Skip to content

OJ-3196: refactor - remove abandon step function, subscription filter… #646

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MarieseMikely merged 1 commit into from
Jul 3, 2025
Merged

OJ-3196: refactor - remove abandon step function, subscription filter… #646

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
164 changes: 3 additions & 161 deletions infrastructure/template.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -827,7 +827,7 @@ Resources:
Role: !GetAtt CodeDeployServiceRole.Arn
Alarms: !If
- UseCanaryDeploymentAlarms
- [!Ref AbandonFunctionCanaryErrors, !Ref AbandonStateMachineCanary5xxErrors]
Comment thread
mikebeeby marked this conversation as resolved.
- [!Ref AbandonFunctionCanaryErrors, !Ref AbandonFunctionCanary5xxErrors]
- [!Ref AWS::NoValue]
LoggingConfig:
LogGroup: !Sub /aws/lambda/${AWS::StackName}/AbandonFunction
Expand Down Expand Up @@ -1585,111 +1585,6 @@ Resources:
- Name: StateMachineArn
Value: !Ref NinoCheckStateMachine

AbandonStateMachine:
Type: AWS::Serverless::StateMachine
Properties:
AutoPublishAlias: live
DeploymentPreference:
Type: !Ref StepFunctionsDeploymentPreference
Interval: !If [IsProdEnvironment, 15, 5]
Percentage: !If [IsProdEnvironment, 10, 50]
Alarms: !If
- UseCanaryDeploymentAlarms
- - !Ref SsmParametersFunctionCanaryErrors
- !Ref AbandonStateMachineFailedCanary
- !Ref AbandonStateMachineCanary5xxErrors
- !Ref AWS::NoValue
StateMachineVersionArn: !Sub "arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${AbandonStateMachine}:live"
Type: EXPRESS
DefinitionUri: ../step-functions/abandon.asl.json
DefinitionSubstitutions:
AuditEventPrefix: !Ref AuditEventNamePrefix
CheckSessionStateMachineArn: !Sub ${CheckSessionStateMachine}:live
CommonStackName: !Ref CommonStackName
SsmParametersFunction: !Ref SsmParametersFunction.Version
CheckHmrcEventBus: !Ref CheckHmrcEventBus
CheckHmrcEventBusSource: !FindInMap [EnvironmentConfiguration, !Ref Environment, DOMAINNAME]
AuditEventNameAbandoned: !FindInMap [Audit, EventName, Abandoned]
Logging:
Destinations:
- CloudWatchLogsLogGroup:
LogGroupArn: !GetAtt AbandonStateMachineLogGroup.Arn
IncludeExecutionData: True
Level: ALL
Policies:
- LambdaInvokePolicy:
FunctionName: !Ref SsmParametersFunction
- DynamoDBReadPolicy:
TableName: !Sub "{{resolve:ssm:/${CommonStackName}/SessionTableName}}"
- DynamoDBWritePolicy:
TableName: !Sub "{{resolve:ssm:/${CommonStackName}/SessionTableName}}"
- EventBridgePutEventsPolicy:
EventBusName: !Ref CheckHmrcEventBus
- Statement:
Effect: Allow
Action:
- states:StartSyncExecution
- states:StartExecution
Resource:
- !Ref CheckSessionStateMachine
- Statement:
Effect: Allow
Action: logs:*
Resource: "*"
PermissionsBoundary: !If
- UsePermissionsBoundary
- !Ref PermissionsBoundary
- !Ref AWS::NoValue

AbandonStateMachineLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub "/aws/vendedlogs/states/${AWS::StackName}-Abandon-state-machine-logs"
RetentionInDays: 30

PIIRedactedAbandonStateMachineLogsSubscriptionFilterCSLS:
Type: AWS::Logs::SubscriptionFilter
Condition: IsNotDevLikeEnvironment
Properties:
DestinationArn: !FindInMap [PlatformConfiguration, !Ref Environment, CSLSEGRESS]
FilterPattern: ""
LogGroupName: !Ref PIIRedactedAbandonStateMachineLogGroup

AbandonStateMachineFailedMetric:
Type: AWS::Logs::MetricFilter
Properties:
LogGroupName: !Ref AbandonStateMachineLogGroup
FilterPattern: '{$.type = "ExecutionFailed"}'
MetricTransformations:
- MetricValue: "1"
MetricName: "AbandonStateMachine}-Error"
MetricNamespace: !Sub "${AWS::StackName}/LogMessages"

AbandonStateMachineAlarm:
Type: "AWS::CloudWatch::Alarm"
Condition: DeployAlarms
Properties:
OKActions:
- !ImportValue platform-alarm-warning-alert-topic
AlarmActions:
- !ImportValue platform-alarm-warning-alert-topic
AlarmDescription: !Sub
- "${AbandonStateMachine} failed 4 or more requests in the last hour. Runbook: ${SupportManualURL}"
- SupportManualURL: !FindInMap [StaticVariables, Urls, SupportManualURL]
AlarmName: !Sub "${AWS::StackName}-${Environment}-AbandonStateMachine-ExecutionsFailed-alarm"
MetricName: "ExecutionsFailed"
Namespace: AWS/States
ComparisonOperator: GreaterThanThreshold
Statistic: Sum
DatapointsToAlarm: 1
EvaluationPeriods: 1
Period: 3600
Threshold: 3
TreatMissingData: notBreaching
Dimensions:
- Name: StateMachineArn
Value: !Ref AbandonStateMachine

NinoIssueCredentialStateMachine:
Type: AWS::Serverless::StateMachine
Properties:
Expand Down Expand Up @@ -2206,31 +2101,6 @@ Resources:
ComparisonOperator: GreaterThanOrEqualToThreshold
TreatMissingData: notBreaching

