From 606c5232ed2577f5a67b2a26caef378059eadb9e Mon Sep 17 00:00:00 2001
From: jameslinnell <jimlinnell@gmail.com>
Date: Tue, 23 Dec 2025 16:53:51 +0000
Subject: [PATCH 1/4] [NDR-322] Remove PDM table from lambdas

---
 infrastructure/lambda-document-upload-check.tf           | 5 +----
 infrastructure/lambda-get-document-fhir.tf               | 4 ----
 infrastructure/lambda-post-document-fhir.tf              | 4 ----
 infrastructure/lambda-search-document-references-fhir.tf | 5 +----
 4 files changed, 2 insertions(+), 16 deletions(-)

diff --git a/infrastructure/lambda-document-upload-check.tf b/infrastructure/lambda-document-upload-check.tf
index 61d09d715..f66800c58 100644
--- a/infrastructure/lambda-document-upload-check.tf
+++ b/infrastructure/lambda-document-upload-check.tf
@@ -10,8 +10,6 @@ module "document_upload_check_lambda" {
     aws_iam_policy.ssm_access_policy.policy,
     module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,
     module.lloyd_george_reference_dynamodb_table.dynamodb_write_policy_document,
-    module.pdm_dynamodb_table.dynamodb_read_policy_document,
-    module.pdm_dynamodb_table.dynamodb_write_policy_document,
     data.aws_iam_policy.aws_lambda_vpc_access_execution_role.policy,
     module.document_upload_review_dynamodb_table.dynamodb_read_policy_document,
     module.document_upload_review_dynamodb_table.dynamodb_write_policy_document,
@@ -24,9 +22,7 @@ module "document_upload_check_lambda" {
   http_methods        = null
   api_execution_arn   = null
   lambda_environment_variables = {
-    LLOYD_GEORGE_DYNAMODB_NAME    = module.lloyd_george_reference_dynamodb_table.table_name
     DOCUMENT_REVIEW_DYNAMODB_NAME = module.document_upload_review_dynamodb_table.table_name
-    PDM_DYNAMODB_NAME             = module.pdm_dynamodb_table.table_name
     STAGING_STORE_BUCKET_NAME     = module.ndr-bulk-staging-store.bucket_id
     LLOYD_GEORGE_BUCKET_NAME      = module.ndr-lloyd-george-store.bucket_id
     PDM_BUCKET_NAME               = module.pdm-document-store.bucket_id
@@ -45,6 +41,7 @@ module "document_upload_check_lambda" {
     module.ndr-bulk-staging-store,
     module.ndr-lloyd-george-store,
     module.lloyd_george_reference_dynamodb_table,
+    module.core_dynamodb_table,
   ]
 }
 
diff --git a/infrastructure/lambda-get-document-fhir.tf b/infrastructure/lambda-get-document-fhir.tf
index 67bab86e0..1c9c56826 100644
--- a/infrastructure/lambda-get-document-fhir.tf
+++ b/infrastructure/lambda-get-document-fhir.tf
@@ -39,7 +39,6 @@ module "get-doc-fhir-lambda" {
   iam_role_policy_documents = [
     module.ndr-app-config.app_config_policy,
     module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,
-    module.pdm_dynamodb_table.dynamodb_read_policy_document,
     module.core_dynamodb_table.dynamodb_read_policy_document,
     aws_iam_policy.ssm_access_policy.policy,
     aws_iam_policy.mtls_access_ssm_policy.policy,
@@ -58,15 +57,12 @@ module "get-doc-fhir-lambda" {
     WORKSPACE                  = terraform.workspace
     ENVIRONMENT                = var.environment
     PRESIGNED_ASSUME_ROLE      = aws_iam_role.get_fhir_doc_presign_url_role.arn
-    LLOYD_GEORGE_DYNAMODB_NAME = module.lloyd_george_reference_dynamodb_table.table_name
-    PDM_DYNAMODB_NAME          = module.pdm_dynamodb_table.table_name
     OIDC_CALLBACK_URL          = contains(["prod"], terraform.workspace) ? "https://${var.domain}/auth-callback" : "https://${terraform.workspace}.${var.domain}/auth-callback"
     CLOUDFRONT_URL             = aws_cloudfront_distribution.s3_presign_mask.domain_name
     PDS_FHIR_IS_STUBBED        = local.is_sandbox
   }
   depends_on = [
     aws_api_gateway_method.get_document_reference,
-    module.pdm_dynamodb_table,
     module.lloyd_george_reference_dynamodb_table,
     module.core_dynamodb_table,
   ]
diff --git a/infrastructure/lambda-post-document-fhir.tf b/infrastructure/lambda-post-document-fhir.tf
index a1bf5fed0..b88a92e83 100644
--- a/infrastructure/lambda-post-document-fhir.tf
+++ b/infrastructure/lambda-post-document-fhir.tf
@@ -5,7 +5,6 @@ module "post-document-references-fhir-lambda" {
   iam_role_policy_documents = [
     module.document_reference_dynamodb_table.dynamodb_write_policy_document,
     module.lloyd_george_reference_dynamodb_table.dynamodb_write_policy_document,
-    module.pdm_dynamodb_table.dynamodb_write_policy_document,
     module.core_dynamodb_table.dynamodb_write_policy_document,
     module.ndr-bulk-staging-store.s3_write_policy_document,
     module.ndr-app-config.app_config_policy,
@@ -21,8 +20,6 @@ module "post-document-references-fhir-lambda" {
     APPCONFIG_APPLICATION           = module.ndr-app-config.app_config_application_id
     APPCONFIG_ENVIRONMENT           = module.ndr-app-config.app_config_environment_id
     APPCONFIG_CONFIGURATION         = module.ndr-app-config.app_config_configuration_profile_id
-    LLOYD_GEORGE_DYNAMODB_NAME      = module.lloyd_george_reference_dynamodb_table.table_name
-    PDM_DYNAMODB_NAME               = module.pdm_dynamodb_table.table_name
     STAGING_STORE_BUCKET_NAME       = "${terraform.workspace}-${var.staging_store_bucket_name}"
     DOCUMENT_RETRIEVE_ENDPOINT_APIM = "${local.apim_api_url}/DocumentReference"
     PDS_FHIR_IS_STUBBED             = local.is_sandbox
@@ -31,7 +28,6 @@ module "post-document-references-fhir-lambda" {
   }
 
