Allow override resource names (#32)

* Allow ovveride resource names * Auto Format Co-authored-by: cloudpossebot <[email protected]>
cloudposse · Nov 8, 2021 · 4126e5b · 4126e5b
1 parent fed541a
commit 4126e5b
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -241,6 +241,7 @@ Available targets:
 | <a name="input_enabled"></a> [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
 | <a name="input_iam_role_enabled"></a> [iam\_role\_enabled](#input\_iam\_role\_enabled) | Should we create a new Iam Role and Policy Attachment | `bool` | `true` | no |
+| <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | Override target IAM Role Name | `string` | `null` | no |
 | <a name="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for keep the existing setting, which defaults to `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
 | <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | The server-side encryption key that is used to protect your backups | `string` | `null` | no |
 | <a name="input_label_key_case"></a> [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.<br>Does not affect keys of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper`.<br>Default value: `title`. | `string` | `null` | no |
@@ -257,10 +258,9 @@ Available targets:
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_start_window"></a> [start\_window](#input\_start\_window) | The amount of time in minutes before beginning a backup. Minimum value is 60 minutes | `number` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
-| <a name="input_target_iam_role_name"></a> [target\_iam\_role\_name](#input\_target\_iam\_role\_name) | Override target IAM Role Name | `string` | `null` | no |
-| <a name="input_target_vault_name"></a> [target\_vault\_name](#input\_target\_vault\_name) | Override target Vault Name | `string` | `null` | no |
 | <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
 | <a name="input_vault_enabled"></a> [vault\_enabled](#input\_vault\_enabled) | Should we create a new Vault | `bool` | `true` | no |
+| <a name="input_vault_name"></a> [vault\_name](#input\_vault\_name) | Override target Vault Name | `string` | `null` | no |
 
 ## Outputs
 

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -55,6 +55,7 @@
 | <a name="input_enabled"></a> [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
 | <a name="input_iam_role_enabled"></a> [iam\_role\_enabled](#input\_iam\_role\_enabled) | Should we create a new Iam Role and Policy Attachment | `bool` | `true` | no |
+| <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | Override target IAM Role Name | `string` | `null` | no |
 | <a name="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for keep the existing setting, which defaults to `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
 | <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | The server-side encryption key that is used to protect your backups | `string` | `null` | no |
 | <a name="input_label_key_case"></a> [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.<br>Does not affect keys of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper`.<br>Default value: `title`. | `string` | `null` | no |
@@ -71,10 +72,9 @@
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_start_window"></a> [start\_window](#input\_start\_window) | The amount of time in minutes before beginning a backup. Minimum value is 60 minutes | `number` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
-| <a name="input_target_iam_role_name"></a> [target\_iam\_role\_name](#input\_target\_iam\_role\_name) | Override target IAM Role Name | `string` | `null` | no |
-| <a name="input_target_vault_name"></a> [target\_vault\_name](#input\_target\_vault\_name) | Override target Vault Name | `string` | `null` | no |
 | <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
 | <a name="input_vault_enabled"></a> [vault\_enabled](#input\_vault\_enabled) | Should we create a new Vault | `bool` | `true` | no |
+| <a name="input_vault_name"></a> [vault\_name](#input\_vault\_name) | Override target Vault Name | `string` | `null` | no |
 
 ## Outputs
 

diff --git a/main.tf b/main.tf
@@ -1,8 +1,12 @@
 locals {
   enabled          = module.this.enabled
-  iam_role_enabled = local.enabled && var.iam_role_enabled
   plan_enabled     = local.enabled && var.plan_enabled
+  iam_role_enabled = local.enabled && var.iam_role_enabled
+  iam_role_name    = coalesce(var.iam_role_name, module.label_backup_role.id)
   vault_enabled    = local.enabled && var.vault_enabled
+  vault_name       = coalesce(var.vault_name, module.this.id)
+  vault_id         = join("", local.vault_enabled ? aws_backup_vault.default.*.id : data.aws_backup_vault.existing.*.id)
+  vault_arn        = join("", local.vault_enabled ? aws_backup_vault.default.*.arn : data.aws_backup_vault.existing.*.arn)
 }
 
 data "aws_partition" "current" {}
@@ -18,14 +22,14 @@ module "label_backup_role" {
 
 resource "aws_backup_vault" "default" {
   count       = local.vault_enabled ? 1 : 0
-  name        = module.this.id
+  name        = local.vault_name
   kms_key_arn = var.kms_key_arn
   tags        = module.this.tags
 }
 
 data "aws_backup_vault" "existing" {
   count = local.enabled && var.vault_enabled == false ? 1 : 0
-  name  = var.target_vault_name == null ? module.this.id : var.target_vault_name
+  name  = local.vault_name
 }
 
 resource "aws_backup_plan" "default" {
@@ -84,14 +88,14 @@ data "aws_iam_policy_document" "assume_role" {
 
 resource "aws_iam_role" "default" {
   count              = local.iam_role_enabled ? 1 : 0
-  name               = var.target_iam_role_name == null ? module.label_backup_role.id : var.target_iam_role_name
+  name               = local.iam_role_name
   assume_role_policy = join("", data.aws_iam_policy_document.assume_role.*.json)
   tags               = module.label_backup_role.tags
 }
 
 data "aws_iam_role" "existing" {
   count = local.enabled && var.iam_role_enabled == false ? 1 : 0
-  name  = var.target_iam_role_name == null ? module.label_backup_role.id : var.target_iam_role_name
+  name  = local.iam_role_name
 }
 
 resource "aws_iam_role_policy_attachment" "default" {

diff --git a/outputs.tf b/outputs.tf
@@ -1,10 +1,10 @@
 output "backup_vault_id" {
-  value       = join("", aws_backup_vault.default.*.id)
+  value       = local.vault_id
   description = "Backup Vault ID"
 }
 
 output "backup_vault_arn" {
-  value       = join("", aws_backup_vault.default.*.arn)
+  value       = local.vault_arn
   description = "Backup Vault ARN"
 }
 

diff --git a/variables.tf b/variables.tf
@@ -74,7 +74,7 @@ variable "plan_name_suffix" {
   default     = null
 }
 
-variable "target_vault_name" {
+variable "vault_name" {
   type        = string
   description = "Override target Vault Name"
   default     = null
@@ -98,7 +98,7 @@ variable "iam_role_enabled" {
   default     = true
 }
 
-variable "target_iam_role_name" {
+variable "iam_role_name" {
   type        = string
   description = "Override target IAM Role Name"
   default     = null