From f72b92b638ddb8d24a7c045f8fbc2edba5f5ca1d Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Wed, 17 Jan 2024 11:42:19 +0000 Subject: [PATCH 01/27] added module to execute jml --- .../environments/data-platform/lambda.tf | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/terraform/environments/data-platform/lambda.tf b/terraform/environments/data-platform/lambda.tf index 990358c00c7..659908b0c0d 100644 --- a/terraform/environments/data-platform/lambda.tf +++ b/terraform/environments/data-platform/lambda.tf @@ -490,3 +490,31 @@ module "delete_data_product_lambda" { } } } + +module "data_product_jml_lambda_execution" { + source = "github.com/ministryofjustice/modernisation-platform-terraform-lambda-function?ref=a4392c1" # ref for V2.1 + application_name = "automate_generating_sending_JML_extracts" + tags = local.tags + description = "Automate generating and sending JML extracts monthly" + role_name = "jml_lambda_execution_role_${local.environment}" + policy_json = data.aws_iam_policy_document.iam_policy_document_for_jml_lambda_execution.json + policy_json_attached = true + function_name = "jml-extract-lambda_${local.environment}" + create_role = true + reserved_concurrent_executions = 1 + + image_uri = "374269020027.dkr.ecr.eu-west-2.amazonaws.com/jml-extract-lambda-lambda-ecr-repo:${local.delete_data_product_version}" + timeout = 600 + tracing_mode = "Active" + memory_size = 128 + + environment_variables = merge(local.logger_environment_vars, local.storage_environment_vars) + allowed_triggers = { + + AllowExecutionFromAPIGateway = { + action = "lambda:InvokeFunction" + principal = "apigateway.amazonaws.com" + source_arn = "arn:aws:execute-api:${local.region}:${local.account_id}:${aws_api_gateway_rest_api.data_platform.id}/*/${aws_api_gateway_method.delete_data_product.http_method}${aws_api_gateway_resource.data_product_name.path}" + } + } +} \ No newline at end of file From 14791f89cf55b1ee61c89deae0ff77a5f4d75932 Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Wed, 17 Jan 2024 13:52:32 +0000 Subject: [PATCH 02/27] added the iam policy document for lambda --- terraform/environments/data-platform/iam.tf | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/terraform/environments/data-platform/iam.tf b/terraform/environments/data-platform/iam.tf index 4bf6f4c28aa..fb4ba67420c 100644 --- a/terraform/environments/data-platform/iam.tf +++ b/terraform/environments/data-platform/iam.tf @@ -733,3 +733,20 @@ data "aws_iam_policy_document" "iam_policy_document_for_delete_data_product_lamb ] } } + +data "aws_iam_policy_document" "iam_policy_document_for_jml_lambda_execution" { + statement { + sid = "AllowLambdaExecution" + effect = "Allow" + actions = [ + "cloudwatch:GenerateQuery", + "logs:DescribeLogStreams", + "logs:DescribeLogGroups", + "logs:GetLogEvents", + "secretsmanager:GetSecretValue", + "secretsmanager:DescribeSecret", + "secretsmanager:ListSecrets" + ] + resources = "arn:aws:logs::${local.environment_management.account_ids["data-platform-apps-and-tools-production"]}:log-group:/aws/events/auth0/*" + } +} From f711f9dcba2f6620d8bfd999ed6db1501fd1d9b0 Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Wed, 17 Jan 2024 13:58:46 +0000 Subject: [PATCH 03/27] fix the resources --- terraform/environments/data-platform/iam.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform/iam.tf b/terraform/environments/data-platform/iam.tf index fb4ba67420c..84882982032 100644 --- a/terraform/environments/data-platform/iam.tf +++ b/terraform/environments/data-platform/iam.tf @@ -747,6 +747,6 @@ data "aws_iam_policy_document" "iam_policy_document_for_jml_lambda_execution" { "secretsmanager:DescribeSecret", "secretsmanager:ListSecrets" ] - resources = "arn:aws:logs::${local.environment_management.account_ids["data-platform-apps-and-tools-production"]}:log-group:/aws/events/auth0/*" + resources = "arn:aws:logs:eu-west-2:096705367497:log-group:/aws/events/auth0/*" } } From 0eea7ae7a5b2e97d00da85ecd0376c8684dc7f49 Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Wed, 17 Jan 2024 14:04:58 +0000 Subject: [PATCH 04/27] fix the resources with variable --- terraform/environments/data-platform/iam.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform/iam.tf b/terraform/environments/data-platform/iam.tf index 84882982032..703e8eb1f54 100644 --- a/terraform/environments/data-platform/iam.tf +++ b/terraform/environments/data-platform/iam.tf @@ -747,6 +747,6 @@ data "aws_iam_policy_document" "iam_policy_document_for_jml_lambda_execution" { "secretsmanager:DescribeSecret", "secretsmanager:ListSecrets" ] - resources = "arn:aws:logs:eu-west-2:096705367497:log-group:/aws/events/auth0/*" + resources = "arn:aws:logs:${local.region}:${local.account_id}:log-group:/aws/events/auth0/*" } } From ec89d02352e382a94c24dd4dd63ed3539cc0c57f Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Wed, 17 Jan 2024 14:20:17 +0000 Subject: [PATCH 05/27] fix the error --- terraform/environments/data-platform/iam.