From 910d98ef09d52e247e477b313e1b15f43674029d Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Fri, 1 Aug 2025 20:50:49 +0100 Subject: [PATCH 1/4] CCM-11228: Add terraform resources for DDB tables --- .../terraform/components/api/README.md | 4 +- .../components/api/ddb_table_letters.tf | 39 +++++++++++++++++++ .../terraform/components/api/ddb_table_mi.tf | 19 +++++++++ .../api/module_lambda_get_letters.tf | 21 ++++++++++ 4 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 infrastructure/terraform/components/api/ddb_table_letters.tf create mode 100644 infrastructure/terraform/components/api/ddb_table_mi.tf diff --git a/infrastructure/terraform/components/api/README.md b/infrastructure/terraform/components/api/README.md index 10f1a077..6ee6b648 100644 --- a/infrastructure/terraform/components/api/README.md +++ b/infrastructure/terraform/components/api/README.md @@ -4,7 +4,9 @@ ## Requirements -No requirements. +| Name | Version | +|------|---------| +| [aws](#requirement\_aws) | 5.81.0 | ## Inputs | Name | Description | Type | Default | Required | diff --git a/infrastructure/terraform/components/api/ddb_table_letters.tf b/infrastructure/terraform/components/api/ddb_table_letters.tf new file mode 100644 index 00000000..21499107 --- /dev/null +++ b/infrastructure/terraform/components/api/ddb_table_letters.tf @@ -0,0 +1,39 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "5.81.0" + } + } +} +resource "aws_dynamodb_table" "letters" { + name = "${local.csi}-letters" + billing_mode = "PAY_PER_REQUEST" + + hash_key = "supplierId" + range_key = "id" + + global_secondary_index { + name = "supplierStatus-index" + hash_key = "supplierStatus" + range_key = "id" + projection_type = "ALL" + } + + attribute { + name = "id" + type = "string" + } + + attribute { + name = "supplierId" + type = "string" + } + + attribute { + name = "supplierStatus" + type = "string" + } + + tags = var.default_tags +} diff --git a/infrastructure/terraform/components/api/ddb_table_mi.tf b/infrastructure/terraform/components/api/ddb_table_mi.tf new file mode 100644 index 00000000..cf705c4c --- /dev/null +++ b/infrastructure/terraform/components/api/ddb_table_mi.tf @@ -0,0 +1,19 @@ +resource "aws_dynamodb_table" "mi" { + name = "${local.csi}-mi" + billing_mode = "PAY_PER_REQUEST" + + hash_key = "supplierId" + range_key = "id" + + attribute { + name = "id" + type = "string" + } + + attribute { + name = "supplierId" + type = "string" + } + + tags = var.default_tags +} diff --git a/infrastructure/terraform/components/api/module_lambda_get_letters.tf b/infrastructure/terraform/components/api/module_lambda_get_letters.tf index 1ffee112..07155a53 100644 --- a/infrastructure/terraform/components/api/module_lambda_get_letters.tf +++ b/infrastructure/terraform/components/api/module_lambda_get_letters.tf @@ -36,6 +36,7 @@ module "get_letters" { log_subscription_role_arn = local.acct.log_subscription_role_arn lambda_env_vars = { + LETTERS_TABLE_NAME = aws_dynamodb_table.letters.name } } @@ -53,4 +54,24 @@ data "aws_iam_policy_document" "get_letters_lambda" { module.kms.key_arn, ## Requires shared kms module ] } + + statement { + sid = "AllowDynamoDBAccess" + effect = "Allow" + + actions = [ + "dynamodb:BatchGetItem", + "dynamodb:BatchWriteItem", + "dynamodb:DeleteItem", + "dynamodb:GetItem", + "dynamodb:PutItem", + "dynamodb:Query", + "dynamodb:Scan", + "dynamodb:UpdateItem", + ] + + resources = [ + aws_dynamodb_table.letters.arn, + ] + } } From 6fa4c68c19cd0f16b540cfc1e3643de33c3f49fb Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Fri, 1 Aug 2025 21:32:59 +0100 Subject: [PATCH 2/4] CCM-11228: Enable point-in-time recovery for DynamoDB tables --- infrastructure/terraform/components/api/README.md | 4 +--- .../terraform/components/api/ddb_table_letters.tf | 12 ++++-------- .../terraform/components/api/ddb_table_mi.tf | 4 ++++ 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/infrastructure/terraform/components/api/README.md b/infrastructure/terraform/components/api/README.md index 6ee6b648..10f1a077 100644 --- a/infrastructure/terraform/components/api/README.md +++ b/infrastructure/terraform/components/api/README.md @@ -4,9 +4,7 @@ ## Requirements -| Name | Version | -|------|---------| -| [aws](#requirement\_aws) | 5.81.0 | +No requirements. ## Inputs | Name | Description | Type | Default | Required | diff --git a/infrastructure/terraform/components/api/ddb_table_letters.tf b/infrastructure/terraform/components/api/ddb_table_letters.tf index 21499107..2d74a2ea 100644 --- a/infrastructure/terraform/components/api/ddb_table_letters.tf +++ b/infrastructure/terraform/components/api/ddb_table_letters.tf @@ -1,11 +1,3 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = "5.81.0" - } - } -} resource "aws_dynamodb_table" "letters" { name = "${local.csi}-letters" billing_mode = "PAY_PER_REQUEST" @@ -35,5 +27,9 @@ resource "aws_dynamodb_table" "letters" { type = "string" } + point_in_time_recovery { + enabled = true + } + tags = var.default_tags } diff --git a/infrastructure/terraform/components/api/ddb_table_mi.tf b/infrastructure/terraform/components/api/ddb_table_mi.tf index cf705c4c..4e7f7297 100644 --- a/infrastructure/terraform/components/api/ddb_table_mi.tf +++ b/infrastructure/terraform/components/api/ddb_table_mi.tf @@ -15,5 +15,9 @@ resource "aws_dynamodb_table" "mi" { type = "string" } + point_in_time_recovery { + enabled = true + } + tags = var.default_tags } From 5a5a21b2ebd5e7eeaefdb924ea1db3732c245cce Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Mon, 4 Aug 2025 13:09:03 +0100 Subject: [PATCH 3/4] CCM-11442: Add TTL fields to ddb config --- .../terraform/components/api/ddb_table_letters.tf | 10 ++++++++++ .../terraform/components/api/ddb_table_mi.tf | 10 ++++++++++ 2 files changed, 20 insertions(+) diff --git a/infrastructure/terraform/components/api/ddb_table_letters.tf b/infrastructure/terraform/components/api/ddb_table_letters.tf index 2d74a2ea..181b2939 100644 --- a/infrastructure/terraform/components/api/ddb_table_letters.tf +++ b/infrastructure/terraform/components/api/ddb_table_letters.tf @@ -5,6 +5,11 @@ resource "aws_dynamodb_table" "letters" { hash_key = "supplierId" range_key = "id" + ttl { + attribute_name = "ttl" + enabled = true + } + global_secondary_index { name = "supplierStatus-index" hash_key = "supplierStatus" @@ -27,6 +32,11 @@ resource "aws_dynamodb_table" "letters" { type = "string" } + attribute { + name = "ttl" + type = "number" + } + point_in_time_recovery { enabled = true } diff --git a/infrastructure/terraform/components/api/ddb_table_mi.tf b/infrastructure/terraform/components/api/ddb_table_mi.tf index 4e7f7297..d8562d89 100644 --- a/infrastructure/terraform/components/api/ddb_table_mi.tf +++ b/infrastructure/terraform/components/api/ddb_table_mi.tf @@ -5,6 +5,11 @@ resource "aws_dynamodb_table" "mi" { hash_key = "supplierId" range_key = "id" + ttl { + attribute_name = "ttl" + enabled = true + } + attribute { name = "id" type = "string" @@ -15,6 +20,11 @@ resource "aws_dynamodb_table" "mi" { type = "string" } + attribute { + name = "ttl" + type = "number" + } + point_in_time_recovery { enabled = true } From 2bfed944322fa733cf5f10b3f5ebae8d151f2315 Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Mon, 4 Aug 2025 13:29:35 +0100 Subject: [PATCH 4/4] CCM-11228: Remove redundant attribute blocks for ttl field --- infrastructure/terraform/components/api/ddb_table_letters.tf | 5 ----- infrastructure/terraform/components/api/ddb_table_mi.tf | 5 ----- 2 files changed, 10 deletions(-) diff --git a/infrastructure/terraform/components/api/ddb_table_letters.tf b/infrastructure/terraform/components/api/ddb_table_letters.tf index 181b2939..0d0afb27 100644 --- a/infrastructure/terraform/components/api/ddb_table_letters.tf +++ b/infrastructure/terraform/components/api/ddb_table_letters.tf @@ -32,11 +32,6 @@ resource "aws_dynamodb_table" "letters" { type = "string" } - attribute { - name = "ttl" - type = "number" - } - point_in_time_recovery { enabled = true } diff --git a/infrastructure/terraform/components/api/ddb_table_mi.tf b/infrastructure/terraform/components/api/ddb_table_mi.tf index d8562d89..b495db83 100644 --- a/infrastructure/terraform/components/api/ddb_table_mi.tf +++ b/infrastructure/terraform/components/api/ddb_table_mi.tf @@ -20,11 +20,6 @@ resource "aws_dynamodb_table" "mi" { type = "string" } - attribute { - name = "ttl" - type = "number" - } - point_in_time_recovery { enabled = true }