From 4db2023f964abc2a73ae32dacc1a124bce5fd683 Mon Sep 17 00:00:00 2001
From: Mark Slowey <mark.slowey1@nhs.net>
Date: Wed, 21 Jan 2026 11:39:26 +0000
Subject: [PATCH 1/2] change the s3 source to reference release

---
 infrastructure/terraform/modules/eventsub/README.md             | 2 +-
 .../terraform/modules/eventsub/module_s3bucket_event_cache.tf   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/terraform/modules/eventsub/README.md b/infrastructure/terraform/modules/eventsub/README.md
index a5653fda3..859c5fd5b 100644
--- a/infrastructure/terraform/modules/eventsub/README.md
+++ b/infrastructure/terraform/modules/eventsub/README.md
@@ -34,7 +34,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_s3bucket_event_cache"></a> [s3bucket\_event\_cache](#module\_s3bucket\_event\_cache) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/s3bucket | v1.0.8 |
+| <a name="module_s3bucket_event_cache"></a> [s3bucket\_event\_cache](#module\_s3bucket\_event\_cache) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-s3bucket.zip | n/a |
 ## Outputs
 
 | Name | Description |
diff --git a/infrastructure/terraform/modules/eventsub/module_s3bucket_event_cache.tf b/infrastructure/terraform/modules/eventsub/module_s3bucket_event_cache.tf
index 7a5d62f37..f042c2d22 100644
--- a/infrastructure/terraform/modules/eventsub/module_s3bucket_event_cache.tf
+++ b/infrastructure/terraform/modules/eventsub/module_s3bucket_event_cache.tf
@@ -1,5 +1,5 @@
 module "s3bucket_event_cache" {
-  source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/s3bucket?ref=v1.0.8"
+  source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-s3bucket.zip"
 
   count = var.enable_event_cache ? 1 : 0
 

From 4f02f803966e2706758177aa19f9f70609ad6971 Mon Sep 17 00:00:00 2001
From: Mark Slowey <mark.slowey1@nhs.net>
Date: Wed, 21 Jan 2026 11:50:07 +0000
Subject: [PATCH 2/2] variable plumbing

---
 .../terraform/components/api/README.md        |  3 +++
 .../components/api/modules_eventpub.tf        |  6 +++---
 .../components/api/modules_eventsub.tf        |  6 ++++--
 .../terraform/components/api/variables.tf     | 19 +++++++++++++++++++
 4 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/infrastructure/terraform/components/api/README.md b/infrastructure/terraform/components/api/README.md
index e2eac9acd..0f72aaf22 100644
--- a/infrastructure/terraform/components/api/README.md
+++ b/infrastructure/terraform/components/api/README.md
@@ -17,6 +17,8 @@ No requirements.
 | <a name="input_core_environment"></a> [core\_environment](#input\_core\_environment) | Environment of Core | `string` | `"prod"` | no |
 | <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | A map of default tags to apply to all taggable resources within the component | `map(string)` | `{}` | no |
 | <a name="input_disable_gateway_execute_endpoint"></a> [disable\_gateway\_execute\_endpoint](#input\_disable\_gateway\_execute\_endpoint) | Disable the execution endpoint for the API Gateway | `bool` | `true` | no |
+| <a name="input_enable_event_cache"></a> [enable\_event\_cache](#input\_enable\_event\_cache) | Enable caching of events to an S3 bucket | `bool` | `false` | no |
+| <a name="input_enable_sns_delivery_logging"></a> [enable\_sns\_delivery\_logging](#input\_enable\_sns\_delivery\_logging) | Enable SNS Delivery Failure Notifications | `bool` | `false` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes |
 | <a name="input_eventpub_control_plane_bus_arn"></a> [eventpub\_control\_plane\_bus\_arn](#input\_eventpub\_control\_plane\_bus\_arn) | ARN of the EventBridge control plane bus for eventpub | `string` | `""` | no |
 | <a name="input_eventpub_data_plane_bus_arn"></a> [eventpub\_data\_plane\_bus\_arn](#input\_eventpub\_data\_plane\_bus\_arn) | ARN of the EventBridge data plane bus for eventpub | `string` | `""` | no |
@@ -34,6 +36,7 @@ No requirements.
 | <a name="input_project"></a> [project](#input\_project) | The name of the tfscaffold project | `string` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | The AWS Region | `string` | n/a | yes |
 | <a name="input_shared_infra_account_id"></a> [shared\_infra\_account\_id](#input\_shared\_infra\_account\_id) | The AWS Account ID of the shared infrastructure account | `string` | `"000000000000"` | no |
+| <a name="input_sns_success_logging_sample_percent"></a> [sns\_success\_logging\_sample\_percent](#input\_sns\_success\_logging\_sample\_percent) | Enable SNS Delivery Successful Sample Percentage | `number` | `0` | no |
 ## Modules
 
 | Name | Source | Version |
diff --git a/infrastructure/terraform/components/api/modules_eventpub.tf b/infrastructure/terraform/components/api/modules_eventpub.tf
index e4d174ba3..f3090b111 100644
--- a/infrastructure/terraform/components/api/modules_eventpub.tf
+++ b/infrastructure/terraform/components/api/modules_eventpub.tf
@@ -19,11 +19,11 @@ module "eventpub" {
   force_destroy = var.force_destroy
 
   event_cache_buffer_interval        = 500
-  enable_sns_delivery_logging        = true
-  sns_success_logging_sample_percent = 0
+  enable_sns_delivery_logging        = var.enable_sns_delivery_logging
+  sns_success_logging_sample_percent = var.sns_success_logging_sample_percent
 
   event_cache_expiry_days = 30
-  enable_event_cache      = true
+  enable_event_cache      = var.enable_event_cache
 
   data_plane_bus_arn    = var.eventpub_data_plane_bus_arn
   control_plane_bus_arn = var.eventpub_control_plane_bus_arn
diff --git a/infrastructure/terraform/components/api/modules_eventsub.tf b/infrastructure/terraform/components/api/modules_eventsub.tf
index dcd58fdf9..c55be96c0 100644
--- a/infrastructure/terraform/components/api/modules_eventsub.tf
+++ b/infrastructure/terraform/components/api/modules_eventsub.tf
@@ -18,9 +18,11 @@ module "eventsub" {
   force_destroy         = var.force_destroy
 
   event_cache_buffer_interval        = 500
-  enable_sns_delivery_logging        = true
-  sns_success_logging_sample_percent = 0
+  enable_sns_delivery_logging        = var.enable_sns_delivery_logging
+  sns_success_logging_sample_percent = var.sns_success_logging_sample_percent
 
   event_cache_expiry_days = 30
+  enable_event_cache                 = var.enable_event_cache
+
   shared_infra_account_id = var.shared_infra_account_id
 }
diff --git a/infrastructure/terraform/components/api/variables.tf b/infrastructure/terraform/components/api/variables.tf
index 9ba8849f8..9785ec00b 100644
--- a/infrastructure/terraform/components/api/variables.tf
+++ b/infrastructure/terraform/components/api/variables.tf
@@ -162,3 +162,22 @@ variable "core_environment" {
   default     = "prod"
 
 }
+
+# Event Pub/Sub cache settings
+variable "enable_event_cache" {
+  type        = bool
+  description = "Enable caching of events to an S3 bucket"
+  default     = false
+}
+
+variable "enable_sns_delivery_logging" {
+  type        = bool
+  description = "Enable SNS Delivery Failure Notifications"
+  default     = false
+}
+
+variable "sns_success_logging_sample_percent" {
+  type        = number
+  description = "Enable SNS Delivery Successful Sample Percentage"
+  default     = 0
+}