   depends_on = [
-    module.pdm_dynamodb_table,
     module.core_dynamodb_table,
     module.lloyd_george_reference_dynamodb_table,
   ]
diff --git a/infrastructure/lambda-search-document-references-fhir.tf b/infrastructure/lambda-search-document-references-fhir.tf
index c55a36ce6..01f06d7ce 100644
--- a/infrastructure/lambda-search-document-references-fhir.tf
+++ b/infrastructure/lambda-search-document-references-fhir.tf
@@ -7,8 +7,6 @@ module "search-document-references-fhir-lambda" {
     module.document_reference_dynamodb_table.dynamodb_write_policy_document,
     module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,
     module.lloyd_george_reference_dynamodb_table.dynamodb_write_policy_document,
-    module.pdm_dynamodb_table.dynamodb_read_policy_document,
-    module.pdm_dynamodb_table.dynamodb_write_policy_document,
     module.core_dynamodb_table.dynamodb_read_policy_document,
     module.core_dynamodb_table.dynamodb_write_policy_document,
     module.ndr-lloyd-george-store.s3_read_policy_document,
@@ -26,7 +24,7 @@ module "search-document-references-fhir-lambda" {
     APPCONFIG_APPLICATION           = module.ndr-app-config.app_config_application_id
     APPCONFIG_ENVIRONMENT           = module.ndr-app-config.app_config_environment_id
     APPCONFIG_CONFIGURATION         = module.ndr-app-config.app_config_configuration_profile_id
-    DYNAMODB_TABLE_LIST             = "[\u0022${module.pdm_dynamodb_table.table_name}\u0022, \u0022${module.lloyd_george_reference_dynamodb_table.table_name}\u0022]"
+    DYNAMODB_TABLE_LIST             = "[\u0022${module.core_dynamodb_table.table_name}\u0022, \u0022${module.lloyd_george_reference_dynamodb_table.table_name}\u0022]"
     DOCUMENT_RETRIEVE_ENDPOINT_APIM = "${local.apim_api_url}/DocumentReference"
     WORKSPACE                       = terraform.workspace
   }
@@ -34,7 +32,6 @@ module "search-document-references-fhir-lambda" {
     aws_api_gateway_rest_api.ndr_doc_store_api,
     module.search-document-references-gateway,
     module.ndr-app-config,
-    module.pdm_dynamodb_table,
     module.core_dynamodb_table,
     module.lloyd_george_reference_dynamodb_table,
   ]

From d281bd48f507527790604baa9316c58e57886a8c Mon Sep 17 00:00:00 2001
From: jameslinnell <jimlinnell@gmail.com>
Date: Tue, 23 Dec 2025 16:54:32 +0000
Subject: [PATCH 2/4] [NDR-322] Remove PDM table from lambdas

