From 5a4af5e198da510f3f8f17bafb84aae4b09264d5 Mon Sep 17 00:00:00 2001 From: Matt Dean Date: Thu, 8 Jan 2026 08:49:57 +0000 Subject: [PATCH 1/3] NRL-1875 Define dynamodb pointers table as deploy parameter --- scripts/seed_nft_tables.py | 14 +-- terraform/infrastructure/data.tf | 18 +--- terraform/infrastructure/etc/dev.tfvars | 4 +- terraform/infrastructure/etc/int.tfvars | 6 +- terraform/infrastructure/etc/perftest.tfvars | 2 +- terraform/infrastructure/etc/prod.tfvars | 4 +- terraform/infrastructure/etc/qa.tfvars | 4 +- terraform/infrastructure/etc/ref.tfvars | 2 +- terraform/infrastructure/iam.tf | 86 +++++++++++++++++++ terraform/infrastructure/lambda.tf | 51 ++++++++--- terraform/infrastructure/locals.tf | 9 +- .../modules/pointers-table/output.tf | 5 ++ terraform/infrastructure/vars.tf | 8 +- tests/performance/seed_data_constants.py | 12 +++ 14 files changed, 173 insertions(+), 52 deletions(-) create mode 100644 terraform/infrastructure/iam.tf diff --git a/scripts/seed_nft_tables.py b/scripts/seed_nft_tables.py index 5053fa7e0..17fd53249 100644 --- a/scripts/seed_nft_tables.py +++ b/scripts/seed_nft_tables.py @@ -22,8 +22,8 @@ from nrlf.tests.data import load_document_reference from tests.performance.seed_data_constants import ( # DEFAULT_COUNT_DISTRIBUTIONS, CHECKSUM_WEIGHTS, - DEFAULT_CUSTODIAN_DISTRIBUTIONS, - DEFAULT_TYPE_DISTRIBUTIONS, + CUSTODIAN_DISTRIBUTION_PROFILES, + TYPE_DISTRIBUTION_PROFILES, ) dynamodb = boto3.client("dynamodb") @@ -87,22 +87,24 @@ def _populate_seed_table( table_name: str, px_with_pointers: int, pointers_per_px: float = 1.0, - type_dists: dict[str, int] = DEFAULT_TYPE_DISTRIBUTIONS, - custodian_dists: dict[str, dict[str, int]] = DEFAULT_CUSTODIAN_DISTRIBUTIONS, + type_dist_profile: str = "default", + custodian_dist_profile: str = "default", ): """ Seeds a table with example data for non-functional testing. """ if pointers_per_px < 1.0: raise ValueError("Cannot populate table with patients with zero pointers") + + type_dists = TYPE_DISTRIBUTION_PROFILES[type_dist_profile] + custodian_dists = CUSTODIAN_DISTRIBUTION_PROFILES[custodian_dist_profile] + # set up iterations type_iter = _set_up_cyclical_iterator(type_dists) custodian_iters = _set_up_custodian_iterators(custodian_dists) - # count_iter = _set_up_cyclical_iterator(DEFAULT_COUNT_DISTRIBUTIONS) count_iter = _get_pointer_count_poisson_distributions( px_with_pointers, pointers_per_px ) - # count_iter = _get_pointer_count_negbinom_distributions(px_with_pointers, pointers_per_px) testnum_cls = TestNhsNumbersIterator() testnum_iter = iter(testnum_cls) diff --git a/terraform/infrastructure/data.tf b/terraform/infrastructure/data.tf index c99a1bedf..71c76c69a 100644 --- a/terraform/infrastructure/data.tf +++ b/terraform/infrastructure/data.tf @@ -17,22 +17,12 @@ data "aws_iam_policy" "auth-store-read-policy" { data "aws_dynamodb_table" "pointers-table" { count = var.use_shared_resources ? 1 : 0 - name = "${local.pointers_table_prefix}-pointers-table" + name = local.shared_pointers_table_name } -data "aws_iam_policy" "pointers-table-read" { - count = var.use_shared_resources ? 1 : 0 - name = "${local.pointers_table_prefix}-pointers-table-read" -} - -data "aws_iam_policy" "pointers-table-write" { - count = var.use_shared_resources ? 1 : 0 - name = "${local.pointers_table_prefix}-pointers-table-write" -} - -data "aws_iam_policy" "pointers-kms-read-write" { - count = var.use_shared_resources ? 1 : 0 - name = "${local.pointers_table_prefix}-pointers-kms-read-write" +data "aws_kms_key" "pointers-table-key" { + count = var.use_shared_resources ? 