From 2434669583ff15cd80fbc3253aa931a178493ca6 Mon Sep 17 00:00:00 2001
From: Prashanth Goud Boodithi <prashanth.boodithi@visablelabs.com>
Date: Tue, 7 Jan 2025 14:07:49 +0100
Subject: [PATCH 1/2] fix: Add prefix to the policies which breaks multi runner
 configuration

---
 modules/runners/pool/main.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/runners/pool/main.tf b/modules/runners/pool/main.tf
index df292a9a03..92b315468e 100644
--- a/modules/runners/pool/main.tf
+++ b/modules/runners/pool/main.tf
@@ -81,7 +81,7 @@ resource "aws_iam_role" "pool" {
 }
 
 resource "aws_iam_role_policy" "pool" {
-  name = "pool-policy"
+  name = "${var.config.prefix}-pool-policy"
   role = aws_iam_role.pool.name
   policy = templatefile("${path.module}/policies/lambda-pool.json", {
     arn_ssm_parameters_path_config = var.config.arn_ssm_parameters_path_config
@@ -94,7 +94,7 @@ resource "aws_iam_role_policy" "pool" {
 }
 
 resource "aws_iam_role_policy" "pool_logging" {
-  name = "logging-policy"
+  name = "${var.config.prefix}-logging-policy"
   role = aws_iam_role.pool.name
   policy = templatefile("${path.module}/../policies/lambda-cloudwatch.json", {
     log_group_arn = aws_cloudwatch_log_group.pool.arn
@@ -144,7 +144,7 @@ data "aws_iam_policy_document" "lambda_xray" {
 
 resource "aws_iam_role_policy" "pool_xray" {
   count  = var.tracing_config.mode != null ? 1 : 0
-  name   = "xray-policy"
+  name   = "${var.config.prefix}-xray-policy"
   policy = data.aws_iam_policy_document.lambda_xray[0].json
   role   = aws_iam_role.pool.name
 }

From f98243d75646b349e61280b4a316d7299ccff8d7 Mon Sep 17 00:00:00 2001
From: Prashanth Goud Boodithi <prashanth.boodithi@visablelabs.com>
Date: Tue, 7 Jan 2025 14:20:22 +0100
Subject: [PATCH 2/2] fix: Add prefix to the policies which breaks multi runner
 configuration

---
 modules/ami-housekeeper/main.tf                        |  6 +++---
 modules/lambda/main.tf                                 |  4 ++--
 .../runner-binaries-syncer/runner-binaries-syncer.tf   |  4 ++--
 modules/runners/scale-down.tf                          |  6 +++---
 modules/runners/scale-up.tf                            | 10 +++++-----
 modules/runners/ssm-housekeeper.tf                     |  6 +++---
 modules/webhook/direct/webhook.tf                      | 10 +++++-----
 modules/webhook/eventbridge/dispatcher.tf              | 10 +++++-----
 modules/webhook/eventbridge/webhook.tf                 | 10 +++++-----
 9 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/modules/ami-housekeeper/main.tf b/modules/ami-housekeeper/main.tf
index f462c240fc..749c94da06 100644
--- a/modules/ami-housekeeper/main.tf
+++ b/modules/ami-housekeeper/main.tf
@@ -84,7 +84,7 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" {
 }
 
 resource "aws_iam_role_policy" "lambda_logging" {
-  name = "logging-policy"
+  name = "${var.prefix}-logging-policy"
   role = aws_iam_role.ami_housekeeper.id
 
   policy = templatefile("${path.module}/policies/lambda-cloudwatch.json", {
@@ -93,7 +93,7 @@ resource "aws_iam_role_policy" "lambda_logging" {
 }
 
 resource "aws_iam_role_policy" "ami_housekeeper" {
-  name = "lambda-ami-policy"
+  name = "${var.prefix}-lambda-ami-policy"
   role = aws_iam_role.ami_housekeeper.id
 
   policy = templatefile("${path.module}/policies/lambda-ami-housekeeper.json", {})
@@ -127,7 +127,7 @@ resource "aws_lambda_permission" "ami_housekeeper" {
 
