From dd7e5b91104a5acfa60751e23072d68701c015c3 Mon Sep 17 00:00:00 2001 From: aidenvaines-cgi Date: Thu, 22 Jan 2026 13:47:56 +0000 Subject: [PATCH 1/2] CCM-14046 Enable API data traces in nonprod envs --- .../terraform/components/app/module_backend_api.tf | 1 + infrastructure/terraform/components/app/variables.tf | 6 ++++++ .../modules/backend-api/api_gateway_method_settings.tf | 2 +- infrastructure/terraform/modules/backend-api/variables.tf | 6 ++++++ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/infrastructure/terraform/components/app/module_backend_api.tf b/infrastructure/terraform/components/app/module_backend_api.tf index 15dd60915..d73b5c751 100644 --- a/infrastructure/terraform/components/app/module_backend_api.tf +++ b/infrastructure/terraform/components/app/module_backend_api.tf @@ -24,6 +24,7 @@ module "backend_api" { letter_suppliers = var.letter_suppliers log_destination_arn = local.log_destination_arn log_subscription_role_arn = local.acct.log_subscription_role_arn + enable_api_data_trace = var.enable_api_data_trace email_domain = module.ses.domain template_submitted_sender_email_address = "template-submitted@${module.ses.domain}" diff --git a/infrastructure/terraform/components/app/variables.tf b/infrastructure/terraform/components/app/variables.tf index 4e8f961fb..f6f54c2bf 100644 --- a/infrastructure/terraform/components/app/variables.tf +++ b/infrastructure/terraform/components/app/variables.tf @@ -213,3 +213,9 @@ variable "external_email_domain" { default = null description = "Externally managed domain used to create an SES identity for sending emails from. Validation DNS records will need to be manually configured in the DNS provider." } + +variable "enable_api_data_trace" { + type = bool + description = "Enable API Gateway data trace logging" + default = false +} diff --git a/infrastructure/terraform/modules/backend-api/api_gateway_method_settings.tf b/infrastructure/terraform/modules/backend-api/api_gateway_method_settings.tf index d491732e1..a1db71c7f 100644 --- a/infrastructure/terraform/modules/backend-api/api_gateway_method_settings.tf +++ b/infrastructure/terraform/modules/backend-api/api_gateway_method_settings.tf @@ -6,6 +6,6 @@ resource "aws_api_gateway_method_settings" "main" { settings { metrics_enabled = true logging_level = "INFO" - data_trace_enabled = true + data_trace_enabled = var.enable_api_data_trace } } diff --git a/infrastructure/terraform/modules/backend-api/variables.tf b/infrastructure/terraform/modules/backend-api/variables.tf index 1c7c82ddc..b7678992f 100644 --- a/infrastructure/terraform/modules/backend-api/variables.tf +++ b/infrastructure/terraform/modules/backend-api/variables.tf @@ -139,3 +139,9 @@ variable "sns_topic_arn" { description = "SNS topic ARN" default = null } + +variable "enable_api_data_trace" { + type = bool + description = "Enable API Gateway data trace logging" + default = false +} From f21e90ca83f41842bf50ea2c0f284b8d21b5ff41 Mon Sep 17 00:00:00 2001 From: aidenvaines-cgi Date: Thu, 22 Jan 2026 13:50:21 +0000 Subject: [PATCH 2/2] CCM-14046 Enable API data traces in nonprod envs --- infrastructure/terraform/components/app/README.md | 1 + infrastructure/terraform/modules/backend-api/README.md | 1 + 2 files changed, 2 insertions(+) diff --git a/infrastructure/terraform/components/app/README.md b/infrastructure/terraform/components/app/README.md index efeeab36c..bb013b8c1 100644 --- a/infrastructure/terraform/components/app/README.md +++ b/infrastructure/terraform/components/app/README.md @@ -28,6 +28,7 @@ | [destination\_vault\_arn](#input\_destination\_vault\_arn) | ARN of the backup vault in the destination account, if this environment should be backed up | `string` | `null` | no | | [enable\_amplify\_basic\_auth](#input\_enable\_amplify\_basic\_auth) | Enable a basic set of credentials in the form of a dynamically generated username and password for the amplify app branches. Not intended for production use | `bool` | `true` | no | | [enable\_amplify\_branch\_auto\_build](#input\_enable\_amplify\_branch\_auto\_build) | Enable automatic building of branches | `bool` | `false` | no | +| [enable\_api\_data\_trace](#input\_enable\_api\_data\_trace) | Enable API Gateway data trace logging | `bool` | `false` | no | | [enable\_cognito\_built\_in\_idp](#input\_enable\_cognito\_built\_in\_idp) | Enable the use of Cognito as an IDP; CIS2 is preferred | `bool` | `false` | no | | [enable\_event\_caching](#input\_enable\_event\_caching) | Enable caching of events to an S3 bucket | `bool` | `true` | no | | [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes | diff --git a/infrastructure/terraform/modules/backend-api/README.md b/infrastructure/terraform/modules/backend-api/README.md index 2197b0c81..cbcdd89a0 100644 --- a/infrastructure/terraform/modules/backend-api/README.md +++ b/infrastructure/terraform/modules/backend-api/README.md @@ -15,6 +15,7 @@ No requirements. | [component](#input\_component) | The variable encapsulating the name of this component | `string` | n/a | yes | | [csi](#input\_csi) | CSI from the parent component | `string` | n/a | yes | | [email\_domain](#input\_email\_domain) | Email domain | `string` | n/a | yes | +| [enable\_api\_data\_trace](#input\_enable\_api\_data\_trace) | Enable API Gateway data trace logging | `bool` | `false` | no | | [enable\_backup](#input\_enable\_backup) | Enable Backups for the DynamoDB table? | `bool` | `true` | no | | [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes | | [function\_s3\_bucket](#input\_function\_s3\_bucket) | Name of S3 bucket to upload lambda artefacts to | `string` | n/a | yes |