CCM-10241 updating backend-api module refs

Author: aidenvaines-cgi

infrastructure/terraform/modules/backend-api/README.md

@@ -13,7 +13,6 @@ No requirements.
 | <a name="input_cloudfront_distribution_arn"></a> [cloudfront\_distribution\_arn](#input\_cloudfront\_distribution\_arn) | ARN of the cloudfront distribution to serve files from | `string` | `null` | no |
 | <a name="input_cognito_config"></a> [cognito\_config](#input\_cognito\_config) | Cognito config | <pre>object({<br/>    USER_POOL_ID : string,<br/>    USER_POOL_CLIENT_ID : string<br/>  })</pre> | n/a | yes |
 | <a name="input_component"></a> [component](#input\_component) | The variable encapsulating the name of this component | `string` | n/a | yes |
-| <a name="input_csi"></a> [csi](#input\_csi) | CSI from the parent component | `string` | n/a | yes |
 | <a name="input_email_domain"></a> [email\_domain](#input\_email\_domain) | Email domain | `string` | n/a | yes |
 | <a name="input_enable_backup"></a> [enable\_backup](#input\_enable\_backup) | Enable Backups for the DynamoDB table? | `bool` | `true` | no |
 | <a name="input_enable_event_stream"></a> [enable\_event\_stream](#input\_enable\_event\_stream) | Enable DynamoDB streaming to EventBridge | `bool` | `true` | no |
@@ -25,14 +24,14 @@ No requirements.
 | <a name="input_log_destination_arn"></a> [log\_destination\_arn](#input\_log\_destination\_arn) | Destination ARN to use for the log subscription filter | `string` | `""` | no |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite | `number` | `0` | no |
 | <a name="input_log_subscription_role_arn"></a> [log\_subscription\_role\_arn](#input\_log\_subscription\_role\_arn) | The ARN of the IAM role to use for the log subscription filter | `string` | `""` | no |
-| <a name="input_module"></a> [module](#input\_module) | The variable encapsulating the name of this module | `string` | `"api"` | no |
-| <a name="input_parent_acct_environment"></a> [parent\_acct\_environment](#input\_parent\_acct\_environment) | Name of the environment responsible for the acct resources used | `string` | n/a | yes |
 | <a name="input_project"></a> [project](#input\_project) | The name of the tfscaffold project | `string` | n/a | yes |
 | <a name="input_proof_requested_sender_email_address"></a> [proof\_requested\_sender\_email\_address](#input\_proof\_requested\_sender\_email\_address) | Proof requested sender email address | `string` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | The AWS Region | `string` | n/a | yes |
 | <a name="input_send_to_firehose"></a> [send\_to\_firehose](#input\_send\_to\_firehose) | Flag indicating whether logs should be sent to firehose | `bool` | n/a | yes |
 | <a name="input_sns_topic_arn"></a> [sns\_topic\_arn](#input\_sns\_topic\_arn) | SNS topic ARN | `string` | `null` | no |
+| <a name="input_ssm_parameter_sftp_mock_config_name"></a> [ssm\_parameter\_sftp\_mock\_config\_name](#input\_ssm\_parameter\_sftp\_mock\_config\_name) | SSM Parameter name for the SFTP mock config | `string` | `null` | no |
 | <a name="input_template_submitted_sender_email_address"></a> [template\_submitted\_sender\_email\_address](#input\_template\_submitted\_sender\_email\_address) | Template submitted sender email address | `string` | n/a | yes |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The VPC ID to deploy the backend API into | `string` | n/a | yes |
 ## Modules
 
 | Name | Source | Version |

infrastructure/terraform/modules/backend-api/aws_security_group_account_vpc_sg_allow_sftp_egress.tf

@@ -0,0 +1,15 @@
+resource "aws_security_group" "account_vpc_sg_allow_sftp_egress" {
+  name        = "${data.aws_vpc.account_vpc.tags["Project"]}-${data.aws_vpc.account_vpc.tags["Environment"]}-acct-sftp-egress"
+  description = "Security group to allow SFTP egress"
+  vpc_id      = data.aws_vpc.account_vpc.id
+}
+
+resource "aws_security_group_rule" "allow_sftp_egress" {
+  type              = "egress"
+  description       = "Allow outbound SFTP"
+  from_port         = 22
+  to_port           = 22
+  protocol          = "tcp"
+  cidr_blocks       = ["0.0.0.0/0"]
+  security_group_id = aws_security_group.account_vpc_sg_allow_sftp_egress.id
+}

infrastructure/terraform/modules/backend-api/data_ssm_parameter_sftp_mock_config_acct.tf

