NHSDigital
diff --git a/‎terraform/ack_lambda.tf‎
Lines changed: 3 additions & 3 deletions b/‎terraform/ack_lambda.tf‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎terraform/api_gateway/api.tf‎
Lines changed: 0 additions & 66 deletions b/‎terraform/api_gateway/api.tf‎
Lines changed: 0 additions & 66 deletions
diff --git a/‎terraform/api_gateway/variables.tf‎
Lines changed: 0 additions & 11 deletions b/‎terraform/api_gateway/variables.tf‎
Lines changed: 0 additions & 11 deletions
diff --git a/‎terraform/delta.tf‎
Lines changed: 1 addition & 1 deletion b/‎terraform/delta.tf‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎terraform/dps_role_creation.tf‎
Lines changed: 2 additions & 2 deletions b/‎terraform/dps_role_creation.tf‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎terraform/dynamodb.tf‎
Lines changed: 6 additions & 6 deletions b/‎terraform/dynamodb.tf‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎terraform/ecs_batch_processor_config.tf‎
Lines changed: 7 additions & 7 deletions b/‎terraform/ecs_batch_processor_config.tf‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎terraform/endpoints.tf‎
Lines changed: 11 additions & 12 deletions b/‎terraform/endpoints.tf‎
Lines changed: 11 additions & 12 deletions
diff --git a/‎terraform/environments/non-prod/blue/variables.tfvars‎
Lines changed: 0 additions & 3 deletions b/‎terraform/environments/non-prod/blue/variables.tfvars‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎terraform/environments/non-prod/green/variables.tfvars‎
Lines changed: 0 additions & 3 deletions b/‎terraform/environments/non-prod/green/variables.tfvars‎
Lines changed: 0 additions & 3 deletions
@@ -68,7 +68,7 @@ resource "aws_ecr_repository_policy" "ack_lambda_ECRImageRetreival_policy" {
         ],
         "Condition" : {
           "StringLike" : {
-            "aws:sourceArn" : "arn:aws:lambda:eu-west-2:${local.immunisation_account_id}:function:${local.short_prefix}-ack-lambda"
+            "aws:sourceArn" : "arn:aws:lambda:eu-west-2:${var.immunisation_account_id}:function:${local.short_prefix}-ack-lambda"
           }
         }
       }
@@ -105,7 +105,7 @@ resource "aws_iam_policy" "ack_lambda_exec_policy" {
           "logs:CreateLogStream",
           "logs:PutLogEvents"
         ]
-        Resource = "arn:aws:logs:eu-west-2:${local.immunisation_account_id}:log-group:/aws/lambda/${local.short_prefix}-ack-lambda:*"
+        Resource = "arn:aws:logs:eu-west-2:${var.immunisation_account_id}:log-group:/aws/lambda/${local.short_prefix}-ack-lambda:*"
       },
       {
         Effect = "Allow"
@@ -148,7 +148,7 @@ resource "aws_iam_policy" "ack_lambda_exec_policy" {
           "sqs:DeleteMessage",
           "sqs:GetQueueAttributes"
         ],
-      Resource = "arn:aws:sqs:eu-west-2:${local.immunisation_account_id}:${local.short_prefix}-ack-metadata-queue.fifo" },
+      Resource = "arn:aws:sqs:eu-west-2:${var.immunisation_account_id}:${local.short_prefix}-ack-metadata-queue.fifo" },
       {
         "Effect" : "Allow",
         "Action" : [
 
@@ -69,7 +69,7 @@ resource "aws_ecr_repository_policy" "delta_lambda_ECRImageRetreival_policy" {
         ],
         "Condition" : {
           "StringLike" : {
-            "aws:sourceArn" : "arn:aws:lambda:eu-west-2:${local.immunisation_account_id}:function:${local.short_prefix}-${local.function_name}"
+            "aws:sourceArn" : "arn:aws:lambda:eu-west-2:${var.immunisation_account_id}:function:${local.short_prefix}-${local.function_name}"
           }
         }
       }
 
