ministryofjustice · besscerule · Jan 27, 2025 · Jan 27, 2025 · Jan 27, 2025 · Jan 28, 2025
@@ -0,0 +1,79 @@
+resource "aws_sns_topic_subscription" "cas-2-domain-events-queue-subscription" {
+  topic_arn = data.aws_sns_topic.hmpps-domain-events.arn
+  protocol  = "sqs"
+  endpoint  = module.cas-2-domain-events-queue.sqs_arn
+  filter_policy = jsonencode({
+    eventType = [
+      "offender-management.handover.changed",
+      "offender-management.allocation.changed"
+    ]
+  })
+}
+
+module "cas-2-domain-events-queue" {
+  source = "github.com/ministryofjustice/cloud-platform-terraform-sqs?ref=5.0.0"
+
+  # Queue configuration
+  sqs_name = "cas-2-domain-events-queue"
+  redrive_policy = jsonencode({
+    deadLetterTargetArn = module.cas-2-domain-events-dlq.sqs_arn
+    maxReceiveCount     = 3
+  })
+
+  # Tags
+  application            = "cas-2-domain-events"
+  business_unit          = var.business_unit
+  environment_name       = var.environment
+  infrastructure_support = var.infrastructure_support
+  is_production          = var.is_production
+  namespace              = var.namespace
+  team_name              = var.team_name # also used as queue name prefix
+}
+
+resource "aws_sqs_queue_policy" "cas-2-domain-events-queue-policy" {
+  queue_url = module.cas-2-domain-events-queue.sqs_id
+  policy    = data.aws_iam_policy_document.sns_to_sqs.json
+}
+
+module "cas-2-domain-events-dlq" {
+  source = "github.com/ministryofjustice/cloud-platform-terraform-sqs?ref=5.0.0"
+
+  # Queue configuration
+  sqs_name                  = "cas-2-domain-events-dlq"
+  message_retention_seconds = 7 * 24 * 3600 # 1 week
+
+  # Tags
+  business_unit          = var.business_unit
+  application            = "cas-2-domain-events"
+  is_production          = var.is_production
+  team_name              = var.team_name # also used as queue name prefix
+  namespace              = var.namespace
+  environment_name       = var.environment
+  infrastructure_support = var.infrastructure_support
+}
+
+resource "aws_sqs_queue_policy" "cas-2-domain-events-dlq-policy" {
+  queue_url = module.cas-2-domain-events-dlq.sqs_id
+  policy    = data.aws_iam_policy_document.sns_to_sqs.json
+}
+
+resource "kubernetes_secret" "cas-2-domain-events-queue-secret" {
+  metadata {
+    name      = "cas-2-domain-events-queue"
+    namespace = var.namespace
+  }
+  data = {
+    QUEUE_NAME = module.cas-2-domain-events-queue.sqs_name
+  }
+}
+
+resource "kubernetes_secret" "cas-2-domain-events-dlq-secret" {
+  metadata {
+    name      = "cas-2-domain-events-dlq"
+    namespace = var.namespace
+  }
+
+  data = {
+    QUEUE_NAME = module.cas-2-domain-events-dlq.sqs_name
+  }
+}
@@ -0,0 +1,25 @@
+data "aws_iam_policy_document" "sns_to_sqs" {
+  statement {
+    sid     = "DomainEventsToQueue"
+    effect  = "Allow"
+    actions = ["sqs:SendMessage"]
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    condition {
+      variable = "aws:SourceArn"
+      test     = "ArnEquals"
+      values   = [data.aws_ssm_parameter.hmpps-domain-events-topic-arn.value]
+    }
+    resources = ["*"]
+  }
+}
+
+data "aws_ssm_parameter" "hmpps-domain-events-topic-arn" {
+  name = "/hmpps-domain-events-dev/topic-arn"
+}
+
+data "aws_sns_topic" "hmpps-domain-events" {
+  name = "cloud-platform-Digital-Prison-Services-15b2b4a6af7714848baeaf5f41c85fcd"
+}
@@ -0,0 +1,83 @@
+resource "aws_sns_topic_subscription" "cas-2-domain-events-queue-subscription" {
+  topic_arn = data.aws_sns_topic.hmpps-domain-events.arn
+  protocol  = "sqs"
+  endpoint  = module.cas-2-domain-events-queue.sqs_arn
