PRMP-583 Document review SQS and lambda (#464)

NogaNHS · DuncanSangsterNHS · web-flow · commit 07623cde51cf · 2025-11-05T13:25:01.000Z
Co-authored-by: DuncanSangsterNHS &lt;duncan.sangster3@nhs.net&gt;
diff --git a/infrastructure/lambda-document-review-processor.tf b/infrastructure/lambda-document-review-processor.tf
@@ -0,0 +1,27 @@
+module "document_review_processor_lambda" {
+  source  = "./modules/lambda"
+  name    = "DocumentReviewProcessor"
+  handler = "handlers.document_review_processor.lambda_handler"
+  iam_role_policy_documents = [
+    module.document_review_queue.sqs_read_policy_document,
+    module.document_review_queue.sqs_write_policy_document,
+  ]
+  kms_deletion_window           = var.kms_deletion_window
+  is_gateway_integration_needed = false
+  is_invoked_from_gateway       = false
+  rest_api_id                   = null
+  api_execution_arn             = null
+  lambda_timeout                = 900
+  lambda_environment_variables = {
+    DOCUMENT_REVIEW_BUCKET_NAME = "${terraform.workspace}-placeholder-document-review-bucket"
+    DOCUMENT_REVIEW_TABLE_NAME  = "${terraform.workspace}_placeholder_document_review_table"
+    WORKSPACE                   = terraform.workspace
+  }
+  depends_on = []
+}
+
+
+resource "aws_lambda_event_source_mapping" "document-review-processor" {
+  event_source_arn = module.document_review_queue.endpoint
+  function_name    = module.document_review_processor_lambda.lambda_arn
+}
diff --git a/infrastructure/sqs-review.tf b/infrastructure/sqs-review.tf
@@ -0,0 +1,62 @@
+module "document_review_queue" {
+  source                = "./modules/sqs"
+  name                  = "document-review"
+  max_size_message      = 256 * 1024
+  message_retention     = 60 * 60 * 24 * 14 # 14 days
+  dlq_message_retention = 60 * 60 * 24 * 14 # 14 days
+  environment           = var.environment
+  owner                 = var.owner
+  max_visibility        = 1020
+  enable_dlq            = true
+  delay                 = 0
+  enable_sse            = true
+
+}
+
+resource "aws_cloudwatch_metric_alarm" "review_dlq_new_messages" {
+  alarm_name          = "${terraform.workspace}_review_dlq_messages"
+  comparison_operator = "GreaterThanThreshold"
+  evaluation_periods  = 1
+  metric_name         = "ApproximateNumberOfMessagesVisible"
+  namespace           = "AWS/SQS"
+  period              = 60
+  statistic           = "Sum"
+  threshold           = 0
+  alarm_description   = "Alarm when there are new messages in the document review dlq"
+  alarm_actions       = [module.document_review_dlq_alarm_topic.arn]
+
+  dimensions = {
+    QueueName = module.document_review_queue.dlq_name
+  }
+}
+
+module "document_review_dlq_alarm_topic" {
+  source                 = "./modules/sns"
+  sns_encryption_key_id  = module.sns_encryption_key.id
+  topic_name             = "document_review_dlq_topic"
+  topic_protocol         = "email"
+  is_topic_endpoint_list = true
+  topic_endpoint_list    = nonsensitive(split(",", data.aws_ssm_parameter.cloud_security_notification_email_list.value))
+  delivery_policy = jsonencode({
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Effect" : "Allow",
+        "Principal" : {
+          "Service" : "cloudwatch.amazonaws.com"
+        },
+        "Action" : [
+          "SNS:Publish"
+        ],
+        "Condition" : {
+          "ArnLike" : {
+            "aws:SourceArn" : "arn:aws:cloudwatch:eu-west-2:${data.aws_caller_identity.current.account_id}:alarm:*"
+          }
+        },
+        "Resource" : "*"
+      }
+    ]
+  })
+
+  depends_on = [module.document_review_queue]
+}
