[PRMP-809] Add S3 event trigger for document review prefix (#518)

Signed-off-by: NogaNHS <[email protected]>

Author: NogaNHS

infrastructure/buckets.tf

@@ -233,6 +233,18 @@ resource "aws_s3_bucket_lifecycle_configuration" "staging-store-lifecycle-rules"
       prefix = "user_upload/"
     }
   }
+  rule {
+    id     = "Delete objects in review folder that have existed for 24 hours"
+    status = "Enabled"
+
+    expiration {
+      days = 1
+    }
+
+    filter {
+      prefix = "review/"
+    }
+  }
   rule {
     id     = "default-to-intelligent-tiering"
     status = "Enabled"

infrastructure/lambda-document-upload-check.tf

@@ -12,22 +12,27 @@ module "document_upload_check_lambda" {
     module.lloyd_george_reference_dynamodb_table.dynamodb_write_policy_document,
     module.pdm_dynamodb_table.dynamodb_read_policy_document,
     module.pdm_dynamodb_table.dynamodb_write_policy_document,
+    data.aws_iam_policy.aws_lambda_vpc_access_execution_role.policy,
+    local.is_production ? "" : module.document_review_dynamodb_table[0].dynamodb_read_policy_document,
+    local.is_production ? "" : module.document_review_dynamodb_table[0].dynamodb_write_policy_document,
+    module.ndr-document-pending-review-store.s3_write_policy_document,
     module.core_dynamodb_table.dynamodb_read_policy_document,
     module.core_dynamodb_table.dynamodb_write_policy_document,
-    data.aws_iam_policy.aws_lambda_vpc_access_execution_role.policy
   ]
   kms_deletion_window = var.kms_deletion_window
   rest_api_id         = null
   http_methods        = null
   api_execution_arn   = null
   lambda_environment_variables = {
-    LLOYD_GEORGE_DYNAMODB_NAME = module.lloyd_george_reference_dynamodb_table.table_name
-    PDM_DYNAMODB_NAME          = module.pdm_dynamodb_table.table_name
-    STAGING_STORE_BUCKET_NAME  = module.ndr-bulk-staging-store.bucket_id
-    LLOYD_GEORGE_BUCKET_NAME   = module.ndr-lloyd-george-store.bucket_id
-    PDM_BUCKET_NAME            = module.pdm-document-store.bucket_id
-    WORKSPACE                  = terraform.workspace
-    VIRUS_SCAN_STUB            = !local.is_production
+    LLOYD_GEORGE_DYNAMODB_NAME    = module.lloyd_george_reference_dynamodb_table.table_name
+    DOCUMENT_REVIEW_DYNAMODB_NAME = local.is_production ? "" : module.document_review_dynamodb_table[0].table_name
+    PDM_DYNAMODB_NAME             = module.pdm_dynamodb_table.table_name
+    STAGING_STORE_BUCKET_NAME     = module.ndr-bulk-staging-store.bucket_id
+    LLOYD_GEORGE_BUCKET_NAME      = module.ndr-lloyd-george-store.bucket_id
+    PDM_BUCKET_NAME               = module.pdm-document-store.bucket_id
+    PENDING_REVIEW_BUCKET_NAME    = module.ndr-document-pending-review-store.bucket_id
+    WORKSPACE                     = terraform.workspace
+    VIRUS_SCAN_STUB               = !local.is_production
 
   }
   lambda_timeout                = 900
@@ -68,6 +73,11 @@ resource "aws_s3_bucket_notification" "document_upload_check_lambda_trigger" {
     events              = ["s3:ObjectCreated:*"]
     filter_prefix       = "fhir_upload"
   }
+  lambda_function {
+    lambda_function_arn = module.document_upload_check_lambda.lambda_arn
+    events              = ["s3:ObjectCreated:*"]
+    filter_prefix       = "review"
+  }
 }
 
 resource "aws_lambda_permission" "document_upload_check_lambda" {