From 44a2bebcb39c4c1b31ec0e7a26028e29cfe31abd Mon Sep 17 00:00:00 2001
From: Jim Wild <james.wild6@nhs.net>
Date: Tue, 22 Oct 2024 14:05:38 +0100
Subject: [PATCH 1/2] New: [AEA-4490] - Add an alarm on Dynamo capacity (#939)

## Summary

- :sparkles: New Feature

### Details

[Ticket](https://nhsd-jira.digital.nhs.uk/browse/AEA-4490)

We want to alert when the database consumption rate approaches the
provisioned capacity. This adds an alarm to the existing `alarms.yml` to
do so. The alarm is placed in the PSU stack so as to also apply itself
to alternate stack names (e.g. PR stacks)
---
 SAMtemplates/alarms/main.yaml   | 48 +++++++++++++++++++++++++++++++++
 SAMtemplates/main_template.yaml |  7 +++++
 package-lock.json               | 23 ++++------------
 3 files changed, 60 insertions(+), 18 deletions(-)

diff --git a/SAMtemplates/alarms/main.yaml b/SAMtemplates/alarms/main.yaml
index e2a60ff75..f24363045 100644
--- a/SAMtemplates/alarms/main.yaml
+++ b/SAMtemplates/alarms/main.yaml
@@ -22,6 +22,11 @@ Parameters:
   EnableAlerts:
     Type: String
 
+  DynamoDBUtilizationPercentageThreshold:
+    Type: Number
+    Description: When the database usage crosses this percentage of provisioned capacity, trigger an alarm
+    Default: 90
+
 Resources:
   GetStatusUpdatesErrorsLogsMetricFilter:
     Type: AWS::Logs::MetricFilter
@@ -220,6 +225,49 @@ Resources:
       OKActions:
         - !ImportValue lambda-resources:SlackAlertsSnsTopicArn
 
+  DynamoDBWriteConsumptionAlarm:
+    Type: AWS::CloudWatch::Alarm
+    Properties:
+      AlarmName: !Sub "${AWS::StackName}_DynamoDB_ConsumedWriteCapacity"
+      ActionsEnabled: !Ref EnableAlerts
+      AlarmActions:
+        - !ImportValue lambda-resources:SlackAlertsSnsTopicArn
+      InsufficientDataActions:
+        - !ImportValue lambda-resources:SlackAlertsSnsTopicArn
+      OKActions:
+        - !ImportValue lambda-resources:SlackAlertsSnsTopicArn
+      EvaluationPeriods: 1
+      Threshold: !Ref DynamoDBUtilizationPercentageThreshold
+      ComparisonOperator: GreaterThanOrEqualToThreshold
+      TreatMissingData: notBreaching
+      Metrics:
+        - Id: e1
+          Label: UtilizationPercentage
+          ReturnData: true
+          Expression: "(m1 / (m2 * 60)) * 100"
+        - Id: m1
+          ReturnData: false
+          MetricStat:
+            Metric:
+              Namespace: AWS/DynamoDB
+              MetricName: ConsumedWriteCapacityUnits
+              Dimensions:
+                - Name: TableName
+                  Value: !Ref PrescriptionStatusUpdatesTableName
+            Period: 60
+            Stat: Sum
+        - Id: m2
+          ReturnData: false
+          MetricStat:
+            Metric:
+              Namespace: AWS/DynamoDB
+              MetricName: ProvisionedWriteCapacityUnits
+              Dimensions:
+                - Name: TableName
+                  Value: !Ref PrescriptionStatusUpdatesTableName
+            Period: 60
+            Stat: Maximum
+
   CPSUFhirConverterErrorLogsMetricFilter:
     Type: AWS::Logs::MetricFilter
     Properties:
diff --git a/SAMtemplates/main_template.yaml b/SAMtemplates/main_template.yaml
index aa71b0cc8..cc133abba 100644
--- a/SAMtemplates/main_template.yaml
+++ b/SAMtemplates/main_template.yaml
@@ -81,6 +81,12 @@ Parameters:
       - true
       - false
 
+  DynamoDBUtilizationPercentageThreshold:
+    Type: Number
+    Description: When the database usage crosses this percentage of provisioned capacity, trigger an alarm
+    Default: 90
+
+
 Resources:
   Tables:
     Type: AWS::Serverless::Application
@@ -150,4 +156,5 @@ Resources:
         UpdatePrescriptionStatusFunctionName: !GetAtt Functions.Outputs.UpdatePrescriptionStatusFunctionName
         PrescriptionStatusUpdatesTableName: !GetAtt Tables.Outputs.PrescriptionStatusUpdatesTableName
         ConvertRequestToFhirFormatFunctionName: !GetAtt Functions.Outputs.ConvertRequestToFhirFormatFunctionName
+        DynamoDBUtilizationPercentageThreshold: !Ref DynamoDBUtilizationPercentageThreshold
         EnableAlerts: !Ref EnableAlerts
diff --git a/package-lock.json b/package-lock.json
index b3740e88c..ce1892882 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4454,6 +4454,7 @@
       "version": "6.12.6",
       "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
       "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+      "dev": true,
       "dependencies": {
         "fast-deep-equal": "^3.1.1",
         "fast-json-stable-stringify": "^2.0.0",
@@ -7140,7 +7141,8 @@
     "node_modules/fast-json-stable-stringify": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
-      "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw=="
+      "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==",
+      "dev": true
     },
     "node_modules/fast-levenshtein": {
       "version": "2.0.6",
@@ -9335,7 +9337,8 @@
     "node_modules/json-schema-traverse": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
-      "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg=="
+      "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==",
+      "dev": true
     },
     "node_modules/json-stable-stringify-without-jsonify": {
       "version": "1.0.1",
@@ -13605,22 +13608,6 @@
         "node": ">= 0.8.0"
       }
     },
-    "node_modules/prettier": {
-      "version": "3.3.3",
-      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.3.3.tgz",
-      "integrity": "sha512-i2tDNA0O5IrMO757lfrdQZCc2jPNDVntV0m/+4whiDfWaTKfMNgR7Qz0NAeGz/nRqF4m5/6CLzbP4/liHt12Ew==",
-      "dev": true,
-      "peer": true,
-      "bin": {
-        "prettier": "bin/prettier.cjs"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "funding": {
-        "url": "https://github.com/prettier/prettier?sponsor=1"
-      }
-    },
     "node_modules/prettier-linter-helpers": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/prettier-linter-helpers/-/prettier-linter-helpers-1.0.0.tgz",

