change the department name to snake case to meet the role name (#2121)

Tian-2017 · web-flow · commit 426999aeee35 · 2025-02-12T12:56:02.000Z
* change the department name to snake case to make the role name

* update

* revert the department ecs role

* keep the department_ecs_role as snake case as well
diff --git a/terraform/modules/department/50-aws-iam-policies.tf b/terraform/modules/department/50-aws-iam-policies.tf
@@ -933,10 +933,8 @@ data "aws_iam_policy_document" "department_ecs_passrole" {
       "iam:PassRole"
     ]
     resources = [
-      aws_iam_role.department_ecs_role.arn,
-      "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${local.department_identifier}-ecs-execution-role",
-      "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/dap-ecs-execution-role",
-      "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/dap-ecs-task-role"
+      aws_iam_role.department_ecs_role.arn, # Defined in 50-aws-iam-roles.tf
+      "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${replace(local.department_identifier, "-", "_")}-ecs-execution-role", # Defined in ecs repo.
     ]
     condition {
       test     = "StringEquals"
diff --git a/terraform/modules/department/50-aws-iam-roles.tf b/terraform/modules/department/50-aws-iam-roles.tf
@@ -143,7 +143,7 @@ resource "aws_secretsmanager_secret_version" "airflow_user_secret_version" {
 
 # Department ECS
 resource "aws_iam_role" "department_ecs_role" {
-  name               = lower("${var.identifier_prefix}-ecs-${local.department_identifier}")
+  name               = lower("${var.identifier_prefix}-ecs-${replace(local.department_identifier, "-", "_")}")
   assume_role_policy = data.aws_iam_policy_document.ecs_assume_role_policy.json
   tags               = var.tags
 }

Original file line number	Diff line number	Diff line change
`@@ -933,10 +933,8 @@ data "aws_iam_policy_document" "department_ecs_passrole" {`
`933`	`933`	`"iam:PassRole"`
`934`	`934`	`]`
`935`	`935`	`resources = [`
`936`		`- aws_iam_role.department_ecs_role.arn,`
`937`		`- "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${local.department_identifier}-ecs-execution-role",`
`938`		`- "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/dap-ecs-execution-role",`
`939`		`- "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/dap-ecs-task-role"`
	`936`	`+ aws_iam_role.department_ecs_role.arn, # Defined in 50-aws-iam-roles.tf`
	`937`	`+ "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${replace(local.department_identifier, "-", "_")}-ecs-execution-role", # Defined in ecs repo.`
`940`	`938`	`]`
`941`	`939`	`condition {`
`942`	`940`	`test = "StringEquals"`
Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,7 @@ resource "aws_secretsmanager_secret_version" "airflow_user_secret_version" {`
`143`	`143`
`144`	`144`	`# Department ECS`
`145`	`145`	`resource "aws_iam_role" "department_ecs_role" {`
`146`		`- name = lower("${var.identifier_prefix}-ecs-${local.department_identifier}")`
	`146`	`+ name = lower("${var.identifier_prefix}-ecs-${replace(local.department_identifier, "-", "_")}")`
`147`	`147`	`assume_role_policy = data.aws_iam_policy_document.ecs_assume_role_policy.json`
`148`	`148`	`tags = var.tags`
`149`	`149`	`}`