Revert "[NDR-205] Remove "count = 1" from any resources that have it. (#400)"

This reverts commit 53ac709.

Author: jameslinnell

infrastructure/gateway-document-reference.tf

@@ -1,4 +1,5 @@
 module "fhir_document_reference_gateway" {
+  count               = 1
   source              = "./modules/gateway"
   api_gateway_id      = aws_api_gateway_rest_api.ndr_doc_store_api.id
   parent_id           = aws_api_gateway_rest_api.ndr_doc_store_api.root_resource_id
@@ -7,5 +8,4 @@ module "fhir_document_reference_gateway" {
   api_key_required    = true
   gateway_path        = "FhirDocumentReference"
   require_credentials = true
-}
-
+}

infrastructure/iam.tf

@@ -23,7 +23,7 @@ data "aws_iam_policy_document" "assume_role_policy_for_create_lambda" {
       type = "AWS"
       identifiers = compact([
         module.create-doc-ref-lambda.lambda_execution_role_arn,
-        local.is_production ? null : module.post-document-references-fhir-lambda.lambda_execution_role_arn
+        local.is_production ? null : module.post-document-references-fhir-lambda[0].lambda_execution_role_arn
       ])
     }
   }
@@ -135,24 +135,27 @@ resource "aws_iam_policy" "s3_document_data_policy_for_get_doc_ref_lambda" {
 }
 
 data "aws_iam_policy_document" "assume_role_policy_for_get_doc_ref_lambda" {
+  count = 1
   statement {
     actions = ["sts:AssumeRole"]
 
     principals {
       type        = "AWS"
-      identifiers = [module.get-doc-fhir-lambda.lambda_execution_role_arn]
+      identifiers = [module.get-doc-fhir-lambda[0].lambda_execution_role_arn]
     }
   }
 }
 
 resource "aws_iam_role" "get_fhir_doc_presign_url_role" {
+  count              = 1
   name               = "${terraform.workspace}_get_fhir_doc_presign_url_role"
-  assume_role_policy = data.aws_iam_policy_document.assume_role_policy_for_get_doc_ref_lambda.json
+  assume_role_policy = data.aws_iam_policy_document.assume_role_policy_for_get_doc_ref_lambda[0].json
 }
 
 
 resource "aws_iam_role_policy_attachment" "get_doc_presign_url" {
-  role       = aws_iam_role.get_fhir_doc_presign_url_role.name
+  count      = 1
+  role       = aws_iam_role.get_fhir_doc_presign_url_role[0].name
   policy_arn = aws_iam_policy.s3_document_data_policy_for_get_doc_ref_lambda.arn
 }
 

infrastructure/lambda-document-upload-check.tf

@@ -1,4 +1,5 @@
 module "document_upload_check_lambda" {
+  count   = 1
   source  = "./modules/lambda"
   name    = "DocumentReferenceVirusScanCheck"
   handler = "handlers.document_reference_virus_scan_handler.lambda_handler"
@@ -48,18 +49,20 @@ data "aws_security_groups" "virus_scanner_api" {
 }
 
 resource "aws_s3_bucket_notification" "document_upload_check_lambda_trigger" {
+  count  = 1
   bucket = module.ndr-bulk-staging-store.bucket_id
   lambda_function {
-    lambda_function_arn = module.document_upload_check_lambda.lambda_arn
+    lambda_function_arn = module.document_upload_check_lambda[0].lambda_arn
     events              = ["s3:ObjectCreated:*"]
     filter_prefix       = "user_upload"
   }
 }
 
 resource "aws_lambda_permission" "document_upload_check_lambda" {
+  count         = 1
   statement_id  = "AllowS3Invoke"
   action        = "lambda:InvokeFunction"
-  function_name = module.document_upload_check_lambda.function_name
+  function_name = module.document_upload_check_lambda[0].function_name
   principal     = "s3.amazonaws.com"
   source_arn    = "arn:aws:s3:::${module.ndr-bulk-staging-store.bucket_id}"
 }

infrastructure/lambda-get-document-fhir.tf

@@ -1,12 +1,14 @@
 resource "aws_api_gateway_resource" "get_document_reference" {
+  count       = 1
   rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  parent_id   = module.fhir_document_reference_gateway.gateway_resource_id
+  parent_id   = module.fhir_document_reference_gateway[0].gateway_resource_id
   path_part   = "{id}"
 }
 
