[PRMP 1126] Report Lambda Sched (stacked on PRMP-1057) by SWhyteAnswer · Pull Request #583 · NHSDigital/national-document-repository-infrastructure

SWhyteAnswer · 2026-02-03T11:30:55Z

Overview

Jira ticket: TBC

Description

Context

Checklist

Tasks for all changes:

1. I have linked this PR to its Jira ticket.
2. I have run git pre-commits.
3. I have updated relevant documentation.
4. I have considered the cross-team impact (and have PR approval from both Core & Demographics if necessary).
5. I have successfully deployed this change to a sandbox and witnessed it build: Workflow run: TBC
6. I have checked the Terraform Plan from this PR against ndr-dev.

# Conflicts: # infrastructure/lambda-report-orchestration.tf

sonarqubecloud · 2026-02-03T11:55:12Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

github-actions · 2026-02-03T11:55:52Z

Report for environment: ndr-dev

Terraform Initialization ⚙️`success`

Initialization Output


Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing modules...
- access-audit-alarm in modules/lambda_alarms
- access-audit-alarm-topic in modules/sns
- access-audit-gateway in modules/gateway
- access-audit-lambda in modules/lambda
- access_audit_dynamodb_table in modules/dynamo_db
- alarm_state_history_table in modules/dynamo_db
- api_endpoint_url_ssm_parameter in modules/ssm_parameter
- auth_session_dynamodb_table in modules/dynamo_db
- auth_state_dynamodb_table in modules/dynamo_db
- authoriser-alarm in modules/lambda_alarms
- authoriser-alarm-topic in modules/sns
- authoriser-lambda in modules/lambda
- back-channel-logout-gateway in modules/gateway
- back_channel_logout_alarm in modules/lambda_alarms
- back_channel_logout_alarm_topic in modules/sns
- back_channel_logout_lambda in modules/lambda
- bulk-upload-alarm in modules/lambda_alarms
- bulk-upload-alarm-topic in modules/sns
- bulk-upload-lambda in modules/lambda
- bulk-upload-metadata-alarm in modules/lambda_alarms
- bulk-upload-metadata-alarm-topic in modules/sns
- bulk-upload-metadata-lambda in modules/lambda
- bulk-upload-metadata-processor-alarm in modules/lambda_alarms
- bulk-upload-metadata-processor-alarm-topic in modules/sns
- bulk-upload-metadata-processor-lambda in modules/lambda
- bulk-upload-report-alarm in modules/lambda_alarms
- bulk-upload-report-alarm-topic in modules/sns
- bulk-upload-report-lambda in modules/lambda
- bulk_upload_contact_lookup_table in modules/dynamo_db
- bulk_upload_metadata_preprocessor_lambda in modules/lambda
- bulk_upload_report_dynamodb_table in modules/dynamo_db
Downloading registry.terraform.io/cloudstoragesec/cloud-storage-security/aws 1.8.16+css9.06.000 for cloud_storage_security...
- cloud_storage_security in .terraform/modules/cloud_storage_security
- cloudfront_edge_dynamodb_table in modules/dynamo_db
- cloudfront_firewall_waf_v2 in modules/firewall_waf_v2
- concurrency-controller-lambda in modules/lambda
- core_dynamodb_table in modules/dynamo_db
- create-doc-ref-lambda in modules/lambda
- create-token-gateway in modules/gateway
- create-token-lambda in modules/lambda
- create_doc_alarm in modules/lambda_alarms
- create_doc_alarm_topic in modules/sns
- create_token-alarm in modules/lambda_alarms
- create_token-alarm_topic in modules/sns
- data-collection-alarm in modules/lambda_alarms
- data-collection-alarm-topic in modules/sns
- data-collection-lambda in modules/lambda
- delete-doc-ref-gateway in modules/gateway
- delete-doc-ref-lambda in modules/lambda
- delete-document-object-alarm in modules/lambda_alarms
- delete-document-object-alarm-topic in modules/sns
- delete-document-object-lambda in modules/lambda
- delete-document-references-fhir-lambda in modules/lambda
- delete_doc_alarm in modules/lambda_alarms
- delete_doc_alarm_topic in modules/sns
- document-manifest-job-gateway in modules/gateway
- document-manifest-job-lambda in modules/lambda
- document-status-check-alarm in modules/lambda_alarms
- document-status-check-alarm-topic in modules/sns
- document-status-check-gateway in modules/gateway
- document-status-check-lambda in modules/lambda
- document_manifest_alarm in modules/lambda_alarms
- document_manifest_alarm_topic in modules/sns
- document_reference_dynamodb_table in modules/dynamo_db
- document_reference_gateway in modules/gateway
- document_reference_id_gateway in modules/gateway
- document_review_dlq_alarm_topic in modules/sns
- document_review_processor_lambda in modules/lambda
- document_review_queue in modules/sqs
- document_upload_check_lambda in modules/lambda
- document_upload_review_dynamodb_table in modules/dynamo_db
- edge-presign-lambda in modules/lambda_edge
- edge_presign_alarm in modules/lambda_alarms
- edge_presign_alarm_topic in modules/sns
- feature-flags-gateway in modules/gateway
- feature-flags-lambda in modules/lambda
- feature_flags_alarm in modules/lambda_alarms
- feature_flags_alarm_topic in modules/sns
- fhir_document_reference_gateway in modules/gateway
- fhir_document_reference_mtls_gateway in modules/gateway
- firewall_waf_v2 in modules/firewall_waf_v2
- firewall_waf_v2_api in modules/firewall_waf_v2
- generate-document-manifest-alarm in modules/lambda_alarms
- generate-document-manifest-alarm-topic in modules/sns
- generate-document-manifest-lambda in modules/lambda
- generate-lloyd-george-stitch-alarm in modules/lambda_alarms
- generate-lloyd-george-stitch-alarm-topic in modules/sns
- generate-lloyd-george-stitch-lambda in modules/lambda
- get-doc-fhir-lambda in modules/lambda
- get-doc-ref-alarm in modules/lambda_alarms
- get-doc-ref-alarm-topic in modules/sns
- get-doc-ref-lambda in modules/lambda
- get-report-by-ods-alarm in modules/lambda_alarms
- get-report-by-ods-alarm-topic in modules/sns
- get-report-by-ods-gateway in modules/gateway
- get-report-by-ods-lambda in modules/lambda
- get_document_review_lambda in modules/lambda
- get_document_review_lambda_alarm in modules/lambda_alarms
- get_document_review_lambda_alarm_topic in modules/sns
- global_sqs_age_alarm_topic in modules/sns
- im-alerting-lambda in modules/lambda
- lambda-layer-alerting in modules/lambda_layers
- lambda-layer-core in modules/lambda_layers
- lambda-layer-data in modules/lambda_layers
- lambda-layer-reports in modules/lambda_layers
- lg-bulk-upload-expedite-metadata-queue in modules/sqs
- lloyd-george-stitch-gateway in modules/gateway
- lloyd-george-stitch-lambda in modules/lambda
- lloyd-george-stitch_alarm in modules/lambda_alarms
