From 3accc2a0bfdcd311a217769be5000ed6bfb03a27 Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 12:24:58 +0000
Subject: [PATCH 01/17] change circleci config.yml

---
 .circleci/config.yml | 293 ++++---------------------------------------
 1 file changed, 21 insertions(+), 272 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 92c852a..2e4e1da 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -103,308 +103,57 @@ commands:
             sls deploy --stage <<parameters.stage>> --conceal
 
 jobs:
-  check-code-formatting:
-    executor: docker-dotnet
-    steps:
-      - checkout
-      - run:
-          name: Install dotnet format
-          command: dotnet tool install dotnet-format --tool-path ./dotnet-format-local/
-      - run:
-          name: Run formatter check
-          command: ./dotnet-format-local/dotnet-format --check
-  build-and-test:
-    executor: docker-python
-    steps:
-      - checkout
-      - setup_remote_docker
-      - run:
-          name: build
-          command: docker compose build configuration-api-test
-      - run:
-          name: Run tests
-          command: docker compose run configuration-api-test
-      - run:
-          name: Prepare the report
-          command: |
-            mkdir coverage
-            docker cp $(docker ps -aqf "name=configuration-api-test"):/app/coverage ./
-            sed -i "s|/app/|$(pwd)/|g" coverage/*/coverage.opencover.xml
-      - sonarcloud/scan
-  assume-role-development:
-    executor: docker-python
-    steps:
-      - assume-role-and-persist-workspace:
-          aws-account: $AWS_ACCOUNT_DEVELOPMENT
-  assume-role-staging:
-    executor: docker-python
-    steps:
-      - assume-role-and-persist-workspace:
-          aws-account: $AWS_ACCOUNT_STAGING
-  assume-role-production:
+  assume-role-disaster-recovery:
     executor: docker-python
     steps:
       - assume-role-and-persist-workspace:
-          aws-account: $AWS_ACCOUNT_PRODUCTION
-  terraform-init-and-apply-to-development:
+          aws-account: $AWS_ACCOUNT_DISASTER_RECOVERY
+  terraform-init-and-apply-to-disaster-recovery:
     executor: docker-terraform
     steps:
       - terraform-init-then-apply:
-          environment: "development"
-  terraform-init-and-apply-to-staging:
-    executor: docker-terraform
-    steps:
-      - terraform-init-then-apply:
-          environment: "staging"
-  terraform-init-and-apply-to-production:
-    executor: docker-terraform
-    steps:
-      - terraform-init-then-apply:
-          environment: "production"
-  preview-development-terraform:
-    executor: docker-terraform
-    steps:
-      - terraform-preview:
-          environment: "development"
-  preview-staging-terraform:
-    executor: docker-terraform
-    steps:
-      - terraform-preview:
-          environment: "staging"
-  preview-production-terraform:
-    executor: docker-terraform
-    steps:
-      - terraform-preview:
-          environment: "production"
-  deploy-to-development:
-    executor: docker-dotnet
-    steps:
-      - deploy-lambda:
-          stage: "development"
-  deploy-to-staging:
-    executor: docker-dotnet
-    steps:
-      - deploy-lambda:
-          stage: "staging"
-  deploy-to-production:
-    executor: docker-dotnet
-    steps:
-      - deploy-lambda:
-          stage: "production"
-  assume-role-pre-production:
-    executor: docker-python
-    steps:
-      - assume-role-and-persist-workspace:
-          aws-account: $AWS_ACCOUNT_PRE_PRODUCTION
-  preview-pre-production-terraform:
+          environment: "disaster-recovery"
+  preview-disaster-recovery-terraform:
     executor: docker-terraform
     steps:
       - terraform-preview:
-          environment: "pre-production"
-  terraform-init-and-apply-pre-production:
-    executor: docker-terraform
-    steps:
-      - terraform-init-then-apply:
-          environment: "pre-production"
-  deploy-to-pre-production:
+          environment: "disaster-recovery"
+  deploy-to-disaster-recovery:
     executor: docker-dotnet
     steps:
       - deploy-lambda:
-          stage: "pre-production"
+          stage: "disaster-recovery"
 
