create an egress checker lambda in the vpc

terraform/environment/region/egress-checker.tf

@@ -0,0 +1,15 @@
+module "egress_checker" {
+  source                        = "./modules/egress_checker"
+  lambda_function_image_ecr_url = "311462405659.dkr.ecr.eu-west-1.amazonaws.com/egress-checker"
+  lambda_function_image_tag     = "v0.1604.0-MLPAB2748checkrequestsforaddressesnotontheallowlistaredropped.2"
+  event_received_lambda_role    = var.iam_roles.event_received_lambda
+  vpc_config = {
+    subnet_ids         = data.aws_subnet.application[*].id
+    security_group_ids = [data.aws_security_group.lambda_egress.id]
+  }
+
+  providers = {
+    aws.region     = aws.region
+    aws.management = aws.management
+  }
+}

terraform/environment/region/modules/egress_checker/main.tf

@@ -0,0 +1,19 @@
+module "egress_checker" {
+  source               = "../lambda"
+  lambda_name          = "egress-checker"
+  description          = "Function to check egress from the VPC via the network firewall"
+  image_uri            = "${var.lambda_function_image_ecr_url}:${var.lambda_function_image_tag}"
+  aws_iam_role         = var.event_received_lambda_role
+  environment          = data.aws_default_tags.current.tags.environment-name
+  kms_key              = data.aws_kms_alias.cloudwatch_application_logs_encryption.target_key_arn
+  iam_policy_documents = [data.aws_iam_policy_document.api_access_policy.json]
+  timeout              = 300
+  memory               = 1024
+  vpc_config = {
+    subnet_ids         = var.vpc_config.subnet_ids
+    security_group_ids = var.vpc_config.security_group_ids
+  }
+  providers = {
+    aws.region = aws.region
+  }
+}

terraform/environment/region/modules/egress_checker/variables.tf

@@ -0,0 +1,19 @@
+variable "lambda_function_image_ecr_url" {
+  type = string
+}
+
+variable "lambda_function_image_tag" {
+  type = string
+}
+
+variable "event_received_lambda_role" {
+  type = any
+}
+
+variable "vpc_config" {
+  description = "Configuration block for VPC"
+  type = object({
+    subnet_ids         = list(string)
+    security_group_ids = list(string)
+  })
+}

terraform/environment/region/modules/egress_checker/versions.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.5.2"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.80.0"
+      configuration_aliases = [
+        aws.region,
+        aws.management
+      ]
+    }
+  }
+}