Skip to content

Commit e78c8ce

Browse files
RachelHowellNHSabbas-khan10
RachelHowellNHS
and
abbas-khan10
authored
PRMDR-698 create new feature flag config file with flags disabled
Co-authored-by: abbas-khan10 <[email protected]>
1 parent 0781d80 commit e78c8ce

25 files changed

+177
-66
lines changed

infrastructure/README.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88

99
| Name | Version |
1010
|------|---------|
11-
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.30.0 |
11+
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.12.0 |
1212

1313
## Modules
1414

@@ -136,7 +136,6 @@
136136
| [aws_ecs_cluster.mesh-forwarder-ecs-cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster) | resource |
137137
| [aws_ecs_service.mesh_forwarder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource |
138138
| [aws_ecs_task_definition.forwarder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource |
139-
| [aws_iam_policy.app_config_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
140139
| [aws_iam_policy.copy_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
141140
| [aws_iam_policy.dynamodb_policy_scan_bulk_report](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
142141
| [aws_iam_policy.lambda_audit_splunk_sqs_queue_send_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |

infrastructure/lambda-authoriser.tf

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,10 +7,14 @@ module "authoriser-lambda" {
77
"arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy",
88
aws_iam_policy.ssm_policy_authoriser.arn,
99
module.auth_session_dynamodb_table.dynamodb_policy,
10+
module.ndr-app-config.app_config_policy_arn
1011
]
1112
rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api.id
1213
api_execution_arn = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
1314
lambda_environment_variables = {
15+
APPCONFIG_APPLICATION = module.ndr-app-config.app_config_application_id
16+
APPCONFIG_ENVIRONMENT = module.ndr-app-config.app_config_environment_id
17+
APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id
1418
WORKSPACE = terraform.workspace
1519
SSM_PARAM_JWT_TOKEN_PUBLIC_KEY = "jwt_token_public_key"
1620
AUTH_SESSION_TABLE_NAME = "${terraform.workspace}_${var.auth_session_dynamodb_table_name}"
@@ -22,7 +26,8 @@ module "authoriser-lambda" {
2226
depends_on = [
2327
aws_iam_policy.ssm_policy_authoriser,
2428
module.auth_session_dynamodb_table,
25-
aws_api_gateway_rest_api.ndr_doc_store_api
29+
aws_api_gateway_rest_api.ndr_doc_store_api,
30+
module.ndr-app-config
2631
]
2732
}
2833

infrastructure/lambda-back-channel-logout.tf

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,13 +26,17 @@ module "back_channel_logout_lambda" {
2626
"arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
2727
"arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy",
2828
aws_iam_policy.ssm_policy_oidc.arn,
29-
module.auth_session_dynamodb_table.dynamodb_policy
29+
module.auth_session_dynamodb_table.dynamodb_policy,
30+
module.ndr-app-config.app_config_policy_arn
3031
]
3132
rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api.id
3233
resource_id = module.back-channel-logout-gateway.gateway_resource_id
3334
http_method = "POST"
3435
api_execution_arn = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
3536
lambda_environment_variables = {
37+
APPCONFIG_APPLICATION = module.ndr-app-config.app_config_application_id
38+
APPCONFIG_ENVIRONMENT = module.ndr-app-config.app_config_environment_id
39+
APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id
3640
WORKSPACE = terraform.workspace
3741
ENVIRONMENT = var.environment
3842
AUTH_DYNAMODB_NAME = "${terraform.workspace}_${var.auth_session_dynamodb_table_name}"
@@ -43,7 +47,9 @@ module "back_channel_logout_lambda" {
4347
aws_api_gateway_rest_api.ndr_doc_store_api,
4448
aws_iam_policy.ssm_policy_oidc,
4549
module.auth_session_dynamodb_table,
46-
module.back-channel-logout-gateway]
50+
module.back-channel-logout-gateway,
51+
module.ndr-app-config
52+
]
4753
}
4854

4955
module "back_channel_logout_alarm" {

infrastructure/lambda-bulk-upload-metadata.tf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,10 +8,14 @@ module "bulk-upload-metadata-lambda" {
88
"arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy",
99
module.ndr-bulk-staging-store.s3_object_access_policy,
1010
module.sqs-lg-bulk-upload-metadata-queue.sqs_policy,
11+
module.ndr-app-config.app_config_policy_arn
1112
]
1213
rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api.id
1314
api_execution_arn = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
1415
lambda_environment_variables = {
16+
APPCONFIG_APPLICATION = module.ndr-app-config.app_config_application_id
17+
APPCONFIG_ENVIRONMENT = module.ndr-app-config.app_config_environment_id
18+
APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id
1519
WORKSPACE = terraform.workspace
1620
STAGING_STORE_BUCKET_NAME = "${terraform.workspace}-${var.staging_store_bucket_name}"
1721
METADATA_SQS_QUEUE_URL = module.sqs-lg-bulk-upload-metadata-queue.sqs_url
@@ -24,6 +28,7 @@ module "bulk-upload-metadata-lambda" {
2428
aws_api_gateway_rest_api.ndr_doc_store_api,
2529
module.ndr-bulk-staging-store,
2630
module.sqs-lg-bulk-upload-metadata-queue,
31+
module.ndr-app-config
2732
]
2833
}
2934

