emerg: fix terraform resources

devksingh4 · devksingh4 · commit 4e4878409b80 · 2025-07-27T03:44:56.000-04:00
diff --git a/terraform/envs/prod/main.tf b/terraform/envs/prod/main.tf
@@ -57,16 +57,9 @@ resource "random_password" "origin_verify_key" {
   }
 }
 
-// TEMPORARY LINKRY KV IMPORT
-import {
-  to = aws_cloudfront_key_value_store.linkry_kv
-  id = "${var.ProjectId}-cloudfront-linkry-kv"
-}
-
 resource "aws_cloudfront_key_value_store" "linkry_kv" {
   name = "${var.ProjectId}-cloudfront-linkry-kv"
 }
-//
 
 module "alarms" {
   source                          = "../../modules/alarms"
@@ -80,7 +73,7 @@ module "alarms" {
 module "lambdas" {
   source           = "../../modules/lambdas"
   ProjectId        = var.ProjectId
-  RunEnvironment   = "dev"
+  RunEnvironment   = "prod"
   LinkryKvArn      = aws_cloudfront_key_value_store.linkry_kv.arn
   OriginVerifyKey  = random_password.origin_verify_key.result
   LogRetentionDays = 30
@@ -100,6 +93,15 @@ module "frontend" {
   LinkryKvArn        = aws_cloudfront_key_value_store.linkry_kv.arn
 }
 
+resource "aws_lambda_event_source_mapping" "queue_consumer" {
+  depends_on              = [module.lambdas, module.sqs_queues]
+  for_each                = toset([module.sqs_queues.main_queue_arn, module.sqs_queues.sales_email_queue_arn])
+  batch_size              = 5
+  event_source_arn        = each.key
+  function_name           = module.lambdas.core_sqs_consumer_lambda_arn
+  function_response_types = ["ReportBatchItemFailures"]
+}
+
 // This section last: moved records into modules
 moved {
   from = aws_dynamodb_table.app_audit_log
diff --git a/terraform/envs/qa/main.tf b/terraform/envs/qa/main.tf
@@ -57,17 +57,10 @@ resource "random_password" "origin_verify_key" {
     force_recreation = formatdate("DD-MMM-YYYY", plantimestamp())
   }
 }
-
-// TEMPORARY LINKRY KV IMPORT
-import {
-  to = aws_cloudfront_key_value_store.linkry_kv
-  id = "${var.ProjectId}-cloudfront-linkry-kv"
-}
-
 resource "aws_cloudfront_key_value_store" "linkry_kv" {
   name = "${var.ProjectId}-cloudfront-linkry-kv"
 }
-//
+
 
 module "lambdas" {
   source           = "../../modules/lambdas"
@@ -127,6 +120,15 @@ resource "aws_route53_record" "linkry" {
     evaluate_target_health = false
   }
 }
+resource "aws_lambda_event_source_mapping" "queue_consumer" {
+  depends_on              = [module.lambdas, module.sqs_queues]
+  for_each                = toset([module.sqs_queues.main_queue_arn, module.sqs_queues.sales_email_queue_arn])
+  batch_size              = 5
+  event_source_arn        = each.key
+  function_name           = module.lambdas.core_sqs_consumer_lambda_arn
+  function_response_types = ["ReportBatchItemFailures"]
+}
+
 
 // This section last: moved records into modules
 moved {
diff --git a/terraform/modules/lambdas/main.tf b/terraform/modules/lambdas/main.tf
@@ -18,8 +18,9 @@ locals {
     entra  = aws_iam_policy.entra_policy.arn
   }
   sqs_policies = {
-    sqs    = aws_iam_policy.sqs_policy.arn
-    shared = aws_iam_policy.shared_iam_policy.arn
+    sqs     = aws_iam_policy.sqs_policy.arn
+    shared  = aws_iam_policy.shared_iam_policy.arn
+    managed = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole"
   }
   api_policies = {
     api    = aws_iam_policy.api_only_policy.arn
@@ -45,13 +46,6 @@ resource "aws_iam_role" "api_role" {
         Principal = {
           Service = "lambda.amazonaws.com"
         },
-        Condition = {
-          ArnLike = {
-            "AWS:SourceArn" = [
-              "arn:aws:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:${local.core_api_lambda_name}"
-            ]
-          }
-        }
       },
     ]
   })
@@ -67,13 +61,6 @@ resource "aws_iam_role" "sqs_consumer_role" {
         Effect = "Allow"
         Principal = {
           Service = "lambda.amazonaws.com"
-        },
-        Condition = {
-          ArnLike = {
-            "AWS:SourceArn" = [
-              "arn:aws:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:${local.core_sqs_consumer_lambda_name}"
-            ]
-          }
         }
       },
     ]
@@ -386,6 +373,11 @@ output "core_api_lambda_name" {
   value = local.core_api_lambda_name
 }
 
+output "core_sqs_consumer_lambda_arn" {
+  value = aws_lambda_function.sqs_lambda.arn
+}
+
+
 output "core_sqs_consumer_lambda_name" {
   value = local.core_sqs_consumer_lambda_name
 }
diff --git a/terraform/modules/sqs/main.tf b/terraform/modules/sqs/main.tf
@@ -30,14 +30,6 @@ resource "aws_sqs_queue" "sales_email_queue" {
   })
 }
 
-resource "aws_lambda_event_source_mapping" "queue_consumer" {
-  for_each                = toset([aws_sqs_queue.app_queue.arn, aws_sqs_queue.sales_email_queue.arn])
-  batch_size              = 5
-  event_source_arn        = each.key
-  function_name           = var.core_sqs_consumer_lambda_name
-  function_response_types = ["ReportBatchItemFailures"]
-}
-
 output "main_queue_arn" {
   description = "Main Queue Arn"
   value       = aws_sqs_queue.app_queue.arn
