renamed dupilcate elements

JamesW1-NHS · JamesW1-NHS · commit cffef47abef3 · 2025-07-24T15:48:05.000+01:00
diff --git a/terraform/id_sync_lambda.tf b/terraform/id_sync_lambda.tf
@@ -1,25 +1,25 @@
 # Define the directory containing the Docker image and calculate its SHA-256 hash for triggering redeployments
 locals {
-  redis_sync_lambda_dir     = abspath("${path.root}/../redis_sync")
-  redis_sync_lambda_files   = fileset(local.redis_sync_lambda_dir, "**")
-  redis_sync_lambda_dir_sha = sha1(join("", [for f in local.redis_sync_lambda_files : filesha1("${local.redis_sync_lambda_dir}/${f}")]))
+  id_sync_lambda_dir     = abspath("${path.root}/../redis_sync")
+  id_sync_lambda_files   = fileset(local.id_sync_lambda_dir, "**")
+  id_sync_lambda_dir_sha = sha1(join("", [for f in local.id_sync_lambda_files : filesha1("${local.id_sync_lambda_dir}/${f}")]))
 }
 
-resource "aws_ecr_repository" "redis_sync_lambda_repository" {
+resource "aws_ecr_repository" "id_sync_lambda_repository" {
   image_scanning_configuration {
     scan_on_push = true
   }
-  name         = "${local.short_prefix}-redis-sync-repo"
+  name         = "${local.short_prefix}-id-sync-repo"
   force_delete = local.is_temp
 }
 
 # Module for building and pushing Docker image to ECR
-module "redis_sync_docker_image" {
+module "id_sync_docker_image" {
   source  = "terraform-aws-modules/lambda/aws//modules/docker-build"
   version = "8.0.1"
 
   create_ecr_repo = false
-  ecr_repo        = aws_ecr_repository.redis_sync_lambda_repository.name
+  ecr_repo        = aws_ecr_repository.id_sync_lambda_repository.name
   ecr_repo_lifecycle_policy = jsonencode({
     "rules" : [
       {
@@ -39,15 +39,15 @@ module "redis_sync_docker_image" {
 
   platform      = "linux/amd64"
   use_image_tag = false
-  source_path   = local.redis_sync_lambda_dir
+  source_path   = local.id_sync_lambda_dir
   triggers = {
-    dir_sha = local.redis_sync_lambda_dir_sha
+    dir_sha = local.id_sync_lambda_dir_sha
   }
 }
 
 # Define the lambdaECRImageRetreival policy
-resource "aws_ecr_repository_policy" "redis_sync_lambda_ECRImageRetreival_policy" {
-  repository = aws_ecr_repository.redis_sync_lambda_repository.name
+resource "aws_ecr_repository_policy" "id_sync_lambda_ECRImageRetreival_policy" {
+  repository = aws_ecr_repository.id_sync_lambda_repository.name
 
   policy = jsonencode({
     Version = "2012-10-17"
@@ -67,7 +67,7 @@ resource "aws_ecr_repository_policy" "redis_sync_lambda_ECRImageRetreival_policy
         ],
         Condition : {
           StringLike : {
-            "aws:sourceArn" : aws_lambda_function.redis_sync_lambda.arn
+            "aws:sourceArn" : aws_lambda_function.id_sync_lambda.arn
           }
         }
       }
@@ -76,8 +76,8 @@ resource "aws_ecr_repository_policy" "redis_sync_lambda_ECRImageRetreival_policy
 }
 
 # IAM Role for Lambda
-resource "aws_iam_role" "redis_sync_lambda_exec_role" {
-  name = "${local.short_prefix}-redis-sync-lambda-exec-role"
+resource "aws_iam_role" "id_sync_lambda_exec_role" {
+  name = "${local.short_prefix}-id-sync-lambda-exec-role"
   assume_role_policy = jsonencode({
     Version = "2012-10-17",
     Statement = [{
@@ -92,8 +92,8 @@ resource "aws_iam_role" "redis_sync_lambda_exec_role" {
 }
 