 resource "aws_iam_role_policy" "ami_housekeeper_xray" {
   count  = var.tracing_config.mode != null ? 1 : 0
-  name   = "xray-policy"
+  name   = "${var.prefix}-xray-policy"
   policy = data.aws_iam_policy_document.lambda_xray[0].json
   role   = aws_iam_role.ami_housekeeper.name
 }
diff --git a/modules/lambda/main.tf b/modules/lambda/main.tf
index 137b727774..f83072e5c8 100644
--- a/modules/lambda/main.tf
+++ b/modules/lambda/main.tf
@@ -89,7 +89,7 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" {
 }
 
 resource "aws_iam_role_policy" "lambda_logging" {
-  name = "logging-policy"
+  name = "${var.lambda.prefix}-logging-policy"
   role = aws_iam_role.main.id
 
   policy = templatefile("${path.module}/policies/lambda-cloudwatch.json", {
@@ -106,7 +106,7 @@ resource "aws_iam_role_policy_attachment" "vpc_execution_role" {
 
 resource "aws_iam_role_policy" "xray" {
   count  = var.lambda.tracing_config.mode != null ? 1 : 0
-  name   = "xray-policy"
+  name   = "${var.lambda.prefix}-xray-policy"
   policy = data.aws_iam_policy_document.lambda_xray[0].json
   role   = aws_iam_role.main.name
 }
diff --git a/modules/runner-binaries-syncer/runner-binaries-syncer.tf b/modules/runner-binaries-syncer/runner-binaries-syncer.tf
index d3f5f08efa..6ae561cee6 100644
--- a/modules/runner-binaries-syncer/runner-binaries-syncer.tf
+++ b/modules/runner-binaries-syncer/runner-binaries-syncer.tf
@@ -103,7 +103,7 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" {
 }
 
 resource "aws_iam_role_policy" "lambda_logging" {
-  name = "logging-policys"
+  name = "${var.prefix}-logging-policys"
   role = aws_iam_role.syncer_lambda.id
 
   policy = templatefile("${path.module}/policies/lambda-cloudwatch.json", {
@@ -112,7 +112,7 @@ resource "aws_iam_role_policy" "lambda_logging" {
 }
 
 resource "aws_iam_role_policy" "syncer" {
-  name = "s3-policy"
+  name = "${var.prefix}-s3-policy"
   role = aws_iam_role.syncer_lambda.id
 
   policy = templatefile("${path.module}/policies/lambda-syncer.json", {
diff --git a/modules/runners/scale-down.tf b/modules/runners/scale-down.tf
index 60e3d47ecb..f7daf8868a 100644
--- a/modules/runners/scale-down.tf
+++ b/modules/runners/scale-down.tf
@@ -92,7 +92,7 @@ resource "aws_iam_role" "scale_down" {
 }
 
 resource "aws_iam_role_policy" "scale_down" {
-  name = "scale-down-policy"
+  name = "${var.prefix}-scale-down-policy"
   role = aws_iam_role.scale_down.name
   policy = templatefile("${path.module}/policies/lambda-scale-down.json", {
     environment               = var.prefix
@@ -103,7 +103,7 @@ resource "aws_iam_role_policy" "scale_down" {
 }
 
 resource "aws_iam_role_policy" "scale_down_logging" {
-  name = "logging-policy"
+  name = "${var.prefix}-logging-policy"
   role = aws_iam_role.scale_down.name
   policy = templatefile("${path.module}/policies/lambda-cloudwatch.json", {
     log_group_arn = aws_cloudwatch_log_group.scale_down.arn
@@ -118,7 +118,7 @@ resource "aws_iam_role_policy_attachment" "scale_down_vpc_execution_role" {
 