@@ -6,7 +6,7 @@ resource "aws_iam_role" "dynamo_s3_access_role" {
       {
         Effect : "Allow",
         Principal : {
-          AWS : "arn:aws:iam::${local.dspp_core_account_id}:root"
+          AWS : "arn:aws:iam::${var.dspp_core_account_id}:root"
         },
         Action : "sts:AssumeRole"
       }
@@ -22,7 +22,7 @@ resource "aws_iam_role_policy" "dynamo_s3_access_policy" {
     Statement = [
       {
         Effect = "Allow",
-        Action = local.environment == "prod" ? [
+        Action = var.environment == "prod" ? [
           "dynamodb:GetItem",
           "dynamodb:Query"
           ] : [
 
@@ -1,5 +1,5 @@
 resource "aws_dynamodb_table" "audit-table" {
-  name         = "immunisation-batch-${local.environment}-audit-table"
+  name         = "immunisation-batch-${var.sub_environment}-audit-table"
   billing_mode = "PAY_PER_REQUEST"
   hash_key     = "message_id"
 
@@ -37,7 +37,7 @@ resource "aws_dynamodb_table" "audit-table" {
   }
 
   point_in_time_recovery {
-    enabled = local.environment == "prod"
+    enabled = var.environment == "prod"
   }
 
   server_side_encryption {
@@ -47,7 +47,7 @@ resource "aws_dynamodb_table" "audit-table" {
 }
 
 resource "aws_dynamodb_table" "delta-dynamodb-table" {
-  name         = "imms-${local.environment}-delta"
+  name         = "imms-${var.sub_environment}-delta"
   billing_mode = "PAY_PER_REQUEST"
   hash_key     = "PK"
 
@@ -96,7 +96,7 @@ resource "aws_dynamodb_table" "delta-dynamodb-table" {
   }
 
   point_in_time_recovery {
-    enabled = local.environment == "prod"
+    enabled = var.environment == "prod"
   }
 
   server_side_encryption {
@@ -106,7 +106,7 @@ resource "aws_dynamodb_table" "delta-dynamodb-table" {
 }
 
 resource "aws_dynamodb_table" "events-dynamodb-table" {
-  name             = "imms-${local.environment}-imms-events"
+  name             = "imms-${var.sub_environment}-imms-events"
   billing_mode     = "PAY_PER_REQUEST"
   hash_key         = "PK"
   stream_enabled   = true
@@ -147,7 +147,7 @@ resource "aws_dynamodb_table" "events-dynamodb-table" {
   }
 
   point_in_time_recovery {
-    enabled = local.environment == "prod"
+    enabled = var.environment == "prod"
   }
 
