sqs queues, lambda functions with hardcoded names

awslabs · Mar 26, 2024 · c968be5 · c968be5
1 parent 894a819
commit c968be5
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 12 deletions.
diff --git a/sdlf-cicd/template-cicd-domain-roles.yaml b/sdlf-cicd/template-cicd-domain-roles.yaml
@@ -391,7 +391,9 @@ Resources:
                 Action:
                   - lambda:CreateFunction
                   - lambda:UpdateFunctionConfiguration
-                Resource: !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:sdlf-*
+                Resource:
+                  - !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:sdlf-*
+                  - !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:sdlf2-*
                 Condition: !If
                   - RunInVpc
                   - StringEquals:
@@ -417,7 +419,9 @@ Resources:
                   - lambda:UpdateFunctionCode
                   - lambda:AddPermission
                   - lambda:RemovePermission
-                Resource: !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:sdlf-*
+                Resource:
+                  - !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:sdlf-*
+                  - !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:sdlf2-*
               - Effect: Allow
                 Action:
                   - lambda:GetEventSourceMapping # W11 exception
@@ -429,8 +433,10 @@ Resources:
                   - lambda:UpdateEventSourceMapping # can only be controlled through lambda:FunctionArn condition key
                 Resource: "*"
                 Condition:
-                  ArnLike:
-                    "lambda:FunctionArn": !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:sdlf-*
+                  "ForAnyValue:ArnLike":
+                    "lambda:FunctionArn":
+                      - !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:sdlf-*
+                      - !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:sdlf2-*
               - Effect: Allow
                 Action:
                   - logs:CreateLogGroup
@@ -443,6 +449,7 @@ Resources:
                   - logs:TagLogGroup
                 Resource:
                   - !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/*/sdlf-*
+                  - !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/*/sdlf2-*
               - Effect: Allow
                 Action:
                   - logs:DescribeLogGroups # W11 exception
@@ -544,7 +551,9 @@ Resources:
                   - sqs:SetQueueAttributes
                   - sqs:TagQueue
                   - sqs:UntagQueue
-                Resource: !Sub arn:${AWS::Partition}:sqs:${AWS::Region}:${AWS::AccountId}:sdlf-*
+                Resource:
+                  - !Sub arn:${AWS::Partition}:sqs:${AWS::Region}:${AWS::AccountId}:sdlf-*
+                  - !Sub arn:${AWS::Partition}:sqs:${AWS::Region}:${AWS::AccountId}:sdlf2-*
               - Effect: Allow
                 Action:
                   - ssm:AddTagsToResource

diff --git a/sdlf-foundations/template.yaml b/sdlf-foundations/template.yaml
@@ -118,7 +118,7 @@ Resources:
                   - logs:PutLogEvents
                   - logs:AssociateKmsKey
                 Resource:
-                  - !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/sdlf-glue-replication
+                  - !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/sdlf2-glue-replication
                   - !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/glue/*
                   - !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/sdlf-*
                   - !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:sdlf-*
@@ -712,7 +712,7 @@ Resources:
     DeletionPolicy: Delete
     UpdateReplacePolicy: Delete
     Properties:
-      QueueName: sdlf-catalog-queue
+      QueueName: sdlf2-catalog-queue
       RedrivePolicy:
         deadLetterTargetArn: !GetAtt rDeadLetterQueueCatalog.Arn
         maxReceiveCount: 1
@@ -725,7 +725,7 @@ Resources:
     DeletionPolicy: Delete
     UpdateReplacePolicy: Delete
     Properties:
-      QueueName: sdlf-catalog-dlq
+      QueueName: sdlf2-catalog-dlq
       MessageRetentionPeriod: 1209600
       VisibilityTimeout: 60
       KmsMasterKeyId: !GetAtt rKMSKey.Arn
@@ -742,7 +742,7 @@ Resources:
     Type: AWS::Serverless::Function
     Properties:
       CodeUri: ./lambda/catalog/src
-      FunctionName: sdlf-catalog
+      FunctionName: sdlf2-catalog
       Environment:
         Variables:
           ENV: !Ref pEnvironment
@@ -755,7 +755,7 @@ Resources:
     Type: AWS::Serverless::Function
     Properties:
       CodeUri: ./lambda/catalog-redrive/src
-      FunctionName: sdlf-catalog-redrive
+      FunctionName: sdlf2-catalog-redrive
       Environment:
         Variables:
           QUEUE: !GetAtt rQueueCatalog.QueueName
@@ -827,7 +827,7 @@ Resources:
                   - logs:CreateLogGroup
                   - logs:CreateLogStream
                   - logs:PutLogEvents
-                Resource: !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/sdlf-catalog*
+                Resource: !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/sdlf2-catalog*
               - Effect: Allow
                 Action:
                   - sqs:DeleteMessage
@@ -1480,7 +1480,7 @@ Resources:
   rLambdaReplicate:
     Type: AWS::Serverless::Function
     Properties:
-      FunctionName: sdlf-glue-replication
+      FunctionName: sdlf2-glue-replication
       Description: Replicates Glue Catalog Metadata and Data Quality to Octagon Schemas Table
       CodeUri: ./lambda/replicate/src
       Environment: