CCM-11228: Add terraform resources for DDB tables

m-houston · m-houston · commit 910d98ef09d5 · 2025-08-01T20:50:49.000+01:00
diff --git a/infrastructure/terraform/components/api/README.md b/infrastructure/terraform/components/api/README.md
@@ -4,7 +4,9 @@
 
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.81.0 |
 ## Inputs
 
 | Name | Description | Type | Default | Required |
diff --git a/infrastructure/terraform/components/api/ddb_table_letters.tf b/infrastructure/terraform/components/api/ddb_table_letters.tf
@@ -0,0 +1,39 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.81.0"
+    }
+  }
+}
+resource "aws_dynamodb_table" "letters" {
+  name         = "${local.csi}-letters"
+  billing_mode = "PAY_PER_REQUEST"
+
+  hash_key  = "supplierId"
+  range_key = "id"
+
+  global_secondary_index {
+    name            = "supplierStatus-index"
+    hash_key        = "supplierStatus"
+    range_key       = "id"
+    projection_type = "ALL"
+  }
+
+  attribute {
+    name = "id"
+    type = "string"
+  }
+
+  attribute {
+    name = "supplierId"
+    type = "string"
+  }
+
+  attribute {
+    name = "supplierStatus"
+    type = "string"
+  }
+
+  tags = var.default_tags
+}
diff --git a/infrastructure/terraform/components/api/ddb_table_mi.tf b/infrastructure/terraform/components/api/ddb_table_mi.tf
@@ -0,0 +1,19 @@
+resource "aws_dynamodb_table" "mi" {
+  name         = "${local.csi}-mi"
+  billing_mode = "PAY_PER_REQUEST"
+
+  hash_key  = "supplierId"
+  range_key = "id"
+
+  attribute {
+    name = "id"
+    type = "string"
+  }
+
+  attribute {
+    name = "supplierId"
+    type = "string"
+  }
+
+  tags = var.default_tags
+}
diff --git a/infrastructure/terraform/components/api/module_lambda_get_letters.tf b/infrastructure/terraform/components/api/module_lambda_get_letters.tf
@@ -36,6 +36,7 @@ module "get_letters" {
   log_subscription_role_arn = local.acct.log_subscription_role_arn
 
   lambda_env_vars = {
+    LETTERS_TABLE_NAME = aws_dynamodb_table.letters.name
   }
 }
 
@@ -53,4 +54,24 @@ data "aws_iam_policy_document" "get_letters_lambda" {
       module.kms.key_arn, ## Requires shared kms module
     ]
   }
+
+  statement {
+    sid    = "AllowDynamoDBAccess"
+    effect = "Allow"
+
+    actions = [
+      "dynamodb:BatchGetItem",
+      "dynamodb:BatchWriteItem",
+      "dynamodb:DeleteItem",
+      "dynamodb:GetItem",
+      "dynamodb:PutItem",
+      "dynamodb:Query",
+      "dynamodb:Scan",
+      "dynamodb:UpdateItem",
+    ]
+
+    resources = [
+      aws_dynamodb_table.letters.arn,
+    ]
+  }
 }
