refactor: rename the AWS resources (#38)

ricardolsmendes · Nov 26, 2023 · 4acb17f · 4acb17f
1 parent b82ffdd
commit 4acb17f
Show file tree

Hide file tree

Showing 23 changed files with 118 additions and 93 deletions.
diff --git a/.github/workflows/on-iac-pr-against-dev.yaml b/.github/workflows/on-iac-pr-against-dev.yaml
@@ -29,7 +29,7 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v3
         with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/AWSGlueCICDBlueprintGitHubActionsServiceRole
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GlueCICDGitHubActionsServiceRole
           aws-region: ${{ vars.AWS_REGION }}
       - uses: hashicorp/setup-terraform@v2
       - name: Terraform style check

diff --git a/.github/workflows/on-iac-pr-against-main.yaml b/.github/workflows/on-iac-pr-against-main.yaml
@@ -29,7 +29,7 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v3
         with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/AWSGlueCICDBlueprintGitHubActionsServiceRole
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GlueCICDGitHubActionsServiceRole
           aws-region: ${{ vars.AWS_REGION }}
       - uses: hashicorp/setup-terraform@v2
       - name: Terraform style check

diff --git a/.github/workflows/on-iac-push-to-dev.yaml b/.github/workflows/on-iac-push-to-dev.yaml
@@ -29,7 +29,7 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v3
         with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/AWSGlueCICDBlueprintGitHubActionsServiceRole
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GlueCICDGitHubActionsServiceRole
           aws-region: ${{ vars.AWS_REGION }}
       - uses: hashicorp/setup-terraform@v2
       - name: Terraform style check

diff --git a/.github/workflows/on-iac-push-to-main.yaml b/.github/workflows/on-iac-push-to-main.yaml
@@ -29,7 +29,7 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v3
         with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/AWSGlueCICDBlueprintGitHubActionsServiceRole
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GlueCICDGitHubActionsServiceRole
           aws-region: ${{ vars.AWS_REGION }}
       - uses: hashicorp/setup-terraform@v2
       - name: Terraform style check

diff --git a/.github/workflows/on-pr-against-dev.yaml b/.github/workflows/on-pr-against-dev.yaml
@@ -64,7 +64,7 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v3
         with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/AWSGlueCICDBlueprintGitHubActionsServiceRole
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GlueCICDGitHubActionsServiceRole
           aws-region: ${{ vars.AWS_REGION }}
       - name: Copy Glue scripts to S3
         run: aws s3 sync --delete ./src s3://${{ vars.GLUE_SCRIPTS_S3_BUCKET }}
diff --git a/.github/workflows/on-pr-against-main.yaml b/.github/workflows/on-pr-against-main.yaml
@@ -64,7 +64,7 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v3
         with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/AWSGlueCICDBlueprintGitHubActionsServiceRole
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GlueCICDGitHubActionsServiceRole
           aws-region: ${{ vars.AWS_REGION }}
       - name: Copy Glue scripts to S3
         run: aws s3 sync --delete ./src s3://${{ vars.GLUE_SCRIPTS_S3_BUCKET }}
diff --git a/.github/workflows/on-push-to-dev.yaml b/.github/workflows/on-push-to-dev.yaml
@@ -73,7 +73,7 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v3
         with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/AWSGlueCICDBlueprintGitHubActionsServiceRole
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GlueCICDGitHubActionsServiceRole
           aws-region: ${{ vars.AWS_REGION }}
       - name: Copy Glue scripts to S3
         run: aws s3 sync --delete ./src s3://${{ vars.GLUE_SCRIPTS_S3_BUCKET }}
diff --git a/.github/workflows/on-push-to-main.yaml b/.github/workflows/on-push-to-main.yaml
@@ -72,7 +72,7 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v3
         with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/AWSGlueCICDBlueprintGitHubActionsServiceRole
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GlueCICDGitHubActionsServiceRole
           aws-region: ${{ vars.AWS_REGION }}
       - name: Copy Glue scripts to S3
         run: aws s3 sync --delete ./src s3://${{ vars.GLUE_SCRIPTS_S3_BUCKET }}
diff --git a/infrastructure/environments/dev/.terraform.lock.hcl b/infrastructure/environments/dev/.terraform.lock.hcl
diff --git a/infrastructure/environments/dev/provider.tf b/infrastructure/environments/dev/provider.tf
@@ -1,6 +1,6 @@
 terraform {
   backend "s3" {
-    bucket = "aws-glue-ci-cd-blueprint-terraform"
+    bucket = "glue-ci-cd-terraform"
     key    = "state/dev.tfstate"
     region = "us-east-1"
   }

diff --git a/infrastructure/environments/dev/variables.tf b/infrastructure/environments/dev/variables.tf
@@ -27,17 +27,17 @@ variable "environment" {
 variable "data_bucket_name" {
   description = "Name of the S3 bucket used to store data."
   type        = string
-  default     = "aws-glue-ci-cd-blueprint-data"
+  default     = "glue-ci-cd-data"
 }
 
