From dad2b2e3718e7faa9608d7d98e6f724791c33f28 Mon Sep 17 00:00:00 2001 From: sidnhs Date: Mon, 9 Feb 2026 14:51:12 +0000 Subject: [PATCH 1/2] CCM-12958: Additional policies for eventcache bucket in eventpub --- .../modules/eventpub/module_s3bucket_event_cache.tf | 9 +++++---- infrastructure/modules/eventpub/variables.tf | 6 ++++++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/infrastructure/modules/eventpub/module_s3bucket_event_cache.tf b/infrastructure/modules/eventpub/module_s3bucket_event_cache.tf index 2784ae6..e05761d 100644 --- a/infrastructure/modules/eventpub/module_s3bucket_event_cache.tf +++ b/infrastructure/modules/eventpub/module_s3bucket_event_cache.tf @@ -1,5 +1,5 @@ module "s3bucket_event_cache" { - source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/s3bucket?ref=v1.0.8" + source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.30/terraform-s3bucket.zip" count = var.enable_event_cache ? 1 : 0 @@ -36,9 +36,10 @@ module "s3bucket_event_cache" { } ] - policy_documents = [ - data.aws_iam_policy_document.s3bucket_event_cache[0].json - ] + policy_documents = concat( + [data.aws_iam_policy_document.s3bucket_event_cache[0].json], + var.additional_policies_for_event_cache_bucket + ) public_access = { block_public_acls = true diff --git a/infrastructure/modules/eventpub/variables.tf b/infrastructure/modules/eventpub/variables.tf index 9fa2a66..41141f9 100644 --- a/infrastructure/modules/eventpub/variables.tf +++ b/infrastructure/modules/eventpub/variables.tf @@ -123,3 +123,9 @@ variable "force_destroy" { description = "When enabled will force destroy event-cache S3 bucket" default = false } + +variable "additional_policies_for_event_cache_bucket" { + type = list(string) + description = "A list of JSON policies to use to build the bucket policy" + default = [] +} From 6ec15d9a643eb87e0e1b72de960f2d61b61a3d49 Mon Sep 17 00:00:00 2001 From: sidnhs Date: Mon, 9 Feb 2026 14:58:13 +0000 Subject: [PATCH 2/2] CCM-12958: Additional policies for eventcache bucket in eventpub --- infrastructure/modules/eventpub/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/infrastructure/modules/eventpub/README.md b/infrastructure/modules/eventpub/README.md index 37f64ca..4be7358 100644 --- a/infrastructure/modules/eventpub/README.md +++ b/infrastructure/modules/eventpub/README.md @@ -11,6 +11,7 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [additional\_policies\_for\_event\_cache\_bucket](#input\_additional\_policies\_for\_event\_cache\_bucket) | A list of JSON policies to use to build the bucket policy | `list(string)` | `[]` | no | | [aws\_account\_id](#input\_aws\_account\_id) | The AWS Account ID (numeric) | `string` | n/a | yes | | [component](#input\_component) | The name of the terraformscaffold component calling this module | `string` | n/a | yes | | [control\_plane\_bus\_arn](#input\_control\_plane\_bus\_arn) | Data plane event bus arn | `string` | n/a | yes | @@ -36,7 +37,7 @@ | Name | Source | Version | |------|--------|---------| -| [s3bucket\_event\_cache](#module\_s3bucket\_event\_cache) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/s3bucket | v1.0.8 | +| [s3bucket\_event\_cache](#module\_s3bucket\_event\_cache) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.30/terraform-s3bucket.zip | n/a | ## Outputs | Name | Description |