Merge remote-tracking branch 'origin/main' into feature/CCM-12860

Author: francisco-videira-nhs

.github/actions/lint-terraform/action.yaml

@@ -7,15 +7,16 @@ inputs:
 runs:
   using: "composite"
   steps:
+    - name: "Install Terraform binary"
+      shell: bash
+      run: |
+        asdf plugin add terraform || true
+        asdf install terraform || true
     - name: "Check Terraform format"
       shell: bash
       run: |
         check_only=true scripts/githooks/check-terraform-format.sh
     - name: "Validate Terraform"
       shell: bash
       run: |
-        stacks=${{ inputs.root-modules }}
-        for dir in $(find infrastructure/environments -maxdepth 1 -mindepth 1 -type d; echo ${stacks//,/$'\n'}); do
-          dir=$dir opts='-backend=false' make terraform-init
-          dir=$dir make terraform-validate
-        done
+        make terraform-validate-all

.github/workflows/stage-1-commit.yaml

@@ -151,6 +151,8 @@ jobs:
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5
+      - name: "Setup ASDF"
+        uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302
       - name: "Lint Terraform"
         uses: ./.github/actions/lint-terraform
   trivy-iac:

infrastructure/terraform/components/api/event_source_mapping_mi_updates.tf

@@ -1,11 +1,11 @@
 resource "aws_lambda_event_source_mapping" "mi_updates_transformer_kinesis" {
-  event_source_arn                     = aws_kinesis_stream.mi_change_stream.arn
-  function_name                        = module.mi_updates_transformer.function_arn
-  starting_position                    = "LATEST"
-  batch_size                           = 10
-  maximum_batching_window_in_seconds   = 1
+  event_source_arn                   = aws_kinesis_stream.mi_change_stream.arn
+  function_name                      = module.mi_updates_transformer.function_arn
+  starting_position                  = "LATEST"
+  batch_size                         = 10
+  maximum_batching_window_in_seconds = 1
 
   depends_on = [
-    module.mi_updates_transformer    # ensures updates transformer exists
+    module.mi_updates_transformer # ensures updates transformer exists
   ]
 }

infrastructure/terraform/components/api/module_lambda_letter_updates_transformer.tf

@@ -36,7 +36,7 @@ module "letter_updates_transformer" {
 
   lambda_env_vars = merge(local.common_lambda_env_vars, {
     EVENTPUB_SNS_TOPIC_ARN = "${module.eventpub.sns_topic.arn}",
-    EVENT_SOURCE = "/data-plane/supplier-api/${var.group}/${var.environment}/letters"
+    EVENT_SOURCE           = "/data-plane/supplier-api/${var.group}/${var.environment}/letters"
   })
 }
 

infrastructure/terraform/components/api/modules_eventsub.tf

@@ -22,7 +22,7 @@ module "eventsub" {
   sns_success_logging_sample_percent = var.sns_success_logging_sample_percent
 
   event_cache_expiry_days = 30
-  enable_event_cache                 = var.enable_event_cache
+  enable_event_cache      = var.enable_event_cache
 
   shared_infra_account_id = var.shared_infra_account_id
 }

infrastructure/terraform/modules/eventsub/iam_role_firehose_role.tf

@@ -1,8 +1,8 @@
 resource "aws_iam_role" "firehose_role" {
   count = var.enable_event_cache ? 1 : 0
 
-  name                 = "${local.csi}-firehose-role"
-  assume_role_policy   = data.aws_iam_policy_document.firehose_assume_role[0].json
+  name               = "${local.csi}-firehose-role"
+  assume_role_policy = data.aws_iam_policy_document.firehose_assume_role[0].json
 }
 
 data "aws_iam_policy_document" "firehose_assume_role" {

infrastructure/terraform/modules/eventsub/iam_role_sns.tf

@@ -1,6 +1,6 @@
 resource "aws_iam_role" "sns_role" {
-  name                 = "${local.csi}-sns-role"
-  assume_role_policy   = data.aws_iam_policy_document.sns_assume_role.json
+  name               = "${local.csi}-sns-role"
+  assume_role_policy = data.aws_iam_policy_document.sns_assume_role.json
 }
 
 resource "aws_iam_policy" "firehose_delivery" {

infrastructure/terraform/modules/eventsub/iam_role_sns_delivery_logging.tf

@@ -1,8 +1,8 @@
 resource "aws_iam_role" "sns_delivery_logging_role" {
   count = var.enable_sns_delivery_logging ? 1 : 0
 
-  name                 = "${local.csi}-sns-delivery-logging"
-  assume_role_policy   = data.aws_iam_policy_document.sns_delivery_logging_assume_role[0].json
+  name               = "${local.csi}-sns-delivery-logging"
+  assume_role_policy = data.aws_iam_policy_document.sns_delivery_logging_assume_role[0].json
 }
 
 data "aws_iam_policy_document" "sns_delivery_logging_assume_role" {

infrastructure/terraform/modules/eventsub/module_s3bucket_event_cache.tf

@@ -48,7 +48,7 @@ module "s3bucket_event_cache" {
   }
 
   default_tags = {
-    Name = "Event Cache Storage"
+    Name                       = "Event Cache Storage"
     NHSE-Enable-S3-Backup-Acct = "True"
   }
 }

infrastructure/terraform/modules/eventsub/sns_topic_policy.tf

@@ -8,7 +8,7 @@ data "aws_iam_policy_document" "sns_topic_policy" {
   policy_id = "__default_policy_ID"
 
   statement {
-    sid = "AllowAllSNSActionsFromAccount"
+    sid    = "AllowAllSNSActionsFromAccount"
     effect = "Allow"
 
     principals {
@@ -43,7 +43,7 @@ data "aws_iam_policy_document" "sns_topic_policy" {
   }
 
   statement {
-    sid = "AllowAllSNSActionsFromSharedAccount"
+    sid    = "AllowAllSNSActionsFromSharedAccount"
     effect = "Allow"
     actions = [
       "SNS:Publish",