HicResearch · manics · Mar 27, 2024 · Mar 27, 2024
diff --git a/README.md b/README.md
@@ -55,6 +55,7 @@ cd secure-egress-backend
 | enable_single_approval                 | Flag that enables just a single stage approval. Accepts string value. Should be set to `"true"` when just one approver needs to approve egress request. Should be set to `"false"` when two approvers are required to approve egress request |                                                                                                                                                                                                                                                                                       |
 | ig_workspaces_account                  | Optionally add the account number in which IG lead will spin up a workspace to review egress data. Leave empty to disable (default).                                                                                                         |                                                                                                                                                                                                                                                                                       |
 | use_s3_access_points                   | Set to `"true"` if you are using a customised version of ServiceWorkbench with S3 AccessPoints, default `"false"`                                                                                                                            |                                                                                                                                                                                                                                                                                       |
+| max_request_age_days                   | Do not display egress requests that were updated after this time period, use this if you have too many old requests, disabled by default                                                                                                     |                                                                                                                                                                                                                                                                                       |
 
 > Note: changing the value for `enable_single_approval` for existing deployment should be done after ensuring there are
 > no egress requests in progress.

diff --git a/cdk.json b/cdk.json
@@ -32,6 +32,7 @@
       "download_expiry_seconds": "3600",
       "ig_workspaces_account": "",
       "use_s3_access_points": "false",
+      "max_request_age_days": "0",
       "global_web_acl_arn": "<<WAF_ADDON_GLOBAL_WEBACL_ARN>>",
       "regional_web_acl_arn": "<<WAF_ADDON_REGIONAL_WEBACL_ARN>>",
       "custom_domain": {

diff --git a/egress_backend/egress_backend_stack.py b/egress_backend/egress_backend_stack.py
@@ -1515,6 +1515,9 @@ def __init__(
                 "REVIEWER_LIST": json.dumps(
                     self.node.try_get_context(env_id).get("egress_reviewer_roles")
                 ),
+                "MAX_REQUEST_AGE_DAYS": self.node.try_get_context(env_id).get(
+                    "max_request_age_days"
+                ),
                 "MAX_DOWNLOADS_ALLOWED": self.node.try_get_context(env_id).get(
                     "max_downloads_allowed"
                 ),

diff --git a/egress_backend/lambda/egress_api/list_requests.py b/egress_backend/lambda/egress_api/list_requests.py
@@ -9,13 +9,12 @@
 import boto3
 from aws_lambda_powertools import Logger, Tracer
 
-MAX_REQUEST_AGE_DAYS = 90
-
 tracer = Tracer(service="ListRequestsAPI")
 logger = Logger(service="ListRequestsAPI")
 
 ddb = boto3.resource("dynamodb")
 table = os.environ["TABLE"]
+max_request_age_days = int(os.environ["MAX_REQUEST_AGE_DAYS"])
 
 
 def list_requests():
@@ -24,8 +23,10 @@ def list_requests():
     now = datetime.now()
 
     def is_recent(item):
+        if max_request_age_days <= 0:
+            return True
         updated_dt = datetime.strptime(item["updated_dt"], "%Y-%m-%dT%H:%M:%S.%fZ")
-        return (now - updated_dt).days < MAX_REQUEST_AGE_DAYS
+        return (now - updated_dt).days < max_request_age_days
 
     ddb_table = ddb.Table(table)