From ab4857eab2f08de29f5a1aba0660984f7b679ba6 Mon Sep 17 00:00:00 2001 From: hit0ri <4470499+hit0ri@users.noreply.github.com> Date: Mon, 13 Apr 2020 10:52:36 +0300 Subject: [PATCH] feat: Add support for custom name prefixes for IAM role and policy (#62) --- README.md | 41 ++++++++++++++++++++--------------------- iam.tf | 4 ++-- variables.tf | 12 ++++++++++++ 3 files changed, 34 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 6a330807..7998d14e 100644 --- a/README.md +++ b/README.md @@ -71,27 +71,26 @@ To run the tests: ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:-----:| -| cloudwatch\_log\_group\_kms\_key\_id | The ARN of the KMS Key to use when encrypting log data for Lambda | `string` | n/a | yes | -| cloudwatch\_log\_group\_retention\_in\_days | Specifies the number of days you want to retain log events in log group for Lambda. | `number` | `0` | no | -| cloudwatch\_log\_group\_tags | Additional tags for the Cloudwatch log group | `map(string)` | `{}` | no | -| create | Whether to create all resources | `bool` | `true` | no | -| create\_sns\_topic | Whether to create new SNS topic | `bool` | `true` | no | -| iam\_role\_tags | Additional tags for the IAM role | `map(string)` | `{}` | no | -| kms\_key\_arn | ARN of the KMS key used for decrypting slack webhook url | `string` | `""` | no | -| lambda\_description | The description of the Lambda function | `string` | n/a | yes | -| lambda\_function\_name | The name of the Lambda function to create | `string` | `"notify_slack"` | no | -| lambda\_function\_tags | Additional tags for the Lambda function | `map(string)` | `{}` | no | -| log\_events | Boolean flag to enabled/disable logging of incoming events | `bool` | `false` | no | -| reserved\_concurrent\_executions | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations | `number` | `-1` | no | -| slack\_channel | The name of the channel in Slack for notifications | `string` | n/a | yes | -| slack\_emoji | A custom emoji that will appear on Slack messages | `string` | `":aws:"` | no | -| slack\_username | The username that will appear on Slack messages | `string` | n/a | yes | -| slack\_webhook\_url | The URL of Slack webhook | `string` | n/a | yes | -| sns\_topic\_name | The name of the SNS topic to create | `string` | n/a | yes | -| sns\_topic\_tags | Additional tags for the SNS topic | `map(string)` | `{}` | no | -| subsription\_filter\_policy | A valid filter policy that will be used in the subscription to filter messages seen by the target resource | `string` | n/a | no | -| tags | A map of tags to add to all resources | `map(string)` | `{}` | no | +|------|-------------|:----:|:-----:|:-----:| +| cloudwatch\_log\_group\_kms\_key\_id | The ARN of the KMS Key to use when encrypting log data for Lambda | string | `"null"` | no | +| cloudwatch\_log\_group\_retention\_in\_days | Specifies the number of days you want to retain log events in log group for Lambda. | number | `"0"` | no | +| cloudwatch\_log\_group\_tags | Additional tags for the Cloudwatch log group | map(string) | `{}` | no | +| create | Whether to create all resources | bool | `"true"` | no | +| create\_sns\_topic | Whether to create new SNS topic | bool | `"true"` | no | +| iam\_role\_tags | Additional tags for the IAM role | map(string) | `{}` | no | +| iam\_role\_name\_prefix | A unique role name beginning with the specified prefix | string | `"lambda"` | no | +| iam\_role\_policy\_name\_prefix | A unique policy name beginning with the specified prefix | string | `"lambda-policy-"` | no | +| kms\_key\_arn | ARN of the KMS key used for decrypting slack webhook url | string | `""` | no | +| lambda\_description | The description of the Lambda function | string | `"null"` | no | +| lambda\_function\_name | The name of the Lambda function to create | string | `"notify_slack"` | no | +| lambda\_function\_tags | Additional tags for the Lambda function | map(string) | `{}` | no | +| log\_events | Boolean flag to enabled/disable logging of incoming events | string | `"false"` | no | +| reserved\_concurrent\_executions | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations | number | `"-1"` | no | +| slack\_channel | The name of the channel in Slack for notifications | string | n/a | yes | +| slack\_emoji | A custom emoji that will appear on Slack messages | string | `":aws:"` | no | +| slack\_username | The username that will appear on Slack messages | string | n/a | yes | +| slack\_webhook\_url | The URL of Slack webhook | string | n/a | yes | +| sns\_topic\_name | The name of the SNS topic to create | string | n/a | yes | ## Outputs diff --git a/iam.tf b/iam.tf index 4e964315..6b9ae2d3 100644 --- a/iam.tf +++ b/iam.tf @@ -49,7 +49,7 @@ data "aws_iam_policy_document" "lambda" { resource "aws_iam_role" "lambda" { count = var.create ? 1 : 0 - name_prefix = "lambda" + name_prefix = var.iam_role_name_prefix assume_role_policy = data.aws_iam_policy_document.assume_role[0].json tags = merge(var.tags, var.iam_role_tags) @@ -58,7 +58,7 @@ resource "aws_iam_role" "lambda" { resource "aws_iam_role_policy" "lambda" { count = var.create ? 1 : 0 - name_prefix = "lambda-policy-" + name_prefix = var.iam_role_policy_name_prefix role = aws_iam_role.lambda[0].id policy = data.aws_iam_policy_document.lambda[0].json } diff --git a/variables.tf b/variables.tf index f131f353..058e41b8 100644 --- a/variables.tf +++ b/variables.tf @@ -89,6 +89,18 @@ variable "iam_role_tags" { default = {} } +variable "iam_role_name_prefix" { + description = "A unique role name beginning with the specified prefix" + type = string + default = "lambda" +} + +variable "iam_role_policy_name_prefix" { + description = "A unique policy name beginning with the specified prefix" + type = string + default = "lambda-policy-" +} + variable "lambda_function_tags" { description = "Additional tags for the Lambda function" type = map(string)