parameterize names

rhythmictech · Apr 16, 2024 · a5cbb96 · a5cbb96
1 parent 0fd25e8
commit a5cbb96
Show file tree

Hide file tree

Showing 7 changed files with 15 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -88,6 +88,7 @@ We open source the vast majority of the resources we use to deliver our managed
 | <a name="input_datadog_api_key_secret_arn"></a> [datadog\_api\_key\_secret\_arn](#input\_datadog\_api\_key\_secret\_arn) | ARN of the AWS Secret containing the Datadog API key | `string` | n/a | yes |
 | <a name="input_enable_iam_access_analyzer"></a> [enable\_iam\_access\_analyzer](#input\_enable\_iam\_access\_analyzer) | A boolean flag to enable/disable IAM Access Analyzer | `bool` | `false` | no |
 | <a name="input_iam_analyzer_unused_access_age"></a> [iam\_analyzer\_unused\_access\_age](#input\_iam\_analyzer\_unused\_access\_age) | The age in days after which IAM access is considered unused. | `number` | `90` | no |
+| <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | Prefix for all resource names | `string` | `"rhythmic-"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | User-Defined tags | `map(string)` | `{}` | no |
 
 ## Outputs

diff --git a/backup.tf b/backup.tf
@@ -1,6 +1,6 @@
 resource "aws_cloudwatch_event_rule" "backup" {
 
-  name        = "backup-events-monitor"
+  name        = "${var.name_prefix}backup-events-monitor"
   description = "Capture AWS Backup events"
 
   event_pattern = jsonencode({

diff --git a/iam.tf b/iam.tf
@@ -1,15 +1,15 @@
 resource "aws_accessanalyzer_analyzer" "analyzer" {
   count = var.enable_iam_access_analyzer ? 1 : 0
 
-  analyzer_name = "default-access-analyzer"
+  analyzer_name = "${var.name_prefix}default-access-analyzer"
   type          = "ACCOUNT"
   tags          = local.tags
 }
 
 resource "aws_accessanalyzer_analyzer" "analyzer_unused" {
   count = var.enable_iam_access_analyzer ? 1 : 0
 
-  analyzer_name = "default-unused-access-analyzer"
+  analyzer_name = "${var.name_prefix}default-unused-access-analyzer"
   type          = "ACCOUNT_UNUSED_ACCESS"
   tags          = local.tags
 

diff --git a/main.tf b/main.tf
@@ -29,7 +29,7 @@ data "aws_kms_alias" "notifications" {
 }
 
 resource "aws_sns_topic" "account_alerts" {
-  name              = "Rhythmic-AccountAlerts"
+  name              = "${var.name_prefix}AccountAlerts"
   kms_master_key_id = "alias/rhythmic-notifications"
   tags              = local.tags
 }

diff --git a/monitor_ami_usage.tf b/monitor_ami_usage.tf
@@ -87,7 +87,7 @@ data "archive_file" "monitor_ami_usage" {
 
 #tfsec:ignore:avd-aws-0066
 resource "aws_lambda_function" "monitor_ami_usage" {
-  function_name    = "monitor_ami_usage_execution"
+  function_name    = "rhythmic-monitor_ami_usage_execution"
   handler          = "monitor_ami_usage.lambda_handler"
   role             = aws_iam_role.monitor_ami_usage_execution.arn
   runtime          = "python3.9"
@@ -110,7 +110,7 @@ resource "aws_cloudwatch_log_group" "monitor_ami_usage" {
 }
 
 resource "aws_cloudwatch_event_rule" "monitor_ami_usage" {
-  name                = "monitor-ami-usage-trigger"
+  name                = "rhythmic-monitor-ami-usage-trigger"
   description         = "Triggers Lambda at noon ET every day"
   schedule_expression = "cron(0 17 * * ? *)"
 }

diff --git a/variables.tf b/variables.tf
@@ -20,3 +20,9 @@ variable "iam_analyzer_unused_access_age" {
   description = "The age in days after which IAM access is considered unused."
   type        = number
 }
+
+variable "name_prefix" {
+  default     = "rhythmic-"
+  description = "Prefix for all resource names"
+  type        = string
+}
diff --git a/vaultlock.tf b/vaultlock.tf
@@ -1,5 +1,5 @@
 resource "aws_cloudwatch_event_rule" "glacier_vaultlock" {
-  name        = "glacier-vaultlock-monitor"
+  name        = "${var.name_prefix}glacier-vaultlock-monitor"
   description = "Capture glacier vault lock rules"
 
   event_pattern = jsonencode({
@@ -25,7 +25,7 @@ resource "aws_cloudwatch_event_target" "glacier_vaultlock" {
 }
 
 resource "aws_cloudwatch_event_rule" "backup_vaultlock" {
-  name = "backup-vaultlock-monitor"
+  name = "${var.name_prefix}backup-vaultlock-monitor"
 
   event_pattern = jsonencode({
     source      = ["aws.backup"]