   server_side_encryption {
 
@@ -93,7 +93,7 @@ resource "aws_iam_policy" "ecs_task_exec_policy" {
           "logs:CreateLogStream",
           "logs:PutLogEvents"
         ],
-        Resource = "arn:aws:logs:${var.aws_region}:${local.immunisation_account_id}:log-group:/aws/vendedlogs/ecs/${local.short_prefix}-processor-task:*"
+        Resource = "arn:aws:logs:${var.aws_region}:${var.immunisation_account_id}:log-group:/aws/vendedlogs/ecs/${local.short_prefix}-processor-task:*"
       },
       {
         Effect = "Allow",
@@ -148,7 +148,7 @@ resource "aws_iam_policy" "ecs_task_exec_policy" {
         Action = [
           "ecr:GetAuthorizationToken"
         ],
-        Resource = "arn:aws:ecr:${var.aws_region}:${local.immunisation_account_id}:repository/${local.short_prefix}-processing-repo"
+        Resource = "arn:aws:ecr:${var.aws_region}:${var.immunisation_account_id}:repository/${local.short_prefix}-processing-repo"
       },
       {
         Effect = "Allow"
@@ -279,7 +279,7 @@ resource "aws_iam_policy" "fifo_pipe_policy" {
           "pipes:DescribePipe"
         ],
         Resource = [
-          "arn:aws:pipes:${var.aws_region}:${local.immunisation_account_id}:pipe/${local.short_prefix}-pipe",
+          "arn:aws:pipes:${var.aws_region}:${var.immunisation_account_id}:pipe/${local.short_prefix}-pipe",
           aws_ecs_task_definition.ecs_task.arn
         ]
       },
@@ -296,11 +296,11 @@ resource "aws_iam_policy" "fifo_pipe_policy" {
         ],
         Effect = "Allow",
         Resource = [
-          "arn:aws:logs:${var.aws_region}:${local.immunisation_account_id}:log-group:/aws/vendedlogs/pipes/${local.short_prefix}-pipe-logs:*",
-          "arn:aws:ecs:${var.aws_region}:${local.immunisation_account_id}:task/${local.short_prefix}-ecs-cluster/*",
-          "arn:aws:logs:${var.aws_region}:${local.immunisation_account_id}:log-group:/aws/vendedlogs/ecs/${local.short_prefix}-processor-task:*",
+          "arn:aws:logs:${var.aws_region}:${var.immunisation_account_id}:log-group:/aws/vendedlogs/pipes/${local.short_prefix}-pipe-logs:*",
+          "arn:aws:ecs:${var.aws_region}:${var.immunisation_account_id}:task/${local.short_prefix}-ecs-cluster/*",
+          "arn:aws:logs:${var.aws_region}:${var.immunisation_account_id}:log-group:/aws/vendedlogs/ecs/${local.short_prefix}-processor-task:*",
           aws_sqs_queue.supplier_fifo_queue.arn,
-          "arn:aws:ecs:${var.aws_region}:${local.immunisation_account_id}:cluster/${local.short_prefix}-ecs-cluster",
+          "arn:aws:ecs:${var.aws_region}:${var.immunisation_account_id}:cluster/${local.short_prefix}-ecs-cluster",
           aws_ecs_task_definition.ecs_task.arn
         ]
       },
 
@@ -8,7 +8,7 @@ data "aws_iam_policy_document" "logs_policy_document" {
   source_policy_documents = [templatefile("${local.policy_path}/log.json", {})]
 }
 module "get_status" {
-  source        = "./lambda"
+  source        = "./modules/lambda"
   prefix        = local.prefix
   short_prefix  = local.short_prefix
   function_name = "get_status"
@@ -23,13 +23,13 @@ locals {
   imms_table_name = aws_dynamodb_table.events-dynamodb-table.name
   imms_lambda_env_vars = {
     "DYNAMODB_TABLE_NAME"    = local.imms_table_name,
-    "IMMUNIZATION_ENV"       = local.environment,
-    "IMMUNIZATION_BASE_PATH" = strcontains(local.environment, "pr-") ? "immunisation-fhir-api-${local.environment}" : "immunisation-fhir-api"
+    "IMMUNIZATION_ENV"       = var.environment,
+    "IMMUNIZATION_BASE_PATH" = strcontains(var.environment, "pr-") ? "immunisation-fhir-api-${var.environment}" : "immunisation-fhir-api"
     # except for prod and ref, any other env uses PDS int environment
-    "PDS_ENV"              = local.environment == "prod" ? "prod" : local.environment == "ref" ? "ref" : "int",
-    "PDS_CHECK_ENABLED"    = tostring(local.environment != "int")
+    "PDS_ENV"              = var.environment == "prod" ? "prod" : var.environment == "ref" ? "ref" : "int",
+    "PDS_CHECK_ENABLED"    = tostring(var.environment != "int")
     "SPLUNK_FIREHOSE_NAME" = module.splunk.firehose_stream_name
-    "SQS_QUEUE_URL"        = "https://sqs.eu-west-2.amazonaws.com/${local.immunisation_account_id}/${local.short_prefix}-ack-metadata-queue.fifo"
+    "SQS_QUEUE_URL"        = "https://sqs.eu-west-2.amazonaws.com/${var.immunisation_account_id}/${local.short_prefix}-ack-metadata-queue.fifo"
     "REDIS_HOST"           = data.aws_elasticache_cluster.existing_redis.cache_nodes[0].address
     "REDIS_PORT"           = data.aws_elasticache_cluster.existing_redis.cache_nodes[0].port
   }
@@ -41,7 +41,7 @@ data "aws_iam_policy_document" "imms_policy_document" {
     }),
     templatefile("${local.policy_path}/log.json", {}),
     templatefile("${local.policy_path}/lambda_to_sqs.json", {
-      "local_account" : local.immunisation_account_id
+      "local_account" : var.immunisation_account_id
       "queue_prefix" : local.short_prefix
     }),
     templatefile("${local.policy_path}/dynamo_key_access.json", {
@@ -58,15 +58,15 @@ data "aws_iam_policy_document" "imms_policy_document" {
 }
 
