diff --git a/.github/workflows/deploy-qa.yml b/.github/workflows/deploy-qa.yml index 7442c446..c46802e1 100644 --- a/.github/workflows/deploy-qa.yml +++ b/.github/workflows/deploy-qa.yml @@ -130,11 +130,11 @@ jobs: - uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::427040638965:role/GitHubActionsRole - role-session-name: Core_Dev_Deployment_${{ github.run_id }} + role-session-name: Core_QA_Deployment_${{ github.run_id }} aws-region: us-east-1 - name: Publish to AWS - run: make deploy_dev + run: make deploy_qa env: HUSKY: "0" VITE_RUN_ENVIRONMENT: dev diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1d491908..ed2623e0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,7 +14,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::427040638965:role/GitHubActionsRole - role-session-name: Core_Dev_Deployment + role-session-name: Core_QA_Deployment aws-region: us-east-1 - name: Get AWS Caller Identity diff --git a/Makefile b/Makefile index 0d9dd6a4..e90169ff 100644 --- a/Makefile +++ b/Makefile @@ -10,16 +10,6 @@ GIT_HASH := $(shell git rev-parse --short HEAD) .PHONY: clean -check_account_prod: -ifneq ($(current_aws_account),$(prod_aws_account)) - $(error Error: running in account $(current_aws_account), expected account ID $(prod_aws_account)) -endif - -check_account_dev: -ifneq ($(current_aws_account),$(dev_aws_account)) - $(error Error: running in account $(current_aws_account), expected account ID $(dev_aws_account)) -endif - clean: rm -rf .aws-sam @@ -55,15 +45,19 @@ build: src/ local: VITE_BUILD_HASH=$(GIT_HASH) yarn run dev -deploy_prod: check_account_prod +deploy_prod: @echo "Deploying Terraform..." terraform -chdir=terraform/envs/prod init -lockfile=readonly - terraform -chdir=terraform/envs/prod apply -auto-approve + terraform -chdir=terraform/envs/prod plan -out=tfplan + terraform -chdir=terraform/envs/prod apply -auto-approve tfplan + rm terraform/envs/prod/tfplan -deploy_dev: check_account_dev +deploy_qa: @echo "Deploying Terraform..." terraform -chdir=terraform/envs/qa init -lockfile=readonly - terraform -chdir=terraform/envs/qa apply -auto-approve + terraform -chdir=terraform/envs/qa plan -out=tfplan + terraform -chdir=terraform/envs/qa apply -auto-approve tfplan + rm terraform/envs/qa/tfplan init_terraform: terraform -chdir=terraform/envs/qa init diff --git a/src/api/README.md b/src/api/README.md index 5df3f0bb..3f1df96d 100644 --- a/src/api/README.md +++ b/src/api/README.md @@ -5,7 +5,6 @@ 2. Enable Tailscale VPN so you can reach the development database in AWS 3. Log into AWS with `aws configure sso` so you can retrieve the AWS secret and configuration. 4. `yarn -D` -5. `make check_account_dev` - If this fails make sure that AWS is configured. 6. `make local` ## Build for AWS Lambda @@ -16,7 +15,7 @@ 1. Get AWS credentials with `aws configure sso` 2. Ensure AWS profile is set to the right account (QA or PROD). -3. Run `make deploy_dev` or `make deploy_prod`. +3. Run `make deploy_qa` or `make deploy_prod`. ## Generating JWT token diff --git a/src/api/routes/apiKey.ts b/src/api/routes/apiKey.ts index b03d21b9..62667dbc 100644 --- a/src/api/routes/apiKey.ts +++ b/src/api/routes/apiKey.ts @@ -126,6 +126,7 @@ If you did not create this API key, please secure your account and notify the AC new SendMessageCommand({ QueueUrl: fastify.environmentConfig.SqsQueueUrl, MessageBody: JSON.stringify(sqsPayload), + MessageGroupId: "securityNotification", }), ); if (result.MessageId) { @@ -228,6 +229,7 @@ If you did not delete this API key, please secure your account and notify the AC new SendMessageCommand({ QueueUrl: fastify.environmentConfig.SqsQueueUrl, MessageBody: JSON.stringify(sqsPayload), + MessageGroupId: "securityNotification", }), ); if (result.MessageId) { diff --git a/src/api/routes/membership.ts b/src/api/routes/membership.ts index d13db232..c8ff2304 100644 --- a/src/api/routes/membership.ts +++ b/src/api/routes/membership.ts @@ -459,6 +459,7 @@ const membershipPlugin: FastifyPluginAsync = async (fastify, _options) => { new SendMessageCommand({ QueueUrl: fastify.environmentConfig.SqsQueueUrl, MessageBody: JSON.stringify(sqsPayload), + MessageGroupId: "membershipProvisioning", }), ); if (!result.MessageId) { diff --git a/src/api/routes/mobileWallet.ts b/src/api/routes/mobileWallet.ts index 0b730144..802cb03c 100644 --- a/src/api/routes/mobileWallet.ts +++ b/src/api/routes/mobileWallet.ts @@ -79,6 +79,7 @@ const mobileWalletRoute: FastifyPluginAsync = async (fastify, _options) => { new SendMessageCommand({ QueueUrl: fastify.environmentConfig.SqsQueueUrl, MessageBody: JSON.stringify(sqsPayload), + MessageGroupId: "mobileWalletNotification", }), ); if (!result.MessageId) { diff --git a/src/api/routes/roomRequests.ts b/src/api/routes/roomRequests.ts index 18463f8f..41023035 100644 --- a/src/api/routes/roomRequests.ts +++ b/src/api/routes/roomRequests.ts @@ -160,6 +160,7 @@ const roomRequestRoutes: FastifyPluginAsync = async (fastify, _options) => { new SendMessageCommand({ QueueUrl: fastify.environmentConfig.SqsQueueUrl, MessageBody: JSON.stringify(sqsPayload), + MessageGroupId: "roomReservationNotification", }), ); if (!result.MessageId) { @@ -388,6 +389,7 @@ const roomRequestRoutes: FastifyPluginAsync = async (fastify, _options) => { new SendMessageCommand({ QueueUrl: fastify.environmentConfig.SqsQueueUrl, MessageBody: JSON.stringify(sqsPayload), + MessageGroupId: "roomReservationNotification", }), ); if (!result.MessageId) { diff --git a/src/api/routes/stripe.ts b/src/api/routes/stripe.ts index d11fe029..ae59a1a0 100644 --- a/src/api/routes/stripe.ts +++ b/src/api/routes/stripe.ts @@ -434,6 +434,7 @@ Please ask the payee to try again, perhaps with a different payment method, or c new SendMessageCommand({ QueueUrl: fastify.environmentConfig.SqsQueueUrl, MessageBody: JSON.stringify(sqsPayload), + MessageGroupId: "invoiceNotification", }), ); queueId = result.MessageId || ""; @@ -588,6 +589,7 @@ Please contact Officer Board with any questions. new SendMessageCommand({ QueueUrl: fastify.environmentConfig.SqsQueueUrl, MessageBody: JSON.stringify(sqsPayload), + MessageGroupId: "invoiceNotification", }), ); queueId = result.MessageId || ""; @@ -636,6 +638,7 @@ Please contact Officer Board with any questions.`, new SendMessageCommand({ QueueUrl: fastify.environmentConfig.SqsQueueUrl, MessageBody: JSON.stringify(sqsPayload), + MessageGroupId: "invoiceNotification", }), ); queueId = result.MessageId || ""; diff --git a/terraform/envs/prod/.terraform.lock.hcl b/terraform/envs/prod/.terraform.lock.hcl index 55b30cd5..f0b38584 100644 --- a/terraform/envs/prod/.terraform.lock.hcl +++ b/terraform/envs/prod/.terraform.lock.hcl @@ -25,29 +25,29 @@ provider "registry.terraform.io/hashicorp/archive" { } provider "registry.terraform.io/hashicorp/aws" { - version = "5.100.0" - constraints = "~> 5.92" + version = "6.7.0" + constraints = "~> 6.7.0" hashes = [ - "h1:H3mU/7URhP0uCRGK8jeQRKxx2XFzEqLiOq/L2Bbiaxs=", - "h1:Ijt7pOlB7Tr7maGQIqtsLFbl7pSMIj06TVdkoSBcYOw=", - "h1:edXOJWE4ORX8Fm+dpVpICzMZJat4AX0VRCAy/xkcOc0=", - "h1:hd45qFU5cFuJMpFGdUniU9mVIr5LYVWP1uMeunBpYYs=", - "h1:wOhTPz6apLBuF7/FYZuCoXRK/MLgrNprZ3vXmq83g5k=", - "zh:054b8dd49f0549c9a7cc27d159e45327b7b65cf404da5e5a20da154b90b8a644", - "zh:0b97bf8d5e03d15d83cc40b0530a1f84b459354939ba6f135a0086c20ebbe6b2", - "zh:1589a2266af699cbd5d80737a0fe02e54ec9cf2ca54e7e00ac51c7359056f274", - "zh:6330766f1d85f01ae6ea90d1b214b8b74cc8c1badc4696b165b36ddd4cc15f7b", - "zh:7c8c2e30d8e55291b86fcb64bdf6c25489d538688545eb48fd74ad622e5d3862", - "zh:99b1003bd9bd32ee323544da897148f46a527f622dc3971af63ea3e251596342", + "h1:FmriT5DaLjFWBHd8xlo3OAHtWemO59NNIawdVt76VZ8=", + "h1:MR1e3FM/ZMHBaUOsLJu2XIjkbogmh5q5IV/N73zGX14=", + "h1:XQPR/o69QNJ0tmp1QQcTFyViXQCiPAXL19Hu8ymGUeQ=", + "h1:ihptD9d0JwwluR3T5bLkLMEo9n6iaP5k2LA3f9REuFQ=", + "h1:vISrEI1xUh0w7NXTQ9m6ZEnQ1dv02yy+EJvxW78DAoI=", + "zh:3c0a256f813e5e2c1e1aa137204ad9168ebe487f6cee874af9e9c78eb300568e", + "zh:3c49dd75ea28395b29ba259988826b956c8adf6c0b59dd8874feb4f47bad976a", + "zh:3e6e3e3bfc6594f4f9e2c017ee588c5fcad394b87dd0b68a3f37cd66001f3c8c", + "zh:3f9b55826eeebf9b2ed448fc111d772c703e1edc6678e1bb646e66f3c3f9308f", + "zh:44e4ced936045ddc42d22c653a6427e7eb2b7aee918dff8438da0cb40996beb4", + "zh:474ab4d63918f41e8ea1cef43aeb1c719629dbf289db175c95de1431a8853ae7", + "zh:71b9e1d82c5ccc8d9bf72b3712c2b90722fc1f35a0f0f7a9557b9ee01971e6e2", + "zh:7723256d6ccc55f4000d1df8db202b02b30a7d917f5d31624c717e14ba15ea95", + "zh:82174836faa830aff0e47ea61d4cfbb5c97e1e944b1978f1d933acd37f584c88", + "zh:8e62fdc10206ba7232eec991e5a387378f2fbe47cc717b7f60eeb1df2c974514", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f8b909d3ec50ade83c8062290378b1ec553edef6a447c56dadc01a99f4eaa93", - "zh:aaef921ff9aabaf8b1869a86d692ebd24fbd4e12c21205034bb679b9caf883a2", - "zh:ac882313207aba00dd5a76dbd572a0ddc818bb9cbf5c9d61b28fe30efaec951e", - "zh:bb64e8aff37becab373a1a0cc1080990785304141af42ed6aa3dd4913b000421", - "zh:dfe495f6621df5540d9c92ad40b8067376350b005c637ea6efac5dc15028add4", - "zh:f0ddf0eaf052766cfe09dea8200a946519f653c384ab4336e2a4a64fdd6310e9", - "zh:f1b7e684f4c7ae1eed272b6de7d2049bb87a0275cb04dbb7cda6636f600699c9", - "zh:ff461571e3f233699bf690db319dfe46aec75e58726636a0d97dd9ac6e32fb70", + "zh:be24dd2d53b224d7098e75ca432746e3420ce071189eea100aa8cbcd2498d389", + "zh:d27651d0e458933127ddca35a833e1a0f0ff0c131391288b3239763a2fd8f96f", + "zh:d33c181fff1b96bf8366e6c3d92408370b21649291e8f4d1f7e9a3fbb920fc9d", + "zh:edc0a0a84f85036c6d3df29d09557bd43206d9ee57b10542b484050f0f34d242", ] } diff --git a/terraform/envs/prod/main.tf b/terraform/envs/prod/main.tf index a29963cd..51fa8185 100644 --- a/terraform/envs/prod/main.tf +++ b/terraform/envs/prod/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.92" + version = "~> 6.7.0" } } @@ -18,7 +18,8 @@ terraform { provider "aws" { - region = "us-east-1" + allowed_account_ids = ["298118738376"] + region = "us-east-1" default_tags { tags = { project = var.ProjectId @@ -31,7 +32,11 @@ data "aws_caller_identity" "current" {} data "aws_region" "current" {} locals { - bucket_prefix = "${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}" + bucket_prefix = "${data.aws_caller_identity.current.account_id}-${data.aws_region.current.region}" + queue_arns = { + main = module.sqs_queues.main_queue_arn + sqs = module.sqs_queues.sales_email_queue_arn + } } module "sqs_queues" { @@ -41,7 +46,7 @@ module "sqs_queues" { } module "lambda_warmer" { - source = "github.com/acm-uiuc/terraform-modules/lambda-warmer?ref=v0.1.1" + source = "github.com/acm-uiuc/terraform-modules/lambda-warmer?ref=v1.0.0" function_to_warm = module.lambdas.core_api_lambda_name } module "dynamo" { @@ -95,7 +100,7 @@ module "frontend" { resource "aws_lambda_event_source_mapping" "queue_consumer" { depends_on = [module.lambdas, module.sqs_queues] - for_each = toset([module.sqs_queues.main_queue_arn, module.sqs_queues.sales_email_queue_arn]) + for_each = local.queue_arns batch_size = 5 event_source_arn = each.key function_name = module.lambdas.core_sqs_consumer_lambda_arn diff --git a/terraform/envs/qa/.terraform.lock.hcl b/terraform/envs/qa/.terraform.lock.hcl index 55b30cd5..f0b38584 100644 --- a/terraform/envs/qa/.terraform.lock.hcl +++ b/terraform/envs/qa/.terraform.lock.hcl @@ -25,29 +25,29 @@ provider "registry.terraform.io/hashicorp/archive" { } provider "registry.terraform.io/hashicorp/aws" { - version = "5.100.0" - constraints = "~> 5.92" + version = "6.7.0" + constraints = "~> 6.7.0" hashes = [ - "h1:H3mU/7URhP0uCRGK8jeQRKxx2XFzEqLiOq/L2Bbiaxs=", - "h1:Ijt7pOlB7Tr7maGQIqtsLFbl7pSMIj06TVdkoSBcYOw=", - "h1:edXOJWE4ORX8Fm+dpVpICzMZJat4AX0VRCAy/xkcOc0=", - "h1:hd45qFU5cFuJMpFGdUniU9mVIr5LYVWP1uMeunBpYYs=", - "h1:wOhTPz6apLBuF7/FYZuCoXRK/MLgrNprZ3vXmq83g5k=", - "zh:054b8dd49f0549c9a7cc27d159e45327b7b65cf404da5e5a20da154b90b8a644", - "zh:0b97bf8d5e03d15d83cc40b0530a1f84b459354939ba6f135a0086c20ebbe6b2", - "zh:1589a2266af699cbd5d80737a0fe02e54ec9cf2ca54e7e00ac51c7359056f274", - "zh:6330766f1d85f01ae6ea90d1b214b8b74cc8c1badc4696b165b36ddd4cc15f7b", - "zh:7c8c2e30d8e55291b86fcb64bdf6c25489d538688545eb48fd74ad622e5d3862", - "zh:99b1003bd9bd32ee323544da897148f46a527f622dc3971af63ea3e251596342", + "h1:FmriT5DaLjFWBHd8xlo3OAHtWemO59NNIawdVt76VZ8=", + "h1:MR1e3FM/ZMHBaUOsLJu2XIjkbogmh5q5IV/N73zGX14=", + "h1:XQPR/o69QNJ0tmp1QQcTFyViXQCiPAXL19Hu8ymGUeQ=", + "h1:ihptD9d0JwwluR3T5bLkLMEo9n6iaP5k2LA3f9REuFQ=", + "h1:vISrEI1xUh0w7NXTQ9m6ZEnQ1dv02yy+EJvxW78DAoI=", + "zh:3c0a256f813e5e2c1e1aa137204ad9168ebe487f6cee874af9e9c78eb300568e", + "zh:3c49dd75ea28395b29ba259988826b956c8adf6c0b59dd8874feb4f47bad976a", + "zh:3e6e3e3bfc6594f4f9e2c017ee588c5fcad394b87dd0b68a3f37cd66001f3c8c", + "zh:3f9b55826eeebf9b2ed448fc111d772c703e1edc6678e1bb646e66f3c3f9308f", + "zh:44e4ced936045ddc42d22c653a6427e7eb2b7aee918dff8438da0cb40996beb4", + "zh:474ab4d63918f41e8ea1cef43aeb1c719629dbf289db175c95de1431a8853ae7", + "zh:71b9e1d82c5ccc8d9bf72b3712c2b90722fc1f35a0f0f7a9557b9ee01971e6e2", + "zh:7723256d6ccc55f4000d1df8db202b02b30a7d917f5d31624c717e14ba15ea95", + "zh:82174836faa830aff0e47ea61d4cfbb5c97e1e944b1978f1d933acd37f584c88", + "zh:8e62fdc10206ba7232eec991e5a387378f2fbe47cc717b7f60eeb1df2c974514", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f8b909d3ec50ade83c8062290378b1ec553edef6a447c56dadc01a99f4eaa93", - "zh:aaef921ff9aabaf8b1869a86d692ebd24fbd4e12c21205034bb679b9caf883a2", - "zh:ac882313207aba00dd5a76dbd572a0ddc818bb9cbf5c9d61b28fe30efaec951e", - "zh:bb64e8aff37becab373a1a0cc1080990785304141af42ed6aa3dd4913b000421", - "zh:dfe495f6621df5540d9c92ad40b8067376350b005c637ea6efac5dc15028add4", - "zh:f0ddf0eaf052766cfe09dea8200a946519f653c384ab4336e2a4a64fdd6310e9", - "zh:f1b7e684f4c7ae1eed272b6de7d2049bb87a0275cb04dbb7cda6636f600699c9", - "zh:ff461571e3f233699bf690db319dfe46aec75e58726636a0d97dd9ac6e32fb70", + "zh:be24dd2d53b224d7098e75ca432746e3420ce071189eea100aa8cbcd2498d389", + "zh:d27651d0e458933127ddca35a833e1a0f0ff0c131391288b3239763a2fd8f96f", + "zh:d33c181fff1b96bf8366e6c3d92408370b21649291e8f4d1f7e9a3fbb920fc9d", + "zh:edc0a0a84f85036c6d3df29d09557bd43206d9ee57b10542b484050f0f34d242", ] } diff --git a/terraform/envs/qa/main.tf b/terraform/envs/qa/main.tf index 3886e8da..415b57ac 100644 --- a/terraform/envs/qa/main.tf +++ b/terraform/envs/qa/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.92" + version = "~> 6.7.0" } } @@ -18,7 +18,8 @@ terraform { provider "aws" { - region = "us-east-1" + allowed_account_ids = ["427040638965"] + region = "us-east-1" default_tags { tags = { project = var.ProjectId @@ -30,9 +31,6 @@ provider "aws" { data "aws_caller_identity" "current" {} data "aws_region" "current" {} -locals { - bucket_prefix = "${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}" -} module "sqs_queues" { depends_on = [module.lambdas] @@ -40,6 +38,14 @@ module "sqs_queues" { resource_prefix = var.ProjectId core_sqs_consumer_lambda_name = module.lambdas.core_sqs_consumer_lambda_name } +locals { + bucket_prefix = "${data.aws_caller_identity.current.account_id}-${data.aws_region.current.region}" + queue_arns = { + main = module.sqs_queues.main_queue_arn + sqs = module.sqs_queues.sales_email_queue_arn + } +} + module "lambda_warmer" { source = "github.com/acm-uiuc/terraform-modules/lambda-warmer?ref=v0.1.1" @@ -122,9 +128,9 @@ resource "aws_route53_record" "linkry" { } resource "aws_lambda_event_source_mapping" "queue_consumer" { depends_on = [module.lambdas, module.sqs_queues] - for_each = toset([module.sqs_queues.main_queue_arn, module.sqs_queues.sales_email_queue_arn]) + for_each = local.queue_arns batch_size = 5 - event_source_arn = each.key + event_source_arn = each.value function_name = module.lambdas.core_sqs_consumer_lambda_arn function_response_types = ["ReportBatchItemFailures"] } diff --git a/terraform/modules/lambdas/main.tf b/terraform/modules/lambdas/main.tf index 6f1d9d30..4a2c15d8 100644 --- a/terraform/modules/lambdas/main.tf +++ b/terraform/modules/lambdas/main.tf @@ -101,8 +101,8 @@ resource "aws_iam_policy" "entra_policy" { Effect = "Allow", Action = ["secretsmanager:GetSecretValue"], Resource = [ - "arn:aws:secretsmanager:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-entra*", - "arn:aws:secretsmanager:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-ro-entra*" + "arn:aws:secretsmanager:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-entra*", + "arn:aws:secretsmanager:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-ro-entra*" ] } ] @@ -118,7 +118,7 @@ resource "aws_iam_policy" "api_only_policy" { Effect = "Allow", Action = ["sqs:SendMessage"], Resource = [ - "arn:aws:sqs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:${var.ProjectId}-*", + "arn:aws:sqs:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:${var.ProjectId}-*", ] } ] @@ -187,8 +187,8 @@ resource "aws_iam_policy" "shared_iam_policy" { Action = ["secretsmanager:GetSecretValue"], Effect = "Allow", Resource = [ - "arn:aws:secretsmanager:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-config*", - "arn:aws:secretsmanager:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-testing-credentials*" + "arn:aws:secretsmanager:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-config*", + "arn:aws:secretsmanager:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:secret:infra-core-api-testing-credentials*" ] }, { @@ -212,28 +212,28 @@ resource "aws_iam_policy" "shared_iam_policy" { ], Effect = "Allow", Resource = [ - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-events", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-events/index/*", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-merchstore-purchase-history", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-merchstore-purchase-history/index/*", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-events-tickets", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-events-ticketing-metadata", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-merchstore-metadata", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-iam-userroles", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-iam-grouproles", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