Add cognito env vars to private api

[mattjreynolds]

Make cognito environment variables available for API
Needs to be merged ahead of the API PR

[infracost]

💰 Infracost report

This pull request is aligned with your company's FinOps policies and the Well-Architected Framework.

Monthly estimate decreased by £1 📉

Changed project	Baseline cost	Usage cost*	Total change	New monthly cost
terraform-20-app-test	-£0.99	-£0.08	-£1 (0%)	£286

*Usage costs can be estimated by updating Infracost Cloud settings, see docs for other options.

Estimate details (includes details of unsupported resources)

Key: * usage cost, ~ changed, + added, - removed

──────────────────────────────────
Project: terraform-20-app-test
Module path: terraform/20-app
Workspace: test

~ module.ecs_service_feature_flags.aws_ecs_service.this[0]
  -£0.03 (£8 → £8)

    ~ Per GB per hour
      -£0.01 (£1 → £1)

    ~ Per vCPU per hour
      -£0.02 (£6 → £6)

~ aws_wafv2_web_acl.feature_flags
  -£0.03 (£8 → £8)

    ~ Web ACL usage
      -£0.01 (£4 → £4)

    ~ Managed rule groups
      -£0.01 (£4 → £4), +0 groups (5 → 5)*

~ aws_wafv2_web_acl.front_end
  -£0.03 (£8 → £8)

    ~ Web ACL usage
      -£0.01 (£4 → £4)

    ~ Managed rule groups
      -£0.01 (£4 → £4), +0 groups (5 → 5)*

~ aws_wafv2_web_acl.archive_web_content
  -£0.03 (£9 → £9)

    ~ Web ACL usage
      -£0.01 (£4 → £4)

    ~ Rules
      -£0.01 (£1 → £1)

    ~ Managed rule groups
      -£0.01 (£4 → £4), +0 groups (5 → 5)*

~ aws_wafv2_web_acl.cms_admin
  -£0.03 (£9 → £9)

    ~ Web ACL usage
      -£0.01 (£4 → £4)

    ~ Rules
      -£0.01 (£1 → £1)

    ~ Managed rule groups
      -£0.01 (£4 → £4), +0 groups (5 → 5)*

~ aws_wafv2_web_acl.legacy_dashboard_redirect
  -£0.03 (£9 → £9)

    ~ Web ACL usage
      -£0.01 (£4 → £4)

    ~ Rules
      -£0.01 (£1 → £1)

    ~ Managed rule groups
      -£0.01 (£4 → £4), +0 groups (5 → 5)*

~ aws_wafv2_web_acl.public_api
  -£0.03 (£9 → £9)

    ~ Web ACL usage
      -£0.01 (£4 → £4)

    ~ Rules
      -£0.01 (£1 → £1)

    ~ Managed rule groups
      -£0.01 (£4 → £4), +0 groups (5 → 5)*

~ module.cms_admin_alb.aws_lb.this[0]
  -£0.05 (£14 → £14)

    ~ Application load balancer
      -£0.05 (£14 → £14)

~ module.feature_flags_alb.aws_lb.this[0]
  -£0.05 (£14 → £14)

    ~ Application load balancer
      -£0.05 (£14 → £14)

~ module.feedback_api_alb.aws_lb.this[0]
  -£0.05 (£14 → £14)

    ~ Application load balancer
      -£0.05 (£14 → £14)

~ module.front_end_alb.aws_lb.this[0]
  -£0.05 (£14 → £14)

    ~ Application load balancer
      -£0.05 (£14 → £14)

~ module.private_api_alb.aws_lb.this[0]
  -£0.05 (£14 → £14)

    ~ Application load balancer
      -£0.05 (£14 → £14)

~ module.public_api_alb.aws_lb.this[0]
  -£0.05 (£14 → £14)

    ~ Application load balancer
      -£0.05 (£14 → £14)

~ module.ecs_service_cms_admin.aws_ecs_service.this[0]
  -£0.06 (£16 → £15)

    ~ Per GB per hour
      -£0.01 (£3 → £3)

    ~ Per vCPU per hour
      -£0.05 (£13 → £13)

~ module.ecs_service_feedback_api.aws_ecs_service.this[0]
  -£0.06 (£16 → £15)

    ~ Per GB per hour
      -£0.01 (£3 → £3)

    ~ Per vCPU per hour
      -£0.05 (£13 → £13)

~ module.ecs_service_front_end.aws_ecs_service.this[0]
  -£0.06 (£16 → £15)

    ~ Per GB per hour
      -£0.01 (£3 → £3)

    ~ Per vCPU per hour
      -£0.05 (£13 → £13)

~ module.ecs_service_private_api.aws_ecs_service.this[0]
  -£0.06 (£16 → £15)

    ~ Per GB per hour
      -£0.01 (£3 → £3)

    ~ Per vCPU per hour
      -£0.05 (£13 → £13)

~ module.ecs_service_public_api.aws_ecs_service.this[0]
  -£0.06 (£16 → £15)

    ~ Per GB per hour
      -£0.01 (£3 → £3)

    ~ Per vCPU per hour
      -£0.05 (£13 → £13)

~ aws_kinesis_stream.kinesis_data_stream_ingestion
  -£0.10 (£26 → £26)

    ~ ON_DEMAND
      -£0.10 (£26 → £26)

~ module.vpc.aws_nat_gateway.this[0]
  -£0.10 (£27 → £27)

    ~ NAT gateway
      -£0.10 (£27 → £27)

Monthly cost change for terraform-20-app-test (Module path: terraform/20-app, Workspace: test)
Amount:  -£1 (GBP) (£287 → £286)
Percent: 0%

──────────────────────────────────
Key: * usage cost, ~ changed, + added, - removed

*Usage costs can be estimated by updating Infracost Cloud settings, see docs for other options.