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform/iam.tf b/terraform/environments/data-platform/iam.tf index 703e8eb1f54..430ae132e1f 100644 --- a/terraform/environments/data-platform/iam.tf +++ b/terraform/environments/data-platform/iam.tf @@ -747,6 +747,6 @@ data "aws_iam_policy_document" "iam_policy_document_for_jml_lambda_execution" { "secretsmanager:DescribeSecret", "secretsmanager:ListSecrets" ] - resources = "arn:aws:logs:${local.region}:${local.account_id}:log-group:/aws/events/auth0/*" + resources = ["arn:aws:logs:${local.region}:${local.account_id}:log-group:/aws/events/auth0/*"] } } From 96746f6ccf30e87ba5688eba5a5c32e753493a1b Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Wed, 17 Jan 2024 17:56:06 +0000 Subject: [PATCH 06/27] WIP Signed-off-by: Jacob Woffenden --- .../data-platform-apps-and-tools/data.tf | 14 ++++- .../jml_lambda_execution_roles.tf | 54 ----------------- .../lambda-functions.tf | 58 +++++++++++++++++++ 3 files changed, 71 insertions(+), 55 deletions(-) delete mode 100644 terraform/environments/data-platform-apps-and-tools/jml_lambda_execution_roles.tf create mode 100644 terraform/environments/data-platform-apps-and-tools/lambda-functions.tf diff --git a/terraform/environments/data-platform-apps-and-tools/data.tf b/terraform/environments/data-platform-apps-and-tools/data.tf index 2e0925f12c8..665bc55948e 100644 --- a/terraform/environments/data-platform-apps-and-tools/data.tf +++ b/terraform/environments/data-platform-apps-and-tools/data.tf @@ -81,4 +81,16 @@ data "aws_secretsmanager_secret_version" "openmetadata_entra_id_client_id" { data "aws_secretsmanager_secret_version" "openmetadata_entra_id_tenant_id" { secret_id = "openmetadata/entra-id/tenant-id" -} \ No newline at end of file +} + +################################################## +# Data Platform Apps and Tools JML +################################################## + +data "aws_secretsmanager_secret_version" "govuk_notify_api_key" { + secret_id = aws_secretsmanager_secret.govuk_notify_api_key.id +} + +data "aws_secretsmanager_secret_version" "email_secret" { + secret_id = aws_secretsmanager_secret.email_secret.id +} diff --git a/terraform/environments/data-platform-apps-and-tools/jml_lambda_execution_roles.tf b/terraform/environments/data-platform-apps-and-tools/jml_lambda_execution_roles.tf deleted file mode 100644 index c9642059e7b..00000000000 --- a/terraform/environments/data-platform-apps-and-tools/jml_lambda_execution_roles.tf +++ /dev/null @@ -1,54 +0,0 @@ -# IAM role with a trust policy that allows the Lambda service to assume this role. -resource "aws_iam_role" "lambda_execution_role" { - name = "lambda_execution_role" - - assume_role_policy = jsonencode({ - Version = "2012-10-17", - Statement = [ - { - Action = "sts:AssumeRole", - Effect = "Allow", - Principal = { - Service = "lambda.amazonaws.com" - } - } - ] - }) -} -#Creates a Lambda function named using the IAM role created earlier. -resource "aws_lambda_function" "jml_lambda_execution_function" { - function_name = "jml_lambda_execution_function" - handler = "handler" - runtime = "python3.11" - filename = "src/var/task" - role = aws_iam_role.lambda_execution_role.arn -} -# Defines an IAM policy named that grants various permissions to interact with CloudWatch Logs. -resource "aws_iam_policy" "cloudwatch_logs_policy" { - name = "CloudWatchLogsPolicy" - description = "Policy to access CloudWatch Logs" - - policy = jsonencode({ - Version = "2012-10-17", - Statement = [ - { - Action = [ - "cloudwatch:GenerateQuery", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:GetLogEvents", - "secretsmanager:GetSecretValue", - "secretsmanager:DescribeSecret", - "secretsmanager:ListSecrets" - ], - Effect = "Allow", - Resource = "arn:aws:logs::${local.environment_management.account_ids["data-platform-apps-and-tools-production"]}:log-group:/aws/events/auth0/*", - } - ] - }) -} -# Attaches the CloudWatch Logs policy to the IAM role created for the Lambda function. -resource "aws_iam_role_policy_attachment" "cloudwatch_logs_policy_attachment" { - policy_arn = aws_iam_policy.cloudwatch_logs_policy.arn - role = aws_iam_role.lambda_execution_role.name -} diff --git a/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf new file mode 100644 index 00000000000..0bfefd9f534 --- /dev/null +++ b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf @@ -0,0 +1,58 @@ +module "jml_extract" { + #checkov:skip=CKV_TF_1:Module is from Terraform registry + + source = "terraform-aws-modules/lambda/aws" + version = "~> 6.0" + + publish = true + create_package = false + + function_name = "data_platform_jml_extract" + description = "Generates a JML report and sends it to JMLv4" + package_type = "Image" + image_uri = "374269020027.dkr.ecr.eu-west-2.amazonaws.com/data-platform-jml-extract-lambda-ecr-repo:1.0.1" + + environment_variables = { + SECRET_ID = data.aws_secretsmanager_secret_version.govuk_notify_api_key.secret_string + LOG_GROUP_NAMES = "CHANGEME" + EMAIL_SECRET = data.aws_secretsmanager_secret_version.email_secret.secret_string + TEMPLATE_ID = "CHANGEME" + } + + attach_policy_statements = true + policy_statements = { + "cloudwatch" = { + sid = "CloudWatch" + effect = "Allow" + actions = [ + "cloudwatch:GenerateQuery", + "logs:DescribeLogStreams", + "logs:DescribeLogGroups", + "logs:GetLogEvents" + ] + resources = [ + replacemewithauth0arn + ] + } + "secretsmanager" = { + sid = "SecretsManager" + effect = "Allow" + actions = [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:ListSecrets" + ] + resources = [ + aws_secretsmanager_secret.govuk_notify_api_key.arn, + aws_secretsmanager_secret.email_secret.arn + ] + } + } + + allowed_triggers = { + "eventbridge" = { + principal = "events.amazonaws.com" + source_arn = aws_cloudwatch_event_rule.grafana_api_key_rotator.arn + } + } +} From 92c8e0d442e219a8d593b6b2bb4673102bb11de5 Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Thu, 18 Jan 2024 15:35:31 +0000 Subject: [PATCH 07/27] added events --- .../data-platform-apps-and-tools/jml-event-rules.tf | 4 ++++ .../data-platform-apps-and-tools/jml-event-targets.tf | 5 +++++ terraform/environments/data-platform/lambda.tf | 9 ++++----- 3 files changed, 13 insertions(+), 5 deletions(-) create mode 100644 terraform/environments/data-platform-apps-and-tools/jml-event-rules.tf create mode 100644 terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf diff --git a/terraform/environments/data-platform-apps-and-tools/jml-event-rules.tf b/terraform/environments/data-platform-apps-and-tools/jml-event-rules.tf new file mode 100644 index 00000000000..664d3e8cf84 --- /dev/null +++ b/terraform/environments/data-platform-apps-and-tools/jml-event-rules.tf @@ -0,0 +1,4 @@ +resource "aws_cloudwatch_event_rule" "jml_lambda_trigger" { + name = "jml-lambda-trigger-rules" + schedule_expression = "cron(0 2 1 * ? *)" +} \ No newline at end of file diff --git a/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf b/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf new file mode 100644 index 00000000000..2c92de4f5d7 --- /dev/null +++ b/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf @@ -0,0 +1,5 @@ +resource "aws_cloudwatch_event_target" "jml_lambda_trigger" { + rule = aws_cloudwatch_event_rule.jml_lambda_trigger.name + target_id = "jml-lambda-trigger" + arn = module.data_product_jml_lambda_execution.lambda_function_arn +} \ No newline at end of file diff --git a/terraform/environments/data-platform/lambda.tf b/terraform/environments/data-platform/lambda.tf index 659908b0c0d..0a1a519bff8 100644 --- a/terraform/environments/data-platform/lambda.tf +++ b/terraform/environments/data-platform/lambda.tf @@ -503,7 +503,7 @@ module "data_product_jml_lambda_execution" { create_role = true reserved_concurrent_executions = 1 - image_uri = "374269020027.dkr.ecr.eu-west-2.amazonaws.com/jml-extract-lambda-lambda-ecr-repo:${local.delete_data_product_version}" + image_uri = "374269020027.dkr.ecr.eu-west-2.amazonaws.com/data-platform-jml-extract-lambda:1.0.0" timeout = 600 tracing_mode = "Active" memory_size = 128 @@ -511,10 +511,9 @@ module "data_product_jml_lambda_execution" { environment_variables = merge(local.logger_environment_vars, local.storage_environment_vars) allowed_triggers = { - AllowExecutionFromAPIGateway = { - action = "lambda:InvokeFunction" - principal = "apigateway.amazonaws.com" - source_arn = "arn:aws:execute-api:${local.region}:${local.account_id}:${aws_api_gateway_rest_api.data_platform.id}/*/${aws_api_gateway_method.delete_data_product.http_method}${aws_api_gateway_resource.data_product_name.path}" + "eventbridge" = { + principal = "events.amazonaws.com" + source_arn = aws_cloudwatch_event_rule.jml_lambda_trigger.arn } } } \ No newline at end of file From e7befc5d68e4a7eb34d085087a69d970661471d4 Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Thu, 18 Jan 2024 16:27:44 +0000 Subject: [PATCH 08/27] sorted arn --- terraform/environments/data-platform/lambda.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform/lambda.tf b/terraform/environments/data-platform/lambda.tf index 0a1a519bff8..516f3fd98fd 100644 --- a/terraform/environments/data-platform/lambda.tf +++ b/terraform/environments/data-platform/lambda.tf @@ -513,7 +513,7 @@ module "data_product_jml_lambda_execution" { "eventbridge" = { principal = "events.amazonaws.com" - source_arn = aws_cloudwatch_event_rule.jml_lambda_trigger.arn + source_arn = data-platform-apps-and-tools.jml-event-rules.aws_cloudwatch_event_rule.jml_lambda_trigger.arn } } } \ No newline at end of file From 6e1b873ea3e6377a1366098d348f5ba5cbe97379 Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Fri, 19 Jan 2024 05:40:16 +0000 Subject: [PATCH 09/27] event trigger sorted --- .../data-platform-apps-and-tools/jml-event-targets.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf b/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf index 2c92de4f5d7..28a8728162d 100644 --- a/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf +++ b/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf @@ -1,5 +1,5 @@ resource "aws_cloudwatch_event_target" "jml_lambda_trigger" { rule = aws_cloudwatch_event_rule.jml_lambda_trigger.name target_id = "jml-lambda-trigger" - arn = module.data_product_jml_lambda_execution.lambda_function_arn + arn = module.data_platform_jml_extract.lambda_function_arn } \ No newline at end of file From d2a379ff3f8a3a4cd2c5916a7e97a1c8a344d9a1 Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Fri, 19 Jan 2024 05:51:51 +0000 Subject: [PATCH 10/27] delete unnecessery lambda and IAM --- terraform/environments/data-platform/iam.tf | 19 +------------ .../environments/data-platform/lambda.tf | 27 ------------------- 2 files changed, 1 insertion(+), 45 deletions(-) diff --git a/terraform/environments/data-platform/iam.tf b/terraform/environments/data-platform/iam.tf index 