Skip to content

[NRL-1379] Add TF config for lambda error notifications in test and prod #939

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mattdean3-nhs merged 2 commits into from
Jun 20, 2025
Merged

[NRL-1379] Add TF config for lambda error notifications in test and prod #939

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
587538c
[NRL-1379] Add TF config for lambda error notifications in test and prod
mattdean3-nhs Jun 20, 2025
bf3e3b4
[NRL-1379] Keep notification emails as sensitive in TF
mattdean3-nhs Jun 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion terraform/account-wide-infrastructure/dev/locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@ locals {
environment = terraform.workspace
prefix = "${local.project}--${local.environment}"

notification_emails = nonsensitive(toset(tolist(jsondecode(data.aws_secretsmanager_secret_version.emails.secret_string))))
notification_emails = tolist(jsondecode(data.aws_secretsmanager_secret_version.emails.secret_string))
}
4 changes: 0 additions & 4 deletions terraform/account-wide-infrastructure/dev/secrets.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,6 @@ resource "aws_secretsmanager_secret" "backup_destination_parameters" {
description = "Parameters used to configure the backup destination"
}

resource "aws_secretsmanager_secret" "notification_email_addresses" {
name = "${local.prefix}-dev-notification-email-addresses"
}

resource "aws_secretsmanager_secret" "dev_smoke_test_apigee_app" {
name = "${local.prefix}--dev--apigee-app--smoke-test"
description = "APIGEE App used to run Smoke Tests against the DEV environment"
Expand Down
4 changes: 2 additions & 2 deletions terraform/account-wide-infrastructure/modules/lambda-errors-metric-alarm/sns.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ resource "aws_sns_topic" "sns_topic" {
}

resource "aws_sns_topic_subscription" "sns_subscription" {
for_each = var.notification_emails
count = length(var.notification_emails)
topic_arn = aws_sns_topic.sns_topic.arn
protocol = "email"
endpoint = sensitive(each.value)
endpoint = var.notification_emails[count.index]
}
3 changes: 2 additions & 1 deletion terraform/account-wide-infrastructure/modules/lambda-errors-metric-alarm/vars.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@ variable "kms_deletion_window_in_days" {
}

variable "notification_emails" {
type = set(string)
type = list(string)
sensitive = true
description = "The email addresses to which notifications will be sent."
default = []
}
2 changes: 2 additions & 0 deletions terraform/account-wide-infrastructure/prod/cloudwatch.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ module "lambda_errors_cloudwatch_metric_alarm_dev" {
source = "../modules/lambda-errors-metric-alarm"
name_prefix = "nhsd-nrlf--prod"

notification_emails = local.notification_emails

evaluation_periods = 1
period = 60
threshold = 1
Expand Down
8 changes: 8 additions & 0 deletions terraform/account-wide-infrastructure/prod/data.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,11 @@
data "aws_secretsmanager_secret_version" "identities_account_id" {
secret_id = aws_secretsmanager_secret.identities_account_id.name
}

data "aws_secretsmanager_secret" "emails" {
name = "${local.prefix}-emails"
}

data "aws_secretsmanager_secret_version" "emails" {
secret_id = data.aws_secretsmanager_secret.emails.id
}
2 changes: 2 additions & 0 deletions terraform/account-wide-infrastructure/prod/locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,6 @@ locals {
project = "nhsd-nrlf"
environment = terraform.workspace
prefix = "${local.project}--${local.environment}"

notification_emails = tolist(jsondecode(data.aws_secretsmanager_secret_version.emails.secret_string))
}
2 changes: 2 additions & 0 deletions terraform/account-wide-infrastructure/test/cloudwatch.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ module "lambda_errors_cloudwatch_metric_alarm_dev" {
source = "../modules/lambda-errors-metric-alarm"
name_prefix = "nhsd-nrlf--test"

notification_emails = local.notification_emails

evaluation_periods = 1
period = 60
threshold = 1
Expand Down
9 changes: 9 additions & 0 deletions terraform/account-wide-infrastructure/test/data.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,12 @@
data "aws_secretsmanager_secret_version" "identities_account_id" {
secret_id = aws_secretsmanager_secret.identities_account_id.name
}


data "aws_secretsmanager_secret" "emails" {
name = "${local.prefix}-emails"
}

data "aws_secretsmanager_secret_version" "emails" {
secret_id = data.aws_secretsmanager_secret.emails.id
}
2 changes: 2 additions & 0 deletions terraform/account-wide-infrastructure/test/locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,6 @@ locals {
project = "nhsd-nrlf"
environment = terraform.workspace
prefix = "${local.project}--${local.environment}"

notification_emails = tolist(jsondecode(data.aws_secretsmanager_secret_version.emails.secret_string))
}
Loading