CCM-16073 - Initial work on infra refactor

[rhyscoxnhs]

Description

Context

Type of changes

• Refactoring (non-breaking change)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would change existing functionality)
• Bug fix (non-breaking change which fixes an issue)

Checklist

• I am familiar with the contributing guidelines
• I have followed the code style of the project
• I have added tests to cover my changes
• I have updated the documentation accordingly
• This PR is a result of pair or mob programming

---

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

• I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

[Copilot]

Pull request overview

This PR starts moving the callbacks stack onto the new infra naming/layout by splitting the shared cb resources from per-client cbc resources, and by replacing the applications map’s SSM storage with S3-backed storage across the CLI, Lambda, tests, and Terraform.

Changes:

• Replaced SSM-based applications-map readers/writers with S3-based implementations in the management tool and https-client-lambda.
• Updated Terraform and test helpers to use the new cb/cbc component split, shared account-level S3 buckets, and new client resource naming.
• Updated perf/integration tooling and tests for the new queue/log-group prefixes.

Reviewed changes

Copilot reviewed 54 out of 55 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
tools/client-subscriptions-management/src/repository/ssm-applications-map.ts	Removed old SSM-backed applications map repository.
tools/client-subscriptions-management/src/repository/s3-applications-map.ts	Added S3-backed applications map repository implementation.
tools/client-subscriptions-management/src/entrypoint/cli/helper.ts	Switched CLI helpers/options from SSM parameter inputs to S3 bucket/key inputs.
tools/client-subscriptions-management/src/entrypoint/cli/applications-map-get.ts	Updated get command to use the async S3 repository factory.
tools/client-subscriptions-management/src/entrypoint/cli/applications-map-add.ts	Updated add command/messages to use S3-backed storage.
tools/client-subscriptions-management/src/aws.ts	Reworked AWS helpers for new bucket naming and S3 applications-map location resolution.
tools/client-subscriptions-management/src/__tests__/repository/s3-applications-map.test.ts	Replaced repository tests with S3 variants.
tools/client-subscriptions-management/src/__tests__/entrypoint/cli/applications-map-get.test.ts	Updated CLI tests for S3 bucket/key args.
tools/client-subscriptions-management/src/__tests__/entrypoint/cli/applications-map-add.test.ts	Updated add-command tests for S3 behavior/messages.
tools/client-subscriptions-management/src/__tests__/aws.test.ts	Updated AWS helper tests for new bucket/key derivation logic.
tools/client-subscriptions-management/package.json	Removed SSM dependency and added Smithy test typings.
tests/test-support/helpers/deployment.ts	Added separate clientComponent alongside renamed component defaults.
tests/integration/metrics.test.ts	Switched client log lookup to the new client log-group helper.
tests/integration/helpers/test-context.ts	Added clientLogGroup helper for cbc Lambda log groups.
tests/integration/helpers/sqs.ts	Updated client queue URL builders to use clientComponent.
tests/integration/delivery-resilience.test.ts	Updated resilience tests to use client log groups.
scripts/tests/integration-local.sh	Changed local integration default component prefix to cb.
scripts/tests/integration-debug.sh	Updated debug helpers for split cb/cbc prefixes.
pnpm-workspace.yaml	Removed SSM catalog entry and added @smithy/types.
pnpm-lock.yaml	Reflected dependency changes in lockfile.
lambdas/perf-runner-lambda/src/types.ts	Added optional delivery queue URL prefix dependency.
lambdas/perf-runner-lambda/src/runner.ts	Passed delivery queue prefix into purge URL derivation.
lambdas/perf-runner-lambda/src/purge.ts	Derived delivery queue URLs from a separate prefix when provided.
lambdas/perf-runner-lambda/src/index.ts	Read/passed the new DELIVERY_QUEUE_URL_PREFIX env var.
lambdas/perf-runner-lambda/src/__tests__/runner.test.ts	Updated runner tests for new prefixes and env values.
lambdas/perf-runner-lambda/src/__tests__/purge.test.ts	Added coverage for separate delivery queue prefixes.
lambdas/perf-runner-lambda/src/__tests__/index.test.ts	Updated handler tests for new env vars/prefixes.
lambdas/perf-runner-lambda/src/__tests__/cloudwatch.test.ts	Updated log-group naming expectations.
lambdas/https-client-lambda/src/services/ssm-applications-map.ts	Removed SSM-backed applications-map loader.
lambdas/https-client-lambda/src/services/applications-map.ts	Added S3-backed applications-map loader/cache.
lambdas/https-client-lambda/src/handler.ts	Switched handler import to the new applications-map service.
lambdas/https-client-lambda/src/__tests__/ssm-applications-map.test.ts	Removed old SSM service tests.
lambdas/https-client-lambda/src/__tests__/handler.test.ts	Updated handler mock import for the new service.
lambdas/https-client-lambda/src/__tests__/applications-map.test.ts	Added tests for S3-backed applications-map loading.
lambdas/https-client-lambda/package.json	Removed SSM dependency and added Smithy typings.
lambdas/client-transform-filter-lambda/src/__tests__/services/metrics.test.ts	Updated metrics namespace expectations.
infrastructure/terraform/modules/client-delivery/variables.tf	Replaced SSM map input with S3 bucket/key inputs and configurable config prefix.
infrastructure/terraform/modules/client-delivery/README.md	Updated module docs for new S3-backed inputs.
infrastructure/terraform/modules/client-delivery/module_https_client_lambda.tf	Wired new applications-map and config-prefix env vars into delivery Lambda.
infrastructure/terraform/modules/client-delivery/iam_role_sqs_target.tf	Replaced SSM read access with S3 object read access.
infrastructure/terraform/components/callbacks/variables.tf	Removed obsolete SSM/bucket variables.
infrastructure/terraform/components/callbacks/sync-client-config.sh	Switched config sync script to shared account bucket/prefix layout.
infrastructure/terraform/components/callbacks/ssm_parameter_applications_map.tf	Replaced SSM parameter with S3 object for applications map.
infrastructure/terraform/components/callbacks/s3_object_mtls_test_certs.tf	Moved mTLS test cert storage to shared bucket/prefixed keys.
infrastructure/terraform/components/callbacks/s3_object_client_config.tf	Added env-prefixed mock client config objects in shared bucket.
infrastructure/terraform/components/callbacks/s3_bucket_client_config.tf	Removed dedicated client-config bucket resources.
infrastructure/terraform/components/callbacks/README.md	Updated component docs for removed/renamed resources.
infrastructure/terraform/components/callbacks/module_transform_filter_lambda.tf	Switched transform filter to shared config bucket/prefix and cb naming.
infrastructure/terraform/components/callbacks/module_sqs_inbound_event.tf	Switched inbound queue resources to cb naming.
infrastructure/terraform/components/callbacks/module_perf_runner_lambda.tf	Updated perf runner env/permissions for split queue/log prefixes.
infrastructure/terraform/components/callbacks/module_mock_webhook_lambda.tf	Switched mock webhook module naming to cb.
infrastructure/terraform/components/callbacks/module_kms.tf	Switched KMS naming to cb.
infrastructure/terraform/components/callbacks/module_client_delivery.tf	Switched per-client delivery module to cbc and shared S3 locations.
infrastructure/terraform/components/callbacks/locals.tf	Added new component locals and shared bucket/key lookups.
infrastructure/terraform/components/callbacks/locals_tfscaffold.tf	Switched tfscaffold-derived names to the new cb component local.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[mjewildnhs]

Approved - 1 should do and 1 nice to do