VED-26: Add forwarder Lambda to VPC.

mfjarvis · mfjarvis · commit c3eca63888e0 · 2025-07-09T12:59:56.000+01:00
diff --git a/terraform/forwarder_lambda.tf b/terraform/forwarder_lambda.tf
@@ -209,12 +209,19 @@ resource "aws_lambda_function" "forwarding_lambda" {
     size = 1024
   }
 
+  vpc_config {
+    subnet_ids         = local.private_subnet_ids
+    security_group_ids = [data.aws_security_group.existing_securitygroup.id]
+  }
+
   environment {
     variables = {
       SOURCE_BUCKET_NAME  = aws_s3_bucket.batch_data_source_bucket.bucket
       ACK_BUCKET_NAME     = aws_s3_bucket.batch_data_destination_bucket.bucket
       DYNAMODB_TABLE_NAME = aws_dynamodb_table.events-dynamodb-table.name
       SQS_QUEUE_URL       = aws_sqs_queue.fifo_queue.url
+      REDIS_HOST          = data.aws_elasticache_cluster.existing_redis.cache_nodes[0].address
+      REDIS_PORT          = data.aws_elasticache_cluster.existing_redis.cache_nodes[0].port
     }
   }
   kms_key_arn = data.aws_kms_key.existing_lambda_encryption_key.arn
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -15,19 +15,19 @@ variable "aws_region" {
 }
 
 locals {
-  environment       = terraform.workspace == "green" ? "prod" : terraform.workspace == "blue" ? "prod" : terraform.workspace
-  env               = terraform.workspace
-  prefix            = "${var.project_name}-${var.service}-${local.env}"
-  short_prefix      = "${var.project_short_name}-${local.env}"
-  batch_prefix      = "immunisation-batch-${local.env}"
-  config_env        = local.environment == "prod" ? "prod" : "dev"
+  environment  = terraform.workspace == "green" ? "prod" : terraform.workspace == "blue" ? "prod" : terraform.workspace
+  env          = terraform.workspace
+  prefix       = "${var.project_name}-${var.service}-${local.env}"
+  short_prefix = "${var.project_short_name}-${local.env}"
+  batch_prefix = "immunisation-batch-${local.env}"
+  config_env   = local.environment == "prod" ? "prod" : "dev"
 
   root_domain         = "${local.config_env}.vds.platform.nhs.uk"
   project_domain_name = data.aws_route53_zone.project_zone.name
   service_domain_name = "${local.env}.${local.project_domain_name}"
 
-  config_bucket_arn    = aws_s3_bucket.batch_config_bucket.arn
-  config_bucket_name   = aws_s3_bucket.batch_config_bucket.bucket
+  config_bucket_arn  = aws_s3_bucket.batch_config_bucket.arn
+  config_bucket_name = aws_s3_bucket.batch_config_bucket.bucket
 
 
   # Public subnet - The subnet has a direct route to an internet gateway. Resources in a public subnet can access the public internet.

Original file line number	Diff line number	Diff line change
`@@ -209,12 +209,19 @@ resource "aws_lambda_function" "forwarding_lambda" {`
`209`	`209`	`size = 1024`
`210`	`210`	`}`
`211`	`211`
	`212`	`+ vpc_config {`
	`213`	`+ subnet_ids = local.private_subnet_ids`
	`214`	`+ security_group_ids = [data.aws_security_group.existing_securitygroup.id]`
	`215`	`+ }`
	`216`	`+`
`212`	`217`	`environment {`
`213`	`218`	`variables = {`
`214`	`219`	`SOURCE_BUCKET_NAME = aws_s3_bucket.batch_data_source_bucket.bucket`
`215`	`220`	`ACK_BUCKET_NAME = aws_s3_bucket.batch_data_destination_bucket.bucket`
`216`	`221`	`DYNAMODB_TABLE_NAME = aws_dynamodb_table.events-dynamodb-table.name`
`217`	`222`	`SQS_QUEUE_URL = aws_sqs_queue.fifo_queue.url`
	`223`	`+ REDIS_HOST = data.aws_elasticache_cluster.existing_redis.cache_nodes[0].address`
	`224`	`+ REDIS_PORT = data.aws_elasticache_cluster.existing_redis.cache_nodes[0].port`
`218`	`225`	`}`
`219`	`226`	`}`
`220`	`227`	`kms_key_arn = data.aws_kms_key.existing_lambda_encryption_key.arn`