From 4f7aaf903a85deea999a9e969236f5ede3043f64 Mon Sep 17 00:00:00 2001
From: sidnhs <siddharth.nair1@nhs.net>
Date: Wed, 28 May 2025 11:58:29 +0100
Subject: [PATCH 1/3] CCM-9689: Fix lambda descriptions for variables and
 outputs

---
 infrastructure/modules/amp_branch/outputs.tf          | 1 +
 infrastructure/modules/aws-backup-source/variables.tf | 2 +-
 infrastructure/modules/eventpub/outputs.tf            | 2 ++
 infrastructure/modules/kms/outputs.tf                 | 4 ++++
 infrastructure/modules/lambda/outputs.tf              | 8 ++++++++
 infrastructure/modules/lambda/variables.tf            | 8 ++++----
 infrastructure/modules/s3bucket/outputs.tf            | 9 +++++++++
 infrastructure/modules/sqs/outputs.tf                 | 6 ++++++
 8 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/infrastructure/modules/amp_branch/outputs.tf b/infrastructure/modules/amp_branch/outputs.tf
index 2e300ce..6f4882e 100644
--- a/infrastructure/modules/amp_branch/outputs.tf
+++ b/infrastructure/modules/amp_branch/outputs.tf
@@ -1,3 +1,4 @@
 output "name" {
+  description = "Name of the Amplify branch"
   value = aws_amplify_branch.main.branch_name
 }
diff --git a/infrastructure/modules/aws-backup-source/variables.tf b/infrastructure/modules/aws-backup-source/variables.tf
index 9a445d8..8922fd9 100644
--- a/infrastructure/modules/aws-backup-source/variables.tf
+++ b/infrastructure/modules/aws-backup-source/variables.tf
@@ -93,7 +93,7 @@ variable "backup_copy_vault_account_id" {
 }
 
 variable "backup_plan_config_s3" {
-  description = "Configuration for backup plans"
+  description = "Configuration for backup plans for s3"
   type = object({
     enable                    = bool
     selection_tag             = string
diff --git a/infrastructure/modules/eventpub/outputs.tf b/infrastructure/modules/eventpub/outputs.tf
index 718559f..e2ff3b3 100644
--- a/infrastructure/modules/eventpub/outputs.tf
+++ b/infrastructure/modules/eventpub/outputs.tf
@@ -1,4 +1,5 @@
 output "sns_topic" {
+  description = "SNS Topic ARN and Name"
   value = {
     arn  = aws_sns_topic.main.arn
     name = aws_sns_topic.main.name
@@ -6,6 +7,7 @@ output "sns_topic" {
 }
 
 output "s3_bucket_event_cache" {
+  description = "S3 Bucket ARN and Name for event cache"
   value = var.enable_event_cache ? {
     arn    = module.s3bucket_event_cache[0].arn
     bucket = module.s3bucket_event_cache[0].bucket
diff --git a/infrastructure/modules/kms/outputs.tf b/infrastructure/modules/kms/outputs.tf
index 0f0fd9e..fc969d2 100644
--- a/infrastructure/modules/kms/outputs.tf
+++ b/infrastructure/modules/kms/outputs.tf
@@ -1,15 +1,19 @@
 output "key_arn" {
+  description = "ARN of the KMS key"
   value = aws_kms_key.main.arn
 }
 
 output "key_id" {
+  description = "ID of the KMS key"
   value = aws_kms_key.main.key_id
 }
 
 output "admin_policy_arn" {
+  description = "ARN of the admin IAM policy"
   value = aws_iam_policy.admin.arn
 }
 
 output "user_policy_arn" {
+  description = "ARN of the user IAM policy"
   value = aws_iam_policy.user.arn
 }
diff --git a/infrastructure/modules/lambda/outputs.tf b/infrastructure/modules/lambda/outputs.tf
index 3fc5366..c9d06b5 100644
--- a/infrastructure/modules/lambda/outputs.tf
+++ b/infrastructure/modules/lambda/outputs.tf
@@ -1,31 +1,39 @@
 output "function_name" {
+  description = "Name of the Lambda function"
   value = aws_lambda_function.main.function_name
 }
 
 output "function_arn" {
+  description = "ARN of the Lambda function"
   value = aws_lambda_function.main.arn
 }
 
 output "function_invoke_arn" {
+  description = "Invoke ARN of the Lambda function"
   value = aws_lambda_function.main.invoke_arn
 }
 
 output "function_qualified_arn" {
+  description = "Qualified ARN of the Lambda function, including version or alias"
   value = aws_lambda_function.main.qualified_arn
 }
 
 output "function_env_vars" {
+  description = "Environment variables for the Lambda function"
   value = length(var.lambda_env_vars) == 0 ? {} : aws_lambda_function.main.environment[0].variables
 }
 
 output "iam_role_name" {
+  description = "Name of the IAM role associated with the Lambda function"
   value = aws_iam_role.main.name
 }
 
 output "iam_role_arn" {
+  description = "ARN of the IAM role associated with the Lambda function"
   value = aws_iam_role.main.arn
 }
 
 output "cloudwatch_log_group_name" {
+  description = "Name of the CloudWatch Log Group for the Lambda function"
   value = aws_cloudwatch_log_group.main.name
 }
diff --git a/infrastructure/modules/lambda/variables.tf b/infrastructure/modules/lambda/variables.tf
index 61a9641..c1cc728 100644
--- a/infrastructure/modules/lambda/variables.tf
+++ b/infrastructure/modules/lambda/variables.tf
@@ -115,13 +115,13 @@ variable "lambda_env_vars" {
 
 variable "function_code_base_path" {
   type        = string
-  description = "The path to the sourcecode directories needed for this lambda"
+  description = "The base path to the sourcecode directories needed for this lambda"
   default     = "./"
 }
 
 variable "function_code_dir" {
   type        = string
-  description = "The path to the sourcecode directories needed for this lambda"
+  description = "The directory for this lambda"
 }
 
 variable "function_s3_bucket" {
@@ -185,7 +185,7 @@ variable "sns_destination_kms_key" {
 
 variable "lambda_dlq_message_retention_seconds" {
   type        = number
-  description = "KMS Key ARN to be used for SNS Topic for on-failure Lambda invocation records"
+  description = "The number of seconds to retain messages in the Lambda DLQ SQS queue"
   default     = 86400
 }
 
