build(terraform): Randomized IAM Names

brexhq · Dec 19, 2023 · 1c19d15 · 1c19d15
1 parent 4d0b5f6
commit 1c19d15
Show file tree

Hide file tree

Showing 10 changed files with 25 additions and 23 deletions.
diff --git a/build/terraform/aws/api_gateway/kinesis_data_stream/main.tf b/build/terraform/aws/api_gateway/kinesis_data_stream/main.tf
@@ -1,3 +1,5 @@
+resource "random_uuid" "id" {}
+
 data "aws_region" "current" {}
 
 data "aws_partition" "current" {}
@@ -28,7 +30,7 @@ data "aws_iam_policy_document" "service_policy_document" {
 }
 
 resource "aws_iam_role" "role" {
-  name               = "sub-api-gateway-${var.config.name}-${data.aws_region.current.name}"
+  name               = "substation-api-gateway-${resource.random_uuid.id.id}"
   assume_role_policy = data.aws_iam_policy_document.service_policy_document.json
   tags               = var.tags
 }

diff --git a/build/terraform/aws/cloudwatch/destination/main.tf b/build/terraform/aws/cloudwatch/destination/main.tf
@@ -1,4 +1,4 @@
-data "aws_region" "current" {}
+resource "random_uuid" "id" {}
 
 data "aws_caller_identity" "current" {}
 
@@ -84,7 +84,7 @@ data "aws_iam_policy_document" "destination" {
 }
 
 resource "aws_iam_role" "destination" {
-  name               = "sub-cloudwatch-destination-${var.config.name}-${data.aws_region.current.name}"
+  name               = "substation-cloudwatch-destination-${resource.random_uuid.id.id}"
   assume_role_policy = data.aws_iam_policy_document.destination_assume_role.json
   tags               = var.tags
 }
@@ -95,7 +95,7 @@ resource "aws_iam_role_policy_attachment" "destination" {
 }
 
 resource "aws_iam_policy" "destination" {
-  name        = "sub-cloudwatch-destination-${var.config.name}-${data.aws_region.current.name}"
+  name        = "substation-cloudwatch-destination-${resource.random_uuid.id.id}"
   description = "Policy for the ${var.config.name} CloudWatch destination."
   policy      = data.aws_iam_policy_document.destination.json
 }

diff --git a/build/terraform/aws/dynamodb/main.tf b/build/terraform/aws/dynamodb/main.tf
@@ -1,4 +1,4 @@
-data "aws_region" "current" {}
+resource "random_uuid" "id" {}
 
 locals {
   read_capacity = var.config.read_capacity != null ? var.config.read_capacity : tomap({
@@ -63,7 +63,7 @@ resource "aws_iam_role_policy_attachment" "access" {
 }
 
 resource "aws_iam_policy" "access" {
-  name        = "sub-dynamodb-access-${var.config.name}-${data.aws_region.current.name}"
+  name        = "substation-dynamodb-access-${resource.random_uuid.id.id}"
   description = "Policy that grants access to the Substation ${var.config.name} DynamoDB table."
   policy      = data.aws_iam_policy_document.access.json
 }

diff --git a/build/terraform/aws/kinesis_data_stream/main.tf b/build/terraform/aws/kinesis_data_stream/main.tf
@@ -1,4 +1,4 @@
-data "aws_region" "current" {}
+resource "random_uuid" "id" {}
 
 resource "aws_kinesis_stream" "stream" {
   name             = var.config.name
@@ -21,7 +21,7 @@ resource "aws_iam_role_policy_attachment" "access" {
 }
 
 resource "aws_iam_policy" "access" {
-  name        = "sub-kinesis-data-stream-access-${var.config.name}-${data.aws_region.current.name}"
+  name        = "substation-kinesis-data-stream-access-${resource.random_uuid.id.id}"
   description = "Policy that grants access to the Substation ${var.config.name} Kinesis Data Stream."
   policy      = data.aws_iam_policy_document.access.json
 }

diff --git a/build/terraform/aws/lambda/main.tf b/build/terraform/aws/lambda/main.tf
@@ -1,4 +1,4 @@
-data "aws_region" "current" {}
+resource "random_uuid" "id" {}
 