AbandonStateMachineFailedCanary:
Type: AWS::CloudWatch::Alarm
Condition: UseCanaryDeploymentAlarms
Properties:
ActionsEnabled: true
AlarmActions:
- !ImportValue platform-alarm-warning-alert-topic
OKActions:
- !ImportValue platform-alarm-warning-alert-topic
AlarmDescription: !Sub "Errors returned from the AbandonStateMachine"
MetricName: ExecutionsFailed
Dimensions:
- Name: StateMachineArn
Value: !Sub "arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${AbandonStateMachine}"
- Name: Alias
Value: "live"
Namespace: AWS/States
Statistic: Sum
Unit: Count
Period: 60
EvaluationPeriods: 1
Threshold: 1
ComparisonOperator: GreaterThanOrEqualToThreshold
TreatMissingData: notBreaching

NinoCheckStateMachineFailedCanary:
Type: AWS::CloudWatch::Alarm
Condition: UseCanaryDeploymentAlarms
Expand Down Expand Up @@ -2306,7 +2176,7 @@ Resources:
ComparisonOperator: GreaterThanOrEqualToThreshold
TreatMissingData: notBreaching

AbandonStateMachineCanary5xxErrors:
Comment thread
mikebeeby marked this conversation as resolved.
AbandonFunctionCanary5xxErrors:
Type: AWS::CloudWatch::Alarm
Condition: UseCanaryDeploymentAlarms
Properties:
Expand All @@ -2315,7 +2185,7 @@ Resources:
- !ImportValue platform-alarm-warning-alert-topic
OKActions:
- !ImportValue platform-alarm-warning-alert-topic
AlarmDescription: "AbandonStateMachine returning 5xx response."
AlarmDescription: "Abandon lambda returning 5xx response."
Namespace: AWS/ApiGateway
MetricName: 5XXError
Dimensions:
Expand Down Expand Up @@ -2831,16 +2701,6 @@ Resources:
MetricName: VCIssuedMetric
MetricNamespace: !Ref CriIdentifier

AbandonedJourneyMetric:
Type: AWS::Logs::MetricFilter
Properties:
LogGroupName: !Ref AbandonStateMachineLogGroup
FilterPattern: '{($.details.name = "Clear Auth Code")}'
MetricTransformations:
- MetricValue: 1
MetricName: AbandonedAuthMetric
MetricNamespace: !Ref CriIdentifier

####################################################################
# #
# Log Groups for Slunk (PII Redacted) #
Expand All @@ -2853,12 +2713,6 @@ Resources:
LogGroupName: !Sub "/aws/vendedlogs/states/${AWS::StackName}-NinoCheck-state-machine-logs-pii-redacted"
RetentionInDays: 30

PIIRedactedAbandonStateMachineLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub "/aws/vendedlogs/states/${AWS::StackName}-Abandon-state-machine-logs-pii-redacted"
RetentionInDays: 30

PIIRedactedNinoIssueCredentialLogGroup:
Type: AWS::Logs::LogGroup
Properties:
Expand Down Expand Up @@ -2947,15 +2801,6 @@ Resources:
FilterPattern: ""
LogGroupName: !Ref NinoCheckStateMachineLogGroup

AbandonStateMachineLogsSubscriptionFilter:
Type: AWS::Logs::SubscriptionFilter
DependsOn: PIIRedactFunctionCloudWatchAliasPermissions
Properties:
FilterName: "PII Redaction"
DestinationArn: !Ref PIIRedactFunction.Alias
FilterPattern: ""
LogGroupName: !Ref AbandonStateMachineLogGroup

NinoIssueCredentialLogsSubscriptionFilter:
Type: AWS::Logs::SubscriptionFilter
DependsOn: PIIRedactFunctionCloudWatchAliasPermissions
Expand Down Expand Up @@ -3047,9 +2892,6 @@ Outputs:
NinoUsersTable:
Description: NinoUsersTable table name
Value: !Ref NinoUsersTable
AbandonStateMachineArn:
Description: Abandon state machine ARN
Value: !Ref AbandonStateMachine
AuditEventResponseReceivedRule:
Description: AuditEvent Response Received Rule
Value: !Ref AuditEventResponseReceivedRule
Expand Down
4 changes: 2 additions & 2 deletions integration-tests/globalStackOutputSetup.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ let outputs: Partial<{
PublicApiGatewayId: string;
NinoUsersTable: string;
UserAttemptsTable: string;
AbandonStateMachineArn: string;

CheckSessionStateMachineArn: string;
NinoCheckStateMachineArn: string;
NinoIssueCredentialStateMachineArn: string;
Expand Down Expand Up @@ -48,7 +48,7 @@ export default async function globalSetup() {
"person-identity-common-cri-api";
process.env.SESSION_TABLE =
`session-${outputs.CommonStackName}` || "session-common-cri-api";
process.env.ABANDON_STATE_MACHINE_ARN = outputs.AbandonStateMachineArn;

process.env.CHECK_SESSION_STATE_MACHINE_ARN =
outputs.CheckSessionStateMachineArn;
process.env.NINO_CHECK_STATE_MACHINE_ARN = outputs.NinoCheckStateMachineArn;
Expand Down
59 changes: 0 additions & 59 deletions integration-tests/step-functions/aws/abandon/abandon.test.ts
View file
Open in desktop

This file was deleted.

59 changes: 0 additions & 59 deletions integration-tests/step-functions/mocked/abandon/MockConfigFile.json
View file
Open in desktop

This file was deleted.

Loading