Merge pull request #8575 from ministryofjustice/Update_061124_1

Update_061124_1
ministryofjustice · Nov 6, 2024 · 16ae5f2 · 16ae5f2
2 parents abda8c4 + e73649b
commit 16ae5f2
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 9 deletions.
diff --git a/terraform/environments/ppud/iam.tf b/terraform/environments/ppud/iam.tf
@@ -312,7 +312,8 @@ resource "aws_iam_policy" "iam_policy_for_lambda_cloudwatch_invoke_lambda_dev" {
           "ssm:GetCommandInvocation"
         ],
         "Resource": [ 
-          "arn:aws:ssm::${local.environment_management.account_ids["ppud-development"]}:*"
+          "arn:aws:ssm:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:*",
+          "arn:aws:ssm:eu-west-2::document/AWS-RunPowerShellScript"
         ] 
     },
     {
@@ -321,17 +322,19 @@ resource "aws_iam_policy" "iam_policy_for_lambda_cloudwatch_invoke_lambda_dev" {
            "ec2:DescribeInstances"
         ],
         "Resource": [ 
-           "arn:aws:ec2::${local.environment_management.account_ids["ppud-development"]}:*"
+           "arn:aws:ec2:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:*"
         ] 
     },
     {
         "Effect": "Allow",
         "Action": [ 
            "lambda:InvokeAsync",
-           "lambda:InvokeFunction"
+           "lambda:InvokeFunction",
+           "ssm:SendCommand",
+           "ssm:GetCommandInvocation"
         ],
         "Resource": [ 
-           "arn:aws:lambda::${local.environment_management.account_ids["ppud-development"]}:*"
+           "arn:aws:lambda:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:*"
         ] 
     },
     {
@@ -346,7 +349,7 @@ resource "aws_iam_policy" "iam_policy_for_lambda_cloudwatch_invoke_lambda_dev" {
            "sqs:SendMessage"
         ],
         "Resource": [  
-           "arn:aws:sqs::${local.environment_management.account_ids["ppud-development"]}:*"
+           "arn:aws:sqs:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:*"
         ] 
     }]
   })

diff --git a/terraform/environments/ppud/lambda.tf b/terraform/environments/ppud/lambda.tf
@@ -254,7 +254,7 @@ resource "aws_lambda_function" "terraform_lambda_func_terminate_cpu_process_dev"
   timeout                        = 300
   depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_cloudwatch_invoke_lambda_to_lambda_role_cloudwatch_invoke_lambda_dev]
   reserved_concurrent_executions = 5
-  code_signing_config_arn        = "arn:aws:lambda:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:code-signing-config:csc-0c7136ccff2de748f"
+  # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:code-signing-config:csc-0c7136ccff2de748f"
   dead_letter_config {
     target_arn = aws_sqs_queue.lambda_queue_dev[0].arn
   }
@@ -380,7 +380,7 @@ resource "aws_lambda_function" "terraform_lambda_func_send_cpu_notification_dev"
   timeout                        = 300
   depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_cloudwatch_invoke_lambda_to_lambda_role_cloudwatch_invoke_lambda_dev]
   reserved_concurrent_executions = 5
-  code_signing_config_arn        = "arn:aws:lambda:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:code-signing-config:csc-0c7136ccff2de748f"
+  # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:code-signing-config:csc-0c7136ccff2de748f"
   dead_letter_config {
     target_arn = aws_sqs_queue.lambda_queue_dev[0].arn
   }

diff --git a/terraform/environments/ppud/lambda_scripts/send_cpu_notification_dev.py b/terraform/environments/ppud/lambda_scripts/send_cpu_notification_dev.py
@@ -6,7 +6,7 @@ def lambda_handler(event, context):
 
     client = boto3.client("ec2")
     ssm = boto3.client("ssm")
-    InstanceId = "i-0b5c31ecda24ebc04" # RGVW110
+    InstanceId = "i-0c98db0c20242e12c" # RGVW110
 
     response = ssm.send_command(InstanceIds=[InstanceId],DocumentName="AWS-RunPowerShellScript", Parameters={"commands": ['& "C:\\Scripts\\DEV_CPU_Notification.ps1"']})
     command_id = response["Command"]["CommandId"]

diff --git a/terraform/environments/ppud/lambda_scripts/terminate_cpu_process_dev.py b/terraform/environments/ppud/lambda_scripts/terminate_cpu_process_dev.py
@@ -7,7 +7,7 @@ def lambda_handler(event, context):
 
     client = boto3.client("ec2")
     ssm = boto3.client("ssm")
-    InstanceId = "i-0b5c31ecda24ebc04" # RGVW110
+    InstanceId = "i-0c98db0c20242e12c" # RGVW110
 
     response = ssm.send_command(InstanceIds=[InstanceId],DocumentName="AWS-RunPowerShellScript", Parameters={"commands": ['& "C:\\Scripts\\DEV_Terminate_Word.ps1"']})
     command_id = response["Command"]["CommandId"]