[PRMP-817-2] create infra for new lambda

Author: steph-torres-nhs

infrastructure/api.tf

@@ -75,6 +75,7 @@ resource "aws_api_gateway_deployment" "ndr_api_deploy" {
     module.send-feedback-gateway,
     module.send-feedback-lambda,
     module.review_document_version_gateway,
+    module.review_document_status_gateway,
     module.update_doc_ref_lambda,
     module.update-upload-state-gateway,
     module.update-upload-state-lambda,

infrastructure/gateway-review-document.tf

@@ -32,3 +32,15 @@ module "review_document_version_gateway" {
     "method.request.path.version" = true
   }
 }
+
+module "review_document_status_gateway" {
+  source              = "./modules/gateway"
+  api_gateway_id      = aws_api_gateway_rest_api.ndr_doc_store_api.id
+  parent_id           = module.review_document_version_gateway.gateway_resource_id
+  gateway_path        = "Status"
+  http_methods        = ["GET"]
+  require_credentials = true
+  authorization       = "CUSTOM"
+  authorizer_id       = aws_api_gateway_authorizer.repo_authoriser.id
+  origin              = contains(["prod"], terraform.workspace) ? "'https://${var.domain}'" : "'https://${terraform.workspace}.${var.domain}'"
+}

infrastructure/lambda-review-document-status.tf

@@ -0,0 +1,60 @@
+module "review-document-status-check-lambda" {
+  source  = "./modules/lambda"
+  name    = "ReviewDocumentStatusCheck"
+  handler = "handlers.review_document_status_check.lambda_handler"
+  iam_role_policy_documents = [
+    module.ndr-app-config.app_config_policy,
+    aws_iam_policy.ssm_access_policy.policy,
+    local.is_production ? "" : module.document_review_dynamodb_table[0].dynamodb_read_policy_document
+  ]
+  kms_deletion_window = var.kms_deletion_window
+  rest_api_id         = aws_api_gateway_rest_api.ndr_doc_store_api.id
+  resource_id         = module.review_document_status_gateway.gateway_resource_id
+  http_methods        = ["GET"]
+  api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
+  lambda_environment_variables = {
+    APPCONFIG_APPLICATION         = module.ndr-app-config.app_config_application_id
+    APPCONFIG_ENVIRONMENT         = module.ndr-app-config.app_config_environment_id
+    APPCONFIG_CONFIGURATION       = module.ndr-app-config.app_config_configuration_profile_id
+    DOCUMENT_REVIEW_DYNAMODB_NAME = local.is_production ? "" : module.document_review_dynamodb_table[0].dynamodb_read_policy_document
+    WORKSPACE                     = terraform.workspace
+  }
+}
+
+module "review-document-status-check-lambda-alarm" {
+  source               = "./modules/lambda_alarms"
+  lambda_function_name = module.review-document-status-check-lambda.function_name
+  lambda_timeout       = module.review-document-status-check-lambda.timeout
+  lambda_name          = "search_document_review_handler"
+  namespace            = "AWS/Lambda"
+  alarm_actions        = [module.review-document-status-check-alarm-topic.arn]
+  ok_actions           = [module.review-document-status-check-alarm-topic.arn]
+}
+
+module "review-document-status-check-alarm-topic" {
+  source                = "./modules/sns"
+  sns_encryption_key_id = module.sns_encryption_key.id
+  topic_name            = "search-document-review-lambda-alarm-topic"
+  topic_protocol        = "lambda"
+  topic_endpoint        = module.review-document-status-check-lambda.lambda_arn
+  delivery_policy = jsonencode({
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Effect" : "Allow",
+        "Principal" : {
+          "Service" : "cloudwatch.amazonaws.com"
+        },
+        "Action" : [
+          "SNS:Publish",
+        ],
+        "Condition" : {
+          "ArnLike" : {
+            "aws:SourceArn" : "arn:aws:cloudwatch:eu-west-2:${data.aws_caller_identity.current.account_id}:alarm:*"
+          }
+        }
+        "Resource" : "*"
+      }
+    ]
+  })
+}