430ae132e1f..4493dc05141 100644 --- a/terraform/environments/data-platform/iam.tf +++ b/terraform/environments/data-platform/iam.tf @@ -732,21 +732,4 @@ data "aws_iam_policy_document" "iam_policy_document_for_delete_data_product_lamb "*" ] } -} - -data "aws_iam_policy_document" "iam_policy_document_for_jml_lambda_execution" { - statement { - sid = "AllowLambdaExecution" - effect = "Allow" - actions = [ - "cloudwatch:GenerateQuery", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:GetLogEvents", - "secretsmanager:GetSecretValue", - "secretsmanager:DescribeSecret", - "secretsmanager:ListSecrets" - ] - resources = ["arn:aws:logs:${local.region}:${local.account_id}:log-group:/aws/events/auth0/*"] - } -} +} \ No newline at end of file diff --git a/terraform/environments/data-platform/lambda.tf b/terraform/environments/data-platform/lambda.tf index 516f3fd98fd..20bcce8a0ca 100644 --- a/terraform/environments/data-platform/lambda.tf +++ b/terraform/environments/data-platform/lambda.tf @@ -489,31 +489,4 @@ module "delete_data_product_lambda" { source_arn = "arn:aws:execute-api:${local.region}:${local.account_id}:${aws_api_gateway_rest_api.data_platform.id}/*/${aws_api_gateway_method.delete_data_product.http_method}${aws_api_gateway_resource.data_product_name.path}" } } -} - -module "data_product_jml_lambda_execution" { - source = "github.com/ministryofjustice/modernisation-platform-terraform-lambda-function?ref=a4392c1" # ref for V2.1 - application_name = "automate_generating_sending_JML_extracts" - tags = local.tags - description = "Automate generating and sending JML extracts monthly" - role_name = "jml_lambda_execution_role_${local.environment}" - policy_json = data.aws_iam_policy_document.iam_policy_document_for_jml_lambda_execution.json - policy_json_attached = true - function_name = "jml-extract-lambda_${local.environment}" - create_role = true - reserved_concurrent_executions = 1 - - image_uri = "374269020027.dkr.ecr.eu-west-2.amazonaws.com/data-platform-jml-extract-lambda:1.0.0" - timeout = 600 - tracing_mode = "Active" - memory_size = 128 - - environment_variables = merge(local.logger_environment_vars, local.storage_environment_vars) - allowed_triggers = { - - "eventbridge" = { - principal = "events.amazonaws.com" - source_arn = data-platform-apps-and-tools.jml-event-rules.aws_cloudwatch_event_rule.jml_lambda_trigger.arn - } - } } \ No newline at end of file From a6452387f4b055d53e9bcb878437826fae1b0f20 Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Fri, 19 Jan 2024 05:58:23 +0000 Subject: [PATCH 11/27] jml_lambda_trigger fixed --- .../data-platform-apps-and-tools/jml-event-targets.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf b/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf index 28a8728162d..2dd233b0705 100644 --- a/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf +++ b/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf @@ -1,5 +1,5 @@ resource "aws_cloudwatch_event_target" "jml_lambda_trigger" { rule = aws_cloudwatch_event_rule.jml_lambda_trigger.name target_id = "jml-lambda-trigger" - arn = module.data_platform_jml_extract.lambda_function_arn + arn = module.jml_extract.data_platform_jml_extract.lambda_function_arn } \ No newline at end of file From b969214af941dbdf6b02bfa3e16b9af9f74f56f6 Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Fri, 19 Jan 2024 06:05:30 +0000 Subject: [PATCH 12/27] image added as arn --- .../data-platform-apps-and-tools/jml-event-targets.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf b/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf index 2dd233b0705..5eba979e0bf 100644 --- a/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf +++ b/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf @@ -1,5 +1,5 @@ resource "aws_cloudwatch_event_target" "jml_lambda_trigger" { rule = aws_cloudwatch_event_rule.jml_lambda_trigger.name target_id = "jml-lambda-trigger" - arn = module.jml_extract.data_platform_jml_extract.lambda_function_arn + arn = "374269020027.dkr.ecr.eu-west-2.amazonaws.com/data-platform-jml-extract-lambda-ecr-repo:1.0.1" } \ No newline at end of file From 5125794956abff6bc19161273e8b85057ee62aed Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Fri, 19 Jan 2024 06:19:00 +0000 Subject: [PATCH 13/27] trigger sorted --- .../data-platform-apps-and-tools/jml-event-targets.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf b/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf index 5eba979e0bf..fc2ac9cb031 100644 --- a/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf +++ b/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf @@ -1,5 +1,5 @@ resource "aws_cloudwatch_event_target" "jml_lambda_trigger" { rule = aws_cloudwatch_event_rule.jml_lambda_trigger.name target_id = "jml-lambda-trigger" - arn = "374269020027.dkr.ecr.eu-west-2.amazonaws.com/data-platform-jml-extract-lambda-ecr-repo:1.0.1" + arn = module.lambda_function_from_container_image.lambda_function_arn } \ No newline at end of file From 3b98ceab3be7b7c5c043b1457fb557896e9dfe4e Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Fri, 19 Jan 2024 06:25:47 +0000 Subject: [PATCH 14/27] change with module name --- .../data-platform-apps-and-tools/jml-event-targets.