CCM-12875: Terraform changes, and updates

ScottFullerton-NHSE · ScottFullerton-NHSE · commit bfb30cbaa4b4 · 2025-11-25T12:10:30.000Z
diff --git a/infrastructure/terraform/components/dl/apigateway_pdm_mock.tf b/infrastructure/terraform/components/dl/apigateway_pdm_mock.tf
@@ -1,4 +1,3 @@
-# API Gateway REST API for PDM Mock
 resource "aws_api_gateway_rest_api" "pdm_mock" {
   name        = "${var.project}-${var.environment}-pdm-mock-api"
   description = "PDM Mock API for testing integration with Patient Data Manager"
@@ -15,26 +14,23 @@ resource "aws_api_gateway_rest_api" "pdm_mock" {
   }
 }
 
-# /resource path
 resource "aws_api_gateway_resource" "resource" {
   rest_api_id = aws_api_gateway_rest_api.pdm_mock.id
   parent_id   = aws_api_gateway_rest_api.pdm_mock.root_resource_id
   path_part   = "resource"
 }
 
-# /resource/{id} path
 resource "aws_api_gateway_resource" "resource_id" {
   rest_api_id = aws_api_gateway_rest_api.pdm_mock.id
   parent_id   = aws_api_gateway_resource.resource.id
   path_part   = "{id}"
 }
 
-# POST /resource - Create resource
 resource "aws_api_gateway_method" "create_resource" {
   rest_api_id   = aws_api_gateway_rest_api.pdm_mock.id
   resource_id   = aws_api_gateway_resource.resource.id
   http_method   = "POST"
-  authorization = "NONE"
+  authorization = "AWS_IAM"
 }
 
 resource "aws_api_gateway_integration" "create_resource" {
@@ -47,12 +43,11 @@ resource "aws_api_gateway_integration" "create_resource" {
   uri                     = module.pdm_mock_api.lambda_invoke_arn
 }
 
-# GET /resource/{id} - Get resource
 resource "aws_api_gateway_method" "get_resource" {
   rest_api_id   = aws_api_gateway_rest_api.pdm_mock.id
   resource_id   = aws_api_gateway_resource.resource_id.id
   http_method   = "GET"
-  authorization = "NONE"
+  authorization = "AWS_IAM"
 }
 
 resource "aws_api_gateway_integration" "get_resource" {
@@ -65,18 +60,15 @@ resource "aws_api_gateway_integration" "get_resource" {
   uri                     = module.pdm_mock_api.lambda_invoke_arn
 }
 
-# Lambda permission for API Gateway
 resource "aws_lambda_permission" "pdm_mock_api_gateway" {
   statement_id  = "AllowAPIGatewayInvoke"
   action        = "lambda:InvokeFunction"
   function_name = module.pdm_mock_api.lambda_function_name
   principal     = "apigateway.amazonaws.com"
 
-  # More specific source ARN for better security
   source_arn = "${aws_api_gateway_rest_api.pdm_mock.execution_arn}/*/*"
 }
 
-# Deployment
 resource "aws_api_gateway_deployment" "pdm_mock" {
   depends_on = [
     aws_api_gateway_integration.create_resource,
@@ -100,8 +92,6 @@ resource "aws_api_gateway_deployment" "pdm_mock" {
     create_before_destroy = true
   }
 }
-
-# Stage
 resource "aws_api_gateway_stage" "pdm_mock" {
   deployment_id = aws_api_gateway_deployment.pdm_mock.id
   rest_api_id   = aws_api_gateway_rest_api.pdm_mock.id
@@ -132,8 +122,6 @@ resource "aws_api_gateway_stage" "pdm_mock" {
     Component   = local.component
   }
 }
-
-# CloudWatch Log Group for API Gateway
 resource "aws_cloudwatch_log_group" "pdm_mock_api_gateway" {
   name              = "/aws/apigateway/${var.project}-${var.environment}-pdm-mock-api"
   retention_in_days = var.log_retention_in_days
@@ -146,8 +134,6 @@ resource "aws_cloudwatch_log_group" "pdm_mock_api_gateway" {
     Component   = local.component
   }
 }
-
-# Outputs
 output "pdm_mock_api_endpoint" {
   description = "The base URL of the PDM Mock API"
   value       = aws_api_gateway_stage.pdm_mock.invoke_url

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-# API Gateway REST API for PDM Mock`
`2`	`1`	`resource "aws_api_gateway_rest_api" "pdm_mock" {`
`3`	`2`	`name = "${var.project}-${var.environment}-pdm-mock-api"`
`4`	`3`	`description = "PDM Mock API for testing integration with Patient Data Manager"`
`@@ -15,26 +14,23 @@ resource "aws_api_gateway_rest_api" "pdm_mock" {`
`15`	`14`	`}`
`16`	`15`	`}`
`17`	`16`
`18`		`-# /resource path`
`19`	`17`	`resource "aws_api_gateway_resource" "resource" {`
`20`	`18`	`rest_api_id = aws_api_gateway_rest_api.pdm_mock.id`
`21`	`19`	`parent_id = aws_api_gateway_rest_api.pdm_mock.root_resource_id`
`22`	`20`	`path_part = "resource"`
`23`	`21`	`}`
`24`	`22`
`25`		`-# /resource/{id} path`
`26`	`23`	`resource "aws_api_gateway_resource" "resource_id" {`
`27`	`24`	`rest_api_id = aws_api_gateway_rest_api.pdm_mock.id`
`28`	`25`	`parent_id = aws_api_gateway_resource.resource.id`
`29`	`26`	`path_part = "{id}"`
`30`	`27`	`}`
`31`	`28`
`32`		`-# POST /resource - Create resource`
`33`	`29`	`resource "aws_api_gateway_method" "create_resource" {`
`34`	`30`	`rest_api_id = aws_api_gateway_rest_api.pdm_mock.id`
`35`	`31`	`resource_id = aws_api_gateway_resource.resource.id`
`36`	`32`	`http_method = "POST"`
`37`		`- authorization = "NONE"`
	`33`	`+ authorization = "AWS_IAM"`
`38`	`34`	`}`
`39`	`35`
`40`	`36`	`resource "aws_api_gateway_integration" "create_resource" {`
`@@ -47,12 +43,11 @@ resource "aws_api_gateway_integration" "create_resource" {`
`47`	`43`	`uri = module.pdm_mock_api.lambda_invoke_arn`
`48`	`44`	`}`
`49`	`45`
`50`		`-# GET /resource/{id} - Get resource`
`51`	`46`	`resource "aws_api_gateway_method" "get_resource" {`
`52`	`47`	`rest_api_id = aws_api_gateway_rest_api.pdm_mock.id`
`53`	`48`	`resource_id = aws_api_gateway_resource.resource_id.id`
`54`	`49`	`http_method = "GET"`
`55`		`- authorization = "NONE"`
	`50`	`+ authorization = "AWS_IAM"`
`56`	`51`	`}`
`57`	`52`
`58`	`53`	`resource "aws_api_gateway_integration" "get_resource" {`
`@@ -65,18 +60,15 @@ resource "aws_api_gateway_integration" "get_resource" {`
`65`	`60`	`uri = module.pdm_mock_api.lambda_invoke_arn`
`66`	`61`	`}`
`67`	`62`
`68`		`-# Lambda permission for API Gateway`
`69`	`63`	`resource "aws_lambda_permission" "pdm_mock_api_gateway" {`
`70`	`64`	`statement_id = "AllowAPIGatewayInvoke"`
`71`	`65`	`action = "lambda:InvokeFunction"`
`72`	`66`	`function_name = module.pdm_mock_api.lambda_function_name`
`73`	`67`	`principal = "apigateway.amazonaws.com"`
`74`	`68`
`75`		`- # More specific source ARN for better security`
`76`	`69`	`source_arn = "${aws_api_gateway_rest_api.pdm_mock.execution_arn}//"`
`77`	`70`	`}`
`78`	`71`
`79`		`-# Deployment`
`80`	`72`	`resource "aws_api_gateway_deployment" "pdm_mock" {`
`81`	`73`	`depends_on = [`
`82`	`74`	`aws_api_gateway_integration.create_resource,`
`@@ -100,8 +92,6 @@ resource "aws_api_gateway_deployment" "pdm_mock" {`
`100`	`92`	`create_before_destroy = true`
`101`	`93`	`}`
`102`	`94`	`}`
`103`		`-`
`104`		`-# Stage`
`105`	`95`	`resource "aws_api_gateway_stage" "pdm_mock" {`
`106`	`96`	`deployment_id = aws_api_gateway_deployment.pdm_mock.id`
`107`	`97`	`rest_api_id = aws_api_gateway_rest_api.pdm_mock.id`
`@@ -132,8 +122,6 @@ resource "aws_api_gateway_stage" "pdm_mock" {`
`132`	`122`	`Component = local.component`
`133`	`123`	`}`
`134`	`124`	`}`
`135`		`-`
`136`		`-# CloudWatch Log Group for API Gateway`
`137`	`125`	`resource "aws_cloudwatch_log_group" "pdm_mock_api_gateway" {`
`138`	`126`	`name = "/aws/apigateway/${var.project}-${var.environment}-pdm-mock-api"`
`139`	`127`	`retention_in_days = var.log_retention_in_days`
`@@ -146,8 +134,6 @@ resource "aws_cloudwatch_log_group" "pdm_mock_api_gateway" {`
`146`	`134`	`Component = local.component`
`147`	`135`	`}`
`148`	`136`	`}`
`149`		`-`
`150`		`-# Outputs`
`151`	`137`	`output "pdm_mock_api_endpoint" {`
`152`	`138`	`description = "The base URL of the PDM Mock API"`
`153`	`139`	`value = aws_api_gateway_stage.pdm_mock.invoke_url`