 variable "glue_assets_bucket_name" {
   description = "Name of the S3 bucket used to store AWS Glue assets."
   type        = string
-  default     = "aws-glue-ci-cd-blueprint-glue-assets"
+  default     = "glue-ci-cd-assets"
 }
 
 variable "glue_scripts_bucket_name" {
   description = "Name of the S3 bucket used to store AWS Glue scripts."
   type        = string
-  default     = "aws-glue-ci-cd-blueprint-glue-scripts"
+  default     = "glue-ci-cd-scripts"
 }
diff --git a/infrastructure/environments/prod/provider.tf b/infrastructure/environments/prod/provider.tf
@@ -1,6 +1,6 @@
 terraform {
   backend "s3" {
-    bucket = "aws-glue-ci-cd-blueprint-terraform"
+    bucket = "glue-ci-cd-terraform"
     key    = "state/prod.tfstate"
     region = "us-east-1"
   }

diff --git a/infrastructure/environments/prod/variables.tf b/infrastructure/environments/prod/variables.tf
@@ -27,17 +27,17 @@ variable "environment" {
 variable "data_bucket_name" {
   description = "Name of the S3 bucket used to store data."
   type        = string
-  default     = "aws-glue-ci-cd-blueprint-data"
+  default     = "glue-ci-cd-data"
 }
 
 variable "glue_assets_bucket_name" {
   description = "Name of the S3 bucket used to store AWS Glue assets."
   type        = string
-  default     = "aws-glue-ci-cd-blueprint-glue-assets"
+  default     = "glue-ci-cd-assets"
 }
 
 variable "glue_scripts_bucket_name" {
   description = "Name of the S3 bucket used to store AWS Glue scripts."
   type        = string
-  default     = "aws-glue-ci-cd-blueprint-glue-scripts"
+  default     = "glue-ci-cd-scripts"
 }
diff --git a/infrastructure/environments/qa/provider.tf b/infrastructure/environments/qa/provider.tf
@@ -1,6 +1,6 @@
 terraform {
   backend "s3" {
-    bucket = "aws-glue-ci-cd-blueprint-terraform"
+    bucket = "glue-ci-cd-terraform"
     key    = "state/qa.tfstate"
     region = "us-east-1"
   }

diff --git a/infrastructure/environments/qa/variables.tf b/infrastructure/environments/qa/variables.tf
@@ -27,17 +27,17 @@ variable "environment" {
 variable "data_bucket_name" {
   description = "Name of the S3 bucket used to store data."
   type        = string
-  default     = "aws-glue-ci-cd-blueprint-data"
+  default     = "glue-ci-cd-data"
 }
 
 variable "glue_assets_bucket_name" {
   description = "Name of the S3 bucket used to store AWS Glue assets."
   type        = string
-  default     = "aws-glue-ci-cd-blueprint-glue-assets"
+  default     = "glue-ci-cd-assets"
 }
 
 variable "glue_scripts_bucket_name" {
   description = "Name of the S3 bucket used to store AWS Glue scripts."
   type        = string
-  default     = "aws-glue-ci-cd-blueprint-glue-scripts"
+  default     = "glue-ci-cd-scripts"
 }
diff --git a/infrastructure/environments/staging/provider.tf b/infrastructure/environments/staging/provider.tf
@@ -1,6 +1,6 @@
 terraform {
   backend "s3" {
-    bucket = "aws-glue-ci-cd-blueprint-terraform"
+    bucket = "glue-ci-cd-terraform"
     key    = "state/staging.tfstate"
     region = "us-east-1"
   }

diff --git a/infrastructure/environments/staging/variables.tf b/infrastructure/environments/staging/variables.tf
@@ -27,17 +27,17 @@ variable "environment" {
 variable "data_bucket_name" {
   description = "Name of the S3 bucket used to store data."
   type        = string
-  default     = "aws-glue-ci-cd-blueprint-data"
+  default     = "glue-ci-cd-data"
 }
 
 variable "glue_assets_bucket_name" {
   description = "Name of the S3 bucket used to store AWS Glue assets."
   type        = string
-  default     = "aws-glue-ci-cd-blueprint-glue-assets"
+  default     = "glue-ci-cd-assets"
 }
 
