Refactor resource names definitions

examples/simple/main.tf

@@ -7,11 +7,10 @@ module "materialize_infrastructure" {
   # source = "git::https://github.com/MaterializeInc/terraform-aws-materialize.git"
   source = "../../"
 
-  # Basic settings
-  environment                 = "dev"
-  vpc_name                    = "materialize-simple"
-  cluster_name                = "materialize-eks-simple"
-  mz_iam_service_account_name = "materialize-user"
+  # The namespace and environment variables are used to construct the names of the resources
+  # e.g. ${namespace}-${environment}-storage, ${namespace}-${environment}-db etc.
+  namespace   = "simple-mz-tf"
+  environment = "dev"
 
   # VPC Configuration
   vpc_cidr             = "10.0.0.0/16"
@@ -21,23 +20,22 @@ module "materialize_infrastructure" {
   single_nat_gateway   = true
 
   # EKS Configuration
-  cluster_version                          = "1.31"
-  node_group_instance_types                = ["m6g.medium"]
+  cluster_version = "1.31"
+  # node_group_instance_types                = ["m6g.medium"]
+  node_group_instance_types                = ["r5.xlarge"]
   node_group_desired_size                  = 2
   node_group_min_size                      = 1
   node_group_max_size                      = 3
   node_group_capacity_type                 = "ON_DEMAND"
   enable_cluster_creator_admin_permissions = true
 
   # Storage Configuration
-  bucket_name              = "materialize-simple-storage-${random_id.suffix.hex}"
   enable_bucket_versioning = true
   enable_bucket_encryption = true
   bucket_force_destroy     = true
 
   # Database Configuration
   database_password    = "your-secure-password"
-  db_identifier        = "materialize-simple"
   postgres_version     = "15"
   db_instance_class    = "db.t3.large"
   db_allocated_storage = 20
@@ -57,11 +55,6 @@ module "materialize_infrastructure" {
   }
 }
 
-# Generate random suffix for unique S3 bucket name
-resource "random_id" "suffix" {
-  byte_length = 4
-}
-
 # Outputs
 output "vpc_id" {
   description = "VPC ID"

main.tf

@@ -1,50 +1,67 @@
 module "networking" {
   source = "./modules/networking"
 
-  vpc_name             = var.vpc_name
+  # The namespace and environment variables are used to construct the names of the resources
+  # e.g. ${namespace}-${environment}-vpc
+  namespace   = var.namespace
+  environment = var.environment
+
   vpc_cidr             = var.vpc_cidr
   availability_zones   = var.availability_zones
   private_subnet_cidrs = var.private_subnet_cidrs
   public_subnet_cidrs  = var.public_subnet_cidrs
-  cluster_name         = var.cluster_name
   single_nat_gateway   = var.single_nat_gateway
-  tags                 = var.tags
+
+  tags = local.common_tags
 }
 
 module "eks" {
   source = "./modules/eks"
 
-  cluster_name                             = var.cluster_name
+  # The namespace and environment variables are used to construct the names of the resources
+  # e.g. ${namespace}-${environment}-eks
+  namespace   = var.namespace
+  environment = var.environment
+
   cluster_version                          = var.cluster_version
   vpc_id                                   = local.network_id
   private_subnet_ids                       = local.network_private_subnet_ids
-  environment                              = var.environment
   node_group_desired_size                  = var.node_group_desired_size
   node_group_min_size                      = var.node_group_min_size
   node_group_max_size                      = var.node_group_max_size
   node_group_instance_types                = var.node_group_instance_types
   node_group_ami_type                      = var.node_group_ami_type
-  tags                                     = var.tags
   cluster_enabled_log_types                = var.cluster_enabled_log_types
   node_group_capacity_type                 = var.node_group_capacity_type
   enable_cluster_creator_admin_permissions = var.enable_cluster_creator_admin_permissions
+
+  tags = local.common_tags
 }
 
 module "storage" {
   source = "./modules/storage"
 
-  bucket_name              = var.bucket_name
-  tags                     = var.tags
+  # The namespace and environment variables are used to construct the names of the resources
+  # e.g. ${namespace}-${environment}-storage
+  namespace   = var.namespace
+  environment = var.environment
+
   bucket_lifecycle_rules   = var.bucket_lifecycle_rules
   enable_bucket_encryption = var.enable_bucket_encryption
   enable_bucket_versioning = var.enable_bucket_versioning
   bucket_force_destroy     = var.bucket_force_destroy
+
+  tags = local.common_tags
 }
 
 module "database" {
   source = "./modules/database"
 
