CCM-12221: get routing config endpoint (#690)

Author: harrim91

infrastructure/terraform/components/sandbox/README.md

@@ -43,6 +43,7 @@
 | <a name="output_internal_bucket_name"></a> [internal\_bucket\_name](#output\_internal\_bucket\_name) | n/a |
 | <a name="output_quarantine_bucket_name"></a> [quarantine\_bucket\_name](#output\_quarantine\_bucket\_name) | n/a |
 | <a name="output_request_proof_queue_url"></a> [request\_proof\_queue\_url](#output\_request\_proof\_queue\_url) | n/a |
+| <a name="output_routing_config_table_name"></a> [routing\_config\_table\_name](#output\_routing\_config\_table\_name) | n/a |
 | <a name="output_sftp_environment"></a> [sftp\_environment](#output\_sftp\_environment) | n/a |
 | <a name="output_sftp_mock_credential_path"></a> [sftp\_mock\_credential\_path](#output\_sftp\_mock\_credential\_path) | n/a |
 | <a name="output_sftp_poll_lambda_name"></a> [sftp\_poll\_lambda\_name](#output\_sftp\_poll\_lambda\_name) | n/a |

infrastructure/terraform/components/sandbox/outputs.tf

@@ -69,3 +69,7 @@ output "test_email_bucket_prefix" {
 output "event_cache_bucket_name" {
   value = module.eventpub.s3_bucket_event_cache.bucket
 }
+
+output "routing_config_table_name" {
+  value = module.backend_api.routing_config_table_name
+}

infrastructure/terraform/modules/backend-api/README.md

@@ -41,6 +41,7 @@ No requirements.
 | <a name="module_create_template_lambda"></a> [create\_template\_lambda](#module\_create\_template\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_delete_template_lambda"></a> [delete\_template\_lambda](#module\_delete\_template\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_get_client_lambda"></a> [get\_client\_lambda](#module\_get\_client\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
+| <a name="module_get_routing_config_lambda"></a> [get\_routing\_config\_lambda](#module\_get\_routing\_config\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_get_template_lambda"></a> [get\_template\_lambda](#module\_get\_template\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_lambda_copy_scanned_object_to_internal"></a> [lambda\_copy\_scanned\_object\_to\_internal](#module\_lambda\_copy\_scanned\_object\_to\_internal) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_lambda_delete_failed_scanned_object"></a> [lambda\_delete\_failed\_scanned\_object](#module\_lambda\_delete\_failed\_scanned\_object) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
@@ -73,6 +74,7 @@ No requirements.
 | <a name="output_internal_bucket_name"></a> [internal\_bucket\_name](#output\_internal\_bucket\_name) | n/a |
 | <a name="output_quarantine_bucket_name"></a> [quarantine\_bucket\_name](#output\_quarantine\_bucket\_name) | n/a |
 | <a name="output_request_proof_queue_url"></a> [request\_proof\_queue\_url](#output\_request\_proof\_queue\_url) | n/a |
+| <a name="output_routing_config_table_name"></a> [routing\_config\_table\_name](#output\_routing\_config\_table\_name) | n/a |
 | <a name="output_sftp_environment"></a> [sftp\_environment](#output\_sftp\_environment) | n/a |
 | <a name="output_sftp_mock_credential_path"></a> [sftp\_mock\_credential\_path](#output\_sftp\_mock\_credential\_path) | n/a |
 | <a name="output_sftp_poll_lambda_name"></a> [sftp\_poll\_lambda\_name](#output\_sftp\_poll\_lambda\_name) | n/a |

infrastructure/terraform/modules/backend-api/iam_role_api_gateway_execution_role.tf

@@ -54,6 +54,7 @@ data "aws_iam_policy_document" "api_gateway_execution_policy" {
       module.delete_template_lambda.function_arn,
       module.get_client_lambda.function_arn,
       module.get_template_lambda.function_arn,
+      module.get_routing_config_lambda.function_arn,
       module.list_template_lambda.function_arn,
       module.request_proof_lambda.function_arn,
       module.submit_template_lambda.function_arn,

infrastructure/terraform/modules/backend-api/locals.tf

@@ -11,18 +11,19 @@ locals {
   client_ssm_path_pattern = "arn:aws:ssm:${var.region}:${var.aws_account_id}:parameter${local.client_ssm_path_prefix}/*"
 
