws_s3_bucket.existing_destination_bucket.arn}/*"`
	`131`	`+ "${data.aws_s3_bucket.existing_destination_bucket.arn}",`
	`132`	`+ "${data.aws_s3_bucket.existing_destination_bucket.arn}/*"`
`133`	`133`	`]`
`134`	`134`	`},`
`135`	`135`	`{`
`@@ -198,8 +198,8 @@ resource "aws_lambda_function" "forwarding_lambda" {`
`198`	`198`	`image_uri = module.forwarding_docker_image.image_uri`
`199`	`199`	`timeout = 900`
`200`	`200`	`memory_size = 2048`
`201`		`- ephemeral_storage {`
`202`		`- size = 1024`
	`201`	`+ ephemeral_storage {`
	`202`	`+ size = 1024`
`203`	`203`	`}`
`204`	`204`
`205`	`205`	`environment {`
`@@ -215,8 +215,8 @@ resource "aws_lambda_function" "forwarding_lambda" {`
`215`	`215`	`aws_iam_role_policy_attachment.forwarding_lambda_exec_policy_attachment,`
`216`	`216`	`aws_cloudwatch_log_group.forwarding_lambda_log_group`
`217`	`217`	`]`
`218`		`-`
`219`		`- reserved_concurrent_executions = 20`
	`218`	`+`
	`219`	`+ reserved_concurrent_executions = startswith(local.environment, "pr-") ? -1 : 20`
`220`	`220`	`}`
`221`	`221`
`222`	`222`	`resource "aws_lambda_event_source_mapping" "kinesis_event_source_mapping_forwarder_lambda" {`
`@@ -228,8 +228,8 @@ resource "aws_lambda_function" "forwarding_lambda" {`
`228`	`228`
`229`	`229`	`depends_on = [aws_lambda_function.forwarding_lambda]`
`230`	`230`	`}`
`231`		`-`
	`231`	`+`
`232`	`232`	`resource "aws_cloudwatch_log_group" "forwarding_lambda_log_group" {`
`233`	`233`	`name = "/aws/lambda/${local.short_prefix}-forwarding_lambda"`
`234`	`234`	`retention_in_days = 30`
`235`		`-}`
	`235`	`+}`