Skip to content

Commit 81cf34f

Browse files
authored
CCM-13295: Ingest reporting metadata into Glue table (#199)
* CCM-13295: Add a scheduled state machine to refresh Glue table metadata * CCM-13295: Add reasonCode and reasonText fields to the event_record table * CCM-13295: Add source conditions to all SQS queue IAM policies allowing EventBridge * CCM-13295: Add a component test for report-event-transformer lambda * CCM-13295: Increase CI workflow's unit test job timeout
1 parent 2befc1a commit 81cf34f

22 files changed

+475
-19
lines changed

.github/workflows/stage-2-test.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -89,7 +89,7 @@ jobs:
8989
test-unit:
9090
name: "Unit tests"
9191
runs-on: ubuntu-latest
92-
timeout-minutes: 5
92+
timeout-minutes: 7
9393
permissions:
9494
contents: read
9595
packages: read

infrastructure/terraform/components/dl/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ No requirements.
3232
| <a name="input_log_level"></a> [log\_level](#input\_log\_level) | The log level to be used in lambda functions within the component. Any log with a lower severity than the configured value will not be logged: https://docs.python.org/3/library/logging.html#levels | `string` | `"INFO"` | no |
3333
| <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite | `number` | `0` | no |
3434
| <a name="input_mesh_poll_schedule"></a> [mesh\_poll\_schedule](#input\_mesh\_poll\_schedule) | Schedule to poll MESH for messages | `string` | `"rate(5 minutes)"` | no |
35+
| <a name="input_metadata_refresh_schedule"></a> [metadata\_refresh\_schedule](#input\_metadata\_refresh\_schedule) | Schedule for refreshing reporting metadata. | `string` | `"cron(10 6-22 * * ? *)"` | no |
3536
| <a name="input_parent_acct_environment"></a> [parent\_acct\_environment](#input\_parent\_acct\_environment) | Name of the environment responsible for the acct resources used, affects things like DNS zone. Useful for named dev environments | `string` | `"main"` | no |
3637
| <a name="input_pdm_mock_access_token"></a> [pdm\_mock\_access\_token](#input\_pdm\_mock\_access\_token) | Mock access token for PDM API authentication (used in local/dev environments) | `string` | `"mock-pdm-token"` | no |
3738
| <a name="input_pdm_use_non_mock_token"></a> [pdm\_use\_non\_mock\_token](#input\_pdm\_use\_non\_mock\_token) | Whether to use the shared APIM access token from SSM (/component/environment/apim/access\_token) instead of the mock token | `bool` | `false` | no |
Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
resource "aws_cloudwatch_metric_alarm" "metadata_refresh_executions_aborted" {
2+
alarm_name = "${local.csi}-metadata-refresh-execution-aborted"
3+
comparison_operator = "GreaterThanOrEqualToThreshold"
4+
evaluation_periods = 1
5+
metric_name = "ExecutionsAborted"
6+
namespace = "AWS/States"
7+
period = 60
8+
statistic = "Sum"
9+
threshold = 1
10+
alarm_description = "This metric monitors aborted step function executions"
11+
treat_missing_data = "notBreaching"
12+
13+
dimensions = {
14+
StateMachineArn = aws_sfn_state_machine.metadata_refresh.arn
15+
}
16+
}
Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
resource "aws_cloudwatch_metric_alarm" "metadata_refresh_executions_failed" {
2+
alarm_name = "${local.csi}-metadata-refresh-executions-failed"
3+
comparison_operator = "GreaterThanOrEqualToThreshold"
4+
evaluation_periods = 1
5+
metric_name = "ExecutionsFailed"
6+
namespace = "AWS/States"
7+
period = 60
8+
statistic = "Sum"
9+
threshold = 1
10+
alarm_description = "This metric monitors failed step function executions"
11+
treat_missing_data = "notBreaching"
12+
13+
dimensions = {
14+
StateMachineArn = aws_sfn_state_machine.metadata_refresh.arn
15+
}
16+
}
Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
resource "aws_cloudwatch_metric_alarm" "metadata_refresh_executions_timedout" {
2+
alarm_name = "${local.csi}-metadata-refresh-executions-timedout"
3+
comparison_operator = "GreaterThanOrEqualToThreshold"
4+
evaluation_periods = 1
5+
metric_name = "ExecutionsTimedOut"
6+
namespace = "AWS/States"
7+
period = 60
8+
statistic = "Sum"
9+
threshold = 1
10+
alarm_description = "This metric monitors step function execution timeouts"
11+
treat_missing_data = "notBreaching"
12+
13+
dimensions = {
14+
StateMachineArn = aws_sfn_state_machine.metadata_refresh.arn
15+
}
16+
}

infrastructure/terraform/components/dl/glue_catalog_table_event_record.tf

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,14 @@ resource "aws_glue_catalog_table" "event_record" {
2424
name = "pagecount"
2525
type = "int"
2626
}
27+
columns {
28+
name = "reasoncode"
29+
type = "string"
30+
}
31+
columns {
32+
name = "reasontext"
33+
type = "string"
34+
}
2735
columns {
2836
name = "supplierid"
2937
type = "string"

infrastructure/terraform/components/dl/module_sqs_mesh_acknowledge.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,5 +34,11 @@ data "aws_iam_policy_document" "sqs_mesh_acknowledge" {
3434
resources = [
3535
"arn:aws:sqs:${var.region}:${var.aws_account_id}:${local.csi}-mesh-acknowledge-queue"
3636
]
37+
38+
condition {
39+
test = "ArnLike"
40+
variable = "aws:SourceArn"
41+
values = [aws_cloudwatch_event_rule.mesh_inbox_message_downloaded.arn]
42+
}
3743
}
3844
}

infrastructure/terraform/components/dl/module_sqs_mesh_download.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,5 +34,11 @@ data "aws_iam_policy_document" "sqs_mesh_download" {
3434
resources = [
3535
"arn:aws:sqs:${var.region}:${var.aws_account_id}:${local.csi}-mesh-download-queue"
3636
]
37+
38+
condition {
39+
test = "ArnLike"
40+
variable = "aws:SourceArn"
41+
values = [aws_cloudwatch_event_rule.mesh_inbox_message_received.arn]
42+
}
3743
}
3844
}

infrastructure/terraform/components/dl/module_sqs_pdm_poll.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,5 +31,11 @@ data "aws_iam_policy_document" "sqs_pdm_poll" {
3131
resources = [
3232
"arn:aws:sqs:${var.region}:${var.aws_account_id}:${local.csi}-pdm-poll-queue"
3333
]
34+
35+
condition {
36+
test = "ArnLike"
37+
variable = "aws:SourceArn"
38+
values = [aws_cloudwatch_event_rule.pdm_resource_submitted.arn, aws_cloudwatch_event_rule.pdm_resource_unavailable.arn]
39+
}
3440
}
3541
}

infrastructure/terraform/components/dl/module_sqs_pdm_uploader.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,5 +34,11 @@ data "aws_iam_policy_document" "sqs_pdm_uploader" {
3434
resources = [
3535
"arn:aws:sqs:${var.region}:${var.aws_account_id}:${local.csi}-pdm-uploader-queue"
3636
]
37+
38+
condition {
39+
test = "ArnLike"
40+
variable = "aws:SourceArn"
41+
values = [aws_cloudwatch_event_rule.mesh_inbox_message_downloaded.arn]
42+
}
3743
}
3844
}

0 commit comments

Comments
 (0)