infrastructure/lambda-bulk-upload-report.tf

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,15 @@ module "bulk-upload-report-lambda" {
77
"arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy",
88
module.ndr-bulk-staging-store.s3_object_access_policy,
99
module.bulk_upload_report_dynamodb_table.dynamodb_policy,
10-
aws_iam_policy.dynamodb_policy_scan_bulk_report.arn
10+
aws_iam_policy.dynamodb_policy_scan_bulk_report.arn,
11+
module.ndr-app-config.app_config_policy_arn
1112
]
1213
rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api.id
1314
api_execution_arn = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
1415
lambda_environment_variables = {
16+
APPCONFIG_APPLICATION = module.ndr-app-config.app_config_application_id
17+
APPCONFIG_ENVIRONMENT = module.ndr-app-config.app_config_environment_id
18+
APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id
1519
WORKSPACE = terraform.workspace
1620
STAGING_STORE_BUCKET_NAME = "${terraform.workspace}-${var.staging_store_bucket_name}"
1721
BULK_UPLOAD_DYNAMODB_NAME = "${terraform.workspace}_${var.bulk_upload_report_dynamodb_table_name}"
@@ -24,7 +28,8 @@ module "bulk-upload-report-lambda" {
2428
depends_on = [
2529
aws_api_gateway_rest_api.ndr_doc_store_api,
2630
module.ndr-bulk-staging-store,
27-
module.bulk_upload_report_dynamodb_table
31+
module.bulk_upload_report_dynamodb_table,
32+
module.ndr-app-config
2833
]
2934
}
3035

infrastructure/lambda-bulk-upload.tf

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,12 +11,16 @@ module "bulk-upload-lambda" {
1111
module.bulk_upload_report_dynamodb_table.dynamodb_policy,
1212
module.sqs-lg-bulk-upload-metadata-queue.sqs_policy,
1313
module.sqs-lg-bulk-upload-invalid-queue.sqs_policy,
14-
aws_iam_policy.ssm_policy_pds.arn
14+
aws_iam_policy.ssm_policy_pds.arn,
15+
module.ndr-app-config.app_config_policy_arn
1516
]
1617
rest_api_id = null
1718
api_execution_arn = null
1819

1920
lambda_environment_variables = {
21+
APPCONFIG_APPLICATION = module.ndr-app-config.app_config_application_id
22+
APPCONFIG_ENVIRONMENT = module.ndr-app-config.app_config_environment_id
23+
APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id
2024
WORKSPACE = terraform.workspace
2125
STAGING_STORE_BUCKET_NAME = "${terraform.workspace}-${var.staging_store_bucket_name}"
2226
LLOYD_GEORGE_BUCKET_NAME = "${terraform.workspace}-${var.lloyd_george_bucket_name}"
@@ -40,7 +44,8 @@ module "bulk-upload-lambda" {
4044
module.ndr-lloyd-george-store,
4145
module.lloyd_george_reference_dynamodb_table,
4246
module.bulk_upload_report_dynamodb_table,
43-
aws_iam_policy.ssm_policy_pds
47+
aws_iam_policy.ssm_policy_pds,
48+
module.ndr-app-config
4449
]
4550
}
4651

infrastructure/lambda-create-doc-ref.tf

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -72,13 +72,17 @@ module "create-doc-ref-lambda" {
7272
module.lloyd_george_reference_dynamodb_table.dynamodb_policy,
7373
module.ndr-lloyd-george-store.s3_object_access_policy,
7474
"arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
75-
"arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy"
75+
"arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy",
76+
module.ndr-app-config.app_config_policy_arn
7677
]
7778
rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api.id
7879
resource_id = module.create-doc-ref-gateway.gateway_resource_id
7980
http_method = "POST"
8081
api_execution_arn = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
8182
lambda_environment_variables = {
83+
APPCONFIG_APPLICATION = module.ndr-app-config.app_config_application_id
84+
APPCONFIG_ENVIRONMENT = module.ndr-app-config.app_config_environment_id
85+
APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id
8286
DOCUMENT_STORE_BUCKET_NAME = "${terraform.workspace}-${var.docstore_bucket_name}"
8387
DOCUMENT_STORE_DYNAMODB_NAME = "${terraform.workspace}_${var.docstore_dynamodb_table_name}"
8488
LLOYD_GEORGE_BUCKET_NAME = "${terraform.workspace}-${var.lloyd_george_bucket_name}"
@@ -88,6 +92,7 @@ module "create-doc-ref-lambda" {
8892
depends_on = [
8993
aws_api_gateway_rest_api.ndr_doc_store_api,
9094
module.document_reference_dynamodb_table,
91-
module.create-doc-ref-gateway
95+
module.create-doc-ref-gateway,
96+
module.ndr-app-config
9297
]
9398
}

