Merge branch 'main' into PRMP-1505

jack-nhs · web-flow · commit 24a5d625f549 · 2025-02-14T11:26:17.000Z
diff --git a/infrastructure/api.tf b/infrastructure/api.tf
@@ -41,6 +41,7 @@ resource "aws_api_gateway_deployment" "ndr_api_deploy" {
   triggers = {
     redeployment = sha1(jsonencode([
       aws_api_gateway_rest_api.ndr_doc_store_api.body,
+      aws_api_gateway_authorizer.repo_authoriser,
       module.authoriser-lambda,
       module.back-channel-logout-gateway,
       module.back_channel_logout_lambda,
diff --git a/infrastructure/buckets.tf b/infrastructure/buckets.tf
@@ -171,6 +171,16 @@ resource "aws_s3_bucket" "logs_bucket" {
   }
 }
 
+resource "aws_s3_bucket_versioning" "logs_bucket" {
+  count = local.is_production ? 1 : 0
+
+  bucket = aws_s3_bucket.logs_bucket.id
+
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
 resource "aws_s3_bucket_public_access_block" "logs_bucket" {
   bucket = aws_s3_bucket.logs_bucket.id
 
diff --git a/infrastructure/lambda-authoriser.tf b/infrastructure/lambda-authoriser.tf
@@ -75,7 +75,7 @@ module "authoriser-alarm-topic" {
 
 resource "aws_api_gateway_authorizer" "repo_authoriser" {
   name                             = "${terraform.workspace}_repo_authoriser"
-  type                             = "TOKEN"
+  type                             = "REQUEST"
   identity_source                  = "method.request.header.Authorization"
   rest_api_id                      = aws_api_gateway_rest_api.ndr_doc_store_api.id
   authorizer_uri                   = module.authoriser-lambda.invoke_arn
diff --git a/infrastructure/lambda-search-patient.tf b/infrastructure/lambda-search-patient.tf
@@ -68,7 +68,9 @@ module "search-patient-details-lambda" {
   handler = "handlers.search_patient_details_handler.lambda_handler"
   iam_role_policy_documents = [
     aws_iam_policy.ssm_access_policy.policy,
-    module.ndr-app-config.app_config_policy
+    module.ndr-app-config.app_config_policy,
+    module.auth_session_dynamodb_table.dynamodb_write_policy_document,
+    module.auth_session_dynamodb_table.dynamodb_read_policy_document,
   ]
   rest_api_id  = aws_api_gateway_rest_api.ndr_doc_store_api.id
   resource_id  = module.search-patient-details-gateway.gateway_resource_id
@@ -82,6 +84,7 @@ module "search-patient-details-lambda" {
     PDS_FHIR_IS_STUBBED            = local.is_sandbox,
     SPLUNK_SQS_QUEUE_URL           = try(module.sqs-splunk-queue[0].sqs_url, null)
     WORKSPACE                      = terraform.workspace
+    AUTH_SESSION_TABLE_NAME        = "${terraform.workspace}_${var.auth_session_dynamodb_table_name}"
   }
   api_execution_arn = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
   depends_on = [
