From b6d0cccba1fb8696434d3e1fd912a080f800639f Mon Sep 17 00:00:00 2001 From: aidenvaines-cgi Date: Tue, 3 Mar 2026 16:11:52 +0000 Subject: [PATCH 1/7] CCM-14044 Setting prod defaults --- .../components/app/module_eventpub.tf | 8 ++++++- .../terraform/components/app/variables.tf | 24 +++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/infrastructure/terraform/components/app/module_eventpub.tf b/infrastructure/terraform/components/app/module_eventpub.tf index 053ca496c..af77d046d 100644 --- a/infrastructure/terraform/components/app/module_eventpub.tf +++ b/infrastructure/terraform/components/app/module_eventpub.tf @@ -1,6 +1,6 @@ module "eventpub" { # TODO CCM-12089 - move to zip release after fix from the ticket - source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/eventpub?ref=v2.0.28" + source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/terraform/modules/eventpub?ref=3.0.4" name = "eventpub" @@ -21,4 +21,10 @@ module "eventpub" { data_plane_bus_arn = var.data_plane_bus_arn control_plane_bus_arn = var.control_plane_bus_arn + + # CloudWatch Anomaly Detection for publishing + enable_publishing_anomaly_detection = var.enable_event_publishing_anomaly_detection + publishing_anomaly_band_width = var.event_publishing_anomaly_band_width + publishing_anomaly_evaluation_periods = var.event_publishing_anomaly_evaluation_periods + publishing_anomaly_period = var.event_publishing_anomaly_period } diff --git a/infrastructure/terraform/components/app/variables.tf b/infrastructure/terraform/components/app/variables.tf index 798032cb6..e66a8afb4 100644 --- a/infrastructure/terraform/components/app/variables.tf +++ b/infrastructure/terraform/components/app/variables.tf @@ -225,3 +225,27 @@ variable "container_image_tag_suffix" { description = "Suffix used for container/image based Lambda image tags" default = "latest" } + +variable "enable_event_publishing_anomaly_detection" { + type = bool + description = "Enable CloudWatch anomaly detection alarm for SNS message publishing. Detects abnormal drops or spikes in event publishing volume." + default = true +} + +variable "event_publishing_anomaly_evaluation_periods" { + type = number + description = "Number of evaluation periods for the publishing anomaly alarm. Each period is defined by event_publishing_anomaly_period." + default = 3 +} + +variable "event_publishing_anomaly_period" { + type = number + description = "The period in seconds over which the specified statistic is applied for anomaly detection. Minimum 300 seconds (5 minutes). Recommended: 300-600." + default = 300 +} + +variable "event_publishing_anomaly_band_width" { + type = number + description = "The width of the anomaly detection band. Higher values (e.g. 4-6) reduce sensitivity and noise, lower values (e.g. 2-3) increase sensitivity. Recommended: 2-4." + default = 5 +} From af3c917ef5fcab9ac16faa92532ac1285b355e21 Mon Sep 17 00:00:00 2001 From: aidenvaines-cgi Date: Tue, 3 Mar 2026 16:46:57 +0000 Subject: [PATCH 2/7] CCM-14044 updating tfdocs --- .../terraform/components/app/README.md | 6 +++++- .../terraform/components/sandbox/README.md | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 infrastructure/terraform/components/sandbox/README.md diff --git a/infrastructure/terraform/components/app/README.md b/infrastructure/terraform/components/app/README.md index e18585508..85957b783 100644 --- a/infrastructure/terraform/components/app/README.md +++ b/infrastructure/terraform/components/app/README.md @@ -32,9 +32,13 @@ | [enable\_api\_data\_trace](#input\_enable\_api\_data\_trace) | Enable API Gateway data trace logging | `bool` | `false` | no | | [enable\_cognito\_built\_in\_idp](#input\_enable\_cognito\_built\_in\_idp) | Enable the use of Cognito as an IDP; CIS2 is preferred | `bool` | `false` | no | | [enable\_event\_caching](#input\_enable\_event\_caching) | Enable caching of events to an S3 bucket | `bool` | `true` | no | +| [enable\_event\_publishing\_anomaly\_detection](#input\_enable\_event\_publishing\_anomaly\_detection) | Enable CloudWatch anomaly detection alarm for SNS message publishing. Detects abnormal drops or spikes in event publishing volume. | `bool` | `true` | no | | [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes | | [event\_delivery\_logging](#input\_event\_delivery\_logging) | Enable SNS Event Delivery logging | `bool` | `true` | no | | [event\_delivery\_logging\_success\_sample\_percentage](#input\_event\_delivery\_logging\_success\_sample\_percentage) | Enable caching of events to an S3 bucket | `number` | `0` | no | +| [event\_publishing\_anomaly\_band\_width](#input\_event\_publishing\_anomaly\_band\_width) | The width of the anomaly detection band. Higher values (e.g. 4-6) reduce sensitivity and noise, lower values (e.g. 2-3) increase sensitivity. Recommended: 2-4. | `number` | `5` | no | +| [event\_publishing\_anomaly\_evaluation\_periods](#input\_event\_publishing\_anomaly\_evaluation\_periods) | Number of evaluation periods for the publishing anomaly alarm. Each period is defined by event\_publishing\_anomaly\_period. | `number` | `3` | no | +| [event\_publishing\_anomaly\_period](#input\_event\_publishing\_anomaly\_period) | The period in seconds over which the specified statistic is applied for anomaly detection. Minimum 300 seconds (5 minutes). Recommended: 300-600. | `number` | `300` | no | | [external\_email\_domain](#input\_external\_email\_domain) | Externally managed domain used to create an SES identity for sending emails from. Validation DNS records will need to be manually configured in the DNS provider. | `string` | `null` | no | | [group](#input\_group) | The group variables are being inherited from (often synonymous with account short-name) | `string` | n/a | yes | | [kms\_deletion\_window](#input\_kms\_deletion\_window) | When a kms key is deleted, how long should it wait in the pending deletion state? | `string` | `"30"` | no | @@ -53,7 +57,7 @@ | [amplify\_branch](#module\_amplify\_branch) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.20/terraform-amp_branch.zip | n/a | | [backend\_api](#module\_backend\_api) | ../../modules/backend-api | n/a | | [download\_authorizer\_lambda](#module\_download\_authorizer\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a | -| [eventpub](#module\_eventpub) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/eventpub | v2.0.28 | +| [eventpub](#module\_eventpub) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/terraform/modules/eventpub | 3.0.4 | | [kms](#module\_kms) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.20/terraform-kms.zip | n/a | | [kms\_us\_east\_1](#module\_kms\_us\_east\_1) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.20/terraform-kms.zip | n/a | | [nhse\_backup\_vault](#module\_nhse\_backup\_vault) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.25/terraform-aws-backup-source.zip | n/a | diff --git a/infrastructure/terraform/components/sandbox/README.md b/infrastructure/terraform/components/sandbox/README.md new file mode 100644 index 000000000..df8c1f5c0 --- /dev/null +++ b/infrastructure/terraform/components/sandbox/README.md @@ -0,0 +1,19 @@ + + + + +## Requirements + +No requirements. +## Inputs + +No inputs. +## Modules + +No modules. +## Outputs + +No outputs. + + + From b3436d5b25adb8dd3148edb74b96d9b87a07a38a Mon Sep 17 00:00:00 2001 From: sidnhs Date: Wed, 4 Mar 2026 14:44:02 +0000 Subject: [PATCH 3/7] CCM-14044: Fix eventpub module fmt --- infrastructure/terraform/components/app/module_eventpub.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/terraform/components/app/module_eventpub.tf b/infrastructure/terraform/components/app/module_eventpub.tf index 5d4b7e045..9db0d652b 100644 --- a/infrastructure/terraform/components/app/module_eventpub.tf +++ b/infrastructure/terraform/components/app/module_eventpub.tf @@ -1,6 +1,6 @@ module "eventpub" { source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.4/terraform-eventpub.zip" - + name = "eventpub" aws_account_id = var.aws_account_id From 8f230fa283aef3d6bb664fe798d364b40d159091 Mon Sep 17 00:00:00 2001 From: aidenvaines-cgi Date: Wed, 4 Mar 2026 15:25:54 +0000 Subject: [PATCH 4/7] CCM-14044 updating tfdocs --- infrastructure/terraform/components/app/README.md | 2 +- .../terraform/components/app/module_eventpub.tf | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/infrastructure/terraform/components/app/README.md b/infrastructure/terraform/components/app/README.md index 