feat: Add support for custom name prefixes for IAM role and policy (#62)

terraform-aws-modules · Apr 13, 2020 · ab4857e · ab4857e
1 parent b3c0298
commit ab4857e
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 23 deletions.
diff --git a/README.md b/README.md
@@ -71,27 +71,26 @@ To run the tests:
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:-----:|
-| cloudwatch\_log\_group\_kms\_key\_id | The ARN of the KMS Key to use when encrypting log data for Lambda | `string` | n/a | yes |
-| cloudwatch\_log\_group\_retention\_in\_days | Specifies the number of days you want to retain log events in log group for Lambda. | `number` | `0` | no |
-| cloudwatch\_log\_group\_tags | Additional tags for the Cloudwatch log group | `map(string)` | `{}` | no |
-| create | Whether to create all resources | `bool` | `true` | no |
-| create\_sns\_topic | Whether to create new SNS topic | `bool` | `true` | no |
-| iam\_role\_tags | Additional tags for the IAM role | `map(string)` | `{}` | no |
-| kms\_key\_arn | ARN of the KMS key used for decrypting slack webhook url | `string` | `""` | no |
-| lambda\_description | The description of the Lambda function | `string` | n/a | yes |
-| lambda\_function\_name | The name of the Lambda function to create | `string` | `"notify_slack"` | no |
-| lambda\_function\_tags | Additional tags for the Lambda function | `map(string)` | `{}` | no |
-| log\_events | Boolean flag to enabled/disable logging of incoming events | `bool` | `false` | no |
-| reserved\_concurrent\_executions | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations | `number` | `-1` | no |
-| slack\_channel | The name of the channel in Slack for notifications | `string` | n/a | yes |
-| slack\_emoji | A custom emoji that will appear on Slack messages | `string` | `":aws:"` | no |
-| slack\_username | The username that will appear on Slack messages | `string` | n/a | yes |
-| slack\_webhook\_url | The URL of Slack webhook | `string` | n/a | yes |
-| sns\_topic\_name | The name of the SNS topic to create | `string` | n/a | yes |
-| sns\_topic\_tags | Additional tags for the SNS topic | `map(string)` | `{}` | no |
-| subsription\_filter\_policy | A valid filter policy that will be used in the subscription to filter messages seen by the target resource | `string` | n/a | no |
-| tags | A map of tags to add to all resources | `map(string)` | `{}` | no |
+|------|-------------|:----:|:-----:|:-----:|
+| cloudwatch\_log\_group\_kms\_key\_id | The ARN of the KMS Key to use when encrypting log data for Lambda | string | `"null"` | no |
+| cloudwatch\_log\_group\_retention\_in\_days | Specifies the number of days you want to retain log events in log group for Lambda. | number | `"0"` | no |
+| cloudwatch\_log\_group\_tags | Additional tags for the Cloudwatch log group | map(string) | `{}` | no |
+| create | Whether to create all resources | bool | `"true"` | no |
+| create\_sns\_topic | Whether to create new SNS topic | bool | `"true"` | no |
+| iam\_role\_tags | Additional tags for the IAM role | map(string) | `{}` | no |
+| iam\_role\_name\_prefix | A unique role name beginning with the specified prefix | string | `"lambda"` | no |
+| iam\_role\_policy\_name\_prefix | A unique policy name beginning with the specified prefix | string | `"lambda-policy-"` | no |
+| kms\_key\_arn | ARN of the KMS key used for decrypting slack webhook url | string | `""` | no |
+| lambda\_description | The description of the Lambda function | string | `"null"` | no |
+| lambda\_function\_name | The name of the Lambda function to create | string | `"notify_slack"` | no |
+| lambda\_function\_tags | Additional tags for the Lambda function | map(string) | `{}` | no |
+| log\_events | Boolean flag to enabled/disable logging of incoming events | string | `"false"` | no |
+| reserved\_concurrent\_executions | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations | number | `"-1"` | no |
+| slack\_channel | The name of the channel in Slack for notifications | string | n/a | yes |
+| slack\_emoji | A custom emoji that will appear on Slack messages | string | `":aws:"` | no |
+| slack\_username | The username that will appear on Slack messages | string | n/a | yes |
+| slack\_webhook\_url | The URL of Slack webhook | string | n/a | yes |
+| sns\_topic\_name | The name of the SNS topic to create | string | n/a | yes |
 
 ## Outputs
 

diff --git a/iam.tf b/iam.tf
@@ -49,7 +49,7 @@ data "aws_iam_policy_document" "lambda" {
 resource "aws_iam_role" "lambda" {
   count = var.create ? 1 : 0
 
-  name_prefix        = "lambda"
+  name_prefix        = var.iam_role_name_prefix
   assume_role_policy = data.aws_iam_policy_document.assume_role[0].json
 
   tags = merge(var.tags, var.iam_role_tags)
@@ -58,7 +58,7 @@ resource "aws_iam_role" "lambda" {
 resource "aws_iam_role_policy" "lambda" {
   count = var.create ? 1 : 0
 
-  name_prefix = "lambda-policy-"
+  name_prefix = var.iam_role_policy_name_prefix
   role        = aws_iam_role.lambda[0].id
   policy      = data.aws_iam_policy_document.lambda[0].json
 }
diff --git a/variables.tf b/variables.tf
@@ -89,6 +89,18 @@ variable "iam_role_tags" {
   default     = {}
 }
 
+variable "iam_role_name_prefix" {
+  description = "A unique role name beginning with the specified prefix"
+  type        = string
+  default     = "lambda"
+}
+
+variable "iam_role_policy_name_prefix" {
+  description = "A unique policy name beginning with the specified prefix"
+  type        = string
+  default     = "lambda-policy-"
+}
+
 variable "lambda_function_tags" {
   description = "Additional tags for the Lambda function"
   type        = map(string)