From 81f0759688136cd837cce62276114a1b6fc6dd3b Mon Sep 17 00:00:00 2001 From: "ben.hansell1" Date: Tue, 19 Aug 2025 11:56:37 +0100 Subject: [PATCH 1/4] CCM-11352: add flag to toggle raw message delivery for sns subs --- .../modules/eventpub/sns_topic_subscription_firehose.tf | 1 + infrastructure/modules/eventpub/variables.tf | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/infrastructure/modules/eventpub/sns_topic_subscription_firehose.tf b/infrastructure/modules/eventpub/sns_topic_subscription_firehose.tf index 9ed83cc..ca09724 100644 --- a/infrastructure/modules/eventpub/sns_topic_subscription_firehose.tf +++ b/infrastructure/modules/eventpub/sns_topic_subscription_firehose.tf @@ -5,4 +5,5 @@ resource "aws_sns_topic_subscription" "firehose" { protocol = "firehose" subscription_role_arn = aws_iam_role.sns_role.arn endpoint = aws_kinesis_firehose_delivery_stream.main[0].arn + raw_message_delivery = var.raw_message_delivery } diff --git a/infrastructure/modules/eventpub/variables.tf b/infrastructure/modules/eventpub/variables.tf index e19c331..62b926c 100644 --- a/infrastructure/modules/eventpub/variables.tf +++ b/infrastructure/modules/eventpub/variables.tf @@ -73,8 +73,6 @@ variable "enable_sns_delivery_logging" { default = false } - - variable "sns_success_logging_sample_percent" { type = number description = "Enable SNS Delivery Successful Sample Percentage" @@ -114,3 +112,9 @@ variable "iam_permissions_boundary_arn" { description = "The ARN of the permissions boundary to use for the IAM role" default = null } + +variable "firehose_raw_message_delivery" { + type = bool + description = "Enables raw message delivery on firehose subscription" + default = false +} From e09d25ce12b5dfd8cbe6b9144ababd1a92424623 Mon Sep 17 00:00:00 2001 From: "ben.hansell1" Date: Wed, 27 Aug 2025 13:49:15 +0100 Subject: [PATCH 2/4] CCM-11352: run tf docs --- infrastructure/modules/eventpub/README.md | 1 + .../eventpub/sns_topic_subscription_firehose.tf | 2 +- infrastructure/modules/eventpub/variables.tf | 12 ++++++------ 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/infrastructure/modules/eventpub/README.md b/infrastructure/modules/eventpub/README.md index c19e86b..d18a0c7 100644 --- a/infrastructure/modules/eventpub/README.md +++ b/infrastructure/modules/eventpub/README.md @@ -17,6 +17,7 @@ | [data\_plane\_bus\_arn](#input\_data\_plane\_bus\_arn) | Data plane event bus arn | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | Default tag map for application to all taggable resources in the module | `map(string)` | `{}` | no | | [enable\_event\_cache](#input\_enable\_event\_cache) | Enable caching of events to an S3 bucket | `bool` | `false` | no | +| [enable\_firehose\_raw\_message\_delivery](#input\_enable\_firehose\_raw\_message\_delivery) | Enables raw message delivery on firehose subscription | `bool` | `false` | no | | [enable\_sns\_delivery\_logging](#input\_enable\_sns\_delivery\_logging) | Enable SNS Delivery Failure Notifications | `bool` | `false` | no | | [environment](#input\_environment) | The name of the terraformscaffold environment the module is called for | `string` | n/a | yes | | [event\_cache\_buffer\_interval](#input\_event\_cache\_buffer\_interval) | The buffer interval for data firehose | `number` | `500` | no | diff --git a/infrastructure/modules/eventpub/sns_topic_subscription_firehose.tf b/infrastructure/modules/eventpub/sns_topic_subscription_firehose.tf index ca09724..42457f6 100644 --- a/infrastructure/modules/eventpub/sns_topic_subscription_firehose.tf +++ b/infrastructure/modules/eventpub/sns_topic_subscription_firehose.tf @@ -5,5 +5,5 @@ resource "aws_sns_topic_subscription" "firehose" { protocol = "firehose" subscription_role_arn = aws_iam_role.sns_role.arn endpoint = aws_kinesis_firehose_delivery_stream.main[0].arn - raw_message_delivery = var.raw_message_delivery + raw_message_delivery = var.enable_firehose_raw_message_delivery } diff --git a/infrastructure/modules/eventpub/variables.tf b/infrastructure/modules/eventpub/variables.tf index 62b926c..9a9eb42 100644 --- a/infrastructure/modules/eventpub/variables.tf +++ b/infrastructure/modules/eventpub/variables.tf @@ -97,6 +97,12 @@ variable "enable_event_cache" { default = false } +variable "enable_firehose_raw_message_delivery" { + type = bool + description = "Enables raw message delivery on firehose subscription" + default = false +} + variable "data_plane_bus_arn" { type = string description = "Data plane event bus arn" @@ -112,9 +118,3 @@ variable "iam_permissions_boundary_arn" { description = "The ARN of the permissions boundary to use for the IAM role" default = null } - -variable "firehose_raw_message_delivery" { - type = bool - description = "Enables raw message delivery on firehose subscription" - default = false -} From 89e39aead2cba84dc09fa4b6174510cd664a6964 Mon Sep 17 00:00:00 2001 From: "ben.hansell1" Date: Thu, 28 Aug 2025 13:56:04 +0100 Subject: [PATCH 3/4] CCM-11352: add flag to force destory bucket if enabled --- infrastructure/modules/eventpub/README.md | 1 + .../modules/eventpub/module_s3bucket_event_cache.tf | 2 +- infrastructure/modules/eventpub/variables.tf | 6 ++++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/infrastructure/modules/eventpub/README.md b/infrastructure/modules/eventpub/README.md index d18a0c7..e985fd6 100644 --- a/infrastructure/modules/eventpub/README.md +++ b/infrastructure/modules/eventpub/README.md @@ -22,6 +22,7 @@ | [environment](#input\_environment) | The name of the terraformscaffold environment the module is called for | `string` | n/a | yes | | [event\_cache\_buffer\_interval](#input\_event\_cache\_buffer\_interval) | The buffer interval for data firehose | `number` | `500` | no | | [event\_cache\_expiry\_days](#input\_event\_cache\_expiry\_days) | s3 archiving expiry in days | `number` | `30` | no | +| [force\_destroy\_event\_cache\_bucket](#input\_force\_destroy\_event\_cache\_bucket) | When enabled will force destroy event-cache S3 bucket | `bool` | `false` | no | | [group](#input\_group) | The name of the tfscaffold group | `string` | `null` | no | | [iam\_permissions\_boundary\_arn](#input\_iam\_permissions\_boundary\_arn) | The ARN of the permissions boundary to use for the IAM role | `string` | `null` | no | | [kms\_key\_arn](#input\_kms\_key\_arn) | KMS key arn to use for this function | `string` | n/a | yes | diff --git a/infrastructure/modules/eventpub/module_s3bucket_event_cache.tf b/infrastructure/modules/eventpub/module_s3bucket_event_cache.tf index 1aec2c6..802b39c 100644 --- a/infrastructure/modules/eventpub/module_s3bucket_event_cache.tf +++ b/infrastructure/modules/eventpub/module_s3bucket_event_cache.tf @@ -12,7 +12,7 @@ module "s3bucket_event_cache" { component = var.component acl = "private" - force_destroy = false + force_destroy = var.force_destroy_event_cache_bucket versioning = true lifecycle_rules = [ diff --git a/infrastructure/modules/eventpub/variables.tf b/infrastructure/modules/eventpub/variables.tf index 9a9eb42..fdb2e2b 100644 --- a/infrastructure/modules/eventpub/variables.tf +++ b/infrastructure/modules/eventpub/variables.tf @@ -118,3 +118,9 @@ variable "iam_permissions_boundary_arn" { description = "The ARN of the permissions boundary to use for the IAM role" default = null } + +variable "force_destroy_event_cache_bucket" { + type = bool + description = "When enabled will force destroy event-cache S3 bucket" + default = false +} From ff366a61d998b8da4f143faafaf30c0a9e671ccc Mon Sep 17 00:00:00 2001 From: "ben.hansell1" Date: Thu, 28 Aug 2025 14:16:05 +0100 Subject: [PATCH 4/4] CCM-11352: rename to force_destroy --- infrastructure/modules/eventpub/README.md | 2 +- infrastructure/modules/eventpub/module_s3bucket_event_cache.tf | 2 +- infrastructure/modules/eventpub/variables.tf | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/infrastructure/modules/eventpub/README.md b/infrastructure/modules/eventpub/README.md index e985fd6..37f64ca 100644 --- a/infrastructure/modules/eventpub/README.md +++ b/infrastructure/modules/eventpub/README.md @@ -22,7 +22,7 @@ | [environment](#input\_environment) | The name of the terraformscaffold environment the module is called for | `string` | n/a | yes | | [event\_cache\_buffer\_interval](#input\_event\_cache\_buffer\_interval) | The buffer interval for data firehose | `number` | `500` | no | | [event\_cache\_expiry\_days](#input\_event\_cache\_expiry\_days) | s3 archiving expiry in days | `number` | `30` | no | -| [force\_destroy\_event\_cache\_bucket](#input\_force\_destroy\_event\_cache\_bucket) | When enabled will force destroy event-cache S3 bucket | `bool` | `false` | no | +| [force\_destroy](#input\_force\_destroy) | When enabled will force destroy event-cache S3 bucket | `bool` | `false` | no | | [group](#input\_group) | The name of the tfscaffold group | `string` | `null` | no | | [iam\_permissions\_boundary\_arn](#input\_iam\_permissions\_boundary\_arn) | The ARN of the permissions boundary to use for the IAM role | `string` | `null` | no | | [kms\_key\_arn](#input\_kms\_key\_arn) | KMS key arn to use for this function | `string` | n/a | yes | diff --git a/infrastructure/modules/eventpub/module_s3bucket_event_cache.tf b/infrastructure/modules/eventpub/module_s3bucket_event_cache.tf index 802b39c..2784ae6 100644 --- a/infrastructure/modules/eventpub/module_s3bucket_event_cache.tf +++ b/infrastructure/modules/eventpub/module_s3bucket_event_cache.tf @@ -12,7 +12,7 @@ module "s3bucket_event_cache" { component = var.component acl = "private" - force_destroy = var.force_destroy_event_cache_bucket + force_destroy = var.force_destroy versioning = true lifecycle_rules = [ diff --git a/infrastructure/modules/eventpub/variables.tf b/infrastructure/modules/eventpub/variables.tf index fdb2e2b..9fa2a66 100644 --- a/infrastructure/modules/eventpub/variables.tf +++ b/infrastructure/modules/eventpub/variables.tf @@ -118,8 +118,7 @@ variable "iam_permissions_boundary_arn" { description = "The ARN of the permissions boundary to use for the IAM role" default = null } - -variable "force_destroy_event_cache_bucket" { +variable "force_destroy" { type = bool description = "When enabled will force destroy event-cache S3 bucket" default = false