New: [AEA-5199] - Setup notifications flow

.pre-commit-config.yaml

@@ -86,6 +86,16 @@ repos:
         files: ^packages\/checkPrescriptionStatusUpdates
         types_or: [ts, tsx, javascript, jsx, json]
         pass_filenames: false
+
+      - id: lint-nhsNotifyLambda
+        name: Lint nhsNotifyLambda
+        entry: npm
+        args:
+          ["run", "--prefix=packages/nhsNotifyLambda", "lint"]
+        language: system
+        files: ^packages\/nhsNotifyLambda
+        types_or: [ts, tsx, javascript, jsx, json]
+        pass_filenames: false
 
       - id: lint-commonTesting
         name: Lint common/testing

.vscode/eps-prescription-status-update-api.code-workspace

@@ -28,6 +28,10 @@
       "name": "packages/cpsuLambda",
       "path": "../packages/cpsuLambda"
     },
+    {
+      "name": "packages/nhsNotifyLambda",
+      "path": "../packages/nhsNotifyLambda"
+    },
     {
       "name": "packages/capabilityStatement",
       "path": "../packages/capabilityStatement"
@@ -36,6 +40,10 @@
       "name": "packages/checkPrescriptionStatusUpdates",
       "path": "../packages/checkPrescriptionStatusUpdates"
     },
+    {
+      "name": "packages/common/commonTypes",
+      "path": "../packages/common/commonTypes"
+    },
     {
       "name": "packages/common/testing",
       "path": "../packages/common/testing"

Makefile

@@ -116,8 +116,10 @@ lint-node: compile-node
 	npm run lint --workspace packages/capabilityStatement
 	npm run lint --workspace packages/cpsuLambda
 	npm run lint --workspace packages/checkPrescriptionStatusUpdates
+	npm run lint --workspace packages/nhsNotifyLambda
 	npm run lint --workspace packages/common/testing
 	npm run lint --workspace packages/common/middyErrorHandler
+	npm run lint --workspace packages/common/commonTypes
 
 lint-specification: compile-specification
 	npm run lint --workspace packages/specification
@@ -144,6 +146,7 @@ test: compile
 	npm run test --workspace packages/capabilityStatement
 	npm run test --workspace packages/cpsuLambda
 	npm run test --workspace packages/checkPrescriptionStatusUpdates
+	npm run test --workspace packages/nhsNotifyLambda
 	npm run test --workspace packages/common/middyErrorHandler
 
 clean:
@@ -159,9 +162,12 @@ clean:
 	rm -rf packages/capabilityStatement/lib
 	rm -rf packages/cpsuLambda/coverage
 	rm -rf packages/cpsuLambda/lib
+	rm -rf packages/nhsNotifyLambda/coverage
+	rm -rf packages/nhsNotifyLambda/lib
 	rm -rf packages/checkPrescriptionStatusUpdates/lib
 	rm -rf packages/common/testing/lib
 	rm -rf packages/common/middyErrorHandler/lib
+	rm -rf packages/common/commonTypes/lib
 	rm -rf .aws-sam
 
 deep-clean: clean

README.md

@@ -19,6 +19,7 @@ This is the AWS layer that provides an API for EPS Prescription Status Update.
 - `packages/statusLambda/` Returns the status of the updatePrescriptionStatus endpoint
 - `packages/capabilityStatement/` Returns a static capability statement.
 - `packages/cpsuLambda` Handles updating prescription status using a custom format.
+- `packages/nhsNotifyLambda` Handles sending prescription notifications to the NHS notify service.
 - `scripts/` Utilities helpful to developers of this specification.
 - `postman/` Postman collections to call the APIs. Documentation on how to use them are in the collections.
 - `SAMtemplates/` Contains the SAM templates used to define the stacks.

