removed timestamp, unneeded depends_on, fmt

Paul Harrington · Paul Harrington · commit 7748ab3fa494 · 2022-02-14T16:16:13.000+11:00
diff --git a/cloudwatch.tf b/cloudwatch.tf
@@ -5,49 +5,46 @@ locals {
 
 # Create CloudWatch log group for the Lambda function
 resource "aws_cloudwatch_log_group" "lambda" {
-  depends_on = [
-    aws_kms_alias.lambda_cloudwatch
-  ]
-  name = local.lambda_cloudwatch_log_group_name
+  name              = local.lambda_cloudwatch_log_group_name
   retention_in_days = var.lambda_cloudwatch_retention_in_days
-  kms_key_id = var.lambda_cloudwatch_encryption_enabled == true ? aws_kms_key.lambda_cloudwatch[0].arn : null
+  kms_key_id        = var.lambda_cloudwatch_encryption_enabled == true ? aws_kms_key.lambda_cloudwatch[0].arn : null
 }
 
 # Create KMS key for encrypting CloudWatch logs at rest
 resource "aws_kms_key" "lambda_cloudwatch" {
-  count = var.lambda_cloudwatch_encryption_enabled == true ? 1 : 0
-  enable_key_rotation = true
+  count                   = var.lambda_cloudwatch_encryption_enabled == true ? 1 : 0
+  enable_key_rotation     = true
   deletion_window_in_days = 30
-  policy = data.aws_iam_policy_document.lambda_cloudwatch[0].json
+  policy                  = data.aws_iam_policy_document.lambda_cloudwatch[0].json
 }
 
 # Create KMS key alias
 resource "aws_kms_alias" "lambda_cloudwatch" {
-  count = var.lambda_cloudwatch_encryption_enabled == true ? 1 : 0
+  count         = var.lambda_cloudwatch_encryption_enabled == true ? 1 : 0
   target_key_id = aws_kms_key.lambda_cloudwatch[0].key_id
-  name = "alias/lambda/${lower(replace(replace(var.lambda_name, "_", ""), "-", ""))}"
+  name          = "alias/lambda/${lower(replace(replace(var.lambda_name, "_", ""), "-", ""))}"
 }
 
 # Create IAM policy granting the account access to the KMS key
 data "aws_iam_policy_document" "lambda_cloudwatch" {
-  count = var.lambda_cloudwatch_encryption_enabled == true ? 1 : 0
+  count   = var.lambda_cloudwatch_encryption_enabled == true ? 1 : 0
   version = "2012-10-17"
   statement {
-    sid = "AccountRootFullAccess"
+    sid    = "AccountRootFullAccess"
     effect = "Allow"
     principals {
       identifiers = ["arn:aws:iam::${data.aws_caller_identity.default.account_id}:root"]
-      type = "AWS"
+      type        = "AWS"
     }
-    actions = ["kms:*"]
+    actions   = ["kms:*"]
     resources = ["*"]
   }
   statement {
-    sid = "CloudWatchKmsEncryptAccess"
+    sid    = "CloudWatchKmsEncryptAccess"
     effect = "Allow"
     principals {
       identifiers = ["logs.${data.aws_region.default.name}.amazonaws.com"]
-      type = "Service"
+      type        = "Service"
     }
     actions = [
       "kms:Encrypt*",
@@ -58,8 +55,8 @@ data "aws_iam_policy_document" "lambda_cloudwatch" {
     ]
     resources = ["*"]
     condition {
-      test = "ArnEquals"
-      values = ["arn:aws:logs:${data.aws_region.default.name}:${data.aws_caller_identity.default.account_id}:log-group:${local.lambda_cloudwatch_log_group_name}"]
+      test     = "ArnEquals"
+      values   = ["arn:aws:logs:${data.aws_region.default.name}:${data.aws_caller_identity.default.account_id}:log-group:${local.lambda_cloudwatch_log_group_name}"]
       variable = "kms:EncryptionContext:aws:logs:arn"
     }
   }
diff --git a/iam.tf b/iam.tf
@@ -3,17 +3,17 @@ data "aws_iam_policy_document" "lambda_assume_role" {
   version = "2012-10-17"
   statement {
     actions = ["sts:AssumeRole"]
-    effect = "Allow"
+    effect  = "Allow"
     principals {
       identifiers = ["lambda.amazonaws.com"]
-      type = "Service"
+      type        = "Service"
     }
   }
 }
 
 # Create role the Lambda function will assume
 resource "aws_iam_role" "lambda" {
-  name = "${local.lambda_name_snake}Lambda"
+  name               = "${local.lambda_name_snake}Lambda"
   assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json
 }
 
