From 2110af6ce5cc05fb682e0582298aa6c3c399cd0a Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Tue, 9 Dec 2025 15:44:22 +0000 Subject: [PATCH 01/12] [PRMP-1048] the infrastructure --- infrastructure/concurrency_controls.tf | 75 +++++++++++++++++++ .../lambda-concurrency-controller.tf | 61 +++++++++++++++ infrastructure/schedules.tf | 5 ++ infrastructure/variable.tf | 18 +++++ 4 files changed, 159 insertions(+) create mode 100644 infrastructure/concurrency_controls.tf create mode 100644 infrastructure/lambda-concurrency-controller.tf diff --git a/infrastructure/concurrency_controls.tf b/infrastructure/concurrency_controls.tf new file mode 100644 index 000000000..8dd49371c --- /dev/null +++ b/infrastructure/concurrency_controls.tf @@ -0,0 +1,75 @@ +# Concurrency control schedules +# Office hour start +resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_office_hours_start" { + name = "bulk-upload-office-hours-start" + schedule_expression = "cron(0 9 * * ? *)" +} + +resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_start" { + rule = aws_cloudwatch_event_rule.bulk_upload_concurrency_office_hours_start.name + target_id = "office-hours-start" + arn = module.concurrency_controller.arn + + input = jsonencode({ + targetFunction = var.bulk_upload_lambda_name + reservedConcurrency = var.office_hours_start_concurrency + }) +} + +# Office hours stop +resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_office_hours_stop" { + name = "bulk-upload-office-hours-stop" + schedule_expression = "cron(0 17 * * ? *)" +} + +resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_stop" { + rule = aws_cloudwatch_event_rule.bulk_upload_office_hours_stop.name + target_id = "office-hours-stop" + arn = module.concurrency_controller.arn + + input = jsonencode({ + targetFunction = var.bulk_upload_lambda_name + reservedConcurrency = var.office_hours_end_concurrency + }) +} + +# Concurrency control triggers +# Concurrency freeze during ECS deploy +resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_deploy" { + name = "bulk-upload-concurrency-deploy" + event_pattern = jsonencode({ + source = ["deploy.pipeline"] + detail-type = ["freeze-concurrency"] + }) +} + +resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_deploy" { + rule = aws_cloudwatch_event_rule.bulk_upload_concurrency_deploy.name + target_id = "freeze-concurrency" + arn = module.concurrency_controller.arn + + input = jsonencode({ + targetFunction = var.bulk_upload_lambda_name + reservedConcurrency = 0 + }) +} + +# Restore concurrency after release +resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_release_restore" { + name = "bulk-upload-concurrency-release-restore" + event_pattern = jsonencode({ + source = ["release.pipeline"] + detail-type = ["restore-bulk-upload-concurrency"] + }) +} + +resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_release_restore" { + rule = aws_cloudwatch_event_rule.bulk_upload_concurrency_release_restore.name + target_id = "restore-bulk-upload-concurrency" + arn = module.concurrency_controller.arn + + input = jsonencode({ + targetFunction = var.bulk_upload_lambda_name + reservedConcurrency = local.bulk_upload_lambda_concurrent_limit + }) +} diff --git a/infrastructure/lambda-concurrency-controller.tf b/infrastructure/lambda-concurrency-controller.tf new file mode 100644 index 000000000..9d46112e3 --- /dev/null +++ b/infrastructure/lambda-concurrency-controller.tf @@ -0,0 +1,61 @@ + +data "aws_iam_policy_document" "concurrency_controller_policy" { + statement { + effect = "Allow" + actions = [ + "lambda:PutFunctionConcurrency", + "lambda:GetFunctionConcurrency" + ] + resources = [ + module.bulk-upload-lambda.lambda_arn + ] + } +} + +module "concurrency_controller" { + source = "./modules/lambda" + name = "ConcurrencyController" + handler = "handlers.concurrency_controller_handler.lambda_handler" + + #This lambda is an orchestrator so should have unlimited conc + reserved_concurrent_executions = -1 + + is_gateway_integration_needed = false + is_invoked_from_gateway = false + + iam_role_policy_documents = [ + data.aws_iam_policy_document.concurrency_controller_policy.json + ] +} + +resource "aws_lambda_permission" "office_hours_start_permission" { + statement_id = "AllowEventBridgeOfficeHoursStart" + action = "lambda:InvokeFunction" + function_name = module.concurrency_controller.lambda_function_name + principal = "events.amazonaws.com" + source_arn = aws_cloudwatch_event_rule.bulk_upload_concurrency_office_hours_start.arn +} + +resource "aws_lambda_permission" "office_hours_stop_permission" { + statement_id = "AllowEventBridgeOfficeHoursStop" + action = "lambda:InvokeFunction" + function_name = module.concurrency_controller.lambda_function_name + principal = "events.amazonaws.com" + source_arn = aws_cloudwatch_event_rule.bulk_upload_concurrency_office_hours_stop.arn +} + +resource "aws_lambda_permission" "deploy_permission" { + statement_id = "AllowEventBridgeDeploy" + action = "lambda:InvokeFunction" + function_name = module.concurrency_controller.lambda_function_name + principal = "events.amazonaws.com" + source_arn = aws_cloudwatch_event_rule.bulk_upload_concurrency_deploy.arn +} + +resource "aws_lambda_permission" "release_restore_permission" { + statement_id = "AllowEventBridgeReleaseRestore" + action = "lambda:InvokeFunction" + function_name = module.concurrency_controller.lambda_function_name + principal = "events.amazonaws.com" + source_arn = aws_cloudwatch_event_rule.bulk_upload_concurrency_release_restore.arn +} diff --git a/infrastructure/schedules.tf b/infrastructure/schedules.tf index 5b86cbcf6..b1bd52e0b 100644 --- a/infrastructure/schedules.tf +++ b/infrastructure/schedules.tf @@ -168,6 +168,7 @@ resource "aws_lambda_permission" "toggle_bulk_upload_disable_permission" { source_arn = aws_cloudwatch_event_rule.bulk_upload_disable_rule.arn } +<<<<<<< HEAD # Transfer Key Manager Schedule - Daily SSH Key Expiry Check resource "aws_cloudwatch_event_rule" "transfer_key_manager_schedule" { name = "${terraform.workspace}_transfer_key_manager_schedule" @@ -198,3 +199,7 @@ resource "aws_lambda_permission" "transfer_key_manager_schedule_permission" { aws_cloudwatch_event_rule.transfer_key_manager_schedule ] } +======= + + +>>>>>>> aead3e6 ([PRMP-1048] the infrastructure) diff --git a/infrastructure/variable.tf b/infrastructure/variable.tf index 272a4cbfd..5d64d3937 100644 --- a/infrastructure/variable.tf +++ b/infrastructure/variable.tf @@ -321,3 +321,21 @@ variable "ssh_key_management_dry_run" { type = bool default = false } + +# Concurrency Controller + +variable "bulk_upload_lambda_name" { + type = string +} + +variable "office_hours_start_concurrency" { + type = number + default = 1 +} + +variable "office_hours_end_concurrency" { + type = number + default = 3 +} + + From 38d30e402284849c6906c6b89a9ce8e83c1a8047 Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Tue, 9 Dec 2025 16:19:00 +0000 Subject: [PATCH 02/12] [PRMP-1048] remove space --- infrastructure/variable.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/infrastructure/variable.tf b/infrastructure/variable.tf index 5d64d3937..08e7ff6ff 100644 --- a/infrastructure/variable.tf +++ b/infrastructure/variable.tf @@ -323,7 +323,6 @@ variable "ssh_key_management_dry_run" { } # Concurrency Controller - variable "bulk_upload_lambda_name" { type = string } From 4ccc9dd65aae4db8c02d0e02a63f0bc4040819c0 Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Tue, 16 Dec 2025 14:37:15 +0000 Subject: [PATCH 03/12] [PRMP-1048] lambda name var replace --- infrastructure/concurrency_controls.tf | 16 ++++++++-------- infrastructure/lambda-concurrency-controller.tf | 10 +++++----- infrastructure/variable.tf | 3 --- 3 files changed, 13 insertions(+), 16 deletions(-) diff --git a/infrastructure/concurrency_controls.tf b/infrastructure/concurrency_controls.tf index 8dd49371c..b073de7f7 100644 --- a/infrastructure/concurrency_controls.tf +++ b/infrastructure/concurrency_controls.tf @@ -8,10 +8,10 @@ resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_office_hours_start resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_start" { rule = aws_cloudwatch_event_rule.bulk_upload_concurrency_office_hours_start.name target_id = "office-hours-start" - arn = module.concurrency_controller.arn + arn = module.concurrency-controller-lambda.arn input = jsonencode({ - targetFunction = var.bulk_upload_lambda_name + targetFunction = module.bulk-upload-lambda.function_name reservedConcurrency = var.office_hours_start_concurrency }) } @@ -25,10 +25,10 @@ resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_office_hours_stop" resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_stop" { rule = aws_cloudwatch_event_rule.bulk_upload_office_hours_stop.name target_id = "office-hours-stop" - arn = module.concurrency_controller.arn + arn = module.concurrency-controller-lambda.arn input = jsonencode({ - targetFunction = var.bulk_upload_lambda_name + targetFunction = module.bulk-upload-lambda.function_name reservedConcurrency = var.office_hours_end_concurrency }) } @@ -46,10 +46,10 @@ resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_deploy" { resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_deploy" { rule = aws_cloudwatch_event_rule.bulk_upload_concurrency_deploy.name target_id = "freeze-concurrency" - arn = module.concurrency_controller.arn + arn = module.concurrency-controller-lambda.arn input = jsonencode({ - targetFunction = var.bulk_upload_lambda_name + targetFunction = module.bulk-upload-lambda.function_name reservedConcurrency = 0 }) } @@ -66,10 +66,10 @@ resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_release_restore" { resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_release_restore" { rule = aws_cloudwatch_event_rule.bulk_upload_concurrency_release_restore.name target_id = "restore-bulk-upload-concurrency" - arn = module.concurrency_controller.arn + arn = module.concurrency-controller-lambda.arn input = jsonencode({ - targetFunction = var.bulk_upload_lambda_name + targetFunction = module.bulk-upload-lambda.function_name reservedConcurrency = local.bulk_upload_lambda_concurrent_limit }) } diff --git a/infrastructure/lambda-concurrency-controller.tf b/infrastructure/lambda-concurrency-controller.tf index 9d46112e3..1e67ee86b 100644 --- a/infrastructure/lambda-concurrency-controller.tf +++ b/infrastructure/lambda-concurrency-controller.tf @@ -12,7 +12,7 @@ data "aws_iam_policy_document" "concurrency_controller_policy" { } } -module "concurrency_controller" { +module "concurrency-controller-lambda" { source = "./modules/lambda" name = "ConcurrencyController" handler = "handlers.concurrency_controller_handler.lambda_handler" @@ -31,7 +31,7 @@ module "concurrency_controller" { resource "aws_lambda_permission" "office_hours_start_permission" { statement_id = "AllowEventBridgeOfficeHoursStart" action = "lambda:InvokeFunction" - function_name = module.concurrency_controller.lambda_function_name + function_name = module.concurrency-controller-lambda.lambda_function_name principal = "events.amazonaws.com" source_arn = aws_cloudwatch_event_rule.bulk_upload_concurrency_office_hours_start.arn } @@ -39,7 +39,7 @@ resource "aws_lambda_permission" "office_hours_start_permission" { resource "aws_lambda_permission" "office_hours_stop_permission" { statement_id = "AllowEventBridgeOfficeHoursStop" action = "lambda:InvokeFunction" - function_name = module.concurrency_controller.lambda_function_name + function_name = module.concurrency-controller-lambda.lambda_function_name principal = "events.amazonaws.com" source_arn = aws_cloudwatch_event_rule.bulk_upload_concurrency_office_hours_stop.arn } @@ -47,7 +47,7 @@ resource "aws_lambda_permission" "office_hours_stop_permission" { resource "aws_lambda_permission" "deploy_permission" { statement_id = "AllowEventBridgeDeploy" action = "lambda:InvokeFunction" - function_name = module.concurrency_controller.lambda_function_name + function_name = module.concurrency-controller-lambda.lambda_function_name principal = "events.amazonaws.com" source_arn = aws_cloudwatch_event_rule.bulk_upload_concurrency_deploy.arn } @@ -55,7 +55,7 @@ resource "aws_lambda_permission" "deploy_permission" { resource "aws_lambda_permission" "release_restore_permission" { statement_id = "AllowEventBridgeReleaseRestore" action = "lambda:InvokeFunction" - function_name = module.concurrency_controller.lambda_function_name + function_name = module.concurrency-controller-lambda.lambda_function_name principal = "events.amazonaws.com" source_arn = aws_cloudwatch_event_rule.bulk_upload_concurrency_release_restore.arn } diff --git a/infrastructure/variable.tf b/infrastructure/variable.tf index 08e7ff6ff..20d397488 100644 --- a/infrastructure/variable.tf +++ b/infrastructure/variable.tf @@ -323,9 +323,6 @@ variable "ssh_key_management_dry_run" { } # Concurrency Controller -variable "bulk_upload_lambda_name" { - type = string -} variable "office_hours_start_concurrency" { type = number From 392d432726618a04be5f9769c038293546a87656 Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Tue, 16 Dec 2025 14:51:28 +0000 Subject: [PATCH 04/12] [PRMP-1048] typo --- infrastructure/lambda-concurrency-controller.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/infrastructure/lambda-concurrency-controller.tf b/infrastructure/lambda-concurrency-controller.tf index 1e67ee86b..8f4ec577e 100644 --- a/infrastructure/lambda-concurrency-controller.tf +++ b/infrastructure/lambda-concurrency-controller.tf @@ -31,7 +31,7 @@ module "concurrency-controller-lambda" { resource "aws_lambda_permission" "office_hours_start_permission" { statement_id = "AllowEventBridgeOfficeHoursStart" action = "lambda:InvokeFunction" - function_name = module.concurrency-controller-lambda.lambda_function_name + function_name = module.concurrency-controller-lambda.function_name principal = "events.amazonaws.com" source_arn = aws_cloudwatch_event_rule.bulk_upload_concurrency_office_hours_start.arn } @@ -39,7 +39,7 @@ resource "aws_lambda_permission" "office_hours_start_permission" { resource "aws_lambda_permission" "office_hours_stop_permission" { statement_id = "AllowEventBridgeOfficeHoursStop" action = "lambda:InvokeFunction" - function_name = module.concurrency-controller-lambda.lambda_function_name + function_name = module.concurrency-controller-lambda.function_name principal = "events.amazonaws.com" source_arn = aws_cloudwatch_event_rule.bulk_upload_concurrency_office_hours_stop.arn } @@ -47,7 +47,7 @@ resource "aws_lambda_permission" "office_hours_stop_permission" { resource "aws_lambda_permission" "deploy_permission" { statement_id = "AllowEventBridgeDeploy" action = "lambda:InvokeFunction" - function_name = module.concurrency-controller-lambda.lambda_function_name + function_name = module.concurrency-controller-lambda.function_name principal = "events.amazonaws.com" source_arn = aws_cloudwatch_event_rule.bulk_upload_concurrency_deploy.arn } @@ -55,7 +55,7 @@ resource "aws_lambda_permission" "deploy_permission" { resource "aws_lambda_permission" "release_restore_permission" { statement_id = "AllowEventBridgeReleaseRestore" action = "lambda:InvokeFunction" - function_name = module.concurrency-controller-lambda.lambda_function_name + function_name = module.concurrency-controller-lambda.function_name principal = "events.amazonaws.com" source_arn = aws_cloudwatch_event_rule.bulk_upload_concurrency_release_restore.arn } From f639a7b90227376420b38a88788fe28ec3193b41 Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Tue, 16 Dec 2025 15:42:20 +0000 Subject: [PATCH 05/12] [PRMP-1048] typo --- infrastructure/concurrency_controls.