diff --git a/.tool-versions b/.tool-versions
index 4ca52a65..f098ca89 100644
--- a/.tool-versions
+++ b/.tool-versions
@@ -5,7 +5,7 @@ nodejs 24.14.1
pnpm 10.33.0
pre-commit 3.6.0
ruby 3.3.6
-terraform 1.10.1
+terraform 1.14.3
terraform-docs 0.19.0
#trivy 0.61.0 - TODO - Re-visit Trivy usage https://nhsd-jira.digital.nhs.uk/browse/CCM-15549
vale 3.6.0
diff --git a/infrastructure/terraform/components/callbacks/.tool-versions b/infrastructure/terraform/components/callbacks/.tool-versions
index 3dd74c72..52428ded 100644
--- a/infrastructure/terraform/components/callbacks/.tool-versions
+++ b/infrastructure/terraform/components/callbacks/.tool-versions
@@ -1 +1 @@
-terraform 1.10.1
+terraform 1.14.3
diff --git a/infrastructure/terraform/components/callbacks/README.md b/infrastructure/terraform/components/callbacks/README.md
index b1587725..ad7f496e 100644
--- a/infrastructure/terraform/components/callbacks/README.md
+++ b/infrastructure/terraform/components/callbacks/README.md
@@ -15,7 +15,6 @@
|------|-------------|------|---------|:--------:|
| [applications\_map\_parameter\_name](#input\_applications\_map\_parameter\_name) | SSM Parameter Store path for the clientId-to-applicationData map, where applicationData is currently only the applicationId | `string` | `null` | no |
| [aws\_account\_id](#input\_aws\_account\_id) | The AWS Account ID (numeric) | `string` | n/a | yes |
-| [component](#input\_component) | The variable encapsulating the name of this component | `string` | `"callbacks"` | no |
| [default\_tags](#input\_default\_tags) | A map of default tags to apply to all taggable resources within the component | `map(string)` | `{}` | no |
| [deploy\_mock\_clients](#input\_deploy\_mock\_clients) | Flag to deploy mock webhook lambda for integration testing (test/dev environments only) | `bool` | `false` | no |
| [enable\_event\_anomaly\_detection](#input\_enable\_event\_anomaly\_detection) | Enable CloudWatch anomaly detection alarm for inbound event queue message reception | `bool` | `true` | no |
@@ -44,6 +43,7 @@
| Name | Source | Version |
|------|--------|---------|
+| [callback\_clients](#module\_callback\_clients) | ../../modules/callback-clients | n/a |
| [client\_config\_bucket](#module\_client\_config\_bucket) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.7/terraform-s3bucket.zip | n/a |
| [client\_destination](#module\_client\_destination) | ../../modules/client-destination | n/a |
| [client\_transform\_filter\_lambda](#module\_client\_transform\_filter\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.7/terraform-lambda.zip | n/a |
diff --git a/infrastructure/terraform/components/callbacks/locals.tf b/infrastructure/terraform/components/callbacks/locals.tf
index f4707154..dff65db0 100644
--- a/infrastructure/terraform/components/callbacks/locals.tf
+++ b/infrastructure/terraform/components/callbacks/locals.tf
@@ -62,5 +62,5 @@ locals {
}
]...)
