NHSDigital · harrim91 · Mar 18, 2025 · Mar 13, 2025 · Mar 13, 2025 · Mar 13, 2025
@@ -2,11 +2,17 @@ name: "Normalize branch name"
 description: "Normalize branch name"
 outputs:
   normalized_branch_name:
+    description: 14 character branch identifier (0000-thebranch)
     value: ${{ steps.normalize_branch_name.outputs.normalized_branch_name }}
 runs:
   using: "composite"
   steps:
     - id: normalize_branch_name
       shell: bash
-      run: echo "normalized_branch_name=$(sed -e 's/[^a-zA-Z0-9-]//g' <<< $(git rev-parse --abbrev-ref HEAD) | tr '[:upper:]' '[:lower:]' | head -c 25)" >> $GITHUB_OUTPUT
-
+      run: |
+        branch=$(git rev-parse --abbrev-ref HEAD)
+        stripped=$(echo $branch | sed -e 's/[^a-zA-Z0-9-]//g' | tr '[:upper:]' '[:lower:]')
+        starting_from_jira_ref=$(echo $stripped | sed -n 's/.*\([0-9]\{4,\}.*\)/\1/p')
+        with_fallback=${starting_from_jira_ref:-$stripped}
+        chopped=$(echo $with_fallback | head -c 14)
+        echo "normalized_branch_name=$chopped" >> $GITHUB_OUTPUT
@@ -16,4 +16,6 @@ module "backend_api" {
   enable_backup = var.destination_vault_arn != null ? true : false
 
   enable_letters = var.enable_letters
+
+  kms_key_arn = module.kms.key_arn
 }
@@ -14,6 +14,7 @@ No requirements.
 | <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | A map of default tags to apply to all taggable resources within the component | `map(string)` | `{}` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes |
 | <a name="input_group"></a> [group](#input\_group) | The group variables are being inherited from (often synonymous with account short-name) | `string` | n/a | yes |
+| <a name="input_kms_deletion_window"></a> [kms\_deletion\_window](#input\_kms\_deletion\_window) | When a kms key is deleted, how long should it wait in the pending deletion state? | `string` | `"30"` | no |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite | `number` | `0` | no |
 | <a name="input_project"></a> [project](#input\_project) | The name of the tfscaffold project | `string` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | The AWS Region | `string` | n/a | yes |
@@ -22,6 +23,7 @@ No requirements.
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_backend_api"></a> [backend\_api](#module\_backend\_api) | ../../modules/backend-api | n/a |
+| <a name="module_kms"></a> [kms](#module\_kms) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/kms | v1.0.8 |
 ## Outputs
 
 | Name | Description |

@@ -15,4 +15,6 @@ module "backend_api" {
   }
 
   enable_letters = true
+
+  kms_key_arn = module.kms.key_arn
 }
diff --git a/infrastructure/terraform/components/sandbox/module_kms.tf b/infrastructure/terraform/components/sandbox/module_kms.tf
@@ -0,0 +1,13 @@
+module "kms" {
+  source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/kms?ref=v1.0.8"
+
+  aws_account_id = var.aws_account_id
+  component      = var.component
+  environment    = var.environment
+  project        = var.project
+  region         = var.region
+
+  name            = "main"
+  deletion_window = var.kms_deletion_window
+  alias           = "alias/${local.csi}"
+}
@@ -56,3 +56,9 @@ variable "log_retention_in_days" {
   description = "The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite"
   default     = 0
 }
+
+variable "kms_deletion_window" {
+  type        = string
+  description = "When a kms key is deleted, how long should it wait in the pending deletion state?"
+  default     = "30"
+}
@@ -17,6 +17,7 @@ No requirements.
 | <a name="input_enable_letters"></a> [enable\_letters](#input\_enable\_letters) | Enable letters feature flag | `bool` | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes |
 | <a name="input_group"></a> [group](#input\_group) | The group variables are being inherited from (often synonmous with account short-name) | `string` | n/a | yes |
+| <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | KMS Key ARN | `string` | n/a | yes |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite | `number` | `0` | no |
 | <a name="input_project"></a> [project](#input\_project) | The name of the tfscaffold project | `string` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | The AWS Region | `string` | n/a | yes |
@@ -31,6 +32,7 @@ No requirements.
 | <a name="module_create_template_lambda"></a> [create\_template\_lambda](#module\_create\_template\_lambda) | ../lambda-function | n/a |
 | <a name="module_get_template_lambda"></a> [get\_template\_lambda](#module\_get\_template\_lambda) | ../lambda-function | n/a |
 | <a name="module_list_template_lambda"></a> [list\_template\_lambda](#module\_list\_template\_lambda) | ../lambda-function | n/a |
+| <a name="module_s3bucket_internal"></a> [s3bucket\_internal](#module\_s3bucket\_internal) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/s3bucket | v1.0.8 |
 | <a name="module_update_template_lambda"></a> [update\_template\_lambda](#module\_update\_template\_lambda) | ../lambda-function | n/a |
 ## Outputs
 

@@ -0,0 +1,13 @@
+module "s3bucket_internal" {
+  source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/s3bucket?ref=v1.0.8"
+
+  name = "internal"
+
+  aws_account_id = var.aws_account_id
+  region         = var.region
+  project        = var.project
+  environment    = var.environment
+  component      = var.component
+
+  kms_key_arn = var.kms_key_arn
+}
@@ -71,3 +71,8 @@ variable "enable_letters" {
   type        = bool
   description = "Enable letters feature flag"
 }
+
+variable "kms_key_arn" {
+  type        = string
+  description = "KMS Key ARN"
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -15,4 +15,6 @@ module "backend_api" { @@
       }
       enable_letters = true
+      kms_key_arn = module.kms.key_arn
     }