- lloyd-george-stitch_topic in modules/sns
- lloyd_george_reference_dynamodb_table in modules/dynamo_db
- login_redirect-alarm_topic in modules/sns
- login_redirect_alarm in modules/lambda_alarms
- login_redirect_lambda in modules/lambda
- logout-gateway in modules/gateway
- logout_alarm in modules/lambda_alarms
- logout_alarm_topic in modules/sns
- logout_lambda in modules/lambda
- manage-nrl-pointer-alarm in modules/lambda_alarms
- manage-nrl-pointer-alarm-topic in modules/sns
- manage-nrl-pointer-lambda in modules/lambda
- migration-dynamodb-lambda in modules/lambda
- migration-dynamodb-segment-lambda in modules/lambda
- migration-dynamodb-segment-store in modules/s3
- migration-failed-items-store in modules/s3
- mns-dlq-alarm-topic in modules/sns
- mns-notification-alarm in modules/lambda_alarms
- mns-notification-alarm-topic in modules/sns
- mns-notification-lambda in modules/lambda
- mns_encryption_key in modules/kms
- mtls_api_endpoint_url_ssm_parameter in modules/ssm_parameter
- ndr-app-config in modules/app_config
- ndr-bulk-staging-store in modules/s3
- ndr-docker-ecr-data-collection in modules/ecr
- ndr-docker-ecr-ui in modules/ecr
- ndr-document-pending-review-store in modules/s3
- ndr-document-store in modules/s3
- ndr-ecs-container-port-ssm-parameter in modules/ssm_parameter
- ndr-ecs-fargate-app in modules/ecs
- ndr-ecs-fargate-data-collection in modules/ecs
- ndr-feedback-mailbox in modules/ses
- ndr-lloyd-george-store in modules/s3
- ndr-report-store in modules/s3
- ndr-truststore in modules/s3
- ndr-vpc-ui in modules/vpc
- ndr-zip-request-store in modules/s3
- nhs-oauth-token-generator-alarm in modules/lambda_alarms
- nhs-oauth-token-generator-alarm-topic in modules/sns
- nhs-oauth-token-generator-lambda in modules/lambda
- nrl-dlq-alarm-topic in modules/sns
- patch_document_review_lambda in modules/lambda
- patch_document_review_lambda_alarm in modules/lambda_alarms
- patch_document_review_lambda_alarm_topic in modules/sns
- pdf-stitching-alarm-topic in modules/sns
- pdf-stitching-lambda in modules/lambda
- pdf-stitching-lambda-alarms in modules/lambda_alarms
- pdm-document-store in modules/s3
- pdm_dynamodb_table in modules/dynamo_db
- pdm_encryption_key in modules/kms
- post-document-references-fhir-lambda in modules/lambda
- post_document_review_lambda in modules/lambda
- post_document_review_lambda_alarm in modules/lambda_alarms
- post_document_review_lambda_alarm_topic in modules/sns
- report-distribution-lambda in modules/lambda
- report-orchestration-lambda in modules/lambda
- review-document-status-check-alarm-topic in modules/sns
- review-document-status-check-lambda in modules/lambda
- review-document-status-check-lambda-alarm in modules/lambda_alarms
- review_document_gateway in modules/gateway
- review_document_status_gateway in modules/gateway
- review_document_version_gateway in modules/gateway
- route53_fargate_ui in modules/route53
- search-document-references-fhir-lambda in modules/lambda
- search-document-references-gateway in modules/gateway
- search-document-references-lambda in modules/lambda
- search-patient-details-gateway in modules/gateway
- search-patient-details-lambda in modules/lambda
- search_doc_alarm in modules/lambda_alarms
- search_doc_alarm_topic in modules/sns
- search_document_review_lambda in modules/lambda
- search_document_review_lambda_alarm in modules/lambda_alarms
- search_document_review_lambda_alarm_topic in modules/sns
- search_patient_alarm in modules/lambda_alarms
- search_patient_alarm_topic in modules/sns
- send-feedback-alarm in modules/lambda_alarms
- send-feedback-alarm-topic in modules/sns
- send-feedback-gateway in modules/gateway
- send-feedback-lambda in modules/lambda
- sns_encryption_key in modules/kms
- sqs-lg-bulk-upload-metadata-queue in modules/sqs
- sqs-mns-notification-queue in modules/sqs
- sqs-nrl-queue in modules/sqs
- sqs-stitching-queue in modules/sqs
- sqs_alarm_lambda_topic in modules/sns
- ssm_param_external_client_cert in modules/ssm_parameter
- ssm_param_external_client_key in modules/ssm_parameter
- ssm_param_mtls_common_names in modules/ssm_parameter
- ssm_param_unauthorised_client_cert in modules/ssm_parameter
- ssm_param_unauthorised_client_key in modules/ssm_parameter
- statistical-report-alarm in modules/lambda_alarms
- statistical-report-alarm-topic in modules/sns
- statistical-report-lambda in modules/lambda
- statistical-reports-store in modules/s3
- statistics_dynamodb_table in modules/dynamo_db
- stitch_metadata_reference_dynamodb_table in modules/dynamo_db
- stitching-dlq-alarm-topic in modules/sns
- toggle-bulk-upload-lambda in modules/lambda
- transfer-key-manager-alarm in modules/lambda_alarms
- transfer-key-manager-alarm-topic in modules/sns
- transfer-key-manager-lambda in modules/lambda
- transfer_family_kill_switch_lambda in modules/lambda
- unstitched_lloyd_george_reference_dynamodb_table in modules/dynamo_db
- update-doc-ref-alarm in modules/lambda_alarms
- update-doc-ref-alarm-topic in modules/sns
- update-doc-ref-lambda in modules/lambda
- update-upload-state-gateway in modules/gateway
- update-upload-state-lambda in modules/lambda
- update_upload_state_alarm in modules/lambda_alarms
- update_upload_state_alarm_topic in modules/sns
- virus_scan_result_alarm in modules/lambda_alarms
- virus_scan_result_alarm_topic in modules/sns
- virus_scan_result_gateway in modules/gateway
- virus_scan_result_lambda in modules/lambda
- zip_store_reference_dynamodb_table in modules/dynamo_db
Initializing provider plugins...
- terraform.io/builtin/terraform is built in to Terraform
- Finding hashicorp/awscc versions matching ">= 0.72.1, ~> 1.0"...
- Finding latest version of hashicorp/archive...
- Finding latest version of hashicorp/random...
- Finding latest version of hashicorp/time...
- Finding hashicorp/aws versions matching ">= 4.0.0, ~> 5.0"...
- Installing hashicorp/awscc v1.69.0...
- Installed hashicorp/awscc v1.69.0 (signed by HashiCorp)
- Installing hashicorp/archive v2.7.1...
- Installed hashicorp/archive v2.7.1 (signed by HashiCorp)
- Installing hashicorp/random v3.8.1...
- Installed hashicorp/random v3.8.1 (signed by HashiCorp)
- Installing hashicorp/time v0.13.1...
- Installed hashicorp/time v0.13.1 (signed by HashiCorp)
- Installing hashicorp/aws v5.100.0...
- Installed hashicorp/aws v5.100.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Terraform Validation 🤖`success`