 resource "aws_iam_role_policy" "scale_down_xray" {
   count  = var.tracing_config.mode != null ? 1 : 0
-  name   = "xray-policy"
+  name   = "${var.prefix}-xray-policy"
   policy = data.aws_iam_policy_document.lambda_xray[0].json
   role   = aws_iam_role.scale_down.name
 }
diff --git a/modules/runners/scale-up.tf b/modules/runners/scale-up.tf
index b99ce89251..4d5030dae8 100644
--- a/modules/runners/scale-up.tf
+++ b/modules/runners/scale-up.tf
@@ -108,7 +108,7 @@ resource "aws_iam_role" "scale_up" {
 }
 
 resource "aws_iam_role_policy" "scale_up" {
-  name = "scale-up-policy"
+  name = "${var.prefix}-scale-up-policy"
   role = aws_iam_role.scale_up.name
   policy = templatefile("${path.module}/policies/lambda-scale-up.json", {
     arn_runner_instance_role  = aws_iam_role.runner.arn
@@ -122,7 +122,7 @@ resource "aws_iam_role_policy" "scale_up" {
 }
 
 resource "aws_iam_role_policy" "scale_up_logging" {
-  name = "logging-policy"
+  name = "${var.prefix}-logging-policy"
   role = aws_iam_role.scale_up.name
   policy = templatefile("${path.module}/policies/lambda-cloudwatch.json", {
     log_group_arn = aws_cloudwatch_log_group.scale_up.arn
@@ -131,7 +131,7 @@ resource "aws_iam_role_policy" "scale_up_logging" {
 
 resource "aws_iam_role_policy" "service_linked_role" {
   count  = var.create_service_linked_role_spot ? 1 : 0
-  name   = "service_linked_role"
+  name   = "${var.prefix}-service_linked_role"
   role   = aws_iam_role.scale_up.name
   policy = templatefile("${path.module}/policies/service-linked-role-create-policy.json", { aws_partition = var.aws_partition })
 }
@@ -150,14 +150,14 @@ resource "aws_iam_role_policy_attachment" "ami_id_ssm_parameter_read" {
 
 resource "aws_iam_role_policy" "scale_up_xray" {
   count  = var.tracing_config.mode != null ? 1 : 0
-  name   = "xray-policy"
+  name   = "${var.prefix}-xray-policy"
   policy = data.aws_iam_policy_document.lambda_xray[0].json
   role   = aws_iam_role.scale_up.name
 }
 
 resource "aws_iam_role_policy" "job_retry_sqs_publish" {
   count = local.job_retry_enabled ? 1 : 0
-  name  = "publish-retry-check-sqs-policy"
+  name  = "${var.prefix}-publish-retry-check-sqs-policy"
   role  = aws_iam_role.scale_up.name
 
   policy = templatefile("${path.module}/policies/lambda-publish-sqs-policy.json", {
diff --git a/modules/runners/ssm-housekeeper.tf b/modules/runners/ssm-housekeeper.tf
index e9c2a175ba..806d888734 100644
--- a/modules/runners/ssm-housekeeper.tf
+++ b/modules/runners/ssm-housekeeper.tf
@@ -92,7 +92,7 @@ resource "aws_iam_role" "ssm_housekeeper" {
 }
 
 resource "aws_iam_role_policy" "ssm_housekeeper" {
-  name = "ssm-policy"
+  name = "${var.prefix}-ssm-policy"
   role = aws_iam_role.ssm_housekeeper.name
   policy = templatefile("${path.module}/policies/lambda-ssm-housekeeper.json", {
     ssm_token_path = "arn:${var.aws_partition}:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter${local.token_path}"
@@ -100,7 +100,7 @@ resource "aws_iam_role_policy" "ssm_housekeeper" {
 }
 
 resource "aws_iam_role_policy" "ssm_housekeeper_logging" {
-  name = "logging-policy"
+  name = "${var.prefix}-logging-policy"
   role = aws_iam_role.ssm_housekeeper.name
   policy = templatefile("${path.module}/policies/lambda-cloudwatch.json", {
     log_group_arn = aws_cloudwatch_log_group.ssm_housekeeper.arn
@@ -115,7 +115,7 @@ resource "aws_iam_role_policy_attachment" "ssm_housekeeper_vpc_execution_role" {
 