 variable "glue_scripts_bucket_name" {
   description = "Name of the S3 bucket used to store AWS Glue scripts."
   type        = string
-  default     = "aws-glue-ci-cd-blueprint-glue-scripts"
+  default     = "glue-ci-cd-scripts"
 }
diff --git a/infrastructure/modules/core/data.tf b/infrastructure/modules/core/data.tf
@@ -0,0 +1,31 @@
+data "aws_iam_policy_document" "glue_service_custom_policy" {
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:GetObject",
+      "s3:ListBucket"
+    ]
+    resources = ["*"]
+  }
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:PutObject"
+    ]
+    resources = [
+      "${aws_s3_bucket.data.arn}/*",
+      "${aws_s3_bucket.glue_assets.arn}/*"
+    ]
+  }
+}
+
+data "aws_iam_policy_document" "glue_service_trust_policy" {
+  statement {
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+    principals {
+      type        = "Service"
+      identifiers = ["glue.amazonaws.com"]
+    }
+  }
+}
diff --git a/infrastructure/modules/core/iam.tf b/infrastructure/modules/core/iam.tf
@@ -1,52 +1,22 @@
-data "aws_iam_policy_document" "glue_service_custom_policy" {
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:GetObject",
-      "s3:ListBucket"
-    ]
-    resources = ["*"]
-  }
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:PutObject"
-    ]
-    resources = [
-      aws_s3_bucket.data.arn,
-      aws_s3_bucket.glue_assets.arn
-    ]
-  }
-}
-
 resource "aws_iam_policy" "glue_service_custom_policy" {
-  name        = "AWSGlueCICDBlueprintGluePolicy-${var.environment}"
-  description = "Provides access to the resources required by Glue jobs in the AWS Glue CI/CD Blueprint."
+  name        = "GlueCICDPolicy-${var.environment}"
+  description = "Provides access to the resources required by Glue services."
   policy      = data.aws_iam_policy_document.glue_service_custom_policy.json
   tags = {
     Project     = "AWS Glue CI/CD Blueprint"
     Environment = var.environment
-  }
-}
-
-data "aws_iam_policy_document" "glue_service_trust_policy" {
-  statement {
-    effect  = "Allow"
-    actions = ["sts:AssumeRole"]
-    principals {
-      type        = "Service"
-      identifiers = ["glue.amazonaws.com"]
-    }
+    CreatedBy   = "Terraform"
   }
 }
 
 resource "aws_iam_role" "glue_service_role" {
-  name               = "AWSGlueCICDBlueprintGlueServiceRole-${var.environment}"
-  description        = "Used by Glue to demonstrate the AWS Glue CI/CD Blueprint."
+  name               = "GlueCICDServiceRole-${var.environment}"
+  description        = "Used by Glue to demonstrate the CI/CD Blueprint."
   assume_role_policy = data.aws_iam_policy_document.glue_service_trust_policy.json
   tags = {
     Project     = "AWS Glue CI/CD Blueprint"
     Environment = var.environment
+    CreatedBy   = "Terraform"
   }
 }
 

diff --git a/infrastructure/modules/core/s3.tf b/infrastructure/modules/core/s3.tf
@@ -3,6 +3,7 @@ resource "aws_s3_bucket" "data" {
   tags = {
     Project     = "AWS Glue CI/CD Blueprint"
     Environment = var.environment
+    CreatedBy   = "Terraform"
   }
 }
 
@@ -11,6 +12,7 @@ resource "aws_s3_bucket" "glue_assets" {
   tags = {
     Project     = "AWS Glue CI/CD Blueprint"
     Environment = var.environment
+    CreatedBy   = "Terraform"
   }
 }
 
@@ -30,5 +32,6 @@ resource "aws_s3_bucket" "glue_scripts" {
   tags = {
     Project     = "AWS Glue CI/CD Blueprint"
     Environment = var.environment
+    CreatedBy   = "Terraform"
   }
 }
diff --git a/infrastructure/modules/glue/catalog.tf b/infrastructure/modules/glue/catalog.tf
@@ -1,21 +1,23 @@
 resource "aws_glue_catalog_database" "silver" {
-  name         = "aws_glue_ci_cd_blueprint_silver_${var.environment}"
+  name         = "glue_ci_cd_silver_${var.environment}"
   description  = "Database for the AWS Glue CI/CD Blueprint (Silver layer)"
   location_uri = "${var.data_bucket_id}/silver"
   tags = {
     Project     = "AWS Glue CI/CD Blueprint"
     Environment = var.environment
+    CreatedBy   = "Terraform"
   }
 }
 
 resource "aws_glue_crawler" "silver_us_legislators" {
-  name          = "aws-glue-ci-cd-blueprint-silver-us-legislators-${var.environment}"
+  name          = "glue-ci-cd-silver-us-legislators-${var.environment}"
   description   = "Crawler for the US Legislators table (AWS Glue CI/CD Blueprint, Silver layer)"
   database_name = aws_glue_catalog_database.silver.name
   role          = data.aws_iam_role.glue_service.arn
   tags = {
     Project     = "AWS Glue CI/CD Blueprint"
     Environment = var.environment
+    CreatedBy   = "Terraform"
   }
   s3_target {
     path = "s3://${var.data_bucket_id}/silver/us-legislators"