add aws_caller_identity to lambda_layers

jameslinnell · jameslinnell · commit 89e622e712f5 · 2025-08-13T11:01:10.000+01:00
diff --git a/infrastructure/lambda-layers.tf b/infrastructure/lambda-layers.tf
@@ -1,23 +1,19 @@
 module "lambda-layer-core" {
   source     = "./modules/lambda_layers"
-  account_id = data.aws_caller_identity.current.account_id
   layer_name = "core"
 }
 
 module "lambda-layer-data" {
   source     = "./modules/lambda_layers"
-  account_id = data.aws_caller_identity.current.account_id
   layer_name = "data"
 }
 
 module "lambda-layer-alerting" {
   source     = "./modules/lambda_layers"
-  account_id = data.aws_caller_identity.current.account_id
   layer_name = "alerting"
 }
 
 module "lambda-layer-reports" {
   source     = "./modules/lambda_layers"
-  account_id = data.aws_caller_identity.current.account_id
   layer_name = "reports"
 }
diff --git a/infrastructure/modules/lambda_layers/iam.tf b/infrastructure/modules/lambda_layers/iam.tf
@@ -11,9 +11,10 @@ resource "aws_iam_policy" "lambda_layer_policy" {
           "lambda:ListLayers"
         ],
         Resource = [
-          "arn:aws:lambda:eu-west-2:${var.account_id}:layer:${local.lambda_layer_aws_name}:*"
+          "arn:aws:lambda:eu-west-2:${data.aws_caller_identity.current.account_id}:layer:${local.lambda_layer_aws_name}:*"
         ]
       }
     ]
   })
-}
+}
+
diff --git a/infrastructure/modules/lambda_layers/main.tf b/infrastructure/modules/lambda_layers/main.tf
@@ -2,6 +2,8 @@ locals {
   lambda_layer_aws_name = "${terraform.workspace}_${var.layer_name}_lambda_layer"
 }
 
+data "aws_caller_identity" "current" {}
+
 data "archive_file" "lambda_layer_placeholder" {
   type        = "zip"
   source_file = "placeholder_lambda.py"
diff --git a/infrastructure/modules/lambda_layers/variable.tf b/infrastructure/modules/lambda_layers/variable.tf
@@ -1,8 +1,3 @@
-variable "account_id" {
-  description = "The AWS account ID used to generate IAM policy for layer access."
-  type        = string
-}
-
 variable "layer_name" {
   description = "Logical name assigned to the Lambda layer."
   type        = string

Original file line number	Diff line number	Diff line change
`@@ -1,23 +1,19 @@`
`1`	`1`	`module "lambda-layer-core" {`
`2`	`2`	`source = "./modules/lambda_layers"`
`3`		`- account_id = data.aws_caller_identity.current.account_id`
`4`	`3`	`layer_name = "core"`
`5`	`4`	`}`
`6`	`5`
`7`	`6`	`module "lambda-layer-data" {`
`8`	`7`	`source = "./modules/lambda_layers"`
`9`		`- account_id = data.aws_caller_identity.current.account_id`
`10`	`8`	`layer_name = "data"`
`11`	`9`	`}`
`12`	`10`
`13`	`11`	`module "lambda-layer-alerting" {`
`14`	`12`	`source = "./modules/lambda_layers"`
`15`		`- account_id = data.aws_caller_identity.current.account_id`
`16`	`13`	`layer_name = "alerting"`
`17`	`14`	`}`
`18`	`15`
`19`	`16`	`module "lambda-layer-reports" {`
`20`	`17`	`source = "./modules/lambda_layers"`
`21`		`- account_id = data.aws_caller_identity.current.account_id`
`22`	`18`	`layer_name = "reports"`
`23`	`19`	`}`
Original file line number	Diff line number	Diff line change
`@@ -11,9 +11,10 @@ resource "aws_iam_policy" "lambda_layer_policy" {`
`11`	`11`	`"lambda:ListLayers"`
`12`	`12`	`],`
`13`	`13`	`Resource = [`
`14`		`- "arn:aws:lambda:eu-west-2:${var.account_id}:layer:${local.lambda_layer_aws_name}:*"`
	`14`	`+ "arn:aws:lambda:eu-west-2:${data.aws_caller_identity.current.account_id}:layer:${local.lambda_layer_aws_name}:*"`
`15`	`15`	`]`
`16`	`16`	`}`
`17`	`17`	`]`
`18`	`18`	`})`
`19`		`-}`
	`19`	`+}`
	`20`	`+`
Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,8 @@ locals {`
`2`	`2`	`lambda_layer_aws_name = "${terraform.workspace}_${var.layer_name}_lambda_layer"`
`3`	`3`	`}`
`4`	`4`
	`5`	`+data "aws_caller_identity" "current" {}`
	`6`	`+`
`5`	`7`	`data "archive_file" "lambda_layer_placeholder" {`
`6`	`8`	`type = "zip"`
`7`	`9`	`source_file = "placeholder_lambda.py"`