@@ -209,7 +209,7 @@ variable "enable_lambda_insights" {
 
 variable "lambda_at_edge" {
   type        = bool
-  description = "Enable the lambda insights layer, this must be disabled for lambda@edge usage"
+  description = "Whether this Lambda is a Lambda@Edge function"
   default     = false
 }
 
diff --git a/infrastructure/modules/s3bucket/outputs.tf b/infrastructure/modules/s3bucket/outputs.tf
index 27f3f1f..ee6a7d1 100644
--- a/infrastructure/modules/s3bucket/outputs.tf
+++ b/infrastructure/modules/s3bucket/outputs.tf
@@ -1,35 +1,44 @@
 output "acl" {
+  description = "The ACL of the S3 bucket. If the object ownership is set to 'BucketOwnerEnforced', the ACL will be 'private'. Otherwise, it will reflect the ACL set in the aws_s3_bucket_acl resource."
   value = var.object_ownership == "BucketOwnerEnforced" ? "private" : aws_s3_bucket_acl.main[0].acl
 }
 
 output "arn" {
+  description = "The ARN of the S3 bucket"
   value = aws_s3_bucket.main.arn
 }
 
 output "bucket" {
+  description = "The name of the S3 bucket"
   value = aws_s3_bucket.main.bucket
 }
 
 output "bucket_domain_name" {
+  description = "The domain name of the S3 bucket"
   value = aws_s3_bucket.main.bucket_domain_name
 }
 
 output "bucket_regional_domain_name" {
+  description = "The regional domain name of the S3 bucket"
   value = aws_s3_bucket.main.bucket_regional_domain_name
 }
 
 output "hosted_zone_id" {
+  description = "The hosted zone ID of the S3 bucket"
   value = aws_s3_bucket.main.hosted_zone_id
 }
 
 output "id" {
+  description = "The ID of the S3 bucket"
   value = aws_s3_bucket.main.id
 }
 
 output "policy" {
+  description = "The policy of the S3 bucket"
   value = aws_s3_bucket_policy.main.policy
 }
 
 output "region" {
+  description = "The AWS region where the S3 bucket is located"
   value = aws_s3_bucket.main.region
 }
diff --git a/infrastructure/modules/sqs/outputs.tf b/infrastructure/modules/sqs/outputs.tf
index 09a5ca0..5bf435a 100644
--- a/infrastructure/modules/sqs/outputs.tf
+++ b/infrastructure/modules/sqs/outputs.tf
@@ -1,23 +1,29 @@
 output "sqs_queue_url" {
+  description = "The URL of the SQS queue"
   value = aws_sqs_queue.sqs_queue.id
 }
 
 output "sqs_queue_arn" {
+  description = "The ARN of the SQS queue"
   value = aws_sqs_queue.sqs_queue.arn
 }
 
 output "sqs_dlq_url" {
+  description = "The URL of the SQS dead-letter queue"
   value = var.create_dlq ? aws_sqs_queue.deadletter_queue[0].id : null
 }
 
 output "sqs_dlq_arn" {
+  description = "The ARN of the SQS dead-letter queue"
   value = var.create_dlq ? aws_sqs_queue.deadletter_queue[0].arn : null
 }
 
 output "sqs_queue_name" {
+  description = "The name of the SQS queue"
   value = "${local.csi}-queue"
 }
 
 output "sqs_dlq_name" {
+  description = "The name of the SQS dead-letter queue"
   value = var.create_dlq ? aws_sqs_queue.deadletter_queue[0].name : null
 }

From c9a4ae3988ffec7613cc0a23f463e58b3889ea41 Mon Sep 17 00:00:00 2001
From: sidnhs <siddharth.nair1@nhs.net>
Date: Wed, 28 May 2025 11:58:44 +0100
Subject: [PATCH 2/3] CCM-9689: Fix lambda descriptions for variables and
 outputs

---
 infrastructure/modules/amp_branch/outputs.tf   |  2 +-
 infrastructure/modules/amp_branch/variables.tf |  2 +-
 .../aws-backup-source/backup_plan_dynamodb.tf  |  2 +-
 .../backup_report_plan_copy_jobs.tf            |  2 +-
 .../backup_report_plan_resource_compliance.tf  |  4 ++--
 .../aws-backup-source/iam_role_backup.tf       |  2 +-
 .../modules/aws-backup-source/locals.tf        |  4 ++--
 .../modules/eventpub/archive_file_lambda.tf    |  4 ++--
 .../modules/eventpub/iam_role_lambda.tf        |  2 +-
 infrastructure/modules/kms/outputs.tf          |  8 ++++----
 infrastructure/modules/lambda/outputs.tf       | 16 ++++++++--------
 .../modules/obs-datasource/variables.tf        |  2 +-
 infrastructure/modules/s3bucket/outputs.tf     | 18 +++++++++---------
 infrastructure/modules/sqs/outputs.tf          | 12 ++++++------
 14 files changed, 40 insertions(+), 40 deletions(-)

diff --git a/infrastructure/modules/amp_branch/outputs.tf b/infrastructure/modules/amp_branch/outputs.tf
index 6f4882e..a527163 100644
--- a/infrastructure/modules/amp_branch/outputs.tf
+++ b/infrastructure/modules/amp_branch/outputs.tf
@@ -1,4 +1,4 @@
 output "name" {
   description = "Name of the Amplify branch"
-  value = aws_amplify_branch.main.branch_name
+  value       = aws_amplify_branch.main.branch_name
 }
diff --git a/infrastructure/modules/amp_branch/variables.tf b/infrastructure/modules/amp_branch/variables.tf
index c80657b..89149ed 100644
--- a/infrastructure/modules/amp_branch/variables.tf
+++ b/infrastructure/modules/amp_branch/variables.tf
@@ -68,7 +68,7 @@ variable "branch" {
 variable "display_name" {
   description = "The display name of the branch app being deployed"
   type        = string
-  default = null
+  default     = null
 }
 
 variable "enable_auto_build" {
diff --git a/infrastructure/modules/aws-backup-source/backup_plan_dynamodb.tf b/infrastructure/modules/aws-backup-source/backup_plan_dynamodb.tf
index 467e2ae..582411d 100644
--- a/infrastructure/modules/aws-backup-source/backup_plan_dynamodb.tf
+++ b/infrastructure/modules/aws-backup-source/backup_plan_dynamodb.tf
@@ -2,7 +2,7 @@
 resource "aws_backup_plan" "dynamodb" {
   count = var.backup_plan_config_dynamodb.enable ? 1 : 0
 