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf b/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf index fc2ac9cb031..d1dacba2d7f 100644 --- a/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf +++ b/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf @@ -1,5 +1,5 @@ resource "aws_cloudwatch_event_target" "jml_lambda_trigger" { rule = aws_cloudwatch_event_rule.jml_lambda_trigger.name target_id = "jml-lambda-trigger" - arn = module.lambda_function_from_container_image.lambda_function_arn + arn = module.jml_extract.lambda_function_arn } \ No newline at end of file From 422f144da2376e4e990301e3e677da12f29d512d Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Fri, 19 Jan 2024 06:32:36 +0000 Subject: [PATCH 15/27] fix the event bridge arn --- .../data-platform-apps-and-tools/lambda-functions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf index 0bfefd9f534..0df77e23c18 100644 --- a/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf +++ b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf @@ -52,7 +52,7 @@ module "jml_extract" { allowed_triggers = { "eventbridge" = { principal = "events.amazonaws.com" - source_arn = aws_cloudwatch_event_rule.grafana_api_key_rotator.arn + source_arn = aws_cloudwatch_event_rule.jml_lambda_trigger.arn } } } From 48a057233476a1d5ef4b9cf3fcab33d1a1c7168b Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Fri, 19 Jan 2024 06:50:20 +0000 Subject: [PATCH 16/27] arn added for auth0, govuk,email --- .../data-platform-apps-and-tools/lambda-functions.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf index 0df77e23c18..c1c877f03ef 100644 --- a/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf +++ b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf @@ -31,7 +31,7 @@ module "jml_extract" { "logs:GetLogEvents" ] resources = [ - replacemewithauth0arn + "arn:aws:logs:eu-west-2:096705367497:log-group:/aws/events/auth0/*" ] } "secretsmanager" = { @@ -43,8 +43,8 @@ module "jml_extract" { "secretsmanager:ListSecrets" ] resources = [ - aws_secretsmanager_secret.govuk_notify_api_key.arn, - aws_secretsmanager_secret.email_secret.arn + arn:aws:secretsmanager:eu-west-2:096705367497:secret:gov-uk-notify/production/api-key-WSSdUR, + arn:aws:secretsmanager:eu-west-2:096705367497:secret:jml/email-uQGTzR ] } } From aa050b99d499fe7bd850a37d9f72f6bb13710962 Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Fri, 19 Jan 2024 07:17:50 +0000 Subject: [PATCH 17/27] arn typo fix --- .../data-platform-apps-and-tools/lambda-functions.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf index c1c877f03ef..4206491af9d 100644 --- a/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf +++ b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf @@ -43,8 +43,8 @@ module "jml_extract" { "secretsmanager:ListSecrets" ] resources = [ - arn:aws:secretsmanager:eu-west-2:096705367497:secret:gov-uk-notify/production/api-key-WSSdUR, - arn:aws:secretsmanager:eu-west-2:096705367497:secret:jml/email-uQGTzR + "arn:aws:secretsmanager:eu-west-2:096705367497:secret:gov-uk-notify/production/api-key-WSSdUR", + "arn:aws:secretsmanager:eu-west-2:096705367497:secret:jml/email-uQGTzR" ] } } From aacdcf006d511e7f02be809cdd1832ace63fb3c8 Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Fri, 19 Jan 2024 07:28:07 +0000 Subject: [PATCH 18/27] count argument set to gouk_notify --- terraform/environments/data-platform-apps-and-tools/data.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/data.tf b/terraform/environments/data-platform-apps-and-tools/data.tf index 665bc55948e..b549163baf6 100644 --- a/terraform/environments/data-platform-apps-and-tools/data.tf +++ b/terraform/environments/data-platform-apps-and-tools/data.tf @@ -88,7 +88,7 @@ data "aws_secretsmanager_secret_version" "openmetadata_entra_id_tenant_id" { ################################################## data "aws_secretsmanager_secret_version" "govuk_notify_api_key" { - secret_id = aws_secretsmanager_secret.govuk_notify_api_key.id + secret_id = aws_secretsmanager_secret.govuk_notify_api_key[0].id } data "aws_secretsmanager_secret_version" "email_secret" { From a807f59546bdcc5d4e07a46b9dd8cc75399a8999 Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Fri, 19 Jan 2024 09:55:08 +0000 Subject: [PATCH 19/27] secret key added through the console --- .../data-platform-apps-and-tools/lambda-functions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf index 4206491af9d..07b8d361a63 100644 --- a/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf +++ b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf @@ -44,7 +44,7 @@ module "jml_extract" { ] resources = [ "arn:aws:secretsmanager:eu-west-2:096705367497:secret:gov-uk-notify/production/api-key-WSSdUR", - "arn:aws:secretsmanager:eu-west-2:096705367497:secret:jml/email-uQGTzR" + "arn:aws:secretsmanager:eu-west-2:096705367497:secret:jml/email-uQGTzR" #api-key value manually added ] } } From 8097e96ddbd00607a3cb9a64a0dde6d73d8e34d4 Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Fri, 19 Jan 2024 10:00:07 +0000 Subject: [PATCH 20/27] data file fix --- terraform/environments/data-platform-apps-and-tools/data.