Move sqs policy for webhook to root module

npalm · npalm · commit c64b5bf5de65 · 2020-05-13T22:38:58.000+02:00
diff --git a/main.tf b/main.tf
@@ -37,6 +37,22 @@ module "webhook" {
   lambda_timeout = var.webhook_lambda_timeout
 }
 
+resource "aws_iam_policy" "webhook" {
+  name        = "${var.environment}-lambda-webhook-publish-sqs-policy"
+  description = "Lambda webhook sqs policy"
+
+  policy = templatefile("${path.module}/policies/lambda-publish-sqs-policy.json", {
+    sqs_resource_arn = aws_sqs_queue.queued_builds.arn
+  })
+}
+
+resource "aws_iam_policy_attachment" "webhook" {
+  name       = "${var.environment}-webhook-sqs"
+  roles      = [module.webhook.role.name]
+  policy_arn = aws_iam_policy.webhook.arn
+}
+
+
 module "runners" {
   source = "./modules/runners"
 
diff --git a/modules/runners/templates/user-data.sh b/modules/runners/templates/user-data.sh
@@ -1,6 +1,8 @@
 #!/bin/bash -e
 exec > >(tee /var/log/user-data.log | logger -t user-data -s 2>/dev/console) 2>&1
 
+${pre_install}
+
 yum update -y
 
 # Install docker
@@ -10,8 +12,6 @@ usermod -a -G docker ec2-user
 
 yum install -y curl jq git
 
-${pre_install}
-
 # Install runner
 cd /home/ec2-user
 mkdir actions-runner && cd actions-runner
diff --git a/modules/webhook/main.tf b/modules/webhook/main.tf
@@ -104,22 +104,3 @@ resource "aws_iam_policy_attachment" "webhook_logging" {
   roles      = [aws_iam_role.webhook_lambda.name]
   policy_arn = aws_iam_policy.webhook_logging.arn
 }
-
-resource "aws_iam_policy" "webhook" {
-  count = var.create_sqs_publish_policy ? 1 : 0
-
-  name        = "${var.environment}-lamda-webhook-sqs-publish-policy"
-  description = "Lambda webhook policy"
-
-  policy = templatefile("${path.module}/policies/lambda-webhook.json", {
-    sqs_resource_arn = var.sqs_build_queue.arn
-  })
-}
-
-resource "aws_iam_policy_attachment" "webhook" {
-  count = var.create_sqs_publish_policy ? 1 : 0
-
-  name       = "${var.environment}-webhook"
-  roles      = [aws_iam_role.webhook_lambda.name]
-  policy_arn = aws_iam_policy.webhook[0].arn
-}
diff --git a/modules/webhook/outputs.tf b/modules/webhook/outputs.tf
@@ -6,6 +6,6 @@ output "lambda" {
   value = aws_lambda_function.webhook
 }
 
-output "lambda_role" {
+output "role" {
   value = aws_iam_role.webhook_lambda
 }
diff --git a/outputs.tf b/outputs.tf
@@ -18,6 +18,6 @@ output "webhook" {
   value = {
     gateway     = module.webhook.gateway
     lambda      = module.webhook.lambda
-    lambda_role = module.webhook.lambda_role
+    lambda_role = module.webhook.role
   }
 }
diff --git a/policies/action-runner-s3-policy.json b/policies/action-runner-s3-policy.json
diff --git a/policies/lambda-publish-sqs-policy.json b/policies/lambda-publish-sqs-policy.json

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@ output "lambda" {`
`6`	`6`	`value = aws_lambda_function.webhook`
`7`	`7`	`}`
`8`	`8`
`9`		`-output "lambda_role" {`
	`9`	`+output "role" {`
`10`	`10`	`value = aws_iam_role.webhook_lambda`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,6 @@ output "webhook" {`
`18`	`18`	`value = {`
`19`	`19`	`gateway = module.webhook.gateway`
`20`	`20`	`lambda = module.webhook.lambda`
`21`		`- lambda_role = module.webhook.lambda_role`
	`21`	`+ lambda_role = module.webhook.role`
`22`	`22`	`}`
`23`	`23`	`}`