+  filter_policy = jsonencode({
+    eventType = [
+      "offender-management.handover.changed",
+      "offender-management.allocation.changed"
+    ]
+  })
+}
+
+module "cas-2-domain-events-queue" {
+  source = "github.com/ministryofjustice/cloud-platform-terraform-sqs?ref=5.0.0"
+
+  # Queue configuration
+  sqs_name = "cas-2-domain-events-queue"
+  redrive_policy = jsonencode({
+    deadLetterTargetArn = module.cas-2-domain-events-dlq.sqs_arn
+    maxReceiveCount     = 3
+  })
+
+  # Tags
+  application            = "cas-2-domain-events"
+  business_unit          = var.business_unit
+  environment_name       = var.environment
+  infrastructure_support = var.infrastructure_support
+  is_production          = var.is_production
+  namespace              = var.namespace
+  team_name              = var.team_name # also used as queue name prefix
+}
+
+resource "aws_sqs_queue_policy" "cas-2-domain-events-queue-policy" {
+  queue_url = module.cas-2-domain-events-queue.sqs_id
+  policy    = data.aws_iam_policy_document.sns_to_sqs.json
+}
+
+module "cas-2-domain-events-dlq" {
+  source = "github.com/ministryofjustice/cloud-platform-terraform-sqs?ref=5.0.0"
+
+  # Queue configuration
+  sqs_name                  = "cas-2-domain-events-dlq"
+  message_retention_seconds = 7 * 24 * 3600 # 1 week
+
+  # Tags
+  business_unit          = var.business_unit
+  application            = "cas-2-domain-events"
+  is_production          = var.is_production
+  team_name              = var.team_name # also used as queue name prefix
+  namespace              = var.namespace
+  environment_name       = var.environment
+  infrastructure_support = var.infrastructure_support
+}
+
+resource "aws_sqs_queue_policy" "cas-2-domain-events-dlq-policy" {
+  queue_url = module.cas-2-domain-events-dlq.sqs_id
+  policy    = data.aws_iam_policy_document.sns_to_sqs.json
+}
+
+resource "kubernetes_secret" "cas-2-domain-events-queue-secret" {
+  metadata {
+    name      = "cas-2-domain-events-queue"
+    namespace = var.namespace
+  }
+  data = {
+    QUEUE_NAME = module.cas-2-domain-events-queue.sqs_name
+  }
+}
+
+module "cas-2-domain-events-service-account" {
+  source                 = "github.com/ministryofjustice/cloud-platform-terraform-irsa?ref=2.0.0"
+  application            = var.application
+  business_unit          = var.business_unit
+  eks_cluster_name       = var.eks_cluster_name
+  environment_name       = var.environment
+  infrastructure_support = var.infrastructure_support
+  is_production          = var.is_production
+  namespace              = var.namespace
+  team_name              = var.team_name
+
+  service_account_name = "cas-2-domain-events"
+  role_policy_arns     = { sqs = module.cas-2-domain-events-queue.irsa_policy_arn }
+}
@@ -0,0 +1,25 @@
+data "aws_iam_policy_document" "sns_to_sqs" {
+  statement {
+    sid     = "DomainEventsToQueue"
+    effect  = "Allow"
+    actions = ["sqs:SendMessage"]
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    condition {
+      variable = "aws:SourceArn"
+      test     = "ArnEquals"
+      values   = [data.aws_ssm_parameter.hmpps-domain-events-topic-arn.value]
+    }
+    resources = ["*"]
+  }
+}
+
+data "aws_ssm_parameter" "hmpps-domain-events-topic-arn" {
+  name = "/hmpps-domain-events-preprod/topic-arn"
+}
+
+data "aws_sns_topic" "hmpps-domain-events" {
+  name = "cloud-platform-Digital-Prison-Services-15b2b4a6af7714848baeaf5f41c85fcd"
+}
@@ -0,0 +1,83 @@
+resource "aws_sns_topic_subscription" "cas-2-domain-events-queue-subscription" {