 workflows:
   feature:
     jobs:
-      - check-code-formatting:
-          context: api-nuget-token-context
-          filters:
-            branches:
-              ignore:
-                - master
-                - release
-      - build-and-test:
-          context:
-            - api-nuget-token-context
-            - SonarCloud
-          filters:
-            branches:
-              ignore:
-                - master
-                - release
-      - assume-role-development:
-          context: api-assume-role-housing-development-context
-          filters:
-            branches:
-              ignore:
-                - master
-                - release
-      - preview-development-terraform:
-          requires:
-            - assume-role-development
-      - assume-role-staging:
-          context: api-assume-role-housing-staging-context
+      - assume-role-disaster-recovery:
+          context: api-assume-role-housing-disaster-recovery-context
           filters:
             branches:
               ignore:
                 - master
                 - release
-      - preview-staging-terraform:
+      - preview-disaster-recovery-terraform:
           requires:
-            - assume-role-staging
-      - assume-role-production:
-          context: api-assume-role-housing-production-context
-          filters:
-            branches:
-              ignore:
-                - master
-                - release
-      - preview-production-terraform:
-          requires:
-            - assume-role-production
-  development:
-    jobs:
-      - check-code-formatting:
-          context: api-nuget-token-context
-          filters:
-            branches:
-              only: master
-      - build-and-test:
-          context:
-            - api-nuget-token-context
-            - SonarCloud
-          filters:
-            branches:
-              only: master
-      - assume-role-development:
-          context: api-assume-role-housing-development-context
-          requires:
-            - build-and-test
-          filters:
-            branches:
-              only: master
-      - terraform-init-and-apply-to-development:
-          requires:
-            - assume-role-development
-          filters:
-            branches:
-              only: master
-      - deploy-to-development:
-          context:
-            - api-nuget-token-context
-            - "Serverless Framework"
-          requires:
-            - terraform-init-and-apply-to-development
-          filters:
-            branches:
-              only: master
-  staging-and-production:
+            - assume-role-disaster-recovery
+  disaster-recovery:
       jobs:
-      - check-code-formatting:
-          context: api-nuget-token-context
-          filters:
-            branches:
-              only: release
-      - build-and-test:
-          context:
-            - api-nuget-token-context
-            - SonarCloud
-          filters:
-            branches:
-              only: release
-      - assume-role-staging:
-          context: api-assume-role-housing-staging-context
-          requires:
-              - build-and-test
-          filters:
-             branches:
-               only: release
-      - terraform-init-and-apply-to-staging:
+      - assume-role-disaster-recovery:
+          context: api-assume-role-disaster-recovery-context
+      - terraform-init-and-apply-to-disaster-recovery:
           requires:
-            - assume-role-staging
-          filters:
-            branches:
-              only: release
-      - deploy-to-staging:
-          context:
-            - api-nuget-token-context
-            - "Serverless Framework"
-          requires:
-            - terraform-init-and-apply-to-staging
-          filters:
-            branches:
-              only: release
-      - permit-production-terraform-release:
-          type: approval
-          requires:
-            - deploy-to-staging
-      - assume-role-production:
-          context: api-assume-role-housing-production-context
-          requires:
-              - permit-production-terraform-release
-          filters:
-             branches:
-               only: release
-      - terraform-init-and-apply-to-production:
-          requires:
-            - assume-role-production
-          filters:
-            branches:
-              only: release
-      - permit-production-release:
+            - assume-role-disaster-recovery
+      - permit-disaster-recovery-release:
           type: approval
           requires:
-            - terraform-init-and-apply-to-production
+            - terraform-init-and-apply-to-disaster-recovery
           filters:
             branches:
               only: release
-      - deploy-to-production:
+      - deploy-to-disaster-recovery:
           context:
             - api-nuget-token-context
             - "Serverless Framework"
           requires:
-            - permit-production-release
-          filters:
-            branches:
-              only: release
-
-  deploy-terraform-pre-production:
-    jobs:
-      - permit-pre-production-terraform-workflow:
-          type: approval
-          filters:
-            branches:
-              only: release
-      - assume-role-pre-production:
-          context: api-assume-role-housing-pre-production-context
-          requires:
-            - permit-pre-production-terraform-workflow
-      - preview-pre-production-terraform:
-          requires:
-            - assume-role-pre-production
-      - permit-pre-production-terraform-deployment:
-          type: approval
-          requires:
-            - preview-pre-production-terraform
-      - terraform-init-and-apply-pre-production:
-          requires:
-            - permit-pre-production-terraform-deployment
-
-  deploy-code-pre-production:
-    jobs:
-      - build-and-test:
-          filters:
-            branches:
-              only: release
-          context: 
-            - api-nuget-token-context
-            - SonarCloud
-      - assume-role-pre-production:
-          context: api-assume-role-housing-pre-production-context
-          requires:
-            - build-and-test
-      - deploy-to-pre-production:
-          context:
-          - api-nuget-token-context
-          - "Serverless Framework"
-          requires:
-            - assume-role-pre-production        
+            - permit-disaster-recovery-release   

