CCM-12995 Adding base eventPub Infra

aidenvaines-cgi · sidnhs · commit a643d711f3dd · 2025-11-19T11:21:06.000Z
diff --git a/infrastructure/terraform/components/api/module_kms.tf b/infrastructure/terraform/components/api/module_kms.tf
@@ -31,6 +31,7 @@ data "aws_iam_policy_document" "kms" {
       type = "Service"
 
       identifiers = [
+        "sns.amazon.com",
         "logs.${var.region}.amazonaws.com",
       ]
     }
@@ -46,4 +47,24 @@ data "aws_iam_policy_document" "kms" {
       "*",
     ]
   }
+
+  statement {
+    sid    = "AllowEventsFromSharedInfraAccount"
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["arn:aws:iam::${var.shared_infra_account_id}:root"]
+    }
+
+    actions = [
+      "kms:Encrypt",
+      "kms:Decrypt",
+      "kms:GenerateDataKey"
+    ]
+
+    resources = [
+      "*",
+    ]
+  }
 }
diff --git a/infrastructure/terraform/components/api/module_lambda_letter_updates_transformer.tf b/infrastructure/terraform/components/api/module_lambda_letter_updates_transformer.tf
@@ -22,7 +22,7 @@ module "letter_updates_transformer" {
   function_code_base_path = local.aws_lambda_functions_dir_path
   function_code_dir       = "letter-updates-transformer/dist"
   function_include_common = true
-  handler_function_name   = "updateLetter"
+  handler_function_name   = "handler"
   runtime                 = "nodejs22.x"
   memory                  = 128
   timeout                 = 5
diff --git a/infrastructure/terraform/components/api/module_lambda_upsert_letter.tf b/infrastructure/terraform/components/api/module_lambda_upsert_letter.tf
@@ -22,7 +22,7 @@ module "upsert_letter" {
   function_code_base_path = local.aws_lambda_functions_dir_path
   function_code_dir       = "upsert-letter/dist"
   function_include_common = true
-  handler_function_name   = "upsertLetter"
+  handler_function_name   = "handler"
   runtime                 = "nodejs22.x"
   memory                  = 128
   timeout                 = 5
diff --git a/infrastructure/terraform/modules/eventsub/sns_topic_policy.tf b/infrastructure/terraform/modules/eventsub/sns_topic_policy.tf
@@ -50,21 +50,14 @@ data "aws_iam_policy_document" "sns_topic_policy" {
     ]
 
     principals {
-      type        = "Service"
-      identifiers = ["events.amazonaws.com"]
+      type = "AWS"
+      identifiers = [
+        "arn:aws:iam::${var.shared_infra_account_id}:root"
+      ]
     }
 
     resources = [
       aws_sns_topic.main.arn,
     ]
-
-    condition {
-      test     = "StringEquals"
-      variable = "AWS:SourceAccount"
-
-      values = [
-        var.shared_infra_account_id
-      ]
-    }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -50,21 +50,14 @@ data "aws_iam_policy_document" "sns_topic_policy" {`
`50`	`50`	`]`
`51`	`51`
`52`	`52`	`principals {`
`53`		`- type = "Service"`
`54`		`- identifiers = ["events.amazonaws.com"]`
	`53`	`+ type = "AWS"`
	`54`	`+ identifiers = [`
	`55`	`+ "arn:aws:iam::${var.shared_infra_account_id}:root"`
	`56`	`+ ]`
`55`	`57`	`}`
`56`	`58`
`57`	`59`	`resources = [`
`58`	`60`	`aws_sns_topic.main.arn,`
`59`	`61`	`]`
`60`		`-`
`61`		`- condition {`
`62`		`- test = "StringEquals"`
`63`		`- variable = "AWS:SourceAccount"`
`64`		`-`
`65`		`- values = [`
`66`		`- var.shared_infra_account_id`
`67`		`- ]`
`68`		`- }`
`69`	`62`	`}`
`70`	`63`	`}`