   openapi_spec = templatefile("${path.module}/spec.tmpl.json", {
-    APIG_EXECUTION_ROLE_ARN  = aws_iam_role.api_gateway_execution_role.arn
-    AUTHORIZER_LAMBDA_ARN    = module.authorizer_lambda.function_arn
-    AWS_REGION               = var.region
-    CREATE_LAMBDA_ARN        = module.create_template_lambda.function_arn
-    DELETE_LAMBDA_ARN        = module.delete_template_lambda.function_arn
-    GET_CLIENT_LAMBDA_ARN    = module.get_client_lambda.function_arn
-    GET_LAMBDA_ARN           = module.get_template_lambda.function_arn
-    LIST_LAMBDA_ARN          = module.list_template_lambda.function_arn
-    REQUEST_PROOF_LAMBDA_ARN = module.request_proof_lambda.function_arn
-    SUBMIT_LAMBDA_ARN        = module.submit_template_lambda.function_arn
-    UPDATE_LAMBDA_ARN        = module.update_template_lambda.function_arn
-    UPLOAD_LETTER_LAMBDA_ARN = module.upload_letter_template_lambda.function_arn
+    APIG_EXECUTION_ROLE_ARN       = aws_iam_role.api_gateway_execution_role.arn
+    AUTHORIZER_LAMBDA_ARN         = module.authorizer_lambda.function_arn
+    AWS_REGION                    = var.region
+    CREATE_LAMBDA_ARN             = module.create_template_lambda.function_arn
+    DELETE_LAMBDA_ARN             = module.delete_template_lambda.function_arn
+    GET_CLIENT_LAMBDA_ARN         = module.get_client_lambda.function_arn
+    GET_LAMBDA_ARN                = module.get_template_lambda.function_arn
+    GET_ROUTING_CONFIG_LAMBDA_ARN = module.get_routing_config_lambda.function_arn
+    LIST_LAMBDA_ARN               = module.list_template_lambda.function_arn
+    REQUEST_PROOF_LAMBDA_ARN      = module.request_proof_lambda.function_arn
+    SUBMIT_LAMBDA_ARN             = module.submit_template_lambda.function_arn
+    UPDATE_LAMBDA_ARN             = module.update_template_lambda.function_arn
+    UPLOAD_LETTER_LAMBDA_ARN      = module.upload_letter_template_lambda.function_arn
   })
 
   backend_lambda_environment_variables = {
@@ -32,6 +33,7 @@ locals {
     ENVIRONMENT                             = var.environment
     NODE_OPTIONS                            = "--enable-source-maps"
     REQUEST_PROOF_QUEUE_URL                 = module.sqs_sftp_upload.sqs_queue_url
+    ROUTING_CONFIG_TABLE_NAME               = aws_dynamodb_table.routing_configuration.name
     SUPPLIER_RECIPIENT_EMAIL_ADDRESSES      = jsonencode({ for k, v in var.letter_suppliers : k => v.email_addresses })
     TEMPLATE_SUBMITTED_SENDER_EMAIL_ADDRESS = var.template_submitted_sender_email_address
     TEMPLATES_DOWNLOAD_BUCKET_NAME          = module.s3bucket_download.id

infrastructure/terraform/modules/backend-api/module_get_routing_config_lambda.tf

@@ -0,0 +1,68 @@
+module "get_routing_config_lambda" {
+  source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip"
+
+  project        = var.project
+  environment    = var.environment
+  component      = var.component
+  aws_account_id = var.aws_account_id
+  region         = var.region
+
+  kms_key_arn = var.kms_key_arn
+
+  function_name = "get-routing-config"
+
+  function_module_name  = "get-routing-config"
+  handler_function_name = "handler"
+  description           = "Get Routing Config API endpoint"
+
+  memory  = 512
+  timeout = 3
+  runtime = "nodejs20.x"
+
+  log_retention_in_days = var.log_retention_in_days
+
+  iam_policy_document = {
+    body = data.aws_iam_policy_document.get_routing_config_lambda_policy.json
+  }
+
+  lambda_env_vars         = local.backend_lambda_environment_variables
+  function_s3_bucket      = var.function_s3_bucket
+  function_code_base_path = local.lambdas_dir
+  function_code_dir       = "backend-api/dist/get-routing-config"
+
+  send_to_firehose          = var.send_to_firehose
+  log_destination_arn       = var.log_destination_arn
+  log_subscription_role_arn = var.log_subscription_role_arn
+}
+
+data "aws_iam_policy_document" "get_routing_config_lambda_policy" {
+  statement {
+    sid    = "AllowDynamoAccess"
+    effect = "Allow"
+
+    actions = [
+      "dynamodb:GetItem",
+    ]
+
+    resources = [
+      aws_dynamodb_table.routing_configuration.arn,
+    ]
+  }
+
+  statement {
+    sid    = "AllowKMSAccess"
+    effect = "Allow"
+
+    actions = [
+      "kms:Decrypt",
+      "kms:DescribeKey",
+      "kms:Encrypt",
+      "kms:GenerateDataKey*",
+      "kms:ReEncrypt*",
+    ]
+
+    resources = [
+      var.kms_key_arn
+    ]
+  }
+}

infrastructure/terraform/modules/backend-api/outputs.tf

@@ -41,3 +41,7 @@ output "templates_table_name" {
 output "quarantine_bucket_name" {
   value = module.s3bucket_quarantine.id
 }
+
+output "routing_config_table_name" {
+  value = aws_dynamodb_table.routing_configuration.name
+}