[PRMP-1505] Infrastructure for PDF stitching lambda (#247)

* Prevents http requests being made to logs store s3 bucket

* Starts to create infrastructure for new pdf stitcher lambda

* Starts to provision lambda pdf stitcher infrastructure

* Formatting

* Remove unnecessary vars from dev file

* Formatting

* Renames file

* Remove duplicate DLQ and add trigger and alarms for lambda

* adds missing quote

* corrected sqs referencing

* formatting

* increases visibility on sqs stitching queue

* Changes lambda name to conventional format

* Fixes naming conventions

* Linting

* Names handler correctly

* Removes unnecessary dependancies

---------

Co-authored-by: Jack Sutton <[email protected]>

Author: jack-nhs

bootstrap/README.md

@@ -9,7 +9,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.70.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0 |
 
 ## Modules
 

infrastructure/README.md

@@ -8,7 +8,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.86.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.73.0 |
 
 ## Modules
 
@@ -111,6 +111,9 @@
 | <a name="module_nems-message-lambda-alarm"></a> [nems-message-lambda-alarm](#module\_nems-message-lambda-alarm) | ./modules/lambda_alarms | n/a |
 | <a name="module_nems-message-lambda-alarm-topic"></a> [nems-message-lambda-alarm-topic](#module\_nems-message-lambda-alarm-topic) | ./modules/sns | n/a |
 | <a name="module_nrl-dlq-alarm-topic"></a> [nrl-dlq-alarm-topic](#module\_nrl-dlq-alarm-topic) | ./modules/sns | n/a |
+| <a name="module_pdf-stitching-alarm-topic"></a> [pdf-stitching-alarm-topic](#module\_pdf-stitching-alarm-topic) | ./modules/sns | n/a |
+| <a name="module_pdf-stitching-lambda"></a> [pdf-stitching-lambda](#module\_pdf-stitching-lambda) | ./modules/lambda | n/a |
+| <a name="module_pdf-stitching-lambda-alarms"></a> [pdf-stitching-lambda-alarms](#module\_pdf-stitching-lambda-alarms) | ./modules/lambda_alarms | n/a |
 | <a name="module_route53_fargate_ui"></a> [route53\_fargate\_ui](#module\_route53\_fargate\_ui) | ./modules/route53 | n/a |
 | <a name="module_search-document-references-gateway"></a> [search-document-references-gateway](#module\_search-document-references-gateway) | ./modules/gateway | n/a |
 | <a name="module_search-document-references-lambda"></a> [search-document-references-lambda](#module\_search-document-references-lambda) | ./modules/lambda | n/a |
@@ -132,6 +135,7 @@
 | <a name="module_sqs-nems-queue"></a> [sqs-nems-queue](#module\_sqs-nems-queue) | ./modules/sqs | n/a |
 | <a name="module_sqs-nrl-queue"></a> [sqs-nrl-queue](#module\_sqs-nrl-queue) | ./modules/sqs | n/a |
 | <a name="module_sqs-splunk-queue"></a> [sqs-splunk-queue](#module\_sqs-splunk-queue) | ./modules/sqs | n/a |
+| <a name="module_sqs-stitching-queue"></a> [sqs-stitching-queue](#module\_sqs-stitching-queue) | ./modules/sqs | n/a |
 | <a name="module_statistical-report-alarm"></a> [statistical-report-alarm](#module\_statistical-report-alarm) | ./modules/lambda_alarms | n/a |
 | <a name="module_statistical-report-alarm-topic"></a> [statistical-report-alarm-topic](#module\_statistical-report-alarm-topic) | ./modules/sns | n/a |
 | <a name="module_statistical-report-lambda"></a> [statistical-report-lambda](#module\_statistical-report-lambda) | ./modules/lambda | n/a |
@@ -286,6 +290,7 @@
 | [aws_lambda_event_source_mapping.mns_notification_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource |
 | [aws_lambda_event_source_mapping.nems_message_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource |
 | [aws_lambda_event_source_mapping.nrl_pointer_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource |
+| [aws_lambda_event_source_mapping.pdf-stitching-lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource |
 | [aws_lambda_permission.bulk_upload_metadata_schedule_permission](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
 | [aws_lambda_permission.bulk_upload_report_schedule_permission](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
 | [aws_lambda_permission.data_collection_schedule_permission](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |

infrastructure/dev.tfvars

@@ -15,6 +15,5 @@ mesh_client_cert_ssm_param_name = "/repo/dev/user-input/external/mesh-mailbox-cl
 mesh_client_key_ssm_param_name  = "/repo/dev/user-input/external/mesh-mailbox-client-key"
 mesh_ca_cert_ssm_param_name     = "/repo/dev/user-input/external/mesh-mailbox-ca-cert"
 
-standalone_vpc_tag                     = "ndr-dev"
-standalone_vpc_ig_tag                  = "ndr-dev"
-cloud_security_email_param_environment = "dev"
+standalone_vpc_tag    = "ndr-dev"
+standalone_vpc_ig_tag = "ndr-dev"

infrastructure/lambda-pdf-stitching.tf

@@ -0,0 +1,60 @@
+module "pdf-stitching-lambda" {
+  source         = "./modules/lambda"
+  name           = "PdfStitchingLambda"
+  handler        = "handlers.pdf_stitching_handler.lambda_handler"
+  lambda_timeout = 900
+  iam_role_policy_documents = [
+    module.ndr-lloyd-george-store.s3_write_policy_document,
+    module.ndr-lloyd-george-store.s3_read_policy_document,
+    module.sqs-nrl-queue.sqs_write_policy_document,
+    module.sqs-stitching-queue.sqs_write_policy_document,
+    module.sqs-stitching-queue.sqs_read_policy_document
+  ]
+  rest_api_id             = null
+  api_execution_arn       = null
+  is_invoked_from_gateway = false
+}
+
+resource "aws_lambda_event_source_mapping" "pdf-stitching-lambda" {
+  event_source_arn = module.sqs-stitching-queue.endpoint
+  function_name    = module.pdf-stitching-lambda.lambda_arn
+}
+
+module "pdf-stitching-lambda-alarms" {
+  source               = "./modules/lambda_alarms"
+  lambda_function_name = module.pdf-stitching-lambda.function_name
+  lambda_timeout       = module.pdf-stitching-lambda.timeout
+  lambda_name          = "PdfStitchingLambda"
+  namespace            = "AWS/Lambda"
+  alarm_actions        = [module.pdf-stitching-alarm-topic.arn]
+  ok_actions           = [module.pdf-stitching-alarm-topic.arn]
+}
+
+module "pdf-stitching-alarm-topic" {
+  source                = "./modules/sns"
+  sns_encryption_key_id = module.sns_encryption_key.id
+  current_account_id    = data.aws_caller_identity.current.account_id
+  topic_name            = "pdf-stitching-alarm-topic"
+  topic_protocol        = "lambda"
+  topic_endpoint        = module.pdf-stitching-lambda.lambda_arn
+  delivery_policy = jsonencode({
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Effect" : "Allow",
+        "Principal" : {
+          "Service" : "cloudwatch.amazonaws.com"
+        },
+        "Action" : [
+          "SNS:Publish",
+        ],
+        "Condition" : {
+          "ArnLike" : {
+            "aws:SourceArn" : "arn:aws:cloudwatch:eu-west-2:${data.aws_caller_identity.current.account_id}:alarm:*"
+          }
+        }
+        "Resource" : "*"
+      }
+    ]
+  })
+}

infrastructure/sqs-stitching.tf

@@ -0,0 +1,10 @@
+module "sqs-stitching-queue" {
+  source            = "./modules/sqs"
+  name              = "stitching-queue"
+  environment       = var.environment
+  owner             = var.owner
+  message_retention = 1800
+  enable_sse        = true
+  max_visibility    = 1200
+  enable_dlq        = true
+}