1600f2d88..4f3091d35 100644 --- a/infrastructure/terraform/components/app/README.md +++ b/infrastructure/terraform/components/app/README.md @@ -57,7 +57,7 @@ | [amplify\_branch](#module\_amplify\_branch) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.20/terraform-amp_branch.zip | n/a | | [backend\_api](#module\_backend\_api) | ../../modules/backend-api | n/a | | [download\_authorizer\_lambda](#module\_download\_authorizer\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a | -| [eventpub](#module\_eventpub) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.4/terraform-eventpub.zip | n/a | +| [eventpub](#module\_eventpub) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.5/terraform-eventpub.zip | n/a | | [kms](#module\_kms) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.20/terraform-kms.zip | n/a | | [kms\_us\_east\_1](#module\_kms\_us\_east\_1) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.20/terraform-kms.zip | n/a | | [nhse\_backup\_vault](#module\_nhse\_backup\_vault) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.25/terraform-aws-backup-source.zip | n/a | diff --git a/infrastructure/terraform/components/app/module_eventpub.tf b/infrastructure/terraform/components/app/module_eventpub.tf index 9db0d652b..5bd212a42 100644 --- a/infrastructure/terraform/components/app/module_eventpub.tf +++ b/infrastructure/terraform/components/app/module_eventpub.tf @@ -1,5 +1,5 @@ module "eventpub" { - source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.4/terraform-eventpub.zip" + source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.5/terraform-eventpub.zip" name = "eventpub" @@ -23,8 +23,8 @@ module "eventpub" { control_plane_bus_arn = var.control_plane_bus_arn # CloudWatch Anomaly Detection for publishing - enable_publishing_anomaly_detection = var.enable_event_publishing_anomaly_detection - publishing_anomaly_band_width = var.event_publishing_anomaly_band_width - publishing_anomaly_evaluation_periods = var.event_publishing_anomaly_evaluation_periods - publishing_anomaly_period = var.event_publishing_anomaly_period + enable_publishing_anomaly_detection = var.enable_event_anomaly_detection + publishing_anomaly_band_width = var.event_anomaly_band_width + publishing_anomaly_evaluation_periods = var.event_anomaly_evaluation_periods + publishing_anomaly_period = var.event_anomaly_period } From 78c0d5a1ad382254a0f2ad4a5d96a35e803fc8e6 Mon Sep 17 00:00:00 2001 From: aidenvaines-cgi Date: Wed, 4 Mar 2026 20:05:57 +0000 Subject: [PATCH 5/7] CCM-14044 updating variable names --- infrastructure/terraform/components/app/README.md | 10 +++++----- .../terraform/components/app/module_eventpub.tf | 10 +++++----- infrastructure/terraform/components/app/variables.tf | 10 +++++----- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/infrastructure/terraform/components/app/README.md b/infrastructure/terraform/components/app/README.md index 4f3091d35..0628ab61e 100644 --- a/infrastructure/terraform/components/app/README.md +++ b/infrastructure/terraform/components/app/README.md @@ -31,14 +31,14 @@ | [enable\_amplify\_branch\_auto\_build](#input\_enable\_amplify\_branch\_auto\_build) | Enable automatic building of branches | `bool` | `false` | no | | [enable\_api\_data\_trace](#input\_enable\_api\_data\_trace) | Enable API Gateway data trace logging | `bool` | `false` | no | | [enable\_cognito\_built\_in\_idp](#input\_enable\_cognito\_built\_in\_idp) | Enable the use of Cognito as an IDP; CIS2 is preferred | `bool` | `false` | no | +| [enable\_event\_anomaly\_detection](#input\_enable\_event\_anomaly\_detection) | Enable CloudWatch anomaly detection alarm for SNS message publishing. Detects abnormal drops or spikes in event publishing volume. | `bool` | `true` | no | | [enable\_event\_caching](#input\_enable\_event\_caching) | Enable caching of events to an S3 bucket | `bool` | `true` | no | -| [enable\_event\_publishing\_anomaly\_detection](#input\_enable\_event\_publishing\_anomaly\_detection) | Enable CloudWatch anomaly detection alarm for SNS message publishing. Detects abnormal drops or spikes in event publishing volume. | `bool` | `true` | no | | [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes | +| [event\_anomaly\_band\_width](#input\_event\_anomaly\_band\_width) | The width of the anomaly detection band. Higher values (e.g. 4-6) reduce sensitivity and noise, lower values (e.g. 2-3) increase sensitivity. Recommended: 2-4. | `number` | `5` | no | +| [event\_anomaly\_evaluation\_periods](#input\_event\_anomaly\_evaluation\_periods) | Number of evaluation periods for the publishing anomaly alarm. Each period is defined by event\_anomaly\_period. | `number` | `3` | no | +| [event\_anomaly\_period](#input\_event\_anomaly\_period) | The period in seconds over which the specified statistic is applied for anomaly detection. Minimum 300 seconds (5 minutes). Recommended: 300-600. | `number` | `300` | no | | [event\_delivery\_logging](#input\_event\_delivery\_logging) | Enable SNS Event Delivery logging | `bool` | `true` | no | | [event\_delivery\_logging\_success\_sample\_percentage](#input\_event\_delivery\_logging\_success\_sample\_percentage) | Enable caching of events to an S3 bucket | `number` | `0` | no | -| [event\_publishing\_anomaly\_band\_width](#input\_event\_publishing\_anomaly\_band\_width) | The width of the anomaly detection band. Higher values (e.g. 4-6) reduce sensitivity and noise, lower values (e.g. 2-3) increase sensitivity. Recommended: 2-4. | `number` | `5` | no | -| [event\_publishing\_anomaly\_evaluation\_periods](#input\_event\_publishing\_anomaly\_evaluation\_periods) | Number of evaluation periods for the publishing anomaly alarm. Each period is defined by event\_publishing\_anomaly\_period. | `number` | `3` | no | -| [event\_publishing\_anomaly\_period](#input\_event\_publishing\_anomaly\_period) | The period in seconds over which the specified statistic is applied for anomaly detection. Minimum 300 seconds (5 minutes). Recommended: 300-600. | `number` | `300` | no | | [external\_email\_domain](#input\_external\_email\_domain) | Externally managed domain used to create an SES identity for sending emails from. Validation DNS records will need to be manually configured in the DNS provider. | `string` | `null` | no | | [group](#input\_group) | The group variables are being inherited from (often synonymous with account short-name) | `string` | n/a | yes | | [kms\_deletion\_window](#input\_kms\_deletion\_window) | When a kms key is deleted, how long should it wait in the pending deletion state? | `string` | `"30"` | no | @@ -57,7 +57,7 @@ | [amplify\_branch](#module\_amplify\_branch) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.20/terraform-amp_branch.zip | n/a | | [backend\_api](#module\_backend\_api) | ../../modules/backend-api | n/a | | [download\_authorizer\_lambda](#module\_download\_authorizer\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a | -| [eventpub](#module\_eventpub) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.5/terraform-eventpub.zip | n/a | +| [eventpub](#module\_eventpub) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.6/terraform-eventpub.zip | n/a | | [kms](#module\_kms) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.20/terraform-kms.zip | n/a | | [kms\_us\_east\_1](#module\_kms\_us\_east\_1) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.20/terraform-kms.zip | n/a | | [nhse\_backup\_vault](#module\_nhse\_backup\_vault) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.25/terraform-aws-backup-source.zip | n/a | diff --git a/infrastructure/terraform/components/app/module_eventpub.tf b/infrastructure/terraform/components/app/module_eventpub.tf index 5bd212a42..1c60d1060 100644 --- a/infrastructure/terraform/components/app/module_eventpub.tf +++ b/infrastructure/terraform/components/app/module_eventpub.tf @@ -1,5 +1,5 @@ module "eventpub" { - source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.5/terraform-eventpub.zip" + source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.6/terraform-eventpub.zip" name = "eventpub" @@ -23,8 +23,8 @@ module "eventpub" { control_plane_bus_arn = var.control_plane_bus_arn # CloudWatch Anomaly Detection for publishing - enable_publishing_anomaly_detection = var.enable_event_anomaly_detection - publishing_anomaly_band_width = var.event_anomaly_band_width - publishing_anomaly_evaluation_periods = var.event_anomaly_evaluation_periods - publishing_anomaly_period = var.event_anomaly_period + enable_event_anomaly_detection = var.enable_event_anomaly_detection + event_anomaly_band_width = var.event_anomaly_band_width + event_anomaly_evaluation_periods = var.event_anomaly_evaluation_periods + event_anomaly_period = var.event_anomaly_period } diff --git a/infrastructure/terraform/components/app/variables.tf b/infrastructure/terraform/components/app/variables.tf index e66a8afb4..d9d2ec19c 100644 --- a/infrastructure/terraform/components/app/variables.tf +++ b/infrastructure/terraform/components/app/variables.tf @@ -226,25 +226,25 @@ variable "container_image_tag_suffix" { default = "latest" } -variable "enable_event_publishing_anomaly_detection" { +variable "enable_event_anomaly_detection" { type = bool description = "Enable CloudWatch anomaly detection alarm for SNS message publishing. Detects abnormal drops or spikes in event publishing volume." default = true } -variable "event_publishing_anomaly_evaluation_periods" { +variable "event_anomaly_evaluation_periods" { type = number - description = "Number of evaluation periods for the publishing anomaly alarm. Each period is defined by event_publishing_anomaly_period." + description = "Number of evaluation periods for the publishing anomaly alarm. Each period is defined by event_anomaly_period." default = 3 } -variable "event_publishing_anomaly_period" { +variable "event_anomaly_period" { type = number description = "The period in seconds over which the specified statistic is applied for anomaly detection. Minimum 300 seconds (5 minutes). Recommended: 300-600." default = 300 } -variable "event_publishing_anomaly_band_width" { +variable "event_anomaly_band_width" { type = number description = "The width of the anomaly detection band. Higher values (e.g. 4-6) reduce sensitivity and noise, lower values (e.g. 2-3) increase sensitivity. Recommended: 2-4." default = 5 From 337e88564f682e7d45f0e1ba7588c7e46fb1125c Mon Sep 17 00:00:00 2001 From: aidenvaines-cgi Date: Wed, 4 Mar 2026 20:10:29 +0000 Subject: [PATCH 6/7] CCM-14044 updating variable names --- infrastructure/terraform/components/sbx/README.md | 2 +- infrastructure/terraform/components/sbx/module_eventpub.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/infrastructure/terraform/components/sbx/README.md b/infrastructure/terraform/components/sbx/README.md index 2596ffca7..216eae80c 100644 --- a/infrastructure/terraform/components/sbx/README.md +++ b/infrastructure/terraform/components/sbx/README.md @@ -29,7 +29,7 @@ |------|--------|---------| | [backend\_api](#module\_backend\_api) | ../../modules/backend-api | n/a | | [cognito\_triggers](#module\_cognito\_triggers) | ../../modules/cognito-triggers | n/a | -| [eventpub](#module\_eventpub) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.4/terraform-eventpub.zip | n/a | +| [eventpub](#module\_eventpub) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.6/terraform-eventpub.zip | n/a | ## Outputs | Name | Description | diff --git a/infrastructure/terraform/components/sbx/module_eventpub.tf b/infrastructure/terraform/components/sbx/module_eventpub.tf index acda7ed28..a8b2ab609 100644 --- a/infrastructure/terraform/components/sbx/module_eventpub.tf +++ b/infrastructure/terraform/components/sbx/module_eventpub.tf @@ -1,5 +1,5 @@ module "eventpub" { - source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.4/terraform-eventpub.zip" + source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.6/terraform-eventpub.zip" name = "eventpub" From 7aaac0ff4dbe05fc05be29a51bbb02f17973e106 Mon Sep 17 00:00:00 2001 From: aidenvaines-cgi Date: Thu, 5 Mar 2026 10:18:49 +0000 Subject: [PATCH 7/7] CCM-14044 updating variable names --- .../terraform/components/sandbox/README.md | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 infrastructure/terraform/components/sandbox/README.md diff --git a/infrastructure/terraform/components/sandbox/README.md b/infrastructure/terraform/components/sandbox/README.md deleted file mode 100644 index df8c1f5c0..000000000 --- a/infrastructure/terraform/components/sandbox/README.md +++ /dev/null @@ -1,19 +0,0 @@ - - - - -## Requirements - -No requirements. -## Inputs - -No inputs. -## Modules - -No modules. -## Outputs - -No outputs. - - -