diff --git a/terraform/environments/ppud/data.tf b/terraform/environments/ppud/data.tf index e8f961db48f..368affc8c3b 100644 --- a/terraform/environments/ppud/data.tf +++ b/terraform/environments/ppud/data.tf @@ -49,4 +49,16 @@ data "aws_acm_certificate" "WAM_PROD_ALB" { count = local.is-production == true ? 1 : 0 domain = "wam.ppud.justice.gov.uk" statuses = ["ISSUED"] -} \ No newline at end of file +} + +# Klayers Account ID - used by lambda layer ARNs - https://github.com/keithrozario/Klayers?tab=readme-ov-file +data "aws_ssm_parameter" "klayers_account_dev" { + count = local.is-development == true ? 1 : 0 + name = "klayers-account" + with_decryption = true +} + +output "klayers_account_dev" { + value = data.aws_ssm_parameter.klayers_account_dev[0].value + description = "The Klayers AWS account ID" +} diff --git a/terraform/environments/ppud/iam.tf b/terraform/environments/ppud/iam.tf index 5ab6eb99243..f4ae75dcb0b 100644 --- a/terraform/environments/ppud/iam.tf +++ b/terraform/environments/ppud/iam.tf @@ -1183,6 +1183,29 @@ resource "aws_iam_policy" "iam_policy_for_lambda_cloudwatch_get_metric_data_dev" "arn:aws:cloudwatch:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:*" ] }, + { + "Sid" : "S3BucketPolicy", + "Effect" : "Allow", + "Action" : [ + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject" + ], + "Resource" : [ + "arn:aws:s3:::moj-release-management", + "arn:aws:s3:::moj-release-management/*" + ] + }, + { + "Sid" : "SSMPolicy", + "Effect" : "Allow", + "Action" : [ + "ssm:GetParameter" + ], + "Resource" : [ + "arn:aws:ssm:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:parameter/klayers-account" + ] + }, { "Sid" : "LogPolicy", "Effect" : "Allow", diff --git a/terraform/environments/ppud/lambda.tf b/terraform/environments/ppud/lambda.tf index c10322387f0..945d1cf4ea9 100644 --- a/terraform/environments/ppud/lambda.tf +++ b/terraform/environments/ppud/lambda.tf @@ -516,6 +516,9 @@ resource "aws_lambda_function" "terraform_lambda_func_send_cpu_graph_dev" { layers = [ "arn:aws:lambda:eu-west-2:770693421928:layer:Klayers-p312-numpy:8", #Publically available ARN for numpy package "arn:aws:lambda:eu-west-2:770693421928:layer:Klayers-p312-pillow:1" #Publically available ARN for pillow package +# "arn:aws:lambda:eu-west-2:${data.aws_ssm_parameter.klayers_account_dev[0].value}:layer:Klayers-p312-numpy:8", +# "arn:aws:lambda:eu-west-2:${data.aws_ssm_parameter.klayers_account_dev[0].value}:layer:Klayers-p312-pillow:1", +# aws_lambda_layer_version.lambda_layer_matplotlib_dev[0].arn ] } @@ -526,4 +529,17 @@ data "archive_file" "zip_the_send_cpu_graph_code_dev" { type = "zip" source_dir = "${path.module}/lambda_scripts/" output_path = "${path.module}/lambda_scripts/send_cpu_graph_dev.zip" -} \ No newline at end of file +} + +# Lambda Layer for Matplotlib + +/* +resource "aws_lambda_layer_version" "lambda_layer_matplotlib_dev" { + count = local.is-development == true ? 1 : 0 + layer_name = "matplotlib-layer" + description = "matplotlib-layer for python 3.12" + s3_bucket = aws_s3_bucket.MoJ-Release-Management[0].id + filename = "/lambda_layers/matplotlib-layer.zip" + compatible_runtimes = ["python3.12"] +} +*/ \ No newline at end of file diff --git a/terraform/environments/ppud/s3.tf b/terraform/environments/ppud/s3.tf index c27b3b03114..599cce0b94f 100644 --- a/terraform/environments/ppud/s3.tf +++ b/terraform/environments/ppud/s3.tf @@ -359,7 +359,8 @@ resource "aws_s3_bucket_policy" "MoJ-Release-Management" { "Principal" : { "AWS" : [ "arn:aws:iam::${local.environment_management.account_ids["ppud-development"]}:role/ec2-iam-role", - "arn:aws:iam::${local.environment_management.account_ids["ppud-preproduction"]}:role/ec2-iam-role" + "arn:aws:iam::${local.environment_management.account_ids["ppud-preproduction"]}:role/ec2-iam-role", + "arn:aws:iam::${local.environment_management.account_ids["ppud-development"]}:role/lambda_role_cloudwatch_get_metric_data_dev" ] } }