Skip to content

Commit 7f8caa3

Browse files
chrisbloechrisbloe
committed
Everything is optional
1 parent 1ad3f22 commit 7f8caa3

File tree

1 file changed

+15
-9
lines changed

1 file changed

+15
-9
lines changed

infrastructure/cloudwatch_rum.tf

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,8 @@ locals {
44
}
55

66
resource "aws_iam_role" "cloudwatch_rum" {
7-
name = local.rum_role_name
7+
count = local.is_production ? 0 : 1
8+
name = local.rum_role_name
89

910
assume_role_policy = jsonencode({
1011
Version = "2012-10-17",
@@ -21,7 +22,8 @@ resource "aws_iam_role" "cloudwatch_rum" {
2122
}
2223

2324
resource "aws_iam_role" "cognito_unauthenticated" {
24-
name = local.cognito_role_name
25+
count = local.is_production ? 0 : 1
26+
name = local.cognito_role_name
2527

2628
assume_role_policy = jsonencode({
2729
Version = "2012-10-17",
@@ -46,6 +48,7 @@ resource "aws_iam_role" "cognito_unauthenticated" {
4648
}
4749

4850
resource "aws_iam_policy" "cloudwatch_rum_cognito_access" {
51+
count = local.is_production ? 0 : 1
4952
name = "${terraform.workspace}-cloudwatch-rum-cognito-access-policy"
5053
description = "Policy for unauthenticated Cognito identities"
5154

@@ -56,13 +59,14 @@ resource "aws_iam_policy" "cloudwatch_rum_cognito_access" {
5659
{
5760
"Effect" : "Allow",
5861
"Action" : "rum:PutRumEvents",
59-
"Resource" : "arn:aws:rum:${local.current_region}:${local.current_account_id}:appmonitor/${aws_rum_app_monitor.this.id}"
62+
"Resource" : "arn:aws:rum:${local.current_region}:${local.current_account_id}:appmonitor/${aws_rum_app_monitor.this[0].id}"
6063
}
6164
]
6265
})
6366
}
6467

6568
resource "aws_iam_policy" "cloudwatch_rum_management" {
69+
count = local.is_production ? 0 : 1
6670
name = "${terraform.workspace}-cloudwatch-rum-management-policy"
6771
description = "Policy to manage RUM app monitors and associated logs"
6872

@@ -89,21 +93,23 @@ resource "aws_iam_policy" "cloudwatch_rum_management" {
8993
}
9094

9195
resource "aws_iam_role_policy_attachment" "cloudwatch_rum_cognito_unauth" {
92-
role = aws_iam_role.cognito_unauthenticated.name
93-
policy_arn = aws_iam_policy.cloudwatch_rum_cognito_access.arn
96+
count = local.is_production ? 0 : 1
97+
role = aws_iam_role.cognito_unauthenticated[0].name
98+
policy_arn = aws_iam_policy.cloudwatch_rum_cognito_access[0].arn
9499
}
95100

96101
resource "aws_iam_role_policy_attachment" "cloudwatch_rum_management" {
97-
role = aws_iam_role.cloudwatch_rum.name
98-
policy_arn = aws_iam_policy.cloudwatch_rum_management.arn
102+
count = local.is_production ? 0 : 1
103+
role = aws_iam_role.cloudwatch_rum[0].name
104+
policy_arn = aws_iam_policy.cloudwatch_rum_management[0].arn
99105
}
100106

101107
resource "aws_cognito_identity_pool_roles_attachment" "cloudwatch_rum" {
102108
count = local.is_production ? 0 : 1
103109
identity_pool_id = aws_cognito_identity_pool.cloudwatch_rum[0].id
104110

105111
roles = {
106-
unauthenticated = aws_iam_role.cognito_unauthenticated.arn
112+
unauthenticated = aws_iam_role.cognito_unauthenticated[0].arn
107113
}
108114
}
109115

@@ -128,6 +134,6 @@ resource "aws_rum_app_monitor" "this" {
128134
}
129135

130136
tags = {
131-
ServiceRole = aws_iam_role.cloudwatch_rum.arn
137+
ServiceRole = aws_iam_role.cloudwatch_rum[0].arn
132138
}
133139
}

0 commit comments

Comments
 (0)