 # Policy for Lambda execution role
-resource "aws_iam_policy" "redis_sync_lambda_exec_policy" {
-  name = "${local.short_prefix}-redis-sync-lambda-exec-policy"
+resource "aws_iam_policy" "id_sync_lambda_exec_policy" {
+  name = "${local.short_prefix}-id-sync-lambda-exec-policy"
   policy = jsonencode({
     Version = "2012-10-17",
     Statement = [
@@ -104,7 +104,7 @@ resource "aws_iam_policy" "redis_sync_lambda_exec_policy" {
           "logs:CreateLogStream",
           "logs:PutLogEvents"
         ]
-        Resource = "arn:aws:logs:${var.aws_region}:${var.immunisation_account_id}:log-group:/aws/lambda/${local.short_prefix}-redis_sync_lambda:*"
+        Resource = "arn:aws:logs:${var.aws_region}:${var.immunisation_account_id}:log-group:/aws/lambda/${local.short_prefix}-id_sync_lambda:*"
       },
       {
         Effect = "Allow"
@@ -165,10 +165,11 @@ resource "aws_iam_policy" "redis_sync_lambda_exec_policy" {
         Effect = "Allow"
         Action = "lambda:InvokeFunction"
         Resource = [
-          "arn:aws:lambda:${var.aws_region}:${var.immunisation_account_id}:function:imms-${var.sub_environment}-redis_sync_lambda",
+          "arn:aws:lambda:${var.aws_region}:${var.immunisation_account_id}:function:imms-${var.sub_environment}-id_sync_lambda",
         ]
       },
       # NEW
+      # NB anomaly: do we want this in "id_sync_lambda_sqs_access_policy"?
       {
         Effect = "Allow",
         Action = [
@@ -178,6 +179,7 @@ resource "aws_iam_policy" "redis_sync_lambda_exec_policy" {
         ],
         Resource = "arn:aws:sqs:eu-west-2:${var.immunisation_account_id}:${local.short_prefix}-id-sync-queue"
       },
+      # NB anomaly: in redis_sync this appears in "redis_sync_lambda_kms_access_policy"
       {
         Effect = "Allow",
         Action = [
@@ -190,8 +192,8 @@ resource "aws_iam_policy" "redis_sync_lambda_exec_policy" {
   })
 }
 
-resource "aws_iam_policy" "redis_sync_lambda_kms_access_policy" {
-  name        = "${local.short_prefix}-redis-sync-lambda-kms-policy"
+resource "aws_iam_policy" "id_sync_lambda_kms_access_policy" {
+  name        = "${local.short_prefix}-id-sync-lambda-kms-policy"
   description = "Allow Lambda to decrypt environment variables"
 
   policy = jsonencode({
@@ -220,23 +222,23 @@ resource "aws_iam_policy" "redis_sync_lambda_kms_access_policy" {
 }
 
 # Attach the execution policy to the Lambda role
-resource "aws_iam_role_policy_attachment" "redis_sync_lambda_exec_policy_attachment" {
-  role       = aws_iam_role.redis_sync_lambda_exec_role.name
-  policy_arn = aws_iam_policy.redis_sync_lambda_exec_policy.arn
+resource "aws_iam_role_policy_attachment" "id_sync_lambda_exec_policy_attachment" {
+  role       = aws_iam_role.id_sync_lambda_exec_role.name
+  policy_arn = aws_iam_policy.id_sync_lambda_exec_policy.arn
 }
 
 # Attach the kms policy to the Lambda role
-resource "aws_iam_role_policy_attachment" "redis_sync_lambda_kms_policy_attachment" {
-  role       = aws_iam_role.redis_sync_lambda_exec_role.name
-  policy_arn = aws_iam_policy.redis_sync_lambda_kms_access_policy.arn
+resource "aws_iam_role_policy_attachment" "id_sync_lambda_kms_policy_attachment" {
+  role       = aws_iam_role.id_sync_lambda_exec_role.name
+  policy_arn = aws_iam_policy.id_sync_lambda_kms_access_policy.arn
 }
 
