Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

5809 batch alarms publish permissions #390

Merged
merged 11 commits into from
Oct 15, 2024
Merged

5809 batch alarms publish permissions #390

merged 11 commits into from
Oct 15, 2024

Conversation

Wi11Shell
Copy link
Contributor

Description

fixing failed invocations:
https://repost.aws/knowledge-center/sns-not-getting-eventbridge-notification

Related issue: https://dvsa.atlassian.net/browse/VOL-5809

Before submitting (or marking as "ready for review")

  • Does the pull request title follow the conventional commit specification?
  • Have you performed a self-review of the code
  • Have you have added tests that prove the fix or feature is effective and working
  • Did you make sure to update any documentation relating to this change?

@Wi11Shell Wi11Shell requested a review from a team as a code owner October 15, 2024 09:26
@github-actions GitHub Actions
Copy link
Contributor

Terraform plan for environment: dev

Commit: 7d71451

API version: 790df66
CLI version: 790df66
Selfserve version: 790df66
Internal version: 790df66

Plan summary

0 to add, 2 to change, 4 to destroy

🗑️ Deletes

module.service.module.sqs_deadletter.aws_sqs_queue.dlq[0]
module.service.module.sqs_deadletter.aws_sqs_queue.this[0]
module.service.module.sqs_deadletter.aws_sqs_queue_redrive_allow_policy.dlq[0]
module.service.module.sqs_deadletter.aws_sqs_queue_redrive_policy.dlq[0]

🔄 Updates

module.service.module.eventbridge_sns.aws_cloudwatch_event_target.this["batch-fail-event"]
module.service.module.sns_batch_failure.aws_sns_topic_policy.this[0]
Show full plan 
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.service.module.eventbridge_sns.aws_cloudwatch_event_target.this["batch-fail-event"] will be updated in-place
  ~ resource "aws_cloudwatch_event_target" "this" {
        id             = "vol-app-dev-batch-failure-event-rule-terraform-20241009140628712300000001"
        # (8 unchanged attributes hidden)

      ~ dead_letter_config (known after apply)
      - dead_letter_config {
          - arn = "arn:aws:sqs:eu-west-1:054614622558:vol-app-dev-batch-failure-dlq" -> null
        }
    }

  # module.service.module.sns_batch_failure.aws_sns_topic_policy.this[0] will be updated in-place
  ~ resource "aws_sns_topic_policy" "this" {
        id     = "arn:aws:sns:eu-west-1:054614622558:vol-app-dev-batch-failure-topic-20241009122927526300000002"
      ~ policy = jsonencode(
          ~ {
              ~ Statement = [
                    # (1 unchanged element hidden)
                    {
                        Action    = "sns:Publish"
                        Effect    = "Allow"
                        Principal = {
                            AWS = "arn:aws:iam::054614622558:root"
                        }
                        Resource  = "arn:aws:sns:eu-west-1:054614622558:vol-app-dev-batch-failure-topic-20241009122927526300000002"
                        Sid       = "pub"
                    },
                  ~ {
                      ~ Action    = [
                            # (1 unchanged element hidden)
                            "sns:Receive",
                          + "sns:Publish",
                        ]
                        # (5 unchanged attributes hidden)
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        # (2 unchanged attributes hidden)
    }

  # module.service.module.sqs_deadletter.aws_sqs_queue.dlq[0] must be replaced
-/+ resource "aws_sqs_queue" "dlq" {
      ~ arn                               = "arn:aws:sqs:eu-west-1:054614622558:vol-app-dev-batch-failure-dlq-dlq" -> (known after apply)
      + deduplication_scope               = (known after apply)
      + fifo_throughput_limit             = (known after apply)
      ~ id                                = "https://sqs.eu-west-1.amazonaws.com/054614622558/vol-app-dev-batch-failure-dlq-dlq" -> (known after apply)
      ~ kms_data_key_reuse_period_seconds = 300 -> (known after apply)
      ~ name                              = "vol-app-dev-batch-failure-dlq-dlq" -> "vol-app-dev-batch-failure-queue-dlq" # forces replacement
      + name_prefix                       = (known after apply)
      + policy                            = (known after apply)
      ~ redrive_allow_policy              = jsonencode(
            {
              - redrivePermission = "byQueue"
              - sourceQueueArns   = [
                  - "arn:aws:sqs:eu-west-1:054614622558:vol-app-dev-batch-failure-dlq",
                ]
            }
        ) -> (known after apply)
      + redrive_policy                    = (known after apply)
      - tags                              = {} -> null
      ~ url                               = "https://sqs.eu-west-1.amazonaws.com/054614622558/vol-app-dev-batch-failure-dlq-dlq" -> (known after apply)
        # (10 unchanged attributes hidden)
    }