@@ -1,4 +1,4 @@
 data "aws_ssm_parameter" "sftp_mock_config_acct" {
   count = local.use_sftp_letter_supplier_mock ? 1 : 0
-  name  = "/nhs-notify-${var.parent_acct_environment}-acct/sftp-mock-config"
+  name  = var.ssm_parameter_sftp_mock_config_name
 }

infrastructure/terraform/modules/backend-api/data_vpc_account_vpc.tf

@@ -1,7 +1,5 @@
 data "aws_vpc" "account_vpc" {
-  tags = {
-    Component = "acct"
-  }
+  id = var.vpc_id
 }
 
 data "aws_subnets" "account_vpc_private_subnets" {
@@ -14,11 +12,3 @@ data "aws_subnets" "account_vpc_private_subnets" {
     Subnet = "Private"
   }
 }
-
-data "aws_security_group" "account_vpc_sg_allow_sftp_egress" {
-  vpc_id = data.aws_vpc.account_vpc.id
-
-  tags = {
-    Name = "${data.aws_vpc.account_vpc.tags["Project"]}-${data.aws_vpc.account_vpc.tags["Environment"]}-acct-sftp-egress"
-  }
-}

infrastructure/terraform/modules/backend-api/locals.tf

@@ -1,13 +1,25 @@
 locals {
-  csi = "${var.csi}-${var.module}"
+  module = "backend"
+
+  csi = replace(
+    format(
+      "%s-%s-%s-%s",
+      var.project,
+      var.environment,
+      var.component,
+      local.module
+    ),
+    "_",
+    "",
+  )
 
   lambdas_dir = "../../../../lambdas"
 
   lambdas_source_code_dir = abspath("${path.module}/${local.lambdas_dir}")
   pdfjs_layer_zip         = abspath("${local.lambdas_source_code_dir}/layers/pdfjs/dist/layer/pdfjs-layer.zip")
   pdfjs_layer_lockfile    = abspath("${local.lambdas_source_code_dir}/layers/pdfjs/package-lock.json")
 
-  client_ssm_path_prefix  = "/${var.csi}/clients"
+  client_ssm_path_prefix  = "/${local.csi}/clients"
   client_ssm_path_pattern = "arn:aws:ssm:${var.region}:${var.aws_account_id}:parameter${local.client_ssm_path_prefix}/*"
 
   openapi_spec = templatefile("${path.module}/spec.tmpl.json", {

infrastructure/terraform/modules/backend-api/module_lambda_sftp_poll.tf

@@ -39,7 +39,7 @@ module "lambda_sftp_poll" {
 
   vpc_config = {
     subnet_ids         = data.aws_subnets.account_vpc_private_subnets.ids
-    security_group_ids = [data.aws_security_group.account_vpc_sg_allow_sftp_egress.id]
+    security_group_ids = [aws_security_group.account_vpc_sg_allow_sftp_egress.id]
   }
 
   send_to_firehose          = var.send_to_firehose

infrastructure/terraform/modules/backend-api/module_lambda_sftp_request_proof.tf

@@ -43,7 +43,7 @@ module "lambda_sftp_request_proof" {
 
   vpc_config = {
     subnet_ids         = data.aws_subnets.account_vpc_private_subnets.ids
-    security_group_ids = [data.aws_security_group.account_vpc_sg_allow_sftp_egress.id]
+    security_group_ids = [aws_security_group.account_vpc_sg_allow_sftp_egress.id]
   }
 
   send_to_firehose          = var.send_to_firehose

infrastructure/terraform/modules/backend-api/variables.tf

@@ -32,31 +32,21 @@ variable "group" {
   description = "The group variables are being inherited from (often synonmous with account short-name)"
 }
 
-##
-# tfscaffold variables specific to this component
-##
-
-variable "module" {
-  type        = string
-  description = "The variable encapsulating the name of this module"
-  default     = "api"
-}
-
 ##
 # Variables specific to this component
 ##
 
-variable "csi" {
-  type        = string
-  description = "CSI from the parent component"
-}
-
 variable "log_retention_in_days" {
   type        = number
   description = "The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite"
   default     = 0
 }
 
+variable "vpc_id" {
+  type        = string
+  description = "The VPC ID to deploy the backend API into"
+}
+
 variable "cognito_config" {
   type = object({
     USER_POOL_ID : string,
@@ -91,9 +81,10 @@ variable "letter_suppliers" {
   description = "Letter suppliers enabled in the environment"
 }
 
-variable "parent_acct_environment" {
+variable "ssm_parameter_sftp_mock_config_name" {
   type        = string
-  description = "Name of the environment responsible for the acct resources used"
+  description = "SSM Parameter name for the SFTP mock config"
+  default     = null
 }
 
 variable "cloudfront_distribution_arn" {