Merge branch 'main' of https://github.com/NHSDigital/nhs-notify-web-template-management into feature/CCM-10429_templates_and_s3_files_migration

Author: bhansell1

infrastructure/terraform/modules/backend-api/README.md

@@ -38,6 +38,8 @@ No requirements.
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_authorizer_lambda"></a> [authorizer\_lambda](#module\_authorizer\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
+| <a name="module_count_routing_configs_lambda"></a> [count\_routing\_configs\_lambda](#module\_count\_routing\_configs\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
+| <a name="module_create_routing_config_lambda"></a> [create\_routing\_config\_lambda](#module\_create\_routing\_config\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_create_template_lambda"></a> [create\_template\_lambda](#module\_create\_template\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_delete_template_lambda"></a> [delete\_template\_lambda](#module\_delete\_template\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_get_client_lambda"></a> [get\_client\_lambda](#module\_get\_client\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |

infrastructure/terraform/modules/backend-api/iam_role_api_gateway_execution_role.tf

@@ -50,7 +50,9 @@ data "aws_iam_policy_document" "api_gateway_execution_policy" {
     resources = [
       module.authorizer_lambda.function_arn,
       module.upload_letter_template_lambda.function_arn,
+      module.count_routing_configs_lambda.function_arn,
       module.create_template_lambda.function_arn,
+      module.create_routing_config_lambda.function_arn,
       module.delete_template_lambda.function_arn,
       module.get_client_lambda.function_arn,
       module.get_routing_config_lambda.function_arn,

infrastructure/terraform/modules/backend-api/locals.tf

@@ -11,20 +11,22 @@ locals {
   client_ssm_path_pattern = "arn:aws:ssm:${var.region}:${var.aws_account_id}:parameter${local.client_ssm_path_prefix}/*"
 
   openapi_spec = templatefile("${path.module}/spec.tmpl.json", {
-    APIG_EXECUTION_ROLE_ARN         = aws_iam_role.api_gateway_execution_role.arn
-    AUTHORIZER_LAMBDA_ARN           = module.authorizer_lambda.function_arn
-    AWS_REGION                      = var.region
-    CREATE_LAMBDA_ARN               = module.create_template_lambda.function_arn
-    DELETE_LAMBDA_ARN               = module.delete_template_lambda.function_arn
-    GET_CLIENT_LAMBDA_ARN           = module.get_client_lambda.function_arn
-    GET_LAMBDA_ARN                  = module.get_template_lambda.function_arn
-    GET_ROUTING_CONFIG_LAMBDA_ARN   = module.get_routing_config_lambda.function_arn
-    LIST_LAMBDA_ARN                 = module.list_template_lambda.function_arn
-    LIST_ROUTING_CONFIGS_LAMBDA_ARN = module.list_routing_configs_lambda.function_arn
-    REQUEST_PROOF_LAMBDA_ARN        = module.request_proof_lambda.function_arn
-    SUBMIT_LAMBDA_ARN               = module.submit_template_lambda.function_arn
-    UPDATE_LAMBDA_ARN               = module.update_template_lambda.function_arn
-    UPLOAD_LETTER_LAMBDA_ARN        = module.upload_letter_template_lambda.function_arn
+    APIG_EXECUTION_ROLE_ARN          = aws_iam_role.api_gateway_execution_role.arn
+    AUTHORIZER_LAMBDA_ARN            = module.authorizer_lambda.function_arn
+    AWS_REGION                       = var.region
+    COUNT_ROUTING_CONFIGS_LAMBDA_ARN = module.count_routing_configs_lambda.function_arn
+    CREATE_LAMBDA_ARN                = module.create_template_lambda.function_arn
+    CREATE_ROUTING_CONFIG_LAMBDA_ARN = module.create_routing_config_lambda.function_arn
+    DELETE_LAMBDA_ARN                = module.delete_template_lambda.function_arn
+    GET_CLIENT_LAMBDA_ARN            = module.get_client_lambda.function_arn
+    GET_LAMBDA_ARN                   = module.get_template_lambda.function_arn
+    GET_ROUTING_CONFIG_LAMBDA_ARN    = module.get_routing_config_lambda.function_arn
+    LIST_LAMBDA_ARN                  = module.list_template_lambda.function_arn
+    LIST_ROUTING_CONFIGS_LAMBDA_ARN  = module.list_routing_configs_lambda.function_arn
+    REQUEST_PROOF_LAMBDA_ARN         = module.request_proof_lambda.function_arn
+    SUBMIT_LAMBDA_ARN                = module.submit_template_lambda.function_arn
+    UPDATE_LAMBDA_ARN                = module.update_template_lambda.function_arn
+    UPLOAD_LETTER_LAMBDA_ARN         = module.upload_letter_template_lambda.function_arn
   })
 
   backend_lambda_environment_variables = {

infrastructure/terraform/modules/backend-api/module_count_routing_configs_lambda.tf

