Skip to content

Commit

Permalink
Rename conflicting objects
Browse files Browse the repository at this point in the history
  • Loading branch information
@devsjc
devsjc committed Nov 9, 2023
1 parent 509b4bc commit 4feceba
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 18 deletions.
7 changes: 1 addition & 6 deletions terraform/modules/services/nwp_consumer/cloudwatch.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
# 2. IAM policy to allow read and write to cloudwatch logs

locals {
log_group_name = "/aws/ecs/${var.ecs-task_type}/${var.ecs-task_name}/"
log_group_name = "/aws/ecs/${var.ecs-task_type}/${var.ecs-task_name}"
}

# 1.
Expand All @@ -17,11 +17,6 @@ resource "aws_cloudwatch_log_group" "log_group" {
}
}

moved {
from = aws_cloudwatch_log_group.nwp
to = aws_cloudwatch_log_group.log_group
}

# Describe actions of IAM policy allowing cloudwatch read and write
data "aws_iam_policy_document" "log_policy" {
statement {
Expand Down
14 changes: 2 additions & 12 deletions terraform/modules/services/nwp_consumer/iam.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,10 @@ data "aws_iam_policy_document" "ecs_assume_role_policy" {
// Create Task Role ------------------------------------------------------

resource "aws_iam_role" "create_task_role" {
name = "${var.ecs-task_name}-execution-role"
name = "${var.ecs-task_type}-${var.ecs-task_name}-execution-role"
assume_role_policy = data.aws_iam_policy_document.ecs_assume_role_policy.json
}

moved {
from = aws_iam_role.ecs_task_execution_role
to = aws_iam_role.create_task_role
}

resource "aws_iam_role_policy_attachment" "create_task_policy" {
role = aws_iam_role.create_task_role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
Expand All @@ -45,16 +40,11 @@ resource "aws_iam_role_policy_attachment" "create_secret_policy" {
// Run Task Role ---------------------------------------------------------

resource "aws_iam_role" "run_task_role" {
name = "${var.ecs-task_type}-${var.ecs-task_name}-iam-role"
name = "${var.ecs-task_type}-${var.ecs-task_name}-instance-role"
path = "/${var.ecs-task_type}/"
assume_role_policy = data.aws_iam_policy_document.ecs_assume_role_policy.json
}

moved {
from = aws_iam_role.consumer-nwp-iam-role
to = aws_iam_role.run_task_role
}

# For every bucket in the list of buckets, attach its access policy to the run task role
resource "aws_iam_role_policy_attachment" "access_s3_policy" {
for_each = {
Expand Down

0 comments on commit 4feceba

Please sign in to comment.