Validation Output


Success! The configuration is valid.

Terraform Plan 📖`success`

Show Plan (92 to add, 11 to change, 10 to destroy)



Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # module.edge-presign-lambda.aws_lambda_function.lambda has changed
  ~ resource "aws_lambda_function" "lambda" {
        id                             = "ndr-dev_EdgePresignLambda"
      ~ qualified_arn                  = "arn:aws:lambda:us-east-1:[REDACTED_AWS_ACCOUNT_ID]:function:ndr-dev_EdgePresignLambda:609" -> "arn:aws:lambda:us-east-1:[REDACTED_AWS_ACCOUNT_ID]:function:ndr-dev_EdgePresignLambda:616"
        tags                           = {}
        # (28 unchanged attributes hidden)

        # (3 unchanged blocks hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
-/+ destroy and then create replacement
+/- create replacement and then destroy
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.reporting_sfn_permissions will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "reporting_sfn_permissions" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "lambda:InvokeFunction",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
          + sid       = "InvokeReportingLambdas"
        }
    }

  # aws_api_gateway_deployment.ndr_api_deploy must be replaced
+/- resource "aws_api_gateway_deployment" "ndr_api_deploy" {
      ~ created_date  = "2026-01-30T09:57:01Z" -> (known after apply)
      ~ execution_arn = "arn:aws:execute-api:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ccy0v3rve9/" -> (known after apply)
      ~ id            = "91tddw" -> (known after apply)
      ~ invoke_url    = "[REDACTED_API_GATEWAY_URL]" -> (known after apply)
      ~ variables     = {
          - "deployed_at" = "2026-01-30T09:57:00Z"
        } -> (known after apply) # forces replacement
        # (2 unchanged attributes hidden)
    }