From 564b4fb33cc3407511643180d35310fe0654afb6 Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 12:28:03 +0000
Subject: [PATCH 02/17] revert

---
 .circleci/config.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 2e4e1da..534adbc 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -112,17 +112,17 @@ jobs:
     executor: docker-terraform
     steps:
       - terraform-init-then-apply:
-          environment: "disaster-recovery"
+          environment: "production"
   preview-disaster-recovery-terraform:
     executor: docker-terraform
     steps:
       - terraform-preview:
-          environment: "disaster-recovery"
+          environment: "production"
   deploy-to-disaster-recovery:
     executor: docker-dotnet
     steps:
       - deploy-lambda:
-          stage: "disaster-recovery"
+          stage: "production"
 
 workflows:
   feature:

From 65bccf11afe14ed5ec86e0a3da5aedf9704acea6 Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 12:31:54 +0000
Subject: [PATCH 03/17] comment out policy

---
 ConfigurationApi/serverless.yml | 34 ++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/ConfigurationApi/serverless.yml b/ConfigurationApi/serverless.yml
index 59b4e76..d9931bb 100644
--- a/ConfigurationApi/serverless.yml
+++ b/ConfigurationApi/serverless.yml
@@ -79,23 +79,23 @@ resources:
         ManagedPolicyArns:
           - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
           - arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess
-        Policies:
-          - PolicyName: manageLogs
-            PolicyDocument:
-              Version: '2012-10-17'
-              Statement:
-                - Effect: Allow
-                  Action:
-                    - logs:CreateLogGroup
-                    - logs:CreateLogStream
-                    - logs:PutLogEvents
-                  Resource:
-                    - 'Fn::Join':
-                        - ':'
-                        - - 'arn:aws:logs'
-                          - Ref: 'AWS::Region'
-                          - Ref: 'AWS::AccountId'
-                          - 'log-group:/aws/lambda/*:*:*'
+        # Policies:
+          # - PolicyName: manageLogs
+          #   PolicyDocument:
+          #     Version: '2012-10-17'
+          #     Statement:
+          #       - Effect: Allow
+          #         Action:
+          #           - logs:CreateLogGroup
+          #           - logs:CreateLogStream
+          #           - logs:PutLogEvents
+          #         Resource:
+          #           - 'Fn::Join':
+          #               - ':'
+          #               - - 'arn:aws:logs'
+          #                 - Ref: 'AWS::Region'
+          #                 - Ref: 'AWS::AccountId'
+          #                 - 'log-group:/aws/lambda/*:*:*'
 
           - PolicyName: lambdaInvocation
             PolicyDocument:

From cc743434486af39ccf90e3483e24de6adfe75f46 Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 12:34:00 +0000
Subject: [PATCH 04/17] comment out s3 access