1 : 0 + key_id = "alias/${local.shared_pointers_table_name}-key" } data "external" "current-info" { diff --git a/terraform/infrastructure/etc/dev.tfvars b/terraform/infrastructure/etc/dev.tfvars index f1f1b7cbc..9467886a1 100644 --- a/terraform/infrastructure/etc/dev.tfvars +++ b/terraform/infrastructure/etc/dev.tfvars @@ -1,8 +1,8 @@ account_name = "dev" aws_account_name = "dev" -dynamodb_pointers_table_prefix = "nhsd-nrlf--dev" -dynamodb_sandbox_pointers_table_prefix = "nhsd-nrlf--dev-sandbox" +dynamodb_pointers_table_name = "nhsd-nrlf--dev-pointers-table" +dynamodb_sandbox_pointers_table_name = "nhsd-nrlf--dev-sandbox-pointers-table" domain = "api.record-locator.dev.national.nhs.uk" public_domain = "internal-dev.api.service.nhs.uk" diff --git a/terraform/infrastructure/etc/int.tfvars b/terraform/infrastructure/etc/int.tfvars index 613f5cb19..c4cb3cf28 100644 --- a/terraform/infrastructure/etc/int.tfvars +++ b/terraform/infrastructure/etc/int.tfvars @@ -1,9 +1,9 @@ account_name = "int" aws_account_name = "test" -dynamodb_pointers_table_prefix = "nhsd-nrlf--int" -dynamodb_sandbox_pointers_table_prefix = "nhsd-nrlf--int-sandbox" -deletion_protection = true +dynamodb_pointers_table_name = "nhsd-nrlf--int-pointers-table" +dynamodb_sandbox_pointers_table_name = "nhsd-nrlf--int-sandbox-pointers-table" +deletion_protection = true domain = "api.record-locator.int.national.nhs.uk" public_domain = "int.api.service.nhs.uk" diff --git a/terraform/infrastructure/etc/perftest.tfvars b/terraform/infrastructure/etc/perftest.tfvars index 56478f9fe..50bfd5841 100644 --- a/terraform/infrastructure/etc/perftest.tfvars +++ b/terraform/infrastructure/etc/perftest.tfvars @@ -1,7 +1,7 @@ account_name = "perftest" aws_account_name = "test" -dynamodb_pointers_table_prefix = "nhsd-nrlf--perftest-baseline" +dynamodb_pointers_table_name = "nhsd-nrlf--perftest-baseline-pointers-table" domain = "perftest.record-locator.national.nhs.uk" public_domain = "perftest.api.service.nhs.uk" diff --git a/terraform/infrastructure/etc/prod.tfvars b/terraform/infrastructure/etc/prod.tfvars index 7ffd74262..254731b7a 100644 --- a/terraform/infrastructure/etc/prod.tfvars +++ b/terraform/infrastructure/etc/prod.tfvars @@ -1,8 +1,8 @@ account_name = "prod" aws_account_name = "prod" -dynamodb_pointers_table_prefix = "nhsd-nrlf--prod" -deletion_protection = true +dynamodb_pointers_table_name = "nhsd-nrlf--prod-pointers-table" +deletion_protection = true domain = "api.record-locator.national.nhs.uk" public_domain = "api.service.nhs.uk" diff --git a/terraform/infrastructure/etc/qa.tfvars b/terraform/infrastructure/etc/qa.tfvars index 989530574..71c75564b 100644 --- a/terraform/infrastructure/etc/qa.tfvars +++ b/terraform/infrastructure/etc/qa.tfvars @@ -1,8 +1,8 @@ account_name = "qa" aws_account_name = "test" -dynamodb_pointers_table_prefix = "nhsd-nrlf--qa" -dynamodb_sandbox_pointers_table_prefix = "nhsd-nrlf--qa-sandbox" +dynamodb_pointers_table_name = "nhsd-nrlf--qa-pointers-table" +dynamodb_sandbox_pointers_table_name = "nhsd-nrlf--qa-sandbox-pointers-table" domain = "qa.record-locator.national.nhs.uk" public_domain = "internal-qa.api.service.nhs.uk" diff --git a/terraform/infrastructure/etc/ref.tfvars b/terraform/infrastructure/etc/ref.tfvars index 70bad7a92..9b9aec6cc 100644 --- a/terraform/infrastructure/etc/ref.tfvars +++ b/terraform/infrastructure/etc/ref.tfvars @@ -1,7 +1,7 @@ account_name = "ref" aws_account_name = "test" -dynamodb_pointers_table_prefix = "nhsd-nrlf--ref" +dynamodb_pointers_table_name = "nhsd-nrlf--ref-pointers-table" domain = "api.record-locator.ref.national.nhs.uk" public_domain = "ref.api.service.nhs.uk" diff --git a/terraform/infrastructure/iam.tf b/terraform/infrastructure/iam.tf new file mode 100644 index 000000000..3359e79e9 --- /dev/null +++ b/terraform/infrastructure/iam.tf @@ -0,0 +1,86 @@ +resource "aws_iam_policy" "pointers-table-read" { + count = var.use_shared_resources ? 