feat(cdk): temporary stateful sam template and script to compare with cdk confirming no diffs

Author: tstephen-nhs

SAMtemplates/stateful_template.yaml

@@ -0,0 +1,116 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Transform: AWS::Serverless-2016-10-31
+Description: |
+  PSU stateful resources
+
+Parameters:
+  EnableDynamoDBAutoScaling:
+    Type: String
+    Default: true
+    AllowedValues:
+      - true
+      - false
+
+  EnableBackup:
+    Type: String
+    Default: "False"
+    AllowedValues:
+      - "True"
+      - "False"
+
+  EnableNotificationsInternal:
+    Type: String
+    Default: false
+    AllowedValues:
+      - true
+      - false
+
+  EnableNotificationsExternal:
+    Type: String
+    Default: false
+    AllowedValues:
+      - true
+      - false
+
+  EnabledSiteODSCodesValue:
+    Type: String
+    Default: " "
+
+  EnabledSystemsValue:
+    Type: String
+    Default: " "
+
+  EnabledSupplierApplicationIDsValue:
+    Type: String
+    Default: " "
+
+  BlockedSiteODSCodesValue:
+    Type: String
+    Default: " "
+
+  NotifyRoutingPlanIDValue:
+    Type: String
+    Default: " "
+
+  NotifyAPIBaseURLValue:
+    Type: String
+    Default: " "
+
+  TestPresciptionsParamValue1:
+    Type: String
+    Default: PLACEHOLDER
+
+  TestPresciptionsParamValue2:
+    Type: String
+    Default: PLACEHOLDER
+
+  TestPresciptionsParamValue3:
+    Type: String
+    Default: PLACEHOLDER
+
+  TestPresciptionsParamValue4:
+    Type: String
+    Default: PLACEHOLDER
+
+Resources:
+  Secrets:
+    Type: AWS::Serverless::Application
+    Properties:
+      Location: secrets/main.yaml
+      Parameters:
+        StackName: !Ref AWS::StackName
+
+  Parameters:
+    Type: AWS::Serverless::Application
+    Properties:
+      Location: parameters/main.yaml
+      Parameters:
+        StackName: !Ref AWS::StackName
+        EnableNotificationsInternalValue: !Ref EnableNotificationsInternal
+        EnableNotificationsExternalValue: !Ref EnableNotificationsExternal
+        EnabledSiteODSCodesValue: !Ref EnabledSiteODSCodesValue
+        EnabledSystemsValue: !Ref EnabledSystemsValue
+        EnabledSupplierApplicationIDsValue: !Ref EnabledSupplierApplicationIDsValue
+        BlockedSiteODSCodesValue: !Ref BlockedSiteODSCodesValue
+        NotifyRoutingPlanIDValue: !Ref NotifyRoutingPlanIDValue
+        NotifyAPIBaseURLValue: !Ref NotifyAPIBaseURLValue
+        TestPresciptionsParamValue1: !Ref TestPresciptionsParamValue1
+        TestPresciptionsParamValue2: !Ref TestPresciptionsParamValue2
+        TestPresciptionsParamValue3: !Ref TestPresciptionsParamValue3
+        TestPresciptionsParamValue4: !Ref TestPresciptionsParamValue4
+
+  Tables:
+    Type: AWS::Serverless::Application
+    Properties:
+      Location: tables/main.yaml
+      Parameters:
+        StackName: !Ref AWS::StackName
+        EnableDynamoDBAutoScaling: !Ref EnableDynamoDBAutoScaling
+        EnableBackup: !Ref EnableBackup
+
+  Messaging:
+    Type: AWS::Serverless::Application
+    Properties:
+      Location: messaging/main.yaml
+      Parameters:
+        StackName: !Ref AWS::StackName

packages/cdk/resources/Tables.ts

@@ -11,7 +11,9 @@ import {
   PolicyStatement,
   AnyPrincipal,
   AccountRootPrincipal,
-  PolicyDocument
+  PolicyDocument,
+  Role,
+  ServicePrincipal
 } from "aws-cdk-lib/aws-iam"
 import {Key, Alias} from "aws-cdk-lib/aws-kms"
 import {Duration} from "aws-cdk-lib"
@@ -37,6 +39,48 @@ export class Tables extends Construct {
 
     const {account, region} = Stack.of(this)
 
