Move SQS and Lambda to us-east-2

devksingh4 · devksingh4 · commit 228fd73e1dfd · 2025-10-20T16:44:41.000-05:00
diff --git a/.env.sample b/.env.sample
@@ -2,4 +2,4 @@ AadClientSecret=""
 RunEnvironment="dev"
 JwtSigningKey="YOUR_RANDOM_STRING HERE"
 VITE_RUN_ENVIRONMENT="local-dev"
-AWS_REGION=us-east-1
+AWS_REGION=us-east-2
diff --git a/generate_jwt.js b/generate_jwt.js
@@ -22,7 +22,7 @@ export const getSecretValue = async (secretId) => {
 };
 
 const secrets = await getSecretValue("infra-core-api-testing-credentials");
-const client = new STSClient({ region: "us-east-1" });
+const client = new STSClient({ region: "us-east-2" });
 const command = new GetCallerIdentityCommand({});
 let data;
 try {
diff --git a/src/common/config.ts b/src/common/config.ts
@@ -132,7 +132,7 @@ const environmentConfig: EnvironmentConfigType = {
     PasskitSerialNumber: "0",
     EmailDomain: "aws.qa.acmuiuc.org",
     SqsQueueUrl:
-      "https://sqs.us-east-1.amazonaws.com/427040638965/infra-core-api-sqs",
+      "https://sqs.us-east-2.amazonaws.com/427040638965/infra-core-api-sqs",
     PaidMemberGroupId: "9222451f-b354-4e64-ba28-c0f367a277c2",
     PaidMemberPriceId: "price_1S5eAqDGHrJxx3mKZYGoulj3",
     AadValidReadOnlyClientId: "2c6a0057-5acc-496c-a4e5-4adbf88387ba",
@@ -165,7 +165,7 @@ const environmentConfig: EnvironmentConfigType = {
     PasskitSerialNumber: "0",
     EmailDomain: "acm.illinois.edu",
     SqsQueueUrl:
-      "https://sqs.us-east-1.amazonaws.com/298118738376/infra-core-api-sqs",
+      "https://sqs.us-east-2.amazonaws.com/298118738376/infra-core-api-sqs",
     PaidMemberGroupId: "172fd9ee-69f0-4384-9786-41ff1a43cf8e",
     PaidMemberPriceId: MembershipPriceIdStripe,
     AadValidReadOnlyClientId: "2c6a0057-5acc-496c-a4e5-4adbf88387ba",
diff --git a/terraform/envs/prod/main.tf b/terraform/envs/prod/main.tf
@@ -55,6 +55,9 @@ module "sqs_queues" {
   source                        = "../../modules/sqs"
   resource_prefix               = var.ProjectId
   core_sqs_consumer_lambda_name = module.lambdas.core_sqs_consumer_lambda_name
+  providers = {
+    aws = aws.ohio
+  }
 }
 
 module "dynamo" {
@@ -112,6 +115,9 @@ module "lambdas" {
   PreviousOriginVerifyKeyExpiresAt = module.origin_verify.previous_invalid_time
   LogRetentionDays                 = var.LogRetentionDays
   EmailDomain                      = var.EmailDomain
+  providers = {
+    aws = aws.ohio
+  }
 }
 
 module "frontend" {
@@ -137,6 +143,8 @@ module "assets" {
 }
 
 resource "aws_lambda_event_source_mapping" "queue_consumer" {
+  provider                = aws.ohio
+  region                  = "us-east-2"
   depends_on              = [module.lambdas, module.sqs_queues]
   for_each                = local.queue_arns
   batch_size              = 5
diff --git a/terraform/envs/qa/main.tf b/terraform/envs/qa/main.tf
@@ -28,6 +28,18 @@ provider "aws" {
   }
 }
 
+provider "aws" {
+  allowed_account_ids = ["427040638965"]
+  alias               = "ohio"
+  region              = "us-east-2"
+  default_tags {
+    tags = {
+      project           = var.ProjectId
+      terraform_managed = true
+    }
+  }
+}
+
 data "aws_caller_identity" "current" {}
 data "aws_region" "current" {}
 