-stripe-links", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-stripe-links/index/*", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-membership-provisioning", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-membership-provisioning/index/*", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-membership-external-v3", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-membership-external-v3/index/*", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-room-requests", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-room-requests/index/*", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-room-requests-status", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-room-requests-status/index/*", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-linkry", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-linkry/index/*", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-keys", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-events", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-events/index/*", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-merchstore-purchase-history", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-merchstore-purchase-history/index/*", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-events-tickets", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-events-ticketing-metadata", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-merchstore-metadata", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-iam-userroles", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-iam-grouproles", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-stripe-links", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-stripe-links/index/*", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-membership-provisioning", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-membership-provisioning/index/*", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-membership-external-v3", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-membership-external-v3/index/*", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-room-requests", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-room-requests/index/*", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-room-requests-status", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-room-requests-status/index/*", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-linkry", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-linkry/index/*", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-keys", ] }, @@ -250,7 +250,7 @@ resource "aws_iam_policy" "shared_iam_policy" { "dynamodb:UpdateItem" ], Resource = [ - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-cache", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-cache", ] }, { @@ -262,8 +262,8 @@ resource "aws_iam_policy" "shared_iam_policy" { "dynamodb:Query", ], Resource = [ - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-audit-log", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-audit-log/index/*", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-audit-log", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-audit-log/index/*", ] }, { @@ -276,8 +276,8 @@ resource "aws_iam_policy" "shared_iam_policy" { "dynamodb:ListStreams" ], Resource = [ - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-stripe-links/stream/*", - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-events/stream/*", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-stripe-links/stream/*", + "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-events/stream/*", ] }, {