From 665fcc37b206546d4448f0901e89c92b4125b1fe Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Thu, 28 Nov 2024 11:27:29 +0000 Subject: [PATCH 01/18] UML-3722: create event bus --- terraform/environment/region.tf | 1 + .../environment/region/modules/event_bus/main.tf | 10 ++++++++++ .../region/modules/event_bus/terraform.tf | 13 +++++++++++++ .../region/modules/event_bus/variables.tf | 4 ++++ terraform/environment/terraform.tfvars.json | 5 +++++ terraform/environment/variables.tf | 1 + 6 files changed, 34 insertions(+) create mode 100644 terraform/environment/region/modules/event_bus/main.tf create mode 100644 terraform/environment/region/modules/event_bus/terraform.tf create mode 100644 terraform/environment/region/modules/event_bus/variables.tf diff --git a/terraform/environment/region.tf b/terraform/environment/region.tf index 3b50d1d6ba..0881281548 100644 --- a/terraform/environment/region.tf +++ b/terraform/environment/region.tf @@ -19,6 +19,7 @@ module "eu_west_1" { ecs_execution_role = module.iam.ecs_execution_role ecs_task_roles = module.iam.ecs_task_roles environment_name = local.environment_name + event_bus_enabled = local.environment.event_bus_enabled google_analytics_id_use = local.environment.google_analytics_id_use google_analytics_id_view = local.environment.google_analytics_id_view gov_uk_onelogin_client_id_secret_name = local.environment.gov_uk_onelogin_client_id_secret_name diff --git a/terraform/environment/region/modules/event_bus/main.tf b/terraform/environment/region/modules/event_bus/main.tf new file mode 100644 index 0000000000..1785fc9077 --- /dev/null +++ b/terraform/environment/region/modules/event_bus/main.tf @@ -0,0 +1,10 @@ +resource "aws_cloudwatch_event_bus" "main" { + name = var.environment_name + provider = aws.region +} + +resource "aws_cloudwatch_event_archive" "main" { + name = var.environment_name + event_source_arn = aws_cloudwatch_event_bus.main.arn + provider = aws.region +} diff --git a/terraform/environment/region/modules/event_bus/terraform.tf b/terraform/environment/region/modules/event_bus/terraform.tf new file mode 100644 index 0000000000..5beaeac105 --- /dev/null +++ b/terraform/environment/region/modules/event_bus/terraform.tf @@ -0,0 +1,13 @@ +terraform { + required_version = "~> 1.9.4" + + required_providers { + aws = { + source = "hashicorp/aws" + configuration_aliases = [ + aws.region, + ] + version = "~> 5.64.0" + } + } +} diff --git a/terraform/environment/region/modules/event_bus/variables.tf b/terraform/environment/region/modules/event_bus/variables.tf new file mode 100644 index 0000000000..d2b4483e85 --- /dev/null +++ b/terraform/environment/region/modules/event_bus/variables.tf @@ -0,0 +1,4 @@ +variable "environment_name" { + description = "The name of the environment" + type = string +} diff --git a/terraform/environment/terraform.tfvars.json b/terraform/environment/terraform.tfvars.json index 0a78767294..c62c75d51b 100644 --- a/terraform/environment/terraform.tfvars.json +++ b/terraform/environment/terraform.tfvars.json @@ -26,6 +26,7 @@ "cookie_expires_view": 1440, "create_dashboard": false, "create_onelogin_dashboard": false, + "event_bus_enabled": false, "google_analytics_id_use": "G-JQHJE49CBB", "google_analytics_id_view": "G-C790FLJLL7", "gov_uk_onelogin_client_id_secret_name": "gov-uk-onelogin-client-id", @@ -124,6 +125,7 @@ "cookie_expires_view": 1440, "create_dashboard": false, "create_onelogin_dashboard": false, + "event_bus_enabled": true, "google_analytics_id_use": "G-JQHJE49CBB", "google_analytics_id_view": "G-C790FLJLL7", "gov_uk_onelogin_client_id_secret_name": "gov-uk-onelogin-client-id", @@ -222,6 +224,7 @@ "cookie_expires_view": 1440, "create_dashboard": false, "create_onelogin_dashboard": true, + "event_bus_enabled": false, "google_analytics_id_use": "G-JQHJE49CBB", "google_analytics_id_view": "G-C790FLJLL7", "gov_uk_onelogin_client_id_secret_name": "gov-uk-onelogin-client-id", @@ -320,6 +323,7 @@ "cookie_expires_view": 