Merge pull request #110 from NHSDigital/feature/eja-eli-239-amend-terraform-asset-names

eli-239 making resources workflow safe and amending dynamoDB naming t…

Author: robbailiff2

infrastructure/modules/dynamodb/default_variables.tf

@@ -0,0 +1 @@
+../_shared/default_variables.tf

infrastructure/modules/dynamodb/dynamodb.tf

@@ -1,5 +1,5 @@
 resource "aws_dynamodb_table" "dynamodb_table" {
-  name         = "${terraform.workspace == "default" ? "" : "${terraform.workspace}-"}${var.table_name_suffix}"
+  name         = "${terraform.workspace == "default" ? "" : "${terraform.workspace}-"}${var.project_name}-${var.environment}-${var.table_name_suffix}"
   billing_mode = "PAY_PER_REQUEST"
   hash_key     = var.partition_key
 

infrastructure/modules/dynamodb/variables.tf

@@ -1,13 +1,3 @@
-variable "workspace" {
-  description = "Usually the developer short code or the name of the environment."
-  type        = string
-}
-
-variable "project_name" {
-  default = "eligibility-signposting-api"
-  type    = string
-}
-
 variable "table_name_suffix" {
   description = "Name of the DynamoDB table"
   type        = string
@@ -34,9 +24,3 @@ variable "sort_key_type" {
   type        = string
   default     = null
 }
-
-variable "tags" {
-  description = "A map of tags to assign to resources."
-  type        = map(string)
-  default     = {}
-}

infrastructure/modules/s3/default_variables.tf

@@ -0,0 +1 @@
+../_shared/default_variables.tf

infrastructure/modules/s3/variables.tf

@@ -3,16 +3,6 @@ variable "bucket_name" {
   type        = string
 }
 
-variable "project_name" {
-  default = "eligibility-signposting-api"
-  type    = string
-}
-
-variable "environment" {
-  description = "The purpose of the account dev/test/ref/prod or the workspace"
-  type        = string
-}
-
 variable "bucket_expiration_days" {
   default     = 90
   description = "How long to keep bucket contents before expiring"

infrastructure/stacks/_shared/locals.tf

@@ -17,24 +17,9 @@ locals {
     workspace       = lower(terraform.workspace)
   }
 
-  sso_role_patterns = {
-    dev     = "AWSReservedSSO_vdselid_dev_*"
-    test    = "AWSReservedSSO_vdselid_test_*"
-    preprod = "AWSReservedSSO_vdselid_preprod_*"
-  }
-
   terraform_state_bucket_name = "eligibility-signposting-api-${var.environment}-tfstate"
   terraform_state_bucket_arn  = "arn:aws:s3:::eligibility-signposting-api-${var.environment}-tfstate"
 
-  account_ids = {
-    dev     = "448049830832"
-    test    = "050451367081"
-    preprod = "203918864209"
-    # prod    = "476114145616"
-  }
-
-  current_account_id = lookup(local.account_ids, var.environment, data.aws_caller_identity.current.account_id)
-
   role_arn_pre  = "arn:aws:iam::603871901111:role/db-system-worker"
   role_arn_prod = "arn:aws:iam::232116723729:role/db-system-worker"
 

infrastructure/stacks/api-layer/dynamodb.tf

@@ -1,10 +1,12 @@
 module "eligibility_status_table" {
   source             = "../../modules/dynamodb"
   workspace          = local.workspace
-  table_name_suffix  = "eligibilty_data_store"
+  table_name_suffix  = "eligibility_datastore"
   partition_key      = "NHS_NUMBER"
   partition_key_type = "S"
   sort_key           = "ATTRIBUTE_TYPE"
   sort_key_type      = "S"
   tags               = local.tags
+  environment        = local.environment
+  stack_name         = local.stack_name
 }

infrastructure/stacks/api-layer/iam_roles.tf

@@ -31,7 +31,8 @@ resource "aws_iam_role" "eligibility_lambda_role" {
 
 
 resource "aws_iam_role" "write_access_role" {
-  name                 = "external-write-role-${terraform.workspace == "default" ? "" : "-${terraform.workspace}"}"
+  count                = terraform.workspace == "default" ? 1 : 0
+  name                 = "eligibility-signposting-api-${local.environment}-external-write-role"
   assume_role_policy   = data.aws_iam_policy_document.dps_assume_role.json
   permissions_boundary = aws_iam_policy.assumed_role_permissions_boundary.arn
 }

infrastructure/stacks/api-layer/s3_buckets.tf

@@ -3,6 +3,8 @@ module "s3_rules_bucket" {
   bucket_name  = "eli-rules"
   environment  = var.environment
   project_name = var.project_name
+  stack_name   = local.stack_name
+  workspace    = terraform.workspace
 }
 
 module "s3_audit_bucket" {
@@ -11,4 +13,6 @@ module "s3_audit_bucket" {
   environment            = var.environment
   project_name           = var.project_name
   bucket_expiration_days = 180
+  stack_name             = local.stack_name
+  workspace              = terraform.workspace
 }

infrastructure/stacks/api-layer/truststore_s3_bucket.tf

@@ -3,6 +3,8 @@ module "s3_truststore_bucket" {
   bucket_name  = "truststore"
   environment  = var.environment
   project_name = var.project_name
+  stack_name   = local.stack_name
+  workspace    = terraform.workspace
 }
 
 resource "aws_s3_bucket_policy" "truststore" {