fix(iam): add back some of the kinesis iam

bassrock · bassrock · commit 8416ffed67c6 · 2025-01-02T14:49:23.000-08:00
diff --git a/infrastructure/user-list-search/lambda_codedeploy.tf b/infrastructure/user-list-search/lambda_codedeploy.tf
@@ -0,0 +1,41 @@
+resource "aws_iam_role" "lambda_codedeploy_role" {
+  name               = "${local.prefix}-LambdaCodeDeployRole"
+  assume_role_policy = data.aws_iam_policy_document.codedeploy_assume_role.json
+}
+
+
+resource "aws_iam_role_policy_attachment" "lambda_codedeploy_role" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda"
+  #Depending on the service there are different types.
+  role = aws_iam_role.lambda_codedeploy_role.name
+}
+
+resource "aws_iam_role" "lambda_role" {
+  name               = "${local.prefix}-LambdaExecutionRole"
+  tags               = local.tags
+  assume_role_policy = data.aws_iam_policy_document.lambda_assume.json
+}
+
+resource "aws_iam_role_policy_attachment" "lambda_role_xray_write" {
+  role       = aws_iam_role.lambda_role.name
+  policy_arn = data.aws_iam_policy.aws_xray_write_only_access.arn
+}
+
+data "aws_iam_policy_document" "lambda_assume" {
+  version = "2012-10-17"
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "sts:AssumeRole"
+    ]
+
+    principals {
+      identifiers = [
+        "lambda.amazonaws.com"
+      ]
+
+      type = "Service"
+    }
+  }
+}
diff --git a/infrastructure/user-list-search/metrics.tf b/infrastructure/user-list-search/metrics.tf
@@ -246,25 +246,6 @@ module "dashboard_alarm" {
             merge(local.metrics.list_item_update_lambda.throttles, { metadata = { color = "#ff7f0e", yAxis = "right" } }),
           ]
         },
-        {
-          x      = 0.0
-          y      = 24.0
-          width  = 12.0
-          height = 6.0
-          properties = {
-            title   = "Event Kinesis Consumer"
-            stacked = false
-            region  = data.aws_region.current.name,
-            stat    = "Average"
-            period  = 60
-          }
-          metrics = [
-            local.metrics.event_consumer_lambda.duration,
-            local.metrics.event_consumer_lambda.errors,
-            merge(local.metrics.event_consumer_lambda.iterator_age, { metadata = { yAxis = "right" } })
-          ]
-
-        },
         {
           x      = 12.0
           y      = 24.0
diff --git a/infrastructure/user-list-search/metrics_alarm_definitions.tf b/infrastructure/user-list-search/metrics_alarm_definitions.tf
@@ -118,27 +118,6 @@ locals {
       ok_actions    = []
       alarm_actions = []
     }
-
-    event_consumer_lambda_errors = {
-      name        = "${local.prefix}-EventConsumerLambdaErrors"
-      description = "More than 1 error for 3 consecutive minutes"
-
-      metrics = [
-        local.metrics.event_consumer_lambda.duration,
-        local.metrics.event_consumer_lambda.iterator_age,
-        local.metrics.event_consumer_lambda.errors
-      ]
-
-      threshold         = 10
-      operator          = ">"
-      return_data_on_id = local.metrics.event_consumer_lambda.errors.id
-      // The kinesis consumer lambda that we listen on for item updates has more then 10 errors for 10 consecutive minutes
-      period        = 60
-      breaches      = 10
-      tags          = local.tags
-      ok_actions    = []
-      alarm_actions = []
-    }
   }
 
   # TODO: EventHandler metrics
diff --git a/infrastructure/user-list-search/metrics_metric_definitions.tf b/infrastructure/user-list-search/metrics_metric_definitions.tf
@@ -70,35 +70,6 @@ locals {
         expression = "IF(user_list_import_queue_messages_deleted, user_list_import_queue_messages_deleted, 1)/IF(user_list_import_queue_messages_sent, user_list_import_queue_messages_sent, 1)*100",
       }
     }
-    event_consumer_lambda = {
-      duration = {
-        id        = "event_consumer_lambda_duration"
-        namespace = "AWS/Lambda"
-        metric    = "Duration"
-        statistic = "Sum"
-        dimensions = {
-          FunctionName = aws_lambda_function.unified_events_consumer.function_name
-        }
-      },
-      errors = {
-        id        = "event_consumer_lambda_errors"
-        namespace = "AWS/Lambda"
-        metric    = "Errors"
-        statistic = "Sum"
-        dimensions = {
-          FunctionName = aws_lambda_function.unified_events_consumer.function_name
-        }
-      },
-      iterator_age = {
-        id        = "event_consumer_lambda_iterator_age"
-        namespace = "AWS/Lambda"
-        metric    = "IteratorAge"
-        statistic = "Sum"
-        dimensions = {
-          FunctionName = aws_lambda_function.unified_events_consumer.function_name
-        }
-      }
-    }
 
     list_item_import_lambda = {
       invocations = {