@@ -0,0 +1,68 @@
+module "count_routing_configs_lambda" {
+  source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip"
+
+  project        = var.project
+  environment    = var.environment
+  component      = var.component
+  aws_account_id = var.aws_account_id
+  region         = var.region
+
+  kms_key_arn = var.kms_key_arn
+
+  function_name = "count-routing-configs"
+
+  function_module_name  = "count-routing-configs"
+  handler_function_name = "handler"
+  description           = "Count Routing Configs API endpoint"
+
+  memory  = 512
+  timeout = 3
+  runtime = "nodejs20.x"
+
+  log_retention_in_days = var.log_retention_in_days
+
+  iam_policy_document = {
+    body = data.aws_iam_policy_document.count_routing_configs_lambda_policy.json
+  }
+
+  lambda_env_vars         = local.backend_lambda_environment_variables
+  function_s3_bucket      = var.function_s3_bucket
+  function_code_base_path = local.lambdas_dir
+  function_code_dir       = "backend-api/dist/count-routing-configs"
+
+  send_to_firehose          = var.send_to_firehose
+  log_destination_arn       = var.log_destination_arn
+  log_subscription_role_arn = var.log_subscription_role_arn
+}
+
+data "aws_iam_policy_document" "count_routing_configs_lambda_policy" {
+  statement {
+    sid    = "AllowDynamoAccess"
+    effect = "Allow"
+
+    actions = [
+      "dynamodb:Query",
+    ]
+
+    resources = [
+      aws_dynamodb_table.routing_configuration.arn,
+    ]
+  }
+
+  statement {
+    sid    = "AllowKMSAccess"
+    effect = "Allow"
+
+    actions = [
+      "kms:Decrypt",
+      "kms:DescribeKey",
+      "kms:Encrypt",
+      "kms:GenerateDataKey*",
+      "kms:ReEncrypt*",
+    ]
+
+    resources = [
+      var.kms_key_arn
+    ]
+  }
+}

infrastructure/terraform/modules/backend-api/module_create_routing_config_lambda.tf

@@ -0,0 +1,68 @@
+module "create_routing_config_lambda" {
+  source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip"
+
+  project        = var.project
+  environment    = var.environment
+  component      = var.component
+  aws_account_id = var.aws_account_id
+  region         = var.region
+
+  kms_key_arn = var.kms_key_arn
+
+  function_name = "create-routing-config"
+
+  function_module_name  = "create-routing-config"
+  handler_function_name = "handler"
+  description           = "Create Routing Config API endpoint"
+
+  memory  = 512
+  timeout = 3
+  runtime = "nodejs20.x"
+
+  log_retention_in_days = var.log_retention_in_days
+
+  iam_policy_document = {
+    body = data.aws_iam_policy_document.create_routing_config_lambda_policy.json
+  }
+
+  lambda_env_vars         = local.backend_lambda_environment_variables
+  function_s3_bucket      = var.function_s3_bucket
+  function_code_base_path = local.lambdas_dir
+  function_code_dir       = "backend-api/dist/create-routing-config"
+
+  send_to_firehose          = var.send_to_firehose
+  log_destination_arn       = var.log_destination_arn
+  log_subscription_role_arn = var.log_subscription_role_arn
+}
+
+data "aws_iam_policy_document" "create_routing_config_lambda_policy" {
+  statement {
+    sid    = "AllowDynamoAccess"
+    effect = "Allow"
+
+    actions = [
+      "dynamodb:PutItem",
+    ]
+
+    resources = [
+      aws_dynamodb_table.routing_configuration.arn,
+    ]
+  }
+
+  statement {
+    sid    = "AllowKMSAccess"
+    effect = "Allow"
+
+    actions = [
+      "kms:Decrypt",
+      "kms:DescribeKey",
+      "kms:Encrypt",
+      "kms:GenerateDataKey*",
+      "kms:ReEncrypt*",
+    ]
+
+    resources = [
+      var.kms_key_arn
+    ]
+  }
+}