Skip to content

Commit

Permalink
Merge pull request #572 from ministryofjustice/fix/hardcoded-policy-n…
Browse files Browse the repository at this point in the history 
…ames

Ensure uniqueness in naming
  • Loading branch information
@dms1981
dms1981 authored Oct 15, 2024
2 parents 3c66edb + caddd82 commit 0145726
Showing 1 changed file with 11 additions and 11 deletions.
22 changes: 11 additions & 11 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,7 +208,7 @@ resource "aws_s3_object" "user_public_keys" {
# Security Groups
resource "aws_security_group" "bastion_linux" {
description = "Configure bastion access - ingress should be only from Systems Session Manager (SSM)"
name = "${replace(var.instance_name, "_", "-")}-${var.app_name}"
name_prefix = "${replace(var.instance_name, "_", "-")}-${var.app_name}"
vpc_id = data.aws_vpc.shared_vpc.id

tags = merge(
Expand Down Expand Up @@ -267,7 +267,7 @@ data "aws_iam_policy_document" "bastion_assume_policy_document" {
}

resource "aws_iam_role" "bastion_role" {
name = "${var.instance_name}_ec2_role"
name_prefix = "${var.instance_name}_ec2_role"
path = "/"
assume_role_policy = data.aws_iam_policy_document.bastion_assume_policy_document.json

Expand Down Expand Up @@ -326,8 +326,8 @@ data "aws_iam_policy_document" "bastion_policy_document" {
}

resource "aws_iam_policy" "bastion_policy" {
name = var.instance_name
policy = data.aws_iam_policy_document.bastion_policy_document.json
name_prefix = var.instance_name
policy = data.aws_iam_policy_document.bastion_policy_document.json
}

resource "aws_iam_role_policy_attachment" "bastion_s3" {
Expand Down Expand Up @@ -363,8 +363,8 @@ data "aws_iam_policy_document" "bastion_ssm_s3_policy_document" {
}

resource "aws_iam_policy" "bastion_ssm_s3_policy" {
name = "${var.instance_name}_ssm_s3"
policy = data.aws_iam_policy_document.bastion_ssm_s3_policy_document.json
name_prefix = "${var.instance_name}_ssm_s3"
policy = data.aws_iam_policy_document.bastion_ssm_s3_policy_document.json
}

resource "aws_iam_role_policy_attachment" "bastion_host_ssm_s3" {
Expand All @@ -373,14 +373,14 @@ resource "aws_iam_role_policy_attachment" "bastion_host_ssm_s3" {
}

resource "aws_iam_instance_profile" "bastion_profile" {
name = "${replace(var.instance_name, "_", "-")}-ec2-profile"
role = aws_iam_role.bastion_role.name
path = "/"
name_prefix = "${replace(var.instance_name, "_", "-")}-ec2-profile"
role = aws_iam_role.bastion_role.name
path = "/"
}

## Bastion
resource "aws_launch_template" "bastion_linux_template" {
name = "${var.instance_name}_template"
name_prefix = "${var.instance_name}_template"

block_device_mappings {
device_name = "/dev/xvda"
Expand Down Expand Up @@ -453,7 +453,7 @@ resource "aws_autoscaling_group" "bastion_linux_daily" {
version = "$Latest"
}
availability_zones = ["${var.region}a"]
name = "${var.instance_name}_daily"
name_prefix = "${var.instance_name}_daily"
max_size = 1
min_size = 1
health_check_grace_period = 300
Expand Down

0 comments on commit 0145726

Please sign in to comment.