  # aws_api_gateway_deployment.ndr_api_deploy_mtls must be replaced
+/- resource "aws_api_gateway_deployment" "ndr_api_deploy_mtls" {
      ~ created_date  = "2026-01-30T09:57:00Z" -> (known after apply)
      ~ execution_arn = "arn:aws:execute-api:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:p9uuab4oyl/" -> (known after apply)
      ~ id            = "86u9dx" -> (known after apply)
      ~ invoke_url    = "[REDACTED_API_GATEWAY_URL]" -> (known after apply)
      ~ variables     = {
          - "deployed_at" = "2026-01-30T09:57:00Z"
        } -> (known after apply) # forces replacement
        # (2 unchanged attributes hidden)
    }

  # aws_api_gateway_stage.ndr_api will be updated in-place
  ~ resource "aws_api_gateway_stage" "ndr_api" {
      ~ deployment_id         = "91tddw" -> (known after apply)
        id                    = "ags-ccy0v3rve9-dev"
        tags                  = {}
        # (14 unchanged attributes hidden)
    }

  # aws_api_gateway_stage.ndr_api_mtls will be updated in-place
  ~ resource "aws_api_gateway_stage" "ndr_api_mtls" {
      ~ deployment_id         = "86u9dx" -> (known after apply)
        id                    = "ags-p9uuab4oyl-dev"
        tags                  = {}
        # (14 unchanged attributes hidden)
    }

  # aws_cloudwatch_event_rule.report_orchestration_schedule will be created
  + resource "aws_cloudwatch_event_rule" "report_orchestration_schedule" {
      + arn                 = (known after apply)
      + description         = "Schedule for Report Orchestration Lambda"
      + event_bus_name      = "default"
      + force_destroy       = false
      + id                  = (known after apply)
      + name                = "ndr-dev_report_orchestration_schedule"
      + name_prefix         = (known after apply)
      + schedule_expression = "rate(1 minute)"
      + tags_all            = {
          + "Environment" = "dev"
          + "Owner"       = "nhse/ndr-team"
          + "Workspace"   = "ndr-dev"
        }
    }

  # aws_cloudwatch_event_target.report_orchestration_schedule_event will be created
  + resource "aws_cloudwatch_event_target" "report_orchestration_schedule_event" {
      + arn            = (known after apply)
      + event_bus_name = "default"
      + force_destroy  = false
      + id             = (known after apply)
      + rule           = "ndr-dev_report_orchestration_schedule"
      + target_id      = "report_orchestration_schedule"
    }

  # aws_iam_role.reporting_sfn will be created
  + resource "aws_iam_role" "reporting_sfn" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "states.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "ndr-dev_reporting_sfn_role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = {
          + "Environment" = "dev"
          + "Owner"       = "nhse/ndr-team"
          + "Workspace"   = "ndr-dev"
        }
      + unique_id             = (known after apply)

      + inline_policy (known after apply)
    }

  # aws_iam_role_policy.reporting_sfn will be created
  + resource "aws_iam_role_policy" "reporting_sfn" {
      + id          = (known after apply)
      + name        = "ndr-dev_reporting_sfn_policy"
      + name_prefix = (known after apply)
      + policy      = (known after apply)
      + role        = (known after apply)
    }

  # aws_lambda_permission.report_orchestration_schedule_permission will be created
  + resource "aws_lambda_permission" "report_orchestration_schedule_permission" {
      + action              = "lambda:InvokeFunction"
      + function_name       = "ndr-dev_ReportOrchestration"
      + id                  = (known after apply)
      + principal           = "events.amazonaws.com"
      + source_arn          = (known after apply)
      + statement_id        = "AllowExecutionFromCloudWatch"
      + statement_id_prefix = (known after apply)
    }

  # aws_route53_record.dmarc[0] will be created
  + resource "aws_route53_record" "dmarc" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "_dmarc.access-request-fulfilment.patient-deductions.nhs.uk"
      + records         = [
          + "v=DMARC1; p=none; adkim=s; aspf=s",
        ]
      + ttl             = 300
      + type            = "TXT"
      + zone_id         = "Z03876441EL64PCVENJO8"
    }

  # aws_route53_record.ses_dkim[0] will be created
  + resource "aws_route53_record" "ses_dkim" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 600
      + type            = "CNAME"
      + zone_id         = "Z03876441EL64PCVENJO8"
    }

  # aws_route53_record.ses_dkim[1] will be created
  + resource "aws_route53_record" "ses_dkim" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 600
      + type            = "CNAME"
      + zone_id         = "Z03876441EL64PCVENJO8"
    }

  # aws_route53_record.ses_dkim[2] will be created
  + resource "aws_route53_record" "ses_dkim" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 600
      + type            = "CNAME"
      + zone_id         = "Z03876441EL64PCVENJO8"
    }

  # aws_route53_record.ses_domain_verification[0] will be created
  + resource "aws_route53_record" "ses_domain_verification" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "_amazonses.access-request-fulfilment.patient-deductions.nhs.uk"
      + records         = (known after apply)
      + ttl             = 600
      + type            = "TXT"
      + zone_id         = "Z03876441EL64PCVENJO8"
    }