SAMtemplates/functions/main.yaml

@@ -25,6 +25,14 @@ Parameters:
     Type: String
     Default: none
 
+  PrescriptionNotificationStateTableName:
+    Type: String
+    Default: none
+
+  NHSNotifyPrescriptionsSQSQueueUrl:
+    Type: String
+    Default: none
+
   LogLevel:
     Type: String
 
@@ -62,6 +70,7 @@ Resources:
       Environment:
         Variables:
           TABLE_NAME: !Ref PrescriptionStatusUpdatesTableName
+          NHS_NOTIFY_PRESCRIPTIONS_SQS_QUEUE_URL: !Ref NHSNotifyPrescriptionsSQSQueueUrl
           LOG_LEVEL: !Ref LogLevel
           ENVIRONMENT: !Ref Environment
           TEST_PRESCRIPTIONS_1: "None"
@@ -96,6 +105,8 @@ Resources:
           - - Fn::ImportValue: !Sub ${StackName}:tables:${PrescriptionStatusUpdatesTableName}:TableWritePolicyArn
             - Fn::ImportValue: !Sub ${StackName}:tables:${PrescriptionStatusUpdatesTableName}:TableReadPolicyArn
             - Fn::ImportValue: !Sub ${StackName}:tables:UsePrescriptionStatusUpdatesKMSKeyPolicyArn
+            - Fn::ImportValue: !Sub ${StackName}-UseNotificationSQSQueueKMSKeyPolicyArn
+            - Fn::ImportValue: !Sub ${StackName}-WriteNHSNotifyPrescriptionsSQSQueuePolicyArn
         LogRetentionInDays: !Ref LogRetentionInDays
         CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn
         EnableSplunk: !Ref EnableSplunk
@@ -320,6 +331,91 @@ Resources:
         SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole
         SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream
 
+  NHSNotifyLambdaScheduleEventRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service:
+                - scheduler.amazonaws.com
+            Action:
+              - sts:AssumeRole
+      ManagedPolicyArns:
+        - !Ref NHSNotifyLambdaScheduleEventRolePolicy
+
+  NHSNotifyLambdaScheduleEventRolePolicy:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      PolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Action:
+              - lambda:InvokeFunction
+            Resource:
+              - !GetAtt NHSNotifyLambda.Arn
+
+  NHSNotifyLambda:
+    Type: AWS::Serverless::Function
+    Properties:
+      FunctionName: !Sub ${StackName}-NHSNotifyLambda
+      CodeUri: ../../packages/
+      Handler: nhsNotifyLambda.handler
+      Role: !GetAtt NHSNotifyLambdaResources.Outputs.LambdaRoleArn
+      Environment:
+        Variables:
+          LOG_LEVEL: !Ref LogLevel
+          NHS_NOTIFY_PRESCRIPTIONS_SQS_QUEUE_URL: !Ref NHSNotifyPrescriptionsSQSQueueUrl
+          TABLE_NAME: !Ref PrescriptionNotificationStateTableName
+      Events:
+        ScheduleEvent:
+          Type: ScheduleV2
+          Properties:
+            Name: !Sub ${StackName}-NHSNotifySchedule
+            ScheduleExpression: "rate(1 minute)"
+            RoleArn: !GetAtt NHSNotifyLambdaScheduleEventRole.Arn
+    Metadata:
+      BuildMethod: esbuild
+      guard:
+        SuppressedRules:
+        - LAMBDA_DLQ_CHECK
+        - LAMBDA_INSIDE_VPC
+        - LAMBDA_CONCURRENCY_CHECK
+      BuildProperties:
+        Minify: true
+        Target: es2020
+        Sourcemap: true
+        tsconfig: nhsNotifyLambda/tsconfig.json
+        packages: bundle
+        EntryPoints:
+          - nhsNotifyLambda/src/nhsNotifyLambda.ts
+
+  NHSNotifyLambdaResources:
+    Type: AWS::Serverless::Application
+    Properties:
+      Location: lambda_resources.yaml
+      Parameters:
+        StackName: !Ref StackName
+        LambdaName: !Sub ${StackName}-NHSNotifyLambda
+        LambdaArn: !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${StackName}-NHSNotifyLambda
+        LogRetentionInDays: !Ref LogRetentionInDays
+        CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn
+        EnableSplunk: !Ref EnableSplunk
+        SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole
+        SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream
+        IncludeAdditionalPolicies: true
+        AdditionalPolicies: !Join
+          - ","
+          - - Fn::ImportValue: !Sub ${StackName}-WriteNHSNotifyPrescriptionsSQSQueuePolicyArn
+            - Fn::ImportValue: !Sub ${StackName}-ReadNHSNotifyPrescriptionsSQSQueuePolicyArn
+            - Fn::ImportValue: !Sub ${StackName}-UseNotificationSQSQueueKMSKeyPolicyArn
+            - Fn::ImportValue: !Sub ${StackName}:tables:${PrescriptionNotificationStateTableName}:TableReadPolicyArn
+            - Fn::ImportValue: !Sub ${StackName}:tables:${PrescriptionNotificationStateTableName}:TableWritePolicyArn
+            - Fn::ImportValue: !Sub ${StackName}:tables:UsePrescriptionNotificationStateKMSKeyPolicyArn
+
 Outputs:
   UpdatePrescriptionStatusFunctionName:
     Description: The function name of the UpdatePrescriptionStatus lambda
@@ -378,3 +474,11 @@ Outputs:
       - ShouldDeployCheckPrescriptionStatusUpdate
       - !GetAtt CheckPrescriptionStatusUpdates.Arn
       - ""
+
+  NHSNotifyLambdaFunctionName:
+    Description: The function name of the NHS Notify lambda
+    Value: !Ref NHSNotifyLambda
+
+  NHSNotifyLambdaFunctionArn:
+    Description: The function ARN of the NHS Notify lambda
+    Value: !GetAtt NHSNotifyLambda.Arn

SAMtemplates/main_template.yaml

@@ -98,6 +98,13 @@ Resources:
         StackName: !Ref AWS::StackName
         EnableDynamoDBAutoScaling: !Ref EnableDynamoDBAutoScaling
 
+  Messaging:
+    Type: AWS::Serverless::Application
+    Properties:
+      Location: messaging/main.yaml
+      Parameters:
+        StackName: !Ref AWS::StackName
+
   Apis:
     Type: AWS::Serverless::Application
     Properties:
@@ -127,6 +134,8 @@ Resources:
       Parameters:
         StackName: !Ref AWS::StackName
         PrescriptionStatusUpdatesTableName: !GetAtt Tables.Outputs.PrescriptionStatusUpdatesTableName
+        PrescriptionNotificationStateTableName: !GetAtt Tables.Outputs.PrescriptionNotificationStateTableName
+        NHSNotifyPrescriptionsSQSQueueUrl: !GetAtt Messaging.Outputs.NHSNotifyPrescriptionsSQSQueueUrl
         LogLevel: !Ref LogLevel
         LogRetentionInDays: !Ref LogRetentionInDays
         EnableSplunk: !Ref EnableSplunk

SAMtemplates/messaging/main.yaml

@@ -0,0 +1,129 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Transform: AWS::Serverless-2016-10-31
+Description: |
+  SQS messaging stacks used by the PSU
+
+Parameters:
+  StackName:
+    Type: String
+
+Resources:
+  NotificationSQSQueueKMSKey:
+    Type: AWS::KMS::Key
+    Properties:
+      EnableKeyRotation: true
+      KeyPolicy:
+        Version: 2012-10-17
+        Id: NotificationSQSQueueKeyPolicy
+        Statement:
+          - Sid: EnableIAMUserPermissions
+            Effect: Allow
+            Principal:
+              AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root"
+            Action: kms:*
+            Resource: "*"
+
+  NotificationSQSQueueKMSKeyAlias:
+    Type: AWS::KMS::Alias
+    Properties:
+      AliasName: !Sub alias/${StackName}-NotificationSQSQueueKMSKey
+      TargetKeyId: !Ref NotificationSQSQueueKMSKey
+
+  UseNotificationSQSQueueKMSKeyPolicy:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      ManagedPolicyName: !Sub ${StackName}-UseNotificationSQSQueueKMSKey
+      PolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Sid: AllowKmsForSqsEncryption
+            Effect: Allow
+            Action:
+              - kms:DescribeKey
+              - kms:GenerateDataKey*
+              - kms:Encrypt
+              - kms:Decrypt
+            Resource: !GetAtt NotificationSQSQueueKMSKey.Arn
+
+  NHSNotifyPrescriptionsSQSQueue:
+    Type: AWS::SQS::Queue
+    Properties:
+      QueueName: !Sub ${StackName}-NHSNotifyPrescriptions
+      KmsMasterKeyId: !Ref NotificationSQSQueueKMSKeyAlias
+      MessageRetentionPeriod: 86400    # 1 day in seconds
+      RedrivePolicy:
+        deadLetterTargetArn: !GetAtt NHSNotifyPrescriptionsDeadLetterQueue.Arn
+        maxReceiveCount: 5
+      VisibilityTimeout: 300
+
+  NHSNotifyPrescriptionsDeadLetterQueue:
+    Type: AWS::SQS::Queue
+    Properties:
+      QueueName: !Sub ${StackName}-NHSNotifyPrescriptionsDeadLetter
+      KmsMasterKeyId: !Ref NotificationSQSQueueKMSKeyAlias
+      MessageRetentionPeriod: 604800   # 1 week in seconds
+      VisibilityTimeout: 300
+
+  ReadNHSNotifyPrescriptionsSQSQueuePolicy:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      PolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Action:
+              - sqs:ReceiveMessage
+              - sqs:DeleteMessage
+              - sqs:ChangeMessageVisibility
+              - sqs:GetQueueAttributes
+              - sqs:GetQueueUrl
+              - kms:GenerateDataKey
+              - kms:Decrypt
+            Resource: !GetAtt NHSNotifyPrescriptionsSQSQueue.Arn
+
+  WriteNHSNotifyPrescriptionsSQSQueuePolicy:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      ManagedPolicyName: !Sub ${StackName}-NHSNotifyPrescriptionsSendMessagePolicy
+      PolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Effect: Allow
+            Action:
+              - sqs:SendMessage
+              - sqs:SendMessageBatch
+              - sqs:GetQueueUrl
+              - kms:GenerateDataKey
+              - kms:Decrypt
+            Resource: !GetAtt NHSNotifyPrescriptionsSQSQueue.Arn
+
+Outputs:
+  NHSNotifyPrescriptionsSQSQueueUrl:
+    Description: The URL of the NHS Notify Prescriptions SQS Queue
+    Value: !Ref NHSNotifyPrescriptionsSQSQueue
+    Export:
+      Name: !Sub ${StackName}-NHSNotifyPrescriptionsSQSQueueUrl
+
+  NHSNotifyPrescriptionsSQSQueueArn:
+    Description: The ARN of the NHS Notify Prescriptions SQS Queue
+    Value: !GetAtt NHSNotifyPrescriptionsSQSQueue.Arn
+    Export:
+      Name: !Sub ${StackName}-NHSNotifyPrescriptionsSQSQueueArn
+
+  ReadNHSNotifyPrescriptionsSQSQueuePolicyArn:
+    Description: ARN of policy granting permission to read the prescriptions queue
+    Value: !Ref ReadNHSNotifyPrescriptionsSQSQueuePolicy
+    Export:
+      Name: !Sub ${StackName}-ReadNHSNotifyPrescriptionsSQSQueuePolicyArn
+
+  WriteNHSNotifyPrescriptionsSQSQueuePolicyArn:
+    Description: ARN of policy granting permission to write to the prescriptions queue
+    Value: !Ref WriteNHSNotifyPrescriptionsSQSQueuePolicy
+    Export:
+      Name: !Sub ${StackName}-WriteNHSNotifyPrescriptionsSQSQueuePolicyArn
+
+  UseNotificationSQSQueueKMSKeyPolicyArn:
+    Description: ARN of managed policy granting prescriptions queue KMS usage
+    Value: !Ref UseNotificationSQSQueueKMSKeyPolicy
+    Export:
+      Name: !Sub ${StackName}-UseNotificationSQSQueueKMSKeyPolicyArn