feat: remove internally used random_id resource

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.83.6
+    rev: v1.95.0
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
@@ -27,7 +27,7 @@ repos:
         - --args=--quiet
         - --args=--skip-check CKV_AWS_116,CKV_AWS_117,CKV_AWS_173,CKV_AWS_272 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v4.6.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer

README.md

@@ -19,7 +19,6 @@
 |------|---------|
 | <a name="provider_archive"></a> [archive](#provider\_archive) | >=2.4.0 |
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.32.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | >=3.5.1 |
 
 ## Modules
 
@@ -29,16 +28,15 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [aws_cloudwatch_event_rule.rds_health_lambda_schedule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
-| [aws_cloudwatch_event_target.rds_health_lambda_target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
+| [aws_cloudwatch_event_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
+| [aws_cloudwatch_event_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
 | [aws_cloudwatch_log_group.rds_health_lambda_log_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_cloudwatch_metric_alarm.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
-| [aws_iam_policy.rds_health_lambda_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_role.rds_health_lambda_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy_attachment.rds_health_permissions](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_lambda_function.rds_health_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
+| [aws_iam_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
 | [aws_lambda_permission.allow_cw_call_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
-| [random_id.id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
 | [archive_file.status_checker_code](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
@@ -52,12 +50,15 @@ No modules.
 | <a name="input_enable_cloudwatch_alarms"></a> [enable\_cloudwatch\_alarms](#input\_enable\_cloudwatch\_alarms) | Setup CloudWatch alarms for the RDS state. For each state a separate alarm will be created. Default is `false`. | `bool` | `false` | no |
 | <a name="input_ignore_states"></a> [ignore\_states](#input\_ignore\_states) | Suppress warnings for the listed RDS states. Default: ['MAINTENANCE'] | `list(string)` | <pre>[<br>  "MAINTENANCE"<br>]</pre> | no |
 | <a name="input_insufficient_data_actions"></a> [insufficient\_data\_actions](#input\_insufficient\_data\_actions) | The list of actions to execute when this alarm transitions into an INSUFFICIENT\_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). Default is `null`. | `list(string)` | `null` | no |
+| <a name="input_lambda_insights_layers_arn"></a> [lambda\_insights\_layers\_arn](#input\_lambda\_insights\_layers\_arn) | The ARN of the Lambda Insights layer. Default is `null`. | `string` | `null` | no |
 | <a name="input_log_retion_period_in_days"></a> [log\_retion\_period\_in\_days](#input\_log\_retion\_period\_in\_days) | Number of days logs will be retained. Default is `365`. | `number` | `365` | no |
 | <a name="input_memory_size"></a> [memory\_size](#input\_memory\_size) | Amount of memory in MByte that the Lambda function can use at runtime. Default is `160`. | `number` | `160` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name of the health monitor. Default is `rds_status_monitor`. | `string` | `"rds_status_monitor"` | no |
 | <a name="input_ok_actions"></a> [ok\_actions](#input\_ok\_actions) | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | `list(string)` | `null` | no |
 | <a name="input_rds_arns"></a> [rds\_arns](#input\_rds\_arns) | List of RDS instance ARNs. Default is `[]`. | `list(string)` | `[]` | no |
 | <a name="input_schedule_expression"></a> [schedule\_expression](#input\_schedule\_expression) | The schedule expression for the CloudWatch event rule. Default is `rate(5 minutes)`. | `string` | `"rate(5 minutes)"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources. Default is `{}`. | `map(string)` | `{}` | no |
+| <a name="input_timeout"></a> [timeout](#input\_timeout) | The amount of time that Lambda allows a function to run before stopping it. Default is 30 seconds. | `number` | `30` | no |
 
 ## Outputs
 

examples/01_default_configuration/main.tf

@@ -1,6 +1,6 @@
 module "rds_monitor" {
   source                   = "../.."
-  rds_arns                 = []
+  rds_arns                 = ["arn:aws:rds:eu-central-1:565597938316:db:endur-s1endur"]
   enable_cloudwatch_alarms = false
   schedule_expression      = "rate(2 minutes)"
   tags = {

main.tf

@@ -1,11 +1,6 @@
-# A random identifier used for naming resources
-resource "random_id" "id" {
-  byte_length = 8
-}
-
 # IAM role
-resource "aws_iam_role" "rds_health_lambda_role" {
-  name               = "rds-health-lambda-role-${random_id.id.hex}"
+resource "aws_iam_role" "this" {
+  name               = var.name
   assume_role_policy = <<EOF
 {
   "Version": "2012-10-17",
@@ -25,18 +20,18 @@ EOF
 }
 
 # IAM role attachment
-resource "aws_iam_role_policy_attachment" "rds_health_permissions" {
-  role       = aws_iam_role.rds_health_lambda_role.name
-  policy_arn = aws_iam_policy.rds_health_lambda_role_policy.arn
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.this.name
+  policy_arn = aws_iam_policy.this.arn
 
-  depends_on = [aws_iam_policy.rds_health_lambda_role_policy,
-  aws_iam_role.rds_health_lambda_role]
+  depends_on = [aws_iam_policy.this,
+  aws_iam_role.this]
 }
 