+    const dynamoDbScalingRolePolicy = props.enableDynamoDBAutoScaling
+      ? new ManagedPolicy(this, "DynamoDbScalingRolePolicy", {
+        statements: [
+          new PolicyStatement({
+            actions: [
+              "dynamodb:DescribeTable",
+              "dynamodb:UpdateTable"
+            ],
+            resources: [
+              `arn:aws:dynamodb:${region}:${account}:table/${props.stackName}-*`
+            ]
+          }),
+          new PolicyStatement({
+            actions: [
+              "cloudwatch:PutMetricAlarm",
+              "cloudwatch:DescribeAlarms",
+              "cloudwatch:DeleteAlarms"
+            ],
+            resources: ["*"]
+          })
+        ]
+      })
+      : undefined
+
+    if (dynamoDbScalingRolePolicy) {
+      NagSuppressions.addResourceSuppressions(dynamoDbScalingRolePolicy, [
+        {
+          id: "AwsSolutions-IAM5",
+          reason:
+            "Stack-scoped wildcard is required for autoscaling permissions " +
+            "across stateful DynamoDB tables and indexes."
+        }
+      ])
+    }
+
+    const dynamoDbScalingRole = props.enableDynamoDBAutoScaling
+      ? new Role(this, "DynamoDbScalingRole", {
+        assumedBy: new ServicePrincipal("dynamodb.application-autoscaling.amazonaws.com"),
+        managedPolicies: dynamoDbScalingRolePolicy ? [dynamoDbScalingRolePolicy] : []
+      })
+      : undefined
+
     // ── Shared autoscaling IAM role ──────────────────────────────────────────
     // Used by ApplicationAutoScaling when enableDynamoDBAutoScaling is true.
     // Equivalent to DynamoDbScalingRole in SAMtemplates/tables/main.yaml.
@@ -204,9 +248,14 @@ export class Tables extends Construct {
     }
 
     if (props.enableDynamoDBAutoScaling) {
+      const scalingRoleOptions = dynamoDbScalingRole
+        ? {role: dynamoDbScalingRole}
+        : {}
+
       const tableWriteScaling = prescriptionStatusUpdatesTable.autoScaleWriteCapacity({
         minCapacity: MIN_WRITE_PRESCRIPTION_STATUS_UPDATES_CAPACITY,
-        maxCapacity: MAX_WRITE_PRESCRIPTION_STATUS_UPDATES_CAPACITY
+        maxCapacity: MAX_WRITE_PRESCRIPTION_STATUS_UPDATES_CAPACITY,
+        ...scalingRoleOptions
       })
       tableWriteScaling.scaleOnUtilization({
         targetUtilizationPercent: 50,
@@ -216,7 +265,8 @@ export class Tables extends Construct {
 
       const tableReadScaling = prescriptionStatusUpdatesTable.autoScaleReadCapacity({
         minCapacity: 1,
-        maxCapacity: 100
+        maxCapacity: 100,
+        ...scalingRoleOptions
       })
       tableReadScaling.scaleOnUtilization({
         targetUtilizationPercent: 70,
@@ -228,7 +278,8 @@ export class Tables extends Construct {
         prescriptionStatusUpdatesTable.autoScaleGlobalSecondaryIndexWriteCapacity(
           "PharmacyODSCodePrescriptionIDIndex", {
             minCapacity: MIN_WRITE_PRESCRIPTION_STATUS_UPDATES_CAPACITY,
-            maxCapacity: MAX_WRITE_PRESCRIPTION_STATUS_UPDATES_CAPACITY
+            maxCapacity: MAX_WRITE_PRESCRIPTION_STATUS_UPDATES_CAPACITY,
+            ...scalingRoleOptions
           })
       pharmacyIndexWriteScaling.scaleOnUtilization({
         targetUtilizationPercent: 50,
@@ -240,13 +291,66 @@ export class Tables extends Construct {
         prescriptionStatusUpdatesTable.autoScaleGlobalSecondaryIndexReadCapacity(
           "PharmacyODSCodePrescriptionIDIndex", {
             minCapacity: 1,
-            maxCapacity: 100
+            maxCapacity: 100,
+            ...scalingRoleOptions
           })
       pharmacyIndexReadScaling.scaleOnUtilization({
         targetUtilizationPercent: 70,
         scaleInCooldown: Duration.seconds(60),
         scaleOutCooldown: Duration.seconds(60)
       })
+
+      const nhsNumberIndexWriteScaling =
+        prescriptionStatusUpdatesTable.autoScaleGlobalSecondaryIndexWriteCapacity(
+          "PatientNHSNumberIndex", {
+            minCapacity: MIN_WRITE_PRESCRIPTION_STATUS_UPDATES_CAPACITY,
+            maxCapacity: MAX_WRITE_PRESCRIPTION_STATUS_UPDATES_CAPACITY,
+            ...scalingRoleOptions
+          })
+      nhsNumberIndexWriteScaling.scaleOnUtilization({
+        targetUtilizationPercent: 50,
+        scaleInCooldown: Duration.seconds(600),
+        scaleOutCooldown: Duration.seconds(0)
+      })
+
+      const nhsNumberIndexReadScaling =
+        prescriptionStatusUpdatesTable.autoScaleGlobalSecondaryIndexReadCapacity(
+          "PatientNHSNumberIndex", {
+            minCapacity: 1,
+            maxCapacity: 100,
+            ...scalingRoleOptions
+          })
+      nhsNumberIndexReadScaling.scaleOnUtilization({
+        targetUtilizationPercent: 70,
+        scaleInCooldown: Duration.seconds(60),
+        scaleOutCooldown: Duration.seconds(60)
+      })
+
+      const pharmacyIndexIncPostDatedWriteScaling =
+        prescriptionStatusUpdatesTable.autoScaleGlobalSecondaryIndexWriteCapacity(
+          "PharmacyODSCodePrescriptionIDIndexIncPostDated", {
+            minCapacity: MIN_WRITE_PRESCRIPTION_STATUS_UPDATES_CAPACITY,
+            maxCapacity: MAX_WRITE_PRESCRIPTION_STATUS_UPDATES_CAPACITY,
+            ...scalingRoleOptions
+          })
+      pharmacyIndexIncPostDatedWriteScaling.scaleOnUtilization({
+        targetUtilizationPercent: 50,
+        scaleInCooldown: Duration.seconds(600),
+        scaleOutCooldown: Duration.seconds(0)
+      })
+
+      const pharmacyIndexIncPostDatedReadScaling =
+        prescriptionStatusUpdatesTable.autoScaleGlobalSecondaryIndexReadCapacity(
+          "PharmacyODSCodePrescriptionIDIndexIncPostDated", {
+            minCapacity: 1,
+            maxCapacity: 100,
+            ...scalingRoleOptions
+          })
+      pharmacyIndexIncPostDatedReadScaling.scaleOnUtilization({
+        targetUtilizationPercent: 70,
+        scaleInCooldown: Duration.seconds(60),
+        scaleOutCooldown: Duration.seconds(60)
+      })
     }
 