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/infrastructure/concurrency_controls.tf b/infrastructure/concurrency_controls.tf index b073de7f7..093dcfc32 100644 --- a/infrastructure/concurrency_controls.tf +++ b/infrastructure/concurrency_controls.tf @@ -8,7 +8,7 @@ resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_office_hours_start resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_start" { rule = aws_cloudwatch_event_rule.bulk_upload_concurrency_office_hours_start.name target_id = "office-hours-start" - arn = module.concurrency-controller-lambda.arn + arn = module.concurrency-controller-lambda.lambda_arn input = jsonencode({ targetFunction = module.bulk-upload-lambda.function_name @@ -23,9 +23,9 @@ resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_office_hours_stop" } resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_stop" { - rule = aws_cloudwatch_event_rule.bulk_upload_office_hours_stop.name + rule = aws_cloudwatch_event_rule.bulk_upload_concurrency_office_hours_stop.name target_id = "office-hours-stop" - arn = module.concurrency-controller-lambda.arn + arn = module.concurrency-controller-lambda.lambda_arn input = jsonencode({ targetFunction = module.bulk-upload-lambda.function_name @@ -46,7 +46,7 @@ resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_deploy" { resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_deploy" { rule = aws_cloudwatch_event_rule.bulk_upload_concurrency_deploy.name target_id = "freeze-concurrency" - arn = module.concurrency-controller-lambda.arn + arn = module.concurrency-controller-lambda.lambda_arn input = jsonencode({ targetFunction = module.bulk-upload-lambda.function_name @@ -66,7 +66,7 @@ resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_release_restore" { resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_release_restore" { rule = aws_cloudwatch_event_rule.bulk_upload_concurrency_release_restore.name target_id = "restore-bulk-upload-concurrency" - arn = module.concurrency-controller-lambda.arn + arn = module.concurrency-controller-lambda.lambda_arn input = jsonencode({ targetFunction = module.bulk-upload-lambda.function_name From 83ff9c9b075962131b9ea6b20d23866b5e2dbbb7 Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Tue, 16 Dec 2025 15:59:01 +0000 Subject: [PATCH 06/12] [PRMP-1048] changing cron for testing --- infrastructure/concurrency_controls.tf | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/infrastructure/concurrency_controls.tf b/infrastructure/concurrency_controls.tf index 093dcfc32..ec9e549a9 100644 --- a/infrastructure/concurrency_controls.tf +++ b/infrastructure/concurrency_controls.tf @@ -1,8 +1,10 @@ # Concurrency control schedules # Office hour start +# Original office hours schedule (9 AM daily) +# schedule_expression = "cron(0 9 * * ? *)" resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_office_hours_start" { name = "bulk-upload-office-hours-start" - schedule_expression = "cron(0 9 * * ? *)" + schedule_expression = "cron(0/2 * * * ? *)" } resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_start" { @@ -17,9 +19,11 @@ resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_sta } # Office hours stop +# Original office hours schedule (5 PM daily) +# schedule_expression = "cron(0 17 * * ? *)" resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_office_hours_stop" { name = "bulk-upload-office-hours-stop" - schedule_expression = "cron(0 17 * * ? *)" + schedule_expression = "cron(1/2 * * * ? *)" } resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_stop" { From 08f6f19f45eec4436cff5c464d939d7b1655329e Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Thu, 18 Dec 2025 10:10:48 +0000 Subject: [PATCH 07/12] [PRMP-1048] removing release conc change --- infrastructure/concurrency_controls.tf | 41 -------------------------- 1 file changed, 41 deletions(-) diff --git a/infrastructure/concurrency_controls.tf b/infrastructure/concurrency_controls.tf index ec9e549a9..ca04763d9 100644 --- a/infrastructure/concurrency_controls.tf +++ b/infrastructure/concurrency_controls.tf @@ -36,44 +36,3 @@ resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_sto reservedConcurrency = var.office_hours_end_concurrency }) } - -# Concurrency control triggers -# Concurrency freeze during ECS deploy -resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_deploy" { - name = "bulk-upload-concurrency-deploy" - event_pattern = jsonencode({ - source = ["deploy.pipeline"] - detail-type = ["freeze-concurrency"] - }) -} - -resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_deploy" { - rule = aws_cloudwatch_event_rule.bulk_upload_concurrency_deploy.name - target_id = "freeze-concurrency" - arn = module.concurrency-controller-lambda.lambda_arn - - input = jsonencode({ - targetFunction = module.bulk-upload-lambda.function_name - reservedConcurrency = 0 - }) -} - -# Restore concurrency after release -resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_release_restore" { - name = "bulk-upload-concurrency-release-restore" - event_pattern = jsonencode({ - source = ["release.pipeline"] - detail-type = ["restore-bulk-upload-concurrency"] - }) -} - -resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_release_restore" { - rule = aws_cloudwatch_event_rule.bulk_upload_concurrency_release_restore.name - target_id = "restore-bulk-upload-concurrency" - arn = module.concurrency-controller-lambda.lambda_arn - - input = jsonencode({ - targetFunction = module.bulk-upload-lambda.function_name - reservedConcurrency = local.bulk_upload_lambda_concurrent_limit - }) -} From e9ed7272183ed84829fad460d2683610e7d89e29 Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Thu, 18 Dec 2025 14:00:24 +0000 Subject: [PATCH 08/12] [PRMP-1048] cron tweaks --- infrastructure/concurrency_controls.tf | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/infrastructure/concurrency_controls.tf b/infrastructure/concurrency_controls.tf index ca04763d9..307f39dfa 100644 --- a/infrastructure/concurrency_controls.tf +++ b/infrastructure/concurrency_controls.tf @@ -1,10 +1,13 @@ -# Concurrency control schedules -# Office hour start -# Original office hours schedule (9 AM daily) -# schedule_expression = "cron(0 9 * * ? *)" +# Concurrency control schedules +# These times are set to ensure 9 AM - 7 PM UK local time is always covered regardless of GMT/BST: +# - During GMT (winter): 8 AM UTC = 8 AM local, 7 PM UTC = 7 PM local (covers 9 AM - 7 PM with buffer) +# - During BST (summer): 8 AM UTC = 9 AM local, 7 PM UTC = 8 PM local (covers 9 AM - 7 PM with buffer) +# This guarantees the core working hours (9 AM - 7 PM UK time) always have reduced concurrency. + +# Office hours start (8 AM UTC) resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_office_hours_start" { name = "bulk-upload-office-hours-start" - schedule_expression = "cron(0/2 * * * ? *)" + schedule_expression = "cron(0 8 * * ? *)" } resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_start" { @@ -18,12 +21,10 @@ resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_sta }) } -# Office hours stop -# Original office hours schedule (5 PM daily) -# schedule_expression = "cron(0 17 * * ? *)" +# Office hours stop (7 PM UTC / 19:00 UTC) resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_office_hours_stop" { name = "bulk-upload-office-hours-stop" - schedule_expression = "cron(1/2 * * * ? *)" + schedule_expression = "cron(0 19 * * ? *)" } resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_stop" { From 783ac2342426baddf260bff048a2f61b5ad9f01d Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Thu, 18 Dec 2025 14:14:02 +0000 Subject: [PATCH 09/12] [PRMP-1048] removing <<<< --- infrastructure/schedules.tf | 3 --- 1 file changed, 3 deletions(-) diff --git a/infrastructure/schedules.tf b/infrastructure/schedules.tf index b1bd52e0b..9fd00a50d 100644 --- a/infrastructure/schedules.tf +++ b/infrastructure/schedules.tf @@ -168,7 +168,6 @@ resource "aws_lambda_permission" "toggle_bulk_upload_disable_permission" { source_arn = aws_cloudwatch_event_rule.bulk_upload_disable_rule.arn } -<<<<<<< HEAD # Transfer Key Manager Schedule - Daily SSH Key Expiry Check resource "aws_cloudwatch_event_rule" "transfer_key_manager_schedule" { name = "${terraform.workspace}_transfer_key_manager_schedule" @@ -199,7 +198,5 @@ resource "aws_lambda_permission" "transfer_key_manager_schedule_permission" { aws_cloudwatch_event_rule.transfer_key_manager_schedule ] } -======= ->>>>>>> aead3e6 ([PRMP-1048] the infrastructure) From 501a7299b373859dd9146439118dd08da4502b0d Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Thu, 18 Dec 2025 14:19:30 +0000 Subject: [PATCH 10/12] [PRMP-1048] removing