Variable refactor

iam-ecr.tf

@@ -43,7 +43,7 @@ data "aws_iam_policy_document" "svcfoundry_access_to_ecr" {
 resource "aws_iam_policy" "svcfoundry_access_to_ecr" {
   count       = var.truefoundry_iam_role_enabled ? 1 : 0
   name_prefix = "${local.svcfoundry_unique_name}-access-to-ecr"
-  description = "ECR access for ${var.svcfoundry_name} on ${var.cluster_name}"
+  description = "ECR access for ${var.svcfoundry_k8s_service_account} on ${var.cluster_name}"
   policy      = data.aws_iam_policy_document.svcfoundry_access_to_ecr.json
   tags        = local.tags
 }

iam-rds.tf

@@ -15,7 +15,7 @@ data "aws_iam_policy_document" "truefoundry_db_iam_auth_policy_document" {
 resource "aws_iam_policy" "truefoundry_db_iam_auth_policy" {
   count       = var.truefoundry_iam_role_enabled ? 1 : 0
   name_prefix = "${local.svcfoundry_unique_name}-db-iam-auth-policy"
-  description = "IAM based authentication policy for ${var.svcfoundry_name} and ${var.mlfoundry_name} in cluster ${var.cluster_name}"
+  description = "IAM based authentication policy for ${var.svcfoundry_k8s_service_account} and ${var.mlfoundry_k8s_service_account} in cluster ${var.cluster_name}"
   policy      = data.aws_iam_policy_document.truefoundry_db_iam_auth_policy_document.json
   tags        = local.tags
 }

iam-sa.tf

@@ -15,7 +15,7 @@ module "truefoundry_oidc_iam" {
     "system:serviceaccount:${var.truefoundry_k8s_namespace}:${var.truefoundry_service_account}",
   ]
 
-  role_description = "Truefoundry IAM role for ${var.svcfoundry_name}, ${var.mlfoundry_name} and ${var.tfy_workflow_admin_name} in cluster ${var.cluster_name}"
+  role_description = "Truefoundry IAM role for ${var.svcfoundry_k8s_service_account}, ${var.mlfoundry_k8s_service_account} and ${var.tfy_workflow_admin_k8s_service_account} in cluster ${var.cluster_name}"
   role_policy_arns = [
     aws_iam_policy.truefoundry_bucket_policy[0].arn,
     aws_iam_policy.svcfoundry_access_to_ssm[0].arn,

iam-ssm.tf

@@ -15,17 +15,17 @@ data "aws_iam_policy_document" "svcfoundry_access_to_ssm" {
       "ssm:GetParameter",
     ]
     resources = [
-      "arn:aws:ssm:${var.aws_region}:${var.aws_account_id}:parameter/${var.account_name}/${var.svcfoundry_name}/*",
-      "arn:aws:ssm:${var.aws_region}:${var.aws_account_id}:parameter/${var.account_name}/${aws_db_instance.truefoundry_db[0].id}/*",
-      "arn:aws:ssm:${var.aws_region}:${var.aws_account_id}:parameter/${var.account_name}/truefoundry/dockerhub/IMAGE_PULL_CREDENTIALS",
+      "arn:aws:ssm:${var.aws_region}:${var.aws_account_id}:parameter/*/${var.svcfoundry_k8s_service_account}/*",
+      "arn:aws:ssm:${var.aws_region}:${var.aws_account_id}:parameter/*/${aws_db_instance.truefoundry_db[0].id}/*",
+      "arn:aws:ssm:${var.aws_region}:${var.aws_account_id}:parameter/*/truefoundry/dockerhub/IMAGE_PULL_CREDENTIALS",
     ]
   }
 }
 
 resource "aws_iam_policy" "svcfoundry_access_to_ssm" {
   count       = var.truefoundry_iam_role_enabled ? 1 : 0
   name_prefix = "${local.svcfoundry_unique_name}-access-to-ssm"
-  description = "SSM read access for ${var.svcfoundry_name} on ${var.cluster_name}"
+  description = "SSM read access for ${var.svcfoundry_k8s_service_account} on ${var.cluster_name}"
   policy      = data.aws_iam_policy_document.svcfoundry_access_to_ssm.json
   tags        = local.tags
 }
@@ -51,7 +51,7 @@ data "aws_iam_policy_document" "svcfoundry_access_to_multitenant_ssm" {
 resource "aws_iam_policy" "svcfoundry_access_to_multitenant_ssm" {
   count       = var.truefoundry_iam_role_enabled ? 1 : 0
   name_prefix = "${local.svcfoundry_unique_name}-access-to-multitenant-ssm"
-  description = "SSM read access for ${var.svcfoundry_name} to all multitenant params on ${var.cluster_name}"
+  description = "SSM read access for ${var.svcfoundry_k8s_service_account} to all multitenant params on ${var.cluster_name}"
   policy      = data.aws_iam_policy_document.svcfoundry_access_to_multitenant_ssm.json
   tags        = local.tags
 }

locals.tf

@@ -5,8 +5,8 @@ locals {
 
   truefoundry_db_unique_name = var.truefoundry_db_enable_override ? var.truefoundry_db_override_name : "${var.cluster_name}-db"
 
-  svcfoundry_unique_name = "${var.cluster_name}-${var.svcfoundry_name}"
-  mlfoundry_unique_name  = "${var.cluster_name}-${var.mlfoundry_name}"
+  svcfoundry_unique_name = "${var.cluster_name}-${var.svcfoundry_k8s_service_account}"
+  mlfoundry_unique_name  = "${var.cluster_name}-${var.mlfoundry_k8s_service_account}"
 
   truefoundry_db_port            = 5432
   truefoundry_db_master_username = "root"

variables.tf

@@ -21,11 +21,6 @@ variable "aws_account_id" {
   type        = string
 }
 
-variable "account_name" {
-  description = "AWS Account Name"
-  type        = string
-}
-
 variable "tags" {
   type        = map(string)
   default     = {}
@@ -76,6 +71,7 @@ variable "truefoundry_db_subnet_ids" {
 variable "truefoundry_db_instance_class" {
   type        = string
   description = "Instance class for RDS"
+  default     = "db.t3.medium"
 }
 
 variable "truefoundry_db_publicly_accessible" {
@@ -99,6 +95,7 @@ variable "truefoundry_db_allocated_storage" {
 variable "truefoundry_db_max_allocated_storage" {
   type        = string
   description = "Max allowed storage for RDS when autoscaling is enabled"
+  default     = "30"
 }
 
 variable "truefoundry_db_storage_type" {
@@ -110,6 +107,7 @@ variable "truefoundry_db_storage_type" {
 variable "truefoundry_db_storage_iops" {
   type        = number
   description = "Provisioned IOPS for the db"
+  default     = 0
 }
 
 variable "truefoundry_db_skip_final_snapshot" {
@@ -138,6 +136,7 @@ variable "truefoundry_db_enable_override" {
   type        = bool
   default     = false
 }
+
 variable "truefoundry_db_override_name" {
   description = "Override name for truefoundry db.This is the name of the RDS resources in AWS . truefoundry_db_enable_override must be set true"
   type        = string
@@ -261,57 +260,49 @@ variable "truefoundry_s3_cors_origins" {
 ##################################################################################
 ## MLfoundry service account
 ##################################################################################
-variable "mlfoundry_name" {
-  description = "Name of mlfoundry deployment"
-  type        = string
-}
 
 variable "mlfoundry_k8s_service_account" {
   description = "The k8s mlfoundry service account name"
   type        = string
+  default     = "mlfoundry-server"
 }
 
 variable "mlfoundry_k8s_namespace" {
   description = "The k8s mlfoundry namespace"
   type        = string
+  default     = "truefoundry"
 }
 
 ##################################################################################
 ## Servicefoundry service account
 ##################################################################################
 
-variable "svcfoundry_name" {
-  description = "Name of svcfoundry deployment"
-  type        = string
-}
-
 variable "svcfoundry_k8s_service_account" {
   description = "The k8s svcfoundry service account name"
   type        = string
+  default     = "servicefoundry-server"
 }
 
 variable "svcfoundry_k8s_namespace" {
   description = "The k8s svcfoundry namespace"
   type        = string
+  default     = "truefoundry"
 }
 
 ##################################################################################
 ## TFy workflow admin service account
 ##################################################################################
 
-variable "tfy_workflow_admin_name" {
-  description = "Name of tfy workflow admin deployment"
-  type        = string
-}
-
 variable "tfy_workflow_admin_k8s_service_account" {
   description = "The k8s tfy workflow admin service account name"
   type        = string
+  default     = "tfy-workflow-admin"
 }
 
 variable "tfy_workflow_admin_k8s_namespace" {
   description = "The k8s tfy workflow admin namespace"
   type        = string
+  default     = "truefoundry"
 }
 
 ##################################################################################