diff options
| author | Alex <git@ajschof.me> | 2024-08-19 23:08:53 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-19 23:08:53 +0100 |
| commit | 5306f6fd73b43957769320328398a23e7be95c4d (patch) | |
| tree | 36e91d196cad1a16bc32c4abac7845be89ff4853 | |
| parent | f93636f2808b1fbed900b162aed9c6420bfb1aa5 (diff) | |
| parent | b8574d4c4bf262a8034d21b770fd4287022c2648 (diff) | |
| download | de-project-bentley-5306f6fd73b43957769320328398a23e7be95c4d.tar.gz de-project-bentley-5306f6fd73b43957769320328398a23e7be95c4d.zip | |
Merge pull request #67 from ajschofield/alex/tf-perms-fix
pr: fix events.tf lambda permissions
| -rw-r--r-- | terraform/events.tf | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/terraform/events.tf b/terraform/events.tf index 0113f5f..53ae10a 100644 --- a/terraform/events.tf +++ b/terraform/events.tf @@ -2,7 +2,19 @@ # Random String # ################# -resource "random_string" "suffix" { +resource "random_string" "eventbridge_suffix" { + length = 8 + special = false + upper = false +} + +resource "random_string" "s3_ingestion_suffix" { + length = 8 + special = false + upper = false +} + +resource "random_string" "s3_transform_suffix" { length = 8 special = false upper = false @@ -26,14 +38,15 @@ resource "aws_cloudwatch_event_target" "extract_lambda_cw_event" { } resource "aws_lambda_permission" "allow_eventbridge" { - statement_id = "AllowExecutionFromEventBridge${random_string.suffix.result}" + statement_id = "AllowExecutionFromEventBridge${random_string.eventbridge_suffix.result}" action = "lambda:InvokeFunction" function_name = aws_lambda_function.extract_lambda.function_name principal = "events.amazonaws.com" source_arn = aws_cloudwatch_event_rule.lambda_trigger.arn lifecycle { - replace_triggered_by = [random_string.suffix] + create_before_destroy = true + replace_triggered_by = [random_string.eventbridge_suffix] } } @@ -42,14 +55,15 @@ resource "aws_lambda_permission" "allow_eventbridge" { ######################################## resource "aws_lambda_permission" "allow_s3_ingestion" { - statement_id = "AllowS3InvokeLambdaTransform${random_string.suffix.result}" + statement_id = "AllowS3InvokeLambdaTransform${random_string.s3_ingestion_suffix.result}" action = "lambda:InvokeFunction" function_name = aws_lambda_function.transform_lambda.function_name principal = "s3.amazonaws.com" source_arn = aws_s3_bucket.extract_bucket.arn lifecycle { - replace_triggered_by = [random_string.suffix] + create_before_destroy = true + replace_triggered_by = [random_string.s3_ingestion_suffix] } } @@ -70,14 +84,15 @@ resource "aws_s3_bucket_notification" "extract_bucket_notification" { ########################################## resource "aws_lambda_permission" "allow_s3_transform_bucket" { - statement_id = "AllowS3InvokeLambdaTransform${random_string.suffix.result}" + statement_id = "AllowS3InvokeLambdaTransform${random_string.s3_transform_suffix.result}" action = "lambda:InvokeFunction" function_name = aws_lambda_function.transform_lambda.function_name principal = "s3.amazonaws.com" source_arn = aws_s3_bucket.transform_bucket.arn lifecycle { - replace_triggered_by = [random_string.suffix] + create_before_destroy = true + replace_triggered_by = [random_string.s3_transform_suffix] } } |