 resource "aws_api_gateway_method" "get_document_reference" {
+  count            = 1
   rest_api_id      = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  resource_id      = aws_api_gateway_resource.get_document_reference.id
+  resource_id      = aws_api_gateway_resource.get_document_reference[0].id
   http_method      = "GET"
   authorization    = "NONE"
   api_key_required = true
@@ -17,6 +19,7 @@ resource "aws_api_gateway_method" "get_document_reference" {
 
 
 module "get-doc-fhir-lambda" {
+  count   = 1
   source  = "./modules/lambda"
   name    = "GetDocumentReference"
   handler = "handlers.get_fhir_document_reference_handler.lambda_handler"
@@ -28,7 +31,7 @@ module "get-doc-fhir-lambda" {
   ]
   kms_deletion_window = var.kms_deletion_window
   rest_api_id         = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  resource_id         = aws_api_gateway_resource.get_document_reference.id
+  resource_id         = aws_api_gateway_resource.get_document_reference[0].id
   http_methods        = ["GET"]
   api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
   lambda_environment_variables = {
@@ -37,7 +40,7 @@ module "get-doc-fhir-lambda" {
     APPCONFIG_CONFIGURATION    = module.ndr-app-config.app_config_configuration_profile_id
     WORKSPACE                  = terraform.workspace
     ENVIRONMENT                = var.environment
-    PRESIGNED_ASSUME_ROLE      = aws_iam_role.get_fhir_doc_presign_url_role.arn
+    PRESIGNED_ASSUME_ROLE      = aws_iam_role.get_fhir_doc_presign_url_role[0].arn
     LLOYD_GEORGE_DYNAMODB_NAME = "${terraform.workspace}_${var.lloyd_george_dynamodb_table_name}"
     OIDC_CALLBACK_URL          = contains(["prod"], terraform.workspace) ? "https://${var.domain}/auth-callback" : "https://${terraform.workspace}.${var.domain}/auth-callback"
     CLOUDFRONT_URL             = module.cloudfront-distribution-lg.cloudfront_url

infrastructure/lambda-mns-notification.tf

@@ -1,15 +1,16 @@
 module "mns-notification-lambda" {
+  count   = 1
   source  = "./modules/lambda"
   name    = "MNSNotificationLambda"
   handler = "handlers.mns_notification_handler.lambda_handler"
   iam_role_policy_documents = [
-    module.sqs-mns-notification-queue.sqs_read_policy_document,
-    module.sqs-mns-notification-queue.sqs_write_policy_document,
+    module.sqs-mns-notification-queue[0].sqs_read_policy_document,
+    module.sqs-mns-notification-queue[0].sqs_write_policy_document,
     module.lloyd_george_reference_dynamodb_table.dynamodb_write_policy_document,
     module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,
     aws_iam_policy.ssm_access_policy.policy,
     module.ndr-app-config.app_config_policy,
-    aws_iam_policy.kms_mns_lambda_access.policy,
+    aws_iam_policy.kms_mns_lambda_access[0].policy,
   ]
   kms_deletion_window = var.kms_deletion_window
   rest_api_id         = null
@@ -20,7 +21,7 @@ module "mns-notification-lambda" {
     APPCONFIG_CONFIGURATION    = module.ndr-app-config.app_config_configuration_profile_id
     WORKSPACE                  = terraform.workspace
     LLOYD_GEORGE_DYNAMODB_NAME = "${terraform.workspace}_${var.lloyd_george_dynamodb_table_name}"
-    MNS_NOTIFICATION_QUEUE_URL = module.sqs-mns-notification-queue.sqs_url
+    MNS_NOTIFICATION_QUEUE_URL = module.sqs-mns-notification-queue[0].sqs_url
     PDS_FHIR_IS_STUBBED        = local.is_sandbox
   }
   is_gateway_integration_needed = false
@@ -29,26 +30,29 @@ module "mns-notification-lambda" {
 }
 
 resource "aws_lambda_event_source_mapping" "mns_notification_lambda" {
-  event_source_arn = module.sqs-mns-notification-queue.endpoint
-  function_name    = module.mns-notification-lambda.lambda_arn
+  count            = 1
+  event_source_arn = module.sqs-mns-notification-queue[0].endpoint
+  function_name    = module.mns-notification-lambda[0].lambda_arn
 }
 
