⚡ better TF

jmeisele · jmeisele · commit 57ccb773e155 · 2023-11-27T06:03:57.000-06:00
diff --git a/data.tf b/data.tf
@@ -0,0 +1,32 @@
+###############
+#    IAM      #
+###############
+data "aws_iam_policy_document" "lambda" {
+  statement {
+    actions = [
+      "logs:CreateLogStream",
+      "logs:PutLogEvents"
+    ]
+    resources = [
+      "arn:aws:logs:*:*:*"
+    ]
+  }
+  statement {
+    actions = [
+      "xray:PutTraceSegments",
+      "xray:PutTelemetryRecords",
+    ]
+    resources = [
+      "arn:aws:xray:*:*:*"
+    ]
+  }
+}
+
+###############
+#   Lambda    #
+###############
+data "archive_file" "python_lambda_package" {
+  type        = "zip"
+  source_file = "${path.module}/src/handler.py"
+  output_path = "lambda.zip"
+}
diff --git a/main.tf b/main.tf
@@ -2,7 +2,7 @@
 #     IAM     #
 ###############
 resource "aws_iam_role" "iam_for_lambda" {
-  name               = "iam_for_lambda"
+  name               = "${var.function_name}-role"
   assume_role_policy = <<EOF
 {
   "Version": "2012-10-17",
@@ -20,34 +20,12 @@ resource "aws_iam_role" "iam_for_lambda" {
 EOF
 }
 
-# NOTE: We are deleteing the logs:CreateLogGroup action since we are creating a log group resource in terraform
-data "aws_iam_policy_document" "lambda_logs" {
-  statement {
-    actions = [
-      "logs:CreateLogStream",
-      "logs:PutLogEvents"
-    ]
-    resources = [
-      "arn:aws:logs:*:*:*"
-    ]
-  }
-  statement {
-    actions = [
-      "xray:PutTraceSegments",
-      "xray:PutTelemetryRecords",
-    ]
-    resources = [
-      "arn:aws:xray:*:*:*"
-    ]
-  }
-}
-
 # IAM policy for logging from a lambda
 resource "aws_iam_policy" "iam_policy_for_lambda" {
-  name        = "aws_iam_policy_for_terraform_aws_lambda_log_role"
+  name        = "${var.function_name}-policy"
   path        = "/"
   description = "AWS IAM Policy for managing aws lambda role"
-  policy      = data.aws_iam_policy_document.lambda_logs.json
+  policy      = data.aws_iam_policy_document.lambda.json
 }
 
 # Policy Attachment on the role.
@@ -56,16 +34,9 @@ resource "aws_iam_role_policy_attachment" "attach_iam_policy_to_iam_role" {
   policy_arn = aws_iam_policy.iam_policy_for_lambda.arn
 }
 
-
 ###############
 #   Lambda    #
 ###############
-data "archive_file" "python_lambda_package" {
-  type        = "zip"
-  source_file = "${path.module}/src/handler.py"
-  output_path = "lambda.zip"
-}
-
 resource "aws_lambda_function" "lambda" {
   function_name    = var.function_name
   filename         = "lambda.zip"
@@ -77,7 +48,7 @@ resource "aws_lambda_function" "lambda" {
   timeout          = 10
   layers           = [aws_lambda_layer_version.xray.arn]
   depends_on = [
-    aws_cloudwatch_log_group.lambda_logs
+    aws_cloudwatch_log_group.lambda
   ]
   tracing_config {
     mode = "Active"
@@ -98,7 +69,7 @@ resource "aws_lambda_layer_version" "xray" {
 #   Cloudwatch Logs     #
 ##########################
 # NOTE: The cloudwatch log group HAS to follow this naming convention for lambda logging
-resource "aws_cloudwatch_log_group" "lambda_logs" {
+resource "aws_cloudwatch_log_group" "lambda" {
   name              = "/aws/lambda/${var.function_name}"
   retention_in_days = 14
 }
