UML-3722: create event bus (#2967)

* UML-3722: create event bus * add module * add provider block * add missing resource instance key * add missing var * apply to env * add mrk for sqs * add sqs * FIX TYPO * fix region var * comment out lambda for now * add missing region * resource key * remove kms * change alias * add count to policy * add resource key * enable event bus for demo env --------- Co-authored-by: gillettmoj <[email protected]>
ministryofjustice · Dec 2, 2024 · 1145cae · 1145cae
1 parent 550e0de
commit 1145cae
Show file tree

Hide file tree

Showing 8 changed files with 158 additions and 0 deletions.
diff --git a/terraform/environment/region.tf b/terraform/environment/region.tf
@@ -19,6 +19,7 @@ module "eu_west_1" {
   ecs_execution_role                               = module.iam.ecs_execution_role
   ecs_task_roles                                   = module.iam.ecs_task_roles
   environment_name                                 = local.environment_name
+  event_bus_enabled                                = local.environment.event_bus_enabled
   google_analytics_id_use                          = local.environment.google_analytics_id_use
   google_analytics_id_view                         = local.environment.google_analytics_id_view
   gov_uk_onelogin_client_id_secret_name            = local.environment.gov_uk_onelogin_client_id_secret_name
@@ -106,6 +107,7 @@ module "eu_west_2" {
   ecs_execution_role                               = module.iam.ecs_execution_role
   ecs_task_roles                                   = module.iam.ecs_task_roles
   environment_name                                 = local.environment_name
+  event_bus_enabled                                = local.environment.event_bus_enabled
   google_analytics_id_use                          = local.environment.google_analytics_id_use
   google_analytics_id_view                         = local.environment.google_analytics_id_view
   gov_uk_onelogin_client_id_secret_name            = local.environment.gov_uk_onelogin_client_id_secret_name

diff --git a/terraform/environment/region/event_bus.tf b/terraform/environment/region/event_bus.tf
@@ -0,0 +1,9 @@
+module "event_bus" {
+  source            = "./modules/event_bus"
+  environment_name  = var.environment_name
+  event_bus_enabled = var.event_bus_enabled
+  current_region    = data.aws_region.current.name
+  providers = {
+    aws.region = aws.region
+  }
+}
diff --git a/terraform/environment/region/modules/event_bus/main.tf b/terraform/environment/region/modules/event_bus/main.tf
@@ -0,0 +1,100 @@
+resource "aws_cloudwatch_event_bus" "main" {
+  count    = var.event_bus_enabled ? 1 : 0
+  name     = var.environment_name
+  provider = aws.region
+}
+
+resource "aws_cloudwatch_event_archive" "main" {
+  count            = var.event_bus_enabled ? 1 : 0
+  name             = var.environment_name
+  event_source_arn = aws_cloudwatch_event_bus.main[0].arn
+  provider         = aws.region
+}
+
+resource "aws_cloudwatch_event_rule" "receive_events_mlpa" {
+  count          = var.event_bus_enabled ? 1 : 0
+  name           = "${var.environment_name}-mlpa-events-to-use"
+  description    = "receive events from mlpa"
+  event_bus_name = aws_cloudwatch_event_bus.main[0].name
+
+  event_pattern = jsonencode({
+    source = ["opg.poas.makeregister"],
+  })
+  provider = aws.region
+}
+
+data "aws_kms_alias" "sqs" {
+  name     = "alias/sqs-mrk"
+  provider = aws.region
+}
+
+resource "aws_sqs_queue" "receive_events_queue" {
+  count                             = var.event_bus_enabled ? 1 : 0
+  name                              = "${var.environment_name}-receive-events-queue"
+  kms_master_key_id                 = data.aws_kms_alias.sqs.target_key_id
+  kms_data_key_reuse_period_seconds = 300
+
+  visibility_timeout_seconds = 300
+
+  redrive_policy = jsonencode({
+    deadLetterTargetArn = aws_sqs_queue.receive_events_deadletter[0].arn
+    maxReceiveCount     = 3
+  })
+  policy = data.aws_iam_policy_document.receive_events_queue_policy[0].json
+
+  provider = aws.region
+}
+
+data "aws_iam_policy_document" "receive_events_queue_policy" {
+  count = var.event_bus_enabled ? 1 : 0
+  statement {
+    sid    = "${var.current_region}-ReceiveFromMLPA"
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["events.amazonaws.com"]
+    }
+
+    actions   = ["sqs:SendMessage"]
+    resources = ["*"]
+
+    condition {
+      test     = "ArnEquals"
+      variable = "aws:SourceArn"
+      values = [
+        aws_cloudwatch_event_rule.receive_events_mlpa[0].arn
+      ]
+    }
+  }
+}
+
+resource "aws_sqs_queue" "receive_events_deadletter" {
+  count                             = var.event_bus_enabled ? 1 : 0
+  name                              = "${var.environment_name}-receive-events-deadletter"
+  kms_master_key_id                 = data.aws_kms_alias.sqs.target_key_id
+  kms_data_key_reuse_period_seconds = 300
+  provider                          = aws.region
+}
+
+resource "aws_sqs_queue_redrive_allow_policy" "receive_events_redrive_allow_policy" {
+  count     = var.event_bus_enabled ? 1 : 0
+  queue_url = aws_sqs_queue.receive_events_deadletter[0].id
+
+  redrive_allow_policy = jsonencode({
+    redrivePermission = "byQueue",
+    sourceQueueArns   = [aws_sqs_queue.receive_events_queue[0].arn]
+  })
+  provider = aws.region
+}
+
+/*
+resource "aws_lambda_event_source_mapping" "reveive_events_mapping" {
+  count            = var.event_bus_enabled ? 1 : 0
+  event_source_arn = aws_sqs_queue.receive_events_queue[0].arn
+  enabled          = false
+  function_name    = var.ingress_lambda_name
+  batch_size       = 10
+  provider         = aws.region
+}
+*/
diff --git a/terraform/environment/region/modules/event_bus/terraform.tf b/terraform/environment/region/modules/event_bus/terraform.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_version = "~> 1.9.4"
+
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+      configuration_aliases = [
+        aws.region,
+      ]
+      version = "~> 5.64.0"
+    }
+  }
+}
diff --git a/terraform/environment/region/modules/event_bus/variables.tf b/terraform/environment/region/modules/event_bus/variables.tf
@@ -0,0 +1,22 @@
+variable "environment_name" {
+  description = "The name of the environment"
+  type        = string
+}
+
+variable "event_bus_enabled" {
+  description = "Whether to enable Event Bus"
+  type        = bool
+  default     = false
+}
+
+/*
+variable "ingress_lambda_name" {
+  description = "The name of the ingress lambda"
+  type        = string
+}
+*/
+
+variable "current_region" {
+  description = "The current region"
+  type        = string
+}
diff --git a/terraform/environment/region/variables.tf b/terraform/environment/region/variables.tf
@@ -106,6 +106,12 @@ variable "environment_name" {
   type        = string
 }
 