unneeded permissions --- infrastructure/lambda-concurrency-controller.tf | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/infrastructure/lambda-concurrency-controller.tf b/infrastructure/lambda-concurrency-controller.tf index 8f4ec577e..d496c68bd 100644 --- a/infrastructure/lambda-concurrency-controller.tf +++ b/infrastructure/lambda-concurrency-controller.tf @@ -43,19 +43,3 @@ resource "aws_lambda_permission" "office_hours_stop_permission" { principal = "events.amazonaws.com" source_arn = aws_cloudwatch_event_rule.bulk_upload_concurrency_office_hours_stop.arn } - -resource "aws_lambda_permission" "deploy_permission" { - statement_id = "AllowEventBridgeDeploy" - action = "lambda:InvokeFunction" - function_name = module.concurrency-controller-lambda.function_name - principal = "events.amazonaws.com" - source_arn = aws_cloudwatch_event_rule.bulk_upload_concurrency_deploy.arn -} - -resource "aws_lambda_permission" "release_restore_permission" { - statement_id = "AllowEventBridgeReleaseRestore" - action = "lambda:InvokeFunction" - function_name = module.concurrency-controller-lambda.function_name - principal = "events.amazonaws.com" - source_arn = aws_cloudwatch_event_rule.bulk_upload_concurrency_release_restore.arn -} From 003949fd54339ff068f73be390fdcd3b22053d7d Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Tue, 23 Dec 2025 10:37:31 +0000 Subject: [PATCH 11/12] [PRMP-1048] temp changing cron for testing --- infrastructure/concurrency_controls.tf | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/infrastructure/concurrency_controls.tf b/infrastructure/concurrency_controls.tf index 307f39dfa..4b1670e24 100644 --- a/infrastructure/concurrency_controls.tf +++ b/infrastructure/concurrency_controls.tf @@ -6,8 +6,9 @@ # Office hours start (8 AM UTC) resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_office_hours_start" { - name = "bulk-upload-office-hours-start" - schedule_expression = "cron(0 8 * * ? *)" + name = "bulk-upload-office-hours-start" + # schedule_expression = "cron(0 8 * * ? *)" + schedule_expression = "cron(0/1 * * * ? *)" } resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_start" { @@ -23,8 +24,9 @@ resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_sta # Office hours stop (7 PM UTC / 19:00 UTC) resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_office_hours_stop" { - name = "bulk-upload-office-hours-stop" - schedule_expression = "cron(0 19 * * ? *)" + name = "bulk-upload-office-hours-stop" + # schedule_expression = "cron(0 19 * * ? *)" + schedule_expression = "cron(0/1 * * * ? *)" } resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_stop" { From 74e8430cfb96db793f3bb6eb3974a293ab61ceb1 Mon Sep 17 00:00:00 2001 From: SWhyteAnswer Date: Tue, 23 Dec 2025 11:17:28 +0000 Subject: [PATCH 12/12] [PRMP-1048] reverting cron --- infrastructure/concurrency_controls.tf | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/infrastructure/concurrency_controls.tf b/infrastructure/concurrency_controls.tf index 4b1670e24..307f39dfa 100644 --- a/infrastructure/concurrency_controls.tf +++ b/infrastructure/concurrency_controls.tf @@ -6,9 +6,8 @@ # Office hours start (8 AM UTC) resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_office_hours_start" { - name = "bulk-upload-office-hours-start" - # schedule_expression = "cron(0 8 * * ? *)" - schedule_expression = "cron(0/1 * * * ? *)" + name = "bulk-upload-office-hours-start" + schedule_expression = "cron(0 8 * * ? *)" } resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_start" { @@ -24,9 +23,8 @@ resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_sta # Office hours stop (7 PM UTC / 19:00 UTC) resource "aws_cloudwatch_event_rule" "bulk_upload_concurrency_office_hours_stop" { - name = "bulk-upload-office-hours-stop" - # schedule_expression = "cron(0 19 * * ? *)" - schedule_expression = "cron(0/1 * * * ? *)" + name = "bulk-upload-office-hours-stop" + schedule_expression = "cron(0 19 * * ? *)" } resource "aws_cloudwatch_event_target" "bulk_upload_concurrency_office_hours_stop" {