 resource "aws_iam_role_policy" "ssm_housekeeper_xray" {
   count  = var.tracing_config.mode != null ? 1 : 0
-  name   = "xray-policy"
+  name   = "${var.prefix}-xray-policy"
   policy = data.aws_iam_policy_document.lambda_xray[0].json
   role   = aws_iam_role.ssm_housekeeper.name
 }
diff --git a/modules/webhook/direct/webhook.tf b/modules/webhook/direct/webhook.tf
index a8adc380a6..3cd631bc4f 100644
--- a/modules/webhook/direct/webhook.tf
+++ b/modules/webhook/direct/webhook.tf
@@ -98,7 +98,7 @@ resource "aws_iam_role" "webhook_lambda" {
 }
 
 resource "aws_iam_role_policy" "webhook_logging" {
-  name = "logging-policy"
+  name = "${var.config.prefix}-logging-policy"
   role = aws_iam_role.webhook_lambda.name
   policy = templatefile("${path.module}/../policies/lambda-cloudwatch.json", {
     log_group_arn = aws_cloudwatch_log_group.webhook.arn
@@ -112,7 +112,7 @@ resource "aws_iam_role_policy_attachment" "webhook_vpc_execution_role" {
 }
 
 resource "aws_iam_role_policy" "webhook_sqs" {
-  name = "publish-sqs-policy"
+  name = "${var.config.prefix}-publish-sqs-policy"
   role = aws_iam_role.webhook_lambda.name
 
   policy = templatefile("${path.module}/../policies/lambda-publish-sqs-policy.json", {
@@ -121,7 +121,7 @@ resource "aws_iam_role_policy" "webhook_sqs" {
 }
 
 resource "aws_iam_role_policy" "webhook_kms" {
-  name = "kms-policy"
+  name = "${var.config.prefix}-kms-policy"
   role = aws_iam_role.webhook_lambda.name
 
   policy = templatefile("${path.module}/../policies/lambda-kms.json", {
@@ -130,7 +130,7 @@ resource "aws_iam_role_policy" "webhook_kms" {
 }
 
 resource "aws_iam_role_policy" "webhook_ssm" {
-  name = "publish-ssm-policy"
+  name = "${var.config.prefix}-publish-ssm-policy"
   role = aws_iam_role.webhook_lambda.name
 
   policy = templatefile("${path.module}/../policies/lambda-ssm.json", {
@@ -140,7 +140,7 @@ resource "aws_iam_role_policy" "webhook_ssm" {
 
 resource "aws_iam_role_policy" "xray" {
   count  = var.config.tracing_config.mode != null ? 1 : 0
-  name   = "xray-policy"
+  name   = "${var.config.prefix}-xray-policy"
   policy = data.aws_iam_policy_document.lambda_xray[0].json
   role   = aws_iam_role.webhook_lambda.name
 }
diff --git a/modules/webhook/eventbridge/dispatcher.tf b/modules/webhook/eventbridge/dispatcher.tf
index c5d86911c5..3b8e5b725a 100644
--- a/modules/webhook/eventbridge/dispatcher.tf
+++ b/modules/webhook/eventbridge/dispatcher.tf
@@ -92,7 +92,7 @@ resource "aws_iam_role" "dispatcher_lambda" {
 }
 
 resource "aws_iam_role_policy" "dispatcher_logging" {
-  name = "logging-policy"
+  name = "${var.config.prefix}-logging-policy"
   role = aws_iam_role.dispatcher_lambda.name
   policy = templatefile("${path.module}/../policies/lambda-cloudwatch.json", {
     log_group_arn = aws_cloudwatch_log_group.dispatcher.arn
@@ -106,7 +106,7 @@ resource "aws_iam_role_policy_attachment" "dispatcher_vpc_execution_role" {
 }
 
 resource "aws_iam_role_policy" "dispatcher_sqs" {
-  name = "publish-sqs-policy"
+  name = "${var.config.prefix}-publish-sqs-policy"
   role = aws_iam_role.dispatcher_lambda.name
 
