NRL-1188 make index conditional also

Author: jackleary

terraform/infrastructure/locals.tf

@@ -22,14 +22,14 @@ locals {
   dynamodb_timeout_seconds = "3"
 
   is_sandbox_env = length(regexall("-sandbox-", local.stack_name)) > 0
-  is_dev_env     = length(regexall("dev", local.stack_name)) > 0
+  is_dev_env     = local.stack_name == "dev"
 
   environment   = local.is_sandbox_env ? "${var.account_name}-sandbox" : var.account_name
   shared_prefix = "${local.project}--${local.environment}"
   public_domain = local.is_sandbox_env ? var.public_sandbox_domain : var.public_domain
 
   # Logic / vars for reporting
-  reporting_bucket_arn = local.is_dev_env ? data.aws_s3_bucket.source-data-bucket[0].arn : null
+  reporting_bucket_arn = local.is_dev_env ? data.aws_s3_bucket.source-data-bucket[0].arn : data.aws_s3_bucket.source-data-bucket.arn
 
   # Logic / vars for splunk environment
   splunk_environment = local.is_sandbox_env ? "${var.account_name}sandbox" : var.account_name

terraform/infrastructure/modules/firehose/iam_firehose.tf

@@ -74,7 +74,9 @@ data "aws_iam_policy_document" "firehose" {
     ]
     resources = [
       aws_cloudwatch_log_group.firehose.arn,
-      aws_cloudwatch_log_stream.firehose.arn
+      aws_cloudwatch_log_stream.firehose.arn,
+      local.iam_firehose.cloudwatch_reporting_log_group_arn,
+      local.iam_firehose.cloudwatch_reporting_log_stream_arn,
     ]
     effect = "Allow"
   }

terraform/infrastructure/modules/firehose/iam_subscriptions.tf

@@ -22,7 +22,7 @@ data "aws_iam_policy_document" "firehose_subscription" {
     effect = "Allow"
     resources = [
       aws_kinesis_firehose_delivery_stream.firehose.arn,
-      aws_kinesis_firehose_delivery_stream.reporting_stream.arn,
+      local.iam_subscriptions.firehose_reporting_stream_arn,
     ]
   }
   statement {

terraform/infrastructure/modules/firehose/locals.tf

@@ -31,4 +31,13 @@ locals {
     compression_format  = "GZIP"
   }
 
+  iam_firehose = {
+    cloudwatch_reporting_log_group_arn  = var.reporting_infra_toggle ? aws_cloudwatch_log_group.firehose_reporting[0].arn : aws_cloudwatch_log_group.firehose_reporting.arn
+    cloudwatch_reporting_log_stream_arn = var.reporting_infra_toggle ? aws_cloudwatch_log_stream.firehose_reporting[0].arn : aws_cloudwatch_log_stream.firehose_reporting.arn
+  }
+
+  iam_subscriptions = {
+    firehose_reporting_stream_arn = var.reporting_infra_toggle ? aws_kinesis_firehose_delivery_stream.reporting_stream[0].arn : aws_kinesis_firehose_delivery_stream.reporting_stream.arn
+  }
+
 }