New: [AEA-3906] - Creates sandbox AWS stack (#83)

## Summary

- ✨ New Feature

### Details

Creates sandbox AWS stack

---------

Co-authored-by: Natasa Fragkou <[email protected]>

.github/workflows/ci.yml

@@ -93,12 +93,10 @@ jobs:
       STACK_NAME: psu
       TARGET_ENVIRONMENT: dev
       ENABLE_MUTUAL_TLS: false
-      DEPLOY_SANDBOX: false
       BUILD_ARTIFACT: packaged_code
       TRUSTSTORE_FILE: psu-truststore.pem
       VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
       COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
-      LOG_LEVEL: DEBUG
       LOG_RETENTION_DAYS: 30
       CREATE_INT_RELEASE_NOTES: true
       CREATE_PROD_RELEASE_NOTES: true
@@ -117,12 +115,10 @@ jobs:
       STACK_NAME: psu
       TARGET_ENVIRONMENT: qa
       ENABLE_MUTUAL_TLS: false
-      DEPLOY_SANDBOX: false
       BUILD_ARTIFACT: packaged_code
       TRUSTSTORE_FILE: psu-truststore.pem
       VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
       COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
-      LOG_LEVEL: DEBUG
       LOG_RETENTION_DAYS: 30
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}

.github/workflows/pull_request.yml

@@ -66,12 +66,26 @@ jobs:
       ARTIFACT_BUCKET_PREFIX: PR-${{needs.get_issue_number.outputs.issue_number}}
       TARGET_ENVIRONMENT: dev-pr
       ENABLE_MUTUAL_TLS: false
-      DEPLOY_SANDBOX: false
       BUILD_ARTIFACT: packaged_code
       TRUSTSTORE_FILE: psu-truststore.pem
       VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }}
       COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
-      LOG_LEVEL: DEBUG
+      LOG_RETENTION_DAYS: 30
+    secrets:
+      CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
+
+  release_sandbox_code:
+    needs: [get_issue_number, package_code, get_commit_id]
+    uses: ./.github/workflows/sam_release_code.yml
+    with:
+      STACK_NAME: psu-pr-${{needs.get_issue_number.outputs.issue_number}}-sandbox
+      ARTIFACT_BUCKET_PREFIX: PR-${{needs.get_issue_number.outputs.issue_number}}-sandbox
+      TARGET_ENVIRONMENT: dev-pr
+      ENABLE_MUTUAL_TLS: false
+      BUILD_ARTIFACT: packaged_sandbox_code
+      TRUSTSTORE_FILE: psu-sandbox-truststore.pem
+      VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }}
+      COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
       LOG_RETENTION_DAYS: 30
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}

.github/workflows/release.yml

@@ -118,12 +118,10 @@ jobs:
       STACK_NAME: psu
       TARGET_ENVIRONMENT: dev
       ENABLE_MUTUAL_TLS: false
-      DEPLOY_SANDBOX: false
       BUILD_ARTIFACT: packaged_code
       TRUSTSTORE_FILE: psu-truststore.pem
       VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
       COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
-      LOG_LEVEL: DEBUG
       LOG_RETENTION_DAYS: 30
       CREATE_INT_RELEASE_NOTES: true
       CREATE_PROD_RELEASE_NOTES: true
@@ -142,12 +140,10 @@ jobs:
       STACK_NAME: psu
       TARGET_ENVIRONMENT: ref
       ENABLE_MUTUAL_TLS: false
-      DEPLOY_SANDBOX: false
       BUILD_ARTIFACT: packaged_code
       TRUSTSTORE_FILE: psu-truststore.pem
       VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
       COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
-      LOG_LEVEL: DEBUG
       LOG_RETENTION_DAYS: 30
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.REF_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -160,12 +156,10 @@ jobs:
       STACK_NAME: psu
       TARGET_ENVIRONMENT: qa
       ENABLE_MUTUAL_TLS: false
-      DEPLOY_SANDBOX: false
       BUILD_ARTIFACT: packaged_code
       TRUSTSTORE_FILE: psu-truststore.pem
       VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
       COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
-      LOG_LEVEL: DEBUG
       LOG_RETENTION_DAYS: 30
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -178,12 +172,10 @@ jobs:
       STACK_NAME: psu
       TARGET_ENVIRONMENT: int
       ENABLE_MUTUAL_TLS: false
-      DEPLOY_SANDBOX: false
       BUILD_ARTIFACT: packaged_code
       TRUSTSTORE_FILE: psu-truststore.pem
       VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
       COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
-      LOG_LEVEL: DEBUG
       LOG_RETENTION_DAYS: 30
       CREATE_INT_RELEASE_NOTES: true
       CREATE_INT_RC_RELEASE_NOTES: true
@@ -202,12 +194,10 @@ jobs:
 #      STACK_NAME: psu
 #      TARGET_ENVIRONMENT: prod
 #      ENABLE_MUTUAL_TLS: true
-#      DEPLOY_SANDBOX: false
 #      BUILD_ARTIFACT: packaged_code
 #      TRUSTSTORE_FILE: psu-truststore.pem
 #      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
 #      COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
-#      LOG_LEVEL: INFO
 #      LOG_RETENTION_DAYS: 731
 #      MARK_JIRA_RELEASED: true
 #      CREATE_PROD_RELEASE_NOTES: true

