From b81502c9edd7ba1809cb2ec2c3b2d4e38dcb75e4 Mon Sep 17 00:00:00 2001
From: Mathew Beales <matt.beales@dvsa.gov.uk>
Date: Wed, 7 Aug 2024 09:41:31 +0100
Subject: [PATCH 1/8] fix(terraform): vol5223 add iam policy statement to allow
 eventbridge to kick off batch jobs

---
 infra/terraform/environments/dev/main.tf     | 9 +++++++++
 infra/terraform/modules/service/batch.tf     | 6 +++++-
 infra/terraform/modules/service/variables.tf | 5 +++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/infra/terraform/environments/dev/main.tf b/infra/terraform/environments/dev/main.tf
index 57812c1a3b..5e15708aad 100644
--- a/infra/terraform/environments/dev/main.tf
+++ b/infra/terraform/environments/dev/main.tf
@@ -253,6 +253,15 @@ module "service" {
     repository = data.aws_ecr_repository.this["cli"].repository_url
 
     task_iam_role_statements = local.task_iam_role_statements
+    eventbridge_batch_role_policy_statement = {
+      effect = "Allow"
+      actions = [
+        "batch:SubmitJob"
+      ]
+      resources = [
+        "arn:aws:batch:eu-west-1:054614622558:job-definition/vol-app-dev-*"
+      ]
+    }
 
     subnet_ids = data.aws_subnets.this["BATCH"].ids
 
diff --git a/infra/terraform/modules/service/batch.tf b/infra/terraform/modules/service/batch.tf
index 9c1decbd6c..c696ed4ce1 100644
--- a/infra/terraform/modules/service/batch.tf
+++ b/infra/terraform/modules/service/batch.tf
@@ -131,7 +131,11 @@ module "eventbridge" {
   version = "~> 3.7"
 
   create_bus  = false
-  create_role = true
+
+  create_role              = true
+  role_name                = "vol-app-${var.environment}-batch-scheduler"
+  attach_policy_statements = true
+  policy_statements        = var.batch.eventbridge_batch_role_policy_statement
 
   schedules = local.schedules
 }
diff --git a/infra/terraform/modules/service/variables.tf b/infra/terraform/modules/service/variables.tf
index b3712eb9eb..2f790096de 100644
--- a/infra/terraform/modules/service/variables.tf
+++ b/infra/terraform/modules/service/variables.tf
@@ -57,6 +57,11 @@ variable "batch" {
       actions   = list(string)
       resources = list(string)
     }))
+    eventbridge_batch_role_policy_statement = object({
+      effect    = string
+      actions   = list(string)
+      resources = list(string)
+    })
     jobs = list(object({
       name     = string
       commands = list(string)

From dd639e864cc312cd3ebfe07104ea26361da62f85 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Wed, 7 Aug 2024 08:45:27 +0000
Subject: [PATCH 2/8] docs: update Terraform docs

---
 infra/terraform/modules/service/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infra/terraform/modules/service/README.md b/infra/terraform/modules/service/README.md
index f5129598c0..b1a4469b8f 100644
--- a/infra/terraform/modules/service/README.md
+++ b/infra/terraform/modules/service/README.md
@@ -47,7 +47,7 @@
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_assets_version"></a> [assets\_version](#input\_assets\_version) | The version of the assets | `string` | n/a | yes |
-| <a name="input_batch"></a> [batch](#input\_batch) | Configuration for the batch process | <pre>object({<br>    version    = string<br>    repository = string<br>    subnet_ids = list(string)<br>    task_iam_role_statements = list(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>    jobs = list(object({<br>      name     = string<br>      commands = list(string)<br>      cpu      = optional(number, 1)<br>      memory   = optional(number, 2048)<br>      timeout  = optional(number, 300)<br>      schedule = optional(string, "")<br>    }))<br>  })</pre> | n/a | yes |
+| <a name="input_batch"></a> [batch](#input\_batch) | Configuration for the batch process | <pre>object({<br>    version    = string<br>    repository = string<br>    subnet_ids = list(string)<br>    task_iam_role_statements = list(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>    eventbridge_batch_role_policy_statement = object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    })<br>    jobs = list(object({<br>      name     = string<br>      commands = list(string)<br>      cpu      = optional(number, 1)<br>      memory   = optional(number, 2048)<br>      timeout  = optional(number, 300)<br>      schedule = optional(string, "")<br>    }))<br>  })</pre> | n/a | yes |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name for the environment | `string` | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | The environment to deploy to | `string` | n/a | yes |
 | <a name="input_legacy_environment"></a> [legacy\_environment](#input\_legacy\_environment) | The legacy environment to deploy use | `string` | n/a | yes |