-  name  = "${local.csi}-dynamodb"
+  name = "${local.csi}-dynamodb"
 
   dynamic "rule" {
     for_each = var.backup_plan_config_dynamodb.rules
diff --git a/infrastructure/modules/aws-backup-source/backup_report_plan_copy_jobs.tf b/infrastructure/modules/aws-backup-source/backup_report_plan_copy_jobs.tf
index 8012fa1..36fbad0 100644
--- a/infrastructure/modules/aws-backup-source/backup_report_plan_copy_jobs.tf
+++ b/infrastructure/modules/aws-backup-source/backup_report_plan_copy_jobs.tf
@@ -1,5 +1,5 @@
 resource "aws_backup_report_plan" "copy_jobs" {
-  count       = var.backup_copy_vault_arn != "" && var.backup_copy_vault_account_id != "" ? 1 : 0
+  count = var.backup_copy_vault_arn != "" && var.backup_copy_vault_account_id != "" ? 1 : 0
 
   name        = "${local.csi_underscore}_copy_jobs"
   description = "Report for showing whether copies ran successfully in the last 24 hours"
diff --git a/infrastructure/modules/aws-backup-source/backup_report_plan_resource_compliance.tf b/infrastructure/modules/aws-backup-source/backup_report_plan_resource_compliance.tf
index 30af523..c04e4b6 100644
--- a/infrastructure/modules/aws-backup-source/backup_report_plan_resource_compliance.tf
+++ b/infrastructure/modules/aws-backup-source/backup_report_plan_resource_compliance.tf
@@ -3,7 +3,7 @@ resource "aws_backup_report_plan" "resource_compliance" {
   description = "Report for showing whether resources are compliant with the framework"
 
   report_delivery_channel {
-    formats = ["JSON"]
+    formats        = ["JSON"]
     s3_bucket_name = var.reports_bucket
     s3_key_prefix  = "resource_compliance"
   }
@@ -19,6 +19,6 @@ resource "aws_backup_report_plan" "resource_compliance" {
       var.backup_plan_config_s3.enable ? [aws_backup_framework.s3[0].arn] : []
     ))
 
-    report_template      = "RESOURCE_COMPLIANCE_REPORT"
+    report_template = "RESOURCE_COMPLIANCE_REPORT"
   }
 }
diff --git a/infrastructure/modules/aws-backup-source/iam_role_backup.tf b/infrastructure/modules/aws-backup-source/iam_role_backup.tf
index e822b14..fc71743 100644
--- a/infrastructure/modules/aws-backup-source/iam_role_backup.tf
+++ b/infrastructure/modules/aws-backup-source/iam_role_backup.tf
@@ -1,5 +1,5 @@
 resource "aws_iam_role" "backup" {
-  name               = "${local.csi}"
+  name               = local.csi
   assume_role_policy = data.aws_iam_policy_document.assume_role.json
 }
 
diff --git a/infrastructure/modules/aws-backup-source/locals.tf b/infrastructure/modules/aws-backup-source/locals.tf
index 4a6ef1a..4919cfd 100644
--- a/infrastructure/modules/aws-backup-source/locals.tf
+++ b/infrastructure/modules/aws-backup-source/locals.tf
@@ -9,12 +9,12 @@ locals {
     var.name
   )
 
-  csi_underscore = replace(local.csi,"-","_")
+  csi_underscore = replace(local.csi, "-", "_")
 
   default_tags = merge(
     var.default_tags,
     {
-      Name = local.csi
+      Name   = local.csi
       Module = local.module
     },
   )
diff --git a/infrastructure/modules/eventpub/archive_file_lambda.tf b/infrastructure/modules/eventpub/archive_file_lambda.tf
index c2c4793..def1d12 100644
--- a/infrastructure/modules/eventpub/archive_file_lambda.tf
+++ b/infrastructure/modules/eventpub/archive_file_lambda.tf
@@ -1,6 +1,6 @@
 resource "archive_file" "lambda" {
-  type        = "zip"
-  source_dir  = "${path.module}/lambda/eventpub/src"
+  type       = "zip"
+  source_dir = "${path.module}/lambda/eventpub/src"
 
   # Timestamp in path to resolve https://github.com/hashicorp/terraform-provider-archive/issues/39
   output_path = "${path.module}/lambda/eventpub_${timestamp()}.zip"
diff --git a/infrastructure/modules/eventpub/iam_role_lambda.tf b/infrastructure/modules/eventpub/iam_role_lambda.tf
index a9a97b5..3d83e9a 100644
--- a/infrastructure/modules/eventpub/iam_role_lambda.tf
+++ b/infrastructure/modules/eventpub/iam_role_lambda.tf
@@ -67,7 +67,7 @@ data "aws_iam_policy_document" "lambda" {
     ]
   }
 