 module "imms_event_endpoint_lambdas" {
-  source = "./lambda"
+  source = "./modules/lambda"
   count  = length(local.imms_endpoints)
 
   prefix                 = local.prefix
   short_prefix           = local.short_prefix
   function_name          = local.imms_endpoints[count.index]
   image_uri              = module.docker_image.image_uri
   policy_json            = data.aws_iam_policy_document.imms_policy_document.json
-  environments           = local.imms_lambda_env_vars
+  environment_variables  = local.imms_lambda_env_vars
   vpc_subnet_ids         = local.private_subnet_ids
   vpc_security_group_ids = [data.aws_security_group.existing_securitygroup.id]
 }
@@ -106,15 +106,14 @@ output "oas" {
 }
 
 module "api_gateway" {
-  source = "./api_gateway"
+  source = "./modules/api_gateway"
 
   prefix          = local.prefix
   short_prefix    = local.short_prefix
   zone_id         = data.aws_route53_zone.project_zone.zone_id
   api_domain_name = local.service_domain_name
-  environment     = local.environment
+  environment     = var.sub_environment
   oas             = local.oas
-  config_env      = local.config_env
 }
 
 resource "aws_lambda_permission" "api_gw" {
Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,7 @@ resource "aws_ecr_repository_policy" "ack_lambda_ECRImageRetreival_policy" {`
`68`	`68`	`],`
`69`	`69`	`"Condition" : {`
`70`	`70`	`"StringLike" : {`
`71`		`- "aws:sourceArn" : "arn:aws:lambda:eu-west-2:${local.immunisation_account_id}:function:${local.short_prefix}-ack-lambda"`
	`71`	`+ "aws:sourceArn" : "arn:aws:lambda:eu-west-2:${var.immunisation_account_id}:function:${local.short_prefix}-ack-lambda"`
`72`	`72`	`}`
`73`	`73`	`}`
`74`	`74`	`}`
`@@ -105,7 +105,7 @@ resource "aws_iam_policy" "ack_lambda_exec_policy" {`
`105`	`105`	`"logs:CreateLogStream",`
`106`	`106`	`"logs:PutLogEvents"`
`107`	`107`	`]`
`108`		`- Resource = "arn:aws:logs:eu-west-2:${local.immunisation_account_id}:log-group:/aws/lambda/${local.short_prefix}-ack-lambda:*"`
	`108`	`+ Resource = "arn:aws:logs:eu-west-2:${var.immunisation_account_id}:log-group:/aws/lambda/${local.short_prefix}-ack-lambda:*"`
`109`	`109`	`},`
`110`	`110`	`{`
`111`	`111`	`Effect = "Allow"`
`@@ -148,7 +148,7 @@ resource "aws_iam_policy" "ack_lambda_exec_policy" {`
`148`	`148`	`"sqs:DeleteMessage",`
`149`	`149`	`"sqs:GetQueueAttributes"`
`150`	`150`	`],`
`151`		`- Resource = "arn:aws:sqs:eu-west-2:${local.immunisation_account_id}:${local.short_prefix}-ack-metadata-queue.fifo" },`
	`151`	`+ Resource = "arn:aws:sqs:eu-west-2:${var.immunisation_account_id}:${local.short_prefix}-ack-metadata-queue.fifo" },`
`152`	`152`	`{`
`153`	`153`	`"Effect" : "Allow",`
`154`	`154`	`"Action" : [`
Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ resource "aws_ecr_repository_policy" "delta_lambda_ECRImageRetreival_policy" {`
`69`	`69`	`],`
`70`	`70`	`"Condition" : {`
`71`	`71`	`"StringLike" : {`