1440, "create_dashboard": true, "create_onelogin_dashboard": false, + "event_bus_enabled": false, "google_analytics_id_use": "", "google_analytics_id_view": "", "gov_uk_onelogin_client_id_secret_name": "gov-uk-onelogin-client-id", @@ -420,6 +424,7 @@ "create_onelogin_dashboard": true, "google_analytics_id_use": "G-TX93T4G7SZ", "google_analytics_id_view": "G-J4S91NRVMJ", + "event_bus_enabled": false, "gov_uk_onelogin_client_id_secret_name": "gov-uk-onelogin-client-id", "gov_uk_onelogin_identity_public_key_secret_name": "gov-uk-onelogin-identity-public-key", "gov_uk_onelogin_identity_private_key_secret_name": "gov-uk-onelogin-identity-private-key", diff --git a/terraform/environment/variables.tf b/terraform/environment/variables.tf index 0187f71e0d..c95eb3611c 100644 --- a/terraform/environment/variables.tf +++ b/terraform/environment/variables.tf @@ -49,6 +49,7 @@ variable "environments" { cloudwatch_application_insights_enabled = bool create_dashboard = bool create_onelogin_dashboard = bool + event_bus_enabled = bool google_analytics_id_use = string google_analytics_id_view = string gov_uk_onelogin_client_id_secret_name = string From 32b0aa800d199fedd69b448b7cb0a860ae7e1e37 Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Thu, 28 Nov 2024 11:43:31 +0000 Subject: [PATCH 02/18] add module --- terraform/environment/region/event_bus.tf | 5 +++++ terraform/environment/region/modules/event_bus/main.tf | 2 ++ terraform/environment/region/modules/event_bus/variables.tf | 6 ++++++ terraform/environment/region/variables.tf | 6 ++++++ 4 files changed, 19 insertions(+) create mode 100644 terraform/environment/region/event_bus.tf diff --git a/terraform/environment/region/event_bus.tf b/terraform/environment/region/event_bus.tf new file mode 100644 index 0000000000..77da18bb61 --- /dev/null +++ b/terraform/environment/region/event_bus.tf @@ -0,0 +1,5 @@ +module "event_bus" { + source = "./modules/event_bus" + environment_name = var.environment_name + event_bus_enabled = var.event_bus_enabled +} diff --git a/terraform/environment/region/modules/event_bus/main.tf b/terraform/environment/region/modules/event_bus/main.tf index 1785fc9077..2bd65a9a91 100644 --- a/terraform/environment/region/modules/event_bus/main.tf +++ b/terraform/environment/region/modules/event_bus/main.tf @@ -1,9 +1,11 @@ resource "aws_cloudwatch_event_bus" "main" { + count = var.event_bus_enabled ? 1 : 0 name = var.environment_name provider = aws.region } resource "aws_cloudwatch_event_archive" "main" { + count = var.event_bus_enabled ? 1 : 0 name = var.environment_name event_source_arn = aws_cloudwatch_event_bus.main.arn provider = aws.region diff --git a/terraform/environment/region/modules/event_bus/variables.tf b/terraform/environment/region/modules/event_bus/variables.tf index d2b4483e85..043254eb44 100644 --- a/terraform/environment/region/modules/event_bus/variables.tf +++ b/terraform/environment/region/modules/event_bus/variables.tf @@ -2,3 +2,9 @@ variable "environment_name" { description = "The name of the environment" type = string } + +variable "event_bus_enabled" { + description = "Whether to enable Event Bus" + type = bool + default = false +} diff --git a/terraform/environment/region/variables.tf b/terraform/environment/region/variables.tf index b5fd667bfc..a1bf332c49 100644 --- a/terraform/environment/region/variables.tf +++ b/terraform/environment/region/variables.tf @@ -106,6 +106,12 @@ variable "environment_name" { type = string } +variable "event_bus_enabled" { + description = "Whether to enable the event bus" + type = bool + default = false +} + variable "feature_flags" { description = "The feature flags to use." type = map(string) From 0b5439cc54bd599ea2fb9c39dcab166c7422c556 Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Thu, 28 Nov 2024 11:45:24 +0000 Subject: [PATCH 03/18] add provider block --- terraform/environment/region/event_bus.