Move audit log table to terraform (#222)

devksingh4 · web-flow · commit b05826ecfefa · 2025-07-23T00:45:56.000-04:00
diff --git a/cloudformation/logs.yml b/cloudformation/logs.yml
diff --git a/cloudformation/main.yml b/cloudformation/main.yml
@@ -85,11 +85,6 @@ Resources:
         SqsQueueArn: !Sub "arn:aws:sqs:${AWS::Region}:${AWS::AccountId}:infra-core-api-sqs"
         LinkryKvArn: !GetAtt LinkryRecordsCloudfrontStore.Arn
 
-  AppLogGroups:
-    Type: AWS::Serverless::Application
-    Properties:
-      Location: ./logs.yml
-
   LinkryRecordSetv4:
     Condition: IsDev
     Type: AWS::Route53::RecordSet
@@ -218,8 +213,6 @@ Resources:
 
   AppApiLambdaFunction:
     Type: AWS::Serverless::Function
-    DependsOn:
-      - AppLogGroups
     Properties:
       Architectures: [arm64]
       CodeUri: ../dist/lambda
@@ -261,8 +254,6 @@ Resources:
 
   AppSqsLambdaFunction:
     Type: AWS::Serverless::Function
-    DependsOn:
-      - AppLogGroups
     Properties:
       Architectures: [arm64]
       CodeUri: ../dist/sqsConsumer
diff --git a/terraform/envs/prod/main.tf b/terraform/envs/prod/main.tf
@@ -49,3 +49,31 @@ module "sqs_queues" {
   source          = "../../modules/sqs"
   resource_prefix = var.ProjectId
 }
+
+import {
+  to = aws_dynamodb_table.app_audit_log
+  id = "${var.ProjectId}-audit-log"
+}
+
+resource "aws_dynamodb_table" "app_audit_log" {
+  billing_mode                = "PAY_PER_REQUEST"
+  name                        = "${var.ProjectId}-audit-log"
+  deletion_protection_enabled = true
+  hash_key                    = "module"
+  range_key                   = "createdAt"
+  point_in_time_recovery {
+    enabled = true
+  }
+  attribute {
+    name = "module"
+    type = "S"
+  }
+  attribute {
+    name = "createdAt"
+    type = "N"
+  }
+  ttl {
+    attribute_name = "expiresAt"
+    enabled        = true
+  }
+}
diff --git a/terraform/envs/qa/main.tf b/terraform/envs/qa/main.tf
@@ -36,3 +36,31 @@ module "sqs_queues" {
   source          = "../../modules/sqs"
   resource_prefix = var.ProjectId
 }
+
+import {
+  to = aws_dynamodb_table.app_audit_log
+  id = "${var.ProjectId}-audit-log"
+}
+
+resource "aws_dynamodb_table" "app_audit_log" {
+  billing_mode                = "PAY_PER_REQUEST"
+  name                        = "${var.ProjectId}-audit-log"
+  deletion_protection_enabled = true
+  hash_key                    = "module"
+  range_key                   = "createdAt"
+  point_in_time_recovery {
+    enabled = true
+  }
+  attribute {
+    name = "module"
+    type = "S"
+  }
+  attribute {
+    name = "createdAt"
+    type = "N"
+  }
+  ttl {
+    attribute_name = "expiresAt"
+    enabled        = true
+  }
+}