- applications_map_parameter_name = coalesce(var.applications_map_parameter_name, "/${var.project}/${var.environment}/${var.component}/applications-map")
+ applications_map_parameter_name = coalesce(var.applications_map_parameter_name, "/${var.project}/${var.environment}/${local.component}/applications-map")
}
diff --git a/infrastructure/terraform/components/callbacks/locals_tfscaffold.tf b/infrastructure/terraform/components/callbacks/locals_tfscaffold.tf
index b7cf3217..4d68787a 100644
--- a/infrastructure/terraform/components/callbacks/locals_tfscaffold.tf
+++ b/infrastructure/terraform/components/callbacks/locals_tfscaffold.tf
@@ -1,4 +1,6 @@
locals {
+ component = "cb"
+
terraform_state_bucket = format(
"%s-tfscaffold-%s-%s",
var.project,
@@ -11,7 +13,7 @@ locals {
"%s-%s-%s",
var.project,
var.environment,
- var.component,
+ local.component,
),
"_",
"",
@@ -25,7 +27,7 @@ locals {
var.aws_account_id,
var.region,
var.environment,
- var.component,
+ local.component,
),
"_",
"",
@@ -36,7 +38,7 @@ locals {
{
Project = var.project
Environment = var.environment
- Component = var.component
+ Component = local.component
Group = var.group
Name = local.csi
},
diff --git a/infrastructure/terraform/components/callbacks/module_callback_clients.tf b/infrastructure/terraform/components/callbacks/module_callback_clients.tf
new file mode 100644
index 00000000..d0f83011
--- /dev/null
+++ b/infrastructure/terraform/components/callbacks/module_callback_clients.tf
@@ -0,0 +1,22 @@
+locals {
+ clients = toset(["alpha", "beta", "gamma"])
+}
+
+module "callback_clients" {
+ source = "../../modules/callback-clients"
+
+ for_each = local.clients
+
+ project = var.project
+ aws_account_id = var.aws_account_id
+ region = var.region
+ component = local.component
+ client_id = each.key
+ environment = var.environment
+ client_bus_name = aws_cloudwatch_event_bus.main.name
+
+ kms_key_arn = module.kms.key_arn
+
+ log_retention_in_days = var.log_retention_in_days
+ force_lambda_code_deploy = var.force_lambda_code_deploy
+}
diff --git a/infrastructure/terraform/components/callbacks/module_client_destination.tf b/infrastructure/terraform/components/callbacks/module_client_destination.tf
index 21800e94..7be7545e 100644
--- a/infrastructure/terraform/components/callbacks/module_client_destination.tf
+++ b/infrastructure/terraform/components/callbacks/module_client_destination.tf
@@ -4,7 +4,7 @@ module "client_destination" {
project = var.project
aws_account_id = var.aws_account_id
region = var.region
- component = var.component
+ component = local.component
environment = var.environment
client_bus_name = aws_cloudwatch_event_bus.main.name
diff --git a/infrastructure/terraform/components/callbacks/module_kms.tf b/infrastructure/terraform/components/callbacks/module_kms.tf
index 327b5641..117a0106 100644
--- a/infrastructure/terraform/components/callbacks/module_kms.tf
+++ b/infrastructure/terraform/components/callbacks/module_kms.tf
@@ -2,7 +2,7 @@ module "kms" {
source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.7/terraform-kms.zip"
aws_account_id = var.aws_account_id
- component = var.component
+ component = local.component
environment = var.environment
project = var.project
region = var.region
diff --git a/infrastructure/terraform/components/callbacks/module_mock_webhook_lambda.tf b/infrastructure/terraform/components/callbacks/module_mock_webhook_lambda.tf
index b951351e..9d5ac0bd 100644
--- a/infrastructure/terraform/components/callbacks/module_mock_webhook_lambda.tf
+++ b/infrastructure/terraform/components/callbacks/module_mock_webhook_lambda.tf
@@ -6,7 +6,7 @@ module "mock_webhook_lambda" {
description = "Mock webhook endpoint for integration testing - logs received callbacks to CloudWatch"
aws_account_id = var.aws_account_id
- component = var.component
+ component = local.component
environment = var.environment
project = var.project
region = var.region
diff --git a/infrastructure/terraform/components/callbacks/module_sqs_inbound_event.tf b/infrastructure/terraform/components/callbacks/module_sqs_inbound_event.tf
index 2e3080fe..2a15e357 100644
--- a/infrastructure/terraform/components/callbacks/module_sqs_inbound_event.tf
+++ b/infrastructure/terraform/components/callbacks/module_sqs_inbound_event.tf
@@ -2,7 +2,7 @@ module "sqs_inbound_event" {
source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.7/terraform-sqs.zip"
aws_account_id = var.aws_account_id
- component = var.component