infrastructure/lambda-delete-doc-ref.tf

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -71,20 +71,25 @@ module "delete-doc-ref-lambda" {
7171
module.lloyd_george_reference_dynamodb_table.dynamodb_policy,
7272
module.ndr-lloyd-george-store.s3_object_access_policy,
7373
"arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
74-
"arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy"
74+
"arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy",
75+
module.ndr-app-config.app_config_policy_arn
7576
]
7677
rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api.id
7778
resource_id = module.delete-doc-ref-gateway.gateway_resource_id
7879
http_method = "DELETE"
7980
api_execution_arn = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
8081
lambda_environment_variables = {
82+
APPCONFIG_APPLICATION = module.ndr-app-config.app_config_application_id
83+
APPCONFIG_ENVIRONMENT = module.ndr-app-config.app_config_environment_id
84+
APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id
8185
DOCUMENT_STORE_DYNAMODB_NAME = "${terraform.workspace}_${var.docstore_dynamodb_table_name}"
8286
LLOYD_GEORGE_DYNAMODB_NAME = "${terraform.workspace}_${var.lloyd_george_dynamodb_table_name}"
8387
WORKSPACE = terraform.workspace
8488
}
8589
depends_on = [
8690
aws_api_gateway_rest_api.ndr_doc_store_api,
8791
module.document_reference_dynamodb_table,
88-
module.delete-doc-ref-gateway
92+
module.delete-doc-ref-gateway,
93+
module.ndr-app-config
8994
]
9095
}

infrastructure/lambda-document-manifest-by-nhs-number.tf

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -76,13 +76,17 @@ module "document-manifest-by-nhs-number-lambda" {
7676
module.zip_store_reference_dynamodb_table.dynamodb_policy,
7777
module.ndr-zip-request-store.s3_object_access_policy,
7878
"arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
79-
"arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy"
79+
"arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy",
80+
module.ndr-app-config.app_config_policy_arn
8081
]
8182
rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api.id
8283
resource_id = module.document-manifest-by-nhs-gateway.gateway_resource_id
8384
http_method = "GET"
8485
api_execution_arn = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
8586
lambda_environment_variables = {
87+
APPCONFIG_APPLICATION = module.ndr-app-config.app_config_application_id
88+
APPCONFIG_ENVIRONMENT = module.ndr-app-config.app_config_environment_id
89+
APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id
8690
DOCUMENT_STORE_BUCKET_NAME = "${terraform.workspace}-${var.docstore_bucket_name}"
8791
DOCUMENT_STORE_DYNAMODB_NAME = "${terraform.workspace}_${var.docstore_dynamodb_table_name}"
8892
LLOYD_GEORGE_BUCKET_NAME = "${terraform.workspace}-${var.lloyd_george_bucket_name}"
@@ -95,7 +99,8 @@ module "document-manifest-by-nhs-number-lambda" {
9599
depends_on = [
96100
aws_api_gateway_rest_api.ndr_doc_store_api,
97101
module.document-manifest-by-nhs-gateway,
98-
aws_iam_policy.lambda_audit_splunk_sqs_queue_send_policy[0]
102+
aws_iam_policy.lambda_audit_splunk_sqs_queue_send_policy[0],
103+
module.ndr-app-config
99104
]
100105
}
101106

infrastructure/lambda-feature-flags.tf

Lines changed: 3 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,7 @@ module "feature-flags-lambda" {
6969
iam_role_policies = [
7070
"arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
7171
"arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy",
72-
aws_iam_policy.app_config_policy.arn
72+
module.ndr-app-config.app_config_policy_arn
7373
]
7474
rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api.id
7575
resource_id = module.feature-flags-gateway.gateway_resource_id
@@ -86,33 +86,10 @@ module "feature-flags-lambda" {
8686
WORKSPACE = terraform.workspace
8787
}
8888

89-
layers = [
90-
"arn:aws:lambda:${local.current_region}:282860088358:layer:AWS-AppConfig-Extension:81"
91-
]
92-
9389
depends_on = [
9490
aws_api_gateway_rest_api.ndr_doc_store_api,
95-
module.ndr-app-config,
9691
module.feature-flags-gateway,
97-
aws_iam_policy.lambda_audit_splunk_sqs_queue_send_policy[0]
92+
aws_iam_policy.lambda_audit_splunk_sqs_queue_send_policy[0],
93+
module.ndr-app-config
9894
]
9995
}
100-
101-
resource "aws_iam_policy" "app_config_policy" {
102-
name = "${terraform.workspace}_app_config_lambda"
103-
policy = jsonencode({
104-
Version = "2012-10-17",
105-
Statement = [
106-
{
107-
Effect = "Allow",
108-
Action = [
109-
"appconfig:GetLatestConfiguration",
110-
"appconfig:StartConfigurationSession"
111-
],
112-
Resource = [
113-
"arn:aws:appconfig:*:*:application/${module.ndr-app-config.app_config_application_id}/environment/${module.ndr-app-config.app_config_environment_id}/configuration/${module.ndr-app-config.app_config_configuration_profile_id}"
114-
]
115-
}
116-
]
117-
})
118-
}

0 commit comments

Comments
 (0)