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/data.tf b/terraform/environments/data-platform-apps-and-tools/data.tf index b549163baf6..665bc55948e 100644 --- a/terraform/environments/data-platform-apps-and-tools/data.tf +++ b/terraform/environments/data-platform-apps-and-tools/data.tf @@ -88,7 +88,7 @@ data "aws_secretsmanager_secret_version" "openmetadata_entra_id_tenant_id" { ################################################## data "aws_secretsmanager_secret_version" "govuk_notify_api_key" { - secret_id = aws_secretsmanager_secret.govuk_notify_api_key[0].id + secret_id = aws_secretsmanager_secret.govuk_notify_api_key.id } data "aws_secretsmanager_secret_version" "email_secret" { From 312515f83b17a79e1a6a5453faaae92b29c39cb4 Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Fri, 19 Jan 2024 14:48:54 +0000 Subject: [PATCH 21/27] added count index --- terraform/environments/data-platform-apps-and-tools/data.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/data.tf b/terraform/environments/data-platform-apps-and-tools/data.tf index 665bc55948e..14d386fa254 100644 --- a/terraform/environments/data-platform-apps-and-tools/data.tf +++ b/terraform/environments/data-platform-apps-and-tools/data.tf @@ -88,7 +88,7 @@ data "aws_secretsmanager_secret_version" "openmetadata_entra_id_tenant_id" { ################################################## data "aws_secretsmanager_secret_version" "govuk_notify_api_key" { - secret_id = aws_secretsmanager_secret.govuk_notify_api_key.id + secret_id = aws_secretsmanager_secret.govuk_notify_api_key[count.index].id } data "aws_secretsmanager_secret_version" "email_secret" { From 8382ee42be95159792531ece1fd91ee016cf21b9 Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Fri, 19 Jan 2024 14:54:09 +0000 Subject: [PATCH 22/27] add index 1 --- terraform/environments/data-platform-apps-and-tools/data.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/data.tf b/terraform/environments/data-platform-apps-and-tools/data.tf index 14d386fa254..ee2f1d02e52 100644 --- a/terraform/environments/data-platform-apps-and-tools/data.tf +++ b/terraform/environments/data-platform-apps-and-tools/data.tf @@ -88,7 +88,7 @@ data "aws_secretsmanager_secret_version" "openmetadata_entra_id_tenant_id" { ################################################## data "aws_secretsmanager_secret_version" "govuk_notify_api_key" { - secret_id = aws_secretsmanager_secret.govuk_notify_api_key[count.index].id + secret_id = aws_secretsmanager_secret.govuk_notify_api_key[1].id } data "aws_secretsmanager_secret_version" "email_secret" { From f17673c907ad24532d6cab49ad7a4eab96479f5f Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Fri, 19 Jan 2024 15:48:37 +0000 Subject: [PATCH 23/27] update lambda and all variables --- .../cloudwatch-event-rules.tf | 6 ++++++ .../cloudwatch-event-targets.tf | 7 +++++++ .../data-platform-apps-and-tools/data.tf | 10 +++++++--- .../jml-event-rules.tf | 4 ---- .../jml-event-targets.tf | 5 ----- .../lambda-functions.tf | 19 ++++++++++--------- .../modules/auth0-log-streams/outputs.tf | 7 +++++++ .../data-platform-apps-and-tools/secrets.tf | 4 +++- 8 files changed, 40 insertions(+), 22 deletions(-) create mode 100644 terraform/environments/data-platform-apps-and-tools/cloudwatch-event-rules.tf create mode 100644 terraform/environments/data-platform-apps-and-tools/cloudwatch-event-targets.tf delete mode 100644 terraform/environments/data-platform-apps-and-tools/jml-event-rules.tf delete mode 100644 terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf create mode 100644 terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/outputs.tf diff --git a/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-rules.tf b/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-rules.tf new file mode 100644 index 00000000000..66d90631939 --- /dev/null +++ b/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-rules.tf @@ -0,0 +1,6 @@ +resource "aws_cloudwatch_event_rule" "jml_lambda_trigger" { + count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0 + + name = "jml-lambda-trigger" + schedule_expression = "cron(0 2 1 * ? *)" +} \ No newline at end of file diff --git a/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-targets.tf b/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-targets.tf new file mode 100644 index 00000000000..d0eee8a51bd --- /dev/null +++ b/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-targets.tf @@ -0,0 +1,7 @@ +resource "aws_cloudwatch_event_target" "jml_lambda_trigger" { + count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0 + + rule = aws_cloudwatch_event_rule.jml_lambda_trigger[0].name + target_id = "jml-lambda-trigger" + arn = module.jml_extract_lambda[0].lambda_function_arn +} \ No newline at end of file diff --git a/terraform/environments/data-platform-apps-and-tools/data.tf b/terraform/environments/data-platform-apps-and-tools/data.tf index ee2f1d02e52..ac3e45e1363 100644 --- a/terraform/environments/data-platform-apps-and-tools/data.tf +++ b/terraform/environments/data-platform-apps-and-tools/data.tf @@ -88,9 +88,13 @@ data "aws_secretsmanager_secret_version" "openmetadata_entra_id_tenant_id" { ################################################## data "aws_secretsmanager_secret_version" "govuk_notify_api_key" { - secret_id = aws_secretsmanager_secret.govuk_notify_api_key[1].id + count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0 + + secret_id = aws_secretsmanager_secret.govuk_notify_api_key[0].id } -data "aws_secretsmanager_secret_version" "email_secret" { - secret_id = aws_secretsmanager_secret.email_secret.id +data "aws_secretsmanager_secret_version" "jml_email" { + count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0 + + secret_id = aws_secretsmanager_secret.jml_email[0].id } diff --git a/terraform/environments/data-platform-apps-and-tools/jml-event-rules.tf b/terraform/environments/data-platform-apps-and-tools/jml-event-rules.tf deleted file mode 100644 index 664d3e8cf84..00000000000 --- a/terraform/environments/data-platform-apps-and-tools/jml-event-rules.tf +++ /dev/null @@ -1,4 +0,0 @@ -resource "aws_cloudwatch_event_rule" "jml_lambda_trigger" { - name = "jml-lambda-trigger-rules" - schedule_expression = "cron(0 2 1 * ? *)" -} \ No newline at end of file diff --git a/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf b/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf deleted file mode 100644 index d1dacba2d7f..00000000000 --- a/terraform/environments/data-platform-apps-and-tools/jml-event-targets.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "aws_cloudwatch_event_target" "jml_lambda_trigger" { - rule = aws_cloudwatch_event_rule.jml_lambda_trigger.name - target_id = "jml-lambda-trigger" - arn = module.jml_extract.lambda_function_arn -} \ No newline at end of file diff --git a/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf index 07b8d361a63..1fedc878dc7 100644 --- a/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf +++ b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf @@ -1,5 +1,6 @@ -module "jml_extract" { +module "jml_extract_lambda" { #checkov:skip=CKV_TF_1:Module is from Terraform registry + count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0 source = "terraform-aws-modules/lambda/aws" version = "~> 6.0" @@ -13,10 +14,10 @@ module "jml_extract" { image_uri = "374269020027.dkr.ecr.eu-west-2.amazonaws.com/data-platform-jml-extract-lambda-ecr-repo:1.0.1" environment_variables = { - SECRET_ID = data.aws_secretsmanager_secret_version.govuk_notify_api_key.secret_string - LOG_GROUP_NAMES = "CHANGEME" - EMAIL_SECRET = data.aws_secretsmanager_secret_version.email_secret.secret_string - TEMPLATE_ID = "CHANGEME" + SECRET_ID = data.aws_secretsmanager_secret_version.govuk_notify_api_key[0].secret_string + LOG_GROUP_NAMES = module.auth0_log_streams.cloudwatch_log_group_name + EMAIL_SECRET = data.aws_secretsmanager_secret_version.jml_email[0].secret_string + TEMPLATE_ID = "de618989-db86-4d9a-aa55-4724d5485fa5" } attach_policy_statements = true @@ -31,7 +32,7 @@ module "jml_extract" { "logs:GetLogEvents" ] resources = [ - "arn:aws:logs:eu-west-2:096705367497:log-group:/aws/events/auth0/*" + "${module.auth0_log_streams.cloudwatch_log_group_arn}/*" ] } "secretsmanager" = { @@ -43,8 +44,8 @@ module "jml_extract" { "secretsmanager:ListSecrets" ] resources = [ - "arn:aws:secretsmanager:eu-west-2:096705367497:secret:gov-uk-notify/production/api-key-WSSdUR", - "arn:aws:secretsmanager:eu-west-2:096705367497:secret:jml/email-uQGTzR" #api-key value manually added + aws_secretsmanager_secret.govuk_notify_api_key[0].arn, + aws_secretsmanager_secret.jml_email[0].arn ] } } @@ -52,7 +53,7 @@ module "jml_extract" { allowed_triggers = { "eventbridge" = { principal = "events.amazonaws.com" - source_arn = aws_cloudwatch_event_rule.jml_lambda_trigger.arn + source_arn = aws_cloudwatch_event_rule.jml_lambda_trigger[0].arn } } } diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/outputs.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/outputs.tf new file mode 100644 index 00000000000..1ccfb8b03e1 --- /dev/null +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/outputs.tf @@ -0,0 +1,7 @@ +output "cloudwatch_log_group_arn" { + value = aws_cloudwatch_log_group.this.arn +} + +output "cloudwatch_log_group_name" { + value = local.cloudwatch_log_group_name +} diff --git a/terraform/environments/data-platform-apps-and-tools/secrets.tf b/terraform/environments/data-platform-apps-and-tools/secrets.tf index d5516cbb6bc..6b85dcdadb2 100644 --- a/terraform/environments/data-platform-apps-and-tools/secrets.tf +++ b/terraform/environments/data-platform-apps-and-tools/secrets.tf @@ -42,6 +42,8 @@ resource "aws_secretsmanager_secret" "govuk_notify_api_key" { } # Email secret for Lambda function -resource "aws_secretsmanager_secret" "email_secret" { +resource "aws_secretsmanager_secret" "jml_email" { + count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0 + name = "jml/email" } From b713c1990c882af1dfafed381efd2e0145079e40 Mon Sep 17 00:00:00 2001 From: murad-ali-MoJ Date: Fri, 19 Jan 2024 16:20:49 +0000 Subject: [PATCH 24/27] fix the string issue --- .../data-platform-apps-and-tools/lambda-functions.