diff --git a/infrastructure/modules/lambda/lambda.tf b/infrastructure/modules/lambda/lambda.tf index a91878ca..bb63bed4 100644 --- a/infrastructure/modules/lambda/lambda.tf +++ b/infrastructure/modules/lambda/lambda.tf @@ -15,8 +15,8 @@ resource "aws_lambda_function" "eligibility_signposting_lambda" { environment { variables = { PERSON_TABLE_NAME = var.eligibility_status_table_name, - RULES_BUCKET_NAME = var.eligibility_rules_bucket_name, - ENV = var.environment + RULES_BUCKET_NAME = var.eligibility_rules_bucket_name, + ENV = var.environment } } vpc_config { diff --git a/infrastructure/modules/s3/kms.tf b/infrastructure/modules/s3/kms.tf index 9ea18bd0..01543d3f 100644 --- a/infrastructure/modules/s3/kms.tf +++ b/infrastructure/modules/s3/kms.tf @@ -1,11 +1,11 @@ resource "aws_kms_key" "storage_bucket_cmk" { - description = "${var.bucket_name} Master Key" + description = "${terraform.workspace == "default" ? "" : "${terraform.workspace}-"}${var.bucket_name} Master Key" deletion_window_in_days = 14 is_enabled = true enable_key_rotation = true } resource "aws_kms_alias" "storage_bucket_cmk" { - name = "alias/${var.project_name}-${var.bucket_name}-cmk" + name = "alias/${terraform.workspace == "default" ? "" : "${terraform.workspace}-"}${var.bucket_name}-cmk" target_key_id = aws_kms_key.storage_bucket_cmk.key_id } diff --git a/infrastructure/stacks/_shared/default_variables.tf b/infrastructure/stacks/_shared/default_variables.tf index 1fd0c811..65b75cc2 100644 --- a/infrastructure/stacks/_shared/default_variables.tf +++ b/infrastructure/stacks/_shared/default_variables.tf @@ -15,9 +15,3 @@ variable "default_aws_region" { description = "Default AWS region" type = string } - -variable "iam_owner_workspace" { - description = "The workspace that owns and creates the IAM role" - type = string - default = "default" -} diff --git a/infrastructure/stacks/_shared/locals.tf b/infrastructure/stacks/_shared/locals.tf index 38331871..c2d25fd2 100644 --- a/infrastructure/stacks/_shared/locals.tf +++ b/infrastructure/stacks/_shared/locals.tf @@ -39,6 +39,4 @@ locals { role_arn_prod = "arn:aws:iam::232116723729:role/db-system-worker" selected_role_arn = var.environment == "prod" ? local.role_arn_prod : local.role_arn_pre - - is_iam_owner = terraform.workspace == var.iam_owner_workspace } diff --git a/infrastructure/stacks/api-layer/iam_roles.tf b/infrastructure/stacks/api-layer/iam_roles.tf index 7cd6d0fe..94d833b8 100644 --- a/infrastructure/stacks/api-layer/iam_roles.tf +++ b/infrastructure/stacks/api-layer/iam_roles.tf @@ -28,14 +28,14 @@ data "aws_iam_policy_document" "dps_assume_role" { resource "aws_iam_role" "eligibility_lambda_role" { - name = "eligibility_lambda-role" + name = "eligibility_lambda-role${terraform.workspace == "default" ? "" : "-${terraform.workspace}"}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json permissions_boundary = data.aws_iam_policy.permissions_boundary.arn } resource "aws_iam_role" "write_access_role" { - name = "external-write-role" + name = "external-write-role-${terraform.workspace == "default" ? "" : "-${terraform.workspace}"}" assume_role_policy = data.aws_iam_policy_document.dps_assume_role.json permissions_boundary = data.aws_iam_policy.permissions_boundary.arn } diff --git a/infrastructure/stacks/api-layer/lambda.tf b/infrastructure/stacks/api-layer/lambda.tf index e8ba85ff..a6018a6e 100644 --- a/infrastructure/stacks/api-layer/lambda.tf +++ b/infrastructure/stacks/api-layer/lambda.tf @@ -15,7 +15,7 @@ module "eligibility_signposting_lambda_function" { eligibility_lambda_role_arn = aws_iam_role.eligibility_lambda_role.arn workspace = local.workspace environment = var.environment - lambda_func_name = "eligibility_signposting_api" + lambda_func_name = "${terraform.workspace == "default" ? "" : "${terraform.workspace}-"}eligibility_signposting_api" security_group_ids = [data.aws_security_group.main_sg.id] vpc_intra_subnets = [for v in data.aws_subnet.private_subnets : v.id] file_name = "../../../dist/lambda.zip"