2542 cloud resources were detected:
∙ 480 were estimated
∙ 1774 were free
∙ 288 are not supported yet, see https://infracost.io/requested-resources:
  ∙ 44 x aws_s3_bucket_accelerate_configuration
  ∙ 44 x aws_s3_bucket_request_payment_configuration
  ∙ 40 x aws_s3_bucket_metadata_configuration
  ∙ 16 x aws_cloudfront_monitoring_subscription
  ∙ 12 x aws_cloudwatch_event_archive
  ∙ 12 x aws_ecr_registry_policy
  ∙ 12 x aws_ecr_registry_scanning_configuration
  ∙ 12 x aws_ecr_replication_configuration
  ∙ 12 x aws_ecrpublic_repository_policy
  ∙ 12 x aws_elasticache_serverless_cache
  ∙ 8 x aws_cloudfront_key_value_store
  ∙ 8 x aws_rds_cluster_activity_stream
  ∙ 8 x aws_shield_application_layer_automatic_response
  ∙ 8 x aws_sns_topic_data_protection_policy
  ∙ 4 x aws_cognito_identity_pool
  ∙ 4 x aws_cognito_identity_provider
  ∙ 4 x aws_cognito_user_group
  ∙ 4 x aws_cognito_user_pool
  ∙ 4 x aws_cognito_user_pool_domain
  ∙ 4 x aws_cur_report_definition
  ∙ 4 x aws_flow_log
  ∙ 4 x aws_rum_app_monitor
  ∙ 4 x aws_shield_drt_access_log_bucket_association
  ∙ 4 x aws_vpc_block_public_access_options

---

There are also 94 pre-existing issues in the main branch. Fix some to climb your org’s leaderboard 🥇

_{This comment will be updated when code changes.}

[github-actions]

unit test coverage report

Title	Lines	Statements	Branches	Functions
lambda-producer-handler		100% (41/41)	25% (2/8)	100% (8/8)
lambda-db-password-rotation		100% (26/26)	40% (4/10)	100% (4/4)
lambda-alarm-notification		100% (23/23)		100% (5/5)
legacy-dashboard-redirect-viewer-request		100% (16/16)	100% (4/4)	100% (3/3)
public-api-cloud-front-viewer-request		100% (18/18)	100% (12/12)	100% (3/3)
lambda-front-end-revalidation		100% (22/22)		100% (4/4)
lambda-retrieve-user-permission-set		100% (9/9)	100% (0/0)	100% (1/1)

Title	Tests	Skipped	Failures	Errors	Time
lambda-producer-handler	16	0 💤	0 ❌	0 🔥	0.745s ⏱️
lambda-db-password-rotation	5	0 💤	0 ❌	0 🔥	0.65s ⏱️
lambda-alarm-notification	5	0 💤	0 ❌	0 🔥	0.678s ⏱️
legacy-dashboard-redirect-viewer-request	10	0 💤	0 ❌	0 🔥	0.508s ⏱️
public-api-cloud-front-viewer-request	11	0 💤	0 ❌	0 🔥	0.482s ⏱️
lambda-front-end-revalidation	4	0 💤	0 ❌	0 🔥	0.592s ⏱️
lambda-retrieve-user-permission-set	2	0 💤	0 ❌	0 🔥	0.381s ⏱️

[github-actions]

unit test coverage report

Title	Lines	Statements	Branches	Functions
lambda-producer-handler		100% (41/41)	25% (2/8)	100% (8/8)
lambda-db-password-rotation		100% (26/26)	40% (4/10)	100% (4/4)
lambda-alarm-notification		100% (23/23)		100% (5/5)
legacy-dashboard-redirect-viewer-request		100% (16/16)	100% (4/4)	100% (3/3)
public-api-cloud-front-viewer-request		100% (18/18)	100% (12/12)	100% (3/3)
lambda-front-end-revalidation		100% (22/22)		100% (4/4)
lambda-retrieve-user-permission-set		100% (9/9)	100% (0/0)	100% (1/1)

Title	Tests	Skipped	Failures	Errors	Time
lambda-producer-handler	16	0 💤	0 ❌	0 🔥	0.749s ⏱️
lambda-db-password-rotation	5	0 💤	0 ❌	0 🔥	0.659s ⏱️
lambda-alarm-notification	5	0 💤	0 ❌	0 🔥	0.678s ⏱️
legacy-dashboard-redirect-viewer-request	10	0 💤	0 ❌	0 🔥	0.514s ⏱️
public-api-cloud-front-viewer-request	11	0 💤	0 ❌	0 🔥	0.485s ⏱️
lambda-front-end-revalidation	4	0 💤	0 ❌	0 🔥	0.593s ⏱️
lambda-retrieve-user-permission-set	2	0 💤	0 ❌	0 🔥	0.39s ⏱️

[sonarqubecloud]

❌ The last analysis has failed.

See analysis details on SonarQube Cloud