From 9e7ffd0d80c09ece0b10829afb8b0a607342a0fb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 22 Oct 2024 13:40:59 +0000
Subject: [PATCH 2/2] Upgrade: [dependabot] - bump boto3 from 1.35.44 to
 1.35.45 (#969)

Bumps [boto3](https://github.com/boto/boto3) from 1.35.44 to 1.35.45.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/boto/boto3/commit/59cba2ae21561adfe04e67cb92e876cdcfc89102"><code>59cba2a</code></a>
Merge branch 'release-1.35.45'</li>
<li><a
href="https://github.com/boto/boto3/commit/81cf6086aa27f69046f14c3f4bc9bcca1a9004eb"><code>81cf608</code></a>
Bumping version to 1.35.45</li>
<li><a
href="https://github.com/boto/boto3/commit/976dad2ac9d973f47a9045834d55978c8cd4550b"><code>976dad2</code></a>
Add changelog entries from botocore</li>
<li><a
href="https://github.com/boto/boto3/commit/15c3dbc8758d64fec90664b8335111f410acfaee"><code>15c3dbc</code></a>
Merge branch 'release-1.35.44' into develop</li>
<li>See full diff in <a
href="https://github.com/boto/boto3/compare/1.35.44...1.35.45">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=boto3&package-manager=pip&previous-version=1.35.44&new-version=1.35.45)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 poetry.lock    | 16 ++++++++--------
 pyproject.toml |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/poetry.lock b/poetry.lock
index 8ce795fbd..f34395b65 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -107,17 +107,17 @@ uvloop = ["uvloop (>=0.15.2)"]
 
 [[package]]
 name = "boto3"
-version = "1.35.44"
+version = "1.35.45"
 description = "The AWS SDK for Python"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "boto3-1.35.44-py3-none-any.whl", hash = "sha256:18416d07b41e6094101a44f8b881047dcec6b846dad0b9f83b9bbf2f0cd93d07"},
-    {file = "boto3-1.35.44.tar.gz", hash = "sha256:7f8e8a252458d584d8cf7877c372c4f74ec103356eedf43d2dd9e479f47f3639"},
+    {file = "boto3-1.35.45-py3-none-any.whl", hash = "sha256:f16c7edfcbbeb0a0c22d67d6ebbfcb332fa78d3ea88275e082260ba04fe65347"},
+    {file = "boto3-1.35.45.tar.gz", hash = "sha256:9f4a081e1940846171b51d903000a04322f1356d53225ce1028fc1760a155a70"},
 ]
 
 [package.dependencies]
-botocore = ">=1.35.44,<1.36.0"
+botocore = ">=1.35.45,<1.36.0"
 jmespath = ">=0.7.1,<2.0.0"
 s3transfer = ">=0.10.0,<0.11.0"
 
@@ -126,13 +126,13 @@ crt = ["botocore[crt] (>=1.21.0,<2.0a0)"]
 
 [[package]]
 name = "botocore"
-version = "1.35.44"
+version = "1.35.45"
 description = "Low-level, data-driven core of boto 3."
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "botocore-1.35.44-py3-none-any.whl", hash = "sha256:55388e80624401d017a9a2b8109afd94814f7e666b53e28fce51375cfa8d9326"},
-    {file = "botocore-1.35.44.tar.gz", hash = "sha256:1fcd97b966ad8a88de4106fe1bd3bbd6d8dadabe99bbd4a6aadcf11cb6c66b39"},
+    {file = "botocore-1.35.45-py3-none-any.whl", hash = "sha256:e07e170975721c94ec1e3bf71a484552ad63e2499f769dd14f9f37375b4993fd"},
+    {file = "botocore-1.35.45.tar.gz", hash = "sha256:9a898bfdd6b0027fee2018711192c15c2716bf6a7096b1168bd8a896df3664a1"},
 ]
 
 [package.dependencies]
@@ -1647,4 +1647,4 @@ files = [
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.12"
-content-hash = "eeee8e15f764c0cf8e470d312311b6a0518bc628bec6426fe6a4a7bcf3c36219"
+content-hash = "0a5f9a29c00a31f03aeaca84a2cd2f822c29d949058d25f9c3c29bc0e062dbfd"
diff --git a/pyproject.toml b/pyproject.toml
index 40ddb9135..ecc029bde 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -32,7 +32,7 @@ jsonpath-rw = "^1.4.0"
 semver = "^3.0.2"
 gitpython = "^3.1.42"
 requests = "^2.32.3"
-boto3 = "^1.35.44"
+boto3 = "^1.35.45"
 argparse = "^1.4.0"
 pre-commit = "^4.0.1"
 pytest = "^8.3.3"