  # aws_route53_record.ses_mail_from_mx[0] will be created
  + resource "aws_route53_record" "ses_mail_from_mx" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "mail.access-request-fulfilment.patient-deductions.nhs.uk"
      + records         = [
          + "10 feedback-smtp.eu-west-2.amazonses.com",
        ]
      + ttl             = 600
      + type            = "MX"
      + zone_id         = "Z03876441EL64PCVENJO8"
    }

  # aws_route53_record.ses_mail_from_spf[0] will be created
  + resource "aws_route53_record" "ses_mail_from_spf" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "mail.access-request-fulfilment.patient-deductions.nhs.uk"
      + records         = [
          + "v=spf1 include:amazonses.com -all",
        ]
      + ttl             = 600
      + type            = "TXT"
      + zone_id         = "Z03876441EL64PCVENJO8"
    }

  # aws_route53_record.spf_root[0] will be created
  + resource "aws_route53_record" "spf_root" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "access-request-fulfilment.patient-deductions.nhs.uk"
      + records         = [
          + "v=spf1 include:amazonses.com -all",
        ]
      + ttl             = 300
      + type            = "TXT"
      + zone_id         = "Z03876441EL64PCVENJO8"
    }

  # aws_ses_domain_dkim.reporting[0] will be created
  + resource "aws_ses_domain_dkim" "reporting" {
      + dkim_tokens = (known after apply)
      + domain      = "access-request-fulfilment.patient-deductions.nhs.uk"
      + id          = (known after apply)
    }

  # aws_ses_domain_identity.reporting[0] will be created
  + resource "aws_ses_domain_identity" "reporting" {
      + arn                = (known after apply)
      + domain             = "access-request-fulfilment.patient-deductions.nhs.uk"
      + id                 = (known after apply)
      + verification_token = (known after apply)
    }

  # aws_ses_domain_identity_verification.reporting[0] will be created
  + resource "aws_ses_domain_identity_verification" "reporting" {
      + arn    = (known after apply)
      + domain = "access-request-fulfilment.patient-deductions.nhs.uk"
      + id     = (known after apply)
    }

  # aws_ses_domain_mail_from.reporting[0] will be created
  + resource "aws_ses_domain_mail_from" "reporting" {
      + behavior_on_mx_failure = "UseDefaultValue"
      + domain                 = "access-request-fulfilment.patient-deductions.nhs.uk"
      + id                     = (known after apply)
      + mail_from_domain       = "mail.access-request-fulfilment.patient-deductions.nhs.uk"
    }

  # aws_sfn_state_machine.reporting_daily_reports will be created
  + resource "aws_sfn_state_machine" "reporting_daily_reports" {
      + arn                       = (known after apply)
      + creation_date             = (known after apply)
      + definition                = (known after apply)
      + description               = (known after apply)
      + id                        = (known after apply)
      + name                      = "ndr-dev_reporting_daily_reports"
      + name_prefix               = (known after apply)
      + publish                   = false
      + revision_id               = (known after apply)
      + role_arn                  = (known after apply)
      + state_machine_version_arn = (known after apply)
      + status                    = (known after apply)
      + tags_all                  = {
          + "Environment" = "dev"
          + "Owner"       = "nhse/ndr-team"
          + "Workspace"   = "ndr-dev"
        }
      + type                      = "STANDARD"
      + version_description       = (known after apply)

      + encryption_configuration (known after apply)

      + logging_configuration (known after apply)

      + tracing_configuration (known after apply)
    }

  # aws_sns_topic_subscription.alarm_notifications_sns_topic_subscription["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "alarm_notifications_sns_topic_subscription" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-alarms-notification-topic-[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]14"
    }

  # module.access-audit-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-access-audit-alarms-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]06"
    }

  # module.authoriser-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-authoriser-alarms-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]05"
    }

  # module.back_channel_logout_alarm_topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-back-channel-logout-alarms-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]b5"
    }

  # module.bulk-upload-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-bulk-upload-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]ab"
    }

  # module.bulk-upload-lambda.aws_lambda_function.lambda will be updated in-place
  ~ resource "aws_lambda_function" "lambda" {
        id                             = "ndr-dev_BulkUploadLambda"
      ~ reserved_concurrent_executions = 1 -> 3
        tags                           = {}
        # (28 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.bulk-upload-metadata-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-bulk-upload-metadata-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]b3"
    }

  # module.bulk-upload-metadata-processor-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-bulk-upload-metadata-processor-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]05"
    }

  # module.bulk-upload-report-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-bulk-upload-report-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]9d"
    }

  # module.create_doc_alarm_topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-create_doc-alarms-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]1d"
    }

  # module.create_token-alarm_topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-logout-alarms-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]c0"
    }

  # module.data-collection-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-data-collection-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]12"
    }

  # module.delete-document-object-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-delete-document-object-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]02"
    }

  # module.delete_doc_alarm_topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-delete_doc-alarms-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]2b"
    }

  # module.document-status-check-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-document-status-check-alarm-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]02"
    }

  # module.document_manifest_alarm_topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-create_doc_manifest-alarms-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]1f"
    }

  # module.document_review_dlq_alarm_topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-document_review_dlq_topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]05"
    }

  # module.edge_presign_alarm_topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-edge_presign-alarms-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]02"
    }

  # module.feature_flags_alarm_topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-feature_flags_alarms-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]27"
    }