@@ -49,7 +49,7 @@ data "aws_iam_policy_document" "lambda_application_policy" {
 
 # Attach application policy to the Lambda functions IAM role
 resource "aws_iam_role_policy" "lambda_application_policy" {
-  name = "${local.lambda_name_snake}Lambda"
-  role = aws_iam_role.lambda.name
+  name   = "${local.lambda_name_snake}Lambda"
+  role   = aws_iam_role.lambda.name
   policy = data.aws_iam_policy_document.lambda_application_policy.json
-}
+}
diff --git a/lambda.tf b/lambda.tf
@@ -1,11 +1,10 @@
 locals {
   # Calculate values for internal use
-  timestamp = formatdate("YYYYMMDDhhmmss", timestamp())
-  lambda_name_snake = join("", [for element in split("-", lower(replace(var.lambda_name, "_", "-"))) : title(element)])
-  lambda_runtime = "python${var.lambda_python_version}"
-  lambda_delta_filename = "/tmp/lambda-${var.lambda_name}-delta-${local.timestamp}.zip"
-  lambda_build_path = "/tmp/lambda-${var.lambda_name}-build-${local.timestamp}"
-  lambda_filename = "/tmp/lambda-${var.lambda_name}-${local.timestamp}.zip"
+  lambda_name_snake     = join("", [for element in split("-", lower(replace(var.lambda_name, "_", "-"))) : title(element)])
+  lambda_runtime        = "python${var.lambda_python_version}"
+  lambda_delta_filename = "/tmp/lambda-${var.lambda_name}-delta.zip"
+  lambda_build_path     = "/tmp/lambda-${var.lambda_name}-build"
+  lambda_filename       = "/tmp/lambda-${var.lambda_name}.zip"
 }
 
 # Retrieve the AWS region and caller identity to which we are deploying this function
@@ -15,16 +14,13 @@ data "aws_caller_identity" "default" {}
 
 # Archive the folder containing the Lambda functions source code
 data "archive_file" "lambda_delta" {
-  type = "zip"
-  source_dir = "${var.lambda_path}/"
+  type        = "zip"
+  source_dir  = "${var.lambda_path}/"
   output_path = local.lambda_delta_filename
 }
 
 # Pull down the Lambda functions dependencies to create ZIP file
 resource "null_resource" "lambda_build" {
-  depends_on = [
-    data.archive_file.lambda_delta
-  ]
   # Trigger the build based on the hash of the Lambda functions source code to prevent unnecessary redeploys
   triggers = {
     source_hash = filesha512(data.archive_file.lambda_delta.output_path)
@@ -54,29 +50,29 @@ resource "aws_lambda_function" "lambda" {
     null_resource.lambda_build
   ]
   function_name = local.lambda_name_snake
-  description = var.lambda_description
-  filename = local.lambda_filename
-  role = aws_iam_role.lambda.arn
-  handler = var.lambda_handler
-  runtime = local.lambda_runtime
-  memory_size = var.lambda_memory
-  timeout = var.lambda_timeout
+  description   = var.lambda_description
+  filename      = local.lambda_filename
+  role          = aws_iam_role.lambda.arn
+  handler       = var.lambda_handler
+  runtime       = local.lambda_runtime
+  memory_size   = var.lambda_memory
+  timeout       = var.lambda_timeout
   environment {
     variables = merge({
       LAMBDA_FUNCTION_NAME = var.lambda_name,
-      LAMBDA_IAM_ROLE_ARN = aws_iam_role.lambda.arn,
-      LAMBDA_MEMORY_SIZE = var.lambda_memory,
-      LAMBDA_RUNTIME = local.lambda_runtime,
-      LAMBDA_TIMEOUT = var.lambda_timeout
+      LAMBDA_IAM_ROLE_ARN  = aws_iam_role.lambda.arn,
+      LAMBDA_MEMORY_SIZE   = var.lambda_memory,
+      LAMBDA_RUNTIME       = local.lambda_runtime,
+      LAMBDA_TIMEOUT       = var.lambda_timeout
     }, var.lambda_environment_variables)
   }
   dynamic "vpc_config" {
     for_each = var.lambda_subnet_ids == null ? {} : {
-      subnet_ids = var.lambda_subnet_ids
+      subnet_ids         = var.lambda_subnet_ids
       security_group_ids = var.lambda_security_group_ids
     }
     content {
-      subnet_ids = vpc_config.value.subnet_ids
+      subnet_ids         = vpc_config.value.subnet_ids
       security_group_ids = vpc_config.value.security_group_ids
     }
   }
@@ -86,7 +82,8 @@ resource "aws_lambda_function" "lambda" {
         "filename",
         "last_modified",
         "source_code_hash",
-        "source_code_size"]
+        "source_code_size"
+      ]
     }
     content {
       ignore_changes = lifecycle.value["ignore_changes"]
diff --git a/load_balancer.tf b/load_balancer.tf
@@ -1,46 +1,46 @@
 resource "aws_lambda_permission" "lambda" {
-  count = var.load_balancer_enabled == true ? 1 : 0
-  statement_id = "LoadBalancerInvokeAccess"
+  count         = var.load_balancer_enabled == true ? 1 : 0
+  statement_id  = "LoadBalancerInvokeAccess"
   function_name = aws_lambda_function.lambda.function_name
-  action = "lambda:InvokeFunction"
-  principal = "elasticloadbalancing.amazonaws.com"
+  action        = "lambda:InvokeFunction"
+  principal     = "elasticloadbalancing.amazonaws.com"
 }
 