-    statement {
+  statement {
     sid    = "DLQPutMessage"
     effect = "Allow"
 
diff --git a/infrastructure/modules/kms/outputs.tf b/infrastructure/modules/kms/outputs.tf
index fc969d2..8e1f335 100644
--- a/infrastructure/modules/kms/outputs.tf
+++ b/infrastructure/modules/kms/outputs.tf
@@ -1,19 +1,19 @@
 output "key_arn" {
   description = "ARN of the KMS key"
-  value = aws_kms_key.main.arn
+  value       = aws_kms_key.main.arn
 }
 
 output "key_id" {
   description = "ID of the KMS key"
-  value = aws_kms_key.main.key_id
+  value       = aws_kms_key.main.key_id
 }
 
 output "admin_policy_arn" {
   description = "ARN of the admin IAM policy"
-  value = aws_iam_policy.admin.arn
+  value       = aws_iam_policy.admin.arn
 }
 
 output "user_policy_arn" {
   description = "ARN of the user IAM policy"
-  value = aws_iam_policy.user.arn
+  value       = aws_iam_policy.user.arn
 }
diff --git a/infrastructure/modules/lambda/outputs.tf b/infrastructure/modules/lambda/outputs.tf
index c9d06b5..62f6ef5 100644
--- a/infrastructure/modules/lambda/outputs.tf
+++ b/infrastructure/modules/lambda/outputs.tf
@@ -1,39 +1,39 @@
 output "function_name" {
   description = "Name of the Lambda function"
-  value = aws_lambda_function.main.function_name
+  value       = aws_lambda_function.main.function_name
 }
 
 output "function_arn" {
   description = "ARN of the Lambda function"
-  value = aws_lambda_function.main.arn
+  value       = aws_lambda_function.main.arn
 }
 
 output "function_invoke_arn" {
   description = "Invoke ARN of the Lambda function"
-  value = aws_lambda_function.main.invoke_arn
+  value       = aws_lambda_function.main.invoke_arn
 }
 
 output "function_qualified_arn" {
   description = "Qualified ARN of the Lambda function, including version or alias"
-  value = aws_lambda_function.main.qualified_arn
+  value       = aws_lambda_function.main.qualified_arn
 }
 
 output "function_env_vars" {
   description = "Environment variables for the Lambda function"
-  value = length(var.lambda_env_vars) == 0 ? {} : aws_lambda_function.main.environment[0].variables
+  value       = length(var.lambda_env_vars) == 0 ? {} : aws_lambda_function.main.environment[0].variables
 }
 
 output "iam_role_name" {
   description = "Name of the IAM role associated with the Lambda function"
-  value = aws_iam_role.main.name
+  value       = aws_iam_role.main.name
 }
 
 output "iam_role_arn" {
   description = "ARN of the IAM role associated with the Lambda function"
-  value = aws_iam_role.main.arn
+  value       = aws_iam_role.main.arn
 }
 
 output "cloudwatch_log_group_name" {
   description = "Name of the CloudWatch Log Group for the Lambda function"
-  value = aws_cloudwatch_log_group.main.name
+  value       = aws_cloudwatch_log_group.main.name
 }
diff --git a/infrastructure/modules/obs-datasource/variables.tf b/infrastructure/modules/obs-datasource/variables.tf
index 14f01d5..568fdb5 100644
--- a/infrastructure/modules/obs-datasource/variables.tf
+++ b/infrastructure/modules/obs-datasource/variables.tf
@@ -73,7 +73,7 @@ variable "metric_configuration" {
 }
 
 variable "resource_types" {
-  type = list(string)
+  type        = list(string)
   description = "The resource types to include in the OAM link."
   default = [
     "AWS::CloudWatch::Metric",
diff --git a/infrastructure/modules/s3bucket/outputs.tf b/infrastructure/modules/s3bucket/outputs.tf
index ee6a7d1..06eab44 100644
--- a/infrastructure/modules/s3bucket/outputs.tf
+++ b/infrastructure/modules/s3bucket/outputs.tf
@@ -1,44 +1,44 @@
 output "acl" {
   description = "The ACL of the S3 bucket. If the object ownership is set to 'BucketOwnerEnforced', the ACL will be 'private'. Otherwise, it will reflect the ACL set in the aws_s3_bucket_acl resource."
-  value = var.object_ownership == "BucketOwnerEnforced" ? "private" : aws_s3_bucket_acl.main[0].acl
+  value       = var.object_ownership == "BucketOwnerEnforced" ? "private" : aws_s3_bucket_acl.main[0].acl
 }
 
 output "arn" {
   description = "The ARN of the S3 bucket"
-  value = aws_s3_bucket.main.arn
+  value       = aws_s3_bucket.main.arn
 }
 
 output "bucket" {
   description = "The name of the S3 bucket"
-  value = aws_s3_bucket.main.bucket
+  value       = aws_s3_bucket.main.bucket
 }
 
 output "bucket_domain_name" {
   description = "The domain name of the S3 bucket"
-  value = aws_s3_bucket.main.bucket_domain_name
+  value       = aws_s3_bucket.main.bucket_domain_name
 }
 
 output "bucket_regional_domain_name" {
   description = "The regional domain name of the S3 bucket"
-  value = aws_s3_bucket.main.bucket_regional_domain_name
+  value       = aws_s3_bucket.main.bucket_regional_domain_name
 }
 
 output "hosted_zone_id" {
   description = "The hosted zone ID of the S3 bucket"
-  value = aws_s3_bucket.main.hosted_zone_id
+  value       = aws_s3_bucket.main.hosted_zone_id
 }
 
 output "id" {
   description = "The ID of the S3 bucket"
-  value = aws_s3_bucket.main.id
+  value       = aws_s3_bucket.main.id
 }
 
 output "policy" {
   description = "The policy of the S3 bucket"
-  value = aws_s3_bucket_policy.main.policy
+  value       = aws_s3_bucket_policy.main.policy
 }
 
 output "region" {
   description = "The AWS region where the S3 bucket is located"
-  value = aws_s3_bucket.main.region
+  value       = aws_s3_bucket.main.region
 }
diff --git a/infrastructure/modules/sqs/outputs.tf b/infrastructure/modules/sqs/outputs.tf
index 5bf435a..90961c6 100644
--- a/infrastructure/modules/sqs/outputs.tf
+++ b/infrastructure/modules/sqs/outputs.tf
@@ -1,29 +1,29 @@
 output "sqs_queue_url" {
   description = "The URL of the SQS queue"
-  value = aws_sqs_queue.sqs_queue.id
+  value       = aws_sqs_queue.sqs_queue.id
 }
 
