Merge pull request #28 from NHSDigital/aiva2/CCM--8237_SQSModule

CCM-8237 SQS module

Author: aidenvaines-cgi

.github/workflows/manual-combine-dependabot-prs.yaml

@@ -0,0 +1,24 @@
+name: Combine Dependabot PRs
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+  checks: read
+
+jobs:
+  combine-prs:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: combine-prs
+        id: combine-prs
+        uses: github/combine-prs@v5.1.0
+        with:
+          ci_required: false
+          labels: dependencies
+          pr_title: Combined Dependabot PRs
+          combine_branch_name: dependabotCombined
+          pr_body_header: Combined Dependabot PRs

infrastructure/modules/lambda/outputs.tf

@@ -15,7 +15,7 @@ output "function_qualified_arn" {
 }
 
 output "function_env_vars" {
-  value = length(var.lambda_env_vars) == 0 ? [] : aws_lambda_function.main.environment[0].variables
+  value = length(var.lambda_env_vars) == 0 ? {} : aws_lambda_function.main.environment[0].variables
 }
 
 output "iam_role_name" {

infrastructure/modules/sqs/data_iam_policy_document_deadletter_queue.tf

@@ -0,0 +1,24 @@
+data "aws_iam_policy_document" "deadletter_queue" {
+  count = var.create_dlq ? 1 : 0
+
+  statement {
+    effect = "Allow"
+
+    resources = [aws_sqs_queue.deadletter_queue[0].arn]
+
+    actions = [
+      "sqs:ChangeMessageVisibility",
+      "sqs:DeleteMessage",
+      "sqs:GetQueueAttributes",
+      "sqs:GetQueueUrl",
+      "sqs:ListQueueTags",
+      "sqs:ReceiveMessage",
+      "sqs:SendMessage",
+    ]
+
+    principals {
+      type        = "AWS"
+      identifiers = [var.aws_account_id]
+    }
+  }
+}

infrastructure/modules/sqs/data_iam_policy_document_sqs_queue.tf

@@ -0,0 +1,54 @@
+data "aws_iam_policy_document" "sqs_queue" {
+  statement {
+    effect = "Allow"
+
+    resources = [aws_sqs_queue.sqs_queue.arn]
+
+    actions = [
+      "sqs:ChangeMessageVisibility",
+      "sqs:DeleteMessage",
+      "sqs:GetQueueAttributes",
+      "sqs:GetQueueUrl",
+      "sqs:ListQueueTags",
+      "sqs:ReceiveMessage",
+      "sqs:SendMessage",
+    ]
+
+    principals {
+      type        = "AWS"
+      identifiers = [var.aws_account_id]
+    }
+  }
+
+  dynamic "statement" {
+    for_each = var.sns_source_arn != null ? [1] : []
+
+    content {
+      effect = "Allow"
+
+      principals {
+        type = "Service"
+        identifiers = [
+          "sns.amazonaws.com"
+        ]
+      }
+
+      actions = [
+        "sqs:SendMessage",
+        "sqs:SendMessageBatch",
+      ]
+
+      condition {
+        test     = "ArnEquals"
+        variable = "aws:SourceArn"
+        values = [
+          var.sns_source_arn
+        ]
+      }
+
+      resources = [
+        aws_sqs_queue.sqs_queue.arn,
+      ]
+    }
+  }
+}

infrastructure/modules/sqs/locals.tf

@@ -0,0 +1,36 @@
+locals {
+  # Compound Scope Identifier
+  csi = replace(
+    format(
+      "%s-%s-%s-%s",
+      var.project,
+      var.environment,
+      var.component,
+      var.name
+    ),
+    "_",
+    "",
+  )
+
+  # CSI for use in resources with a global namespace, i.e. S3 Buckets
+  csi_global = replace(
+    format(
+      "%s-%s-%s-%s-%s",
+      var.project,
+      var.aws_account_id,
+      var.region,
+      var.environment,
+      var.component,
+    ),
+    "_",
+    "",
+  )
+
+  default_tags = merge(
+    var.default_tags,
+    {
+      Module = var.module
+      Name   = local.csi
+    },
+  )
+}

infrastructure/modules/sqs/outputs.tf

@@ -0,0 +1,23 @@
+output "sqs_queue_url" {
+  value = aws_sqs_queue.sqs_queue.id
+}
+
+output "sqs_queue_arn" {
+  value = aws_sqs_queue.sqs_queue.arn
+}
+
+output "sqs_dlq_url" {
+  value = var.create_dlq ? aws_sqs_queue.deadletter_queue[0].id : null
+}
+
+output "sqs_dlq_arn" {
+  value = var.create_dlq ? aws_sqs_queue.deadletter_queue[0].arn : null
+}
+
+output "sqs_queue_name" {
+  value = "${local.csi}-queue"
+}
+
+output "sqs_dlq_name" {
+  value = var.create_dlq ? aws_sqs_queue.deadletter_queue[0].name : null
+}

infrastructure/modules/sqs/sqs_queue.tf

@@ -0,0 +1,14 @@
+resource "aws_sqs_queue" "sqs_queue" {
+  name = "${local.csi}-queue"
+
+  message_retention_seconds   = var.message_retention_seconds
+  visibility_timeout_seconds  = var.visibility_timeout_seconds
+  fifo_queue                  = var.fifo_queue
+  content_based_deduplication = var.content_based_deduplication
+  max_message_size            = var.max_message_size
+
+  kms_master_key_id                 = var.sqs_kms_key_arn
+  kms_data_key_reuse_period_seconds = var.kms_data_key_reuse_period_seconds
+
+  tags = local.default_tags
+}

infrastructure/modules/sqs/sqs_queue_deadletter_queue.tf

@@ -0,0 +1,16 @@
+resource "aws_sqs_queue" "deadletter_queue" {
+  count = var.create_dlq ? 1 : 0
+
+  name = "${local.csi}-dlq"
+
+  message_retention_seconds   = var.message_retention_seconds
+  visibility_timeout_seconds  = var.visibility_timeout_seconds
+  fifo_queue                  = var.fifo_queue
+  content_based_deduplication = var.content_based_deduplication
+  max_message_size            = var.max_message_size
+
+  kms_master_key_id                 = var.sqs_kms_key_arn
+  kms_data_key_reuse_period_seconds = var.kms_data_key_reuse_period_seconds
+
+  tags = local.default_tags
+}

infrastructure/modules/sqs/sqs_queue_policy.tf

@@ -0,0 +1,4 @@
+resource "aws_sqs_queue_policy" "sqs_queue_policy" {
+  queue_url = aws_sqs_queue.sqs_queue.id
+  policy    = data.aws_iam_policy_document.sqs_queue.json
+}

infrastructure/modules/sqs/sqs_queue_policy_deadletter_queue.tf

@@ -0,0 +1,6 @@
+resource "aws_sqs_queue_policy" "deadletter_queue" {
+  count = var.create_dlq ? 1 : 0
+
+  queue_url = aws_sqs_queue.deadletter_queue[0].id
+  policy    = data.aws_iam_policy_document.deadletter_queue[0].json
+}