Avoids creation of redundant resources when providing custom Events r…

…ole. (#29)
cn-terraform · Oct 6, 2023 · 4cd1a76 · 4cd1a76
1 parent 06bb293
commit 4cd1a76
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 15 deletions.
diff --git a/main.tf b/main.tf
@@ -30,13 +30,15 @@ data "aws_iam_policy_document" "scheduled_task_cw_event_role_cloudwatch_policy"
 }
 
 resource "aws_iam_role" "scheduled_task_cw_event_role" {
+  count              = var.event_rule_role_arn == null ? 1 : 0
   name               = "${var.name_prefix}-st-cw-role"
   assume_role_policy = data.aws_iam_policy_document.scheduled_task_cw_event_role_assume_role_policy.json
 }
 
 resource "aws_iam_role_policy" "scheduled_task_cw_event_role_cloudwatch_policy" {
+  count  = var.event_rule_role_arn == null ? 1 : 0
   name   = "${var.name_prefix}-st-cw-policy"
-  role   = aws_iam_role.scheduled_task_cw_event_role.id
+  role   = aws_iam_role.scheduled_task_cw_event_role[0].id
   policy = data.aws_iam_policy_document.scheduled_task_cw_event_role_cloudwatch_policy.json
 }
 
@@ -49,7 +51,7 @@ resource "aws_cloudwatch_event_rule" "event_rule" {
   event_bus_name      = var.event_rule_event_bus_name
   event_pattern       = var.event_rule_event_pattern
   description         = var.event_rule_description
-  role_arn            = var.event_rule_role_arn
+  role_arn            = var.event_rule_role_arn == null ? aws_iam_role.scheduled_task_cw_event_role[0].arn : var.event_rule_role_arn
   is_enabled          = var.event_rule_is_enabled
   tags = {
     Name = "${var.name_prefix}-cw-event-rule"
@@ -66,8 +68,7 @@ resource "aws_cloudwatch_event_target" "ecs_scheduled_task" {
   arn            = var.ecs_cluster_arn
   input          = var.event_target_input
   input_path     = var.event_target_input_path
-  role_arn       = aws_iam_role.scheduled_task_cw_event_role.arn
-
+  role_arn       = aws_cloudwatch_event_rule.event_rule.role_arn
   ecs_target {
     group               = var.event_target_ecs_target_group
     launch_type         = "FARGATE"

diff --git a/outputs.tf b/outputs.tf
@@ -3,52 +3,51 @@
 #------------------------------------------------------------------------------
 output "scheduled_task_cw_event_role_arn" {
   description = "The Amazon Resource Name (ARN) specifying the role."
-  value       = aws_iam_role.scheduled_task_cw_event_role.arn
+  value       = var.event_rule_role_arn == null ? aws_iam_role.scheduled_task_cw_event_role[0].arn : null
 }
 
 output "scheduled_task_cw_event_role_create_date" {
   description = "The creation date of the IAM role."
-  value       = aws_iam_role.scheduled_task_cw_event_role.create_date
+  value       = var.event_rule_role_arn == null ? aws_iam_role.scheduled_task_cw_event_role[0].create_date : null
 }
 
 output "scheduled_task_cw_event_role_description" {
   description = "The description of the role."
-  value       = aws_iam_role.scheduled_task_cw_event_role.description
+  value       = var.event_rule_role_arn == null ? aws_iam_role.scheduled_task_cw_event_role[0].description : null
 }
 
 output "scheduled_task_cw_event_role_id" {
   description = "The name of the role."
-  value       = aws_iam_role.scheduled_task_cw_event_role.id
+  value       = var.event_rule_role_arn == null ? aws_iam_role.scheduled_task_cw_event_role[0].id : null
 }
 
 output "scheduled_task_cw_event_role_name" {
   description = "The name of the role."
-  value       = aws_iam_role.scheduled_task_cw_event_role.name
+  value       = var.event_rule_role_arn == null ? aws_iam_role.scheduled_task_cw_event_role[0].name : null
 }
 
 output "scheduled_task_cw_event_role_unique_id" {
   description = "The stable and unique string identifying the role."
-  value       = aws_iam_role.scheduled_task_cw_event_role.unique_id
+  value       = var.event_rule_role_arn == null ? aws_iam_role.scheduled_task_cw_event_role[0].unique_id : null
 }
-
 output "aws_iam_role_policy_scheduled_task_cw_event_role_cloudwatch_policy_id" {
   description = "The role policy ID, in the form of role_name:role_policy_name."
-  value       = aws_iam_role_policy.scheduled_task_cw_event_role_cloudwatch_policy.id
+  value       = var.event_rule_role_arn == null ? aws_iam_role_policy.scheduled_task_cw_event_role_cloudwatch_policy[0].id : null
 }
 
 output "aws_iam_role_policy_scheduled_task_cw_event_role_cloudwatch_policy_name" {
   description = "The name of the policy."
-  value       = aws_iam_role_policy.scheduled_task_cw_event_role_cloudwatch_policy.name
+  value       = var.event_rule_role_arn == null ? aws_iam_role_policy.scheduled_task_cw_event_role_cloudwatch_policy[0].name : null
 }
 
 output "aws_iam_role_policy_scheduled_task_cw_event_role_cloudwatch_policy_policy" {
   description = "The policy document attached to the role."
-  value       = aws_iam_role_policy.scheduled_task_cw_event_role_cloudwatch_policy.policy
+  value       = var.event_rule_role_arn == null ? aws_iam_role_policy.scheduled_task_cw_event_role_cloudwatch_policy[0].policy : null
 }
 
 output "aws_iam_role_policy_scheduled_task_cw_event_role_cloudwatch_policy_role" {
   description = "The name of the role associated with the policy."
-  value       = aws_iam_role_policy.scheduled_task_cw_event_role_cloudwatch_policy.role
+  value       = var.event_rule_role_arn == null ? aws_iam_role_policy.scheduled_task_cw_event_role_cloudwatch_policy[0].role : null
 }
 
 #------------------------------------------------------------------------------