From f19e2d8639cfc2f8917ce9cf47afb588eabb4bdf Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Wed, 23 Jul 2025 00:32:35 -0400 Subject: [PATCH 1/3] Move audit log table to terraform --- cloudformation/main.yml | 5 ----- terraform/envs/prod/main.tf | 28 ++++++++++++++++++++++++++++ terraform/envs/qa/main.tf | 28 ++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+), 5 deletions(-) diff --git a/cloudformation/main.yml b/cloudformation/main.yml index 5ecaa07e..d2359346 100644 --- a/cloudformation/main.yml +++ b/cloudformation/main.yml @@ -85,11 +85,6 @@ Resources: SqsQueueArn: !Sub "arn:aws:sqs:${AWS::Region}:${AWS::AccountId}:infra-core-api-sqs" LinkryKvArn: !GetAtt LinkryRecordsCloudfrontStore.Arn - AppLogGroups: - Type: AWS::Serverless::Application - Properties: - Location: ./logs.yml - LinkryRecordSetv4: Condition: IsDev Type: AWS::Route53::RecordSet diff --git a/terraform/envs/prod/main.tf b/terraform/envs/prod/main.tf index 86ace28f..5865c618 100644 --- a/terraform/envs/prod/main.tf +++ b/terraform/envs/prod/main.tf @@ -49,3 +49,31 @@ module "sqs_queues" { source = "../../modules/sqs" resource_prefix = var.ProjectId } + +import { + to = aws_dynamodb_table.app_audit_log + id = "${var.ProjectId}-audit-log" +} + +resource "aws_dynamodb_table" "app_audit_log" { + billing_mode = "PAY_PER_REQUEST" + name = "${var.ProjectId}-audit-log" + deletion_protection_enabled = true + hash_key = "module" + range_key = "createdAt" + point_in_time_recovery { + enabled = true + } + attribute { + name = "module" + type = "S" + } + attribute { + name = "createdAt" + type = "N" + } + ttl { + attribute_name = "createdAt" + enabled = true + } +} diff --git a/terraform/envs/qa/main.tf b/terraform/envs/qa/main.tf index 2db6396c..68c64223 100644 --- a/terraform/envs/qa/main.tf +++ b/terraform/envs/qa/main.tf @@ -36,3 +36,31 @@ module "sqs_queues" { source = "../../modules/sqs" resource_prefix = var.ProjectId } + +import { + to = aws_dynamodb_table.app_audit_log + id = "${var.ProjectId}-audit-log" +} + +resource "aws_dynamodb_table" "app_audit_log" { + billing_mode = "PAY_PER_REQUEST" + name = "${var.ProjectId}-audit-log" + deletion_protection_enabled = true + hash_key = "module" + range_key = "createdAt" + point_in_time_recovery { + enabled = true + } + attribute { + name = "module" + type = "S" + } + attribute { + name = "createdAt" + type = "N" + } + ttl { + attribute_name = "createdAt" + enabled = true + } +} From 6dd69a86452e7d20bdc713be2b2fefe85a92aca1 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Wed, 23 Jul 2025 00:34:26 -0400 Subject: [PATCH 2/3] Remove AppLogGroups from cloudformation --- cloudformation/main.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/cloudformation/main.yml b/cloudformation/main.yml index d2359346..cc688642 100644 --- a/cloudformation/main.yml +++ b/cloudformation/main.yml @@ -213,8 +213,6 @@ Resources: AppApiLambdaFunction: Type: AWS::Serverless::Function - DependsOn: - - AppLogGroups Properties: Architectures: [arm64] CodeUri: ../dist/lambda @@ -256,8 +254,6 @@ Resources: AppSqsLambdaFunction: Type: AWS::Serverless::Function - DependsOn: - - AppLogGroups Properties: Architectures: [arm64] CodeUri: ../dist/sqsConsumer From d5b97aaf26d4baa1df0854f6f8a04f670113c390 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Wed, 23 Jul 2025 00:40:09 -0400 Subject: [PATCH 3/3] fix ttl --- cloudformation/logs.yml | 28 ---------------------------- terraform/envs/prod/main.tf | 2 +- terraform/envs/qa/main.tf | 2 +- 3 files changed, 2 insertions(+), 30 deletions(-) delete mode 100644 cloudformation/logs.yml diff --git a/cloudformation/logs.yml b/cloudformation/logs.yml deleted file mode 100644 index 3fc5ee5b..00000000 --- a/cloudformation/logs.yml +++ /dev/null @@ -1,28 +0,0 @@ -AWSTemplateFormatVersion: '2010-09-09' -Description: Stack Log Groups -Transform: AWS::Serverless-2016-10-31 - -Resources: - AppAuditLog: - Type: "AWS::DynamoDB::Table" - DeletionPolicy: "Retain" - UpdateReplacePolicy: "Retain" - Properties: - BillingMode: "PAY_PER_REQUEST" - TableName: infra-core-api-audit-log - DeletionProtectionEnabled: true - PointInTimeRecoverySpecification: - PointInTimeRecoveryEnabled: true - AttributeDefinitions: - - AttributeName: module - AttributeType: S - - AttributeName: createdAt - AttributeType: N - KeySchema: - - AttributeName: module - KeyType: HASH - - AttributeName: createdAt - KeyType: RANGE - TimeToLiveSpecification: - AttributeName: expiresAt - Enabled: true diff --git a/terraform/envs/prod/main.tf b/terraform/envs/prod/main.tf index 5865c618..6f5c608b 100644 --- a/terraform/envs/prod/main.tf +++ b/terraform/envs/prod/main.tf @@ -73,7 +73,7 @@ resource "aws_dynamodb_table" "app_audit_log" { type = "N" } ttl { - attribute_name = "createdAt" + attribute_name = "expiresAt" enabled = true } } diff --git a/terraform/envs/qa/main.tf b/terraform/envs/qa/main.tf index 68c64223..eb920b6b 100644 --- a/terraform/envs/qa/main.tf +++ b/terraform/envs/qa/main.tf @@ -60,7 +60,7 @@ resource "aws_dynamodb_table" "app_audit_log" { type = "N" } ttl { - attribute_name = "createdAt" + attribute_name = "expiresAt" enabled = true } }