tf Lambda name prefix-ed by workspace

* terraform code cleanup

* lambda name fix for workspace

Author: Karthikeyannhs

infrastructure/modules/lambda/lambda.tf

@@ -15,8 +15,8 @@ resource "aws_lambda_function" "eligibility_signposting_lambda" {
   environment {
     variables = {
       PERSON_TABLE_NAME = var.eligibility_status_table_name,
-      RULES_BUCKET_NAME      = var.eligibility_rules_bucket_name,
-      ENV                    = var.environment
+      RULES_BUCKET_NAME = var.eligibility_rules_bucket_name,
+      ENV               = var.environment
     }
   }
   vpc_config {

infrastructure/modules/s3/kms.tf

@@ -1,11 +1,11 @@
 resource "aws_kms_key" "storage_bucket_cmk" {
-  description             = "${var.bucket_name} Master Key"
+  description             = "${terraform.workspace == "default" ? "" : "${terraform.workspace}-"}${var.bucket_name} Master Key"
   deletion_window_in_days = 14
   is_enabled              = true
   enable_key_rotation     = true
 }
 
 resource "aws_kms_alias" "storage_bucket_cmk" {
-  name          = "alias/${var.project_name}-${var.bucket_name}-cmk"
+  name          = "alias/${terraform.workspace == "default" ? "" : "${terraform.workspace}-"}${var.bucket_name}-cmk"
   target_key_id = aws_kms_key.storage_bucket_cmk.key_id
 }

infrastructure/stacks/_shared/default_variables.tf

@@ -15,9 +15,3 @@ variable "default_aws_region" {
   description = "Default AWS region"
   type        = string
 }
-
-variable "iam_owner_workspace" {
-  description = "The workspace that owns and creates the IAM role"
-  type        = string
-  default     = "default"
-}

infrastructure/stacks/_shared/locals.tf

@@ -39,6 +39,4 @@ locals {
   role_arn_prod = "arn:aws:iam::232116723729:role/db-system-worker"
 
   selected_role_arn = var.environment == "prod" ? local.role_arn_prod : local.role_arn_pre
-
-  is_iam_owner = terraform.workspace == var.iam_owner_workspace
 }

infrastructure/stacks/api-layer/iam_roles.tf

@@ -28,14 +28,14 @@ data "aws_iam_policy_document" "dps_assume_role" {
 
 
 resource "aws_iam_role" "eligibility_lambda_role" {
-  name                 = "eligibility_lambda-role"
+  name                 = "eligibility_lambda-role${terraform.workspace == "default" ? "" : "-${terraform.workspace}"}"
   assume_role_policy   = data.aws_iam_policy_document.lambda_assume_role.json
   permissions_boundary = data.aws_iam_policy.permissions_boundary.arn
 }
 
 
 resource "aws_iam_role" "write_access_role" {
-  name                 = "external-write-role"
+  name                 = "external-write-role-${terraform.workspace == "default" ? "" : "-${terraform.workspace}"}"
   assume_role_policy   = data.aws_iam_policy_document.dps_assume_role.json
   permissions_boundary = data.aws_iam_policy.permissions_boundary.arn
 }

infrastructure/stacks/api-layer/lambda.tf

@@ -15,7 +15,7 @@ module "eligibility_signposting_lambda_function" {
   eligibility_lambda_role_arn   = aws_iam_role.eligibility_lambda_role.arn
   workspace                     = local.workspace
   environment                   = var.environment
-  lambda_func_name              = "eligibility_signposting_api"
+  lambda_func_name              = "${terraform.workspace == "default" ? "" : "${terraform.workspace}-"}eligibility_signposting_api"
   security_group_ids            = [data.aws_security_group.main_sg.id]
   vpc_intra_subnets             = [for v in data.aws_subnet.private_subnets : v.id]
   file_name                     = "../../../dist/lambda.zip"