From 5fa506788ca655eb71dad6ada69419cb7b12b6c5 Mon Sep 17 00:00:00 2001
From: Mathew Beales <matt.beales@dvsa.gov.uk>
Date: Wed, 7 Aug 2024 09:49:00 +0100
Subject: [PATCH 3/8] fix(terraform): vol5223 fix formatting

---
 infra/terraform/modules/service/batch.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infra/terraform/modules/service/batch.tf b/infra/terraform/modules/service/batch.tf
index c696ed4ce1..dbc3fd941b 100644
--- a/infra/terraform/modules/service/batch.tf
+++ b/infra/terraform/modules/service/batch.tf
@@ -130,7 +130,7 @@ module "eventbridge" {
   source  = "terraform-aws-modules/eventbridge/aws"
   version = "~> 3.7"
 
-  create_bus  = false
+  create_bus = false
 
   create_role              = true
   role_name                = "vol-app-${var.environment}-batch-scheduler"

From 6ef479c69708c2e0073256074a518971f1bd9f95 Mon Sep 17 00:00:00 2001
From: Mathew Beales <matt.beales@dvsa.gov.uk>
Date: Wed, 7 Aug 2024 10:22:13 +0100
Subject: [PATCH 4/8] fix(terraform): vol5223 fix format of eventbridge iam
 policy

---
 infra/terraform/environments/dev/main.tf     | 18 ++++++++++--------
 infra/terraform/modules/service/batch.tf     |  2 +-
 infra/terraform/modules/service/variables.tf |  4 ++--
 3 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/infra/terraform/environments/dev/main.tf b/infra/terraform/environments/dev/main.tf
index 5e15708aad..b1b0cfa926 100644
--- a/infra/terraform/environments/dev/main.tf
+++ b/infra/terraform/environments/dev/main.tf
@@ -253,14 +253,16 @@ module "service" {
     repository = data.aws_ecr_repository.this["cli"].repository_url
 
     task_iam_role_statements = local.task_iam_role_statements
-    eventbridge_batch_role_policy_statement = {
-      effect = "Allow"
-      actions = [
-        "batch:SubmitJob"
-      ]
-      resources = [
-        "arn:aws:batch:eu-west-1:054614622558:job-definition/vol-app-dev-*"
-      ]
+    eventbridge_iam_policy_statements = {
+      batch = {
+        effect = "Allow"
+        actions = [
+          "batch:SubmitJob"
+        ]
+        resources = [
+          "arn:aws:batch:eu-west-1:054614622558:job-definition/vol-app-dev-*"
+        ]
+      }
     }
 
     subnet_ids = data.aws_subnets.this["BATCH"].ids
diff --git a/infra/terraform/modules/service/batch.tf b/infra/terraform/modules/service/batch.tf
index dbc3fd941b..92d9e933d2 100644
--- a/infra/terraform/modules/service/batch.tf
+++ b/infra/terraform/modules/service/batch.tf
@@ -135,7 +135,7 @@ module "eventbridge" {
   create_role              = true
   role_name                = "vol-app-${var.environment}-batch-scheduler"
   attach_policy_statements = true
-  policy_statements        = var.batch.eventbridge_batch_role_policy_statement
+  policy_statements        = var.batch.eventbridge_iam_policy_statements
 
   schedules = local.schedules
 }
diff --git a/infra/terraform/modules/service/variables.tf b/infra/terraform/modules/service/variables.tf
index 2f790096de..83a8586a01 100644
--- a/infra/terraform/modules/service/variables.tf
+++ b/infra/terraform/modules/service/variables.tf
@@ -57,11 +57,11 @@ variable "batch" {
       actions   = list(string)
       resources = list(string)
     }))
-    eventbridge_batch_role_policy_statement = object({
+    eventbridge_iam_policy_statements = map(object({
       effect    = string
       actions   = list(string)
       resources = list(string)
-    })
+    }))
     jobs = list(object({
       name     = string
       commands = list(string)