`72`		`- "aws:sourceArn" : "arn:aws:lambda:eu-west-2:${local.immunisation_account_id}:function:${local.short_prefix}-${local.function_name}"`
	`72`	`+ "aws:sourceArn" : "arn:aws:lambda:eu-west-2:${var.immunisation_account_id}:function:${local.short_prefix}-${local.function_name}"`
`73`	`73`	`}`
`74`	`74`	`}`
`75`	`75`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ resource "aws_iam_role" "dynamo_s3_access_role" {`
`6`	`6`	`{`
`7`	`7`	`Effect : "Allow",`
`8`	`8`	`Principal : {`
`9`		`- AWS : "arn:aws:iam::${local.dspp_core_account_id}:root"`
	`9`	`+ AWS : "arn:aws:iam::${var.dspp_core_account_id}:root"`
`10`	`10`	`},`
`11`	`11`	`Action : "sts:AssumeRole"`
`12`	`12`	`}`
`@@ -22,7 +22,7 @@ resource "aws_iam_role_policy" "dynamo_s3_access_policy" {`
`22`	`22`	`Statement = [`
`23`	`23`	`{`
`24`	`24`	`Effect = "Allow",`
`25`		`- Action = local.environment == "prod" ? [`
	`25`	`+ Action = var.environment == "prod" ? [`
`26`	`26`	`"dynamodb:GetItem",`
`27`	`27`	`"dynamodb:Query"`
`28`	`28`	`] : [`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`resource "aws_dynamodb_table" "audit-table" {`
`2`		`- name = "immunisation-batch-${local.environment}-audit-table"`
	`2`	`+ name = "immunisation-batch-${var.sub_environment}-audit-table"`
`3`	`3`	`billing_mode = "PAY_PER_REQUEST"`
`4`	`4`	`hash_key = "message_id"`
`5`	`5`
`@@ -37,7 +37,7 @@ resource "aws_dynamodb_table" "audit-table" {`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`point_in_time_recovery {`
`40`		`- enabled = local.environment == "prod"`
	`40`	`+ enabled = var.environment == "prod"`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`server_side_encryption {`
`@@ -47,7 +47,7 @@ resource "aws_dynamodb_table" "audit-table" {`
`47`	`47`	`}`
`48`	`48`
`49`	`49`	`resource "aws_dynamodb_table" "delta-dynamodb-table" {`
`50`		`- name = "imms-${local.environment}-delta"`
	`50`	`+ name = "imms-${var.sub_environment}-delta"`
`51`	`51`	`billing_mode = "PAY_PER_REQUEST"`
`52`	`52`	`hash_key = "PK"`
`53`	`53`
`@@ -96,7 +96,7 @@ resource "aws_dynamodb_table" "delta-dynamodb-table" {`
`96`	`96`	`}`
`97`	`97`
`98`	`98`	`point_in_time_recovery {`
`99`		`- enabled = local.environment == "prod"`
	`99`	`+ enabled = var.environment == "prod"`
`100`	`100`	`}`
`101`	`101`
`102`	`102`	`server_side_encryption {`
`@@ -106,7 +106,7 @@ resource "aws_dynamodb_table" "delta-dynamodb-table" {`
`106`	`106`	`}`
`107`	`107`
`108`	`108`	`resource "aws_dynamodb_table" "events-dynamodb-table" {`
`109`		`- name = "imms-${local.environment}-imms-events"`
	`109`	`+ name = "imms-${var.sub_environment}-imms-events"`
`110`	`110`	`billing_mode = "PAY_PER_REQUEST"`
`111`	`111`	`hash_key = "PK"`
`112`	`112`	`stream_enabled = true`
`@@ -147,7 +147,7 @@ resource "aws_dynamodb_table" "events-dynamodb-table" {`
`147`	`147`	`}`
`148`	`148`
`149`	`149`	`point_in_time_recovery {`
`150`		`- enabled = local.environment == "prod"`
	`150`	`+ enabled = var.environment == "prod"`
`151`	`151`	`}`
`152`	`152`
`153`	`153`	`server_side_encryption {`