fixing duplicate resource issues (#1218)

* fixing duplicate resource issues

* fixing some other bugs in #1217

streamalert_cli/_infrastructure/modules/tf_athena/iam.tf

@@ -1,12 +1,12 @@
 // IAM Role Policy: Allow the function read and delete SQS messages
-resource "aws_iam_role_policy" "sqs" {
+resource "aws_iam_role_policy" "sqs_role_policy" {
   name   = "SQSReadDeleteMessages"
   role   = var.function_role_id
-  policy = data.aws_iam_policy_document.sqs.json
+  policy = data.aws_iam_policy_document.sqs_role_policy.json
 }
 
 // IAM Policy Doc: decrypt, read, and delete SQS messages
-data "aws_iam_policy_document" "sqs" {
+data "aws_iam_policy_document" "sqs_role_policy" {
   statement {
     effect = "Allow"
 
@@ -50,14 +50,14 @@ data "aws_iam_policy_document" "sqs" {
 
 // IAM Role Policy: Allow the Lambda function to execute Athena queries and perform Glue operations
 // Ref: http://amzn.to/2tSyxUV
-resource "aws_iam_role_policy" "athena_glue_permissions" {
+resource "aws_iam_role_policy" "athena_glue_role_policy" {
   name   = "AthenaGlueAccess"
   role   = var.function_role_id
-  policy = data.aws_iam_policy_document.athena_glue_permissions.json
+  policy = data.aws_iam_policy_document.athena_glue_role_policy.json
 }
 
 // IAM Policy Doc: Athena and Glue permissions
-data "aws_iam_policy_document" "athena_glue_permissions" {
+data "aws_iam_policy_document" "athena_glue_role_policy" {
   statement {
     effect = "Allow"
 
@@ -103,15 +103,15 @@ data "aws_iam_policy_document" "athena_glue_permissions" {
 }
 
 // IAM Role Policy: Allow the Lambda function to read data buckets
-resource "aws_iam_role_policy" "athena_results_bucket" {
+resource "aws_iam_role_policy" "athena_results_bucket_role_policy" {
   name   = "S3ResultsBucket"
   role   = var.function_role_id
-  policy = data.aws_iam_policy_document.athena_results_bucket.json
+  policy = data.aws_iam_policy_document.athena_results_bucket_role_policy.json
 }
 
 // IAM Policy Doc: Allow Athena to read data from configured buckets
 //                 This is necessary for table repairs
-data "aws_iam_policy_document" "athena_results_bucket" {
+data "aws_iam_policy_document" "athena_results_bucket_role_policy" {
   statement {
     effect = "Allow"
 
@@ -133,15 +133,15 @@ data "aws_iam_policy_document" "athena_results_bucket" {
 }
 
 // IAM Role Policy: Allow the Lambda function to read data buckets
-resource "aws_iam_role_policy" "data_bucket" {
+resource "aws_iam_role_policy" "data_bucket_role_policy" {
   name   = "S3DataBucket"
   role   = var.function_role_id
-  policy = data.aws_iam_policy_document.data_bucket.json
+  policy = data.aws_iam_policy_document.data_bucket_role_policy.json
 }
 
 // IAM Policy Doc: Allow Athena to read data from configured buckets
 //                 This is necessary for table repairs
-data "aws_iam_policy_document" "data_bucket" {
+data "aws_iam_policy_document" "data_bucket_role_policy" {
   statement {
     effect = "Allow"
 

streamalert_cli/_infrastructure/modules/tf_athena/main.tf

@@ -71,7 +71,7 @@ resource "aws_sqs_queue" "data_bucket_notifications" {
   receive_wait_time_seconds = 10
 
   # The amount of time messages are hidden after being received from a consumer
-  visibility_timeout_seconds = format("%d", var.lambda_timeout + 2)
+  visibility_timeout_seconds = (var.lambda_timeout + 2)
 
   # Retain messages for one day
   message_retention_seconds = 86400

streamalert_cli/_infrastructure/modules/tf_athena/variables.tf

@@ -41,3 +41,7 @@ variable "database_name" {
 variable "queue_name" {
   type = string
 }
+
+variable "lambda_timeout" {
+  type = number
+}

streamalert_cli/terraform/athena.py

@@ -62,6 +62,7 @@ def generate_athena(config):
         'queue_name': queue_name,
         'athena_data_buckets': data_buckets,
         'results_bucket': results_bucket_name,
+        'lambda_timeout': athena_config['timeout'],
         'kms_key_id': '${aws_kms_key.server_side_encryption.key_id}',
         'function_role_id': '${module.athena_partitioner_lambda.role_id}',
         'function_name': '${module.athena_partitioner_lambda.function_name}',

tests/unit/conf/lambda.json

@@ -29,8 +29,8 @@
     }
   },
   "athena_partitioner_config": {
-    "memory": "128",
-    "timeout": "60",
+    "memory": 128,
+    "timeout": 60,
     "file_format": "parquet",
     "buckets": {
       "bucket": "data"

tests/unit/streamalert_cli/terraform/test_athena.py

@@ -25,8 +25,8 @@ def test_generate_athena():
     """CLI - Terraform Generate Athena Partitioner"""
 
     CONFIG['lambda']['athena_partitioner_config'] = {
-        'timeout': '60',
-        'memory': '128',
+        'timeout': 60,
+        'memory': 128,
         'third_party_libraries': []
     }
 
@@ -46,6 +46,7 @@ def test_generate_athena():
                     'unit-test-streamalert-data',
                     'unit-test-streamalerts'
                 ],
+                'lambda_timeout': 60,
                 'kms_key_id': '${aws_kms_key.server_side_encryption.key_id}',
                 'function_role_id': '${module.athena_partitioner_lambda.role_id}',
                 'function_name': '${module.athena_partitioner_lambda.function_name}',
@@ -63,9 +64,9 @@ def test_generate_athena():
                 'filename': 'athena_partitioner.zip',
                 'function_name': 'unit-test_streamalert_athena_partitioner',
                 'handler': 'streamalert.athena_partitioner.main.handler',
-                'memory_size_mb': '128',
+                'memory_size_mb': 128,
                 'source': './modules/tf_lambda',
-                'timeout_sec': '60',
+                'timeout_sec': 60,
             }
         }
     }