-  db_identifier              = var.db_identifier
+  # The namespace and environment variables are used to construct the names of the resources
+  # e.g. ${namespace}-${environment}-db
+  namespace   = var.namespace
+  environment = var.environment
+
   postgres_version           = var.postgres_version
   instance_class             = var.db_instance_class
   allocated_storage          = var.db_allocated_storage
@@ -55,35 +72,46 @@ module "database" {
   vpc_id                     = local.network_id
   eks_security_group_id      = module.eks.cluster_security_group_id
   eks_node_security_group_id = module.eks.node_security_group_id
-  tags                       = var.tags
   max_allocated_storage      = var.db_max_allocated_storage
   database_password          = var.database_password
+
+  tags = local.common_tags
 }
 
 locals {
   network_id                 = var.create_vpc ? module.networking.vpc_id : var.network_id
   network_private_subnet_ids = var.create_vpc ? module.networking.private_subnet_ids : var.network_private_subnet_ids
+
+  # Common tags that apply to all resources
+  common_tags = merge(
+    var.tags,
+    {
+      Namespace   = var.namespace
+      Environment = var.environment
+      ManagedBy   = "terraform"
+    }
+  )
 }
 
 resource "aws_cloudwatch_log_group" "materialize" {
   count = var.enable_monitoring ? 1 : 0
 
-  name              = "/aws/${var.log_group_name_prefix}/${var.cluster_name}/${var.environment}"
+  name              = "/aws/${var.log_group_name_prefix}/${module.eks.cluster_name}/${var.environment}"
   retention_in_days = var.metrics_retention_days
 
   tags = var.tags
 }
 
 resource "aws_iam_user" "materialize" {
-  name = "${var.environment}-${var.mz_iam_service_account_name}"
+  name = "${local.name_prefix}-mz-user"
 }
 
 resource "aws_iam_access_key" "materialize_user" {
   user = aws_iam_user.materialize.name
 }
 
 resource "aws_iam_user_policy" "materialize_s3" {
-  name = var.mz_iam_policy_name
+  name = "${local.name_prefix}-mz-s3-policy"
   user = aws_iam_user.materialize.name
 
   policy = jsonencode({
@@ -107,7 +135,7 @@ resource "aws_iam_user_policy" "materialize_s3" {
 }
 
 resource "aws_iam_role" "materialize_s3" {
-  name = "${var.environment}-${var.mz_iam_role_name}"
+  name = "${local.name_prefix}-mz-role"
 
   # Trust policy allowing EKS to assume this role
   assume_role_policy = jsonencode({
@@ -120,7 +148,7 @@ resource "aws_iam_role" "materialize_s3" {
         }
         Action = "sts:AssumeRoleWithWebIdentity"
         Condition = {
-          StringEquals = {
+          StringLike = {
             "${trimprefix(module.eks.cluster_oidc_issuer_url, "https://")}:sub" : "system:serviceaccount:*:*",
             "${trimprefix(module.eks.cluster_oidc_issuer_url, "https://")}:aud" : "sts.amazonaws.com"
           }
@@ -129,15 +157,15 @@ resource "aws_iam_role" "materialize_s3" {
     ]
   })
 
-  tags = var.tags
+  tags = local.common_tags
 
   depends_on = [
     module.eks
   ]
 }
 
 resource "aws_iam_role_policy" "materialize_s3" {
-  name = var.mz_iam_policy_name
+  name = "${local.name_prefix}-mz-role-policy"
   role = aws_iam_role.materialize_s3.id
 
   policy = jsonencode({
@@ -159,3 +187,7 @@ resource "aws_iam_role_policy" "materialize_s3" {
     ]
   })
 }
+
+locals {
+  name_prefix = "${var.namespace}-${var.environment}"
+}

modules/database/main.tf

@@ -1,8 +1,12 @@
+locals {
+  name_prefix = "${var.namespace}-${var.environment}"
+}
+
 module "db" {
   source  = "terraform-aws-modules/rds/aws"
   version = "~> 6.0"
 
-  identifier = var.db_identifier
+  identifier = "${local.name_prefix}-db"
 
   engine               = "postgres"
   engine_version       = var.postgres_version
@@ -25,7 +29,7 @@ module "db" {
   subnet_ids             = var.database_subnet_ids
   vpc_security_group_ids = [aws_security_group.database.id]
   create_db_subnet_group = true
-  db_subnet_group_name   = "${var.db_identifier}-subnet-group"
+  db_subnet_group_name   = "${local.name_prefix}-db-subnet"
 
   maintenance_window      = var.maintenance_window
   backup_window           = var.backup_window
@@ -38,7 +42,7 @@ module "db" {
 }
 
 resource "aws_security_group" "database" {
-  name_prefix = "${var.db_identifier}-sg-"
+  name_prefix = "${local.name_prefix}-sg-"
   vpc_id      = var.vpc_id
 
   ingress {
@@ -65,7 +69,7 @@ resource "aws_security_group" "database" {
   }
 
   tags = merge(var.tags, {
-    Name = "${var.db_identifier}-sg"
+    Name = "${local.name_prefix}-sg"
   })
 
   lifecycle {

modules/database/variables.tf

@@ -1,5 +1,10 @@
-variable "db_identifier" {
-  description = "Identifier for the RDS instance"
+variable "namespace" {
+  description = "Namespace prefix for all resources"
+  type        = string
+}
+
+variable "environment" {
+  description = "Environment name"
   type        = string
 }