From 86642955510897775de3b0cf00b04bb8c1972719 Mon Sep 17 00:00:00 2001
From: christian-calabrese <christian.calabrese@pagopa.it>
Date: Wed, 18 Dec 2024 14:07:33 +0100
Subject: [PATCH] [DEV-2072] Use the ddb streams event id as SQS message group
 id (#1282)

* feat: add ecs variables for active campaign

* fix: use ddb stream as sqs fifo dedup id

* fix: conflict on cms ecs

* chore: changeset added

* feat: added alarms

* chore: ran terraform fmt

* fix: alarms thresholds
---
 .changeset/gorgeous-ghosts-float.md           |  5 ++
 .../cloudwatch_metrics_alarms.tf              | 66 +++++++++++++++++++
 .../modules/active_campaign/eventbridge.tf    |  5 +-
 .../src/modules/active_campaign/sqs.tf        |  4 +-
 4 files changed, 76 insertions(+), 4 deletions(-)
 create mode 100644 .changeset/gorgeous-ghosts-float.md
 create mode 100644 apps/infrastructure/src/modules/active_campaign/cloudwatch_metrics_alarms.tf

diff --git a/.changeset/gorgeous-ghosts-float.md b/.changeset/gorgeous-ghosts-float.md
new file mode 100644
index 0000000000..1e7fcf4403
--- /dev/null
+++ b/.changeset/gorgeous-ghosts-float.md
@@ -0,0 +1,5 @@
+---
+"infrastructure": patch
+---
+
+Use the ddb stream event id as message group id in sqs
diff --git a/apps/infrastructure/src/modules/active_campaign/cloudwatch_metrics_alarms.tf b/apps/infrastructure/src/modules/active_campaign/cloudwatch_metrics_alarms.tf
new file mode 100644
index 0000000000..d0452a3b96
--- /dev/null
+++ b/apps/infrastructure/src/modules/active_campaign/cloudwatch_metrics_alarms.tf
@@ -0,0 +1,66 @@
+# CloudWatch Metrics and Alarms for Active Campaign Sync Resources
+
+resource "aws_cloudwatch_metric_alarm" "pipe_failed" {
+  alarm_name          = "${local.prefix}-webinar-subs-pipe-errors"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 1
+  period              = 60
+  statistic           = "Sum"
+  threshold           = 1
+  metric_name         = "ExecutionFailed"
+  namespace           = "AWS/EventBridge/Pipes"
+  dimensions = {
+    PipeName = aws_pipes_pipe.dynamodb_to_sqs.name
+  }
+  alarm_description         = "This metric monitors the webinar subscriptions eventbridge pipe failures"
+  insufficient_data_actions = []
+  alarm_actions             = [aws_sns_topic.alerts.arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "dlq" {
+  alarm_name          = "${local.prefix}-sqs-messages-in-dlq"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 1
+  period              = 60
+  statistic           = "Sum"
+  threshold           = 1
+  metric_name         = "ApproximateNumberOfMessagesVisible"
+  namespace           = "AWS/SQS"
+  dimensions = {
+    QueueName = aws_sqs_queue.fifo_dlq_queue.name
+  }
+  alarm_description         = "This metric monitors messages put in the dead letter queue"
+  insufficient_data_actions = []
+  alarm_actions             = [aws_sns_topic.alerts.arn]
+}
+
+# SNS Topic for Alarms
+resource "aws_sns_topic" "alerts" {
+  name = "${local.prefix}-cloudwatch-alarms"
+}
+
+resource "aws_sns_topic_policy" "alerts" {
+  arn = aws_sns_topic.alerts.arn
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Sid    = "AllowCloudWatchAlarms"
+        Effect = "Allow"
+        Principal = {
+          Service = "cloudwatch.amazonaws.com"
+        }
+        Action   = "sns:Publish"
+        Resource = aws_sns_topic.alerts.arn
+        Condition = {
+          ArnLike = {
+            "aws:SourceArn" = "arn:aws:cloudwatch:${var.aws_region}:${data.aws_caller_identity.current.account_id}:alarm:*"
+          }
+          StringEquals = {
+            "aws:SourceAccount" = data.aws_caller_identity.current.account_id
+          }
+        }
+      }
+    ]
+  })
+}
\ No newline at end of file
diff --git a/apps/infrastructure/src/modules/active_campaign/eventbridge.tf b/apps/infrastructure/src/modules/active_campaign/eventbridge.tf
index c584d96e38..8386b7a3b9 100644
--- a/apps/infrastructure/src/modules/active_campaign/eventbridge.tf
+++ b/apps/infrastructure/src/modules/active_campaign/eventbridge.tf
@@ -29,11 +29,12 @@ resource "aws_pipes_pipe" "dynamodb_to_sqs" {
       "sub": "<$.dynamodb.Keys.username.S>"
     }
   },
-  "webinarId": "<$.dynamodb.Keys.webinarId.S>"
+  "webinarId": "<$.dynamodb.Keys.webinarId.S>",
+  "eventID": "<$.eventID>"
 }
 EOF
     sqs_queue_parameters {
-      message_group_id = local.sqs_message_group_id
+      message_group_id = "$.eventID"
     }
   }
 }
diff --git a/apps/infrastructure/src/modules/active_campaign/sqs.tf b/apps/infrastructure/src/modules/active_campaign/sqs.tf
index e3784d1925..b5746ce958 100644
--- a/apps/infrastructure/src/modules/active_campaign/sqs.tf
+++ b/apps/infrastructure/src/modules/active_campaign/sqs.tf
@@ -3,8 +3,8 @@ resource "aws_sqs_queue" "fifo_queue" {
   name                        = "${local.prefix}-events.fifo"
   fifo_queue                  = true
   content_based_deduplication = true
-  deduplication_scope         = "messageGroup"
-  fifo_throughput_limit       = "perMessageGroupId"
+  deduplication_scope         = "queue"
+  fifo_throughput_limit       = "perQueue"
 
   redrive_policy = jsonencode({
     deadLetterTargetArn = aws_sqs_queue.fifo_dlq_queue.arn