Update_281124_3

ministryofjustice · Nov 28, 2024 · 3a13b60 · 3a13b60
1 parent 8e7d8e7
commit 3a13b60
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 2 deletions.
diff --git a/terraform/environments/ppud/iam.tf b/terraform/environments/ppud/iam.tf
@@ -1183,6 +1183,29 @@ resource "aws_iam_policy" "iam_policy_for_lambda_cloudwatch_get_metric_data_dev"
         "arn:aws:cloudwatch:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:*"
       ]
       },
+      {
+	      "Sid"     : "S3BucketPolicy",
+        "Effect"  : "Allow",
+        "Action"  : [
+          "s3:GetObject",
+          "s3:PutObject",
+          "s3:DeleteObject"
+        ],
+        "Resource" : [
+           "arn:aws:s3:::moj-release-management",
+		       "arn:aws:s3:::moj-release-management/*"
+        ]
+      },
+      {
+	      "Sid"     : "SSMPolicy",
+        "Effect"  : "Allow",
+        "Action"  : [
+          "ssm:GetParameter"
+        ],
+        "Resource" : [
+           "arn:aws:ssm:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:parameter/klayers-account"
+        ]
+      },
       {
         "Sid" : "LogPolicy",
         "Effect" : "Allow",

diff --git a/terraform/environments/ppud/lambda.tf b/terraform/environments/ppud/lambda.tf
@@ -516,6 +516,9 @@ resource "aws_lambda_function" "terraform_lambda_func_send_cpu_graph_dev" {
    layers = [
     "arn:aws:lambda:eu-west-2:770693421928:layer:Klayers-p312-numpy:8", #Publically available ARN for numpy package
     "arn:aws:lambda:eu-west-2:770693421928:layer:Klayers-p312-pillow:1" #Publically available ARN for pillow package
+#  "arn:aws:lambda:eu-west-2:${data.aws_ssm_parameter.klayers_account_dev.value}:layer:Klayers-p312-numpy:8",
+#  "arn:aws:lambda:eu-west-2:${data.aws_ssm_parameter.klayers_account_dev.value}:layer:Klayers-p312-pillow:1",
+#   aws_lambda_layer_version.lambda_layer_matplotlib_dev[0].arn 
   ]
 }
 
@@ -526,4 +529,17 @@ data "archive_file" "zip_the_send_cpu_graph_code_dev" {
   type        = "zip"
   source_dir  = "${path.module}/lambda_scripts/"
   output_path = "${path.module}/lambda_scripts/send_cpu_graph_dev.zip"
-}
+}
+
+# Lambda Layer for Matplotlib
+
+/*
+resource "aws_lambda_layer_version" "lambda_layer_matplotlib_dev" {
+  count               = local.is-development == true ? 1 : 0
+  layer_name          = "matplotlib-layer"
+  description         = "matplotlib-layer for python 3.12"
+  s3_bucket           = aws_s3_bucket.MoJ-Release-Management[0].id
+  filename            = "/lambda_layers/matplotlib-layer.zip"
+  compatible_runtimes = ["python3.12"]
+}
+*/
diff --git a/terraform/environments/ppud/platform_secrets.tf b/terraform/environments/ppud/platform_secrets.tf
@@ -15,3 +15,10 @@ data "aws_secretsmanager_secret_version" "environment_management" {
   provider  = aws.modernisation-platform
   secret_id = data.aws_secretsmanager_secret.environment_management.id
 }
+
+# Klayers Account ID - used by lambda layer ARNs - https://github.com/keithrozario/Klayers?tab=readme-ov-file
+data "aws_ssm_parameter" "klayers_account_dev" {
+  count           = local.is-development == true ? 1 : 0
+  name            = "klayers-account"
+  with_decryption = true
+}
diff --git a/terraform/environments/ppud/s3.tf b/terraform/environments/ppud/s3.tf
@@ -359,7 +359,8 @@ resource "aws_s3_bucket_policy" "MoJ-Release-Management" {
         "Principal" : {
           "AWS" : [
             "arn:aws:iam::${local.environment_management.account_ids["ppud-development"]}:role/ec2-iam-role",
-            "arn:aws:iam::${local.environment_management.account_ids["ppud-preproduction"]}:role/ec2-iam-role"
+            "arn:aws:iam::${local.environment_management.account_ids["ppud-preproduction"]}:role/ec2-iam-role",
+            "arn:aws:iam::${local.environment_management.account_ids["ppud-development"]}:role/lambda_role_cloudwatch_get_metric_data_dev"
           ]
         }
       }