 output "sqs_queue_arn" {
   description = "The ARN of the SQS queue"
-  value = aws_sqs_queue.sqs_queue.arn
+  value       = aws_sqs_queue.sqs_queue.arn
 }
 
 output "sqs_dlq_url" {
   description = "The URL of the SQS dead-letter queue"
-  value = var.create_dlq ? aws_sqs_queue.deadletter_queue[0].id : null
+  value       = var.create_dlq ? aws_sqs_queue.deadletter_queue[0].id : null
 }
 
 output "sqs_dlq_arn" {
   description = "The ARN of the SQS dead-letter queue"
-  value = var.create_dlq ? aws_sqs_queue.deadletter_queue[0].arn : null
+  value       = var.create_dlq ? aws_sqs_queue.deadletter_queue[0].arn : null
 }
 
 output "sqs_queue_name" {
   description = "The name of the SQS queue"
-  value = "${local.csi}-queue"
+  value       = "${local.csi}-queue"
 }
 
 output "sqs_dlq_name" {
   description = "The name of the SQS dead-letter queue"
-  value = var.create_dlq ? aws_sqs_queue.deadletter_queue[0].name : null
+  value       = var.create_dlq ? aws_sqs_queue.deadletter_queue[0].name : null
 }

From 49167345f0b417169d9763e0da0a7871baf39c65 Mon Sep 17 00:00:00 2001
From: sidnhs <siddharth.nair1@nhs.net>
Date: Wed, 28 May 2025 11:59:17 +0100
Subject: [PATCH 3/3] CCM-9689: Fix lambda descriptions for variables and
 outputs

---
 infrastructure/modules/amp_branch/README.md   |  2 +-
 .../modules/aws-backup-source/README.md       |  2 +-
 infrastructure/modules/eventpub/README.md     |  4 ++--
 infrastructure/modules/kms/README.md          |  8 +++----
 infrastructure/modules/lambda/README.md       | 24 +++++++++----------
 infrastructure/modules/s3bucket/README.md     | 18 +++++++-------
 infrastructure/modules/sqs/README.md          | 12 +++++-----
 7 files changed, 35 insertions(+), 35 deletions(-)

