From 0c44e31f91dd5ea8c448daff88c7ffbe8ecf6f00 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Mon, 11 Apr 2022 21:40:56 +0300
Subject: [PATCH] Tagging and Terraform updates.
- Update the AWS provider.
- Use the common tags option in the provider and improve tagging usage.
- Address a few warnings from the updated provider.
---
alarms.tf | 2 --
functions.tf | 6 ++----
log-groups.tf | 4 +---
main.tf | 15 ++++++++++++---
s3.tf | 30 ++++++++++++++++++------------
sms-notify.tf | 3 ---
sns.tf | 6 ++----
triggers.tf | 1 -
8 files changed, 35 insertions(+), 32 deletions(-)
diff --git a/alarms.tf b/alarms.tf
index 274ac9a..137491f 100644
--- a/alarms.tf
+++ b/alarms.tf
@@ -11,7 +11,6 @@ resource "aws_cloudwatch_metric_alarm" "invocations" {
ok_actions = [local.topic_arn]
period = (var.rate + 1) * 60
statistic = "Sum"
- tags = local.common_tags
threshold = 1
dimensions = {
@@ -36,7 +35,6 @@ resource "aws_cloudwatch_metric_alarm" "errors" {
ok_actions = [local.topic_arn]
period = (var.rate + 1) * 60
statistic = "Sum"
- tags = local.common_tags
threshold = 0
dimensions = {
diff --git a/functions.tf b/functions.tf
index 74c5367..2ce0c5e 100644
--- a/functions.tf
+++ b/functions.tf
@@ -1,5 +1,5 @@
locals {
- function_name_prefix = local.Name
+ function_name_prefix = local.name
functions = [
"_dns",
"gitlab",
@@ -40,9 +40,8 @@ locals {
}
resource "aws_iam_role" "lambda" {
- name = local.Name
+ name = local.name
assume_role_policy = local.lambda_assume_policy_doc
- tags = local.common_tags
}
locals {
@@ -125,7 +124,6 @@ resource "aws_lambda_function" "function" {
description = "${local.module} ${local.functions[count.index]} check in ${local.env}."
memory_size = var.memory_size
reserved_concurrent_executions = -1
- tags = local.common_tags
timeout = var.timeout
environment {
diff --git a/log-groups.tf b/log-groups.tf
index a50e4fa..2316e36 100644
--- a/log-groups.tf
+++ b/log-groups.tf
@@ -3,7 +3,6 @@ resource "aws_cloudwatch_log_group" "lambda" {
count = length(local.function_names)
name = "/aws/lambda/${local.function_names[count.index]}"
retention_in_days = var.log_retention
- tags = local.common_tags
}
locals {
@@ -39,9 +38,8 @@ locals {
}
resource "aws_iam_policy" "log" {
- name = "${local.module}-${local.env}-log"
+ name = "${local.name}-log"
policy = local.log_policy_doc
- tags = local.common_tags
}
locals {
diff --git a/main.tf b/main.tf
index 320abad..cfc07b1 100644
--- a/main.tf
+++ b/main.tf
@@ -1,5 +1,11 @@
terraform {
backend "http" {}
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 4.0"
+ }
+ }
}
locals {
@@ -8,8 +14,9 @@ locals {
common_tags = {
Environment = local.env
Module = local.module
+ Name = local.name
}
- Name = "${local.module}-${local.env}"
+ name = "${local.module}-${local.env}"
}
output "env" {
@@ -35,11 +42,13 @@ output "region" {
provider "aws" {
region = var.region
+ default_tags {
+ tags = local.common_tags
+ }
}
resource "aws_resourcegroups_group" "group" {
- name = local.Name
- tags = local.common_tags
+ name = local.name
resource_query {
query = <<EOF
{
diff --git a/s3.tf b/s3.tf
index 0786116..8de9772 100644
--- a/s3.tf
+++ b/s3.tf
@@ -1,16 +1,11 @@
