CCM-9037: add internal s3 bucket

Author: harrim91

infrastructure/terraform/components/app/module_backend_api.tf

@@ -16,4 +16,6 @@ module "backend_api" {
   enable_backup = var.destination_vault_arn != null ? true : false
 
   enable_letters = var.enable_letters
+
+  kms_key_arn = module.kms.key_arn
 }

infrastructure/terraform/components/sandbox/module_kms.tf

@@ -0,0 +1,13 @@
+module "kms" {
+  source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/kms?ref=v1.0.8"
+
+  aws_account_id = var.aws_account_id
+  component      = var.component
+  environment    = var.environment
+  project        = var.project
+  region         = var.region
+
+  name            = "main"
+  deletion_window = var.kms_deletion_window
+  alias           = "alias/${local.csi}"
+}

infrastructure/terraform/components/sandbox/variables.tf

@@ -56,3 +56,9 @@ variable "log_retention_in_days" {
   description = "The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite"
   default     = 0
 }
+
+variable "kms_deletion_window" {
+  type        = string
+  description = "When a kms key is deleted, how long should it wait in the pending deletion state?"
+  default     = "30"
+}

infrastructure/terraform/modules/backend-api/module_s3bucket_internal.tf

@@ -0,0 +1,13 @@
+module "s3bucket_internal" {
+  source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/s3bucket?ref=v1.0.8"
+
+  name = "internal"
+
+  aws_account_id = var.aws_account_id
+  region         = var.region
+  project        = var.project
+  environment    = var.environment
+  component      = var.component
+
+  kms_key_arn = var.kms_key_arn
+}

infrastructure/terraform/modules/backend-api/variables.tf

@@ -71,3 +71,8 @@ variable "enable_letters" {
   type        = bool
   description = "Enable letters feature flag"
 }
+
+variable "kms_key_arn" {
+  type        = string
+  description = "KMS Key ARN"
+}