 # Lambda Function with Security Group and VPC.
-resource "aws_lambda_function" "redis_sync_lambda" {
-  function_name = "${local.short_prefix}-redis_sync_lambda"
-  role          = aws_iam_role.redis_sync_lambda_exec_role.arn
+resource "aws_lambda_function" "id_sync_lambda" {
+  function_name = "${local.short_prefix}-id_sync_lambda"
+  role          = aws_iam_role.id_sync_lambda_exec_role.arn
   package_type  = "Image"
-  image_uri     = module.redis_sync_docker_image.image_uri
+  image_uri     = module.id_sync_docker_image.image_uri
   architectures = ["x86_64"]
   timeout       = 360
 
@@ -250,7 +252,7 @@ resource "aws_lambda_function" "redis_sync_lambda" {
       CONFIG_BUCKET_NAME          = local.config_bucket_name
       REDIS_HOST                  = data.aws_elasticache_cluster.existing_redis.cache_nodes[0].address
       REDIS_PORT                  = data.aws_elasticache_cluster.existing_redis.cache_nodes[0].port
-      REDIS_SYNC_PROC_LAMBDA_NAME = "imms-${var.sub_environment}-redis_sync_lambda"
+      ID_SYNC_PROC_LAMBDA_NAME    = "imms-${var.sub_environment}-id_sync_lambda"
       # NEW
       DELTA_TABLE_NAME            = aws_dynamodb_table.delta-dynamodb-table.name
       PDS_ENV                     = var.pds_environment
@@ -260,13 +262,13 @@ resource "aws_lambda_function" "redis_sync_lambda" {
   kms_key_arn = data.aws_kms_key.existing_lambda_encryption_key.arn
 
   depends_on = [
-    aws_cloudwatch_log_group.redis_sync_log_group,
-    aws_iam_policy.redis_sync_lambda_exec_policy
+    aws_cloudwatch_log_group.id_sync_log_group,
+    aws_iam_policy.id_sync_lambda_exec_policy
   ]
 }
 
-resource "aws_cloudwatch_log_group" "redis_sync_log_group" {
-  name              = "/aws/lambda/${local.short_prefix}-redis_sync_lambda"
+resource "aws_cloudwatch_log_group" "id_sync_log_group" {
+  name              = "/aws/lambda/${local.short_prefix}-id_sync_lambda"
   retention_in_days = 30
 }
 
@@ -276,7 +278,7 @@ resource "aws_s3_bucket_notification" "config_lambda_notification" {
   bucket = aws_s3_bucket.batch_config_bucket.bucket
 
   lambda_function {
-    lambda_function_arn = aws_lambda_function.redis_sync_lambda.arn
+    lambda_function_arn = aws_lambda_function.id_sync_lambda.arn
     events              = ["s3:ObjectCreated:*"]
   }
 }
@@ -286,15 +288,15 @@ resource "aws_lambda_permission" "new_s3_invoke_permission" {
 
   statement_id  = "AllowExecutionFromNewS3"
   action        = "lambda:InvokeFunction"
-  function_name = aws_lambda_function.redis_sync_lambda.function_name
+  function_name = aws_lambda_function.id_sync_lambda.function_name
   principal     = "s3.amazonaws.com"
   source_arn    = local.config_bucket_arn
 }
 
 # NEW
 resource "aws_lambda_event_source_mapping" "id_sync_sqs_trigger" {
   event_source_arn = "arn:aws:sqs:eu-west-2:${local.immunisation_account_id}:${local.short_prefix}-id-sync-queue"
-  function_name    = aws_lambda_function.redis_sync_lambda.arn # TODO
+  function_name    = aws_lambda_function.id_sync_lambda.arn # TODO
   
   # Optional: Configure batch size and other settings
   batch_size                         = 10