---
 ConfigurationApi/serverless.yml | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/ConfigurationApi/serverless.yml b/ConfigurationApi/serverless.yml
index d9931bb..030762c 100644
--- a/ConfigurationApi/serverless.yml
+++ b/ConfigurationApi/serverless.yml
@@ -106,17 +106,17 @@ resources:
                     - "lambda:InvokeFunction"
                   Resource: "*"
 
-          - PolicyName: s3Access
-            PolicyDocument:
-              Version: '2012-10-17'
-              Statement:
-                - Effect: Allow
-                  Action:
-                    - "s3:GetObject"
-                    - "s3:ListBucket"
-                  Resource:
-                    - 'arn:aws:s3:::${ssm:/configuration-api/${self:provider.stage}/bucket-name}'
-                    - 'arn:aws:s3:::${ssm:/configuration-api/${self:provider.stage}/bucket-name}/*'
+          # - PolicyName: s3Access
+          #   PolicyDocument:
+          #     Version: '2012-10-17'
+          #     Statement:
+          #       - Effect: Allow
+          #         Action:
+          #           - "s3:GetObject"
+          #           - "s3:ListBucket"
+          #         Resource:
+          #           - 'arn:aws:s3:::${ssm:/configuration-api/${self:provider.stage}/bucket-name}'
+          #           - 'arn:aws:s3:::${ssm:/configuration-api/${self:provider.stage}/bucket-name}/*'
 
 custom:
   authorizerArns:

From 5a4849acf19b3c2a6fe2979b457002ac3ba7a5db Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 12:39:33 +0000
Subject: [PATCH 05/17] change bucket name

---
 terraform/production/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/production/main.tf b/terraform/production/main.tf
index 62dd1e0..51319c2 100644
--- a/terraform/production/main.tf
+++ b/terraform/production/main.tf
@@ -29,7 +29,7 @@ locals {
 
 terraform {
   backend "s3" {
-    bucket  = "terraform-state-housing-production"
+    bucket  = "terraform-state-disaster-recovery"
     encrypt = true
     region  = "eu-west-2"
     key     = "services/configuration-api/state"

From e0267202df781ee17921e3c739dce07a3f9f3b29 Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 12:42:06 +0000
Subject: [PATCH 06/17] comment out ssm parameter terraform

---
 terraform/production/main.tf | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/terraform/production/main.tf b/terraform/production/main.tf
index 51319c2..78fe33b 100644
--- a/terraform/production/main.tf
+++ b/terraform/production/main.tf
@@ -45,11 +45,11 @@ resource "aws_s3_bucket" "configuration" {
   }
 }
 
-resource "aws_ssm_parameter" "configurations" {
-  name  = "/configuration-api/production/bucket-name"
-  type  = "String"
-  value = aws_s3_bucket.configuration.id
-}
+# resource "aws_ssm_parameter" "configurations" {
+#   name  = "/configuration-api/production/bucket-name"
+#   type  = "String"
+#   value = aws_s3_bucket.configuration.id
+# }
 
 module "configuration_api_cloudwatch_dashboard" {
   source                  = "github.com/LBHackney-IT/aws-hackney-common-terraform.git//modules/cloudwatch/dashboards/api-dashboard"

From 22c937d93f815fbc8445cae64a84bd9df1f851f2 Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 12:49:06 +0000
Subject: [PATCH 07/17] comment workflow

---
 .circleci/config.yml | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 534adbc..c0ab5a0 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -125,18 +125,6 @@ jobs:
           stage: "production"
 
 workflows:
-  feature:
-    jobs:
-      - assume-role-disaster-recovery:
-          context: api-assume-role-housing-disaster-recovery-context
-          filters:
-            branches:
-              ignore:
-                - master
-                - release
-      - preview-disaster-recovery-terraform:
-          requires:
-            - assume-role-disaster-recovery
   disaster-recovery:
       jobs:
       - assume-role-disaster-recovery:

From 88af4391f218f1229e335c5df74dd05e6e20b080 Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 12:49:21 +0000
Subject: [PATCH 08/17] comment out parameter

---
 terraform/production/main.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/terraform/production/main.tf b/terraform/production/main.tf
index 78fe33b..22282df 100644
--- a/terraform/production/main.tf
+++ b/terraform/production/main.tf
@@ -60,9 +60,9 @@ module "configuration_api_cloudwatch_dashboard" {
   no_sns_widget_dashboard = false
 }
 
-data "aws_ssm_parameter" "cloudwatch_topic_arn" {
-  name = "/housing-tl/${var.environment_name}/cloudwatch-alarms-topic-arn"
-}
+# data "aws_ssm_parameter" "cloudwatch_topic_arn" {
+#   name = "/housing-tl/${var.environment_name}/cloudwatch-alarms-topic-arn"
+# }
 
 module "api-alarm" {
   source           = "github.com/LBHackney-IT/aws-hackney-common-terraform.git//modules/cloudwatch/api-alarm"

From 91a1fbc8ab0bbf0e7fc7db841e22b64a5e7edbe2 Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 12:50:49 +0000
Subject: [PATCH 09/17] comment out

---
 terraform/production/main.tf | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/terraform/production/main.tf b/terraform/production/main.tf
index 22282df..67e0a9a 100644
--- a/terraform/production/main.tf
+++ b/terraform/production/main.tf
@@ -64,11 +64,11 @@ module "configuration_api_cloudwatch_dashboard" {
 #   name = "/housing-tl/${var.environment_name}/cloudwatch-alarms-topic-arn"
 # }
 
-module "api-alarm" {
-  source           = "github.com/LBHackney-IT/aws-hackney-common-terraform.git//modules/cloudwatch/api-alarm"
-  environment_name = var.environment_name
-  api_name         = "configuration-api"
-  alarm_period     = "300"
-  error_threshold  = "1"
-  sns_topic_arn    = data.aws_ssm_parameter.cloudwatch_topic_arn.value
-}
+# module "api-alarm" {
+#   source           = "github.com/LBHackney-IT/aws-hackney-common-terraform.git//modules/cloudwatch/api-alarm"
+#   environment_name = var.environment_name
+#   api_name         = "configuration-api"
+#   alarm_period     = "300"
+#   error_threshold  = "1"
+#   sns_topic_arn    = data.aws_ssm_parameter.cloudwatch_topic_arn.value
+# }

From c5d8ebc59156cd16cc949dbf4a09f2fe34befbd0 Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 12:53:15 +0000
Subject: [PATCH 10/17] rename bucket

---
 terraform/production/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/production/main.tf b/terraform/production/main.tf
index 67e0a9a..7a28782 100644
--- a/terraform/production/main.tf
+++ b/terraform/production/main.tf
@@ -37,7 +37,7 @@ terraform {
 }
 
 resource "aws_s3_bucket" "configuration" {
-  bucket = "configuration-api-configurations-production"
+  bucket = "configuration-api-configurations-disaster-recovery"
   acl    = "private"
   tags = {
     Name        = "Configuration Api Bucket"

From 1c7891a1a27abed725537a6c157d439b76c7dc51 Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 12:56:16 +0000
Subject: [PATCH 11/17] comment out environment

---
 terraform/production/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/production/main.tf b/terraform/production/main.tf
index 7a28782..aec8216 100644
--- a/terraform/production/main.tf
+++ b/terraform/production/main.tf
@@ -41,7 +41,7 @@ resource "aws_s3_bucket" "configuration" {
   acl    = "private"
   tags = {
     Name        = "Configuration Api Bucket"
-    Environment = "Dev"
+    # Environment = "Dev"
   }
 }
 

From 8f3a0637a45e0c5b4adaa2132ea0c42e25656774 Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 12:58:19 +0000
Subject: [PATCH 12/17] remove filter