 resource "aws_lb" "load_balancer" {
-  count = var.load_balancer_enabled == true ? 1 : 0
-  name = local.lambda_name_snake
-  internal = false
+  count              = var.load_balancer_enabled == true ? 1 : 0
+  name               = local.lambda_name_snake
+  internal           = false
   load_balancer_type = "application"
-  subnets = var.load_balancer_subnet_ids
-  security_groups = var.load_balancer_security_group_ids
+  subnets            = var.load_balancer_subnet_ids
+  security_groups    = var.load_balancer_security_group_ids
 }
 
 resource "aws_route53_record" "load_balancer" {
-  count = var.load_balancer_enabled == true && var.load_balancer_domain_name_enabled == true ? 1 : 0
+  count   = var.load_balancer_enabled == true && var.load_balancer_domain_name_enabled == true ? 1 : 0
   zone_id = var.load_balancer_domain_name_hosted_zone_id
-  name = var.load_balancer_domain_name
-  type = "A"
+  name    = var.load_balancer_domain_name
+  type    = "A"
   alias {
-    name = aws_lb.load_balancer[0].dns_name
-    zone_id = aws_lb.load_balancer[0].zone_id
+    name                   = aws_lb.load_balancer[0].dns_name
+    zone_id                = aws_lb.load_balancer[0].zone_id
     evaluate_target_health = true
   }
 }
 
 resource "aws_lb_listener" "load_balancer" {
-  count = var.load_balancer_enabled == true ? 1 : 0
+  count             = var.load_balancer_enabled == true ? 1 : 0
   load_balancer_arn = aws_lb.load_balancer[0].arn
-  port = var.load_balancer_port_public
-  protocol = var.load_balancer_https_enabled == true ? "HTTPS" : "HTTP"
-  ssl_policy = var.load_balancer_https_enabled == true ? var.load_balancer_https_ssl_policy : null
-  certificate_arn = var.load_balancer_https_enabled == true ? var.load_balancer_https_certificate_arn : null
+  port              = var.load_balancer_port_public
+  protocol          = var.load_balancer_https_enabled == true ? "HTTPS" : "HTTP"
+  ssl_policy        = var.load_balancer_https_enabled == true ? var.load_balancer_https_ssl_policy : null
+  certificate_arn   = var.load_balancer_https_enabled == true ? var.load_balancer_https_certificate_arn : null
   # Setup default action
   default_action {
     type = "fixed-response"
     fixed_response {
       content_type = "text/plain"
       message_body = "The requested resource could not be found"
-      status_code = "404"
+      status_code  = "404"
     }
   }
 }
@@ -50,33 +50,33 @@ resource "aws_lb_target_group" "load_balancer" {
   depends_on = [
     aws_lambda_permission.lambda
   ]
-  count = var.load_balancer_enabled == true ? 1 : 0
+  count       = var.load_balancer_enabled == true ? 1 : 0
   target_type = "lambda"
-  name = aws_lambda_function.lambda.function_name
-  port = var.load_balancer_port_lambda
-  protocol = "HTTP"
+  name        = aws_lambda_function.lambda.function_name
+  port        = var.load_balancer_port_lambda
+  protocol    = "HTTP"
   health_check {
-    enabled = var.load_balancer_health_check_enabled
-    port = var.load_balancer_enabled == true ? var.load_balancer_port_lambda : null
-    path = var.load_balancer_enabled == true ? var.load_balancer_health_check_url : null
+    enabled  = var.load_balancer_health_check_enabled
+    port     = var.load_balancer_enabled == true ? var.load_balancer_port_lambda : null
+    path     = var.load_balancer_enabled == true ? var.load_balancer_health_check_url : null
     interval = var.load_balancer_enabled == true ? var.load_balancer_health_check_interval : null
   }
 }
 
 # Attach the target group the load balancer
 resource "aws_lb_target_group_attachment" "load_balancer" {
-  count = var.load_balancer_enabled == true ? 1 : 0
+  count            = var.load_balancer_enabled == true ? 1 : 0
   target_group_arn = aws_lb_target_group.load_balancer[0].arn
-  target_id = aws_lambda_function.lambda.arn
+  target_id        = aws_lambda_function.lambda.arn
 }
 
 # Create load balancer listener rule
 resource "aws_lb_listener_rule" "load_balancer" {
-  count = var.load_balancer_enabled == true ? 1 : 0
+  count        = var.load_balancer_enabled == true ? 1 : 0
   listener_arn = aws_lb_listener.load_balancer[0].arn
-  priority = 100
+  priority     = 100
   action {
-    type = "forward"
+    type             = "forward"
     target_group_arn = aws_lb_target_group.load_balancer[0].arn
   }
   condition {
