Merge pull request #183 from NHSDigital/feature/CCM-7249_template-api-skeleton-squash

CCM-7249: empty templates API backend

Author: harrim91

.gitignore

@@ -16,6 +16,7 @@
 
 # dependencies
 node_modules
+.node-version
 */node_modules
 /.pnp
 .pnp.js
@@ -47,6 +48,7 @@ npm-debug.log*
 # typescript
 *.tsbuildinfo
 next-env.d.ts
+.swc
 
 # reports
 reports

infrastructure/terraform/components/app/amplify_app.tf

@@ -27,10 +27,10 @@ resource "aws_amplify_app" "main" {
   ]
 
   environment_variables = {
-    NOTIFY_GROUP                            = var.group
-    NOTIFY_ENVIRONMENT                      = var.environment
-    NOTIFY_DOMAIN_NAME                      = local.root_domain_name
-    ACCOUNT_ID                              = var.aws_account_id
-    NEXT_PUBLIC_DISABLE_CONTENT             = var.disable_content
+    NOTIFY_GROUP                = var.group
+    NOTIFY_ENVIRONMENT          = var.environment
+    NOTIFY_DOMAIN_NAME          = local.root_domain_name
+    ACCOUNT_ID                  = var.aws_account_id
+    NEXT_PUBLIC_DISABLE_CONTENT = var.disable_content
   }
 }

infrastructure/terraform/components/app/module_templates_api.tf

@@ -0,0 +1,11 @@
+module "templates_api" {
+  source = "../../modules/templates-api"
+
+  project               = var.project
+  environment           = var.environment
+  aws_account_id        = var.aws_account_id
+  region                = var.region
+  group                 = var.group
+  csi                   = local.csi
+  log_retention_in_days = var.log_retention_in_days
+}

infrastructure/terraform/components/app/outputs.tf

@@ -4,3 +4,7 @@ output "amplify" {
     domain_name = local.root_domain_name
   }
 }
+
+output "api_invoke_url" {
+  value = module.templates_api.api_invoke_url
+}

infrastructure/terraform/modules/lambda-function/cloudwatch_log_group_lambda.tf

@@ -0,0 +1,4 @@
+resource "aws_cloudwatch_log_group" "lambda" {
+  name              = "/aws/lambda/${var.function_name}"
+  retention_in_days = var.log_retention_in_days
+}

infrastructure/terraform/modules/lambda-function/iam_role_lambda_execution_role.tf

@@ -0,0 +1,50 @@
+resource "aws_iam_role" "lambda_execution_role" {
+  name               = "${var.function_name}-execution-role"
+  description        = "IAM Role for Lambda function ${var.function_name}"
+  assume_role_policy = data.aws_iam_policy_document.lambda_service_trust_policy.json
+}
+
+resource "aws_iam_role_policy" "lambda_execution_policy" {
+  role   = aws_iam_role.lambda_execution_role.name
+  name   = "${var.function_name}-execution-policy"
+  policy = data.aws_iam_policy_document.lambda_execution_policy.json
+}
+
+data "aws_iam_policy_document" "lambda_service_trust_policy" {
+  statement {
+    sid    = "LambdaAssumeRole"
+    effect = "Allow"
+
+    actions = [
+      "sts:AssumeRole",
+    ]
+
+    principals {
+      type = "Service"
+
+      identifiers = [
+        "lambda.amazonaws.com"
+      ]
+    }
+  }
+}
+
+data "aws_iam_policy_document" "lambda_execution_policy" {
+  source_policy_documents = [
+    var.execution_role_policy_document
+  ]
+
+  statement {
+    sid    = "AllowLogs"
+    effect = "Allow"
+
+    actions = [
+      "logs:CreateLogStream",
+      "logs:PutLogEvents"
+    ]
+
+    resources = [
+      "${aws_cloudwatch_log_group.lambda.arn}:log-stream:*",
+    ]
+  }
+}

infrastructure/terraform/modules/lambda-function/lambda_function_main.tf

@@ -0,0 +1,9 @@
+resource "aws_lambda_function" "main" {
+  description      = var.description
+  function_name    = var.function_name
+  role             = aws_iam_role.lambda_execution_role.arn
+  filename         = var.filename
+  source_code_hash = var.source_code_hash
+  handler          = var.handler
+  runtime          = var.runtime
+}

infrastructure/terraform/modules/lambda-function/outputs.tf

@@ -0,0 +1,4 @@
+output "function_arn" {
+  value = aws_lambda_function.main.arn
+}
+

infrastructure/terraform/modules/lambda-function/variables.tf

@@ -0,0 +1,42 @@
+variable "description" {
+  type        = string
+  description = "Description of what your Lambda Function does"
+}
+
+variable "execution_role_policy_document" {
+  type        = string
+  description = "IAM Policy Document containing additional runtime permissions for the Lambda function beyond the basic execution policy"
+  default     = ""
+}
+
+variable "filename" {
+  type        = string
+  description = "Path to the function's deployment package within the local filesystem"
+}
+
+variable "function_name" {
+  type        = string
+  description = "Unique name of the Lambda function"
+}
+
+variable "source_code_hash" {
+  type        = string
+  description = "Base64-encoded SHA256 hash of the package file specified by `filename`"
+}
+
+variable "handler" {
+  type        = string
+  description = "Function entrypoint in your code"
+}
+
+variable "runtime" {
+  type        = string
+  description = "Identifier of the function's runtime"
+  default     = "nodejs20.x"
+}
+
+variable "log_retention_in_days" {
+  type        = number
+  description = "Specifies the number of days you want to retain log events in the log group for this Lambda"
+  default     = 0
+}

infrastructure/terraform/modules/templates-api/api_gateway_deployment_main.tf

@@ -0,0 +1,16 @@
+resource "aws_api_gateway_deployment" "main" {
+  rest_api_id = aws_api_gateway_rest_api.main.id
+  description = "Templates API deployment"
+
+  triggers = {
+    openapi_hash = sha1(jsonencode(local.openapi_spec)),
+  }
+
+  variables = {
+    deployed_at = timestamp()
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}