Create service module policies based on regions they are used in (#108)

home-assistant · Oct 1, 2024 · 6ba5554 · 6ba5554
1 parent 3fb6b0f
commit 6ba5554
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/.modules/service/module.tf b/.modules/service/module.tf
@@ -1,4 +1,6 @@
 data "tfe_outputs" "infrastructure" {
   organization = "home_assistant"
   workspace    = "infrastructure"
-}
+}
+
+data "aws_region" "current" {}
diff --git a/.modules/service/policy.tf b/.modules/service/policy.tf
@@ -10,7 +10,7 @@ data "aws_iam_policy_document" "ecs-role-policy" {
 }
 
 resource "aws_iam_role" "ecs-execution" {
-  name               = "${var.service_name}-ExecutionRole-role"
+  name               = "${var.service_name}-${data.aws_region.current.name}-ExecutionRole-role"
   assume_role_policy = data.aws_iam_policy_document.ecs-role-policy.json
 }
 
@@ -46,11 +46,11 @@ data "aws_iam_policy_document" "task-assume-role" {
 }
 
 resource "aws_iam_role" "task-execution" {
-  name               = "${var.service_name}-TaskRole-role"
+  name               = "${var.service_name}-${data.aws_region.current.name}-TaskRole-role"
   assume_role_policy = data.aws_iam_policy_document.task-assume-role.json
 }
 
 resource "aws_iam_role_policy" "task-role" {
   policy = data.aws_iam_policy_document.task-policy.json
   role   = aws_iam_role.task-execution.id
-}
+}