   policy = templatefile("${path.module}/../policies/lambda-publish-sqs-policy.json", {
@@ -115,7 +115,7 @@ resource "aws_iam_role_policy" "dispatcher_sqs" {
 }
 
 resource "aws_iam_role_policy" "dispatcher_kms" {
-  name = "kms-policy"
+  name = "${var.config.prefix}-kms-policy"
   role = aws_iam_role.webhook_lambda.name
 
   policy = templatefile("${path.module}/../policies/lambda-kms.json", {
@@ -124,7 +124,7 @@ resource "aws_iam_role_policy" "dispatcher_kms" {
 }
 
 resource "aws_iam_role_policy" "dispatcher_ssm" {
-  name = "publish-ssm-policy"
+  name = "${var.config.prefix}-publish-ssm-policy"
   role = aws_iam_role.dispatcher_lambda.name
 
   policy = templatefile("${path.module}/../policies/lambda-ssm.json", {
@@ -134,7 +134,7 @@ resource "aws_iam_role_policy" "dispatcher_ssm" {
 
 resource "aws_iam_role_policy" "dispatcher_xray" {
   count  = var.config.tracing_config.mode != null ? 1 : 0
-  name   = "xray-policy"
+  name   = "${var.config.prefix}-xray-policy"
   policy = data.aws_iam_policy_document.lambda_xray[0].json
   role   = aws_iam_role.dispatcher_lambda.name
 }
diff --git a/modules/webhook/eventbridge/webhook.tf b/modules/webhook/eventbridge/webhook.tf
index 84bbfba057..438c395531 100644
--- a/modules/webhook/eventbridge/webhook.tf
+++ b/modules/webhook/eventbridge/webhook.tf
@@ -97,7 +97,7 @@ resource "aws_iam_role" "webhook_lambda" {
 }
 
 resource "aws_iam_role_policy" "webhook_logging" {
-  name = "logging-policy"
+  name = "${var.config.prefix}-logging-policy"
   role = aws_iam_role.webhook_lambda.name
   policy = templatefile("${path.module}/../policies/lambda-cloudwatch.json", {
     log_group_arn = aws_cloudwatch_log_group.webhook.arn
@@ -111,7 +111,7 @@ resource "aws_iam_role_policy_attachment" "webhook_vpc_execution_role" {
 }
 
 resource "aws_iam_role_policy" "webhook_eventbridge" {
-  name = "publish-eventbridge-policy"
+  name = "${var.config.prefix}-publish-eventbridge-policy"
   role = aws_iam_role.webhook_lambda.name
 
   policy = templatefile("${path.module}/../policies/lambda-publish-eventbridge-policy.json", {
@@ -120,7 +120,7 @@ resource "aws_iam_role_policy" "webhook_eventbridge" {
 }
 
 resource "aws_iam_role_policy" "webhook_ssm" {
-  name = "publish-ssm-policy"
+  name = "${var.config.prefix}-publish-ssm-policy"
   role = aws_iam_role.webhook_lambda.name
 
   policy = templatefile("${path.module}/../policies/lambda-ssm.json", {
@@ -129,7 +129,7 @@ resource "aws_iam_role_policy" "webhook_ssm" {
 }
 
 resource "aws_iam_role_policy" "webhook_kms" {
-  name = "kms-policy"
+  name = "${var.config.prefix}-kms-policy"
   role = aws_iam_role.webhook_lambda.name
 
   policy = templatefile("${path.module}/../policies/lambda-kms.json", {
@@ -139,7 +139,7 @@ resource "aws_iam_role_policy" "webhook_kms" {
 
 resource "aws_iam_role_policy" "xray" {
   count  = var.config.tracing_config.mode != null ? 1 : 0
-  name   = "xray-policy"
+  name   = "${var.config.prefix}-xray-policy"
   policy = data.aws_iam_policy_document.lambda_xray[0].json
   role   = aws_iam_role.webhook_lambda.name
 }