     const prescriptionStatusUpdatesReadPolicy = new ManagedPolicy(
@@ -417,10 +521,15 @@ export class Tables extends Construct {
     }
 
     if (props.enableDynamoDBAutoScaling) {
+      const scalingRoleOptions = dynamoDbScalingRole
+        ? {role: dynamoDbScalingRole}
+        : {}
+
       const notifStatesTableWriteScaling =
         prescriptionNotificationStatesTable.autoScaleWriteCapacity({
           minCapacity: MIN_WRITE_PRESCRIPTION_NOTIFICATION_STATES_CAPACITY,
-          maxCapacity: MAX_WRITE_PRESCRIPTION_NOTIFICATION_STATES_CAPACITY
+          maxCapacity: MAX_WRITE_PRESCRIPTION_NOTIFICATION_STATES_CAPACITY,
+          ...scalingRoleOptions
         })
       notifStatesTableWriteScaling.scaleOnUtilization({
         targetUtilizationPercent: 50,
@@ -431,7 +540,8 @@ export class Tables extends Construct {
       const notifStatesTableReadScaling =
         prescriptionNotificationStatesTable.autoScaleReadCapacity({
           minCapacity: 1,
-          maxCapacity: 100
+          maxCapacity: 100,
+          ...scalingRoleOptions
         })
       notifStatesTableReadScaling.scaleOnUtilization({
         targetUtilizationPercent: 70,
@@ -443,7 +553,8 @@ export class Tables extends Construct {
         prescriptionNotificationStatesTable.autoScaleGlobalSecondaryIndexWriteCapacity(
           "PatientPharmacyIndex", {
             minCapacity: MIN_WRITE_PRESCRIPTION_NOTIFICATION_STATES_CAPACITY,
-            maxCapacity: MAX_WRITE_PRESCRIPTION_NOTIFICATION_STATES_CAPACITY
+            maxCapacity: MAX_WRITE_PRESCRIPTION_NOTIFICATION_STATES_CAPACITY,
+            ...scalingRoleOptions
           })
       patientPharmacyIndexWriteScaling.scaleOnUtilization({
         targetUtilizationPercent: 50,
@@ -455,7 +566,8 @@ export class Tables extends Construct {
         prescriptionNotificationStatesTable.autoScaleGlobalSecondaryIndexReadCapacity(
           "PatientPharmacyIndex", {
             minCapacity: 1,
-            maxCapacity: 100
+            maxCapacity: 100,
+            ...scalingRoleOptions
           })
       patientPharmacyIndexReadScaling.scaleOnUtilization({
         targetUtilizationPercent: 70,
@@ -467,7 +579,8 @@ export class Tables extends Construct {
         prescriptionNotificationStatesTable.autoScaleGlobalSecondaryIndexWriteCapacity(
           "NotifyMessageIDIndex", {
             minCapacity: MIN_WRITE_PRESCRIPTION_NOTIFICATION_STATES_CAPACITY,
-            maxCapacity: MAX_WRITE_PRESCRIPTION_NOTIFICATION_STATES_CAPACITY
+            maxCapacity: MAX_WRITE_PRESCRIPTION_NOTIFICATION_STATES_CAPACITY,
+            ...scalingRoleOptions
           })
       notifyMessageIdIndexWriteScaling.scaleOnUtilization({
         targetUtilizationPercent: 50,
@@ -479,7 +592,8 @@ export class Tables extends Construct {
         prescriptionNotificationStatesTable.autoScaleGlobalSecondaryIndexReadCapacity(
           "NotifyMessageIDIndex", {
             minCapacity: 1,
-            maxCapacity: 100
+            maxCapacity: 100,
+            ...scalingRoleOptions
           })
       notifyMessageIdIndexReadScaling.scaleOnUtilization({
         targetUtilizationPercent: 70,