Initial development of lambda authoriser

Author: chris-elliott-nhsd

infrastructure/terraform/components/app/module_templates_api.tf

@@ -8,4 +8,6 @@ module "templates_api" {
   group                 = var.group
   csi                   = local.csi
   log_retention_in_days = var.log_retention_in_days
+
+  cognito_config        = jsondecode(aws_ssm_parameter.cognito_config.value)
 }

infrastructure/terraform/components/app/ssm_parameter_cognito_config.tf

@@ -0,0 +1,13 @@
+resource "aws_ssm_parameter" "cognito_config" {
+
+  name        = "/${local.csi}/cognito_config"
+  description = "Configuration values for Cognito instance"
+  type        = "SecureString"
+  value       = data.aws_ssm_parameter.sftp_mock_config.value
+
+  lifecycle {
+    ignore_changes = [
+      value,
+    ]
+  }
+}

infrastructure/terraform/modules/templates-api/module_authorizer_lambda.tf

@@ -9,6 +9,8 @@ module "authorizer_lambda" {
   handler          = "index.handler"
 
   log_retention_in_days = var.log_retention_in_days
+
+  environment_variables = var.cognito_config
 }
 
 module "authorizer_build" {

infrastructure/terraform/modules/templates-api/variables.tf

@@ -52,3 +52,11 @@ variable "log_retention_in_days" {
   description = "The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite"
   default     = 0
 }
+
+variable "cognito_config" {
+  type = object({
+    user_pool_id: string,
+    user_pool_client_id: string
+  })
+  description = "Cognito config"
+}