.github/workflows/sam_package_code.yml

@@ -65,4 +65,20 @@ jobs:
           name: packaged_code
           path: |
             .aws-sam/build
-            packages/updatePrescriptionStatus/lib/get-secrets-layer.zip 
+
+      - shell: bash
+        name: package sandbox
+        run: |
+          cp .tool-versions ~/
+          rm -rf .aws-sam
+          export PATH=$PATH:$PWD/node_modules/.bin
+          make sam-build-sandbox
+          cp Makefile .aws-sam/build/
+          cp samconfig_package_and_deploy.toml .aws-sam/build/
+
+      - uses: actions/upload-artifact@v4
+        name: upload sandbox build artifact
+        with:
+          name: packaged_sandbox_code
+          path: |
+            .aws-sam/build

.github/workflows/sam_release_code.yml

@@ -18,9 +18,6 @@ on:
       BUILD_ARTIFACT:
         required: true
         type: string
-      DEPLOY_SANDBOX:
-        required: true
-        type: boolean
       TRUSTSTORE_FILE:
         required: true
         type: string
@@ -30,9 +27,6 @@ on:
       COMMIT_ID:
         required: true
         type: string
-      LOG_LEVEL:
-        required: true
-        type: string
       LOG_RETENTION_DAYS:
         required: true
         type: string
@@ -100,17 +94,15 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: ${{ inputs.BUILD_ARTIFACT }}
-          path: .
+          path: .aws-sam/build
 
       - name: release code
         shell: bash
         working-directory: .github/scripts
         env:
           artifact_bucket_prefix: prescription_status_update/${{ inputs.ARTIFACT_BUCKET_PREFIX }}
           COMMIT_ID: ${{ inputs.COMMIT_ID }}
-          deploy_sandbox: ${{ inputs.DEPLOY_SANDBOX }}
           enable_mutual_tls: ${{ inputs.ENABLE_MUTUAL_TLS }}
-          LOG_LEVEL: ${{ inputs.LOG_LEVEL }}
           LOG_RETENTION_DAYS: ${{ inputs.LOG_RETENTION_DAYS }}
           stack_name: ${{ inputs.STACK_NAME }}
           TARGET_ENVIRONMENT: ${{ inputs.TARGET_ENVIRONMENT }}

.pre-commit-config.yaml

@@ -32,6 +32,15 @@ repos:
         types_or: [ts, tsx, javascript, jsx, json]
         pass_filenames: false
 
+      - id: lint-sandbox
+        name: Lint sandbox
+        entry: npm
+        args: ["run", "--prefix=packages/sandbox", "lint"]
+        language: system
+        files: ^packages\/sandbox
+        types_or: [ts, tsx, javascript, jsx, json]
+        pass_filenames: false
+
       - id: oas-build-checks
         name: Build OAS
         entry: make

.vscode/eps-prescription-status-update-api.code-workspace

@@ -11,6 +11,10 @@
 		{
 			"name": "packages/updatePrescriptionStatus",
 			"path": "../packages/updatePrescriptionStatus"
+		},
+		{
+			"name": "packages/sandbox",
+			"path": "../packages/sandbox"
 		}
 	],
 	"settings": {
@@ -81,11 +85,7 @@
 			"package-lock.json",
 			"node_modules",
 			".vscode"
-		],
-		"jest.jestCommandLine": "NODE_OPTIONS=--experimental-vm-modules node_modules/.bin/jest --no-cache",
-		"jest.nodeEnv": {
-			"POWERTOOLS_DEV": true
-		}
+		]
 	},
 	"extensions": {
 		"recommendations": [

Makefile

@@ -25,6 +25,9 @@ build-specification:
 sam-build: sam-validate compile
 	sam build --template-file SAMtemplates/main_template.yaml --region eu-west-2
 
+sam-build-sandbox: sam-validate-sandbox compile
+	sam build --template-file SAMtemplates/sandbox_template.yaml --region eu-west-2
+
 sam-run-local: sam-build
 	sam local start-api
 
@@ -58,7 +61,10 @@ sam-validate:
 	sam validate --template-file SAMtemplates/main_template.yaml --region eu-west-2
 	sam validate --template-file SAMtemplates/lambda_resources.yaml --region eu-west-2
 