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf index 1fedc878dc7..41590d1529e 100644 --- a/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf +++ b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf @@ -15,7 +15,7 @@ module "jml_extract_lambda" { environment_variables = { SECRET_ID = data.aws_secretsmanager_secret_version.govuk_notify_api_key[0].secret_string - LOG_GROUP_NAMES = module.auth0_log_streams.cloudwatch_log_group_name + LOG_GROUP_NAMES = "/aws/events/auth0/alpha-analytics-moj" EMAIL_SECRET = data.aws_secretsmanager_secret_version.jml_email[0].secret_string TEMPLATE_ID = "de618989-db86-4d9a-aa55-4724d5485fa5" } @@ -45,7 +45,7 @@ module "jml_extract_lambda" { ] resources = [ aws_secretsmanager_secret.govuk_notify_api_key[0].arn, - aws_secretsmanager_secret.jml_email[0].arn + aws_secretsmanager_secret.jml_email[0].arn ] } } From cb33613fc1a03c24a26adce2054c5e9bb806f32c Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 19 Jan 2024 16:37:43 +0000 Subject: [PATCH 25/27] hotfix for PowerBI AMI Signed-off-by: Jacob Woffenden --- .../data-platform-apps-and-tools/powerbi-gateway-server.tf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/terraform/environments/data-platform-apps-and-tools/powerbi-gateway-server.tf b/terraform/environments/data-platform-apps-and-tools/powerbi-gateway-server.tf index d68597b579a..7de2afa4db5 100644 --- a/terraform/environments/data-platform-apps-and-tools/powerbi-gateway-server.tf +++ b/terraform/environments/data-platform-apps-and-tools/powerbi-gateway-server.tf @@ -15,8 +15,9 @@ module "powerbi_gateway" { source = "terraform-aws-modules/ec2-instance/aws" version = "v5.6.0" - name = local.environment_configuration.powerbi_gateway_ec2.instance_name - ami = data.aws_ami.windows_server_2022.id + name = local.environment_configuration.powerbi_gateway_ec2.instance_name + # ami = data.aws_ami.windows_server_2022.id + ami = "ami-00ffeb610527f540b" # Hardcoded AMI ID for Windows Server 2022 instance_type = local.environment_configuration.powerbi_gateway_ec2.instance_type key_name = aws_key_pair.powerbi_gateway_keypair.key_name monitoring = true From 1ca45bbecd421e69fdf84846cdefc8539d35d4e0 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 19 Jan 2024 16:48:37 +0000 Subject: [PATCH 26/27] Update lambda function configuration Signed-off-by: Jacob Woffenden --- .../data-platform-apps-and-tools/lambda-functions.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf index 41590d1529e..7e4b686027b 100644 --- a/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf +++ b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf @@ -15,7 +15,7 @@ module "jml_extract_lambda" { environment_variables = { SECRET_ID = data.aws_secretsmanager_secret_version.govuk_notify_api_key[0].secret_string - LOG_GROUP_NAMES = "/aws/events/auth0/alpha-analytics-moj" + LOG_GROUP_NAMES = module.auth0_log_streams["alpha-analytics-moj"].cloudwatch_log_group_name EMAIL_SECRET = data.aws_secretsmanager_secret_version.jml_email[0].secret_string TEMPLATE_ID = "de618989-db86-4d9a-aa55-4724d5485fa5" } @@ -32,7 +32,7 @@ module "jml_extract_lambda" { "logs:GetLogEvents" ] resources = [ - "${module.auth0_log_streams.cloudwatch_log_group_arn}/*" + "${module.auth0_log_streams["alpha-analytics-moj"].cloudwatch_log_group_arn}/*" ] } "secretsmanager" = { From 16c81d874e4cc7d81337d9dde9d274f957c1f80b Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 19 Jan 2024 16:50:35 +0000 Subject: [PATCH 27/27] Fix some styling Signed-off-by: Jacob Woffenden --- .../data-platform-apps-and-tools/cloudwatch-event-rules.tf | 2 +- .../data-platform-apps-and-tools/cloudwatch-event-targets.tf | 4 ++-- terraform/environments/data-platform/iam.tf | 2 +- terraform/environments/data-platform/lambda.tf | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-rules.tf b/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-rules.tf index 66d90631939..4c7bd8e8fa1 100644 --- a/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-rules.tf +++ b/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-rules.tf @@ -3,4 +3,4 @@ resource "aws_cloudwatch_event_rule" "jml_lambda_trigger" { name = "jml-lambda-trigger" schedule_expression = "cron(0 2 1 * ? *)" -} \ No newline at end of file +} diff --git a/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-targets.tf b/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-targets.tf index d0eee8a51bd..a7cd1a490a3 100644 --- a/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-targets.tf +++ b/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-targets.tf @@ -1,7 +1,7 @@ resource "aws_cloudwatch_event_target" "jml_lambda_trigger" { count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0 - + rule = aws_cloudwatch_event_rule.jml_lambda_trigger[0].name target_id = "jml-lambda-trigger" arn = module.jml_extract_lambda[0].lambda_function_arn -} \ No newline at end of file +} diff --git a/terraform/environments/data-platform/iam.tf b/terraform/environments/data-platform/iam.tf index 396104d6d21..a489a64b9c7 100644 --- a/terraform/environments/data-platform/iam.tf +++ b/terraform/environments/data-platform/iam.tf @@ -728,4 +728,4 @@ data "aws_iam_policy_document" "iam_policy_document_for_delete_data_product_lamb "*" ] } -} \ No newline at end of file +} diff --git a/terraform/environments/data-platform/lambda.tf b/terraform/environments/data-platform/lambda.tf index 20bcce8a0ca..990358c00c7 100644 --- a/terraform/environments/data-platform/lambda.tf +++ b/terraform/environments/data-platform/lambda.tf @@ -489,4 +489,4 @@ module "delete_data_product_lambda" { source_arn = "arn:aws:execute-api:${local.region}:${local.account_id}:${aws_api_gateway_rest_api.data_platform.id}/*/${aws_api_gateway_method.delete_data_product.http_method}${aws_api_gateway_resource.data_product_name.path}" } } -} \ No newline at end of file +}