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/terraform/environment/region/event_bus.tf b/terraform/environment/region/event_bus.tf index 77da18bb61..e764a1b043 100644 --- a/terraform/environment/region/event_bus.tf +++ b/terraform/environment/region/event_bus.tf @@ -2,4 +2,7 @@ module "event_bus" { source = "./modules/event_bus" environment_name = var.environment_name event_bus_enabled = var.event_bus_enabled + providers = { + aws.region = aws.region + } } From 148eb6da2efb05cc47fce6e605a82105dda0e2c7 Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Thu, 28 Nov 2024 11:48:08 +0000 Subject: [PATCH 04/18] add missing resource instance key --- terraform/environment/region/modules/event_bus/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environment/region/modules/event_bus/main.tf b/terraform/environment/region/modules/event_bus/main.tf index 2bd65a9a91..1c6ae8e9b3 100644 --- a/terraform/environment/region/modules/event_bus/main.tf +++ b/terraform/environment/region/modules/event_bus/main.tf @@ -7,6 +7,6 @@ resource "aws_cloudwatch_event_bus" "main" { resource "aws_cloudwatch_event_archive" "main" { count = var.event_bus_enabled ? 1 : 0 name = var.environment_name - event_source_arn = aws_cloudwatch_event_bus.main.arn + event_source_arn = aws_cloudwatch_event_bus.main[0].arn provider = aws.region } From 51885ff758f9f6279753fb883edf6ad5da471c74 Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Thu, 28 Nov 2024 12:14:21 +0000 Subject: [PATCH 05/18] add missing var --- terraform/environment/region.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/environment/region.tf b/terraform/environment/region.tf index 0881281548..040384c2e7 100644 --- a/terraform/environment/region.tf +++ b/terraform/environment/region.tf @@ -107,6 +107,7 @@ module "eu_west_2" { ecs_execution_role = module.iam.ecs_execution_role ecs_task_roles = module.iam.ecs_task_roles environment_name = local.environment_name + event_bus_enabled = local.environment.event_bus_enabled google_analytics_id_use = local.environment.google_analytics_id_use google_analytics_id_view = local.environment.google_analytics_id_view gov_uk_onelogin_client_id_secret_name = local.environment.gov_uk_onelogin_client_id_secret_name From 2f1ed8c0f11c2b8597fb3aab13cbc672313c3915 Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Thu, 28 Nov 2024 12:22:57 +0000 Subject: [PATCH 06/18] apply to env --- terraform/environment/terraform.tfvars.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environment/terraform.tfvars.json b/terraform/environment/terraform.tfvars.json index c62c75d51b..cf821dddb5 100644 --- a/terraform/environment/terraform.tfvars.json +++ b/terraform/environment/terraform.tfvars.json @@ -26,7 +26,7 @@ "cookie_expires_view": 1440, "create_dashboard": false, "create_onelogin_dashboard": false, - "event_bus_enabled": false, + "event_bus_enabled": true, "google_analytics_id_use": "G-JQHJE49CBB", "google_analytics_id_view": "G-C790FLJLL7", "gov_uk_onelogin_client_id_secret_name": "gov-uk-onelogin-client-id", @@ -125,7 +125,7 @@ "cookie_expires_view": 1440, "create_dashboard": false, "create_onelogin_dashboard": false, - "event_bus_enabled": true, + "event_bus_enabled": false, "google_analytics_id_use": "G-JQHJE49CBB", "google_analytics_id_view": "G-C790FLJLL7", "gov_uk_onelogin_client_id_secret_name": "gov-uk-onelogin-client-id", From 261c9999b865ecad014e0c1e7e6717223cbac143 Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Fri, 29 Nov 2024 15:01:13 +0000 Subject: [PATCH 07/18] add mrk for sqs --- terraform/account/kms.tf | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/terraform/account/kms.tf b/terraform/account/kms.tf index 4e962405d8..ad9fc69729 100644 --- a/terraform/account/kms.tf +++ b/terraform/account/kms.tf @@ -24,6 +24,21 @@ module "sessions_actor_mrk" { } } + + +module "sqs_mrk" { + source = "./modules/multi_region_kms" + + key_description = "KMS key for sqs" + key_alias = "sqs-mrk" + deletion_window_in_days = 7 + + providers = { + aws.primary = aws.eu_west_1 + aws.secondary = aws.eu_west_2 + } +} + module "cloudwatch_mrk" { source = "./modules/multi_region_kms" From 8e424c238ea89e1f3038ef06bda9ba8dcb194586 Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Fri, 29 Nov 2024 15:03:28 +0000 Subject: [PATCH 08/18] add sqs --- .../region/modules/event_bus/main.tf | 85 +++++++++++++++++++ 1 file changed, 85 insertions(+) diff --git a/terraform/environment/region/modules/event_bus/main.tf b/terraform/environment/region/modules/event_bus/main.tf index 1c6ae8e9b3..f25325ff31 100644 --- a/terraform/environment/region/modules/event_bus/main.tf +++ b/terraform/environment/region/modules/event_bus/main.tf @@ -10,3 +10,88 @@ resource "aws_cloudwatch_event_archive" "main" { event_source_arn = aws_cloudwatch_event_bus.main[0].arn provider = aws.region } + +resource "aws_cloudwatch_event_rule" "receive_events_mlpa" { + count = var.event_bus_enabled ? 1 : 0 + name = "${var.environment_name}-mlpa-events-to-use" + description = "receive events from mlpa" + event_bus_name = aws_cloudwatch_event_bus[0].name + + event_pattern = jsonencode({ + source = ["opg.poas.makeregister"], + }) + provider = aws.region +} + +data "aws_kms_alias" "sqs" { + name = "alias/sqs-kms" + provider = aws.region +} + +resource "aws_sqs_queue" "receive_events_queue" { + count = var.event_bus_enabled ? 1 : 0 + name = "${var.environment_name}-receive-events-queue" + kms_master_key_id = data.aws_kms_alias.sqs.target_key_id + kms_data_key_reuse_period_seconds = 300 + + visibility_timeout_seconds = 300 + + redrive_policy = jsonencode({ + deadLetterTargetArn = aws_sqs_queue.receive_events_deadletter[0].arn + maxReceiveCount = 3 + }) + policy = data.aws_iam_policy_document.receive_events_queue_policy.json + + provider = aws.region +} + +data "aws_iam_policy_document" "receive_events_queue_policy" { + statement { + sid = "${data.aws_region.current.name}-ReceiveFromMLPA" + effect = "Allow" + + principals { + type = "Service" + identifiers = ["events.amazonaws.com"] + } + + actions = ["sqs:SendMessage"] + resources = ["*"] + + condition { + test = "ArnEquals" + variable = "aws:SourceArn" + values = [ + aws_cloudwatch_event_rule.receive_events_mlpa.arn + ] + } + } +} + +resource "aws_sqs_queue" "receive_events_deadletter" { + count = var.event_bus_enabled ? 1 : 0 + name = "${var.environment_name}-receive-events-deadletter" + kms_master_key_id = data.aws_kms_alias.sqs.target_key_id + kms_data_key_reuse_period_seconds = 300 + provider = aws.region +} + +resource "aws_sqs_queue_redrive_allow_policy" "receive_events_redrive_allow_policy" { + count = var.event_bus_enabled ? 1 : 0 + queue_url = aws_sqs_queue.receive_events_deadletter[0].id + + redrive_allow_policy = jsonencode({ + redrivePermission = "byQueue", + sourceQueueArns = [aws_sqs_queue.receive_events_queue.arn] + }) + provider = aws.region +} + +resource "aws_lambda_event_source_mapping" "reveive_events_mapping" { + count = var.event_bus_enabled ? 1 : 0 + event_source_arn = aws_sqs_queue.receive_events_queue[0].arn + enabled = true + function_name = var.ingress_lambda_name + batch_size = 10 + provider = aws.region +} From 957d47950febf9754ee33d0d3c382f1df67378a8 Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Fri, 29 Nov 2024 15:08:12 +0000 Subject: [PATCH 09/18] FIX TYPO --- terraform/environment/region/modules/event_bus/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environment/region/modules/event_bus/main.tf b/terraform/environment/region/modules/event_bus/main.tf index f25325ff31..ed829ed665 100644 --- a/terraform/environment/region/modules/event_bus/main.tf +++ b/terraform/environment/region/modules/event_bus/main.tf @@ -15,7 +15,7 @@ resource "aws_cloudwatch_event_rule" "receive_events_mlpa" { count = var.event_bus_enabled ? 