Merge branch 'master' into VED-357-infra-updates-only

nhsdevws · web-flow · commit cf6ee25fe2fc · 2025-07-09T09:43:14.000+01:00
diff --git a/terraform/ack_lambda.tf b/terraform/ack_lambda.tf
@@ -17,7 +17,7 @@ resource "aws_ecr_repository" "ack_lambda_repository" {
 # Module for building and pushing Docker image to ECR
 module "ack_processor_docker_image" {
   source  = "terraform-aws-modules/lambda/aws//modules/docker-build"
-  version = "7.21.1"
+  version = "8.0.1"
 
   create_ecr_repo = false
   ecr_repo        = aws_ecr_repository.ack_lambda_repository.name
diff --git a/terraform/delta.tf b/terraform/delta.tf
@@ -17,7 +17,7 @@ resource "aws_ecr_repository" "delta_lambda_repository" {
 
 module "delta_docker_image" {
   source  = "terraform-aws-modules/lambda/aws//modules/docker-build"
-  version = "7.21.1"
+  version = "8.0.1"
 
   create_ecr_repo = false
   ecr_repo        = "${local.prefix}-delta-lambda-repo"
diff --git a/terraform/ecs_batch_processor_config.tf b/terraform/ecs_batch_processor_config.tf
@@ -27,7 +27,7 @@ resource "aws_ecr_repository" "processing_repository" {
 # Build and Push Docker Image to ECR (Reusing the existing module)
 module "processing_docker_image" {
   source  = "terraform-aws-modules/lambda/aws//modules/docker-build"
-  version = "7.21.1"
+  version = "8.0.1"
 
   docker_file_path = "Dockerfile"
   create_ecr_repo  = false
diff --git a/terraform/file_name_processor.tf b/terraform/file_name_processor.tf
@@ -17,7 +17,7 @@ resource "aws_ecr_repository" "file_name_processor_lambda_repository" {
 # Module for building and pushing Docker image to ECR
 module "file_processor_docker_image" {
   source  = "terraform-aws-modules/lambda/aws//modules/docker-build"
-  version = "7.21.1"
+  version = "8.0.1"
 
   create_ecr_repo = false
   ecr_repo        = aws_ecr_repository.file_name_processor_lambda_repository.name
diff --git a/terraform/forwarder_lambda.tf b/terraform/forwarder_lambda.tf
@@ -20,7 +20,7 @@ resource "aws_ecr_repository" "forwarder_lambda_repository" {
 
 module "forwarding_docker_image" {
   source  = "terraform-aws-modules/lambda/aws//modules/docker-build"
-  version = "7.21.1"
+  version = "8.0.1"
 
   create_ecr_repo  = false
   ecr_repo         = aws_ecr_repository.forwarder_lambda_repository.name
diff --git a/terraform/lambda.tf b/terraform/lambda.tf
@@ -21,7 +21,7 @@ resource "aws_ecr_repository" "operation_lambda_repository" {
 #resource "docker_image" "lambda_function_docker" {
 module "docker_image" {
   source  = "terraform-aws-modules/lambda/aws//modules/docker-build"
-  version = "7.21.1"
+  version = "8.0.1"
 
   create_ecr_repo  = false
   ecr_repo         = "${local.prefix}-operation-lambda-repo"
diff --git a/terraform/mesh_processor.tf b/terraform/mesh_processor.tf
@@ -17,7 +17,7 @@ resource "aws_ecr_repository" "mesh_file_converter_lambda_repository" {
 # Module for building and pushing Docker image to ECR
 module "mesh_processor_docker_image" {
   source  = "terraform-aws-modules/lambda/aws//modules/docker-build"
-  version = "7.21.1"
+  version = "8.0.1"
 
   create_ecr_repo = false
   ecr_repo        = aws_ecr_repository.mesh_file_converter_lambda_repository.name
diff --git a/terraform/redis_sync_lambda.tf b/terraform/redis_sync_lambda.tf
@@ -16,7 +16,7 @@ resource "aws_ecr_repository" "redis_sync_lambda_repository" {
 # Module for building and pushing Docker image to ECR
 module "redis_sync_docker_image" {
   source  = "terraform-aws-modules/lambda/aws//modules/docker-build"
-  version = "7.21.1"
+  version = "8.0.1"
 
   create_ecr_repo = false
   ecr_repo        = aws_ecr_repository.redis_sync_lambda_repository.name
@@ -253,10 +253,8 @@ resource "aws_cloudwatch_log_group" "redis_sync_log_group" {
 
 # S3 Bucket notification to trigger Lambda function for config bucket
 resource "aws_s3_bucket_notification" "config_lambda_notification" {
-  # For now, only create a trigger in internal-dev and prod as those are the envs with a config bucket
-  count = local.create_config_bucket ? 1 : 0
 