+  topic_arn = data.aws_sns_topic.hmpps-domain-events.arn
+  protocol  = "sqs"
+  endpoint  = module.cas-2-domain-events-queue.sqs_arn
+  filter_policy = jsonencode({
+    eventType = [
+      "offender-management.handover.changed",
+      "offender-management.allocation.changed"
+    ]
+  })
+}
+
+module "cas-2-domain-events-queue" {
+  source = "github.com/ministryofjustice/cloud-platform-terraform-sqs?ref=5.0.0"
+
+  # Queue configuration
+  sqs_name = "cas-2-domain-events-queue"
+  redrive_policy = jsonencode({
+    deadLetterTargetArn = module.cas-2-domain-events-dlq.sqs_arn
+    maxReceiveCount     = 3
+  })
+
+  # Tags
+  application            = "cas-2-domain-events"
+  business_unit          = var.business_unit
+  environment_name       = var.environment
+  infrastructure_support = var.infrastructure_support
+  is_production          = var.is_production
+  namespace              = var.namespace
+  team_name              = var.team_name # also used as queue name prefix
+}
+
+resource "aws_sqs_queue_policy" "cas-2-domain-events-queue-policy" {
+  queue_url = module.cas-2-domain-events-queue.sqs_id
+  policy    = data.aws_iam_policy_document.sns_to_sqs.json
+}
+
+module "cas-2-domain-events-dlq" {
+  source = "github.com/ministryofjustice/cloud-platform-terraform-sqs?ref=5.0.0"
+
+  # Queue configuration
+  sqs_name                  = "cas-2-domain-events-dlq"
+  message_retention_seconds = 7 * 24 * 3600 # 1 week
+
+  # Tags
+  business_unit          = var.business_unit
+  application            = "cas-2-domain-events"
+  is_production          = var.is_production
+  team_name              = var.team_name # also used as queue name prefix
+  namespace              = var.namespace
+  environment_name       = var.environment
+  infrastructure_support = var.infrastructure_support
+}
+
+resource "aws_sqs_queue_policy" "cas-2-domain-events-dlq-policy" {
+  queue_url = module.cas-2-domain-events-dlq.sqs_id
+  policy    = data.aws_iam_policy_document.sns_to_sqs.json
+}
+
+resource "kubernetes_secret" "cas-2-domain-events-queue-secret" {
+  metadata {
+    name      = "cas-2-domain-events-queue"
+    namespace = var.namespace
+  }
+  data = {
+    QUEUE_NAME = module.cas-2-domain-events-queue.sqs_name
+  }
+}
+
+module "cas-2-domain-events-service-account" {
+  source                 = "github.com/ministryofjustice/cloud-platform-terraform-irsa?ref=2.0.0"
+  application            = var.application
+  business_unit          = var.business_unit
+  eks_cluster_name       = var.eks_cluster_name
+  environment_name       = var.environment
+  infrastructure_support = var.infrastructure_support
+  is_production          = var.is_production
+  namespace              = var.namespace
+  team_name              = var.team_name
+
+  service_account_name = "cas-2-domain-events"
+  role_policy_arns     = { sqs = module.cas-2-domain-events-queue.irsa_policy_arn }
+}
@@ -0,0 +1,25 @@
+data "aws_iam_policy_document" "sns_to_sqs" {
+  statement {
+    sid     = "DomainEventsToQueue"
+    effect  = "Allow"
+    actions = ["sqs:SendMessage"]
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    condition {
+      variable = "aws:SourceArn"
+      test     = "ArnEquals"
+      values   = [data.aws_ssm_parameter.hmpps-domain-events-topic-arn.value]
+    }
+    resources = ["*"]
+  }
+}
+
+data "aws_ssm_parameter" "hmpps-domain-events-topic-arn" {
+  name = "/hmpps-domain-events-prod/topic-arn"
+}
+
+data "aws_sns_topic" "hmpps-domain-events" {
+  name = "cloud-platform-Digital-Prison-Services-15b2b4a6af7714848baeaf5f41c85fcd"
+}