Skip to content

Commit a96ef20

Browse files
mhd999mhd999
authored
Merge pull request #2 from lukaspour/fix/policy
Added randomness into global names to make module universal
2 parents 8643f4d + a0d18f0 commit a96ef20

File tree

2 files changed

+52
-17
lines changed

2 files changed

+52
-17
lines changed

iam.tf

Lines changed: 42 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,46 @@
11
resource "aws_iam_role" "lambda_role" {
2-
name = "${var.name_prefix}_lambda_role"
3-
4-
assume_role_policy = <<EOF
5-
{
6-
"Version": "2012-10-17",
7-
"Statement": [
8-
{
9-
"Action": "sts:AssumeRole",
10-
"Principal": {
11-
"Service": "lambda.amazonaws.com"
12-
},
13-
"Effect": "Allow",
14-
"Sid": "stmtLambdaAssumeRole"
2+
name = "${var.name_prefix}_lambda_role_${random_string.lambda_postfix_generator.result}"
3+
assume_role_policy = "${data.aws_iam_policy_document.lambda_assume.json}"
4+
}
5+
6+
data "aws_iam_policy_document" "lambda_assume" {
7+
statement {
8+
effect = "Allow"
9+
10+
actions = [
11+
"sts:AssumeRole",
12+
]
13+
14+
principals {
15+
type = "Service"
16+
17+
identifiers = [
18+
"lambda.amazonaws.com",
19+
]
1520
}
16-
]
21+
}
1722
}
18-
EOF
23+
24+
resource "aws_iam_role_policy" "lambda_main" {
25+
name = "${var.name_prefix}_lambda_policy_${random_string.lambda_postfix_generator.result}"
26+
role = "${aws_iam_role.lambda_role.name}"
27+
policy = "${data.aws_iam_policy_document.lambda_services_dashboard.json}"
28+
}
29+
30+
data "aws_iam_policy_document" "lambda_services_dashboard" {
31+
statement {
32+
effect = "Allow"
33+
34+
actions = [
35+
"ecs:*",
36+
"cloudwatch:*",
37+
"logs:CreateLogGroup",
38+
"logs:CreateLogStream",
39+
"logs:PutLogEvents",
40+
]
41+
42+
resources = [
43+
"arn:aws:logs:*:*:*",
44+
]
45+
}
1946
}

main.tf

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,19 @@
1+
resource "random_string" "lambda_postfix_generator" {
2+
length = 16
3+
upper = true
4+
lower = true
5+
number = true
6+
special = false
7+
}
8+
19
resource "aws_sns_topic" "alarm_topic" {
2-
name = "${var.topic_name}"
10+
name = "${var.topic_name}-${random_string.lambda_postfix_generator.result}"
311
}
412

513
resource "aws_lambda_function" "notify_slack" {
614
s3_bucket = "${var.lambda_s3_bucket}"
715
s3_key = "${var.s3_key}"
8-
function_name = "${var.name_prefix}-slack-notify"
16+
function_name = "${var.name_prefix}-slack-notify-${random_string.lambda_postfix_generator.result}"
917
handler = "${var.handler}"
1018
runtime = "go1.x"
1119
timeout = "${var.timeout}"

0 commit comments

Comments
 (0)