[PRMP-876] Create a new S3 bucket for the Review feature (#511)

steph-torres-nhs · web-flow · commit 6e6ae93a3c92 · 2025-11-24T11:25:51.000Z
diff --git a/infrastructure/backups.tf b/infrastructure/backups.tf
@@ -26,7 +26,8 @@ resource "aws_backup_selection" "s3_continuous_backup" {
   resources = [
     module.ndr-document-store.bucket_arn,
     module.ndr-lloyd-george-store.bucket_arn,
-    module.statistical-reports-store.bucket_arn
+    module.statistical-reports-store.bucket_arn,
+    module.ndr-document-pending-review-store.bucket_arn
   ]
 }
 
diff --git a/infrastructure/buckets.tf b/infrastructure/buckets.tf
@@ -157,6 +157,24 @@ data "aws_s3_object" "truststore_ext_cert" {
   key    = var.ca_pem_filename
 }
 
+module "ndr-document-pending-review-store" {
+  source                    = "./modules/s3"
+  access_logs_enabled       = local.is_production
+  access_logs_bucket_id     = local.access_logs_bucket_id
+  bucket_name               = var.document_pending_review_bucket_name
+  environment               = var.environment
+  owner                     = var.owner
+  enable_bucket_versioning  = true
+  force_destroy             = local.is_force_destroy
+  enable_cors_configuration = true
+  cors_rules = [
+    {
+      allowed_methods = ["GET"]
+      allowed_origins = [contains(["prod"], terraform.workspace) ? "https://${var.domain}" : "https://${terraform.workspace}.${var.domain}"]
+    }
+  ]
+}
+
 # Lifecycle Rules
 resource "aws_s3_bucket_lifecycle_configuration" "lg-lifecycle-rules" {
   bucket = module.ndr-lloyd-george-store.bucket_id
@@ -250,6 +268,19 @@ resource "aws_s3_bucket_lifecycle_configuration" "pdm_document_store" {
   }
 }
 
+resource "aws_s3_bucket_lifecycle_configuration" "ndr_document_pending_review_store" {
+  bucket = module.ndr-document-pending-review-store.bucket_id
+  rule {
+    id     = "default-to-intelligent-tiering"
+    status = "Enabled"
+    transition {
+      storage_class = "INTELLIGENT_TIERING"
+      days          = 0
+    }
+    filter {}
+  }
+}
+
 # Logging Buckets
 resource "aws_s3_bucket" "access_logs" {
   count         = local.access_logs_count
diff --git a/infrastructure/variable.tf b/infrastructure/variable.tf
@@ -86,6 +86,13 @@ variable "ca_pem_filename" {
   default     = "ndr-truststore.pem"
 }
 
+variable "document_pending_review_bucket_name" {
+  type        = string
+  description = "The S3 bucket name to store documents pending review"
+  default     = "document-pending-review-store"
+}
+
+
 # DynamoDB Table Variables
 
 variable "pdm_dynamodb_table_name" {

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,8 @@ resource "aws_backup_selection" "s3_continuous_backup" {`
`26`	`26`	`resources = [`
`27`	`27`	`module.ndr-document-store.bucket_arn,`
`28`	`28`	`module.ndr-lloyd-george-store.bucket_arn,`
`29`		`- module.statistical-reports-store.bucket_arn`
	`29`	`+ module.statistical-reports-store.bucket_arn,`
	`30`	`+ module.ndr-document-pending-review-store.bucket_arn`
`30`	`31`	`]`
`31`	`32`	`}`
`32`	`33`