NHSDigital · SWhyteAnswer · Oct 21, 2025 · Oct 9, 2025 · Oct 9, 2025 · Oct 9, 2025
@@ -73,6 +73,18 @@ module "ndr-lloyd-george-store" {
   ]
 }
 
+module "migration-dynamodb-segment-store" {
+  source                    = "./modules/s3/"
+  access_logs_enabled       = local.is_production
+  access_logs_bucket_id     = local.access_logs_bucket_id
+  bucket_name               = var.migration_dynamodb_segment_store_bucket_name
+  enable_cors_configuration = false
+  enable_bucket_versioning  = true
+  environment               = var.environment
+  owner                     = var.owner
+  force_destroy             = local.is_force_destroy
+}
+
 module "statistical-reports-store" {
   source                    = "./modules/s3/"
   access_logs_enabled       = local.is_production

@@ -0,0 +1,32 @@
+module "migration-dynamodb-segment-lambda" {
+  source         = "./modules/lambda"
+  name           = "MigrationDynamodbSegment"
+  handler        = "handlers.migration_dynamodb_segment_handler.lambda_handler"
+  lambda_timeout = 900
+  memory_size    = 1792
+  iam_role_policy_documents = [
+    module.migration-dynamodb-segment-store.s3_read_policy_document,
+    module.migration-dynamodb-segment-store.s3_write_policy_document,
+    data.aws_iam_policy_document.migration_dynamodb_access.json
+  ]
+  kms_deletion_window = var.kms_deletion_window
+
+  lambda_environment_variables = {
+    WORKSPACE                     = terraform.workspace
+    MIGRATION_SEGMENT_BUCKET_NAME = "${terraform.workspace}-${var.migration_dynamodb_segment_store_bucket_name}"
+  }
+  is_gateway_integration_needed = false
+  is_invoked_from_gateway       = false
+}
+
+data "aws_iam_policy_document" "migration_dynamodb_access" {
+  statement {
+    effect = "Allow"
+    actions = [
+      "dynamodb:DescribeTable"
+    ]
+    resources = [
+      "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/${terraform.workspace}_*"
+    ]
+  }
+}
@@ -33,6 +33,12 @@ variable "docstore_bucket_name" {
   default     = "ndr-document-store"
 }
 
+variable "migration_dynamodb_segment_store_bucket_name" {
+  description = "The name of the S3 bucket to store the segments for DynamoDB migration."
+  type        = string
+  default     = "migration-dynamodb-segment-store"
+}
+
 variable "zip_store_bucket_name" {
   description = "The name of the S3 bucket used as a zip store."
   type        = string