From d9b3cff5c550841800878b86c97dea2c92cb6e32 Mon Sep 17 00:00:00 2001
From: sidnhs <siddharth.nair1@nhs.net>
Date: Tue, 10 Jun 2025 14:06:17 +0100
Subject: [PATCH 1/2] CCM-10246: Edge lambda regional log group

---
 .../modules/lambda/cloudwatch_log_group.tf         | 14 ++++++++++++++
 .../lambda/data_iam_policy_document_put_logs.tf    |  6 ++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/infrastructure/modules/lambda/cloudwatch_log_group.tf b/infrastructure/modules/lambda/cloudwatch_log_group.tf
index 1937fc1..cf8c278 100644
--- a/infrastructure/modules/lambda/cloudwatch_log_group.tf
+++ b/infrastructure/modules/lambda/cloudwatch_log_group.tf
@@ -10,3 +10,17 @@ resource "aws_cloudwatch_log_group" "main" {
     },
   )
 }
+
+resource "aws_cloudwatch_log_group" "main_edge" {
+  count = var.lambda_at_edge ? 1 : 0
+  name              = "/aws/lambda/us-east-1.${local.csi}"
+  retention_in_days = var.log_retention_in_days
+  kms_key_id        = var.kms_key_arn
+
+  tags = merge(
+    local.default_tags,
+    {
+      Name = local.csi
+    },
+  )
+}
diff --git a/infrastructure/modules/lambda/data_iam_policy_document_put_logs.tf b/infrastructure/modules/lambda/data_iam_policy_document_put_logs.tf
index a794885..0a4d5a8 100644
--- a/infrastructure/modules/lambda/data_iam_policy_document_put_logs.tf
+++ b/infrastructure/modules/lambda/data_iam_policy_document_put_logs.tf
@@ -9,9 +9,11 @@ data "aws_iam_policy_document" "put_logs" {
     ]
 
     #trivy:ignore:aws-iam-no-policy-wildcards
-    resources = [
+    resources = flatten([[
       "${aws_cloudwatch_log_group.main.arn}:*",
-    ]
+    ], var.lambda_at_edge ? [
+       "${aws_cloudwatch_log_group.main_edge[0].arn}:*",
+    ] : []])
   }
 
   dynamic "statement" {

From c61b7b05021f122ff41fcb82854f9168ae25c523 Mon Sep 17 00:00:00 2001
From: sidnhs <siddharth.nair1@nhs.net>
Date: Wed, 11 Jun 2025 11:20:27 +0100
Subject: [PATCH 2/2] CCM-10246: Lambda edge log group

---
 infrastructure/modules/lambda/cloudwatch_log_group.tf         | 2 +-
 .../modules/lambda/data_iam_policy_document_put_logs.tf       | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/infrastructure/modules/lambda/cloudwatch_log_group.tf b/infrastructure/modules/lambda/cloudwatch_log_group.tf
index cf8c278..dff7497 100644
--- a/infrastructure/modules/lambda/cloudwatch_log_group.tf
+++ b/infrastructure/modules/lambda/cloudwatch_log_group.tf
@@ -12,7 +12,7 @@ resource "aws_cloudwatch_log_group" "main" {
 }
 
 resource "aws_cloudwatch_log_group" "main_edge" {
-  count = var.lambda_at_edge ? 1 : 0
+  count             = var.lambda_at_edge ? 1 : 0
   name              = "/aws/lambda/us-east-1.${local.csi}"
   retention_in_days = var.log_retention_in_days
   kms_key_id        = var.kms_key_arn
diff --git a/infrastructure/modules/lambda/data_iam_policy_document_put_logs.tf b/infrastructure/modules/lambda/data_iam_policy_document_put_logs.tf
index 0a4d5a8..978ddf7 100644
--- a/infrastructure/modules/lambda/data_iam_policy_document_put_logs.tf
+++ b/infrastructure/modules/lambda/data_iam_policy_document_put_logs.tf
@@ -11,8 +11,8 @@ data "aws_iam_policy_document" "put_logs" {
     #trivy:ignore:aws-iam-no-policy-wildcards
     resources = flatten([[
       "${aws_cloudwatch_log_group.main.arn}:*",
-    ], var.lambda_at_edge ? [
-       "${aws_cloudwatch_log_group.main_edge[0].arn}:*",
+      ], var.lambda_at_edge ? [
+      "${aws_cloudwatch_log_group.main_edge[0].arn}:*",
     ] : []])
   }