Merge pull request #1 from osodevops/ami-lambda-update

Richard Gutkowski · web-flow · commit ead605e768ec · 2020-04-21T11:50:47.000+01:00
Updating naming for resources and readme
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 
 ---
 
-This Terraform module creates an encryption Lambda function that is triggered by a SNS notification on a successful AMI Packer build.
+This Terraform module creates an encryption Lambda function that is triggered by a SNS notification on a successful AMI Packer build. The module also creates a cloudwatch event that monitors build events and passes them to ami encryption lambda function. The cloudwatch even target is set to the ami encryption lambda, in order to run on any successful build.
 
 This project is part of our open source DevOps adoption approach. 
 
diff --git a/aws_cloudwatch_event_rule_build_success.tf b/aws_cloudwatch_event_rule_build_success.tf
@@ -1,6 +1,5 @@
 resource "aws_cloudwatch_event_rule" "build_alert" {
-  # Create cloudwatch event that monitors build events and passes them to ami encryption lambda function
-  name = "AMI-CODEBUILD-SUCESS-ALERT"
+  name = "${upper(var.environment)}-AMI-CODEBUILD-SUCESS-ALERT"
   description = "Send alerts to encrypt AMI on build success."
 
   event_pattern = <<PATTERN
@@ -21,7 +20,6 @@ resource "aws_cloudwatch_event_rule" "build_alert" {
 }
 
 resource "aws_cloudwatch_event_target" "lamba_alert" {
-  # Create ami encryption target
   rule      = aws_cloudwatch_event_rule.build_alert.name
   target_id = "ami-encryption-lambda"
   arn       = aws_lambda_function.ami_encryption_lambda.arn
diff --git a/aws_lambda_iam_policy_attachment.tf b/aws_lambda_iam_policy_attachment.tf
@@ -1,5 +1,5 @@
 resource "aws_iam_policy_attachment" "ami_encryption_policy" {
-  name       = "ami-encryption-attachment"
+  name       = "${var.environment}-ami-encryption-attachment"
   roles      = [aws_iam_role.ami_encrypt_lambda.name]
   policy_arn = aws_iam_policy.ami_encryption_policy.arn
 }
diff --git a/variables.tf b/variables.tf
@@ -1,4 +1,7 @@
-variable "environment" {}
+variable "environment" {
+  description = "Set the environment for where the ami encryption lambda is deployed."
+  type = string
+}
 
 variable "kms_key_arn" {
   description = "If Encrypt_ami set to true then you must pass in the arn of the key you wish to encrypt disk with."
diff --git a/±! b/±!

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`resource "aws_iam_policy_attachment" "ami_encryption_policy" {`
`2`		`- name = "ami-encryption-attachment"`
	`2`	`+ name = "${var.environment}-ami-encryption-attachment"`
`3`	`3`	`roles = [aws_iam_role.ami_encrypt_lambda.name]`
`4`	`4`	`policy_arn = aws_iam_policy.ami_encryption_policy.arn`
`5`	`5`	`}`