diff --git a/infrastructure/modules/amp_branch/README.md b/infrastructure/modules/amp_branch/README.md
index 659e9c1..c397468 100644
--- a/infrastructure/modules/amp_branch/README.md
+++ b/infrastructure/modules/amp_branch/README.md
@@ -35,7 +35,7 @@ No modules.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_name"></a> [name](#output\_name) | n/a |
+| <a name="output_name"></a> [name](#output\_name) | Name of the Amplify branch |
 <!-- vale on -->
 <!-- markdownlint-enable -->
 <!-- END_TF_DOCS -->
diff --git a/infrastructure/modules/aws-backup-source/README.md b/infrastructure/modules/aws-backup-source/README.md
index 64352d7..98ff410 100644
--- a/infrastructure/modules/aws-backup-source/README.md
+++ b/infrastructure/modules/aws-backup-source/README.md
@@ -57,7 +57,7 @@ No requirements.
 | <a name="input_backup_copy_vault_account_id"></a> [backup\_copy\_vault\_account\_id](#input\_backup\_copy\_vault\_account\_id) | The account id of the destination backup vault for allowing restores back into the source account. | `string` | `""` | no |
 | <a name="input_backup_copy_vault_arn"></a> [backup\_copy\_vault\_arn](#input\_backup\_copy\_vault\_arn) | The ARN of the destination backup vault for cross-account backup copies. | `string` | `""` | no |
 | <a name="input_backup_plan_config_dynamodb"></a> [backup\_plan\_config\_dynamodb](#input\_backup\_plan\_config\_dynamodb) | Configuration for backup plans with dynamodb | <pre>object({<br/>    enable                    = bool<br/>    selection_tag             = string<br/>    compliance_resource_types = list(string)<br/>    rules = optional(list(object({<br/>      name                     = string<br/>      schedule                 = string<br/>      enable_continuous_backup = optional(bool)<br/>      lifecycle = object({<br/>        delete_after       = number<br/>        cold_storage_after = optional(number)<br/>      })<br/>      copy_action = optional(object({<br/>        delete_after = optional(number)<br/>      }))<br/>    })))<br/>  })</pre> | <pre>{<br/>  "compliance_resource_types": [<br/>    "DynamoDB"<br/>  ],<br/>  "enable": false,<br/>  "rules": [<br/>    {<br/>      "copy_action": {<br/>        "delete_after": 365<br/>      },<br/>      "lifecycle": {<br/>        "delete_after": 35<br/>      },<br/>      "name": "dynamodb_daily_kept_5_weeks",<br/>      "schedule": "cron(0 0 * * ? *)"<br/>    },<br/>    {<br/>      "copy_action": {<br/>        "delete_after": 365<br/>      },<br/>      "lifecycle": {<br/>        "delete_after": 90<br/>      },<br/>      "name": "dynamodb_weekly_kept_3_months",<br/>      "schedule": "cron(0 1 ? * SUN *)"<br/>    },<br/>    {<br/>      "copy_action": {<br/>        "delete_after": 365<br/>      },<br/>      "lifecycle": {<br/>        "cold_storage_after": 30,<br/>        "delete_after": 2555<br/>      },<br/>      "name": "dynamodb_monthly_kept_7_years",<br/>      "schedule": "cron(0 2 1  * ? *)"<br/>    }<br/>  ],<br/>  "selection_tag": "BackupDynamoDB"<br/>}</pre> | no |
-| <a name="input_backup_plan_config_s3"></a> [backup\_plan\_config\_s3](#input\_backup\_plan\_config\_s3) | Configuration for backup plans | <pre>object({<br/>    enable                    = bool<br/>    selection_tag             = string<br/>    compliance_resource_types = list(string)<br/>    rules = list(object({<br/>      name                     = string<br/>      schedule                 = string<br/>      enable_continuous_backup = optional(bool)<br/>      lifecycle = object({<br/>        delete_after       = optional(number)<br/>        cold_storage_after = optional(number)<br/>      })<br/>      copy_action = optional(object({<br/>        delete_after = optional(number)<br/>      }))<br/>    }))<br/>  })</pre> | <pre>{<br/>  "compliance_resource_types": [<br/>    "S3"<br/>  ],<br/>  "enable": false,<br/>  "rules": [<br/>    {<br/>      "copy_action": {<br/>        "delete_after": 365<br/>      },<br/>      "lifecycle": {<br/>        "delete_after": 35<br/>      },<br/>      "name": "daily_kept_5_weeks",<br/>      "schedule": "cron(0 0 * * ? *)"<br/>    },<br/>    {<br/>      "copy_action": {<br/>        "delete_after": 365<br/>      },<br/>      "lifecycle": {<br/>        "delete_after": 90<br/>      },<br/>      "name": "weekly_kept_3_months",<br/>      "schedule": "cron(0 1 ? * SUN *)"<br/>    },<br/>    {<br/>      "copy_action": {<br/>        "delete_after": 365<br/>      },<br/>      "lifecycle": {<br/>        "cold_storage_after": 30,<br/>        "delete_after": 2555<br/>      },<br/>      "name": "monthly_kept_7_years",<br/>      "schedule": "cron(0 2 1  * ? *)"<br/>    },<br/>    {<br/>      "copy_action": {<br/>        "delete_after": 365<br/>      },<br/>      "enable_continuous_backup": true,<br/>      "lifecycle": {<br/>        "delete_after": 35<br/>      },<br/>      "name": "point_in_time_recovery",<br/>      "schedule": "cron(0 5 * * ? *)"<br/>    }<br/>  ],<br/>  "selection_tag": "BackupLocal"<br/>}</pre> | no |
+| <a name="input_backup_plan_config_s3"></a> [backup\_plan\_config\_s3](#input\_backup\_plan\_config\_s3) | Configuration for backup plans for s3 | <pre>object({<br/>    enable                    = bool<br/>    selection_tag             = string<br/>    compliance_resource_types = list(string)<br/>    rules = list(object({<br/>      name                     = string<br/>      schedule                 = string<br/>      enable_continuous_backup = optional(bool)<br/>      lifecycle = object({<br/>        delete_after       = optional(number)<br/>        cold_storage_after = optional(number)<br/>      })<br/>      copy_action = optional(object({<br/>        delete_after = optional(number)<br/>      }))<br/>    }))<br/>  })</pre> | <pre>{<br/>  "compliance_resource_types": [<br/>    "S3"<br/>  ],<br/>  "enable": false,<br/>  "rules": [<br/>    {<br/>      "copy_action": {<br/>        "delete_after": 365<br/>      },<br/>      "lifecycle": {<br/>        "delete_after": 35<br/>      },<br/>      "name": "daily_kept_5_weeks",<br/>      "schedule": "cron(0 0 * * ? *)"<br/>    },<br/>    {<br/>      "copy_action": {<br/>        "delete_after": 365<br/>      },<br/>      "lifecycle": {<br/>        "delete_after": 90<br/>      },<br/>      "name": "weekly_kept_3_months",<br/>      "schedule": "cron(0 1 ? * SUN *)"<br/>    },<br/>    {<br/>      "copy_action": {<br/>        "delete_after": 365<br/>      },<br/>      "lifecycle": {<br/>        "cold_storage_after": 30,<br/>        "delete_after": 2555<br/>      },<br/>      "name": "monthly_kept_7_years",<br/>      "schedule": "cron(0 2 1  * ? *)"<br/>    },<br/>    {<br/>      "copy_action": {<br/>        "delete_after": 365<br/>      },<br/>      "enable_continuous_backup": true,<br/>      "lifecycle": {<br/>        "delete_after": 35<br/>      },<br/>      "name": "point_in_time_recovery",<br/>      "schedule": "cron(0 5 * * ? *)"<br/>    }<br/>  ],<br/>  "selection_tag": "BackupLocal"<br/>}</pre> | no |
 | <a name="input_component"></a> [component](#input\_component) | The name of the tfscaffold component | `string` | n/a | yes |
 | <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | Default tag map for application to all taggable resources in the module | `map(string)` | `{}` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | The name of the environment where AWS Backup is configured. | `string` | n/a | yes |
diff --git a/infrastructure/modules/eventpub/README.md b/infrastructure/modules/eventpub/README.md
index d05d212..8fd0135 100644
--- a/infrastructure/modules/eventpub/README.md
+++ b/infrastructure/modules/eventpub/README.md
@@ -38,8 +38,8 @@
 
