[NDR-198] Manage AWS lambda layers after lambda has been destroyed (#391)

* Add core workspace to VPC and SG

* Add reports layer

* Print test

* Add imports for layers

* Remove imports

* Add import script into workflow

* Check the terraform state

* Add import layers to all envs

* add aws_caller_identity to lambda_layers

* Terraform docs

* move import

Author: jameslinnell

.github/workflows/terraform-deploy-feature-to-sandbox.yml

@@ -98,6 +98,12 @@ jobs:
         working-directory: ./infrastructure
         shell: bash
 
+      - name: Lambda Layer Imports
+        id: lambda_layer_import
+        run: ./import_lambda_layers.sh ${{ github.event.inputs.sandboxWorkspace }} ${{ vars.TF_VARS_FILE }}
+        working-directory: ./scripts
+        shell: bash
+
       - name: Terraform Plan
         id: plan
         run: |

.github/workflows/terraform-deploy-to-perf-manual.yml

@@ -1,5 +1,5 @@
 # .github/workflows/terraform-dev
-name: 'Deploy Feature Branch to Perf'
+name: "Deploy Feature Branch to Perf"
 
 on:
   workflow_dispatch:
@@ -12,64 +12,68 @@ on:
 permissions:
   pull-requests: write
   id-token: write # This is required for requesting the JWT
-  contents: read  # This is required for actions/checkout
-    
+  contents: read # This is required for actions/checkout
+
 jobs:
   terraform_process:
     runs-on: ubuntu-latest
     environment: perf
 
     steps:
-    # Checkout the repository to the GitHub Actions runner
-    - name: Checkout
-      uses: actions/checkout@v5
-      with:
-        ref: ${{ github.event.inputs.buildBranch}}
-        fetch-depth: '0'
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.inputs.buildBranch}}
+          fetch-depth: "0"
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }}
+          role-skip-session-tagging: true
+          aws-region: ${{ vars.AWS_REGION }}
+          mask-aws-account-id: true
+
+      - name: View AWS Role
+        run: aws sts get-caller-identity
+
+      # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.11.4
+          terraform_wrapper: false
+
+      - name: Terraform Init
+        id: init
+        run: terraform init -backend-config=backend.conf
+        working-directory: ./infrastructure
+        shell: bash
 
-    - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v4
-      with:
-        role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }}
-        role-skip-session-tagging: true
-        aws-region: ${{ vars.AWS_REGION }}
-        mask-aws-account-id: true
-      
-    - name: View AWS Role
-      run: aws sts get-caller-identity
+      - name: Terraform Set Workspace
+        id: workspace
+        run: terraform workspace select ${{ secrets.AWS_WORKSPACE }}
+        working-directory: ./infrastructure
+        shell: bash
 
-    # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
-    - name: Setup Terraform
-      uses: hashicorp/setup-terraform@v3
-      with:
-        terraform_version: 1.11.4
-        terraform_wrapper: false
-      
-    - name: Terraform Init
-      id: init
-      run: terraform init -backend-config=backend.conf
-      working-directory: ./infrastructure 
-      shell: bash
+      - name: Lambda Layer Imports
+        id: lambda_layer_import
+        run: ./import_lambda_layers.sh ${{ secrets.AWS_WORKSPACE }} ${{ vars.TF_VARS_FILE }}
+        working-directory: ./scripts
+        shell: bash
 
-    - name: Terraform Set Workspace
-      id: workspace
-      run:  terraform workspace select ${{ secrets.AWS_WORKSPACE }}
-      working-directory: ./infrastructure 
-      shell: bash
-      
-      # Checks that all Terraform configuration files adhere to a canonical format
-    - name: Terraform Format
-      run: terraform fmt -check
+        # Checks that all Terraform configuration files adhere to a canonical format
+      - name: Terraform Format
+        run: terraform fmt -check
 
-    - name: Terraform Plan
-      id: plan
-      run: |
-        terraform plan -input=false -no-color -var-file="${{vars.TF_VARS_FILE}}" -out tf.plan
-      working-directory: ./infrastructure
-      shell: bash
+      - name: Terraform Plan
+        id: plan
+        run: |
+          terraform plan -input=false -no-color -var-file="${{vars.TF_VARS_FILE}}" -out tf.plan
+        working-directory: ./infrastructure
+        shell: bash
 
-    - name: Terraform Apply 
-      run: terraform apply -auto-approve -input=false tf.plan
-      working-directory: ./infrastructure
-        
-        
+      - name: Terraform Apply
+        run: terraform apply -auto-approve -input=false tf.plan
+        working-directory: ./infrastructure