-resource "aws_iam_policy" "rds_health_lambda_role_policy" {
-  name        = "rds-health-lambda-role-policy-${random_id.id.hex}"
+resource "aws_iam_policy" "this" {
+  name        = var.name
   path        = "/"
-  description = "IAM policy rds health solution lambda"
+  description = var.name
   policy      = <<EOF
 {
     "Version": "2012-10-17",
@@ -69,17 +64,18 @@ EOF
   tags        = var.tags
 }
 
-resource "aws_lambda_function" "rds_health_lambda" {
+resource "aws_lambda_function" "this" {
   filename                       = data.archive_file.status_checker_code.output_path
-  function_name                  = "rds_status_monitor-${random_id.id.hex}"
-  description                    = "RDS Status Monitor"
-  role                           = aws_iam_role.rds_health_lambda_role.arn
+  function_name                  = var.name
+  description                    = var.name
+  role                           = aws_iam_role.this.arn
   handler                        = "index.lambda_handler"
-  runtime                        = "python3.11"
-  reserved_concurrent_executions = 1
+  runtime                        = "python3.12"
+  layers                         = var.lambda_insights_layers_arn == null ? [] : [var.lambda_insights_layers_arn]
+  reserved_concurrent_executions = 2
   memory_size                    = var.memory_size
   source_code_hash               = data.archive_file.status_checker_code.output_base64sha256
-  timeout                        = 60
+  timeout                        = var.timeout
   tags                           = var.tags
   tracing_config {
     mode = "Active"
@@ -91,35 +87,34 @@ resource "aws_lambda_function" "rds_health_lambda" {
       SUPPRESS_STATES           = join(",", var.ignore_states)
     }
   }
-
 }
 
 # eventbridge rule
-resource "aws_cloudwatch_event_rule" "rds_health_lambda_schedule" {
-  name                = "rds-health-eventbridge-rule-${random_id.id.hex}"
+resource "aws_cloudwatch_event_rule" "this" {
+  name                = var.name
   description         = "Scheduled execution of the RDS monitor"
   schedule_expression = var.schedule_expression
   state               = "ENABLED"
   tags                = var.tags
 }
 
-resource "aws_cloudwatch_event_target" "rds_health_lambda_target" {
-  arn  = aws_lambda_function.rds_health_lambda.arn
-  rule = aws_cloudwatch_event_rule.rds_health_lambda_schedule.name
+resource "aws_cloudwatch_event_target" "this" {
+  arn  = aws_lambda_function.this.arn
+  rule = aws_cloudwatch_event_rule.this.name
 }
 
 resource "aws_lambda_permission" "allow_cw_call_lambda" {
   statement_id  = "AllowExecutionFromCloudWatch"
   action        = "lambda:InvokeFunction"
-  function_name = aws_lambda_function.rds_health_lambda.function_name
+  function_name = aws_lambda_function.this.function_name
   principal     = "events.amazonaws.com"
-  source_arn    = aws_cloudwatch_event_rule.rds_health_lambda_schedule.arn
+  source_arn    = aws_cloudwatch_event_rule.this.arn
 }
 
 
 # Log group for the Lambda function
 resource "aws_cloudwatch_log_group" "rds_health_lambda_log_groups" {
-  name              = "/aws/lambda/rds_status_monitor-${random_id.id.hex}"
+  name              = "/aws/lambda/${var.name}"
   retention_in_days = var.log_retion_period_in_days
   tags              = var.tags
 }
@@ -129,7 +124,7 @@ resource "aws_cloudwatch_metric_alarm" "this" {
   namespace                 = "Custom/RDS"
   period                    = 300
   metric_name               = "Status"
-  alarm_name                = "rds-status-monitor-${each.key}-${random_id.id.hex}"
+  alarm_name                = "${var.name}-${each.key}"
   comparison_operator       = "GreaterThanThreshold"
   alarm_description         = "This alarm triggers on RDS status."
   evaluation_periods        = 2

outputs.tf

@@ -1,6 +1,6 @@
 output "role_arn" {
   description = "The ARN of the IAM role."
-  value       = aws_iam_role.rds_health_lambda_role.arn
+  value       = aws_iam_role.this.arn
 }
 
 output "cloudwatch_metric_alarm_arns" {

variables.tf

@@ -47,6 +47,13 @@ variable "ignore_states" {
   ]
 }
 
+variable "lambda_insights_layers_arn" {
+  description = "The ARN of the Lambda Insights layer. Default is `null`."
+  type        = string
+  default     = null
+}
+
+
 variable "log_retion_period_in_days" {
   type        = number
   default     = 365
@@ -59,6 +66,12 @@ variable "log_retion_period_in_days" {
   }
 }
 
+variable "name" {
+  type        = string
+  description = "Name of the health monitor. Default is `rds_status_monitor`."
+  default     = "rds_status_monitor"
+}
+
 variable "memory_size" {
   type        = number
   description = "Amount of memory in MByte that the Lambda function can use at runtime. Default is `160`."
@@ -81,3 +94,13 @@ variable "tags" {
   default = {
   }
 }
+
+variable "timeout" {
+  type        = number
+  description = "The amount of time that Lambda allows a function to run before stopping it. Default is 30 seconds."
+  default     = 30
+  validation {
+    condition     = var.timeout >= 10 && var.timeout <= 900
+    error_message = "Timeout must be between 10 and 900."
+  }
+}