Skip to content

Commit

Permalink
ehr-ingestion bucket logging (#159)
Browse files Browse the repository at this point in the history
  • Loading branch information
chrisbloe-nhse authored Feb 21, 2024
1 parent df63b22 commit 5a646ee
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 11 deletions.
6 changes: 5 additions & 1 deletion terraform/modules/suspension-service/data.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,8 @@ data "aws_ssm_parameter" "suspensions_sns_topic_arn" {

data "aws_ssm_parameter" "suspensions_kms_key_id" {
name = "/repo/${var.environment}/output/prm-deductions-nems-event-processor/suspensions-kms-key-id"
}
}

data "aws_s3_bucket" "access_logs" {
bucket = "${var.environment}-orc-access-logs"
}
44 changes: 34 additions & 10 deletions terraform/modules/suspension-service/s3.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,44 @@ locals {

resource "aws_s3_bucket" "ingestion_bucket" {
bucket = local.ingestion_bucket_name
acl = "private"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}

tags = {
Name = local.ingestion_bucket_name
Environment = var.environment
}

lifecycle {
ignore_changes = [
logging,
server_side_encryption_configuration
]
}
}

resource "aws_s3_bucket_logging" "ingestion_bucket" {
bucket = aws_s3_bucket.ingestion_bucket.id

target_bucket = data.aws_s3_bucket.access_logs.id
target_prefix = "${local.ingestion_bucket_name}/"
}

resource "aws_s3_bucket_server_side_encryption_configuration" "ingestion_bucket" {
bucket = aws_s3_bucket.ingestion_bucket.id

rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}

resource "aws_s3_bucket_public_access_block" "ingestion_bucket" {
bucket = aws_s3_bucket.ingestion_bucket.bucket

block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}

resource "aws_s3_bucket_policy" "ingestion_bucket_policy" {
Expand Down Expand Up @@ -54,5 +80,3 @@ resource "aws_iam_policy" "ingestion_bucket_get_object_policy" {
]
})
}


0 comments on commit 5a646ee

Please sign in to comment.