  # module.service.module.sqs_deadletter.aws_sqs_queue.this[0] must be replaced
-/+ resource "aws_sqs_queue" "this" {
      ~ arn                               = "arn:aws:sqs:eu-west-1:054614622558:vol-app-dev-batch-failure-dlq" -> (known after apply)
      + deduplication_scope               = (known after apply)
      + fifo_throughput_limit             = (known after apply)
      ~ id                                = "https://sqs.eu-west-1.amazonaws.com/054614622558/vol-app-dev-batch-failure-dlq" -> (known after apply)
      ~ kms_data_key_reuse_period_seconds = 300 -> (known after apply)
      ~ name                              = "vol-app-dev-batch-failure-dlq" -> "vol-app-dev-batch-failure-queue" # forces replacement
      + name_prefix                       = (known after apply)
      + policy                            = (known after apply)
      + redrive_allow_policy              = (known after apply)
      ~ redrive_policy                    = jsonencode(
            {
              - deadLetterTargetArn = "arn:aws:sqs:eu-west-1:054614622558:vol-app-dev-batch-failure-dlq-dlq"
              - maxReceiveCount     = 10
            }
        ) -> (known after apply)
      - tags                              = {} -> null
      ~ url                               = "https://sqs.eu-west-1.amazonaws.com/054614622558/vol-app-dev-batch-failure-dlq" -> (known after apply)
        # (10 unchanged attributes hidden)
    }

  # module.service.module.sqs_deadletter.aws_sqs_queue_redrive_allow_policy.dlq[0] must be replaced
-/+ resource "aws_sqs_queue_redrive_allow_policy" "dlq" {
      ~ id                   = "https://sqs.eu-west-1.amazonaws.com/054614622558/vol-app-dev-batch-failure-dlq-dlq" -> (known after apply)
      ~ queue_url            = "https://sqs.eu-west-1.amazonaws.com/054614622558/vol-app-dev-batch-failure-dlq-dlq" -> (known after apply) # forces replacement
      ~ redrive_allow_policy = jsonencode(
            {
              - redrivePermission = "byQueue"
              - sourceQueueArns   = [
                  - "arn:aws:sqs:eu-west-1:054614622558:vol-app-dev-batch-failure-dlq",
                ]
            }
        ) -> (known after apply)
    }

  # module.service.module.sqs_deadletter.aws_sqs_queue_redrive_policy.dlq[0] must be replaced
-/+ resource "aws_sqs_queue_redrive_policy" "dlq" {
      ~ id             = "https://sqs.eu-west-1.amazonaws.com/054614622558/vol-app-dev-batch-failure-dlq" -> (known after apply)
      ~ queue_url      = "https://sqs.eu-west-1.amazonaws.com/054614622558/vol-app-dev-batch-failure-dlq" -> (known after apply) # forces replacement
      ~ redrive_policy = jsonencode(
            {
              - deadLetterTargetArn = "arn:aws:sqs:eu-west-1:054614622558:vol-app-dev-batch-failure-dlq-dlq"
              - maxReceiveCount     = 10
            }
        ) -> (known after apply)
    }

Plan: 4 to add, 2 to change, 4 to destroy.

@github-actions GitHub Actions
Copy link
Contributor

Terraform plan for environment: int

Commit: 7d71451

API version: 790df66
CLI version: 790df66
Selfserve version: 790df66
Internal version: 790df66

Plan summary

0 to add, 2 to change, 4 to destroy

🗑️ Deletes

module.service.module.sqs_deadletter.aws_sqs_queue.dlq[0]
module.service.module.sqs_deadletter.aws_sqs_queue.this[0]
module.service.module.sqs_deadletter.aws_sqs_queue_redrive_allow_policy.dlq[0]
module.service.module.sqs_deadletter.aws_sqs_queue_redrive_policy.dlq[0]

🔄 Updates

module.service.module.eventbridge_sns.aws_cloudwatch_event_target.this["batch-fail-event"]
module.service.module.sns_batch_failure.aws_sns_topic_policy.this[0]
Show full plan 
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.service.module.eventbridge_sns.aws_cloudwatch_event_target.this["batch-fail-event"] will be updated in-place
  ~ resource "aws_cloudwatch_event_target" "this" {
        id             = "vol-app-int-batch-failure-event-rule-terraform-20241009154107992900000001"
        # (8 unchanged attributes hidden)

      ~ dead_letter_config (known after apply)
      - dead_letter_config {
          - arn = "arn:aws:sqs:eu-west-1:054614622558:vol-app-int-batch-failure-dlq" -> null
        }
    }

  # module.service.module.sns_batch_failure.aws_sns_topic_policy.this[0] will be updated in-place
  ~ resource "aws_sns_topic_policy" "this" {
        id     = "arn:aws:sns:eu-west-1:054614622558:vol-app-int-batch-failure-topic-20241009140715202500000002"
      ~ policy = jsonencode(
          ~ {
              ~ Statement = [
                    # (1 unchanged element hidden)
                    {
                        Action    = "sns:Publish"
                        Effect    = "Allow"
                        Principal = {
                            AWS = "arn:aws:iam::054614622558:root"
                        }
                        Resource  = "arn:aws:sns:eu-west-1:054614622558:vol-app-int-batch-failure-topic-20241009140715202500000002"
                        Sid       = "pub"
                    },
                  ~ {
                      ~ Action    = [
                            # (1 unchanged element hidden)
                            "sns:Receive",
                          + "sns:Publish",
                        ]
                        # (5 unchanged attributes hidden)
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        # (2 unchanged attributes hidden)
    }

