Work in progress - started off tf changes

Author: dlzhry2nhs

terraform/ack_lambda.tf

@@ -123,13 +123,6 @@ resource "aws_iam_policy" "ack_lambda_exec_policy" {
           "${aws_s3_bucket.batch_data_destination_bucket.arn}/*"
         ]
       },
-      {
-        Effect = "Allow"
-        Action = "lambda:InvokeFunction"
-        Resource = [
-          aws_lambda_function.file_processor_lambda.arn,
-        ]
-      },
       {
         Effect = "Allow"
         Action = [
@@ -165,6 +158,7 @@ resource "aws_cloudwatch_log_group" "ack_lambda_log_group" {
   name              = "/aws/lambda/${local.short_prefix}-ack-lambda"
   retention_in_days = 30
 }
+
 resource "aws_iam_policy" "ack_s3_kms_access_policy" {
   name        = "${local.short_prefix}-ack-s3-kms-policy"
   description = "Allow Lambda to decrypt environment variables"
@@ -199,6 +193,7 @@ resource "aws_iam_role_policy_attachment" "lambda_kms_policy_attachment" {
   role       = aws_iam_role.ack_lambda_exec_role.name
   policy_arn = aws_iam_policy.ack_s3_kms_access_policy.arn
 }
+
 # Lambda Function with Security Group and VPC.
 resource "aws_lambda_function" "ack_processor_lambda" {
   function_name = "${local.short_prefix}-ack-lambda"

terraform/batch_processor_filter_lambda.tf

@@ -161,13 +161,6 @@ resource "aws_iam_policy" "filenameprocessor_lambda_exec_policy" {
           "firehose:PutRecordBatch"
         ],
         "Resource" : "arn:aws:firehose:*:*:deliverystream/${module.splunk.firehose_stream_name}"
-      },
-      {
-        Effect = "Allow"
-        Action = "lambda:InvokeFunction"
-        Resource = [
-          "arn:aws:lambda:${var.aws_region}:${var.immunisation_account_id}:function:imms-${var.sub_environment}-filenameproc_lambda",
-        ]
       }
     ]
   })
@@ -184,7 +177,7 @@ resource "aws_iam_policy" "filenameprocessor_lambda_sqs_policy" {
       Action = [
         "sqs:SendMessage"
       ],
-      Resource = aws_sqs_queue.supplier_fifo_queue.arn
+      Resource = aws_sqs_queue.batch_file_created.arn
     }]
   })
 }
@@ -266,6 +259,7 @@ resource "aws_iam_role_policy_attachment" "filenameprocessor_lambda_dynamo_acces
   role       = aws_iam_role.filenameprocessor_lambda_exec_role.name
   policy_arn = aws_iam_policy.filenameprocessor_dynamo_access_policy.arn
 }
+
 # Lambda Function with Security Group and VPC.
 resource "aws_lambda_function" "file_processor_lambda" {
   function_name = "${local.short_prefix}-filenameproc_lambda"
@@ -284,14 +278,13 @@ resource "aws_lambda_function" "file_processor_lambda" {
     variables = {
       SOURCE_BUCKET_NAME         = aws_s3_bucket.batch_data_source_bucket.bucket
       ACK_BUCKET_NAME            = aws_s3_bucket.batch_data_destination_bucket.bucket
-      QUEUE_URL                  = aws_sqs_queue.supplier_fifo_queue.url
+      QUEUE_URL                  = aws_sqs_queue.batch_file_created.url
       CONFIG_BUCKET_NAME         = local.config_bucket_name
       REDIS_HOST                 = data.aws_elasticache_cluster.existing_redis.cache_nodes[0].address
       REDIS_PORT                 = data.aws_elasticache_cluster.existing_redis.cache_nodes[0].port
       SPLUNK_FIREHOSE_NAME       = module.splunk.firehose_stream_name
       AUDIT_TABLE_NAME           = aws_dynamodb_table.audit-table.name
       FILE_NAME_GSI              = "filename_index"
-      FILE_NAME_PROC_LAMBDA_NAME = "imms-${var.sub_environment}-filenameproc_lambda"
 
     }
   }
@@ -304,7 +297,6 @@ resource "aws_lambda_function" "file_processor_lambda" {
 
 }
 
-
 # Permission for S3 to invoke Lambda function
 resource "aws_lambda_permission" "s3_invoke_permission" {
   statement_id  = "AllowExecutionFromS3"

terraform/file_name_processor.tf

@@ -0,0 +1,8 @@
+# FIFO SQS Queue - targeted by Filename Processor Lambda function
+resource "aws_sqs_queue" "batch_file_created" {
+  name                        = "${local.short_prefix}-batch-file-created-queue.fifo"
+  policy                      = data.aws_iam_policy_document.batch_file_created_queue_policy.json
+  fifo_queue                  = true
+  content_based_deduplication = true # Optional, helps with deduplication
+  visibility_timeout_seconds  = 900 # TODO - discuss and refine both this, max receives and DLQ
+}