refactor(Lambda): make use of Parameter Store by simonknittel · Pull Request #1849 · simonknittel/sam

simonknittel · 2025-12-07T11:07:43Z

No description provided.

vercel · 2025-12-07T11:07:45Z

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Preview	Updated (UTC)
sam	Ignored	Preview	Dec 7, 2025 11:11am

github-actions · 2025-12-07T11:08:17Z

Terraform Plan 📖 `success`

Show Plan


data.aws_cloudfront_cache_policy.managed_caching_optimized: Reading...
module.email_function.aws_ssm_parameter.custom[0]: Refreshing state... [id=/email-function/mailgun-api-key]
module.notification_router.data.aws_kms_alias.ssm: Reading...
data.aws_cloudwatch_event_bus.default: Reading...
aws_cloudfront_origin_access_control.care_bear_shooter_build_bucket: Refreshing state... [id=E9UD6HRKKYL4H]
module.email_function.aws_cloudwatch_metric_alarm.lambda_errors: Refreshing state... [id=email-function-lambda-errors]
data.aws_cloudfront_origin_request_policy.managed_cors_s3_origin: Reading...
module.scrape_discord_events_function.aws_cloudwatch_metric_alarm.lambda_throttles: Refreshing state... [id=scrape-discord-events-function-lambda-throttles]
module.notification_router.aws_cloudwatch_metric_alarm.memory_utilization: Refreshing state... [id=notification-router-memory-utilization]
aws_budgets_budget.monthly_total: Refreshing state... [id=220746603587:Total monthly budget]
module.midnight_automations.aws_cloudwatch_metric_alarm.memory_utilization: Refreshing state... [id=midnight-automations-memory-utilization]
data.aws_cloudfront_origin_request_policy.managed_cors_s3_origin: Read complete after 0s [id=88a5eaf4-2fd4-4709-b370-b4c650ea3fcf]
module.notification_router.aws_cloudwatch_metric_alarm.lambda_errors: Refreshing state... [id=notification-router-lambda-errors]
data.aws_cloudfront_cache_policy.managed_caching_optimized: Read complete after 0s [id=b2884449-e4de-46a7-ac36-70bc7f1ddd6d]
module.notification_router.aws_cloudwatch_metric_alarm.lambda_throttles: Refreshing state... [id=notification-router-lambda-throttles]
module.notification_router.data.aws_kms_alias.ssm: Read complete after 0s [id=arn:aws:kms:eu-central-1:220746603587:alias/aws/ssm]
data.aws_cloudwatch_event_bus.default: Read complete after 0s [id=default]
module.email_function.aws_cloudwatch_metric_alarm.lambda_throttles: Refreshing state... [id=email-function-lambda-throttles]
module.midnight_automations.aws_cloudwatch_metric_alarm.lambda_throttles: Refreshing state... [id=midnight-automations-lambda-throttles]
module.scrape_discord_events_function.data.aws_kms_alias.ssm: Reading...
module.scrape_discord_events_function.data.aws_kms_alias.ssm: Read complete after 0s [id=arn:aws:kms:eu-central-1:220746603587:alias/aws/ssm]
module.notification_router.aws_sqs_queue.main_deadletter: Refreshing state... [id=https://sqs.eu-central-1.amazonaws.com/220746603587/terraform-20251030115900886600000004]
aws_s3_account_public_access_block.main: Refreshing state... [id=220746603587]
module.email_function.aws_cloudwatch_metric_alarm.memory_utilization: Refreshing state... [id=email-function-memory-utilization]
module.email_function.aws_sqs_queue.main_deadletter: Refreshing state... [id=https://sqs.eu-central-1.amazonaws.com/220746603587/terraform-20240211081314103700000003]
module.midnight_automations.data.aws_kms_alias.ssm: Reading...
module.scrape_discord_events_function.aws_cloudwatch_metric_alarm.memory_utilization: Refreshing state... [id=scrape-discord-events-function-memory-utilization]
module.scrape_discord_events_function.aws_cloudwatch_metric_alarm.lambda_errors: Refreshing state... [id=scrape-discord-events-function-lambda-errors]
module.email_function.data.aws_kms_alias.ssm: Reading...
aws_iam_user.app_vercel: Refreshing state... [id=app_vercel]
data.aws_caller_identity.current: Reading...
data.aws_iam_openid_connect_provider.github: Reading...
module.midnight_automations.aws_cloudwatch_metric_alarm.lambda_errors: Refreshing state... [id=midnight-automations-lambda-errors]
data.aws_caller_identity.current: Read complete after 1s [id=220746603587]
aws_dynamodb_table.sqs_processed_requests: Refreshing state... [id=SqsProcessedRequests]
aws_schemas_discoverer.default: Refreshing state... [id=events-event-bus-default]