---
 .circleci/config.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index c0ab5a0..c80d07c 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -136,9 +136,6 @@ workflows:
           type: approval
           requires:
             - terraform-init-and-apply-to-disaster-recovery
-          filters:
-            branches:
-              only: release
       - deploy-to-disaster-recovery:
           context:
             - api-nuget-token-context

From 8efac8847b77c940cabd272b07890a4feb887e74 Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 14:17:02 +0000
Subject: [PATCH 13/17] reinstate policies

---
 ConfigurationApi/serverless.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ConfigurationApi/serverless.yml b/ConfigurationApi/serverless.yml
index 030762c..d72718c 100644
--- a/ConfigurationApi/serverless.yml
+++ b/ConfigurationApi/serverless.yml
@@ -79,7 +79,7 @@ resources:
         ManagedPolicyArns:
           - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
           - arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess
-        # Policies:
+        Policies:
           # - PolicyName: manageLogs
           #   PolicyDocument:
           #     Version: '2012-10-17'

From 0162d2f925d6aa5c52ca7d476d34a86334a5dede Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 14:24:06 +0000
Subject: [PATCH 14/17] test

---
 ConfigurationApi/serverless.yml | 45 +++++++++------------------------
 1 file changed, 12 insertions(+), 33 deletions(-)

diff --git a/ConfigurationApi/serverless.yml b/ConfigurationApi/serverless.yml
index d72718c..e9717ec 100644
--- a/ConfigurationApi/serverless.yml
+++ b/ConfigurationApi/serverless.yml
@@ -53,15 +53,15 @@ functions:
 
 resources:
   Resources:
-    LambdaSecurityGroup:
-      Type: AWS::EC2::SecurityGroup
-      Properties:
-        GroupName: ${self:service}-${self:provider.stage}-sg
-        GroupDescription: Allow all outbound traffic
-        SecurityGroupEgress:
-          - IpProtocol: -1
-            CidrIp: 0.0.0.0/0
-        VpcId: ${self:custom.vpcId.${opt:stage}}
+    # LambdaSecurityGroup:
+    #   Type: AWS::EC2::SecurityGroup
+    #   Properties:
+    #     GroupName: ${self:service}-${self:provider.stage}-sg
+    #     GroupDescription: Allow all outbound traffic
+    #     SecurityGroupEgress:
+    #       - IpProtocol: -1
+    #         CidrIp: 0.0.0.0/0
+    #     VpcId: ${self:custom.vpcId.${opt:stage}}
 
     lambdaExecutionRole:
       Type: AWS::IAM::Role
@@ -134,33 +134,12 @@ custom:
       path: ./policies
 
   vpcId:
-    development: vpc-0d15f152935c8716f
-    staging: vpc-064521a7a4109ba31
     production: vpc-0ce853ddb64e8fb3c
-    pre-production: vpc-062a957b99c8b12e6
 
   vpc:
-    development:
-      securityGroupIds:
-        - Ref: LambdaSecurityGroup
-      subnetIds:
-        - subnet-0140d06fb84fdb547
-        - subnet-05ce390ba88c42bfd
-    staging:
-      securityGroupIds:
-        - Ref: LambdaSecurityGroup
-      subnetIds:
-        - subnet-0743d86e9b362fa38
-        - subnet-0ea0020a44b98a2ca
     production:
       securityGroupIds:
-        - Ref: LambdaSecurityGroup
-      subnetIds:
-        - subnet-06a697d86a9b6ed01
-        - subnet-0beb266003a56ca82
-    pre-production:
-      securityGroupIds:
-        - Ref: LambdaSecurityGroup
+        - sg-0b7be628d680f9e5f
       subnetIds:
-        - subnet-08aa35159a8706faa
-        - subnet-0b848c5b14f841dfb
+        - subnet-05e595c59b7d6c8df
+        - subnet-0e6bc9b4ac24493cc

From 2afd150036a0aaac0466e0fffc9dd4fe3f10a87b Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 14:41:13 +0000
Subject: [PATCH 15/17] comment out authorizer

