diff --git a/modules/ami-housekeeper/main.tf b/modules/ami-housekeeper/main.tf index f462c240fc..d8cec2f857 100644 --- a/modules/ami-housekeeper/main.tf +++ b/modules/ami-housekeeper/main.tf @@ -55,7 +55,7 @@ resource "aws_cloudwatch_log_group" "ami_housekeeper" { } resource "aws_iam_role" "ami_housekeeper" { - name = "${var.prefix}-ami-housekeeper-role" + name = "${substr("${var.prefix}-ami-housekeeper", 0, 54)}-${substr(md5("${var.prefix}-ami-housekeeper"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/lambda/main.tf b/modules/lambda/main.tf index 137b727774..25cbd3f9dd 100644 --- a/modules/lambda/main.tf +++ b/modules/lambda/main.tf @@ -60,7 +60,7 @@ resource "aws_cloudwatch_log_group" "main" { } resource "aws_iam_role" "main" { - name = "${var.lambda.prefix}-${var.lambda.name}" + name = "${substr("${var.lambda.prefix}-${var.lambda.name}", 0, 54)}-${substr(md5("${var.lambda.prefix}-${var.lambda.name}"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.lambda.role_permissions_boundary diff --git a/modules/runner-binaries-syncer/runner-binaries-syncer.tf b/modules/runner-binaries-syncer/runner-binaries-syncer.tf index d3f5f08efa..7565871531 100644 --- a/modules/runner-binaries-syncer/runner-binaries-syncer.tf +++ b/modules/runner-binaries-syncer/runner-binaries-syncer.tf @@ -74,7 +74,7 @@ resource "aws_cloudwatch_log_group" "syncer" { } resource "aws_iam_role" "syncer_lambda" { - name = "${var.prefix}-action-syncer-lambda-role" + name = "${substr("${var.prefix}-syncer-lambda", 0, 54)}-${substr(md5("${var.prefix}-syncer-lambda"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/runners/policies-runner.tf b/modules/runners/policies-runner.tf index d923c143cb..2b7d894619 100644 --- a/modules/runners/policies-runner.tf +++ b/modules/runners/policies-runner.tf @@ -1,7 +1,7 @@ data "aws_caller_identity" "current" {} resource "aws_iam_role" "runner" { - name = "${var.prefix}-runner-role" + name = "${substr("${var.prefix}-runner", 0, 54)}-${substr(md5("${var.prefix}-runner"), 0, 8)}" assume_role_policy = templatefile("${path.module}/policies/instance-role-trust-policy.json", {}) path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/runners/pool/main.tf b/modules/runners/pool/main.tf index 49ab15b2c1..e141b22d25 100644 --- a/modules/runners/pool/main.tf +++ b/modules/runners/pool/main.tf @@ -74,7 +74,7 @@ resource "aws_cloudwatch_log_group" "pool" { } resource "aws_iam_role" "pool" { - name = "${var.config.prefix}-action-pool-lambda-role" + name = "${substr("${var.config.prefix}-pool-lambda", 0, 54)}-${substr(md5("${var.config.prefix}-pool-lambda"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary diff --git a/modules/runners/scale-down.tf b/modules/runners/scale-down.tf index 786f584280..d274e3d4f1 100644 --- a/modules/runners/scale-down.tf +++ b/modules/runners/scale-down.tf @@ -85,7 +85,7 @@ resource "aws_lambda_permission" "scale_down" { } resource "aws_iam_role" "scale_down" { - name = "${var.prefix}-action-scale-down-lambda-role" + name = "${substr("${var.prefix}-scale-down-lambda", 0, 54)}-${substr(md5("${var.prefix}-scale-down-lambda"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/runners/scale-up.tf b/modules/runners/scale-up.tf index ad96c496a4..9230267c07 100644 --- a/modules/runners/scale-up.tf +++ b/modules/runners/scale-up.tf @@ -101,7 +101,7 @@ resource "aws_lambda_permission" "scale_runners_lambda" { } resource "aws_iam_role" "scale_up" { - name = "${var.prefix}-action-scale-up-lambda-role" + name = "${substr("${var.prefix}-scale-up-lambda", 0, 54)}-${substr(md5("${var.prefix}-scale-up-lambda"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/runners/ssm-housekeeper.tf b/modules/runners/ssm-housekeeper.tf index e9c2a175ba..b535dfee3f 100644 --- a/modules/runners/ssm-housekeeper.tf +++ b/modules/runners/ssm-housekeeper.tf @@ -83,7 +83,7 @@ resource "aws_lambda_permission" "ssm_housekeeper" { } resource "aws_iam_role" "ssm_housekeeper" { - name = "${var.prefix}-ssm-hk-lambda" + name = "${substr("${var.prefix}-ssm-hk-lambda", 0, 54)}-${substr(md5("${var.prefix}-ssm-hk-lambda"), 0, 8)}" description = "Lambda role for SSM Housekeeper (${var.prefix})" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path diff --git a/modules/setup-iam-permissions/main.tf b/modules/setup-iam-permissions/main.tf index ce39031058..48db4ffc9a 100644 --- a/modules/setup-iam-permissions/main.tf +++ b/modules/setup-iam-permissions/main.tf @@ -1,7 +1,7 @@ data "aws_caller_identity" "current" {} resource "aws_iam_role" "deploy" { - name = "${var.prefix}-terraform" + name = "${substr("${var.prefix}-terraform", 0, 54)}-${substr(md5("${var.prefix}-terraform"), 0, 8)}" permissions_boundary = aws_iam_policy.deploy_boundary.arn assume_role_policy = templatefile("${path.module}/policies/assume-role-for-account.json", { diff --git a/modules/webhook/direct/webhook.tf b/modules/webhook/direct/webhook.tf index a8adc380a6..362ed3e044 100644 --- a/modules/webhook/direct/webhook.tf +++ b/modules/webhook/direct/webhook.tf @@ -90,7 +90,7 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" { } resource "aws_iam_role" "webhook_lambda" { - name = "${var.config.prefix}-direct-webhook-lambda-role" + name = "${substr("${var.config.prefix}-direct-webhook-lambda", 0, 54)}-${substr(md5("${var.config.prefix}-direct-webhook-lambda"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary diff --git a/modules/webhook/eventbridge/dispatcher.tf b/modules/webhook/eventbridge/dispatcher.tf index 85b109504e..2e311c533f 100644 --- a/modules/webhook/eventbridge/dispatcher.tf +++ b/modules/webhook/eventbridge/dispatcher.tf @@ -85,7 +85,7 @@ resource "aws_lambda_permission" "allow_cloudwatch_to_call_lambda" { } resource "aws_iam_role" "dispatcher_lambda" { - name = "${var.config.prefix}-dispatcher-lambda-role" + name = "${substr("${var.config.prefix}-dispatcher-lambda", 0, 54)}-${substr(md5("${var.config.prefix}-dispatcher-lambda"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary diff --git a/modules/webhook/eventbridge/webhook.tf b/modules/webhook/eventbridge/webhook.tf index 84bbfba057..c57b6da5e3 100644 --- a/modules/webhook/eventbridge/webhook.tf +++ b/modules/webhook/eventbridge/webhook.tf @@ -89,7 +89,7 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" { } resource "aws_iam_role" "webhook_lambda" { - name = "${var.config.prefix}-eventbridge-webhook-lambda-role" + name = "${substr("${var.config.prefix}-eventbridge-webhook-lambda", 0, 54)}-${substr(md5("${var.config.prefix}-eventbridge-webhook-lambda"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary