Fix deployment

devksingh4 · devksingh4 · commit 504977dbbc79 · 2025-10-20T17:14:52.000-05:00
diff --git a/src/api/routes/tickets.ts b/src/api/routes/tickets.ts
@@ -2,6 +2,7 @@ import { FastifyPluginAsync } from "fastify";
 import * as z from "zod/v4";
 import {
   ConditionalCheckFailedException,
+  DynamoDBClient,
   QueryCommand,
   ScanCommand,
   UpdateItemCommand,
@@ -93,15 +94,11 @@ const listMerchItemsResponse = z.object({
 
 const postSchema = z.union([postMerchSchema, postTicketSchema]);
 
-type VerifyPostRequest = z.infer<typeof postSchema>;
-
-type TicketsGetRequest = {
-  Params: { id: string };
-  Querystring: { type: string };
-  Body: undefined;
-};
-
 const ticketsPlugin: FastifyPluginAsync = async (fastify, _options) => {
+  // tickets is legacy and is stuck in us-east-1 for now.
+  const UsEast1DynamoClient = new DynamoDBClient({
+    region: "us-east-1",
+  });
   fastify.withTypeProvider<FastifyZodOpenApiTypeProvider>().get(
     "",
     {
@@ -133,7 +130,7 @@ const ticketsPlugin: FastifyPluginAsync = async (fastify, _options) => {
       });
 
       const merchItems: ItemMetadata[] = [];
-      const response = await fastify.dynamoClient.send(merchCommand);
+      const response = await UsEast1DynamoClient.send(merchCommand);
       const now = new Date();
 
       if (response.Items) {
@@ -168,7 +165,7 @@ const ticketsPlugin: FastifyPluginAsync = async (fastify, _options) => {
       });
 
       const ticketItems: TicketItemMetadata[] = [];
-      const ticketResponse = await fastify.dynamoClient.send(ticketCommand);
+      const ticketResponse = await UsEast1DynamoClient.send(ticketCommand);
 
       if (ticketResponse.Items) {
         for (const item of ticketResponse.Items.map((x) => unmarshall(x))) {
@@ -231,7 +228,7 @@ const ticketsPlugin: FastifyPluginAsync = async (fastify, _options) => {
               ":itemId": { S: eventId },
             },
           });
-          const response = await fastify.dynamoClient.send(command);
+          const response = await UsEast1DynamoClient.send(command);
           if (!response.Items) {
             throw new NotFoundError({
               endpointName: `/api/v1/tickets/${eventId}`,
@@ -321,7 +318,7 @@ const ticketsPlugin: FastifyPluginAsync = async (fastify, _options) => {
           break;
       }
       try {
-        await fastify.dynamoClient.send(command);
+        await UsEast1DynamoClient.send(command);
       } catch (e) {
         if (e instanceof ConditionalCheckFailedException) {
           throw new NotFoundError({
@@ -412,7 +409,7 @@ const ticketsPlugin: FastifyPluginAsync = async (fastify, _options) => {
       }
       let purchaserData: PurchaseData;
       try {
-        const ticketEntry = await fastify.dynamoClient.send(command);
+        const ticketEntry = await UsEast1DynamoClient.send(command);
         if (!ticketEntry.Attributes) {
           throw new DatabaseFetchError({
             message: "Could not find ticket data",
@@ -472,7 +469,7 @@ const ticketsPlugin: FastifyPluginAsync = async (fastify, _options) => {
         purchaserData,
       });
       await createAuditLogEntry({
-        dynamoClient: fastify.dynamoClient,
+        dynamoClient: UsEast1DynamoClient,
         entry: {
           module: Modules.TICKETS,
           actor: request.username!,
diff --git a/terraform/envs/prod/main.tf b/terraform/envs/prod/main.tf
@@ -96,13 +96,15 @@ module "archival" {
   ProjectId        = var.ProjectId
   RunEnvironment   = "dev"
   LogRetentionDays = var.LogRetentionDays
-  BucketPrefix     = local.bucket_prefix
   MonitorTables    = ["${var.ProjectId}-audit-log", "${var.ProjectId}-events", "${var.ProjectId}-room-requests"]
   TableDeletionDays = tomap({
     "${var.ProjectId}-audit-log" : 1460,
     "${var.ProjectId}-room-requests" : 730
     # events are held forever as a cool historical archive - if no one reads them it shouldn't cost us much.
   })
+  providers = {
+    aws = aws.ohio
+  }
 }
 
 module "lambdas" {
diff --git a/terraform/envs/prod/variables.tf b/terraform/envs/prod/variables.tf
@@ -10,12 +10,12 @@ variable "ProjectId" {
 
 variable "GeneralSNSAlertArn" {
   type    = string
-  default = "arn:aws:sns:us-east-1:298118738376:infra-monitor-alerts"
+  default = "arn:aws:sns:us-east-2:298118738376:infra-monitor-alerts"
 }
 
 variable "PrioritySNSAlertArn" {
   type    = string
-  default = "arn:aws:sns:us-east-1:298118738376:infra-core-api-priority-alerts"
+  default = "arn:aws:sns:us-east-2:298118738376:infra-core-api-priority-alerts"
 }
 
 
diff --git a/terraform/envs/qa/main.tf b/terraform/envs/qa/main.tf
@@ -93,14 +93,16 @@ module "archival" {
   ProjectId        = var.ProjectId
   RunEnvironment   = "dev"
   LogRetentionDays = var.LogRetentionDays
-  BucketPrefix     = local.bucket_prefix
   MonitorTables    = ["${var.ProjectId}-audit-log", "${var.ProjectId}-events", "${var.ProjectId}-room-requests"]
   TableDeletionDays = tomap({
     "${var.ProjectId}-audit-log" : 15,
     "${var.ProjectId}-room-requests" : 15
     "${var.ProjectId}-events" : 15
     // We delete pretty quickly in QA
   })
+  providers = {
+    aws = aws.ohio
+  }
 }
 
 resource "aws_cloudfront_key_value_store" "linkry_kv" {
diff --git a/terraform/envs/qa/variables.tf b/terraform/envs/qa/variables.tf
@@ -42,10 +42,10 @@ variable "EmailDomain" {
 
 variable "GeneralSNSAlertArn" {
   type    = string
-  default = "arn:aws:sns:us-east-1:427040638965:infra-monitor-alerts"
+  default = "arn:aws:sns:us-east-2:427040638965:infra-monitor-alerts"
 }
 
 variable "PrioritySNSAlertArn" {
   type    = string
-  default = "arn:aws:sns:us-east-1:427040638965:infra-monitor-alerts"
+  default = "arn:aws:sns:us-east-2:427040638965:infra-monitor-alerts"
 }
diff --git a/terraform/modules/alarms/main.tf b/terraform/modules/alarms/main.tf
@@ -7,6 +7,7 @@ terraform {
 }
 
 resource "aws_cloudwatch_metric_alarm" "app_dlq_messages_alarm" {
+  region              = "us-east-2"
   alarm_name          = "${var.resource_prefix}-sqs-dlq-present"
   alarm_description   = "Items are present in the application DLQ, meaning some messages failed to process."
   namespace           = "AWS/SQS"
@@ -26,6 +27,7 @@ resource "aws_cloudwatch_metric_alarm" "app_dlq_messages_alarm" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "app_latency_alarm" {
+  region              = "us-east-2"
   for_each            = var.performance_noreq_lambdas
   alarm_name          = "${each.value}-latency-high"
   alarm_description   = "${replace(each.value, "${var.resource_prefix}-", "")} Trailing Mean - 95% API gateway latency is > 1.5s for 2 times in 4 minutes."
@@ -45,6 +47,7 @@ resource "aws_cloudwatch_metric_alarm" "app_latency_alarm" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "app_no_requests_alarm" {
+  region              = "us-east-2"
   for_each            = var.performance_noreq_lambdas
   alarm_name          = "${each.value}-no-requests"
   alarm_description   = "${replace(each.value, "${var.resource_prefix}-", "")}: no requests have been received in the past 5 minutes."
@@ -64,6 +67,7 @@ resource "aws_cloudwatch_metric_alarm" "app_no_requests_alarm" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "app_invocation_error_alarm" {
+  region              = "us-east-2"
   for_each            = var.all_lambdas
   alarm_name          = "${each.value}-error-invocation"
   alarm_description   = "${replace(each.value, "${var.resource_prefix}-", "")} lambda threw a critical error."
@@ -83,6 +87,7 @@ resource "aws_cloudwatch_metric_alarm" "app_invocation_error_alarm" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "app5xx_error_alarm" {
+  region              = "us-east-2"
   alarm_name          = "${var.resource_prefix}-cloudfront-5xx-error"
   alarm_description   = "Main application responses are more than 1% 5xx errors (from Cloudfront)"
   namespace           = "AWS/CloudFront"
@@ -102,6 +107,7 @@ resource "aws_cloudwatch_metric_alarm" "app5xx_error_alarm" {
 
 # firehose alarms
 resource "aws_cloudwatch_metric_alarm" "firehost_archival_data_freshness" {
+  region              = "us-east-2"
   alarm_name          = "${var.resource_prefix}-firehose-data-stale"
   alarm_description   = "Delivery of archival records to S3 is taking longer than 5 minutes."
   namespace           = "AWS/Firehose"
diff --git a/terraform/modules/archival/main.tf b/terraform/modules/archival/main.tf
@@ -5,40 +5,49 @@ data "archive_file" "api_lambda_code" {
 }
 
 locals {
-  dynamo_stream_reader_lambda_name = "${var.ProjectId}-dynamo-archival"
-  firehose_stream_name             = "${var.ProjectId}-archival-stream"
+  aws_region                       = "us-east-2"
+  dynamo_stream_reader_lambda_name = "${var.ProjectId}-${local.aws_region}-dynamo-archival"
+  firehose_stream_name             = "${var.ProjectId}-${local.aws_region}-archival-stream"
+  bucket_prefix                    = "${data.aws_caller_identity.current.account_id}-${local.aws_region}"
 }
+
 data "aws_caller_identity" "current" {}
 data "aws_region" "current" {}
 
 resource "aws_cloudwatch_log_group" "archive_logs" {
+  region            = local.aws_region
   name              = "/aws/lambda/${local.dynamo_stream_reader_lambda_name}"
   retention_in_days = var.LogRetentionDays
 }
 
 resource "aws_cloudwatch_log_group" "firehose_logs" {
+  region            = local.aws_region
   name              = "/aws/kinesisfirehose/${local.firehose_stream_name}"
   retention_in_days = var.LogRetentionDays
 }
 
 resource "aws_cloudwatch_log_stream" "firehose_logs_stream" {
+  region         = local.aws_region
   log_group_name = aws_cloudwatch_log_group.firehose_logs.name
   name           = "DataArchivalS3Delivery"
 }
 
 
 resource "aws_s3_bucket" "this" {
-  bucket = "${var.BucketPrefix}-ddb-archive"
+  region = local.aws_region
+  bucket = "${local.bucket_prefix}-ddb-archive"
 }
 
 resource "aws_s3_bucket_versioning" "this" {
+  region = local.aws_region
   bucket = aws_s3_bucket.this.id
   versioning_configuration {
     status = "Enabled"
   }
 }
 
 resource "aws_s3_bucket_lifecycle_configuration" "this" {
+  region = local.aws_region
   bucket = aws_s3_bucket.this.id
 
   rule {
@@ -92,6 +101,7 @@ resource "aws_s3_bucket_lifecycle_configuration" "this" {
 }
 
 resource "aws_s3_bucket_intelligent_tiering_configuration" "this" {
+  region = local.aws_region
   bucket = aws_s3_bucket.this.id
   name   = "ArchiveAfterSixMonths"
   status = "Enabled"
@@ -134,11 +144,13 @@ resource "aws_iam_policy" "archive_lambda_policy" {
 
 
 data "aws_dynamodb_table" "existing_tables" {
+  region   = local.aws_region
   for_each = toset(var.MonitorTables)
   name     = each.key
 }
 
 resource "aws_lambda_event_source_mapping" "stream_mapping" {
+  region                  = local.aws_region
   for_each                = toset(var.MonitorTables)
   function_name           = aws_lambda_function.api_lambda.arn
   event_source_arn        = data.aws_dynamodb_table.existing_tables[each.key].stream_arn
@@ -218,6 +230,7 @@ resource "aws_iam_role_policy_attachment" "firehose_attach" {
 }
 
 resource "aws_kinesis_firehose_delivery_stream" "dynamic_stream" {
+  region      = local.aws_region
   name        = local.firehose_stream_name
   destination = "extended_s3"
 
@@ -299,6 +312,7 @@ resource "aws_iam_role_policy_attachment" "archive_attach" {
 }
 
 resource "aws_lambda_function" "api_lambda" {
+  region           = local.aws_region
   depends_on       = [aws_cloudwatch_log_group.archive_logs]
   function_name    = local.dynamo_stream_reader_lambda_name
   role             = aws_iam_role.archive_role.arn
diff --git a/terraform/modules/archival/variables.tf b/terraform/modules/archival/variables.tf
@@ -3,11 +3,6 @@ variable "ProjectId" {
   description = "Prefix before each resource"
 }
 
-variable "BucketPrefix" {
-  type = string
-}
-
-
 variable "LogRetentionDays" {
   type = number
 }
diff --git a/terraform/modules/lambdas/main.tf b/terraform/modules/lambdas/main.tf
@@ -215,13 +215,15 @@ resource "aws_iam_policy" "shared_iam_policy" {
         ],
         Effect = "Allow",
         Resource = [
+          // Tickets is still in us-east-1!
+          "arn:aws:dynamodb:us-east-1:${data.aws_caller_identity.current.account_id}:table/infra-events-tickets",
+          "arn:aws:dynamodb:us-east-1:${data.aws_caller_identity.current.account_id}:table/infra-events-ticketing-metadata",
+          "arn:aws:dynamodb:us-east-1:${data.aws_caller_identity.current.account_id}:table/infra-merchstore-purchase-history",
+          "arn:aws:dynamodb:us-east-1:${data.aws_caller_identity.current.account_id}:table/infra-merchstore-purchase-history/index/*",
+          "arn:aws:dynamodb:us-east-1:${data.aws_caller_identity.current.account_id}:table/infra-merchstore-metadata",
+
           "arn:aws:dynamodb:us-east-2:${data.aws_caller_identity.current.account_id}:table/infra-core-api-events",
           "arn:aws:dynamodb:us-east-2:${data.aws_caller_identity.current.account_id}:table/infra-core-api-events/index/*",
-          "arn:aws:dynamodb:us-east-2:${data.aws_caller_identity.current.account_id}:table/infra-merchstore-purchase-history",
-          "arn:aws:dynamodb:us-east-2:${data.aws_caller_identity.current.account_id}:table/infra-merchstore-purchase-history/index/*",
-          "arn:aws:dynamodb:us-east-2:${data.aws_caller_identity.current.account_id}:table/infra-events-tickets",
-          "arn:aws:dynamodb:us-east-2:${data.aws_caller_identity.current.account_id}:table/infra-events-ticketing-metadata",
-          "arn:aws:dynamodb:us-east-2:${data.aws_caller_identity.current.account_id}:table/infra-merchstore-metadata",
           "arn:aws:dynamodb:us-east-2:${data.aws_caller_identity.current.account_id}:table/infra-core-api-iam-assignments",
           "arn:aws:dynamodb:us-east-2:${data.aws_caller_identity.current.account_id}:table/infra-core-api-stripe-links",
           "arn:aws:dynamodb:us-east-2:${data.aws_caller_identity.current.account_id}:table/infra-core-api-stripe-links/index/*",

Original file line number	Diff line number	Diff line change
`@@ -10,12 +10,12 @@ variable "ProjectId" {`
`10`	`10`
`11`	`11`	`variable "GeneralSNSAlertArn" {`
`12`	`12`	`type = string`
`13`		`- default = "arn:aws:sns:us-east-1:298118738376:infra-monitor-alerts"`
	`13`	`+ default = "arn:aws:sns:us-east-2:298118738376:infra-monitor-alerts"`
`14`	`14`	`}`
`15`	`15`
`16`	`16`	`variable "PrioritySNSAlertArn" {`
`17`	`17`	`type = string`
`18`		`- default = "arn:aws:sns:us-east-1:298118738376:infra-core-api-priority-alerts"`
	`18`	`+ default = "arn:aws:sns:us-east-2:298118738376:infra-core-api-priority-alerts"`
`19`	`19`	`}`
`20`	`20`
`21`	`21`
Original file line number	Diff line number	Diff line change
`@@ -42,10 +42,10 @@ variable "EmailDomain" {`
`42`	`42`
`43`	`43`	`variable "GeneralSNSAlertArn" {`
`44`	`44`	`type = string`
`45`		`- default = "arn:aws:sns:us-east-1:427040638965:infra-monitor-alerts"`
	`45`	`+ default = "arn:aws:sns:us-east-2:427040638965:infra-monitor-alerts"`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`variable "PrioritySNSAlertArn" {`
`49`	`49`	`type = string`
`50`		`- default = "arn:aws:sns:us-east-1:427040638965:infra-monitor-alerts"`
	`50`	`+ default = "arn:aws:sns:us-east-2:427040638965:infra-monitor-alerts"`
`51`	`51`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,11 +3,6 @@ variable "ProjectId" {`
`3`	`3`	`description = "Prefix before each resource"`
`4`	`4`	`}`
`5`	`5`
`6`		`-variable "BucketPrefix" {`
`7`		`- type = string`
`8`		`-}`
`9`		`-`
`10`		`-`
`11`	`6`	`variable "LogRetentionDays" {`
`12`	`7`	`type = number`
`13`	`8`	`}`