[PRMP-538] Add EventBridge rule for expedite folder (#497)

MohammadIqbalAD-NHS · web-flow · commit f97e0873793a · 2025-11-13T09:17:45.000Z
diff --git a/infrastructure/lambda-bulk-upload-metadata-processor.tf b/infrastructure/lambda-bulk-upload-metadata-processor.tf
@@ -72,3 +72,47 @@ module "bulk-upload-metadata-processor-alarm-topic" {
 
   depends_on = [module.bulk-upload-metadata-processor-lambda, module.sns_encryption_key]
 }
+
+resource "aws_cloudwatch_event_rule" "bulk_upload_metadata_processor_lambda_expedite" {
+  name        = "${terraform.workspace}-staging-bulk-store-expedite-folder-object-created-rule"
+  description = "Trigger bulk_upload_metadata_processor_lambda when a file is added to the expedite/ folder in the staging-bulk-store bucket"
+  event_pattern = jsonencode({
+    "source" : ["aws.s3"],
+    "detail-type" : ["Object Created"],
+    "detail" : {
+      "bucket" : {
+        "name" : [module.ndr-bulk-staging-store.bucket_id]
+      },
+      "object" : {
+        "key" : [{
+          "prefix" : "expedite/"
+        }]
+      }
+    }
+  })
+  depends_on = [
+    module.ndr-bulk-staging-store
+  ]
+}
+
+resource "aws_cloudwatch_event_target" "bulk_upload_metadata_processor_lambda" {
+  rule      = aws_cloudwatch_event_rule.bulk_upload_metadata_processor_lambda_expedite.name
+  arn       = module.bulk-upload-metadata-processor-lambda.lambda_arn
+  target_id = "bulk-upload-metadata-processor-lambda"
+  depends_on = [
+    module.bulk-upload-metadata-processor-lambda,
+    aws_cloudwatch_event_rule.bulk_upload_metadata_processor_lambda_expedite
+  ]
+}
+
+resource "aws_lambda_permission" "bulk_upload_metadata_processor_lambda_expedite" {
+  statement_id  = "AllowEventBridgeInvoke"
+  action        = "lambda:InvokeFunction"
+  function_name = module.bulk-upload-metadata-processor-lambda.function_name
+  principal     = "events.amazonaws.com"
+  source_arn    = aws_cloudwatch_event_rule.bulk_upload_metadata_processor_lambda_expedite.arn
+  depends_on = [
+    module.bulk-upload-metadata-processor-lambda,
+    aws_cloudwatch_event_rule.bulk_upload_metadata_processor_lambda_expedite
+  ]
+}
diff --git a/infrastructure/modules/gateway/README.md b/infrastructure/modules/gateway/README.md
@@ -76,6 +76,7 @@ module "api_gateway_resource" {
 | <a name="input_http_methods"></a> [http\_methods](#input\_http\_methods) | List of allowed HTTP methods for the resource (e.g., ["GET", "POST"]). | `list(string)` | n/a | yes |
 | <a name="input_origin"></a> [origin](#input\_origin) | Allowed origin for CORS requests (e.g., '*', or specific domain). | `string` | `"'*'"` | no |
 | <a name="input_parent_id"></a> [parent\_id](#input\_parent\_id) | ID of the parent API Gateway resource (e.g., root path or another nested resource). | `string` | n/a | yes |
+| <a name="input_request_parameters"></a> [request\_parameters](#input\_request\_parameters) | Request parameters for the API Gateway method. | `map(string)` | `{}` | no |
 | <a name="input_require_credentials"></a> [require\_credentials](#input\_require\_credentials) | Sets the value of 'Access-Control-Allow-Credentials' which controls whether auth cookies are needed. | `bool` | n/a | yes |
 ## Outputs
 
