dvsa · matbeales · Aug 7, 2024 · Aug 7, 2024 · Aug 7, 2024 · Aug 7, 2024
diff --git a/infra/terraform/environments/dev/main.tf b/infra/terraform/environments/dev/main.tf
@@ -253,6 +253,17 @@ module "service" {
     repository = data.aws_ecr_repository.this["cli"].repository_url
 
     task_iam_role_statements = local.task_iam_role_statements
+    eventbridge_iam_policy_statements = {
+      batch = {
+        effect = "Allow"
+        actions = [
+          "batch:SubmitJob"
+        ]
+        resources = [
+          "arn:aws:batch:eu-west-1:054614622558:job-definition/vol-app-dev-*"
+        ]
+      }
+    }
 
     subnet_ids = data.aws_subnets.this["BATCH"].ids
 

diff --git a/infra/terraform/modules/service/README.md b/infra/terraform/modules/service/README.md
@@ -47,7 +47,7 @@
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_assets_version"></a> [assets\_version](#input\_assets\_version) | The version of the assets | `string` | n/a | yes |
-| <a name="input_batch"></a> [batch](#input\_batch) | Configuration for the batch process | <pre>object({<br>    version    = string<br>    repository = string<br>    subnet_ids = list(string)<br>    task_iam_role_statements = list(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>    jobs = list(object({<br>      name     = string<br>      commands = list(string)<br>      cpu      = optional(number, 1)<br>      memory   = optional(number, 2048)<br>      timeout  = optional(number, 300)<br>      schedule = optional(string, "")<br>    }))<br>  })</pre> | n/a | yes |
+| <a name="input_batch"></a> [batch](#input\_batch) | Configuration for the batch process | <pre>object({<br>    version    = string<br>    repository = string<br>    subnet_ids = list(string)<br>    task_iam_role_statements = list(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>    eventbridge_iam_policy_statements = map(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>    jobs = list(object({<br>      name     = string<br>      commands = list(string)<br>      cpu      = optional(number, 1)<br>      memory   = optional(number, 2048)<br>      timeout  = optional(number, 300)<br>      schedule = optional(string, "")<br>    }))<br>  })</pre> | n/a | yes |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name for the environment | `string` | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | The environment to deploy to | `string` | n/a | yes |
 | <a name="input_legacy_environment"></a> [legacy\_environment](#input\_legacy\_environment) | The legacy environment to deploy use | `string` | n/a | yes |

@@ -130,8 +130,12 @@ module "eventbridge" {
   source  = "terraform-aws-modules/eventbridge/aws"
   version = "~> 3.7"
 
-  create_bus  = false
-  create_role = true
+  create_bus = false
+
+  create_role              = true
+  role_name                = "vol-app-${var.environment}-batch-scheduler"
+  attach_policy_statements = true
+  policy_statements        = var.batch.eventbridge_iam_policy_statements
 
   schedules = local.schedules
 }

diff --git a/infra/terraform/modules/service/variables.tf b/infra/terraform/modules/service/variables.tf
@@ -57,6 +57,11 @@ variable "batch" {
       actions   = list(string)
       resources = list(string)
     }))
+    eventbridge_iam_policy_statements = map(object({
+      effect    = string
+      actions   = list(string)
+      resources = list(string)
+    }))
     jobs = list(object({
       name     = string
       commands = list(string)