@@ -37,6 +49,9 @@ module "sqs_queues" {
   source                        = "../../modules/sqs"
   resource_prefix               = var.ProjectId
   core_sqs_consumer_lambda_name = module.lambdas.core_sqs_consumer_lambda_name
+  providers = {
+    aws = aws.ohio
+  }
 }
 locals {
   bucket_prefix = "${data.aws_caller_identity.current.account_id}-${data.aws_region.current.region}"
@@ -174,6 +189,8 @@ resource "aws_route53_record" "linkry" {
   }
 }
 resource "aws_lambda_event_source_mapping" "queue_consumer" {
+  provider                = aws.ohio
+  region                  = "us-east-2"
   depends_on              = [module.lambdas, module.sqs_queues]
   for_each                = local.queue_arns
   batch_size              = 5
diff --git a/terraform/modules/lambdas/main.tf b/terraform/modules/lambdas/main.tf
@@ -32,6 +32,7 @@ data "aws_caller_identity" "current" {}
 data "aws_region" "current" {}
 
 resource "aws_cloudwatch_log_group" "api_logs" {
+  region            = "us-east-2"
   name              = "/aws/lambda/${local.core_api_lambda_name}"
   retention_in_days = var.LogRetentionDays
 }
@@ -102,8 +103,8 @@ resource "aws_iam_policy" "entra_policy" {
         Effect = "Allow",
         Action = ["secretsmanager:GetSecretValue"],
         Resource = [
-          "arn:aws:secretsmanager:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-entra*",
-          "arn:aws:secretsmanager:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-ro-entra*"
+          "arn:aws:secretsmanager:us-east-2:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-entra*",
+          "arn:aws:secretsmanager:us-east-2:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-ro-entra*"
         ]
       }
     ]
@@ -119,7 +120,7 @@ resource "aws_iam_policy" "api_only_policy" {
         Effect = "Allow",
         Action = ["sqs:SendMessage"],
         Resource = [
-          "arn:aws:sqs:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:${var.ProjectId}-*",
+          "arn:aws:sqs:us-east-2:${data.aws_caller_identity.current.account_id}:${var.ProjectId}-*",
         ]
       }
     ]
@@ -188,9 +189,9 @@ resource "aws_iam_policy" "shared_iam_policy" {
         Action = ["secretsmanager:GetSecretValue"],
         Effect = "Allow",
         Resource = [
-          "arn:aws:secretsmanager:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-config*",
-          "arn:aws:secretsmanager:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-testing-credentials*",
-          "arn:aws:secretsmanager:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-uin-pepper*"
+          "arn:aws:secretsmanager:us-east-2:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-config*",
+          "arn:aws:secretsmanager:us-east-2:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-testing-credentials*",
+          "arn:aws:secretsmanager:us-east-2:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-uin-pepper*"
         ]
       },
       {
@@ -332,6 +333,7 @@ resource "aws_iam_role_policy_attachment" "sqs_attach_shared" {
 }
 
 resource "aws_lambda_function" "api_lambda" {
+  region           = "us-east-2"
   depends_on       = [aws_cloudwatch_log_group.api_logs]
   function_name    = local.core_api_lambda_name
   role             = aws_iam_role.api_role.arn
@@ -357,6 +359,7 @@ resource "aws_lambda_function" "api_lambda" {
 }
 
 resource "aws_lambda_function" "sqs_lambda" {
+  region     = "us-east-2"
   depends_on = [aws_cloudwatch_log_group.api_logs]
   logging_config {
     log_format = "JSON"
@@ -383,13 +386,15 @@ resource "aws_lambda_function" "sqs_lambda" {
 }
 
 resource "aws_lambda_function_url" "api_lambda_function_url" {
+  region             = "us-east-2"
   function_name      = aws_lambda_function.api_lambda.function_name
   authorization_type = "NONE"
   invoke_mode        = "RESPONSE_STREAM"
 }
 