1 : 0 + name = "${local.prefix}-allow-pointers-table-read" + description = "Read the pointers-table" + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = [ + "kms:Decrypt", + "kms:DescribeKey" + ] + Effect = "Allow" + Resource = [ + data.aws_kms_key.pointers-table-key[0].arn + ] + }, + { + Effect = "Allow" + Action = [ + "dynamodb:Query", + "dynamodb:Scan", + "dynamodb:GetItem", + ], + Resource = [ + "${data.aws_dynamodb_table.pointers-table[0].arn}*" + ] + } + ] + }) +} + +resource "aws_iam_policy" "pointers-table-write" { + count = var.use_shared_resources ? 1 : 0 + name = "${local.prefix}-allow-pointers-table-write" + description = "Write to the pointers-table" + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = [ + "kms:Encrypt", + "kms:GenerateDataKey" + ] + Effect = "Allow" + Resource = [ + data.aws_kms_key.pointers-table-key[0].arn + ] + }, + { + Effect = "Allow" + Action = [ + "dynamodb:PutItem", + "dynamodb:UpdateItem", + "dynamodb:DeleteItem", + ], + Resource = [ + "${data.aws_dynamodb_table.pointers-table[0].arn}*" + ] + } + ] + }) +} + +resource "aws_iam_policy" "pointers-kms-read-write" { + count = var.use_shared_resources ? 1 : 0 + name = "${local.prefix}-allow-pointers-kms-read-write" + description = "Encrypt and decrypt with the pointers table kms key" + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = [ + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey" + ] + Effect = "Allow" + Resource = [ + data.aws_kms_key.pointers-table-key[0].arn + ] + } + ] + }) +} diff --git a/terraform/infrastructure/lambda.tf b/terraform/infrastructure/lambda.tf index 4830dd5cf..c4878ef99 100644 --- a/terraform/infrastructure/lambda.tf +++ b/terraform/infrastructure/lambda.tf @@ -17,7 +17,9 @@ module "consumer__readDocumentReference" { } additional_policies = [ local.pointers_table_read_policy_arn, - local.pointers_kms_read_write_arn, + #local.pointers_kms_read_write_arn, + #aws_iam_policy.pointers-table-read.arn, + #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -44,7 +46,9 @@ module "consumer__searchDocumentReference" { } additional_policies = [ local.pointers_table_read_policy_arn, - local.pointers_kms_read_write_arn, + #local.pointers_kms_read_write_arn, + #aws_iam_policy.pointers-table-read.arn, + #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -71,7 +75,9 @@ module "consumer__searchPostDocumentReference" { } additional_policies = [ local.pointers_table_read_policy_arn, - local.pointers_kms_read_write_arn, + #local.pointers_kms_read_write_arn, + #aws_iam_policy.pointers-table-read.arn, + #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -99,7 +105,9 @@ module "producer__createDocumentReference" { additional_policies = [ local.pointers_table_write_policy_arn, local.pointers_table_read_policy_arn, - local.pointers_kms_read_write_arn, + #aws_iam_policy.pointers-table-read.arn, + #aws_iam_policy.pointers-table-write.arn, + #aws_iam_policy.pointers-table-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -127,7 +135,10 @@ module "producer__deleteDocumentReference" { additional_policies = [ local.pointers_table_write_policy_arn, local.pointers_table_read_policy_arn, - local.pointers_kms_read_write_arn, + #local.pointers_kms_read_write_arn, + #aws_iam_policy.pointers-table-read.arn, + #aws_iam_policy.pointers-table-write.arn, + #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -154,7 +165,9 @@ module "producer__readDocumentReference" { } additional_policies = [ local.pointers_table_read_policy_arn, - local.pointers_kms_read_write_arn, + #local.pointers_kms_read_write_arn, + #aws_iam_policy.pointers-table-read.arn, + #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -181,7 +194,9 @@ module "producer__searchDocumentReference" { } additional_policies = [ local.pointers_table_read_policy_arn, - local.pointers_kms_read_write_arn, + #local.pointers_kms_read_write_arn, + #aws_iam_policy.pointers-table-read.arn, + #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -208,7 +223,9 @@ module "producer__searchPostDocumentReference" { } additional_policies = [ local.pointers_table_read_policy_arn, - local.pointers_kms_read_write_arn, + #local.pointers_kms_read_write_arn, + #aws_iam_policy.pointers-table-read.arn, + #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -236,7 +253,10 @@ module "producer__updateDocumentReference" { additional_policies = [ local.pointers_table_read_policy_arn, local.pointers_table_write_policy_arn, - local.pointers_kms_read_write_arn, + #local.pointers_kms_read_write_arn, + #aws_iam_policy.pointers-table-read.arn, + #aws_iam_policy.pointers-table-write.arn, + #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -264,7 +284,10 @@ module "producer__upsertDocumentReference" { additional_policies = [ local.pointers_table_write_policy_arn, local.pointers_table_read_policy_arn, - local.pointers_kms_read_write_arn, + #local.pointers_kms_read_write_arn, + #aws_iam_policy.pointers-table-read.arn, + #aws_iam_policy.pointers-table-write.arn, + #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -292,7 +315,9 @@ module "consumer__status" { } additional_policies = [ local.pointers_table_read_policy_arn, - local.pointers_kms_read_write_arn, + #local.pointers_kms_read_write_arn, + #aws_iam_policy.pointers-table-read.arn, + #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehost_lambda_splunk_only_subscription @@ -321,7 +346,9 @@ module "producer__status" { } additional_policies = [ local.pointers_table_read_policy_arn, - local.pointers_kms_read_write_arn, + #local.pointers_kms_read_write_arn, + #aws_iam_policy.pointers-table-read.arn, + #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehost_lambda_splunk_only_subscription diff --git a/terraform/infrastructure/locals.tf b/terraform/infrastructure/locals.tf index a6c0df93a..78cf35396 100644 --- a/terraform/infrastructure/locals.tf +++ b/terraform/infrastructure/locals.tf @@ -51,10 +51,9 @@ locals { auth_store_id = var.use_shared_resources ? data.aws_s3_bucket.authorization-store[0].id : module.ephemeral-s3-permission-store[0].bucket_id auth_store_read_policy_arn = var.use_shared_resources ? data.aws_iam_policy.auth-store-read-policy[0].arn : module.ephemeral-s3-permission-store[0].bucket_read_policy_arn - pointers_table_prefix = local.is_sandbox_env ? "${var.dynamodb_sandbox_pointers_table_prefix}" : "${var.dynamodb_pointers_table_prefix}" - + shared_pointers_table_name = local.is_sandbox_env ? var.dynamodb_sandbox_pointers_table_name : var.dynamodb_pointers_table_name pointers_table_name = var.use_shared_resources ? data.aws_dynamodb_table.pointers-table[0].name : module.ephemeral-pointers-table[0].table_name - pointers_table_read_policy_arn = var.use_shared_resources ? data.aws_iam_policy.pointers-table-read[0].arn : module.ephemeral-pointers-table[0].read_policy_arn - pointers_table_write_policy_arn = var.use_shared_resources ? data.aws_iam_policy.pointers-table-write[0].arn : module.ephemeral-pointers-table[0].write_policy_arn - pointers_kms_read_write_arn = var.use_shared_resources ? data.aws_iam_policy.pointers-kms-read-write[0].arn : module.ephemeral-pointers-table[0].kms_read_write_policy_arn + pointers_table_key_arn = var.use_shared_resources ? data.aws_kms_key.pointers-table-key[0].arn : module.ephemeral-pointers-table[0].kms_key_arn + pointers_table_read_policy_arn = var.use_shared_resources ? aws_iam_policy.pointers-table-read[0].arn : module.ephemeral-pointers-table[0].read_policy_arn + pointers_table_write_policy_arn = var.use_shared_resources ? aws_iam_policy.pointers-table-write[0].arn : module.ephemeral-pointers-table[0].write_policy_arn } diff --git a/terraform/infrastructure/modules/pointers-table/output.tf b/terraform/infrastructure/modules/pointers-table/output.tf index 1b171e713..d65fa0df1 100644 --- a/terraform/infrastructure/modules/pointers-table/output.tf +++ b/terraform/infrastructure/modules/pointers-table/output.tf @@ -17,3 +17,8 @@ output "kms_read_write_policy_arn" { description = "Policy to encrypt and decrypt the pointers table with the kms key" value = aws_iam_policy.pointers-kms-read-write.arn } + +output "kms_key_arn" { + description = "KMS key arn for the pointers table" + value = aws_kms_key.pointers-table-key.arn +} diff --git a/terraform/infrastructure/vars.tf b/terraform/infrastructure/vars.tf index b8db7d4f1..66d551ba3 100644 --- a/terraform/infrastructure/vars.tf +++ b/terraform/infrastructure/vars.tf @@ -68,13 +68,13 @@ variable "disable_firehose_lambda_subscriptions" { default = false } -variable "dynamodb_pointers_table_prefix" { +variable "dynamodb_pointers_table_name" { type = string - description = "The prefix of the DynamoDB pointers table to use when using shared resources" + description = "The name of the DynamoDB pointers table to use when using shared resources" } -variable "dynamodb_sandbox_pointers_table_prefix" { +variable "dynamodb_sandbox_pointers_table_name" { type = string - description = "The prefix of the DynamoDB pointers table to use when using shared resources in a sandbox environment" + description = "The name of the DynamoDB pointers table to use when using shared resources in a sandbox environment" default = null } diff --git a/tests/performance/seed_data_constants.py b/tests/performance/seed_data_constants.py index 27dec83cd..6b26d87fe 100644 --- a/tests/performance/seed_data_constants.py +++ b/tests/performance/seed_data_constants.py @@ -60,3 +60,15 @@ } DEFAULT_COUNT_DISTRIBUTIONS = {"1": 91, "2": 8, "3": 1} + +TYPE_DISTRIBUTION_PROFILES = { + "default": DEFAULT_TYPE_DISTRIBUTIONS, + # "15m_pointers": DEFAULT_TYPE_DISTRIBUTIONS, + # "55m_pointers": DEFAULT_TYPE_DISTRIBUTIONS, +} + +CUSTODIAN_DISTRIBUTION_PROFILES = { + "default": DEFAULT_CUSTODIAN_DISTRIBUTIONS, + # "15m_pointers": DEFAULT_CUSTODIAN_DISTRIBUTIONS, + # "55m_pointers": DEFAULT_CUSTODIAN_DISTRIBUTIONS, +} From 12dd046f06fd798b44796eb19b2af6abc224af46 Mon Sep 17 00:00:00 2001 From: Matt Dean Date: Thu, 8 Jan 2026 11:44:24 +0000 Subject: [PATCH 2/3] NRL-1875 Add 15m and 55m volume distributions for perfs tests --- tests/performance/seed_data_constants.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/tests/performance/seed_data_constants.py b/tests/performance/seed_data_constants.py index 6b26d87fe..9765a1b8e 100644 --- a/tests/performance/seed_data_constants.py +++ b/tests/performance/seed_data_constants.py @@ -59,16 +59,24 @@ }, # summary record currently has only one supplier } +VOL_15M_POINTERS_TYPE_DISTRIBUTIONS = {"824321000000109": 1} + +VOL_15M_POINTERS_CUSTODIAN_DISTRIBUTIONS = {"16521000000101": {"TD2L9A": 1}} + +VOL_55M_POINTERS_TYPE_DISTRIBUTIONS = {"16521000000101": 1} + +VOL_55M_POINTERS_CUSTODIAN_DISTRIBUTIONS = {"16521000000101": {"TX26": 1}} + DEFAULT_COUNT_DISTRIBUTIONS = {"1": 91, "2": 8, "3": 1} TYPE_DISTRIBUTION_PROFILES = { "default": DEFAULT_TYPE_DISTRIBUTIONS, - # "15m_pointers": DEFAULT_TYPE_DISTRIBUTIONS, - # "55m_pointers": DEFAULT_TYPE_DISTRIBUTIONS, + "15m_pointers": VOL_15M_POINTERS_TYPE_DISTRIBUTIONS, + "55m_pointers": VOL_55M_POINTERS_TYPE_DISTRIBUTIONS, } CUSTODIAN_DISTRIBUTION_PROFILES = { "default": DEFAULT_CUSTODIAN_DISTRIBUTIONS, - # "15m_pointers": DEFAULT_CUSTODIAN_DISTRIBUTIONS, - # "55m_pointers": DEFAULT_CUSTODIAN_DISTRIBUTIONS, + "15m_pointers": VOL_15M_POINTERS_CUSTODIAN_DISTRIBUTIONS, + "55m_pointers": VOL_55M_POINTERS_CUSTODIAN_DISTRIBUTIONS, } From 0fc48d0be3b38167f4735a80f9953a3844fbdf85 Mon Sep 17 00:00:00 2001 From: Matt Dean Date: Thu, 8 Jan 2026 14:14:04 +0000 Subject: [PATCH 3/3] NRL-1875 Remove unused IAM policies from API lambdas --- terraform/infrastructure/lambda.tf | 39 ------------------------------ 1 file