 | Name | Description |
 |------|-------------|
-| <a name="output_s3_bucket_event_cache"></a> [s3\_bucket\_event\_cache](#output\_s3\_bucket\_event\_cache) | n/a |
-| <a name="output_sns_topic"></a> [sns\_topic](#output\_sns\_topic) | n/a |
+| <a name="output_s3_bucket_event_cache"></a> [s3\_bucket\_event\_cache](#output\_s3\_bucket\_event\_cache) | S3 Bucket ARN and Name for event cache |
+| <a name="output_sns_topic"></a> [sns\_topic](#output\_sns\_topic) | SNS Topic ARN and Name |
 <!-- vale on -->
 <!-- markdownlint-enable -->
 <!-- END_TF_DOCS -->
diff --git a/infrastructure/modules/kms/README.md b/infrastructure/modules/kms/README.md
index 8beec34..cb24e79 100644
--- a/infrastructure/modules/kms/README.md
+++ b/infrastructure/modules/kms/README.md
@@ -29,10 +29,10 @@ No modules.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_admin_policy_arn"></a> [admin\_policy\_arn](#output\_admin\_policy\_arn) | n/a |
-| <a name="output_key_arn"></a> [key\_arn](#output\_key\_arn) | n/a |
-| <a name="output_key_id"></a> [key\_id](#output\_key\_id) | n/a |
-| <a name="output_user_policy_arn"></a> [user\_policy\_arn](#output\_user\_policy\_arn) | n/a |
+| <a name="output_admin_policy_arn"></a> [admin\_policy\_arn](#output\_admin\_policy\_arn) | ARN of the admin IAM policy |
+| <a name="output_key_arn"></a> [key\_arn](#output\_key\_arn) | ARN of the KMS key |
+| <a name="output_key_id"></a> [key\_id](#output\_key\_id) | ID of the KMS key |
+| <a name="output_user_policy_arn"></a> [user\_policy\_arn](#output\_user\_policy\_arn) | ARN of the user IAM policy |
 <!-- vale on -->
 <!-- markdownlint-enable -->
 <!-- END_TF_DOCS -->
diff --git a/infrastructure/modules/lambda/README.md b/infrastructure/modules/lambda/README.md
index b08f81c..f84af40 100644
--- a/infrastructure/modules/lambda/README.md
+++ b/infrastructure/modules/lambda/README.md
@@ -21,8 +21,8 @@
 | <a name="input_environment"></a> [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes |
 | <a name="input_filter_pattern"></a> [filter\_pattern](#input\_filter\_pattern) | Filter pattern to use for the log subscription filter | `string` | `""` | no |
 | <a name="input_force_lambda_code_deploy"></a> [force\_lambda\_code\_deploy](#input\_force\_lambda\_code\_deploy) | If the lambda package in s3 has the same commit id tag as the terraform build branch, the lambda will not update automatically. Set to True if making changes to Lambda code from on the same commit for example during development | `bool` | `false` | no |
-| <a name="input_function_code_base_path"></a> [function\_code\_base\_path](#input\_function\_code\_base\_path) | The path to the sourcecode directories needed for this lambda | `string` | `"./"` | no |
-| <a name="input_function_code_dir"></a> [function\_code\_dir](#input\_function\_code\_dir) | The path to the sourcecode directories needed for this lambda | `string` | n/a | yes |
+| <a name="input_function_code_base_path"></a> [function\_code\_base\_path](#input\_function\_code\_base\_path) | The base path to the sourcecode directories needed for this lambda | `string` | `"./"` | no |
+| <a name="input_function_code_dir"></a> [function\_code\_dir](#input\_function\_code\_dir) | The directory for this lambda | `string` | n/a | yes |
 | <a name="input_function_include_common"></a> [function\_include\_common](#input\_function\_include\_common) | Include the 'common' lambda module with this lambda | `bool` | `true` | no |
 | <a name="input_function_module_name"></a> [function\_module\_name](#input\_function\_module\_name) | The name of the function module as used by the lambda handler, e.g. index or exports | `string` | `"index"` | no |
 | <a name="input_function_name"></a> [function\_name](#input\_function\_name) | Base name of this lambda | `string` | n/a | yes |
@@ -31,8 +31,8 @@
 | <a name="input_handler_function_name"></a> [handler\_function\_name](#input\_handler\_function\_name) | The name of the lambda handler function (passed directly to the Lambda's handler option) | `string` | `"handler"` | no |
 | <a name="input_iam_policy_document"></a> [iam\_policy\_document](#input\_iam\_policy\_document) | n/a | <pre>object({<br/>    body = string<br/>  })</pre> | `null` | no |
 | <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | KMS key arn to use for this function | `string` | n/a | yes |
-| <a name="input_lambda_at_edge"></a> [lambda\_at\_edge](#input\_lambda\_at\_edge) | Enable the lambda insights layer, this must be disabled for lambda@edge usage | `bool` | `false` | no |
-| <a name="input_lambda_dlq_message_retention_seconds"></a> [lambda\_dlq\_message\_retention\_seconds](#input\_lambda\_dlq\_message\_retention\_seconds) | KMS Key ARN to be used for SNS Topic for on-failure Lambda invocation records | `number` | `86400` | no |
+| <a name="input_lambda_at_edge"></a> [lambda\_at\_edge](#input\_lambda\_at\_edge) | Whether this Lambda is a Lambda@Edge function | `bool` | `false` | no |
+| <a name="input_lambda_dlq_message_retention_seconds"></a> [lambda\_dlq\_message\_retention\_seconds](#input\_lambda\_dlq\_message\_retention\_seconds) | The number of seconds to retain messages in the Lambda DLQ SQS queue | `number` | `86400` | no |
 | <a name="input_lambda_env_vars"></a> [lambda\_env\_vars](#input\_lambda\_env\_vars) | Lambda environment parameters map | `map(string)` | `{}` | no |
 | <a name="input_layers"></a> [layers](#input\_layers) | Lambda layer arns to include | `list(any)` | `[]` | no |
 | <a name="input_log_destination_arn"></a> [log\_destination\_arn](#input\_log\_destination\_arn) | Destination ARN to use for the log subscription filter | `string` | `""` | no |