-sam-deploy-package: guard-artifact_bucket guard-artifact_bucket_prefix guard-stack_name guard-template_file guard-cloud_formation_execution_role guard-LATEST_TRUSTSTORE_VERSION guard-enable_mutual_tls guard-VERSION_NUMBER guard-COMMIT_ID guard-LOG_LEVEL guard-LOG_RETENTION_DAYS guard-TARGET_ENVIRONMENT
+sam-validate-sandbox:
+	sam validate --template-file SAMtemplates/sandbox_template.yaml --region eu-west-2
+
+sam-deploy-package: guard-artifact_bucket guard-artifact_bucket_prefix guard-stack_name guard-template_file guard-cloud_formation_execution_role guard-LATEST_TRUSTSTORE_VERSION guard-enable_mutual_tls guard-VERSION_NUMBER guard-LOG_RETENTION_DAYS guard-TARGET_ENVIRONMENT
 	sam deploy \
 		--template-file $$template_file \
 		--stack-name $$stack_name \
@@ -76,9 +82,6 @@ sam-deploy-package: guard-artifact_bucket guard-artifact_bucket_prefix guard-sta
 			  TruststoreVersion=$$LATEST_TRUSTSTORE_VERSION \
 			  EnableMutualTLS=$$enable_mutual_tls \
 			  EnableSplunk=true \
-			  VersionNumber=$$VERSION_NUMBER \
-			  CommitId=$$COMMIT_ID \
-			  LogLevel=$$LOG_LEVEL \
 			  LogRetentionDays=$$LOG_RETENTION_DAYS \
 			  Env=$$TARGET_ENVIRONMENT
 
@@ -90,6 +93,7 @@ compile: compile-node
 lint-node: compile-node
 	npm run lint --workspace packages/specification
 	npm run lint --workspace packages/updatePrescriptionStatus
+	npm run lint --workspace packages/sandbox
 
 lint-samtemplates:
 	poetry run cfn-lint -t SAMtemplates/*.yaml
@@ -107,11 +111,14 @@ lint: lint-node lint-samtemplates lint-python lint-githubactions lint-githubacti
 
 test: compile
 	npm run test --workspace packages/updatePrescriptionStatus
+	npm run test --workspace packages/sandbox
 
 #Removes build/ + dist/ directories
 clean:
 	rm -rf packages/updatePrescriptionStatus/coverage
 	rm -rf packages/updatePrescriptionStatus/lib
+	rm -rf packages/sandbox/coverage
+	rm -rf packages/sandbox/lib
 	rm -rf .aws-sam
 
 deep-clean: clean

README.md

@@ -12,6 +12,7 @@ Deployment history can be found at https://nhsdigital.github.io/eps-prescription
 This is the AWS layer that provides an API for EPS Prescription Status Update.
 
 - `packages/updatePrescriptionStatus/` Handles updating prescription status for the root endpoint.
+- `packages/sandbox` A sandbox endpoint returning an example response.
 - `packages/specification/` This [Open API Specification](https://swagger.io/docs/specification/about/) describes the endpoints, methods and messages.
 - `scripts/` Utilities helpful to developers of this specification.
 - `SAMtemplates/` Contains the SAM templates used to define the stacks.

SAMtemplates/lambda_resources.yaml

@@ -25,11 +25,6 @@ Parameters:
   LambdaName:
     Type: String
     Description: Name of lambda we are creating for
-  AccessToSpine:
-    Type: String
-    Description: Whether to use splunk
-    Default: false
-    AllowedValues: [true, false]
   LogRetentionDays:
     Type: Number
     Description: How long to keep logs for
@@ -61,7 +56,6 @@ Parameters:
 
 Conditions:
   ShouldUseSplunk: !Equals [true, !Ref EnableSplunk]
-  AllowAccessToSpine: !Equals [true, !Ref AccessToSpine]
 
 Resources:
   LambdaRole:
@@ -79,10 +73,6 @@ Resources:
         - !ImportValue lambda-resources:LambdaInsightsLogGroupPolicy
         - !ImportValue account-resources:LambdaEncryptCloudwatchKMSPolicy
         - !ImportValue account-resources:LambdaDecryptSecretsKMSPolicy
-        - !If
-          - AllowAccessToSpine
-          - !ImportValue account-resources:LambdaAccessSecretsPolicy
-          - !Ref AWS::NoValue
 
   LambdaManagedPolicy:
     Type: AWS::IAM::ManagedPolicy

SAMtemplates/main_template.yaml

@@ -13,16 +13,11 @@ Globals:
     Runtime: nodejs20.x
     Environment:
       Variables:
-        TargetServiceSearchServer: !Ref TargetServiceSearchServer
         NODE_OPTIONS: --enable-source-maps
     Layers:
       - !Sub "arn:aws:lambda:${AWS::Region}:580247275435:layer:LambdaInsightsExtension:49"
 
 Parameters:
-  TargetServiceSearchServer:
-    Type: String
-    Description: TargetServiceSearchServer
-    Default: none
   TruststoreVersion:
     Type: String
     Description: TruststoreVersion
@@ -37,10 +32,6 @@ Parameters:
     Description: Whether to use splunk
     Default: false
     AllowedValues: [true, false]
-  LogLevel:
-    Type: String
-    Description: The log level to set in the lambda
-    Default: "INFO"
   LogRetentionDays:
     Type: Number
     Description: How long to keep logs for
@@ -98,7 +89,6 @@ Resources:
       Environment:
         Variables:
           TABLE_NAME: !Sub "${AWS::StackName}-PrescriptionStatusUpdates"
-          LOG_LEVEL: !Ref LogLevel
       Events:
         updatePrescriptionStatus:
           Type: HttpApi