Merge remote-tracking branch 'origin' into PRMP-1553

oliverbeumkes-nhs · oliverbeumkes-nhs · commit 2a159e4a459f · 2025-03-04T14:04:29.000Z
diff --git a/infrastructure/lambda-bulk-upload.tf b/infrastructure/lambda-bulk-upload.tf
@@ -12,7 +12,7 @@ module "bulk-upload-lambda" {
     module.lloyd_george_reference_dynamodb_table.dynamodb_write_policy_document,
     module.bulk_upload_report_dynamodb_table.dynamodb_read_policy_document,
     module.bulk_upload_report_dynamodb_table.dynamodb_write_policy_document,
-    module.sqs-nrl-queue.sqs_write_policy_document,
+    module.sqs-stitching-queue.sqs_write_policy_document,
     module.sqs-lg-bulk-upload-metadata-queue.sqs_read_policy_document,
     module.sqs-lg-bulk-upload-metadata-queue.sqs_write_policy_document,
     module.sqs-lg-bulk-upload-invalid-queue.sqs_read_policy_document,
@@ -35,7 +35,7 @@ module "bulk-upload-lambda" {
     METADATA_SQS_QUEUE_URL     = module.sqs-lg-bulk-upload-metadata-queue.sqs_url
     INVALID_SQS_QUEUE_URL      = module.sqs-lg-bulk-upload-invalid-queue.sqs_url
     PDS_FHIR_IS_STUBBED        = local.is_sandbox
-    NRL_SQS_URL                = module.sqs-nrl-queue.sqs_url
+    PDF_STITCHING_SQS_URL      = module.sqs-stitching-queue.sqs_url
     APIM_API_URL               = data.aws_ssm_parameter.apim_url.value
   }
 
diff --git a/infrastructure/lambda-pdf-stitching.tf b/infrastructure/lambda-pdf-stitching.tf
@@ -5,25 +5,27 @@ module "pdf-stitching-lambda" {
   memory_size    = 1769
   lambda_timeout = 900
   iam_role_policy_documents = [
-    module.ndr-lloyd-george-store.s3_read_policy_document,
     module.sqs-nrl-queue.sqs_read_policy_document,
     module.sqs-nrl-queue.sqs_write_policy_document,
     module.sqs-stitching-queue.sqs_read_policy_document,
     module.sqs-stitching-queue.sqs_write_policy_document,
     module.lloyd_george_reference_dynamodb_table.dynamodb_write_policy_document,
     module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,
     module.unstitched_lloyd_george_reference_dynamodb_table.dynamodb_write_policy_document,
-    module.unstitched_lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document
+    module.unstitched_lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,
+    module.ndr-lloyd-george-store.s3_read_policy_document,
+    module.ndr-lloyd-george-store.s3_write_policy_document,
   ]
   rest_api_id             = null
   api_execution_arn       = null
   is_invoked_from_gateway = false
   lambda_environment_variables = {
-    STITCH_SQS_QUEUE_URL          = module.sqs-stitching-queue.sqs_url
-    NRL_SQS_QUEUE_URL             = module.sqs-nrl-queue.sqs_url
-    LLOYD_GEORGE_DYNAMODB_NAME    = "${terraform.workspace}_${var.lloyd_george_dynamodb_table_name}"
-    STITCH_METADATA_DYNAMODB_NAME = "${terraform.workspace}_${var.unstitched_lloyd_george_dynamodb_table_name}"
-    WORKSPACE                     = terraform.workspace
+    PDF_STITCHING_SQS_URL                 = module.sqs-stitching-queue.sqs_url
+    NRL_SQS_URL                           = module.sqs-nrl-queue.sqs_url
+    LLOYD_GEORGE_BUCKET_NAME              = "${terraform.workspace}-${var.lloyd_george_bucket_name}"
+    LLOYD_GEORGE_DYNAMODB_NAME            = "${terraform.workspace}_${var.lloyd_george_dynamodb_table_name}"
+    UNSTITCHED_LLOYD_GEORGE_DYNAMODB_NAME = "${terraform.workspace}_${var.unstitched_lloyd_george_dynamodb_table_name}"
+    WORKSPACE                             = terraform.workspace
   }
 }
 
diff --git a/infrastructure/sqs-stitching.tf b/infrastructure/sqs-stitching.tf
@@ -8,3 +8,52 @@ module "sqs-stitching-queue" {
   max_visibility    = 1200
   enable_dlq        = true
 }
+
+resource "aws_cloudwatch_metric_alarm" "stitching_dlq_new_messages" {
+  alarm_name          = "${terraform.workspace}_stitching_dlq_messages"
+  comparison_operator = "GreaterThanThreshold"
+  evaluation_periods  = 1
+  metric_name         = "ApproximateNumberOfMessagesVisible"
+  namespace           = "AWS/SQS"
+  period              = 60
+  statistic           = "Sum"
+  threshold           = 0
+  alarm_description   = "Alarm when there are new messages in the stitching dlq"
+  alarm_actions       = [module.stitching-dlq-alarm-topic.arn]
+
+  dimensions = {
+    QueueName = module.sqs-stitching-queue.dlq_name
+  }
+}
+
+module "stitching-dlq-alarm-topic" {
+  source                 = "./modules/sns"
+  sns_encryption_key_id  = module.sns_encryption_key.id
+  current_account_id     = data.aws_caller_identity.current.account_id
+  topic_name             = "stitching-dlq-topic"
+  topic_protocol         = "email"
+  is_topic_endpoint_list = true
+  topic_endpoint_list    = nonsensitive(split(",", data.aws_ssm_parameter.cloud_security_notification_email_list.value))
+  delivery_policy = jsonencode({
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Effect" : "Allow",
+        "Principal" : {
+          "Service" : "cloudwatch.amazonaws.com"
+        },
+        "Action" : [
+          "SNS:Publish",
+        ],
+        "Condition" : {
+          "ArnLike" : {
+            "aws:SourceArn" : "arn:aws:cloudwatch:eu-west-2:${data.aws_caller_identity.current.account_id}:alarm:*"
+          }
+        }
+        "Resource" : "*"
+      }
+    ]
+  })
+
+  depends_on = [module.sqs-stitching-queue]
+}