+ component = local.component
environment = var.environment
project = var.project
region = var.region
@@ -33,7 +33,7 @@ data "aws_iam_policy_document" "sqs_inbound_event" {
]
resources = [
- "arn:aws:sqs:${var.region}:${var.aws_account_id}:${var.project}-${var.environment}-${var.component}-inbound-event-queue"
+ "arn:aws:sqs:${var.region}:${var.aws_account_id}:${var.project}-${var.environment}-${local.component}-inbound-event-queue"
]
condition {
diff --git a/infrastructure/terraform/components/callbacks/module_transform_filter_lambda.tf b/infrastructure/terraform/components/callbacks/module_transform_filter_lambda.tf
index fb1313f8..e6c0f20e 100644
--- a/infrastructure/terraform/components/callbacks/module_transform_filter_lambda.tf
+++ b/infrastructure/terraform/components/callbacks/module_transform_filter_lambda.tf
@@ -5,7 +5,7 @@ module "client_transform_filter_lambda" {
description = "Lambda function that transforms and filters events coming to through the eventpipe"
aws_account_id = var.aws_account_id
- component = var.component
+ component = local.component
environment = var.environment
project = var.project
region = var.region
diff --git a/infrastructure/terraform/components/callbacks/outputs.tf b/infrastructure/terraform/components/callbacks/outputs.tf
index 1ca00df8..457a37de 100644
--- a/infrastructure/terraform/components/callbacks/outputs.tf
+++ b/infrastructure/terraform/components/callbacks/outputs.tf
@@ -10,7 +10,7 @@ output "deployment" {
project = var.project
environment = var.environment
group = var.group
- component = var.component
+ component = local.component
}
}
diff --git a/infrastructure/terraform/components/callbacks/s3_bucket_client_config.tf b/infrastructure/terraform/components/callbacks/s3_bucket_client_config.tf
index 8bf25c83..dabc95d1 100644
--- a/infrastructure/terraform/components/callbacks/s3_bucket_client_config.tf
+++ b/infrastructure/terraform/components/callbacks/s3_bucket_client_config.tf
@@ -17,7 +17,7 @@ module "client_config_bucket" {
name = "subscription-config"
aws_account_id = var.aws_account_id
- component = var.component
+ component = local.component
environment = var.environment
project = var.project
region = var.region
diff --git a/infrastructure/terraform/components/callbacks/variables.tf b/infrastructure/terraform/components/callbacks/variables.tf
index 74a72d24..59b858bc 100644
--- a/infrastructure/terraform/components/callbacks/variables.tf
+++ b/infrastructure/terraform/components/callbacks/variables.tf
@@ -35,11 +35,7 @@ variable "group" {
# a default within its declaration in this file, because the variables
# purpose is as an identifier unique to this component, rather
# then to the environment from where all other variables come.
-variable "component" {
- type = string
- description = "The variable encapsulating the name of this component"
- default = "callbacks"
-}
+
variable "default_tags" {
type = map(string)
diff --git a/infrastructure/terraform/modules/callback-clients/README.md b/infrastructure/terraform/modules/callback-clients/README.md
new file mode 100644
index 00000000..99753c6c
--- /dev/null
+++ b/infrastructure/terraform/modules/callback-clients/README.md
@@ -0,0 +1,33 @@
+
+
+
+
+## Requirements
+
+No requirements.
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [aws\_account\_id](#input\_aws\_account\_id) | The AWS Account ID (numeric) | `string` | n/a | yes |
+| [client\_bus\_name](#input\_client\_bus\_name) | The name of the event bus to create rules on | `string` | n/a | yes |
+| [client\_id](#input\_client\_id) | Unique identifier for the client | `string` | n/a | yes |
+| [component](#input\_component) | Component name | `string` | n/a | yes |
+| [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes |
+| [force\_lambda\_code\_deploy](#input\_force\_lambda\_code\_deploy) | If the lambda package in s3 has the same commit id tag as the terraform build branch, the lambda will not update automatically. Set to True if making changes to Lambda code from on the same commit for example during development | `bool` | `false` | no |
+| [kms\_key\_arn](#input\_kms\_key\_arn) | KMS Key ARN | `string` | n/a | yes |
+| [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite | `number` | `0` | no |
+| [project](#input\_project) | The name of the tfscaffold project | `string` | n/a | yes |
+| [region](#input\_region) | The AWS Region | `string` | n/a | yes |
+## Modules
+
+No modules.