  # module.generate-document-manifest-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-generate-document-manifest-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]13"
    }

  # module.generate-lloyd-george-stitch-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-generate-lloyd-george-stitch-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]1b"
    }

  # module.get-doc-ref-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-get_doc-alarms-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]02"
    }

  # module.get-report-by-ods-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-get-report-by-ods-alarm-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]02"
    }

  # module.get_document_review_lambda_alarm_topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-get-document-review-lambda-alarm-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]03"
    }

  # module.global_sqs_age_alarm_topic[0].aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-global-sqs-age-alarm-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]03"
    }

  # module.lloyd-george-stitch_topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-lloyd-george-stitch-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]25"
    }

  # module.login_redirect-alarm_topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-login_redirect-alarms-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]61"
    }

  # module.logout_alarm_topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-logout-alarms-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]b7"
    }

  # module.manage-nrl-pointer-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-nrl-pointer-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]02"
    }

  # module.mns-dlq-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-mns-dlq-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]03"
    }

  # module.mns-notification-alarm-topic[0].aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-mns-notification-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]02"
    }

  # module.ndr-ecs-fargate-app.aws_ecs_task_definition.ndr_ecs_task will be updated in-place
  ~ resource "aws_ecs_task_definition" "ndr_ecs_task" {
        id                       = "ndr-dev-task-app-cluster"
        tags                     = {}
      ~ tags_all                 = {
          + "Environment" = "dev"
          + "Owner"       = "nhse/ndr-team"
          + "Workspace"   = "ndr-dev"
        }
        # (16 unchanged attributes hidden)
    }

  # module.ndr-ecs-fargate-data-collection[0].aws_ecs_task_definition.ndr_ecs_task will be updated in-place
  ~ resource "aws_ecs_task_definition" "ndr_ecs_task" {
        id                       = "ndr-dev-task-data-collection"
        tags                     = {}
      ~ tags_all                 = {
          + "Environment" = "dev"
          + "Owner"       = "nhse/ndr-team"
          + "Workspace"   = "ndr-dev"
        }
        # (16 unchanged attributes hidden)
    }

  # module.ndr-report-store.data.aws_iam_policy_document.s3_cloudfront_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "s3_cloudfront_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3:*",
            ]
          + effect    = "Deny"
          + resources = [
              + (known after apply),
            ]

          + condition {
              + test     = "Bool"
              + values   = [
                  + "false",
                ]
              + variable = "aws:SecureTransport"
            }

          + principals {
              + identifiers = [
                  + "*",
                ]
              + type        = "*"
            }
        }
      + statement {
          + actions   = [
              + "s3:GetObject",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]

          + condition {
              + test     = "StringEquals"
              + values   = [
                  + "null",
                ]
              + variable = "aws:SourceArn"
            }

          + principals {
              + identifiers = [
                  + "cloudfront.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.ndr-report-store.data.aws_iam_policy_document.s3_default_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "s3_default_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3:*",
            ]
          + effect    = "Deny"
          + resources = [
              + (known after apply),
              + (known after apply),
            ]

          + condition {
              + test     = "Bool"
              + values   = [
                  + "false",
                ]
              + variable = "aws:SecureTransport"
            }

          + principals {
              + identifiers = [
                  + "*",
                ]
              + type        = "AWS"
            }
        }
    }

  # module.ndr-report-store.data.aws_iam_policy_document.s3_read_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "s3_read_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3:Get*",
              + "s3:List*",
            ]
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
        }
    }

  # module.ndr-report-store.data.aws_iam_policy_document.s3_write_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "s3_write_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3:AbortMultipartUpload",
              + "s3:Delete*",
              + "s3:Put*",
              + "s3:RestoreObject",
            ]
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.ndr-report-store.aws_iam_policy.s3_backup_policy will be created
  + resource "aws_iam_policy" "s3_backup_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + id               = (known after apply)
      + name             = (known after apply)
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "s3:GetInventoryConfiguration",
                          + "s3:PutInventoryConfiguration",
                          + "s3:ListBucketVersions",
                          + "s3:ListBucket",
                          + "s3:GetBucketVersioning",
                          + "s3:GetBucketNotification",
                          + "s3:PutBucketNotification",
                          + "s3:GetBucketLocation",
                          + "s3:GetBucketTagging",
                          + "s3:GetBucketAcl",
                        ]
                      + Effect   = "Allow"
                      + Resource = [
                          + "arn:aws:s3:::*",
                        ]
                      + Sid      = "S3BucketBackupPermissions"
                    },
                  + {
                      + Action   = [
                          + "s3:GetObjectAcl",
                          + "s3:GetObject",
                          + "s3:GetObjectVersionTagging",
                          + "s3:GetObjectVersionAcl",
                          + "s3:GetObjectTagging",
                          + "s3:GetObjectVersion",
                        ]
                      + Effect   = "Allow"
                      + Resource = [
                          + "arn:aws:s3:::*/*",
                        ]
                      + Sid      = "S3ObjectBackupPermissions"
                    },
                  + {
                      + Action   = [
                          + "s3:ListAllMyBuckets",
                        ]
                      + Effect   = "Allow"
                      + Resource = [
                          + "*",
                        ]
                      + Sid      = "S3GlobalPermissions"
                    },
                  + {
                      + Action    = [
                          + "kms:Decrypt",
                          + "kms:DescribeKey",
                        ]
                      + Condition = {
                          + StringLike = {
                              + "kms:ViaService" = "s3.*.amazonaws.com"
                            }
                        }
                      + Effect    = "Allow"
                      + Resource  = "*"
                      + Sid       = "KMSBackupPermissions"
                    },
                  + {
                      + Action   = [
                          + "events:DescribeRule",
                          + "events:EnableRule",
                          + "events:PutRule",
                          + "events:DeleteRule",
                          + "events:PutTargets",
                          + "events:RemoveTargets",
                          + "events:ListTargetsByRule",
                          + "events:DisableRule",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:events:*:*:rule/AwsBackupManagedRule*"
                      + Sid      = "EventsPermissions"
                    },
                  + {
                      + Action   = [
                          + "cloudwatch:GetMetricData",
                          + "events:ListRules",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                      + Sid      = "EventsMetricsGlobalPermissions"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + policy_id        = (known after apply)
      + tags_all         = {
          + "Environment" = "dev"
          + "Owner"       = "nhse/ndr-team"
          + "Workspace"   = "ndr-dev"
        }
    }