  # module.service.module.sqs_deadletter.aws_sqs_queue.dlq[0] must be replaced
-/+ resource "aws_sqs_queue" "dlq" {
      ~ arn                               = "arn:aws:sqs:eu-west-1:054614622558:vol-app-int-batch-failure-dlq-dlq" -> (known after apply)
      + deduplication_scope               = (known after apply)
      + fifo_throughput_limit             = (known after apply)
      ~ id                                = "https://sqs.eu-west-1.amazonaws.com/054614622558/vol-app-int-batch-failure-dlq-dlq" -> (known after apply)
      ~ kms_data_key_reuse_period_seconds = 300 -> (known after apply)
      ~ name                              = "vol-app-int-batch-failure-dlq-dlq" -> "vol-app-int-batch-failure-queue-dlq" # forces replacement
      + name_prefix                       = (known after apply)
      + policy                            = (known after apply)
      ~ redrive_allow_policy              = jsonencode(
            {
              - redrivePermission = "byQueue"
              - sourceQueueArns   = [
                  - "arn:aws:sqs:eu-west-1:054614622558:vol-app-int-batch-failure-dlq",
                ]
            }
        ) -> (known after apply)
      + redrive_policy                    = (known after apply)
      - tags                              = {} -> null
      ~ url                               = "https://sqs.eu-west-1.amazonaws.com/054614622558/vol-app-int-batch-failure-dlq-dlq" -> (known after apply)
        # (10 unchanged attributes hidden)
    }

  # module.service.module.sqs_deadletter.aws_sqs_queue.this[0] must be replaced
-/+ resource "aws_sqs_queue" "this" {
      ~ arn                               = "arn:aws:sqs:eu-west-1:054614622558:vol-app-int-batch-failure-dlq" -> (known after apply)
      + deduplication_scope               = (known after apply)
      + fifo_throughput_limit             = (known after apply)
      ~ id                                = "https://sqs.eu-west-1.amazonaws.com/054614622558/vol-app-int-batch-failure-dlq" -> (known after apply)
      ~ kms_data_key_reuse_period_seconds = 300 -> (known after apply)
      ~ name                              = "vol-app-int-batch-failure-dlq" -> "vol-app-int-batch-failure-queue" # forces replacement
      + name_prefix                       = (known after apply)
      + policy                            = (known after apply)
      + redrive_allow_policy              = (known after apply)
      ~ redrive_policy                    = jsonencode(
            {
              - deadLetterTargetArn = "arn:aws:sqs:eu-west-1:054614622558:vol-app-int-batch-failure-dlq-dlq"
              - maxReceiveCount     = 10
            }
        ) -> (known after apply)
      - tags                              = {} -> null
      ~ url                               = "https://sqs.eu-west-1.amazonaws.com/054614622558/vol-app-int-batch-failure-dlq" -> (known after apply)
        # (10 unchanged attributes hidden)
    }

  # module.service.module.sqs_deadletter.aws_sqs_queue_redrive_allow_policy.dlq[0] must be replaced
-/+ resource "aws_sqs_queue_redrive_allow_policy" "dlq" {
      ~ id                   = "https://sqs.eu-west-1.amazonaws.com/054614622558/vol-app-int-batch-failure-dlq-dlq" -> (known after apply)
      ~ queue_url            = "https://sqs.eu-west-1.amazonaws.com/054614622558/vol-app-int-batch-failure-dlq-dlq" -> (known after apply) # forces replacement
      ~ redrive_allow_policy = jsonencode(
            {
              - redrivePermission = "byQueue"
              - sourceQueueArns   = [
                  - "arn:aws:sqs:eu-west-1:054614622558:vol-app-int-batch-failure-dlq",
                ]
            }
        ) -> (known after apply)
    }

  # module.service.module.sqs_deadletter.aws_sqs_queue_redrive_policy.dlq[0] must be replaced
-/+ resource "aws_sqs_queue_redrive_policy" "dlq" {
      ~ id             = "https://sqs.eu-west-1.amazonaws.com/054614622558/vol-app-int-batch-failure-dlq" -> (known after apply)
      ~ queue_url      = "https://sqs.eu-west-1.amazonaws.com/054614622558/vol-app-int-batch-failure-dlq" -> (known after apply) # forces replacement
      ~ redrive_policy = jsonencode(
            {
              - deadLetterTargetArn = "arn:aws:sqs:eu-west-1:054614622558:vol-app-int-batch-failure-dlq-dlq"
              - maxReceiveCount     = 10
            }
        ) -> (known after apply)
    }

Plan: 4 to add, 2 to change, 4 to destroy.

@barkerl barkerl merged commit 2ef8382 into main Oct 15, 2024
2 checks passed
@barkerl barkerl deleted the 5809-batch-alarms branch October 15, 2024 09:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@barkerl barkerl barkerl approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Wi11Shell @barkerl