.github/workflows/terraform-deploy-to-pre-prod-manual.yml

@@ -1,4 +1,4 @@
-name: 'Deploy to Pre-Prod'
+name: "Deploy to Pre-Prod"
 
 on:
   workflow_dispatch:
@@ -12,8 +12,8 @@ on:
 permissions:
   pull-requests: write
   id-token: write # This is required for requesting the JWT
-  contents: read  # This is required for actions/checkout
-    
+  contents: read # This is required for actions/checkout
+
 jobs:
   tag_and_release:
     runs-on: ubuntu-latest
@@ -22,75 +22,81 @@ jobs:
     permissions: write-all
 
     steps:
-    - name: Checkout main
-      if: ${{ github.event.inputs.branch_or_tag == 'main' }}
-      uses: actions/checkout@v5
-      with:
-        ref: main
-        fetch-depth: '0'
-
-    - name: Bump version and push tag
-      if: ${{ github.event.inputs.branch_or_tag == 'main' }}
-      id: versioning
-      uses: anothrNick/[email protected]
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        WITH_V: false
-        DEFAULT_BUMP: patch
-
-    - name: View outputs
-      run: |
-        echo Deploying branch or tagged version to pre-prod: ${{ steps.versioning.outputs.tag || github.event.inputs.branch_or_tag }}
+      - name: Checkout main
+        if: ${{ github.event.inputs.branch_or_tag == 'main' }}
+        uses: actions/checkout@v4
+        with:
+          ref: main
+          fetch-depth: "0"
+
+      - name: Bump version and push tag
+        if: ${{ github.event.inputs.branch_or_tag == 'main' }}
+        id: versioning
+        uses: anothrNick/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          WITH_V: false
+          DEFAULT_BUMP: patch
+
+      - name: View outputs
+        run: |
+          echo Deploying branch or tagged version to pre-prod: ${{ steps.versioning.outputs.tag || github.event.inputs.branch_or_tag }}
 
   terraform_process:
     runs-on: ubuntu-latest
-    needs: ['tag_and_release']
+    needs: ["tag_and_release"]
     environment: pre-prod
 
     steps:
-    - name: Checkout
-      uses: actions/checkout@v5
-      with:
-        ref: ${{needs.tag_and_release.outputs.version}}
-        fetch-depth: '0'
-
-    - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v4
-      with:
-        role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }}
-        role-skip-session-tagging: true
-        aws-region: ${{ vars.AWS_REGION }}
-        mask-aws-account-id: true
-
-    - name: Setup Terraform
-      uses: hashicorp/setup-terraform@v3
-      with:
-        terraform_version: 1.11.4
-        terraform_wrapper: false
-      
-    - name: Terraform Init
-      id: init
-      run: terraform init -backend-config=backend-pre-prod.conf
-      working-directory: ./infrastructure 
-      shell: bash
-
-    - name: Terraform Set Workspace
-      id: workspace
-      run:  terraform workspace select ${{ secrets.AWS_WORKSPACE }}
-      working-directory: ./infrastructure 
-      shell: bash
-
-    - name: Terraform Format
-      run: terraform fmt -check
-      working-directory: ./infrastructure 
-
-    - name: Terraform Plan
-      id: plan
-      run: |
-        terraform plan -input=false -no-color -var-file="${{vars.TF_VARS_FILE}}" -out tf.plan
-      working-directory: ./infrastructure
-      shell: bash
-    
-    - name: Terraform Apply 
-      run: terraform apply -auto-approve -input=false tf.plan
-      working-directory: ./infrastructure
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{needs.tag_and_release.outputs.version}}
+          fetch-depth: "0"
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }}
+          role-skip-session-tagging: true
+          aws-region: ${{ vars.AWS_REGION }}
+          mask-aws-account-id: true
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.11.4
+          terraform_wrapper: false
+
+      - name: Terraform Init
+        id: init
+        run: terraform init -backend-config=backend-pre-prod.conf
+        working-directory: ./infrastructure
+        shell: bash
+
+      - name: Terraform Set Workspace
+        id: workspace
+        run: terraform workspace select ${{ secrets.AWS_WORKSPACE }}
+        working-directory: ./infrastructure
+        shell: bash
+
+      - name: Lambda Layer Imports
+        id: lambda_layer_import
+        run: ./import_lambda_layers.sh ${{ secrets.AWS_WORKSPACE }} ${{ vars.TF_VARS_FILE }}
+        working-directory: ./scripts
+        shell: bash
+
+      - name: Terraform Format
+        run: terraform fmt -check
+        working-directory: ./infrastructure
+
+      - name: Terraform Plan
+        id: plan
+        run: |
+          terraform plan -input=false -no-color -var-file="${{vars.TF_VARS_FILE}}" -out tf.plan
+        working-directory: ./infrastructure
+        shell: bash
+
+      - name: Terraform Apply
+        run: terraform apply -auto-approve -input=false tf.plan
+        working-directory: ./infrastructure