revert label modules to avoid resource replacement

gberenice · gberenice · commit 5f5331f1f069 · 2023-01-24T14:31:45.000+02:00
diff --git a/README.md b/README.md
@@ -85,6 +85,8 @@ Use [the awesome `gossm` project](https://github.com/gjbae1212/gossm).
 | <a name="module_asg_label"></a> [asg\_label](#module\_asg\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_kms_key"></a> [kms\_key](#module\_kms\_key) | cloudposse/kms-key/aws | 0.12.1 |
 | <a name="module_logs_bucket"></a> [logs\_bucket](#module\_logs\_bucket) | cloudposse/s3-bucket/aws | 0.40.1 |
+| <a name="module_logs_label"></a> [logs\_label](#module\_logs\_label) | cloudposse/label/null | 0.25.0 |
+| <a name="module_role_label"></a> [role\_label](#module\_role\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
 
 ## Resources
@@ -131,7 +133,6 @@ Use [the awesome `gossm` project](https://github.com/gjbae1212/gossm).
 | <a name="input_label_order"></a> [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |
 | <a name="input_label_value_case"></a> [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,<br>set as tag values, and output by this module individually.<br>Does not affect values of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper` and `none` (no transformation).<br>Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.<br>Default value: `lower`. | `string` | `null` | no |
 | <a name="input_labels_as_tags"></a> [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.<br>Default is to include all labels.<br>Tags with empty values will not be included in the `tags` output.<br>Set to `[]` to suppress all generated tags.<br>**Notes:**<br>  The value of the `name` tag, if included, will be the `id`, not the `name`.<br>  Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be<br>  changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | <pre>[<br>  "default"<br>]</pre> | no |
-| <a name="input_max_instance_lifetime"></a> [max\_instance\_lifetime](#input\_max\_instance\_lifetime) | Maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 86400 and 31536000 seconds. | `number` | `0` | no |
 | <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
 | <a name="input_permissions_boundary"></a> [permissions\_boundary](#input\_permissions\_boundary) | The ARN of the permissions boundary that will be applied to the SSM Agent role. | `string` | `""` | no |
diff --git a/main.tf b/main.tf
@@ -2,7 +2,8 @@ module "asg_label" {
   source  = "cloudposse/label/null"
   version = "0.25.0"
 
-  context = module.this.context
+  context    = module.this.context
+  attributes = compact(concat(["asg"], var.attributes))
 
   # This tag attribute is required.
   # See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group#propagate_at_launch
@@ -11,11 +12,27 @@ module "asg_label" {
   }
 }
 
+module "role_label" {
+  source  = "cloudposse/label/null"
+  version = "0.25.0"
+
+  context    = module.this.context
+  attributes = compact(concat(["role"], var.attributes))
+}
+
+module "logs_label" {
+  source  = "cloudposse/label/null"
+  version = "0.25.0"
+
+  context    = module.this.context
+  attributes = compact(concat(["logs"], var.attributes))
+}
+
 locals {
   region     = coalesce(var.region, data.aws_region.current.name)
   account_id = data.aws_caller_identity.current.account_id
 
-  session_logging_bucket_name = try(coalesce(var.session_logging_bucket_name, "${module.this.id}-logs"), "")
+  session_logging_bucket_name = try(coalesce(var.session_logging_bucket_name, module.logs_label.id), "")
   session_logging_kms_key_arn = try(coalesce(var.session_logging_kms_key_arn, module.kms_key.key_arn), "")
 
   logs_bucket_enabled = var.session_logging_enabled && length(var.session_logging_bucket_name) == 0
@@ -88,10 +105,10 @@ data "aws_iam_policy_document" "session_logging" {
 }
 
 resource "aws_iam_role" "default" {
-  name                 = module.this.id
+  name                 = module.role_label.id
   assume_role_policy   = data.aws_iam_policy_document.default.json
   permissions_boundary = var.permissions_boundary
-  tags                 = module.this.tags
+  tags                 = module.role_label.tags
 }
 
 resource "aws_iam_role_policy_attachment" "default" {
@@ -102,13 +119,13 @@ resource "aws_iam_role_policy_attachment" "default" {
 resource "aws_iam_role_policy" "session_logging" {
   count = var.session_logging_enabled ? 1 : 0
 