---
 ConfigurationApi/serverless.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/ConfigurationApi/serverless.yml b/ConfigurationApi/serverless.yml
index e9717ec..4949868 100644
--- a/ConfigurationApi/serverless.yml
+++ b/ConfigurationApi/serverless.yml
@@ -29,12 +29,12 @@ functions:
       - http:
           path: /{proxy+}
           method: ANY
-          authorizer:
-            arn: ${self:custom.authorizerArns.${opt:stage}}
-            type: request
-            resultTtlInSeconds: 0
-            identitySource: method.request.header.Authorization
-            managedExternally: true
+          # authorizer:
+          #   arn: ${self:custom.authorizerArns.${opt:stage}}
+          #   type: request
+          #   resultTtlInSeconds: 0
+          #   identitySource: method.request.header.Authorization
+          #   managedExternally: true
           cors:
             origin: '*'
             headers:

From fab6bfe13b660ce8e4b5eec7cee5a20e989a1ea2 Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 14:59:43 +0000
Subject: [PATCH 16/17] remove try catch

---
 .../V1/Gateway/S3ConfigurationGateway.cs           | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/ConfigurationApi/V1/Gateway/S3ConfigurationGateway.cs b/ConfigurationApi/V1/Gateway/S3ConfigurationGateway.cs
index 0da5a65..9ddb6d2 100644
--- a/ConfigurationApi/V1/Gateway/S3ConfigurationGateway.cs
+++ b/ConfigurationApi/V1/Gateway/S3ConfigurationGateway.cs
@@ -26,19 +26,19 @@ public async Task<ApiConfiguration> Get(string type)
         {
             GetObjectRequest request = new GetObjectRequest { BucketName = _bucketName, Key = type };
 
-            try
-            {
+            // try
+            // {
                 using (GetObjectResponse response = await _amazonS3Client.GetObjectAsync(request))
                 using (Stream responseStream = response.ResponseStream)
                 using (StreamReader reader = new StreamReader(responseStream))
                 {
                     return JsonConvert.DeserializeObject<ApiConfiguration>(reader.ReadToEnd());
                 }
-            }
-            catch
-            {
-                return null;
-            }
+            // }
+            // catch
+            // {
+            //     return null;
+            // }
         }
     }
 }

From f9561eadef2c7f46639c4f607843d018068bccc5 Mon Sep 17 00:00:00 2001
From: Alex Perez-Davies <alexander.perez-davies@hackney.gov.uk>
Date: Tue, 17 Feb 2026 15:07:01 +0000
Subject: [PATCH 17/17] change s3 access

---
 ConfigurationApi/serverless.yml | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/ConfigurationApi/serverless.yml b/ConfigurationApi/serverless.yml
index 4949868..9cf6f26 100644
--- a/ConfigurationApi/serverless.yml
+++ b/ConfigurationApi/serverless.yml
@@ -106,17 +106,17 @@ resources:
                     - "lambda:InvokeFunction"
                   Resource: "*"
 
-          # - PolicyName: s3Access
-          #   PolicyDocument:
-          #     Version: '2012-10-17'
-          #     Statement:
-          #       - Effect: Allow
-          #         Action:
-          #           - "s3:GetObject"
-          #           - "s3:ListBucket"
-          #         Resource:
-          #           - 'arn:aws:s3:::${ssm:/configuration-api/${self:provider.stage}/bucket-name}'
-          #           - 'arn:aws:s3:::${ssm:/configuration-api/${self:provider.stage}/bucket-name}/*'
+          - PolicyName: s3Access
+            PolicyDocument:
+              Version: '2012-10-17'
+              Statement:
+                - Effect: Allow
+                  Action:
+                    - "s3:GetObject"
+                    - "s3:ListBucket"
+                  Resource:
+                    - 'arn:aws:s3:::configuration-api-configurations-disaster-recovery'
+                    - 'arn:aws:s3:::configuration-api-configurations-disaster-recovery/*'
 
 custom:
   authorizerArns: