Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Domain events queue config and irsa for Offender Categorisation API in preprod #29953

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
+167 −0
Open

Domain events queue config and irsa for Offender Categorisation API in preprod #29953

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
897d6a1
added in domain events queue config and irsa for preprod
timothy-ness Feb 25, 2025
2f69158
added missing provider
timothy-ness Feb 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
112 changes: 112 additions & 0 deletions ...categorisation-preprod/resources/hmpps-offender-categorisation-api-domain-events-queue.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
module "offender_categorisation_api_queue_for_domain_events" {
source = "github.com/ministryofjustice/cloud-platform-terraform-sqs?ref=5.1.0"

# Queue configuration
sqs_name = "oc_api_queue_for_domain_events"
encrypt_sqs_kms = "true"
message_retention_seconds = 1209600

redrive_policy = jsonencode({
deadLetterTargetArn = module.offender_categorisation_api_queue_for_domain_events_dead_letter_queue.sqs_arn
maxReceiveCount = 3
})

# Tags
business_unit = var.business_unit
application = var.application
is_production = var.is_production
team_name = var.team_name # also used for naming the queue
namespace = var.namespace
environment_name = var.environment_name
infrastructure_support = var.infrastructure_support

providers = {
aws = aws.london
}
}

resource "aws_sqs_queue_policy" "offender_categorisation_api_queue_for_domain_events_queue_policy" {
queue_url = module.offender_categorisation_api_queue_for_domain_events.sqs_id

policy = <<EOF
{
"Version": "2012-10-17",
"Id": "${module.offender_categorisation_api_queue_for_domain_events.sqs_arn}/SQSDefaultPolicy",
"Statement":
[
{
"Effect": "Allow",
"Principal": {"AWS": "*"},
"Resource": "${module.offender_categorisation_api_queue_for_domain_events.sqs_arn}",
"Action": "SQS:SendMessage",
"Condition":
{
"ArnEquals":
{
"aws:SourceArn": "${data.aws_ssm_parameter.hmpps-domain-events-topic-arn.value}"
}
}
}
]
}
EOF
}

module "offender_categorisation_api_queue_for_domain_events_dead_letter_queue" {
source = "github.com/ministryofjustice/cloud-platform-terraform-sqs?ref=5.1.0"

# Queue configuration
sqs_name = "oc_api_queue_for_domain_events_dl"
encrypt_sqs_kms = "true"

# Tags
business_unit = var.business_unit
application = var.application
is_production = var.is_production
team_name = var.team_name # also used for naming the queue
namespace = var.namespace
environment_name = var.environment_name
infrastructure_support = var.infrastructure_support

providers = {
aws = aws.london
}
}

resource "kubernetes_secret" "offender_categorisation_api_queue_for_domain_events" {
metadata {
name = "domain-events-offender-categorisation-api-queue"
namespace = var.namespace
}

data = {
sqs_queue_url = module.offender_categorisation_api_queue_for_domain_events.sqs_id
sqs_queue_arn = module.offender_categorisation_api_queue_for_domain_events.sqs_arn
sqs_queue_name = module.offender_categorisation_api_queue_for_domain_events.sqs_name
}
}

resource "kubernetes_secret" "offender_categorisation_api_queue_for_domain_events_dead_letter_queue" {
metadata {
name = "domain-events-offender-categorisation-api-dlq"
namespace = var.namespace
}

data = {
sqs_queue_url = module.offender_categorisation_api_queue_for_domain_events_dead_letter_queue.sqs_id
sqs_queue_arn = module.offender_categorisation_api_queue_for_domain_events_dead_letter_queue.sqs_arn
sqs_queue_name = module.offender_categorisation_api_queue_for_domain_events_dead_letter_queue.sqs_name
}
}

resource "aws_sns_topic_subscription" "offender_categorisation_api_queue_for_domain_events_subscription_details" {
provider = aws.london
topic_arn = data.aws_ssm_parameter.hmpps-domain-events-topic-arn.value
protocol = "sqs"
endpoint = module.offender_categorisation_api_queue_for_domain_events.sqs_arn
filter_policy = jsonencode({
eventType = [
"prisoner-offender-search.prisoner.released"
]
})
}
29 changes: 29 additions & 0 deletions ...e.cloud-platform.service.justice.gov.uk/offender-categorisation-preprod/resources/irsa.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,16 @@ locals {
"Digital-Prison-Services-preprod-offender_categorisation_events_queue" = "offender-events-preprod"
"Digital-Prison-Services-preprod-offender_categorisation_events_queue_dl" = "offender-events-preprod"
}
sns_topics_api = {
"cloud-platform-Digital-Prison-Services-15b2b4a6af7714848baeaf5f41c85fcd" = "hmpps-domain-events-preprod"
}
sqs_policies_oc = { for item in data.aws_ssm_parameter.irsa_policy_arns_sqs_oc : item.name => item.value }
sqs_policies_rp = { for item in data.aws_ssm_parameter.irsa_policy_arns_sqs_rp : item.name => item.value }
sqs_policies_api = { for item in data.aws_ssm_parameter.irsa_policy_arns_sqs_api : item.name => item.value }
irsa_policies_api = merge(local.sqs_policies_api, {
offender_categorisation_api_queue_for_domain_events = module.offender_categorisation_api_queue_for_domain_events.irsa_policy_arn
offender_categorisation_api_queue_for_domain_events_dead_letter_queue = module.offender_categorisation_api_queue_for_domain_events_dead_letter_queue.irsa_policy_arn
})
}

# IRSA for offender-categorisation deployment
Expand Down Expand Up @@ -50,6 +58,22 @@ module "irsa_offender_risk_profiler" {
infrastructure_support = var.infrastructure_support
}

# IRSA for hmpps-offender-categorisation-api deployment
module "irsa_hmpps_offender_categorisation_api" {
source = "github.com/ministryofjustice/cloud-platform-terraform-irsa?ref=2.0.0"
namespace = var.namespace
eks_cluster_name = var.eks_cluster_name
service_account_name = "hmpps-offender-categorisation-api"
role_policy_arns = local.irsa_policies_api
business_unit = var.business_unit
application = var.application
is_production = var.is_production
team_name = var.team_name
environment_name = var.environment_name
infrastructure_support = var.infrastructure_support
}


data "aws_ssm_parameter" "irsa_policy_arns_sqs_oc" {
for_each = local.sqs_queues_oc
name = "/${each.value}/sqs/${each.key}/irsa-policy-arn"
Expand All @@ -58,4 +82,9 @@ data "aws_ssm_parameter" "irsa_policy_arns_sqs_oc" {
data "aws_ssm_parameter" "irsa_policy_arns_sqs_rp" {
for_each = local.sqs_queues_rp
name = "/${each.value}/sqs/${each.key}/irsa-policy-arn"
}

data "aws_ssm_parameter" "irsa_policy_arns_sqs_api" {
for_each = local.sns_topics_api
name = "/${each.value}/sns/${each.key}/irsa-policy-arn"
}
Loading