From 81f0759688136cd837cce62276114a1b6fc6dd3b Mon Sep 17 00:00:00 2001
From: "ben.hansell1" <ben.hansell1@nhs.net>
Date: Tue, 19 Aug 2025 11:56:37 +0100
Subject: [PATCH 1/2] CCM-11352: add flag to toggle raw message delivery for
 sns subs

---
 .../modules/eventpub/sns_topic_subscription_firehose.tf   | 1 +
 infrastructure/modules/eventpub/variables.tf              | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/infrastructure/modules/eventpub/sns_topic_subscription_firehose.tf b/infrastructure/modules/eventpub/sns_topic_subscription_firehose.tf
index 9ed83cc..ca09724 100644
--- a/infrastructure/modules/eventpub/sns_topic_subscription_firehose.tf
+++ b/infrastructure/modules/eventpub/sns_topic_subscription_firehose.tf
@@ -5,4 +5,5 @@ resource "aws_sns_topic_subscription" "firehose" {
   protocol              = "firehose"
   subscription_role_arn = aws_iam_role.sns_role.arn
   endpoint              = aws_kinesis_firehose_delivery_stream.main[0].arn
+  raw_message_delivery  = var.raw_message_delivery
 }
diff --git a/infrastructure/modules/eventpub/variables.tf b/infrastructure/modules/eventpub/variables.tf
index e19c331..62b926c 100644
--- a/infrastructure/modules/eventpub/variables.tf
+++ b/infrastructure/modules/eventpub/variables.tf
@@ -73,8 +73,6 @@ variable "enable_sns_delivery_logging" {
   default     = false
 }
 
-
-
 variable "sns_success_logging_sample_percent" {
   type        = number
   description = "Enable SNS Delivery Successful Sample Percentage"
@@ -114,3 +112,9 @@ variable "iam_permissions_boundary_arn" {
   description = "The ARN of the permissions boundary to use for the IAM role"
   default     = null
 }
+
+variable "firehose_raw_message_delivery" {
+  type        = bool
+  description = "Enables raw message delivery on firehose subscription"
+  default     = false
+}

From e09d25ce12b5dfd8cbe6b9144ababd1a92424623 Mon Sep 17 00:00:00 2001
From: "ben.hansell1" <ben.hansell1@nhs.net>
Date: Wed, 27 Aug 2025 13:49:15 +0100
Subject: [PATCH 2/2] CCM-11352: run tf docs

---
 infrastructure/modules/eventpub/README.md            |  1 +
 .../eventpub/sns_topic_subscription_firehose.tf      |  2 +-
 infrastructure/modules/eventpub/variables.tf         | 12 ++++++------
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/infrastructure/modules/eventpub/README.md b/infrastructure/modules/eventpub/README.md
index c19e86b..d18a0c7 100644
--- a/infrastructure/modules/eventpub/README.md
+++ b/infrastructure/modules/eventpub/README.md
@@ -17,6 +17,7 @@
 | <a name="input_data_plane_bus_arn"></a> [data\_plane\_bus\_arn](#input\_data\_plane\_bus\_arn) | Data plane event bus arn | `string` | n/a | yes |
 | <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | Default tag map for application to all taggable resources in the module | `map(string)` | `{}` | no |
 | <a name="input_enable_event_cache"></a> [enable\_event\_cache](#input\_enable\_event\_cache) | Enable caching of events to an S3 bucket | `bool` | `false` | no |
+| <a name="input_enable_firehose_raw_message_delivery"></a> [enable\_firehose\_raw\_message\_delivery](#input\_enable\_firehose\_raw\_message\_delivery) | Enables raw message delivery on firehose subscription | `bool` | `false` | no |
 | <a name="input_enable_sns_delivery_logging"></a> [enable\_sns\_delivery\_logging](#input\_enable\_sns\_delivery\_logging) | Enable SNS Delivery Failure Notifications | `bool` | `false` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | The name of the terraformscaffold environment the module is called for | `string` | n/a | yes |
 | <a name="input_event_cache_buffer_interval"></a> [event\_cache\_buffer\_interval](#input\_event\_cache\_buffer\_interval) | The buffer interval for data firehose | `number` | `500` | no |
diff --git a/infrastructure/modules/eventpub/sns_topic_subscription_firehose.tf b/infrastructure/modules/eventpub/sns_topic_subscription_firehose.tf
index ca09724..42457f6 100644
--- a/infrastructure/modules/eventpub/sns_topic_subscription_firehose.tf
+++ b/infrastructure/modules/eventpub/sns_topic_subscription_firehose.tf
@@ -5,5 +5,5 @@ resource "aws_sns_topic_subscription" "firehose" {
   protocol              = "firehose"
   subscription_role_arn = aws_iam_role.sns_role.arn
   endpoint              = aws_kinesis_firehose_delivery_stream.main[0].arn
-  raw_message_delivery  = var.raw_message_delivery
+  raw_message_delivery  = var.enable_firehose_raw_message_delivery
 }
diff --git a/infrastructure/modules/eventpub/variables.tf b/infrastructure/modules/eventpub/variables.tf
index 62b926c..9a9eb42 100644
--- a/infrastructure/modules/eventpub/variables.tf
+++ b/infrastructure/modules/eventpub/variables.tf
@@ -97,6 +97,12 @@ variable "enable_event_cache" {
   default     = false
 }
 
+variable "enable_firehose_raw_message_delivery" {
+  type        = bool
+  description = "Enables raw message delivery on firehose subscription"
+  default     = false
+}
+
 variable "data_plane_bus_arn" {
   type        = string
   description = "Data plane event bus arn"
@@ -112,9 +118,3 @@ variable "iam_permissions_boundary_arn" {
   description = "The ARN of the permissions boundary to use for the IAM role"
   default     = null
 }
-
-variable "firehose_raw_message_delivery" {
-  type        = bool
-  description = "Enables raw message delivery on firehose subscription"
-  default     = false
-}