CCM-11442: Add terraform resources for DDB tables (#97)

m-houston · web-flow · commit a4779dfd0f5e · 2025-08-05T14:23:49.000+01:00
* CCM-11228: Add terraform resources for DDB tables * CCM-11228: Enable point-in-time recovery for DynamoDB tables * CCM-11442: Add TTL fields to ddb config * CCM-11228: Remove redundant attribute blocks for ttl field
diff --git a/infrastructure/terraform/components/api/ddb_table_letters.tf b/infrastructure/terraform/components/api/ddb_table_letters.tf
@@ -0,0 +1,40 @@
+resource "aws_dynamodb_table" "letters" {
+  name         = "${local.csi}-letters"
+  billing_mode = "PAY_PER_REQUEST"
+
+  hash_key  = "supplierId"
+  range_key = "id"
+
+  ttl {
+    attribute_name = "ttl"
+    enabled        = true
+  }
+
+  global_secondary_index {
+    name            = "supplierStatus-index"
+    hash_key        = "supplierStatus"
+    range_key       = "id"
+    projection_type = "ALL"
+  }
+
+  attribute {
+    name = "id"
+    type = "string"
+  }
+
+  attribute {
+    name = "supplierId"
+    type = "string"
+  }
+
+  attribute {
+    name = "supplierStatus"
+    type = "string"
+  }
+
+  point_in_time_recovery {
+    enabled = true
+  }
+
+  tags = var.default_tags
+}
diff --git a/infrastructure/terraform/components/api/ddb_table_mi.tf b/infrastructure/terraform/components/api/ddb_table_mi.tf
@@ -0,0 +1,28 @@
+resource "aws_dynamodb_table" "mi" {
+  name         = "${local.csi}-mi"
+  billing_mode = "PAY_PER_REQUEST"
+
+  hash_key  = "supplierId"
+  range_key = "id"
+
+  ttl {
+    attribute_name = "ttl"
+    enabled        = true
+  }
+
+  attribute {
+    name = "id"
+    type = "string"
+  }
+
+  attribute {
+    name = "supplierId"
+    type = "string"
+  }
+
+  point_in_time_recovery {
+    enabled = true
+  }
+
+  tags = var.default_tags
+}
diff --git a/infrastructure/terraform/components/api/module_lambda_get_letters.tf b/infrastructure/terraform/components/api/module_lambda_get_letters.tf
@@ -36,6 +36,7 @@ module "get_letters" {
   log_subscription_role_arn = local.acct.log_subscription_role_arn
 
   lambda_env_vars = {
+    LETTERS_TABLE_NAME = aws_dynamodb_table.letters.name
   }
 }
 
@@ -53,4 +54,24 @@ data "aws_iam_policy_document" "get_letters_lambda" {
       module.kms.key_arn, ## Requires shared kms module
     ]
   }
+
+  statement {
+    sid    = "AllowDynamoDBAccess"
+    effect = "Allow"
+
+    actions = [
+      "dynamodb:BatchGetItem",
+      "dynamodb:BatchWriteItem",
+      "dynamodb:DeleteItem",
+      "dynamodb:GetItem",
+      "dynamodb:PutItem",
+      "dynamodb:Query",
+      "dynamodb:Scan",
+      "dynamodb:UpdateItem",
+    ]
+
+    resources = [
+      aws_dynamodb_table.letters.arn,
+    ]
+  }
 }
