CCM-8569 adding DLQ

aidenvaines-cgi · aidenvaines-cgi · commit d71e17db232b · 2025-02-12T16:02:17.000Z
diff --git a/infrastructure/modules/eventpub/iam_role_lambda.tf b/infrastructure/modules/eventpub/iam_role_lambda.tf
@@ -67,6 +67,19 @@ data "aws_iam_policy_document" "lambda" {
     ]
   }
 
+    statement {
+    sid    = "DLQPutMessage"
+    effect = "Allow"
+
+    actions = [
+      "sqs:SendMessage",
+    ]
+
+    resources = [
+      aws_sqs_queue.dlq.arn
+    ]
+  }
+
   statement {
     sid    = "KMSCloudwatchKeyAccess"
     effect = "Allow"
diff --git a/infrastructure/modules/eventpub/lambda_function.tf b/infrastructure/modules/eventpub/lambda_function.tf
@@ -13,16 +13,18 @@ resource "aws_lambda_function" "main" {
   source_code_hash = data.archive_file.lambda.output_base64sha256
 
   logging_config {
-    application_log_level = "INFO"
+    application_log_level = var.log_level
     log_format            = "JSON"
     log_group             = aws_cloudwatch_log_group.lambda.name
-    system_log_level      = "WARN"
+    system_log_level      = var.log_level
   }
 
   environment {
     variables = {
       DATA_PLANE_EVENT_BUS_ARN    = var.data_plane_bus_arn
       CONTROL_PLANE_EVENT_BUS_ARN = var.control_plane_bus_arn
+      DLQ_URL                     = aws_sqs_queue.dlq.url
+      THROTTLE_DELAY_MS           = "0"
     }
   }
 }
diff --git a/infrastructure/modules/eventpub/sqs_queue_dlq.tf b/infrastructure/modules/eventpub/sqs_queue_dlq.tf
@@ -0,0 +1,5 @@
+resource "aws_sqs_queue" "dlq" {
+  name = "${local.csi}-dlq"
+
+  kms_master_key_id = var.kms_key_arn
+}
diff --git a/infrastructure/modules/eventpub/variables.tf b/infrastructure/modules/eventpub/variables.tf
@@ -83,16 +83,7 @@ variable "enable_sns_delivery_logging" {
   default     = false
 }
 
-variable "sns_delivery_logging_bucket" {
-  type        = string
-  description = "An S3 bucket name if event caching is enabled"
-  default     = ""
 
-  validation {
-    condition     = var.enable_sns_delivery_logging == false || length(var.sns_delivery_logging_bucket) > 1
-    error_message = "If delivery logs are required, an S3 bucket name must be provided"
-  }
-}
 
 variable "sns_success_logging_sample_percent" {
   type        = number
@@ -103,7 +94,7 @@ variable "sns_success_logging_sample_percent" {
 variable "log_level" {
   type        = string
   description = "The log level to be used in lambda functions within the component. Any log with a lower severity than the configured value will not be logged: https://docs.python.org/3/library/logging.html#levels"
-  default     = "INFO"
+  default     = "WARN"
 }
 
 variable "event_cache_expiry_days" {

Original file line number	Diff line number	Diff line change
`@@ -13,16 +13,18 @@ resource "aws_lambda_function" "main" {`
`13`	`13`	`source_code_hash = data.archive_file.lambda.output_base64sha256`
`14`	`14`
`15`	`15`	`logging_config {`
`16`		`- application_log_level = "INFO"`
	`16`	`+ application_log_level = var.log_level`
`17`	`17`	`log_format = "JSON"`
`18`	`18`	`log_group = aws_cloudwatch_log_group.lambda.name`
`19`		`- system_log_level = "WARN"`
	`19`	`+ system_log_level = var.log_level`
`20`	`20`	`}`
`21`	`21`
`22`	`22`	`environment {`
`23`	`23`	`variables = {`
`24`	`24`	`DATA_PLANE_EVENT_BUS_ARN = var.data_plane_bus_arn`
`25`	`25`	`CONTROL_PLANE_EVENT_BUS_ARN = var.control_plane_bus_arn`
	`26`	`+ DLQ_URL = aws_sqs_queue.dlq.url`
	`27`	`+ THROTTLE_DELAY_MS = "0"`
`26`	`28`	`}`
`27`	`29`	`}`
`28`	`30`	`}`