 # var.map[*] is a convenience function for handling empty maps.
 locals {
@@ -45,7 +45,7 @@ resource "aws_lambda_function" "lambda_function" {
 }
 
 resource "aws_iam_role" "role" {
-  name               = "sub-lambda-${var.config.name}-${data.aws_region.current.name}"
+  name               = "substation-lambda-${resource.random_uuid.id.id}"
   assume_role_policy = data.aws_iam_policy_document.service_policy_document.json
 
   tags = var.tags
@@ -104,7 +104,7 @@ resource "aws_iam_role_policy_attachment" "custom_policy_attachment" {
 }
 
 resource "aws_iam_policy" "custom_policy" {
-  name        = "sub-lambda-${var.config.name}-${data.aws_region.current.name}"
+  name        = "substation-lambda-${resource.random_uuid.id.id}"
   description = "Policy for the ${var.config.name} Lambda."
   policy      = data.aws_iam_policy_document.policy.json
 }
@@ -158,7 +158,7 @@ resource "aws_iam_role_policy_attachment" "access" {
 }
 
 resource "aws_iam_policy" "access" {
-  name        = "sub-lambda-access-${var.config.name}-${data.aws_region.current.name}"
+  name        = "substation-lambda-access-${resource.random_uuid.id.id}"
   description = "Policy that grants access to the Substation ${var.config.name} Lambda."
   policy      = data.aws_iam_policy_document.access.json
 }

diff --git a/build/terraform/aws/s3/main.tf b/build/terraform/aws/s3/main.tf
@@ -1,4 +1,4 @@
-data "aws_region" "current" {}
+resource "random_uuid" "id" {}
 
 resource "aws_s3_bucket" "bucket" {
   bucket        = var.config.name
@@ -41,7 +41,7 @@ resource "aws_iam_role_policy_attachment" "access" {
 }
 
 resource "aws_iam_policy" "access" {
-  name        = "sub-s3-access-${var.config.name}-${data.aws_region.current.name}"
+  name        = "substation-s3-access-${resource.random_uuid.id.id}"
   description = "Policy that grants access to the Substation ${var.config.name} S3 bucket."
   policy      = data.aws_iam_policy_document.access.json
 }

diff --git a/build/terraform/aws/s3/worm/main.tf b/build/terraform/aws/s3/worm/main.tf
@@ -1,4 +1,4 @@
-data "aws_region" "current" {}
+resource "random_uuid" "id" {}
 
 resource "aws_s3_bucket" "bucket" {
   bucket        = var.config.name
@@ -54,7 +54,7 @@ resource "aws_iam_role_policy_attachment" "access" {
 }
 
 resource "aws_iam_policy" "access" {
-  name        = "sub-s3-access-${var.config.name}-${data.aws_region.current.name}"
+  name        = "substation-s3-access-${resource.random_uuid.id.id}"
   description = "Policy that grants access to the Substation ${var.config.name} S3 bucket."
   policy      = data.aws_iam_policy_document.access.json
 }

diff --git a/build/terraform/aws/secret/main.tf b/build/terraform/aws/secret/main.tf
@@ -1,7 +1,7 @@
-data "aws_region" "current" {}
+resource "random_uuid" "id" {}
 
 resource "aws_secretsmanager_secret" "secret" {
-  name       = var.config.secret.name
+  name       = var.config.name
   kms_key_id = var.kms.id
   tags       = var.tags
 }
@@ -14,7 +14,7 @@ resource "aws_iam_role_policy_attachment" "access" {
 }
 
 resource "aws_iam_policy" "access" {
-  name        = "sub-secret-access-${var.config.name}-${data.aws_region.current.name}"
+  name        = "substation-secret-access-${resource.random_uuid.id.id}"
   description = "Policy that grants access to the Substation ${var.config.name} secret."
   policy      = data.aws_iam_policy_document.access.json
 }

diff --git a/build/terraform/aws/sns/main.tf b/build/terraform/aws/sns/main.tf
@@ -1,4 +1,4 @@
-data "aws_region" "current" {}
+resource "random_uuid" "id" {}
 
 resource "aws_sns_topic" "topic" {
   name                        = var.config.name
@@ -17,7 +17,7 @@ resource "aws_iam_role_policy_attachment" "access" {
 }
 
 resource "aws_iam_policy" "access" {
-  name        = "sub-sns-access-${var.config.name}-${data.aws_region.current.name}"
+  name        = "substation-sns-access-${resource.random_uuid.id.id}"
   description = "Policy that grants access to the Substation ${var.config.name} SNS topic."
   policy      = data.aws_iam_policy_document.access.json
 }

diff --git a/build/terraform/aws/sqs/main.tf b/build/terraform/aws/sqs/main.tf
@@ -1,4 +1,4 @@
-data "aws_region" "current" {}
+resource "random_uuid" "id" {}
 
 locals {
   read_access = [
@@ -32,7 +32,7 @@ resource "aws_iam_role_policy_attachment" "access" {
 }
 
 resource "aws_iam_policy" "access" {
-  name        = "sub-sqs-access-${var.config.name}-${data.aws_region.current.name}"
+  name        = "substation-sqs-access-${resource.random_uuid.id.id}"
   description = "Policy that grants access to the Substation ${var.config.name} SQS queue."
   policy      = data.aws_iam_policy_document.access.json
 }