  # module.ndr-report-store.aws_iam_policy.s3_document_data_policy will be created
  + resource "aws_iam_policy" "s3_document_data_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + id               = (known after apply)
      + name             = "ndr-dev_report-orchestration_get_document_data_policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = {
          + "Environment" = "dev"
          + "Owner"       = "nhse/ndr-team"
          + "Workspace"   = "ndr-dev"
        }
    }

  # module.ndr-report-store.aws_iam_policy.s3_list_object_policy will be created
  + resource "aws_iam_policy" "s3_list_object_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + id               = (known after apply)
      + name             = "ndr-dev_report-orchestration_list_object_policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = {
          + "Environment" = "dev"
          + "Owner"       = "nhse/ndr-team"
          + "Workspace"   = "ndr-dev"
        }
    }

  # module.ndr-report-store.aws_s3_bucket.bucket will be created
  + resource "aws_s3_bucket" "bucket" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = "ndr-dev-report-orchestration"
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = true
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "Name" = "ndr-dev-report-orchestration"
        }
      + tags_all                    = {
          + "Environment" = "dev"
          + "Name"        = "ndr-dev-report-orchestration"
          + "Owner"       = "nhse/ndr-team"
          + "Workspace"   = "ndr-dev"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)

      + cors_rule (known after apply)

      + grant (known after apply)

      + lifecycle_rule (known after apply)

      + logging (known after apply)

      + object_lock_configuration (known after apply)

      + replication_configuration (known after apply)

      + server_side_encryption_configuration (known after apply)

      + versioning (known after apply)

      + website (known after apply)
    }

  # module.ndr-report-store.aws_s3_bucket_acl.bucket_acl will be created
  + resource "aws_s3_bucket_acl" "bucket_acl" {
      + acl    = "private"
      + bucket = (known after apply)
      + id     = (known after apply)

      + access_control_policy (known after apply)
    }

  # module.ndr-report-store.aws_s3_bucket_ownership_controls.s3_bucket_acl_ownership will be created
  + resource "aws_s3_bucket_ownership_controls" "s3_bucket_acl_ownership" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + object_ownership = "ObjectWriter"
        }
    }

  # module.ndr-report-store.aws_s3_bucket_policy.bucket_policy will be created
  + resource "aws_s3_bucket_policy" "bucket_policy" {
      + bucket = (known after apply)
      + id     = (known after apply)
      + policy = (known after apply)
    }

  # module.ndr-report-store.aws_s3_bucket_public_access_block.bucket will be created
  + resource "aws_s3_bucket_public_access_block" "bucket" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.ndr-report-store.aws_s3_bucket_versioning.bucket_versioning[0] will be created
  + resource "aws_s3_bucket_versioning" "bucket_versioning" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Enabled"
        }
    }

  # module.nhs-oauth-token-generator-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-nhs-oauth-token-generator-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]02"
    }

  # module.nrl-dlq-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-nrl-dlq-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]03"
    }

  # module.patch_document_review_lambda_alarm_topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-patch-document-review-lambda-alarm-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]04"
    }

  # module.pdf-stitching-alarm-topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-pdf-stitching-alarm-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]02"
    }

  # module.post_document_review_lambda_alarm_topic.aws_sns_topic_subscription.sns_subscription_list["rob.gaskin1@nhs.net"] will be created
  + resource "aws_sns_topic_subscription" "sns_subscription_list" {
      + arn                             = (known after apply)
      + confirmation_timeout_in_minutes = 1
      + confirmation_was_authenticated  = (known after apply)
      + endpoint                        = "rob.gaskin1@nhs.net"
      + endpoint_auto_confirms          = false
      + filter_policy_scope             = (known after apply)
      + id                              = (known after apply)
      + owner_id                        = (known after apply)
      + pending_confirmation            = (known after apply)
      + protocol                        = "email"
      + raw_message_delivery            = false
      + topic_arn                       = "arn:aws:sns:eu-west-2:[REDACTED_AWS_ACCOUNT_ID]:ndr-dev-sns-post-document-review-lambda-alarm-topic[REDACTED_AWS_ACCOUNT_ID][REDACTED_AWS_ACCOUNT_ID]02"
    }