changed, 39 deletions(-) diff --git a/terraform/infrastructure/lambda.tf b/terraform/infrastructure/lambda.tf index c4878ef99..387283e4c 100644 --- a/terraform/infrastructure/lambda.tf +++ b/terraform/infrastructure/lambda.tf @@ -17,9 +17,6 @@ module "consumer__readDocumentReference" { } additional_policies = [ local.pointers_table_read_policy_arn, - #local.pointers_kms_read_write_arn, - #aws_iam_policy.pointers-table-read.arn, - #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -46,9 +43,6 @@ module "consumer__searchDocumentReference" { } additional_policies = [ local.pointers_table_read_policy_arn, - #local.pointers_kms_read_write_arn, - #aws_iam_policy.pointers-table-read.arn, - #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -75,9 +69,6 @@ module "consumer__searchPostDocumentReference" { } additional_policies = [ local.pointers_table_read_policy_arn, - #local.pointers_kms_read_write_arn, - #aws_iam_policy.pointers-table-read.arn, - #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -105,9 +96,6 @@ module "producer__createDocumentReference" { additional_policies = [ local.pointers_table_write_policy_arn, local.pointers_table_read_policy_arn, - #aws_iam_policy.pointers-table-read.arn, - #aws_iam_policy.pointers-table-write.arn, - #aws_iam_policy.pointers-table-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -135,10 +123,6 @@ module "producer__deleteDocumentReference" { additional_policies = [ local.pointers_table_write_policy_arn, local.pointers_table_read_policy_arn, - #local.pointers_kms_read_write_arn, - #aws_iam_policy.pointers-table-read.arn, - #aws_iam_policy.pointers-table-write.arn, - #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -165,9 +149,6 @@ module "producer__readDocumentReference" { } additional_policies = [ local.pointers_table_read_policy_arn, - #local.pointers_kms_read_write_arn, - #aws_iam_policy.pointers-table-read.arn, - #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -194,9 +175,6 @@ module "producer__searchDocumentReference" { } additional_policies = [ local.pointers_table_read_policy_arn, - #local.pointers_kms_read_write_arn, - #aws_iam_policy.pointers-table-read.arn, - #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -223,9 +201,6 @@ module "producer__searchPostDocumentReference" { } additional_policies = [ local.pointers_table_read_policy_arn, - #local.pointers_kms_read_write_arn, - #aws_iam_policy.pointers-table-read.arn, - #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -253,10 +228,6 @@ module "producer__updateDocumentReference" { additional_policies = [ local.pointers_table_read_policy_arn, local.pointers_table_write_policy_arn, - #local.pointers_kms_read_write_arn, - #aws_iam_policy.pointers-table-read.arn, - #aws_iam_policy.pointers-table-write.arn, - #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -284,10 +255,6 @@ module "producer__upsertDocumentReference" { additional_policies = [ local.pointers_table_write_policy_arn, local.pointers_table_read_policy_arn, - #local.pointers_kms_read_write_arn, - #aws_iam_policy.pointers-table-read.arn, - #aws_iam_policy.pointers-table-write.arn, - #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehose_lambda_subscriptions @@ -315,9 +282,6 @@ module "consumer__status" { } additional_policies = [ local.pointers_table_read_policy_arn, - #local.pointers_kms_read_write_arn, - #aws_iam_policy.pointers-table-read.arn, - #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehost_lambda_splunk_only_subscription @@ -346,9 +310,6 @@ module "producer__status" { } additional_policies = [ local.pointers_table_read_policy_arn, - #local.pointers_kms_read_write_arn, - #aws_iam_policy.pointers-table-read.arn, - #aws_iam_policy.pointers-kms-read-write.arn, local.auth_store_read_policy_arn ] firehose_subscriptions = local.firehost_lambda_splunk_only_subscription