 module "mns-notification-alarm" {
+  count                = 1
   source               = "./modules/lambda_alarms"
-  lambda_function_name = module.mns-notification-lambda.function_name
-  lambda_timeout       = module.mns-notification-lambda.timeout
+  lambda_function_name = module.mns-notification-lambda[0].function_name
+  lambda_timeout       = module.mns-notification-lambda[0].timeout
   lambda_name          = "mns_notification_handler"
   namespace            = "AWS/Lambda"
-  alarm_actions        = [module.mns-notification-alarm-topic.arn]
-  ok_actions           = [module.mns-notification-alarm-topic.arn]
+  alarm_actions        = [module.mns-notification-alarm-topic[0].arn]
+  ok_actions           = [module.mns-notification-alarm-topic[0].arn]
 }
 
 module "mns-notification-alarm-topic" {
+  count                 = 1
   source                = "./modules/sns"
   sns_encryption_key_id = module.sns_encryption_key.id
   topic_name            = "mns-notification-topic"
   topic_protocol        = "lambda"
-  topic_endpoint        = module.mns-notification-lambda.lambda_arn
+  topic_endpoint        = module.mns-notification-lambda[0].lambda_arn
   delivery_policy = jsonencode({
     "Version" : "2012-10-17",
     "Statement" : [
@@ -72,6 +76,8 @@ module "mns-notification-alarm-topic" {
 }
 
 resource "aws_iam_policy" "kms_mns_lambda_access" {
+  count = 1
+
   name        = "${terraform.workspace}_mns_notification_lambda_access_policy"
   description = "KMS policy to allow lambda to read and write MNS SQS messages"
 
@@ -84,7 +90,7 @@ resource "aws_iam_policy" "kms_mns_lambda_access" {
           "kms:GenerateDataKey"
         ]
         Effect   = "Allow"
-        Resource = module.mns_encryption_key.kms_arn
+        Resource = module.mns_encryption_key[0].kms_arn
       },
     ]
   })

infrastructure/lambda-post-document-fhir.tf

@@ -1,4 +1,5 @@
 module "post-document-references-fhir-lambda" {
+  count   = 1
   source  = "./modules/lambda"
   name    = "PostDocumentReferencesFHIR"
   handler = "handlers.post_fhir_document_reference_handler.lambda_handler"
@@ -11,7 +12,7 @@ module "post-document-references-fhir-lambda" {
   ]
   kms_deletion_window = var.kms_deletion_window
   rest_api_id         = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  resource_id         = module.fhir_document_reference_gateway.gateway_resource_id
+  resource_id         = module.fhir_document_reference_gateway[0].gateway_resource_id
   http_methods        = ["POST"]
   api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
   lambda_environment_variables = {

infrastructure/lambda-search-document-references-fhir.tf

@@ -1,4 +1,5 @@
 module "search-document-references-fhir-lambda" {
+  count   = 1
   source  = "./modules/lambda"
   name    = "SearchDocumentReferencesFHIR"
   handler = "handlers.fhir_document_reference_search_handler.lambda_handler"
@@ -13,7 +14,7 @@ module "search-document-references-fhir-lambda" {
   ]
   kms_deletion_window = var.kms_deletion_window
   rest_api_id         = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  resource_id         = module.fhir_document_reference_gateway.gateway_resource_id
+  resource_id         = module.fhir_document_reference_gateway[0].gateway_resource_id
   http_methods        = ["GET"]
   api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
   lambda_environment_variables = {

infrastructure/mns.tf

@@ -4,6 +4,7 @@ data "aws_ssm_parameter" "mns_lambda_role" {
 
 
 module "mns_encryption_key" {
+  count                 = 1
   source                = "./modules/kms"
   kms_key_name          = "alias/mns-notification-encryption-key-kms-${terraform.workspace}"
   kms_key_description   = "Custom KMS Key to enable server side encryption for mns subscriptions"
@@ -16,6 +17,7 @@ module "mns_encryption_key" {
 }
 
 module "sqs-mns-notification-queue" {
+  count                  = 1
   source                 = "./modules/sqs"
   name                   = "mns-notification-queue"
   max_size_message       = 256 * 1024        # allow message size up to 256 KB
@@ -25,14 +27,16 @@ module "sqs-mns-notification-queue" {
   max_visibility         = 901
   delay                  = 60
   enable_sse             = null
-  kms_master_key_id      = module.mns_encryption_key.id
+  kms_master_key_id      = module.mns_encryption_key[0].id
   enable_dlq             = true
   dlq_visibility_timeout = 0
   max_receive_count      = 3
 }
 