+variable "event_bus_enabled" {
+  description = "Whether to enable the event bus"
+  type        = bool
+  default     = false
+}
+
 variable "feature_flags" {
   description = "The feature flags to use."
   type        = map(string)

diff --git a/terraform/environment/terraform.tfvars.json b/terraform/environment/terraform.tfvars.json
@@ -26,6 +26,7 @@
       "cookie_expires_view": 1440,
       "create_dashboard": false,
       "create_onelogin_dashboard": false,
+      "event_bus_enabled": true,
       "google_analytics_id_use": "G-JQHJE49CBB",
       "google_analytics_id_view": "G-C790FLJLL7",
       "gov_uk_onelogin_client_id_secret_name": "gov-uk-onelogin-client-id",
@@ -124,6 +125,7 @@
       "cookie_expires_view": 1440,
       "create_dashboard": false,
       "create_onelogin_dashboard": false,
+      "event_bus_enabled": true,
       "google_analytics_id_use": "G-JQHJE49CBB",
       "google_analytics_id_view": "G-C790FLJLL7",
       "gov_uk_onelogin_client_id_secret_name": "gov-uk-onelogin-client-id",
@@ -222,6 +224,7 @@
       "cookie_expires_view": 1440,
       "create_dashboard": false,
       "create_onelogin_dashboard": true,
+      "event_bus_enabled": false,
       "google_analytics_id_use": "G-JQHJE49CBB",
       "google_analytics_id_view": "G-C790FLJLL7",
       "gov_uk_onelogin_client_id_secret_name": "gov-uk-onelogin-client-id",
@@ -320,6 +323,7 @@
       "cookie_expires_view": 1440,
       "create_dashboard": true,
       "create_onelogin_dashboard": false,
+      "event_bus_enabled": false,
       "google_analytics_id_use": "",
       "google_analytics_id_view": "",
       "gov_uk_onelogin_client_id_secret_name": "gov-uk-onelogin-client-id",
@@ -420,6 +424,7 @@
       "create_onelogin_dashboard": true,
       "google_analytics_id_use": "G-TX93T4G7SZ",
       "google_analytics_id_view": "G-J4S91NRVMJ",
+      "event_bus_enabled": false,
       "gov_uk_onelogin_client_id_secret_name": "gov-uk-onelogin-client-id",
       "gov_uk_onelogin_identity_public_key_secret_name": "gov-uk-onelogin-identity-public-key",
       "gov_uk_onelogin_identity_private_key_secret_name": "gov-uk-onelogin-identity-private-key",

diff --git a/terraform/environment/variables.tf b/terraform/environment/variables.tf
@@ -49,6 +49,7 @@ variable "environments" {
       cloudwatch_application_insights_enabled          = bool
       create_dashboard                                 = bool
       create_onelogin_dashboard                        = bool
+      event_bus_enabled                                = bool
       google_analytics_id_use                          = string
       google_analytics_id_view                         = string
       gov_uk_onelogin_client_id_secret_name            = string