-  name   = module.this.id
+  name   = "${module.role_label.id}-session-logging"
   role   = aws_iam_role.default.name
   policy = join("", data.aws_iam_policy_document.session_logging.*.json)
 }
 
 resource "aws_iam_instance_profile" "default" {
-  name = module.this.id
+  name = module.role_label.id
   role = aws_iam_role.default.name
 }
 
@@ -141,7 +158,7 @@ module "kms_key" {
   version = "0.12.1"
 
   enabled = var.session_logging_enabled && var.session_logging_encryption_enabled && length(var.session_logging_kms_key_arn) == 0
-  context = module.this.context
+  context = module.logs_label.context
 
   description             = "KMS key for encrypting Session Logs in S3 and CloudWatch."
   deletion_window_in_days = 10
@@ -151,7 +168,7 @@ module "kms_key" {
   policy = <<DOC
 {
   "Version" : "2012-10-17",
-  "Id" : "${module.this.id}",
+  "Id" : "${module.logs_label.id}-policy",
   "Statement" : [
     {
       "Sid" : "Enable IAM User Permissions",
@@ -177,7 +194,7 @@ module "kms_key" {
       "Resource": "*",
       "Condition": {
         "ArnLike": {
-          "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:${local.region}:${local.account_id}:log-group:${module.this.id}"
+          "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:${local.region}:${local.account_id}:log-group:${module.logs_label.id}"
         }
       }
     }
@@ -191,9 +208,7 @@ module "logs_bucket" {
   version = "0.40.1"
 
   enabled = local.logs_bucket_enabled
-  context = module.this.context
-
-  bucket_name = local.session_logging_bucket_name
+  context = module.logs_label.context
 
   # Encryption / Security
   acl                          = "private"
@@ -233,18 +248,18 @@ module "logs_bucket" {
 resource "aws_cloudwatch_log_group" "session_logging" {
   count = var.session_logging_enabled ? 1 : 0
 
-  name              = module.this.id
+  name              = module.logs_label.id
   retention_in_days = var.cloudwatch_retention_in_days
   kms_key_id        = var.session_logging_encryption_enabled ? local.session_logging_kms_key_arn : ""
-  tags              = module.this.tags
+  tags              = module.logs_label.tags
 }
 
 resource "aws_ssm_document" "session_logging" {
   count = var.session_logging_enabled && var.create_run_shell_document ? 1 : 0
 
   name          = var.session_logging_ssm_document_name
   document_type = "Session"
-  tags          = module.this.tags
+  tags          = module.logs_label.tags
   content       = <<DOC
 {
   "schemaVersion": "1.0",
@@ -305,18 +320,17 @@ resource "aws_launch_template" "default" {
 }
 
 resource "aws_autoscaling_group" "default" {
-  name_prefix = module.this.id
+  name_prefix = module.asg_label.id
   tags        = module.asg_label.tags_as_list_of_maps
 
   launch_template {
     id      = aws_launch_template.default.id
     version = "$Latest"
   }
 
-  max_size              = var.instance_count
-  min_size              = var.instance_count
-  desired_capacity      = var.instance_count
-  max_instance_lifetime = var.max_instance_lifetime
+  max_size         = var.instance_count
+  min_size         = var.instance_count
+  desired_capacity = var.instance_count
 
   vpc_zone_identifier = var.subnet_ids
 
diff --git a/variables.tf b/variables.tf
@@ -62,12 +62,6 @@ variable "additional_security_group_ids" {
   default     = []
 }
 
-variable "max_instance_lifetime" {
-  description = "Maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 86400 and 31536000 seconds."
-  type        = number
-  default     = 0
-}
-
 ######################
 ## SESSION LOGGING ##
 ####################