  # module.report-distribution-lambda.data.aws_iam_policy_document.lambda_kms_access will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "lambda_kms_access" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "kms:Decrypt",
              + "kms:Encrypt",
              + "kms:GenerateDataKey",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.report-distribution-lambda.data.aws_iam_policy_document.merged_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "merged_policy" {
      + id                      = (known after apply)
      + json                    = (known after apply)
      + minified_json           = (known after apply)
      + source_policy_documents = (known after apply)
    }

  # module.report-distribution-lambda.data.aws_iam_policy_document.root_kms_access will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "root_kms_access" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement
(truncated - see workflow logs for full output)

PedroSoaresNHS added 30 commits December 17, 2025 13:44

[PRMP-1054] create report orchestration lambda

47b014c

[PRMP-1054] create report orchestration lambda

a2741a9

Merge remote-tracking branch 'origin/main' into PRMP-1054

eaacf99

[PRMP-1054] trying to fix terraform

3f19e7c

[PRMP-1054] trying to fix terraform

03bccf4

[PRMP-1054] trying to fix terraform

1e4471b

Merge remote-tracking branch 'origin/main' into PRMP-1054

ee7cd81

Merge remote-tracking branch 'origin/main' into PRMP-1054

d774a95

[PRMP-1054] removed null declarations

cd1b3f5

Merge remote-tracking branch 'origin/main' into PRMP-1054

d3fac73

[PRMP-1057] creaton of report orchestration lamba

bb95269

[PRMP-1057] creaton of report orchestration lamba

08c56ff

[PRMP-1057] Updated with permissions to access contacts table

d7fd6a9

[PRMP-1057] trying with step functions

caf24f6

[PRMP-1057] trying with step functions

6fbb8d1

[PRMP-1057] Updated how emails and sent to use the domain

253bc82

[PRMP-1057] Updated how emails and sent to use the domain

2a1aae4

[PRMP-1057] Added DMARC and SPF

fc40b8c

[PRMP-1057] Added DMARC and SPF

097d46c

Merge remote-tracking branch 'origin/main' into PRMP-1057

03f7a52

[PRMP-1057] updated functionality to use 1128 table

b591bdf

Merge remote-tracking branch 'origin/main' into PRMP-1054

7328803

Merge remote-tracking branch 'origin/PRMP-1054' into PRMP-1057

f203db1

[PRMP-1057] fixed terraform comments

afab8d9

[PRMP-1057] added extra security to IAM policy

2391f1b

[PRMP-1057] fixed comments

aa204cb

Merge remote-tracking branch 'origin/main' into PRMP-1054

0895087

Merge remote-tracking branch 'origin/PRMP-1054' into PRMP-1057

434f916

[PRMP-1057] testing new configuration

7bcd62d

[PRMP-1057] testing new configuration

f3b420b

PedroSoaresNHS and others added 22 commits January 28, 2026 11:31

[PRMP-1057-3] update

d99c6c3

[PRMP-1057-3] update

f499f9a

[PRMP-1057-3] update

9bdc646

[PRMP-1057-3] fixed comments

4f43a17

Merge remote-tracking branch 'origin/main' into PRMP-1057-3

b638e43

# Conflicts: # infrastructure/lambda-report-orchestration.tf

[PRMP-1057-3] fixed comments

cb75b6b

[PRMP-1057-2] fixed comments

81e65e7

[PRMP-1057-3] fixed comments

f67697d

[PRMP-1057-3] fixed comments

3f99084

[PRMP-1057-3] fixed comments

f305381

Merge remote-tracking branch 'origin/main' into PRMP-1057-3

979c015

[PRMP-1057-3] removed type

be0be66

[PRMP-1057-3] testing simpler iam

92b7f89

[PRMP-1057-3] testing simpler iam

8a737fb

[PRMP-1057-3] testing

bce8108

[PRMP-1057-3] testing

800d6c2

[PRMP-1057-3] testing a simpler version

d55c03a

[PRMP-1057-3] testing a simpler version

9321c97

Merge remote-tracking branch 'origin/main' into PRMP-1057-3

064ce74

[PRMP-1057-3] testing

4f60c23

[PRMP-1057-3] testing

f62d738

[PRMP-1126] changes

2b0752c

SWhyteAnswer temporarily deployed to development February 3, 2026 11:31 — with GitHub Actions Inactive

SWhyteAnswer had a problem deploying to development February 3, 2026 11:42 — with GitHub Actions Failure

[PRMP-1126] minutes to minute

dcb802c

SWhyteAnswer temporarily deployed to development February 3, 2026 11:54 — with GitHub Actions Inactive

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[PRMP 1126] Report Lambda Sched (stacked on PRMP-1057)#583

[PRMP 1126] Report Lambda Sched (stacked on PRMP-1057)#583
SWhyteAnswer wants to merge 70 commits intomainfrom
PRMP-1126

SWhyteAnswer commented Feb 3, 2026

Uh oh!

sonarqubecloud bot commented Feb 3, 2026

Uh oh!

github-actions bot commented Feb 3, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

SWhyteAnswer commented Feb 3, 2026

Overview

Description

Context

Checklist

Uh oh!

sonarqubecloud bot commented Feb 3, 2026

Quality Gate passed

Uh oh!

github-actions bot commented Feb 3, 2026

Report for environment: ndr-dev

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Terraform Plan 📖success

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`