tf

nhsdevws · nhsdevws · commit bbd1f157cb75 · 2025-07-31T10:50:54.000+01:00
diff --git a/terraform/id_sync_lambda.tf b/terraform/id_sync_lambda.tf
@@ -10,7 +10,7 @@ locals {
   # Calculate SHA for both directories
   shared_dir_sha         = sha1(join("", [for f in local.shared_files : filesha1("${local.shared_dir}/${f}")]))
   id_sync_lambda_dir_sha = sha1(join("", [for f in local.id_sync_lambda_files : filesha1("${local.id_sync_lambda_dir}/${f}")]))
-  lambda_name            = "${local.short_prefix}-id_sync"
+
 }
 
 resource "aws_ecr_repository" "id_sync_lambda_repository" {
@@ -173,7 +173,7 @@ resource "aws_iam_policy" "id_sync_lambda_exec_policy" {
         Effect = "Allow"
         Action = "lambda:InvokeFunction"
         Resource = [
-          "arn:aws:lambda:${var.aws_region}:${var.immunisation_account_id}:function:${local.lambda_name}",
+          "arn:aws:lambda:${var.aws_region}:${var.immunisation_account_id}:function:imms-${var.sub_environment}-id_sync_lambda",
         ]
       },
       # NEW
@@ -243,6 +243,9 @@ resource "aws_iam_role_policy_attachment" "id_sync_lambda_kms_policy_attachment"
 
 data "aws_iam_policy_document" "id_sync_policy_document" {
   source_policy_documents = [
+    templatefile("${local.policy_path}/dynamodb.json", {
+      "dynamodb_table_name" : aws_dynamodb_table.delta-dynamodb-table.name
+    }),
     templatefile("${local.policy_path}/dynamodb_stream.json", {
       "dynamodb_table_name" : aws_dynamodb_table.events-dynamodb-table.name
     }),
@@ -267,7 +270,7 @@ resource "aws_iam_role_policy_attachment" "id_sync_lambda_dynamodb_policy_attach
 
 # Lambda Function with Security Group and VPC.
 resource "aws_lambda_function" "id_sync_lambda" {
-  function_name = local.lambda_name
+  function_name = "${local.short_prefix}-id_sync_lambda"
   role          = aws_iam_role.id_sync_lambda_exec_role.arn
   package_type  = "Image"
   image_uri     = module.id_sync_docker_image.image_uri
@@ -281,9 +284,12 @@ resource "aws_lambda_function" "id_sync_lambda" {
 
   environment {
     variables = {
+      CONFIG_BUCKET_NAME       = local.config_bucket_name
       REDIS_HOST               = data.aws_elasticache_cluster.existing_redis.cache_nodes[0].address
       REDIS_PORT               = data.aws_elasticache_cluster.existing_redis.cache_nodes[0].port
+      ID_SYNC_PROC_LAMBDA_NAME = "imms-${var.sub_environment}-id_sync_lambda"
       # NEW
+      DELTA_TABLE_NAME     = aws_dynamodb_table.delta-dynamodb-table.name
       IEDS_TABLE_NAME      = aws_dynamodb_table.events-dynamodb-table.name
       PDS_ENV              = var.pds_environment
       SPLUNK_FIREHOSE_NAME = module.splunk.firehose_stream_name
@@ -298,7 +304,7 @@ resource "aws_lambda_function" "id_sync_lambda" {
 }
 
 resource "aws_cloudwatch_log_group" "id_sync_log_group" {
-  name              = "/aws/lambda/${local.short_prefix}-id_sync"
+  name              = "/aws/lambda/${local.short_prefix}-id_sync_lambda"
   retention_in_days = 30
 }
 