---
 infrastructure/lambda-get-document-fhir.tf | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/infrastructure/lambda-get-document-fhir.tf b/infrastructure/lambda-get-document-fhir.tf
index 1c9c56826..f2b0168c7 100644
--- a/infrastructure/lambda-get-document-fhir.tf
+++ b/infrastructure/lambda-get-document-fhir.tf
@@ -51,15 +51,15 @@ module "get-doc-fhir-lambda" {
   http_methods        = ["GET"]
   api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
   lambda_environment_variables = {
-    APPCONFIG_APPLICATION      = module.ndr-app-config.app_config_application_id
-    APPCONFIG_ENVIRONMENT      = module.ndr-app-config.app_config_environment_id
-    APPCONFIG_CONFIGURATION    = module.ndr-app-config.app_config_configuration_profile_id
-    WORKSPACE                  = terraform.workspace
-    ENVIRONMENT                = var.environment
-    PRESIGNED_ASSUME_ROLE      = aws_iam_role.get_fhir_doc_presign_url_role.arn
-    OIDC_CALLBACK_URL          = contains(["prod"], terraform.workspace) ? "https://${var.domain}/auth-callback" : "https://${terraform.workspace}.${var.domain}/auth-callback"
-    CLOUDFRONT_URL             = aws_cloudfront_distribution.s3_presign_mask.domain_name
-    PDS_FHIR_IS_STUBBED        = local.is_sandbox
+    APPCONFIG_APPLICATION   = module.ndr-app-config.app_config_application_id
+    APPCONFIG_ENVIRONMENT   = module.ndr-app-config.app_config_environment_id
+    APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id
+    WORKSPACE               = terraform.workspace
+    ENVIRONMENT             = var.environment
+    PRESIGNED_ASSUME_ROLE   = aws_iam_role.get_fhir_doc_presign_url_role.arn
+    OIDC_CALLBACK_URL       = contains(["prod"], terraform.workspace) ? "https://${var.domain}/auth-callback" : "https://${terraform.workspace}.${var.domain}/auth-callback"
+    CLOUDFRONT_URL          = aws_cloudfront_distribution.s3_presign_mask.domain_name
+    PDS_FHIR_IS_STUBBED     = local.is_sandbox
   }
   depends_on = [
     aws_api_gateway_method.get_document_reference,

From 4028ee088bbf2dac886e67b986d20de502c80c83 Mon Sep 17 00:00:00 2001
From: jameslinnell <jimlinnell@gmail.com>
Date: Wed, 24 Dec 2025 10:20:45 +0000
Subject: [PATCH 3/4] [NDR-332] Put LLoyd George ENV var back in virus check
 lambda

---
 infrastructure/lambda-document-upload-check.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/infrastructure/lambda-document-upload-check.tf b/infrastructure/lambda-document-upload-check.tf
index f66800c58..77cc2384f 100644
--- a/infrastructure/lambda-document-upload-check.tf
+++ b/infrastructure/lambda-document-upload-check.tf
@@ -22,6 +22,7 @@ module "document_upload_check_lambda" {
   http_methods        = null
   api_execution_arn   = null
   lambda_environment_variables = {
+    LLOYD_GEORGE_DYNAMODB_NAME    = module.lloyd_george_reference_dynamodb_table.table_name
     DOCUMENT_REVIEW_DYNAMODB_NAME = module.document_upload_review_dynamodb_table.table_name
     STAGING_STORE_BUCKET_NAME     = module.ndr-bulk-staging-store.bucket_id
     LLOYD_GEORGE_BUCKET_NAME      = module.ndr-lloyd-george-store.bucket_id

From 83594ff2ad2824e8b2170b590423321447bd97fa Mon Sep 17 00:00:00 2001
From: jameslinnell <jimlinnell@gmail.com>
Date: Wed, 24 Dec 2025 11:25:10 +0000
Subject: [PATCH 4/4] [NDR-332] Remove LG env var

---
 infrastructure/lambda-document-upload-check.tf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/infrastructure/lambda-document-upload-check.tf b/infrastructure/lambda-document-upload-check.tf
index 77cc2384f..f66800c58 100644
--- a/infrastructure/lambda-document-upload-check.tf
+++ b/infrastructure/lambda-document-upload-check.tf
@@ -22,7 +22,6 @@ module "document_upload_check_lambda" {
   http_methods        = null
   api_execution_arn   = null
   lambda_environment_variables = {
-    LLOYD_GEORGE_DYNAMODB_NAME    = module.lloyd_george_reference_dynamodb_table.table_name
     DOCUMENT_REVIEW_DYNAMODB_NAME = module.document_upload_review_dynamodb_table.table_name
     STAGING_STORE_BUCKET_NAME     = module.ndr-bulk-staging-store.bucket_id
     LLOYD_GEORGE_BUCKET_NAME      = module.ndr-lloyd-george-store.bucket_id