 // Slow lambda - used for monitoring purposes to avoid triggering lamdba latency alarms
 resource "aws_lambda_function" "slow_lambda" {
+  region           = "us-east-2"
   depends_on       = [aws_cloudwatch_log_group.api_logs]
   function_name    = local.core_api_slow_lambda_name
   role             = aws_iam_role.api_role.arn
@@ -422,6 +427,7 @@ resource "aws_lambda_function_url" "slow_api_lambda_function_url" {
   function_name      = aws_lambda_function.slow_lambda.function_name
   authorization_type = "NONE"
   invoke_mode        = "RESPONSE_STREAM"
+  region             = "us-east-2"
 }
 
 module "lambda_warmer_main" {
diff --git a/terraform/modules/sqs/main.tf b/terraform/modules/sqs/main.tf
@@ -7,12 +7,14 @@ terraform {
 }
 
 resource "aws_sqs_queue" "app_dlq" {
+  region                     = "us-east-2"
   name                       = "${var.resource_prefix}-sqs-dlq"
   visibility_timeout_seconds = var.sqs_message_timeout
   message_retention_seconds  = 1209600
 }
 
 resource "aws_sqs_queue" "app_queue" {
+  region                     = "us-east-2"
   name                       = "${var.resource_prefix}-sqs"
   visibility_timeout_seconds = var.sqs_message_timeout
   redrive_policy = jsonencode({
@@ -22,6 +24,7 @@ resource "aws_sqs_queue" "app_queue" {
 }
 
 resource "aws_sqs_queue" "sales_email_queue" {
+  region                     = "us-east-2"
   name                       = "${var.resource_prefix}-sqs-sales"
   visibility_timeout_seconds = var.sqs_message_timeout
   redrive_policy = jsonencode({

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,7 @@ data "aws_caller_identity" "current" {}`
`32`	`32`	`data "aws_region" "current" {}`
`33`	`33`
`34`	`34`	`resource "aws_cloudwatch_log_group" "api_logs" {`
	`35`	`+ region = "us-east-2"`
`35`	`36`	`name = "/aws/lambda/${local.core_api_lambda_name}"`
`36`	`37`	`retention_in_days = var.LogRetentionDays`
`37`	`38`	`}`
`@@ -102,8 +103,8 @@ resource "aws_iam_policy" "entra_policy" {`
`102`	`103`	`Effect = "Allow",`
`103`	`104`	`Action = ["secretsmanager:GetSecretValue"],`
`104`	`105`	`Resource = [`
`105`		`- "arn:aws:secretsmanager:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-entra*",`
`106`		`- "arn:aws:secretsmanager:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-ro-entra*"`
	`106`	`+ "arn:aws:secretsmanager:us-east-2:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-entra*",`
	`107`	`+ "arn:aws:secretsmanager:us-east-2:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-ro-entra*"`
`107`	`108`	`]`
`108`	`109`	`}`
`109`	`110`	`]`
`@@ -119,7 +120,7 @@ resource "aws_iam_policy" "api_only_policy" {`
`119`	`120`	`Effect = "Allow",`
`120`	`121`	`Action = ["sqs:SendMessage"],`
`121`	`122`	`Resource = [`
`122`		`- "arn:aws:sqs:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:${var.ProjectId}-*",`
	`123`	`+ "arn:aws:sqs:us-east-2:${data.aws_caller_identity.current.account_id}:${var.ProjectId}-*",`
`123`	`124`	`]`
`124`	`125`	`}`
`125`	`126`	`]`
`@@ -188,9 +189,9 @@ resource "aws_iam_policy" "shared_iam_policy" {`
`188`	`189`	`Action = ["secretsmanager:GetSecretValue"],`
`189`	`190`	`Effect = "Allow",`
`190`	`191`	`Resource = [`
`191`		`- "arn:aws:secretsmanager:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-config*",`
`192`		`- "arn:aws:secretsmanager:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-testing-credentials*",`
`193`		`- "arn:aws:secretsmanager:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-uin-pepper*"`
	`192`	`+ "arn:aws:secretsmanager:us-east-2:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-config*",`
	`193`	`+ "arn:aws:secretsmanager:us-east-2:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-testing-credentials*",`
	`194`	`+ "arn:aws:secretsmanager:us-east-2:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-uin-pepper*"`
`194`	`195`	`]`
`195`	`196`	`},`
`196`	`197`	`{`
`@@ -332,6 +333,7 @@ resource "aws_iam_role_policy_attachment" "sqs_attach_shared" {`
`332`	`333`	`}`
`333`	`334`
`334`	`335`	`resource "aws_lambda_function" "api_lambda" {`
	`336`	`+ region = "us-east-2"`
`335`	`337`	`depends_on = [aws_cloudwatch_log_group.api_logs]`
`336`	`338`	`function_name = local.core_api_lambda_name`
`337`	`339`	`role = aws_iam_role.api_role.arn`
`@@ -357,6 +359,7 @@ resource "aws_lambda_function" "api_lambda" {`
`357`	`359`	`}`
`358`	`360`
`359`	`361`	`resource "aws_lambda_function" "sqs_lambda" {`
	`362`	`+ region = "us-east-2"`
`360`	`363`	`depends_on = [aws_cloudwatch_log_group.api_logs]`
`361`	`364`	`logging_config {`
`362`	`365`	`log_format = "JSON"`
`@@ -383,13 +386,15 @@ resource "aws_lambda_function" "sqs_lambda" {`
`383`	`386`	`}`
`384`	`387`
`385`	`388`	`resource "aws_lambda_function_url" "api_lambda_function_url" {`
	`389`	`+ region = "us-east-2"`
`386`	`390`	`function_name = aws_lambda_function.api_lambda.function_name`
`387`	`391`	`authorization_type = "NONE"`
`388`	`392`	`invoke_mode = "RESPONSE_STREAM"`
`389`	`393`	`}`
`390`	`394`
`391`	`395`	`// Slow lambda - used for monitoring purposes to avoid triggering lamdba latency alarms`
`392`	`396`	`resource "aws_lambda_function" "slow_lambda" {`
	`397`	`+ region = "us-east-2"`
`393`	`398`	`depends_on = [aws_cloudwatch_log_group.api_logs]`
`394`	`399`	`function_name = local.core_api_slow_lambda_name`
`395`	`400`	`role = aws_iam_role.api_role.arn`
`@@ -422,6 +427,7 @@ resource "aws_lambda_function_url" "slow_api_lambda_function_url" {`
`422`	`427`	`function_name = aws_lambda_function.slow_lambda.function_name`
`423`	`428`	`authorization_type = "NONE"`
`424`	`429`	`invoke_mode = "RESPONSE_STREAM"`
	`430`	`+ region = "us-east-2"`
`425`	`431`	`}`
`426`	`432`
`427`	`433`	`module "lambda_warmer_main" {`
Original file line number	Diff line number	Diff line change
`@@ -7,12 +7,14 @@ terraform {`
`7`	`7`	`}`
`8`	`8`
`9`	`9`	`resource "aws_sqs_queue" "app_dlq" {`
	`10`	`+ region = "us-east-2"`
`10`	`11`	`name = "${var.resource_prefix}-sqs-dlq"`
`11`	`12`	`visibility_timeout_seconds = var.sqs_message_timeout`
`12`	`13`	`message_retention_seconds = 1209600`
`13`	`14`	`}`
`14`	`15`
`15`	`16`	`resource "aws_sqs_queue" "app_queue" {`
	`17`	`+ region = "us-east-2"`
`16`	`18`	`name = "${var.resource_prefix}-sqs"`
`17`	`19`	`visibility_timeout_seconds = var.sqs_message_timeout`
`18`	`20`	`redrive_policy = jsonencode({`
`@@ -22,6 +24,7 @@ resource "aws_sqs_queue" "app_queue" {`
`22`	`24`	`}`
`23`	`25`
`24`	`26`	`resource "aws_sqs_queue" "sales_email_queue" {`
	`27`	`+ region = "us-east-2"`
`25`	`28`	`name = "${var.resource_prefix}-sqs-sales"`
`26`	`29`	`visibility_timeout_seconds = var.sqs_message_timeout`
`27`	`30`	`redrive_policy = jsonencode({`