-  bucket = aws_s3_bucket.batch_config_bucket[0].bucket
+  bucket = aws_s3_bucket.batch_config_bucket.bucket
 
   lambda_function {
     lambda_function_arn = aws_lambda_function.redis_sync_lambda.arn
@@ -266,7 +264,6 @@ resource "aws_s3_bucket_notification" "config_lambda_notification" {
 
 # Permission for the new S3 bucket to invoke the Lambda function
 resource "aws_lambda_permission" "new_s3_invoke_permission" {
-  count = local.create_config_bucket ? 1 : 0
 
   statement_id  = "AllowExecutionFromNewS3"
   action        = "lambda:InvokeFunction"
diff --git a/terraform/s3_config.tf b/terraform/s3_config.tf
@@ -192,16 +192,11 @@ resource "aws_s3_bucket_lifecycle_configuration" "data_destinations" {
 }
 
 resource "aws_s3_bucket" "batch_config_bucket" {
-  # For now, only create in internal-dev and prod as we only have one shared Redis instance per account.
-  count = local.create_config_bucket ? 1 : 0
-
-  bucket = "imms-${local.environment}-supplier-config"
+  bucket = "imms-${local.environment}-fhir-config"
 }
 
 resource "aws_s3_bucket_public_access_block" "batch_config_bucket_public_access_block" {
-  count = local.create_config_bucket ? 1 : 0
-
-  bucket = aws_s3_bucket.batch_config_bucket[0].id
+  bucket = aws_s3_bucket.batch_config_bucket.id
 
   block_public_acls       = true
   block_public_policy     = true
@@ -210,9 +205,7 @@ resource "aws_s3_bucket_public_access_block" "batch_config_bucket_public_access_
 }
 
 resource "aws_s3_bucket_policy" "batch_config_bucket_policy" {
-  count = local.create_config_bucket ? 1 : 0
-
-  bucket = aws_s3_bucket.batch_config_bucket[0].id
+  bucket = aws_s3_bucket.batch_config_bucket.id
 
   policy = jsonencode({
     Version = "2012-10-17"
@@ -226,8 +219,8 @@ resource "aws_s3_bucket_policy" "batch_config_bucket_policy" {
         }
         Action = "s3:*"
         Resource = [
-          aws_s3_bucket.batch_config_bucket[0].arn,
-          "${aws_s3_bucket.batch_config_bucket[0].arn}/*",
+          aws_s3_bucket.batch_config_bucket.arn,
+          "${aws_s3_bucket.batch_config_bucket.arn}/*",
         ]
         Condition = {
           Bool = {
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -21,16 +21,14 @@ locals {
   short_prefix      = "${var.project_short_name}-${local.env}"
   batch_prefix      = "immunisation-batch-${local.env}"
   config_env        = local.environment == "prod" ? "prod" : "dev"
-  config_bucket_env = local.environment == "prod" ? "prod" : "internal-dev"
 
   root_domain         = "${local.config_env}.vds.platform.nhs.uk"
   project_domain_name = data.aws_route53_zone.project_zone.name
   service_domain_name = "${local.env}.${local.project_domain_name}"
 
-  # For now, only create the config bucket in internal-dev and prod as we only have one Redis instance per account.
-  create_config_bucket = local.environment == local.config_bucket_env
-  config_bucket_arn    = local.create_config_bucket ? aws_s3_bucket.batch_config_bucket[0].arn : data.aws_s3_bucket.existing_config_bucket[0].arn
-  config_bucket_name   = local.create_config_bucket ? aws_s3_bucket.batch_config_bucket[0].bucket : data.aws_s3_bucket.existing_config_bucket[0].bucket
+  config_bucket_arn    = aws_s3_bucket.batch_config_bucket.arn
+  config_bucket_name   = aws_s3_bucket.batch_config_bucket.bucket
+
 
   # Public subnet - The subnet has a direct route to an internet gateway. Resources in a public subnet can access the public internet.
   # public_subnet_ids = [for k, v in data.aws_route.internet_traffic_route_by_subnet : k if length(v.gateway_id) > 0]
@@ -88,13 +86,6 @@ data "aws_security_group" "existing_securitygroup" {
   }
 }
 
-data "aws_s3_bucket" "existing_config_bucket" {
-  # For now, look up the internal-dev bucket during int, ref and PR branch deploys.
-  count = local.create_config_bucket ? 0 : 1
-
-  bucket = "imms-${local.config_bucket_env}-supplier-config"
-}
-
 data "aws_kms_key" "existing_lambda_encryption_key" {
   key_id = "alias/imms-batch-lambda-env-encryption"
 }