module.notification_router.aws_sqs_queue.main: Refreshing state... [id=https://sqs.eu-central-1.amazonaws.com/220746603587/terraform-20251030115928908600000009]
module.notification_router.aws_cloudwatch_metric_alarm.deadletter_message_count: Refreshing state... [id=deadletter-message-count-notification-router]
aws_s3_bucket.care_bear_shooter_build: Refreshing state... [id=care-bear-shooter-build-220746603587]
aws_iam_user_policy.app_vercel: Refreshing state... [id=app_vercel:terraform-20240328141028994700000001]
data.aws_iam_openid_connect_provider.github: Read complete after 1s [id=arn:aws:iam::220746603587:oidc-provider/token.actions.githubusercontent.com]
aws_iam_access_key.app_vercel: Refreshing state... [id=AKIATGZMF3RB4EBRLJ6V]
module.email_function.aws_cloudwatch_event_rule.main: Refreshing state... [id=arn:aws:events:eu-central-1:220746603587:event-bus/default/terraform-20251014181318664100000002]
module.midnight_automations.data.aws_kms_alias.ssm: Read complete after 1s [id=arn:aws:kms:eu-central-1:220746603587:alias/aws/ssm]
module.email_function.aws_sqs_queue.main: Refreshing state... [id=https://sqs.eu-central-1.amazonaws.com/220746603587/terraform-20240211081339784400000005]
module.email_function.aws_cloudwatch_metric_alarm.deadletter_message_count: Refreshing state... [id=deadletter-message-count-email-function]
module.email_function.data.aws_kms_alias.ssm: Read complete after 1s [id=arn:aws:kms:eu-central-1:220746603587:alias/aws/ssm]
module.notification_router.aws_cloudwatch_event_rule.main: Refreshing state... [id=arn:aws:events:eu-central-1:220746603587:event-bus/default/terraform-20251030115900884300000002]
module.midnight_automations.aws_iam_role.main: Refreshing state... [id=terraform-20251012112428357600000001]
module.scrape_discord_events_function.aws_iam_role.main: Refreshing state... [id=terraform-20250308102259501700000001]
module.email_function.aws_iam_role.main: Refreshing state... [id=terraform-20240211081405377800000007]
module.notification_router.aws_iam_role.main: Refreshing state... [id=terraform-20251030115900884900000003]
aws_iam_role.care_bear_shooter_build_uploader: Refreshing state... [id=care-bear-shooter-build-uploader]
module.notification_router.aws_sqs_queue_policy.main: Refreshing state... [id=https://sqs.eu-central-1.amazonaws.com/220746603587/terraform-20251030115928908600000009]
module.notification_router.aws_sqs_queue_redrive_allow_policy.main_deadletter: Refreshing state... [id=https://sqs.eu-central-1.amazonaws.com/220746603587/terraform-20251030115900886600000004]
module.midnight_automations.aws_iam_role_policy_attachment.main_aws_xray_daemon_write_access: Refreshing state... [id=terraform-20251012112428357600000001-20251012112429139200000003]
module.midnight_automations.aws_iam_role_policy.main_eventbridge: Refreshing state... [id=terraform-20251012112428357600000001:eventbridge]
module.midnight_automations.aws_iam_role_policy_attachment.main_cloudwatch_lambda_insights_execution_role_policy: Refreshing state... [id=terraform-20251012112428357600000001-20251012112429013300000002]
module.midnight_automations.aws_lambda_function.main: Refreshing state... [id=midnight-automations]
module.midnight_automations.aws_iam_role_policy_attachment.main_aws_lambda_basic_execution_role: Refreshing state... [id=terraform-20251012112428357600000001-20251012112429187000000005]
module.midnight_automations.aws_iam_role_policy_attachment.main_aws_lambda_role: Refreshing state... [id=terraform-20251012112428357600000001-20251012112429149700000004]
module.email_function.aws_sqs_queue_redrive_allow_policy.main_deadletter: Refreshing state... [id=https://sqs.eu-central-1.amazonaws.com/220746603587/terraform-20240211081314103700000003]
module.email_function.aws_sqs_queue_policy.main: Refreshing state... [id=https://sqs.eu-central-1.amazonaws.com/220746603587/terraform-20240211081339784400000005]
module.email_function.aws_cloudwatch_event_target.main: Refreshing state... [id=arn:aws:events:eu-central-1:220746603587:event-bus/default-terraform-20251014181318664100000002-terraform-20251014181319422500000003]
module.notification_router.aws_cloudwatch_event_target.main: Refreshing state... [id=arn:aws:events:eu-central-1:220746603587:event-bus/default-terraform-20251030115900884300000002-terraform-2025103011595657700000000b]
module.scrape_discord_events_function.aws_iam_role_policy_attachment.main_aws_lambda_role: Refreshing state... [id=terraform-20250308102259501700000001-20250308110155082100000001]
module.scrape_discord_events_function.aws_iam_role_policy_attachment.main_cloudwatch_lambda_insights_execution_role_policy: Refreshing state... [id=terraform-20250308102259501700000001-20250308102300749900000002]
module.scrape_discord_events_function.aws_iam_role_policy.main_eventbridge: Refreshing state... [id=terraform-20250308102259501700000001:eventbridge]
module.scrape_discord_events_function.aws_lambda_function.main: Refreshing state... [id=scrape-discord-events-function]
module.scrape_discord_events_function.aws_iam_role_policy_attachment.main_aws_xray_daemon_write_access: Refreshing state... [id=terraform-20250308102259501700000001-20250308102301148700000004]
module.scrape_discord_events_function.aws_iam_role_policy_attachment.main_aws_lambda_basic_execution_role: Refreshing state... [id=terraform-20250308102259501700000001-20250308102300934000000003]
module.notification_router.aws_iam_role_policy_attachment.main_aws_lambda_basic_execution_role: Refreshing state... [id=terraform-20251030115900884900000003-20251030115902000200000006]
module.notification_router.aws_lambda_function.main: Refreshing state... [id=notification-router]
module.notification_router.aws_iam_role_policy.main_parameter_store: Refreshing state... [id=terraform-20251030115900884900000003:parameter-store]
module.notification_router.aws_iam_role_policy_attachment.main_cloudwatch_lambda_insights_execution_role_policy: Refreshing state... [id=terraform-20251030115900884900000003-20251030115902076700000007]
module.email_function.aws_iam_role_policy.main_eventbridge: Refreshing state... [id=terraform-20240211081405377800000007:eventbridge]
module.notification_router.aws_iam_role_policy_attachment.main_aws_xray_daemon_write_access: Refreshing state... [id=terraform-20251030115900884900000003-20251030115901959000000005]
module.email_function.aws_iam_role_policy_attachment.main_aws_xray_daemon_write_access: Refreshing state... [id=terraform-20240211081405377800000007-20250308100551307200000001]
module.email_function.aws_lambda_function.main: Refreshing state... [id=email-function]
module.email_function.aws_iam_role_policy_attachment.main_aws_lambda_basic_execution_role: Refreshing state... [id=terraform-20240211081405377800000007-20250308100551310900000002]
module.email_function.aws_iam_role_policy_attachment.main_cloudwatch_lambda_insights_execution_role_policy: Refreshing state... [id=terraform-20240211081405377800000007-20250308100551336200000004]
module.email_function.aws_iam_role_policy.main_parameter_store: Refreshing state... [id=terraform-20240211081405377800000007:parameter-store]
module.notification_router.aws_iam_role_policy.main_eventbridge: Refreshing state... [id=terraform-20251030115900884900000003:eventbridge]
module.midnight_automations.aws_scheduler_schedule.schedule: Refreshing state... [id=default/midnight-automations-schedule]
module.scrape_discord_events_function.aws_scheduler_schedule.schedule: Refreshing state... [id=default/scrape-discord-events-function-schedule]
module.email_function.aws_lambda_permission.sqs: Refreshing state... [id=terraform-20251014181318348500000001]
module.email_function.aws_lambda_event_source_mapping.main: Refreshing state... [id=4c996691-1418-4285-8ef0-8f3745120e5a]
module.notification_router.aws_lambda_permission.sqs: Refreshing state... [id=terraform-2025103011595657380000000a]
module.notification_router.aws_lambda_event_source_mapping.main: Refreshing state... [id=a94444d8-e8a8-4c14-b80d-2eaded934c8b]
aws_iam_role_policy.care_bear_shooter_build_uploader_s3: Refreshing state... [id=care-bear-shooter-build-uploader:s3]
aws_s3_bucket_cors_configuration.care_bear_shooter_build: Refreshing state... [id=care-bear-shooter-build-220746603587]
aws_cloudfront_distribution.care_bear_shooter_build: Refreshing state... [id=E3GY8A42OQ8RFW]
aws_s3_bucket_policy.care_bear_shooter_build_cloudfront: Refreshing state... [id=care-bear-shooter-build-220746603587]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy

Terraform will perform the following actions:

  # module.email_function.aws_iam_role_policy.main_dynamodb will be created
  + resource "aws_iam_role_policy" "main_dynamodb" {
      + id          = (known after apply)
      + name        = "dynamodb"
      + name_prefix = (known after apply)
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "dynamodb:GetItem",
                          + "dynamodb:PutItem",
                        ]
                      + Effect   = "Allow"
                      + Resource = [
                          + "arn:aws:dynamodb:eu-central-1:220746603587:table/SqsProcessedRequests",
                        ]
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + role        = "terraform-20240211081405377800000007"
    }

  # module.email_function.aws_iam_role_policy.main_parameter_store will be updated in-place
  ~ resource "aws_iam_role_policy" "main_parameter_store" {
        id          = "terraform-20240211081405377800000007:parameter-store"
        name        = "parameter-store"
      ~ policy      = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Resource = [
                            "arn:aws:kms:eu-central-1:220746603587:key/0fa26ab2-21c3-490a-8a14-2d746af4b6ad",
                          ~ "arn:aws:ssm:eu-central-1:220746603587:parameter/email-function/mailgun-api-key" -> "arn:aws:ssm:eu-central-1:220746603587:parameter/mailgun/api_key",
                        ]
                        # (2 unchanged attributes hidden)
                    },
                  - {
                      - Action   = [
                          - "sqs:DeleteMessage",
                          - "sqs:GetQueueAttributes",
                          - "sqs:ReceiveMessage",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:sqs:eu-central-1:220746603587:terraform-20240211081339784400000005",
                        ]
                    },
                  - {
                      - Action   = [
                          - "dynamodb:GetItem",
                          - "dynamodb:PutItem",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:dynamodb:eu-central-1:220746603587:table/SqsProcessedRequests",
                        ]
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        # (2 unchanged attributes hidden)
    }

  # module.email_function.aws_iam_role_policy.main_sqs will be created
  + resource "aws_iam_role_policy" "main_sqs" {
      + id          = (known after apply)
      + name        = "sqs"
      + name_prefix = (known after apply)
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "sqs:DeleteMessage",
                          + "sqs:GetQueueAttributes",
                          + "sqs:ReceiveMessage",
                        ]
                      + Effect   = "Allow"
                      + Resource = [
                          + "arn:aws:sqs:eu-central-1:220746603587:terraform-20240211081339784400000005",
                        ]
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + role        = "terraform-20240211081405377800000007"
    }

  # module.email_function.aws_lambda_function.main will be updated in-place
  ~ resource "aws_lambda_function" "main" {
        id                             = "email-function"
      ~ layers                         = [
          ~ "arn:aws:lambda:eu-central-1:187925254637:layer:AWS-Parameters-and-Secrets-Lambda-Extension-Arm64:20" -> "arn:aws:lambda:eu-central-1:187925254637:layer:AWS-Parameters-and-Secrets-Lambda-Extension-Arm64:21",
            "arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension-Arm64:25",
        ]
        tags                           = {}
        # (28 unchanged attributes hidden)

      + environment {
          + variables = (sensitive value)
        }

        # (3 unchanged blocks hidden)
    }

  # module.email_function.aws_ssm_parameter.custom[0] will be destroyed
  # (because aws_ssm_parameter.custom is not in configuration)
  - resource "aws_ssm_parameter" "custom" {
      - arn             = "arn:aws:ssm:eu-central-1:220746603587:parameter/email-function/mailgun-api-key" -> null
      - data_type       = "text" -> null
      - id              = "/email-function/mailgun-api-key" -> null
      - key_id          = "alias/aws/ssm" -> null
      - name            = (sensitive value) -> null
      - tags            = {} -> null
      - tags_all        = {
          - "ManagedBy"  = "Terraform"
          - "Repository" = "simonknittel/sam"
        } -> null
      - tier            = "Standard" -> null
      - type            = "SecureString" -> null
      - value           = (sensitive value) -> null
      - value_wo        = (write-only attribute) -> null
      - version         = 2 -> null
        # (2 unchanged attributes hidden)
    }

  # module.midnight_automations.aws_iam_role_policy.main_parameter_store will be created
  + resource "aws_iam_role_policy" "main_parameter_store" {
      + id          = (known after apply)
      + name        = "parameter-store"
      + name_prefix = (known after apply)
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "kms:Decrypt",
                          + "ssm:GetParameter",
                        ]
                      + Effect   = "Allow"
                      + Resource = [
                          + "arn:aws:kms:eu-central-1:220746603587:key/0fa26ab2-21c3-490a-8a14-2d746af4b6ad",
                          + "arn:aws:ssm:eu-central-1:220746603587:parameter/database/connection_string",
                        ]
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + role        = "terraform-20251012112428357600000001"
    }

  # module.midnight_automations.aws_lambda_function.main will be updated in-place
  ~ resource "aws_lambda_function" "main" {
        id                             = "midnight-automations"
      ~ layers                         = [
          + "arn:aws:lambda:eu-central-1:187925254637:layer:AWS-Parameters-and-Secrets-Lambda-Extension-Arm64:21",
            "arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension-Arm64:25",
        ]
        tags                           = {}
        # (28 unchanged attributes hidden)

      ~ environment {
          ~ variables = (sensitive value)
        }

        # (3 unchanged blocks hidden)
    }

  # module.notification_router.aws_iam_role_policy.main_dynamodb will be created
  + resource "aws_iam_role_policy" "main_dynamodb" {
      + id          = (known after apply)
      + name        = "dynamodb"
      + name_prefix = (known after apply)
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "dynamodb:GetItem",
                          + "dynamodb:PutItem",
                        ]
                      + Effect   = "Allow"
                      + Resource = [
                          + "arn:aws:dynamodb:eu-central-1:220746603587:table/SqsProcessedRequests",
                        ]
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + role        = "terraform-20251030115900884900000003"
    }

  # module.notification_router.aws_iam_role_policy.main_parameter_store will be updated in-place
  ~ resource "aws_iam_role_policy" "main_parameter_store" {
        id          = "terraform-20251030115900884900000003:parameter-store"
        name        = "parameter-store"
      ~ policy      = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Resource = [
                            "arn:aws:kms:eu-central-1:220746603587:key/0fa26ab2-21c3-490a-8a14-2d746af4b6ad",
                          + "arn:aws:ssm:eu-central-1:220746603587:parameter/database/connection_string",
                          + "arn:aws:ssm:eu-central-1:220746603587:parameter/web_push/private_vapid_key",
                          + "arn:aws:ssm:eu-central-1:220746603587:parameter/web_push/public_vapid_key",
                        ]
                        # (2 unchanged attributes hidden)
                    },
                  - {
                      - Action   = [
                          - "sqs:DeleteMessage",
                          - "sqs:GetQueueAttributes",
                          - "sqs:ReceiveMessage",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:sqs:eu-central-1:220746603587:terraform-20251030115928908600000009",
                        ]
                    },
                  - {
                      - Action   = [
                          - "dynamodb:GetItem",
                          - "dynamodb:PutItem",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:dynamodb:eu-central-1:220746603587:table/SqsProcessedRequests",
                        ]
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        # (2 unchanged attributes hidden)
    }

  # module.notification_router.aws_iam_role_policy.main_sqs will be created
  + resource "aws_iam_role_policy" "main_sqs" {
      + id          = (known after apply)
      + name        = "sqs"
      + name_prefix = (known after apply)
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "sqs:DeleteMessage",
                          + "sqs:GetQueueAttributes",
                          + "sqs:ReceiveMessage",
                        ]
                      + Effect   = "Allow"
                      + Resource = [
                          + "arn:aws:sqs:eu-central-1:220746603587:terraform-20251030115928908600000009",
                        ]
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + role        = "terraform-20251030115900884900000003"
    }

  # module.notification_router.aws_lambda_function.main will be updated in-place
  ~ resource "aws_lambda_function" "main" {
        id                             = "notification-router"
      ~ layers                         = [
          ~ "arn:aws:lambda:eu-central-1:187925254637:layer:AWS-Parameters-and-Secrets-Lambda-Extension-Arm64:20" -> "arn:aws:lambda:eu-central-1:187925254637:layer:AWS-Parameters-and-Secrets-Lambda-Extension-Arm64:21",
            "arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension-Arm64:25",
        ]
        tags                           = {}
        # (28 unchanged attributes hidden)

      ~ environment {
          ~ variables = (sensitive value)
        }

        # (3 unchanged blocks hidden)
    }

  # module.scrape_discord_events_function.aws_iam_role_policy.main_parameter_store will be created
  + resource "aws_iam_role_policy" "main_parameter_store" {
      + id          = (known after apply)
      + name        = "parameter-store"
      + name_prefix = (known after apply)
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "kms:Decrypt",
                          + "ssm:GetParameter",
                        ]
                      + Effect   = "Allow"
                      + Resource = [
                          + "arn:aws:kms:eu-central-1:220746603587:key/0fa26ab2-21c3-490a-8a14-2d746af4b6ad",
                          + "arn:aws:ssm:eu-central-1:220746603587:parameter/database/connection_string",
                          + "arn:aws:ssm:eu-central-1:220746603587:parameter/discord/bot_token",
                        ]
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + role        = "terraform-20250308102259501700000001"
    }

  # module.scrape_discord_events_function.aws_lambda_function.main will be updated in-place
  ~ resource "aws_lambda_function" "main" {
        id                             = "scrape-discord-events-function"
      ~ layers                         = [
          + "arn:aws:lambda:eu-central-1:187925254637:layer:AWS-Parameters-and-Secrets-Lambda-Extension-Arm64:21",
            "arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension-Arm64:25",
        ]
        tags                           = {}
        # (28 unchanged attributes hidden)

      ~ environment {
          ~ variables = (sensitive value)
        }

        # (3 unchanged blocks hidden)
    }

Plan: 6 to add, 6 to change, 1 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "tfplan"

Copilot

Pull request overview

This PR refactors Lambda functions to use AWS Systems Manager Parameter Store for secret management instead of hardcoded environment variables. The changes centralize secret management through a new parameter fetching utility and eliminate local development server code.

Migrated sensitive credentials from environment variables to AWS Parameter Store
Introduced a common parameter fetching utility for Lambda functions
Restructured Lambda function file organization by moving handlers to the top level
Removed local development API server and related dependencies

Reviewed changes

Copilot reviewed 49 out of 66 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
terraform/variables.tf	Removed email function parameters variable
terraform/scrape-discord-events-function.tf	Added Parameter Store references and runtime specification
terraform/notification-router.tf	Added Parameter Store references for web push keys
terraform/modules/scheduled-lambda/variables.tf	Added runtime and parameters variables
terraform/modules/scheduled-lambda/iam.tf	Added IAM policy for Parameter Store access
terraform/modules/scheduled-lambda/function.tf	Made runtime configurable and added Parameter Store extension layer
terraform/modules/eventbridge-sqs-lambda/variables.tf	Changed parameters from object list to string list
terraform/modules/eventbridge-sqs-lambda/iam.tf	Refactored IAM policies and removed custom SSM parameter resources
terraform/modules/eventbridge-sqs-lambda/function.tf	Updated Parameter Store extension layer version and standardized environment variables
terraform/midnight-automations.tf	Added runtime and parameter references
terraform/email-function.tf	Simplified parameter references
pnpm-monorepo/apps/lambda/src/scrape-discord-events/setup.ts	Added parameter fetching setup for Discord events function
pnpm-monorepo/apps/lambda/src/scrape-discord-events/eventbridge.ts	Updated import paths and switched to process.env
pnpm-monorepo/apps/lambda/src/scrape-discord-events/discord/utils/getEvents.ts	Switched from env object to process.env
pnpm-monorepo/apps/lambda/src/scrape-discord-events/discord/utils/getEventUsers.ts	Updated import paths and switched to process.env
pnpm-monorepo/apps/lambda/src/scrape-discord-events/discord/utils/checkResponseForError.ts	Translated error messages to English and switched to process.env
pnpm-monorepo/apps/lambda/src/scrape-discord-events.ts	New top-level handler file with setup import
pnpm-monorepo/apps/lambda/src/notification-router/web-push.ts	Updated import paths and switched to process.env for VAPID setup
pnpm-monorepo/apps/lambda/src/notification-router/type-handlers/WebPushSubscribed.ts	Updated import paths and switched to process.env
pnpm-monorepo/apps/lambda/src/notification-router/type-handlers/ProfitDistributionPayoutDisbursed.ts	Updated import paths
pnpm-monorepo/apps/lambda/src/notification-router/setup.ts	Added parameter fetching setup for notification router
pnpm-monorepo/apps/lambda/src/notification-router/handler.ts	Removed env import
pnpm-monorepo/apps/lambda/src/notification-router.ts	Added setup import and fixed formatting
pnpm-monorepo/apps/lambda/src/midnight-automations/*	Updated import paths across all automation files
pnpm-monorepo/apps/lambda/src/midnight-automations/setup.ts	Added parameter fetching setup for midnight automations
pnpm-monorepo/apps/lambda/src/midnight-automations.ts	New top-level handler file with setup import
pnpm-monorepo/apps/lambda/src/local-api.ts	Removed local development API server
pnpm-monorepo/apps/lambda/src/functions/*	Removed old function files and env validation
pnpm-monorepo/apps/lambda/src/common/parameters.ts	Added new parameter fetching utility
pnpm-monorepo/apps/lambda/scripts/build.sh	Updated build paths to look for functions at src root
pnpm-monorepo/apps/lambda/package.json	Removed local development dependencies
pnpm-monorepo/apps/lambda/.env.example	Renamed DISCORD_TOKEN to DISCORD_BOT_TOKEN
docs/setup-test-and-production.md	Updated setup instructions to remove email function parameters
bun-packages/packages/email-function/src/index.ts	Updated parameter path reference
.github/workflows/terraform-plan.yml	Changed environment secrets to variables
.github/workflows/terraform-apply.yml	Changed environment secrets to variables

pnpm-monorepo/apps/lambda/src/notification-router/setup.ts

pnpm-monorepo/apps/lambda/src/common/parameters.ts

pnpm-monorepo/apps/lambda/src/notification-router.ts

sonarqubecloud · 2025-12-07T11:12:26Z

Quality Gate passed

Issues
16 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Copilot

Pull request overview

Copilot reviewed 49 out of 66 changed files in this pull request and generated 3 comments.

pnpm-monorepo/apps/lambda/src/notification-router/web-push.ts

pnpm-monorepo/apps/lambda/src/notification-router/type-handlers/WebPushSubscribed.ts

pnpm-monorepo/apps/lambda/src/common/parameters.ts

Copilot AI review requested due to automatic review settings December 7, 2025 11:07

simonknittel temporarily deployed to terraform-test December 7, 2025 11:07 — with GitHub Actions Inactive

Copilot AI reviewed Dec 7, 2025

View reviewed changes

pnpm-monorepo/apps/lambda/src/notification-router/setup.ts Show resolved Hide resolved

pnpm-monorepo/apps/lambda/src/common/parameters.ts Outdated Show resolved Hide resolved

pnpm-monorepo/apps/lambda/src/notification-router.ts Show resolved Hide resolved

simonknittel force-pushed the feature/refactor-lambdas branch from 1549b76 to f9f66f4 Compare December 7, 2025 11:10

simonknittel temporarily deployed to terraform-test December 7, 2025 11:10 — with GitHub Actions Inactive

refactor(Lambda): make use of Parameter Store

3706e3c

simonknittel force-pushed the feature/refactor-lambdas branch from f9f66f4 to 3706e3c Compare December 7, 2025 11:11

simonknittel temporarily deployed to terraform-test December 7, 2025 11:11 — with GitHub Actions Inactive

simonknittel requested a review from Copilot December 7, 2025 11:11

Copilot AI reviewed Dec 7, 2025

View reviewed changes

pnpm-monorepo/apps/lambda/src/notification-router/web-push.ts Show resolved Hide resolved

pnpm-monorepo/apps/lambda/src/notification-router/type-handlers/WebPushSubscribed.ts Show resolved Hide resolved

pnpm-monorepo/apps/lambda/src/common/parameters.ts Show resolved Hide resolved

simonknittel merged commit 6a23092 into develop Dec 7, 2025
13 checks passed

simonknittel deleted the feature/refactor-lambdas branch December 7, 2025 11:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

refactor(Lambda): make use of Parameter Store#1849

refactor(Lambda): make use of Parameter Store#1849
simonknittel merged 1 commit intodevelopfrom
feature/refactor-lambdas

simonknittel commented Dec 7, 2025

Uh oh!

vercel bot commented Dec 7, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Dec 7, 2025 •

edited

Loading

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

sonarqubecloud bot commented Dec 7, 2025

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

simonknittel commented Dec 7, 2025

Uh oh!

vercel bot commented Dec 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Dec 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Terraform Plan 📖 success

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

sonarqubecloud bot commented Dec 7, 2025

Quality Gate passed

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

vercel bot commented Dec 7, 2025 •

edited

Loading

github-actions bot commented Dec 7, 2025 •

edited

Loading

Terraform Plan 📖 `success`