From 599b9a679b57a1f68521bb9d5ced998aed978c0d Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Wed, 7 Aug 2024 09:22:38 +0000
Subject: [PATCH 5/8] docs: update Terraform docs

---
 infra/terraform/modules/service/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infra/terraform/modules/service/README.md b/infra/terraform/modules/service/README.md
index b1a4469b8f..9df995d529 100644
--- a/infra/terraform/modules/service/README.md
+++ b/infra/terraform/modules/service/README.md
@@ -47,7 +47,7 @@
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_assets_version"></a> [assets\_version](#input\_assets\_version) | The version of the assets | `string` | n/a | yes |
-| <a name="input_batch"></a> [batch](#input\_batch) | Configuration for the batch process | <pre>object({<br>    version    = string<br>    repository = string<br>    subnet_ids = list(string)<br>    task_iam_role_statements = list(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>    eventbridge_batch_role_policy_statement = object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    })<br>    jobs = list(object({<br>      name     = string<br>      commands = list(string)<br>      cpu      = optional(number, 1)<br>      memory   = optional(number, 2048)<br>      timeout  = optional(number, 300)<br>      schedule = optional(string, "")<br>    }))<br>  })</pre> | n/a | yes |
+| <a name="input_batch"></a> [batch](#input\_batch) | Configuration for the batch process | <pre>object({<br>    version    = string<br>    repository = string<br>    subnet_ids = list(string)<br>    task_iam_role_statements = list(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>    eventbridge_iam_policy_statements = map(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>    jobs = list(object({<br>      name     = string<br>      commands = list(string)<br>      cpu      = optional(number, 1)<br>      memory   = optional(number, 2048)<br>      timeout  = optional(number, 300)<br>      schedule = optional(string, "")<br>    }))<br>  })</pre> | n/a | yes |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name for the environment | `string` | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | The environment to deploy to | `string` | n/a | yes |
 | <a name="input_legacy_environment"></a> [legacy\_environment](#input\_legacy\_environment) | The legacy environment to deploy use | `string` | n/a | yes |

From 8a0ee655f8568f8351a774edc7cf4cb3c664c857 Mon Sep 17 00:00:00 2001
From: Mathew Beales <matt.beales@dvsa.gov.uk>
Date: Wed, 7 Aug 2024 11:32:52 +0100
Subject: [PATCH 6/8] fix(terraform): vol5223 fix format of eventbridge iam
 policy

---
 infra/terraform/environments/dev/main.tf     | 11 -----------
 infra/terraform/modules/service/batch.tf     | 10 +++++++++-
 infra/terraform/modules/service/variables.tf |  5 -----
 3 files changed, 9 insertions(+), 17 deletions(-)

diff --git a/infra/terraform/environments/dev/main.tf b/infra/terraform/environments/dev/main.tf
index b1b0cfa926..57812c1a3b 100644
--- a/infra/terraform/environments/dev/main.tf
+++ b/infra/terraform/environments/dev/main.tf
@@ -253,17 +253,6 @@ module "service" {
     repository = data.aws_ecr_repository.this["cli"].repository_url
 
     task_iam_role_statements = local.task_iam_role_statements
-    eventbridge_iam_policy_statements = {
-      batch = {
-        effect = "Allow"
-        actions = [
-          "batch:SubmitJob"
-        ]
-        resources = [
-          "arn:aws:batch:eu-west-1:054614622558:job-definition/vol-app-dev-*"
-        ]
-      }
-    }
 
     subnet_ids = data.aws_subnets.this["BATCH"].ids
 
diff --git a/infra/terraform/modules/service/batch.tf b/infra/terraform/modules/service/batch.tf
index 92d9e933d2..00ae6be8df 100644
--- a/infra/terraform/modules/service/batch.tf
+++ b/infra/terraform/modules/service/batch.tf
@@ -135,7 +135,15 @@ module "eventbridge" {
   create_role              = true
   role_name                = "vol-app-${var.environment}-batch-scheduler"
   attach_policy_statements = true
-  policy_statements        = var.batch.eventbridge_iam_policy_statements
+  policy_statements        = {
+    batch = {
+      effect = "Allow"
+      actions = [
+        "batch:SubmitJob"
+      ]
+      resources = [ for job in module.batch.job_definitions : job.arn ]
+    }
+  }
 
