Expand out names

TheOneFromNorway · TheOneFromNorway · commit ef49ad3414fd · 2025-09-25T15:14:56.000+01:00
- Expand out names for clarity in code
- Keep `_ro` suffix as standard indicator for read only permissions on
  db user
diff --git a/terraform/data_replication/iam.tf b/terraform/data_replication/iam.tf
@@ -12,7 +12,7 @@ data "aws_iam_policy_document" "ecs_permissions" {
     actions = ["secretsmanager:GetSecretValue"]
     resources = [
       var.db_secret_arn,
-      aws_secretsmanager_secret.ro_db_password.arn
+      aws_secretsmanager_secret.read_only_db_password.arn
     ]
     effect = "Allow"
   }
diff --git a/terraform/data_replication/ssm_parameters.tf b/terraform/data_replication/ssm_parameters.tf
@@ -1,25 +1,21 @@
-# Create a password that is automatically populated in secrets manager using the random password generator for aws
-
-# Generate a random password for the read-only database user
-ephemeral "aws_secretsmanager_random_password" "ro_db_password" {
+ephemeral "aws_secretsmanager_random_password" "read_only_db_password" {
 }
 
-# Store the generated password in AWS Secrets Manager
-resource "aws_secretsmanager_secret" "ro_db_password" {
-  name                    = "${local.name_prefix}-ro-db-password-${substr(uuid(), 0, 4)}"
+resource "aws_secretsmanager_secret" "read_only_db_password" {
+  name                    = "${local.name_prefix}-grafana-read-only-db-password-${substr(uuid(), 0, 4)}"
   description             = "Read-only database user password for data replication"
   recovery_window_in_days = 7
 
   tags = {
-    Name = "${local.name_prefix}-ro-db-password"
+    Name = "${local.name_prefix}-read-only-db-password"
   }
   lifecycle {
     ignore_changes = [name]
   }
 }
 
-resource "aws_secretsmanager_secret_version" "ro_db_password" {
-  secret_id                = aws_secretsmanager_secret.ro_db_password.id
-  secret_string_wo         = ephemeral.aws_secretsmanager_random_password.ro_db_password.random_password
+resource "aws_secretsmanager_secret_version" "read_only_db_password" {
+  secret_id                = aws_secretsmanager_secret.read_only_db_password.id
+  secret_string_wo         = ephemeral.aws_secretsmanager_random_password.read_only_db_password.random_password
   secret_string_wo_version = 1
 }
diff --git a/terraform/data_replication/variables.tf b/terraform/data_replication/variables.tf
@@ -126,7 +126,7 @@ locals {
     },
     {
       name      = "READ_ONLY_DB_PASSWORD"
-      valueFrom = aws_secretsmanager_secret.ro_db_password.arn
+      valueFrom = aws_secretsmanager_secret.read_only_db_password.arn
     }
   ]
 }

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ data "aws_iam_policy_document" "ecs_permissions" {`
`12`	`12`	`actions = ["secretsmanager:GetSecretValue"]`
`13`	`13`	`resources = [`
`14`	`14`	`var.db_secret_arn,`
`15`		`- aws_secretsmanager_secret.ro_db_password.arn`
	`15`	`+ aws_secretsmanager_secret.read_only_db_password.arn`
`16`	`16`	`]`
`17`	`17`	`effect = "Allow"`
`18`	`18`	`}`
Original file line number	Diff line number	Diff line change
`@@ -126,7 +126,7 @@ locals {`
`126`	`126`	`},`
`127`	`127`	`{`
`128`	`128`	`name = "READ_ONLY_DB_PASSWORD"`
`129`		`- valueFrom = aws_secretsmanager_secret.ro_db_password.arn`
	`129`	`+ valueFrom = aws_secretsmanager_secret.read_only_db_password.arn`
`130`	`130`	`}`
`131`	`131`	`]`
`132`	`132`	`}`