VED-446 Redis Sync S3 Bucket (#632)

* remove existing_config_bucket

* bucket no count

Author: nhsdevws

terraform/redis_sync_lambda.tf

@@ -253,10 +253,8 @@ resource "aws_cloudwatch_log_group" "redis_sync_log_group" {
 
 # S3 Bucket notification to trigger Lambda function for config bucket
 resource "aws_s3_bucket_notification" "config_lambda_notification" {
-  # For now, only create a trigger in internal-dev and prod as those are the envs with a config bucket
-  count = local.create_config_bucket ? 1 : 0
 
-  bucket = aws_s3_bucket.batch_config_bucket[0].bucket
+  bucket = aws_s3_bucket.batch_config_bucket.bucket
 
   lambda_function {
     lambda_function_arn = aws_lambda_function.redis_sync_lambda.arn
@@ -266,7 +264,6 @@ resource "aws_s3_bucket_notification" "config_lambda_notification" {
 
 # Permission for the new S3 bucket to invoke the Lambda function
 resource "aws_lambda_permission" "new_s3_invoke_permission" {
-  count = local.create_config_bucket ? 1 : 0
 
   statement_id  = "AllowExecutionFromNewS3"
   action        = "lambda:InvokeFunction"

terraform/s3_config.tf

@@ -192,16 +192,11 @@ resource "aws_s3_bucket_lifecycle_configuration" "data_destinations" {
 }
 
 resource "aws_s3_bucket" "batch_config_bucket" {
-  # For now, only create in internal-dev and prod as we only have one shared Redis instance per account.
-  count = local.create_config_bucket ? 1 : 0
-
   bucket = "imms-${local.environment}-supplier-config"
 }
 
 resource "aws_s3_bucket_public_access_block" "batch_config_bucket_public_access_block" {
-  count = local.create_config_bucket ? 1 : 0
-
-  bucket = aws_s3_bucket.batch_config_bucket[0].id
+  bucket = aws_s3_bucket.batch_config_bucket.id
 
   block_public_acls       = true
   block_public_policy     = true
@@ -210,9 +205,7 @@ resource "aws_s3_bucket_public_access_block" "batch_config_bucket_public_access_
 }
 
 resource "aws_s3_bucket_policy" "batch_config_bucket_policy" {
-  count = local.create_config_bucket ? 1 : 0
-
-  bucket = aws_s3_bucket.batch_config_bucket[0].id
+  bucket = aws_s3_bucket.batch_config_bucket.id
 
   policy = jsonencode({
     Version = "2012-10-17"
@@ -226,8 +219,8 @@ resource "aws_s3_bucket_policy" "batch_config_bucket_policy" {
         }
         Action = "s3:*"
         Resource = [
-          aws_s3_bucket.batch_config_bucket[0].arn,
-          "${aws_s3_bucket.batch_config_bucket[0].arn}/*",
+          aws_s3_bucket.batch_config_bucket.arn,
+          "${aws_s3_bucket.batch_config_bucket.arn}/*",
         ]
         Condition = {
           Bool = {

terraform/variables.tf

@@ -27,10 +27,9 @@ locals {
   project_domain_name = data.aws_route53_zone.project_zone.name
   service_domain_name = "${local.env}.${local.project_domain_name}"
 
-  # For now, only create the config bucket in internal-dev and prod as we only have one Redis instance per account.
-  create_config_bucket = local.environment == local.config_bucket_env
-  config_bucket_arn    = local.create_config_bucket ? aws_s3_bucket.batch_config_bucket[0].arn : data.aws_s3_bucket.existing_config_bucket[0].arn
-  config_bucket_name   = local.create_config_bucket ? aws_s3_bucket.batch_config_bucket[0].bucket : data.aws_s3_bucket.existing_config_bucket[0].bucket
+  config_bucket_arn    = aws_s3_bucket.batch_config_bucket.arn
+  config_bucket_name   = aws_s3_bucket.batch_config_bucket.bucket
+
 
   # Public subnet - The subnet has a direct route to an internet gateway. Resources in a public subnet can access the public internet.
   # public_subnet_ids = [for k, v in data.aws_route.internet_traffic_route_by_subnet : k if length(v.gateway_id) > 0]
@@ -88,13 +87,6 @@ data "aws_security_group" "existing_securitygroup" {
   }
 }
 
-data "aws_s3_bucket" "existing_config_bucket" {
-  # For now, look up the internal-dev bucket during int, ref and PR branch deploys.
-  count = local.create_config_bucket ? 0 : 1
-
-  bucket = "imms-${local.config_bucket_env}-supplier-config"
-}
-
 data "aws_kms_key" "existing_lambda_encryption_key" {
   key_id = "alias/imms-batch-lambda-env-encryption"
 }