fixed some stale references in the threat_intel_downloader terraform …

…module
airbnb · Jan 7, 2020 · b57dad2 · b57dad2
1 parent b715410
commit b57dad2
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 3 deletions.
diff --git a/streamalert_cli/terraform/threat_intel_downloader.py b/streamalert_cli/terraform/threat_intel_downloader.py
@@ -49,6 +49,8 @@ def generate_threat_intel_downloader(config):
         'region': config['global']['account']['region'],
         'prefix': prefix,
         'function_role_id': '${module.threat_intel_downloader.role_id}',
+        'function_alias_arn': '${module.threat_intel_downloader.function_alias_arn}',
+        'function_cloudwatch_log_group_name': '${module.threat_intel_downloader.log_group_name}',
         'monitoring_sns_topic': dlq_topic,
         'table_rcu': tid_config.get('table_rcu', '10'),
         'table_wcu': tid_config.get('table_wcu', '10'),

diff --git a/terraform/modules/tf_threat_intel_downloader/iam.tf b/terraform/modules/tf_threat_intel_downloader/iam.tf
@@ -15,7 +15,7 @@ data "aws_iam_policy_document" "invoke_lambda_function" {
     ]
 
     resources = [
-      aws_lambda_function.threat_intel_downloader.arn,
+      var.function_alias_arn
     ]
   }
 }
@@ -37,7 +37,7 @@ data "aws_iam_policy_document" "cloudwatch_logs_policy" {
     ]
 
     resources = [
-      aws_cloudwatch_log_group.threat_intel_downloader.arn,
+      var.function_cloudwatch_log_group_name
     ]
   }
 
@@ -50,7 +50,7 @@ data "aws_iam_policy_document" "cloudwatch_logs_policy" {
     ]
 
     resources = [
-      "arn:aws:logs:${var.region}:${var.account_id}:log-group:${aws_cloudwatch_log_group.threat_intel_downloader.name}:log-stream:*",
+      "arn:aws:logs:${var.region}:${var.account_id}:log-group:${var.function_cloudwatch_log_group_name}:log-stream:*",
     ]
   }
 }

diff --git a/terraform/modules/tf_threat_intel_downloader/variables.tf b/terraform/modules/tf_threat_intel_downloader/variables.tf
@@ -14,6 +14,14 @@ variable "function_role_id" {
   description = "Threat Intel Downloader function IAM Role ID, exported from the tf_lambda module"
 }
 
+variable "function_alias_arn" {
+  description = "Threat Intel Downloader function alias arn, exported from the tf_lambda module"
+}
+
+variable "function_cloudwatch_log_group_name" {
+  description = "Threat Intel Downloader function cloudwatch log group name, exported from the tf_lambda module"
+}
+
 variable "parameter_name" {
   default = "threat_intel_downloader_api_creds"
   type    = string