[PRMP-1048] the infrastructure

Author: SWhyteAnswer

infrastructure/concurrency_controls.tf

@@ -0,0 +1,75 @@
+# Concurrency control schedules 
+# Office hour start 
+resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_office_hours_start" {
+  name                = "bulk-upload-office-hours-start"
+  schedule_expression = "cron(0 9 * * ? *)"
+}
+
+resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_start" {
+  rule      = aws_cloudwatch_event_rule.bulk_upload_concurrency_office_hours_start.name
+  target_id = "office-hours-start"
+  arn       = module.concurrency_controller.arn
+
+  input = jsonencode({
+    targetFunction      = var.bulk_upload_lambda_name
+    reservedConcurrency = var.office_hours_start_concurrency
+  })
+}
+
+# Office hours stop 
+resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_office_hours_stop" {
+  name                = "bulk-upload-office-hours-stop"
+  schedule_expression = "cron(0 17 * * ? *)"
+}
+
+resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_stop" {
+  rule      = aws_cloudwatch_event_rule.bulk_upload_office_hours_stop.name
+  target_id = "office-hours-stop"
+  arn       = module.concurrency_controller.arn
+
+  input = jsonencode({
+    targetFunction      = var.bulk_upload_lambda_name
+    reservedConcurrency = var.office_hours_end_concurrency
+  })
+}
+
+# Concurrency control triggers 
+# Concurrency freeze during ECS deploy 
+resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_deploy" {
+  name = "bulk-upload-concurrency-deploy"
+  event_pattern = jsonencode({
+    source      = ["deploy.pipeline"]
+    detail-type = ["freeze-concurrency"]
+  })
+}
+
+resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_deploy" {
+  rule      = aws_cloudwatch_event_rule.bulk_upload_concurrency_deploy.name
+  target_id = "freeze-concurrency"
+  arn       = module.concurrency_controller.arn
+
+  input = jsonencode({
+    targetFunction      = var.bulk_upload_lambda_name
+    reservedConcurrency = 0
+  })
+}
+
+# Restore concurrency after release
+resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_release_restore" {
+  name = "bulk-upload-concurrency-release-restore"
+  event_pattern = jsonencode({
+    source      = ["release.pipeline"]
+    detail-type = ["restore-bulk-upload-concurrency"]
+  })
+}
+
+resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_release_restore" {
+  rule      = aws_cloudwatch_event_rule.bulk_upload_concurrency_release_restore.name
+  target_id = "restore-bulk-upload-concurrency"
+  arn       = module.concurrency_controller.arn
+
+  input = jsonencode({
+    targetFunction      = var.bulk_upload_lambda_name
+    reservedConcurrency = local.bulk_upload_lambda_concurrent_limit
+  })
+}

infrastructure/lambda-concurrency-controller.tf

@@ -0,0 +1,61 @@
+
+data "aws_iam_policy_document" "concurrency_controller_policy" {
+  statement {
+    effect = "Allow"
+    actions = [
+      "lambda:PutFunctionConcurrency",
+      "lambda:GetFunctionConcurrency"
+    ]
+    resources = [
+      module.bulk-upload-lambda.lambda_arn
+    ]
+  }
+}
+
+module "concurrency_controller" {
+  source  = "./modules/lambda"
+  name    = "ConcurrencyController"
+  handler = "handlers.concurrency_controller_handler.lambda_handler"
+
+  #This lambda is an orchestrator so should have unlimited conc
+  reserved_concurrent_executions = -1
+
+  is_gateway_integration_needed = false
+  is_invoked_from_gateway       = false
+
+  iam_role_policy_documents = [
+    data.aws_iam_policy_document.concurrency_controller_policy.json
+  ]
+}
+
+resource "aws_lambda_permission" "office_hours_start_permission" {
+  statement_id  = "AllowEventBridgeOfficeHoursStart"
+  action        = "lambda:InvokeFunction"
+  function_name = module.concurrency_controller.lambda_function_name
+  principal     = "events.amazonaws.com"
+  source_arn    = aws_cloudwatch_event_rule.bulk_upload_concurrency_office_hours_start.arn
+}
+
+resource "aws_lambda_permission" "office_hours_stop_permission" {
+  statement_id  = "AllowEventBridgeOfficeHoursStop"
+  action        = "lambda:InvokeFunction"
+  function_name = module.concurrency_controller.lambda_function_name
+  principal     = "events.amazonaws.com"
+  source_arn    = aws_cloudwatch_event_rule.bulk_upload_concurrency_office_hours_stop.arn
+}
+
+resource "aws_lambda_permission" "deploy_permission" {
+  statement_id  = "AllowEventBridgeDeploy"
+  action        = "lambda:InvokeFunction"
+  function_name = module.concurrency_controller.lambda_function_name
+  principal     = "events.amazonaws.com"
+  source_arn    = aws_cloudwatch_event_rule.bulk_upload_concurrency_deploy.arn
+}
+
+resource "aws_lambda_permission" "release_restore_permission" {
+  statement_id  = "AllowEventBridgeReleaseRestore"
+  action        = "lambda:InvokeFunction"
+  function_name = module.concurrency_controller.lambda_function_name
+  principal     = "events.amazonaws.com"
+  source_arn    = aws_cloudwatch_event_rule.bulk_upload_concurrency_release_restore.arn
+}

infrastructure/schedules.tf

@@ -167,3 +167,6 @@ resource "aws_lambda_permission" "toggle_bulk_upload_disable_permission" {
   principal     = "events.amazonaws.com"
   source_arn    = aws_cloudwatch_event_rule.bulk_upload_disable_rule.arn
 }
+
+
+

infrastructure/variable.tf

@@ -314,3 +314,21 @@ variable "kms_deletion_window" {
   type        = number
   default     = 30
 }
+
+# Concurrency Controller 
+
+variable "bulk_upload_lambda_name" {
+  type = string
+}
+
+variable "office_hours_start_concurrency" {
+  type    = number
+  default = 1
+}
+
+variable "office_hours_end_concurrency" {
+  type    = number
+  default = 3
+}
+
+