1 : 0 name = "${var.environment_name}-mlpa-events-to-use" description = "receive events from mlpa" - event_bus_name = aws_cloudwatch_event_bus[0].name + event_bus_name = aws_cloudwatch_event_bus.main[0].name event_pattern = jsonencode({ source = ["opg.poas.makeregister"], From 8650753f4f5a4eff0c9e1ec7d60b4ce47f6f163f Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Fri, 29 Nov 2024 15:15:19 +0000 Subject: [PATCH 10/18] fix region var --- terraform/environment/region/modules/event_bus/main.tf | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/terraform/environment/region/modules/event_bus/main.tf b/terraform/environment/region/modules/event_bus/main.tf index ed829ed665..64d0a4eaf3 100644 --- a/terraform/environment/region/modules/event_bus/main.tf +++ b/terraform/environment/region/modules/event_bus/main.tf @@ -47,7 +47,7 @@ resource "aws_sqs_queue" "receive_events_queue" { data "aws_iam_policy_document" "receive_events_queue_policy" { statement { - sid = "${data.aws_region.current.name}-ReceiveFromMLPA" + sid = "${var.current_region}-ReceiveFromMLPA" effect = "Allow" principals { @@ -62,7 +62,7 @@ data "aws_iam_policy_document" "receive_events_queue_policy" { test = "ArnEquals" variable = "aws:SourceArn" values = [ - aws_cloudwatch_event_rule.receive_events_mlpa.arn + aws_cloudwatch_event_rule.receive_events_mlpa[0].arn ] } } @@ -87,11 +87,13 @@ resource "aws_sqs_queue_redrive_allow_policy" "receive_events_redrive_allow_poli provider = aws.region } +/* resource "aws_lambda_event_source_mapping" "reveive_events_mapping" { count = var.event_bus_enabled ? 1 : 0 event_source_arn = aws_sqs_queue.receive_events_queue[0].arn - enabled = true + enabled = false function_name = var.ingress_lambda_name batch_size = 10 provider = aws.region } +*/ From c9427ac343c798cc834bb0654b3fc9918f77bd13 Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Fri, 29 Nov 2024 15:16:01 +0000 Subject: [PATCH 11/18] comment out lambda for now --- .../region/modules/event_bus/variables.tf | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/terraform/environment/region/modules/event_bus/variables.tf b/terraform/environment/region/modules/event_bus/variables.tf index 043254eb44..c1bb1610a2 100644 --- a/terraform/environment/region/modules/event_bus/variables.tf +++ b/terraform/environment/region/modules/event_bus/variables.tf @@ -8,3 +8,15 @@ variable "event_bus_enabled" { type = bool default = false } + +/* +variable "ingress_lambda_name" { + description = "The name of the ingress lambda" + type = string +} +*/ + +variable "current_region" { + description = "The current region" + type = string +} From 2bfa7bd95131711cdf46e55070cd5d9e62e6dcb7 Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Fri, 29 Nov 2024 15:18:02 +0000 Subject: [PATCH 12/18] add missing region --- terraform/environment/region/event_bus.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/environment/region/event_bus.tf b/terraform/environment/region/event_bus.tf index e764a1b043..264fe0b882 100644 --- a/terraform/environment/region/event_bus.tf +++ b/terraform/environment/region/event_bus.tf @@ -2,6 +2,7 @@ module "event_bus" { source = "./modules/event_bus" environment_name = var.environment_name event_bus_enabled = var.event_bus_enabled + current_region = data.aws_region.current.name providers = { aws.region = aws.region } From 0a65502dcf690da5b1a5b2dd3b1f331e37f9b382 Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Fri, 29 Nov 2024 15:20:37 +0000 Subject: [PATCH 13/18] resource key --- terraform/environment/region/modules/event_bus/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environment/region/modules/event_bus/main.tf b/terraform/environment/region/modules/event_bus/main.tf index 64d0a4eaf3..2b0ca03e86 100644 --- a/terraform/environment/region/modules/event_bus/main.tf +++ b/terraform/environment/region/modules/event_bus/main.tf @@ -82,7 +82,7 @@ resource "aws_sqs_queue_redrive_allow_policy" "receive_events_redrive_allow_poli redrive_allow_policy = jsonencode({ redrivePermission = "byQueue", - sourceQueueArns = [aws_sqs_queue.receive_events_queue.arn] + sourceQueueArns = [aws_sqs_queue.receive_events_queue[0].arn] }) provider = aws.region } From 780339f5c741fd24154a0cca5c29036f436653b3 Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Fri, 29 Nov 2024 15:30:02 +0000 Subject: [PATCH 14/18] remove kms --- terraform/account/kms.tf | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/terraform/account/kms.tf b/terraform/account/kms.tf index ad9fc69729..4e962405d8 100644 --- a/terraform/account/kms.tf +++ b/terraform/account/kms.tf @@ -24,21 +24,6 @@ module "sessions_actor_mrk" { } } - - -module "sqs_mrk" { - source = "./modules/multi_region_kms" - - key_description = "KMS key for sqs" - key_alias = "sqs-mrk" - deletion_window_in_days = 7 - - providers = { - aws.primary = aws.eu_west_1 - aws.secondary = aws.eu_west_2 - } -} - module "cloudwatch_mrk" { source = "./modules/multi_region_kms" From 84df550dae8a55e554bbcd882d422e8d74cede2a Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Fri, 29 Nov 2024 16:12:25 +0000 Subject: [PATCH 15/18] change alias --- terraform/environment/region/modules/event_bus/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environment/region/modules/event_bus/main.tf b/terraform/environment/region/modules/event_bus/main.tf index 2b0ca03e86..ab9fb4bc3c 100644 --- a/terraform/environment/region/modules/event_bus/main.tf +++ b/terraform/environment/region/modules/event_bus/main.tf @@ -24,7 +24,7 @@ resource "aws_cloudwatch_event_rule" "receive_events_mlpa" { } data "aws_kms_alias" "sqs" { - name = "alias/sqs-kms" + name = "alias/sqs-mrk" provider = aws.region } From 6b3c7ad225cf3ae7eb5667c3f8aba73ad46334b9 Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Fri, 29 Nov 2024 16:19:20 +0000 Subject: [PATCH 16/18] add count to policy --- terraform/environment/region/modules/event_bus/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/environment/region/modules/event_bus/main.tf b/terraform/environment/region/modules/event_bus/main.tf index ab9fb4bc3c..f7a7284440 100644 --- a/terraform/environment/region/modules/event_bus/main.tf +++ b/terraform/environment/region/modules/event_bus/main.tf @@ -46,6 +46,7 @@ resource "aws_sqs_queue" "receive_events_queue" { } data "aws_iam_policy_document" "receive_events_queue_policy" { + count = var.event_bus_enabled ? 1 : 0 statement { sid = "${var.current_region}-ReceiveFromMLPA" effect = "Allow" From d309265adff30a76c71076102bd5b8d5f9eb92b1 Mon Sep 17 00:00:00 2001 From: Jay Whitwell Date: Fri, 29 Nov 2024 16:21:10 +0000 Subject: [PATCH 17/18] add resource key --- terraform/environment/region/modules/event_bus/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environment/region/modules/event_bus/main.tf b/terraform/environment/region/modules/event_bus/main.tf index f7a7284440..8e8711d41e 100644 --- a/terraform/environment/region/modules/event_bus/main.tf +++ b/terraform/environment/region/modules/event_bus/main.tf @@ -40,7 +40,7 @@ resource "aws_sqs_queue" "receive_events_queue" { deadLetterTargetArn = aws_sqs_queue.receive_events_deadletter[0].arn maxReceiveCount = 3 }) - policy = data.aws_iam_policy_document.receive_events_queue_policy.json + policy = data.aws_iam_policy_document.receive_events_queue_policy[0].json provider = aws.region } From c606c020ae557b34569d96693fd7db0ad3d914c4 Mon Sep 17 00:00:00 2001 From: gillettmoj Date: Mon, 2 Dec 2024 10:22:25 +0000 Subject: [PATCH 18/18] enable event bus for demo env --- terraform/environment/terraform.tfvars.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environment/terraform.tfvars.json b/terraform/environment/terraform.tfvars.json index cf821dddb5..ed2db73e0d 100644 --- a/terraform/environment/terraform.tfvars.json +++ b/terraform/environment/terraform.tfvars.json @@ -125,7 +125,7 @@ "cookie_expires_view": 1440, "create_dashboard": false, "create_onelogin_dashboard": false, - "event_bus_enabled": false, + "event_bus_enabled": true, "google_analytics_id_use": "G-JQHJE49CBB", "google_analytics_id_view": "G-C790FLJLL7", "gov_uk_onelogin_client_id_secret_name": "gov-uk-onelogin-client-id",