 resource "aws_sqs_queue_policy" "mns_sqs_access" {
-  queue_url = module.sqs-mns-notification-queue.sqs_url
+  count = 1
+
+  queue_url = module.sqs-mns-notification-queue[0].sqs_url
 
   policy = jsonencode({
     Version = "2012-10-17"
@@ -43,7 +47,7 @@ resource "aws_sqs_queue_policy" "mns_sqs_access" {
           AWS = data.aws_ssm_parameter.mns_lambda_role.value
         },
         Action   = "SQS:SendMessage",
-        Resource = module.sqs-mns-notification-queue.sqs_arn
+        Resource = module.sqs-mns-notification-queue[0].sqs_arn
       }
     ]
   })
@@ -62,7 +66,7 @@ resource "aws_cloudwatch_metric_alarm" "msn_dlq_new_message" {
   alarm_actions       = [module.mns-dlq-alarm-topic.arn]
 
   dimensions = {
-    QueueName = module.sqs-mns-notification-queue.dlq_name
+    QueueName = module.sqs-mns-notification-queue[0].dlq_name
   }
 }
 
@@ -93,5 +97,5 @@ module "mns-dlq-alarm-topic" {
       }
     ]
   })
-  depends_on = [module.sqs-mns-notification-queue]
+  depends_on = [module.sqs-mns-notification-queue[0]]
 }

infrastructure/moved-resources.tf

@@ -22,68 +22,4 @@ moved {
 moved {
   from = module.upload_confirm_result_alarm_topic
   to   = module.document-status-check-alarm-topic
-}
-
-#NDR-205
-
-moved {
-  from = module.fhir_document_reference_gateway[0]
-  to   = module.fhir_document_reference_gateway
-}
-
-moved {
-  from = module.post-document-references-fhir-lambda[0].aws_iam_role.lambda_execution_role
-  to   = module.post-document-references-fhir-lambda.aws_iam_role.lambda_execution_role
-}
-
-moved {
-  from = module.post-document-references-fhir-lambda[0].aws_cloudwatch_log_group.lambda_logs[0]
-  to   = module.post-document-references-fhir-lambda.aws_cloudwatch_log_group.lambda_logs[0]
-}
-
-moved {
-  from = module.post-document-references-fhir-lambda[0].aws_lambda_function.lambda
-  to   = module.post-document-references-fhir-lambda.aws_lambda_function.lambda
-}
-
-moved {
-  from = module.post-document-references-fhir-lambda[0].aws_kms_alias.lambda
-  to   = module.post-document-references-fhir-lambda.aws_kms_alias.lambda
-}
-moved {
-  from = module.post-document-references-fhir-lambda[0].aws_iam_policy.combined_policies
-  to   = module.post-document-references-fhir-lambda.aws_iam_policy.combined_policies
-}
-
-moved {
-  from = module.post-document-references-fhir-lambda[0].aws_lambda_permission.lambda_permission[0]
-  to   = module.post-document-references-fhir-lambda.aws_lambda_permission.lambda_permission[0]
-}
-
-moved {
-  from = module.get-doc-fhir-lambda[0].aws_iam_role.lambda_execution_role
-  to   = module.get-doc-fhir-lambda.aws_iam_role.lambda_execution_role
-}
-
-moved {
-  from = module.get-doc-fhir-lambda[0].aws_cloudwatch_log_group.lambda_logs[0]
-  to   = module.get-doc-fhir-lambda.aws_cloudwatch_log_group.lambda_logs[0]
-}
-
-moved {
-  from = module.get-doc-fhir-lambda[0].aws_lambda_function.lambda
-  to   = module.get-doc-fhir-lambda.aws_lambda_function.lambda
-}
-moved {
-  from = module.get-doc-fhir-lambda[0].aws_kms_alias.lambda
-  to   = module.get-doc-fhir-lambda.aws_kms_alias.lambda
-}
-moved {
-  from = module.get-doc-fhir-lambda[0].aws_iam_policy.combined_policies
-  to   = module.get-doc-fhir-lambda.aws_iam_policy.combined_policies
-}
-
-moved {
-  from = module.get-doc-fhir-lambda[0].aws_lambda_permission.lambda_permission[0]
-  to   = module.get-doc-fhir-lambda.aws_lambda_permission.lambda_permission[0]
-}
+}