   schedules = local.schedules
 }
diff --git a/infra/terraform/modules/service/variables.tf b/infra/terraform/modules/service/variables.tf
index 83a8586a01..b3712eb9eb 100644
--- a/infra/terraform/modules/service/variables.tf
+++ b/infra/terraform/modules/service/variables.tf
@@ -57,11 +57,6 @@ variable "batch" {
       actions   = list(string)
       resources = list(string)
     }))
-    eventbridge_iam_policy_statements = map(object({
-      effect    = string
-      actions   = list(string)
-      resources = list(string)
-    }))
     jobs = list(object({
       name     = string
       commands = list(string)

From accbcc316082470a004e0ba5ba02d0598973643e Mon Sep 17 00:00:00 2001
From: Mathew Beales <matt.beales@dvsa.gov.uk>
Date: Wed, 7 Aug 2024 11:33:57 +0100
Subject: [PATCH 7/8] fix(terraform): vol5223 fix format of eventbridge iam
 policy

---
 infra/terraform/modules/service/batch.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infra/terraform/modules/service/batch.tf b/infra/terraform/modules/service/batch.tf
index 00ae6be8df..fe4579b50f 100644
--- a/infra/terraform/modules/service/batch.tf
+++ b/infra/terraform/modules/service/batch.tf
@@ -135,13 +135,13 @@ module "eventbridge" {
   create_role              = true
   role_name                = "vol-app-${var.environment}-batch-scheduler"
   attach_policy_statements = true
-  policy_statements        = {
+  policy_statements = {
     batch = {
       effect = "Allow"
       actions = [
         "batch:SubmitJob"
       ]
-      resources = [ for job in module.batch.job_definitions : job.arn ]
+      resources = [for job in module.batch.job_definitions : job.arn]
     }
   }
 

From ae4d60920adb94a6d095012df91f36d9eb0df117 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Wed, 7 Aug 2024 10:34:30 +0000
Subject: [PATCH 8/8] docs: update Terraform docs

---
 infra/terraform/modules/service/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infra/terraform/modules/service/README.md b/infra/terraform/modules/service/README.md
index 9df995d529..f5129598c0 100644
--- a/infra/terraform/modules/service/README.md
+++ b/infra/terraform/modules/service/README.md
@@ -47,7 +47,7 @@
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_assets_version"></a> [assets\_version](#input\_assets\_version) | The version of the assets | `string` | n/a | yes |
-| <a name="input_batch"></a> [batch](#input\_batch) | Configuration for the batch process | <pre>object({<br>    version    = string<br>    repository = string<br>    subnet_ids = list(string)<br>    task_iam_role_statements = list(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>    eventbridge_iam_policy_statements = map(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>    jobs = list(object({<br>      name     = string<br>      commands = list(string)<br>      cpu      = optional(number, 1)<br>      memory   = optional(number, 2048)<br>      timeout  = optional(number, 300)<br>      schedule = optional(string, "")<br>    }))<br>  })</pre> | n/a | yes |
+| <a name="input_batch"></a> [batch](#input\_batch) | Configuration for the batch process | <pre>object({<br>    version    = string<br>    repository = string<br>    subnet_ids = list(string)<br>    task_iam_role_statements = list(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>    jobs = list(object({<br>      name     = string<br>      commands = list(string)<br>      cpu      = optional(number, 1)<br>      memory   = optional(number, 2048)<br>      timeout  = optional(number, 300)<br>      schedule = optional(string, "")<br>    }))<br>  })</pre> | n/a | yes |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name for the environment | `string` | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | The environment to deploy to | `string` | n/a | yes |
 | <a name="input_legacy_environment"></a> [legacy\_environment](#input\_legacy\_environment) | The legacy environment to deploy use | `string` | n/a | yes |