@@ -58,14 +58,14 @@ No modules.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_cloudwatch_log_group_name"></a> [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | n/a |
-| <a name="output_function_arn"></a> [function\_arn](#output\_function\_arn) | n/a |
-| <a name="output_function_env_vars"></a> [function\_env\_vars](#output\_function\_env\_vars) | n/a |
-| <a name="output_function_invoke_arn"></a> [function\_invoke\_arn](#output\_function\_invoke\_arn) | n/a |
-| <a name="output_function_name"></a> [function\_name](#output\_function\_name) | n/a |
-| <a name="output_function_qualified_arn"></a> [function\_qualified\_arn](#output\_function\_qualified\_arn) | n/a |
-| <a name="output_iam_role_arn"></a> [iam\_role\_arn](#output\_iam\_role\_arn) | n/a |
-| <a name="output_iam_role_name"></a> [iam\_role\_name](#output\_iam\_role\_name) | n/a |
+| <a name="output_cloudwatch_log_group_name"></a> [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Name of the CloudWatch Log Group for the Lambda function |
+| <a name="output_function_arn"></a> [function\_arn](#output\_function\_arn) | ARN of the Lambda function |
+| <a name="output_function_env_vars"></a> [function\_env\_vars](#output\_function\_env\_vars) | Environment variables for the Lambda function |
+| <a name="output_function_invoke_arn"></a> [function\_invoke\_arn](#output\_function\_invoke\_arn) | Invoke ARN of the Lambda function |
+| <a name="output_function_name"></a> [function\_name](#output\_function\_name) | Name of the Lambda function |
+| <a name="output_function_qualified_arn"></a> [function\_qualified\_arn](#output\_function\_qualified\_arn) | Qualified ARN of the Lambda function, including version or alias |
+| <a name="output_iam_role_arn"></a> [iam\_role\_arn](#output\_iam\_role\_arn) | ARN of the IAM role associated with the Lambda function |
+| <a name="output_iam_role_name"></a> [iam\_role\_name](#output\_iam\_role\_name) | Name of the IAM role associated with the Lambda function |
 <!-- vale on -->
 <!-- markdownlint-enable -->
 <!-- END_TF_DOCS -->
diff --git a/infrastructure/modules/s3bucket/README.md b/infrastructure/modules/s3bucket/README.md
index cb0a60f..4cc9015 100644
--- a/infrastructure/modules/s3bucket/README.md
+++ b/infrastructure/modules/s3bucket/README.md
@@ -37,15 +37,15 @@ No modules.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_acl"></a> [acl](#output\_acl) | n/a |
-| <a name="output_arn"></a> [arn](#output\_arn) | n/a |
-| <a name="output_bucket"></a> [bucket](#output\_bucket) | n/a |
-| <a name="output_bucket_domain_name"></a> [bucket\_domain\_name](#output\_bucket\_domain\_name) | n/a |
-| <a name="output_bucket_regional_domain_name"></a> [bucket\_regional\_domain\_name](#output\_bucket\_regional\_domain\_name) | n/a |
-| <a name="output_hosted_zone_id"></a> [hosted\_zone\_id](#output\_hosted\_zone\_id) | n/a |
-| <a name="output_id"></a> [id](#output\_id) | n/a |
-| <a name="output_policy"></a> [policy](#output\_policy) | n/a |
-| <a name="output_region"></a> [region](#output\_region) | n/a |
+| <a name="output_acl"></a> [acl](#output\_acl) | The ACL of the S3 bucket. If the object ownership is set to 'BucketOwnerEnforced', the ACL will be 'private'. Otherwise, it will reflect the ACL set in the aws\_s3\_bucket\_acl resource. |
+| <a name="output_arn"></a> [arn](#output\_arn) | The ARN of the S3 bucket |
+| <a name="output_bucket"></a> [bucket](#output\_bucket) | The name of the S3 bucket |
+| <a name="output_bucket_domain_name"></a> [bucket\_domain\_name](#output\_bucket\_domain\_name) | The domain name of the S3 bucket |
+| <a name="output_bucket_regional_domain_name"></a> [bucket\_regional\_domain\_name](#output\_bucket\_regional\_domain\_name) | The regional domain name of the S3 bucket |
+| <a name="output_hosted_zone_id"></a> [hosted\_zone\_id](#output\_hosted\_zone\_id) | The hosted zone ID of the S3 bucket |
+| <a name="output_id"></a> [id](#output\_id) | The ID of the S3 bucket |
+| <a name="output_policy"></a> [policy](#output\_policy) | The policy of the S3 bucket |
+| <a name="output_region"></a> [region](#output\_region) | The AWS region where the S3 bucket is located |
 <!-- vale on -->
 <!-- markdownlint-enable -->
 <!-- END_TF_DOCS -->
diff --git a/infrastructure/modules/sqs/README.md b/infrastructure/modules/sqs/README.md
index ae524f6..23de60e 100644
--- a/infrastructure/modules/sqs/README.md
+++ b/infrastructure/modules/sqs/README.md
@@ -36,12 +36,12 @@ No modules.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_sqs_dlq_arn"></a> [sqs\_dlq\_arn](#output\_sqs\_dlq\_arn) | n/a |
-| <a name="output_sqs_dlq_name"></a> [sqs\_dlq\_name](#output\_sqs\_dlq\_name) | n/a |
-| <a name="output_sqs_dlq_url"></a> [sqs\_dlq\_url](#output\_sqs\_dlq\_url) | n/a |
-| <a name="output_sqs_queue_arn"></a> [sqs\_queue\_arn](#output\_sqs\_queue\_arn) | n/a |
-| <a name="output_sqs_queue_name"></a> [sqs\_queue\_name](#output\_sqs\_queue\_name) | n/a |
-| <a name="output_sqs_queue_url"></a> [sqs\_queue\_url](#output\_sqs\_queue\_url) | n/a |
+| <a name="output_sqs_dlq_arn"></a> [sqs\_dlq\_arn](#output\_sqs\_dlq\_arn) | The ARN of the SQS dead-letter queue |
+| <a name="output_sqs_dlq_name"></a> [sqs\_dlq\_name](#output\_sqs\_dlq\_name) | The name of the SQS dead-letter queue |
+| <a name="output_sqs_dlq_url"></a> [sqs\_dlq\_url](#output\_sqs\_dlq\_url) | The URL of the SQS dead-letter queue |
+| <a name="output_sqs_queue_arn"></a> [sqs\_queue\_arn](#output\_sqs\_queue\_arn) | The ARN of the SQS queue |
+| <a name="output_sqs_queue_name"></a> [sqs\_queue\_name](#output\_sqs\_queue\_name) | The name of the SQS queue |
+| <a name="output_sqs_queue_url"></a> [sqs\_queue\_url](#output\_sqs\_queue\_url) | The URL of the SQS queue |
 <!-- vale on -->
 <!-- markdownlint-enable -->
 <!-- END_TF_DOCS -->