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [callback\_rule\_arn](#output\_callback\_rule\_arn) | ARN of the callback event rule |
+| [callback\_rule\_name](#output\_callback\_rule\_name) | Name of the callback event rule |
+
+
+
diff --git a/infrastructure/terraform/modules/callback-clients/cloudwatch_event_rule_main.tf b/infrastructure/terraform/modules/callback-clients/cloudwatch_event_rule_main.tf
new file mode 100644
index 00000000..88f1f3cb
--- /dev/null
+++ b/infrastructure/terraform/modules/callback-clients/cloudwatch_event_rule_main.tf
@@ -0,0 +1,16 @@
+resource "aws_cloudwatch_event_rule" "main" {
+ name = "${local.csi}-callback-rule"
+ event_bus_name = var.client_bus_name
+
+ event_pattern = jsonencode({
+ source = [{ prefix = "" }] # Your event pattern here this is effectively "*"
+ })
+}
+
+# resource "aws_cloudwatch_event_target" "main" {
+# rule = aws_cloudwatch_event_rule.main.name
+# event_bus_name = var.client_bus_name
+# target_id = "callback-target"
+# arn = # Your target ARN (Lambda, SNS, etc.)
+# # Additional target configuration...
+# }
diff --git a/infrastructure/terraform/modules/callback-clients/locals.tf b/infrastructure/terraform/modules/callback-clients/locals.tf
new file mode 100644
index 00000000..7b19292b
--- /dev/null
+++ b/infrastructure/terraform/modules/callback-clients/locals.tf
@@ -0,0 +1,13 @@
+locals {
+ csi = replace(
+ format(
+ "%s-%s-%s-%s",
+ var.project,
+ var.environment,
+ var.component,
+ var.client_id,
+ ),
+ "_",
+ "",
+ )
+}
diff --git a/infrastructure/terraform/modules/callback-clients/outputs.tf b/infrastructure/terraform/modules/callback-clients/outputs.tf
new file mode 100644
index 00000000..1095a2e4
--- /dev/null
+++ b/infrastructure/terraform/modules/callback-clients/outputs.tf
@@ -0,0 +1,9 @@
+output "callback_rule_arn" {
+ description = "ARN of the callback event rule"
+ value = aws_cloudwatch_event_rule.main.arn
+}
+
+output "callback_rule_name" {
+ description = "Name of the callback event rule"
+ value = aws_cloudwatch_event_rule.main.name
+}
diff --git a/infrastructure/terraform/modules/callback-clients/variables.tf b/infrastructure/terraform/modules/callback-clients/variables.tf
new file mode 100644
index 00000000..70c8d47f
--- /dev/null
+++ b/infrastructure/terraform/modules/callback-clients/variables.tf
@@ -0,0 +1,55 @@
+##
+# Basic Required Variables for tfscaffold Components
+##
+
+variable "project" {
+ type = string
+ description = "The name of the tfscaffold project"
+}
+
+variable "environment" {
+ type = string
+ description = "The name of the tfscaffold environment"
+}
+
+variable "component" {
+ type = string
+ description = "Component name"
+}
+
+variable "client_id" {
+ type = string
+ description = "Unique identifier for the client"
+}
+
+variable "aws_account_id" {
+ type = string
+ description = "The AWS Account ID (numeric)"
+}
+
+variable "region" {
+ type = string
+ description = "The AWS Region"
+}
+
+variable "kms_key_arn" {
+ type = string
+ description = "KMS Key ARN"
+}
+
+variable "client_bus_name" {
+ type = string
+ description = "The name of the event bus to create rules on"
+}
+
+variable "log_retention_in_days" {
+ type = number
+ description = "The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite"
+ default = 0
+}
+
+variable "force_lambda_code_deploy" {
+ type = bool
+ description = "If the lambda package in s3 has the same commit id tag as the terraform build branch, the lambda will not update automatically. Set to True if making changes to Lambda code from on the same commit for example during development"
+ default = false
+}
diff --git a/infrastructure/terraform/modules/clients/README.md b/infrastructure/terraform/modules/clients/README.md
deleted file mode 100644
index df8c1f5c..00000000
--- a/infrastructure/terraform/modules/clients/README.md
+++ /dev/null
@@ -1,19 +0,0 @@
-
-
-
-
-## Requirements
-
-No requirements.
-## Inputs
-
-No inputs.
-## Modules
-
-No modules.
-## Outputs
-
-No outputs.
-
-
-