resource "aws_s3_bucket" "payloads" {
# checkov:skip=CKV_AWS_18
# checkov:skip=CKV_AWS_19
+ # checkov:skip=CKV_AWS_21
# checkov:skip=CKV_AWS_144
# checkov:skip=CKV_AWS_145
- bucket = local.Name
- tags = local.common_tags
- acl = "private"
+ bucket = local.name
force_destroy = true
-
- versioning {
- enabled = true
- }
}
@@ -19,6 +14,18 @@ locals {
payloads_bucket_name = aws_s3_bucket.payloads.bucket
}
+resource "aws_s3_bucket_versioning" "payloads" {
+ bucket = local.payloads_bucket_name
+ versioning_configuration {
+ status = "Enabled"
+ }
+}
+
+resource "aws_s3_bucket_acl" "payloads" {
+ acl = "private"
+ bucket = local.payloads_bucket_name
+}
+
resource "aws_s3_bucket_public_access_block" "payloads" {
bucket = aws_s3_bucket.payloads.bucket
@@ -38,19 +45,18 @@ output "payloads_bucket_name" {
value = local.payloads_bucket_name
}
-resource "aws_s3_bucket_object" "payload" {
+resource "aws_s3_object" "payload" {
# checkov:skip=CKV_AWS_186
bucket = local.payloads_bucket_name
key = "payload.zip"
source = "payload.zip"
etag = filemd5("payload.zip")
- tags = local.common_tags
}
locals {
- payload_object_etag = aws_s3_bucket_object.payload.etag
- payload_object_name = aws_s3_bucket_object.payload.key
- payload_object_version = aws_s3_bucket_object.payload.version_id
+ payload_object_etag = aws_s3_object.payload.etag
+ payload_object_name = aws_s3_object.payload.key
+ payload_object_version = aws_s3_object.payload.version_id
}
output "payload_object_etag" {
diff --git a/sms-notify.tf b/sms-notify.tf
index a952408..f096f04 100644
--- a/sms-notify.tf
+++ b/sms-notify.tf
@@ -28,7 +28,6 @@ resource "aws_lambda_function" "sms_notify" {
description = "Send SMS message notification using Twilio."
memory_size = var.memory_size
reserved_concurrent_executions = -1
- tags = local.common_tags
timeout = var.timeout
environment {
@@ -111,7 +110,6 @@ resource "aws_cloudwatch_log_group" "sms_notify" {
# checkov:skip=CKV_AWS_158
name = "/aws/lambda/${local.function_name_prefix}-sms-notify"
retention_in_days = var.log_retention
- tags = local.common_tags
}
locals {
@@ -149,7 +147,6 @@ locals {
resource "aws_iam_policy" "sms_notify_log" {
name = "${local.module}-${local.env}-sms-notify-log"
policy = local.sms_notify_log_policy_doc
- tags = local.common_tags
}
locals {
diff --git a/sns.tf b/sns.tf
index 98dce86..4436428 100644
--- a/sns.tf
+++ b/sns.tf
@@ -1,7 +1,6 @@
resource "aws_sns_topic" "topic" {
# checkov:skip=CKV_AWS_26
- name = local.Name
- tags = local.common_tags
+ name = local.name
}
locals {
@@ -61,9 +60,8 @@ locals {
}
resource "aws_iam_policy" "publish" {
- name = "${local.module}-${local.env}-publish"
+ name = "${local.name}-publish"
policy = local.sns_publish_policy_doc
- tags = local.common_tags
}
locals {
diff --git a/triggers.tf b/triggers.tf
index e08e5ec..5bf5595 100644
--- a/triggers.tf
+++ b/triggers.tf
@@ -14,7 +14,6 @@ resource "aws_cloudwatch_event_rule" "schedule" {
name = local.function_names[count.index]
description = "Schedule to trigger ${local.function_names[count.index]} functions in ${local.env}."
schedule_expression = "rate(${var.rate} minutes)"
- tags = local.common_tags
}
locals {
--
GitLab