Shorten database IAM role name prefixes due to character limits (#472)

- Rename the database backup IAM role prefix - Rename the database enhanced monitoring IAM role prefix
navapbc · Nov 20, 2023 · 8c5fe24 · 8c5fe24
1 parent 6b3588c
commit 8c5fe24
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 4 deletions.
diff --git a/infra/modules/database/backups.tf b/infra/modules/database/backups.tf
@@ -30,7 +30,7 @@ data "aws_kms_key" "backup_vault_key" {
 # See https://docs.aws.amazon.com/aws-backup/latest/devguide/assigning-resources.html
 # and https://docs.aws.amazon.com/aws-backup/latest/devguide/API_BackupSelection.html
 resource "aws_backup_selection" "db_backup" {
-  name         = "${local.name}-db-backup"
+  name         = "${var.name}-db-backup"
   plan_id      = aws_backup_plan.backup_plan.id
   iam_role_arn = aws_iam_role.db_backup_role.arn
 
@@ -41,7 +41,7 @@ resource "aws_backup_selection" "db_backup" {
 
 # Role that AWS Backup uses to authenticate when backing up the target resource
 resource "aws_iam_role" "db_backup_role" {
-  name_prefix        = "${local.name}-db-backup-role-"
+  name_prefix        = "${var.name}-db-backup-"
   assume_role_policy = data.aws_iam_policy_document.db_backup_policy.json
 }
 

diff --git a/infra/modules/database/main.tf b/infra/modules/database/main.tf
@@ -6,7 +6,6 @@ locals {
   primary_instance_name = "${var.name}-primary"
   role_manager_name     = "${var.name}-role-manager"
   role_manager_package  = "${path.root}/role_manager.zip"
-  name                  = substr(var.name, 0, 12)
   # The ARN that represents the users accessing the database are of the format: "arn:aws:rds-db:<region>:<account-id>:dbuser:<resource-id>/<database-user-name>""
   # See https://aws.amazon.com/blogs/database/using-iam-authentication-to-connect-with-pgadmin-amazon-aurora-postgresql-or-amazon-rds-for-postgresql/
   db_user_arn_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${aws_rds_cluster.db.cluster_resource_id}"

diff --git a/infra/modules/database/monitoring.tf b/infra/modules/database/monitoring.tf
@@ -3,7 +3,7 @@
 #----------------------------------#
 
 resource "aws_iam_role" "rds_enhanced_monitoring" {
-  name_prefix        = "${local.name}-enhanced-monitoring-"
+  name_prefix        = "${var.name}-db-monitor-"
   assume_role_policy = data.aws_iam_policy_document.rds_enhanced_monitoring.json
 }