CCM-12616: fix lambda env vars

lapenna-bjss · lapenna-bjss · commit f2061aba8f3f · 2025-12-11T14:47:54.000Z
diff --git a/infrastructure/terraform/components/dl/module_lambda_mesh_download.tf b/infrastructure/terraform/components/dl/module_lambda_mesh_download.tf
@@ -38,7 +38,7 @@ module "mesh_download" {
   lambda_env_vars = {
     SSM_PREFIX                          = "/dl/${var.environment}/mesh"
     EVENT_PUBLISHER_EVENT_BUS_ARN       = aws_cloudwatch_event_bus.main.arn
-    EVENT_PUBLISHER_DLQ_URL             = module.sqs_event_publisher_dlq.queue_url
+    EVENT_PUBLISHER_DLQ_URL             = module.sqs_event_publisher_errors.sqs_queue_url
     ENVIRONMENT                         = var.environment
     PII_BUCKET                          = module.s3bucket_pii_data.bucket
     CERTIFICATE_EXPIRY_METRIC_NAME      = "mesh-download-client-certificate-near-expiry"
@@ -153,10 +153,11 @@ data "aws_iam_policy_document" "mesh_download_lambda" {
 
     actions = [
       "sqs:SendMessage",
+      "sqs:SendMessageBatch",
     ]
 
     resources = [
-      module.sqs_event_publisher_dlq.sqs_queue_arn,
+      module.sqs_event_publisher_errors.sqs_queue_arn,
     ]
   }
 }
diff --git a/infrastructure/terraform/components/dl/module_lambda_mesh_poll.tf b/infrastructure/terraform/components/dl/module_lambda_mesh_poll.tf
@@ -41,7 +41,7 @@ module "mesh_poll" {
     MAXIMUM_RUNTIME_MILLISECONDS        = "240000"  # 4 minutes (Lambda has 5 min timeout)
     ENVIRONMENT                         = var.environment
     EVENT_PUBLISHER_EVENT_BUS_ARN       = aws_cloudwatch_event_bus.main.arn
-    EVENT_PUBLISHER_DLQ_URL             = module.sqs_event_publisher_dlq.queue_url
+    EVENT_PUBLISHER_DLQ_URL             = module.sqs_event_publisher_errors.sqs_queue_url
     CERTIFICATE_EXPIRY_METRIC_NAME      = "mesh-poll-client-certificate-near-expiry"
     CERTIFICATE_EXPIRY_METRIC_NAMESPACE = "dl-mesh-poll"
     POLLING_METRIC_NAME                 = "mesh-poll-successful-polls"
@@ -119,4 +119,18 @@ data "aws_iam_policy_document" "mesh_poll_lambda" {
       aws_cloudwatch_event_bus.main.arn,
     ]
   }
+
+  statement {
+    sid    = "DLQPermissions"
+    effect = "Allow"
+
+    actions = [
+      "sqs:SendMessage",
+      "sqs:SendMessageBatch",
+    ]
+
+    resources = [
+      module.sqs_event_publisher_errors.sqs_queue_arn,
+    ]
+  }
 }

Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ module "mesh_download" {`
`38`	`38`	`lambda_env_vars = {`
`39`	`39`	`SSM_PREFIX = "/dl/${var.environment}/mesh"`
`40`	`40`	`EVENT_PUBLISHER_EVENT_BUS_ARN = aws_cloudwatch_event_bus.main.arn`
`41`		`- EVENT_PUBLISHER_DLQ_URL = module.sqs_event_publisher_dlq.queue_url`
	`41`	`+ EVENT_PUBLISHER_DLQ_URL = module.sqs_event_publisher_errors.sqs_queue_url`
`42`	`42`	`ENVIRONMENT = var.environment`
`43`	`43`	`PII_BUCKET = module.s3bucket_pii_data.bucket`
`44`	`44`	`CERTIFICATE_EXPIRY_METRIC_NAME = "mesh-download-client-certificate-near-expiry"`
`@@ -153,10 +153,11 @@ data "aws_iam_policy_document" "mesh_download_lambda" {`
`153`	`153`
`154`	`154`	`actions = [`
`155`	`155`	`"sqs:SendMessage",`
	`156`	`+ "sqs:SendMessageBatch",`
`156`	`157`	`]`
`157`	`158`
`158`	`159`	`resources = [`
`159`		`- module.sqs_event_publisher_dlq.sqs_queue_arn,`
	`160`	`+ module.sqs_event_publisher_errors.sqs_queue_arn,`
`160`	`161`	`]`
`161`	`162`	`}`
`162`	`163`	`}`