fix: make bucket naming generic

.github/workflows/build.yml

@@ -36,7 +36,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6
 
-      - name: Get lambda code bucket
+      - name: Get build artifact bucket
         id: deploy_bucket
         uses: chrispsheehan/terragrunt-aws-oidc-action@0.4.1
         with:

.github/workflows/build_get.yml

@@ -13,7 +13,7 @@ on:
         default: ""
     outputs:
       code_bucket:
-        description: "Bucket containing lambda zips"
+        description: "Bucket containing build artifacts"
         value: ${{ jobs.bucket.outputs.code_bucket_name }}
       lambda_version:
         description: "Valid lambda version"

.github/workflows/destroy.yml

@@ -60,13 +60,15 @@ jobs:
           tg_action: destroy
 
   frontend:
-    needs: setup
+    needs: lambdas
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
 
       - name: Destroy frontend infra
         uses: chrispsheehan/terragrunt-aws-oidc-action@0.4.1
+        env:
+          TF_VAR_api_invoke_url: "https://placeholder.execute-api.us-east-1.amazonaws.com"
         with:
           aws_oidc_role_arn: ${{ env.AWS_OIDC_ROLE_ARN }}
           tg_directory: infra/live/${{ inputs.environment }}/aws/frontend

.github/workflows/infra.yml

@@ -10,7 +10,7 @@ on:
         required: true
         type: string
       code_bucket:
-        description: "Bucket containing lambda zips"
+        description: "Bucket containing build artifacts"
         required: true
         type: string
       lambda_matrix:
@@ -45,15 +45,32 @@ jobs:
           tg_directory: infra/live/${{ inputs.environment }}/aws/oidc
 
   frontend:
-    needs: oidc
+    needs: lambdas
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
         with:
           ref: ${{ inputs.infra_version }}
 
+      - name: Get api infra
+        uses: chrispsheehan/terragrunt-aws-oidc-action@0.4.1
+        id: get-api
+        with:
+          aws_oidc_role_arn: ${{ env.AWS_OIDC_ROLE_ARN }}
+          tg_directory: infra/live/${{ inputs.environment }}/aws/api
+          tg_action: init
+
+      - name: Get api invoke url
+        id: get_api_vars
+        env:
+          TG_OUTPUTS: ${{ steps.get-api.outputs.tg_outputs }}
+        run: |
+          echo "invoke_url=$(echo $TG_OUTPUTS | jq -r '.invoke_url.value')" >> $GITHUB_OUTPUT
+
       - name: Deploy frontend infra
         uses: chrispsheehan/terragrunt-aws-oidc-action@0.4.1
+        env:
+          TF_VAR_api_invoke_url: ${{ steps.get_api_vars.outputs.invoke_url }}
         with:
           aws_oidc_role_arn: ${{ env.AWS_OIDC_ROLE_ARN }}
           tg_directory: infra/live/${{ inputs.environment }}/aws/frontend

.github/workflows/infra_releases.yml

@@ -11,7 +11,7 @@ on:
         type: string
     outputs:
       code_bucket:
-        description: "Bucket containing lambda zips"
+        description: "Bucket containing build artifacts"
         value: ${{ jobs.bucket.outputs.bucket_name }}
 
 concurrency: # only run one instance of workflow at any one time
@@ -35,7 +35,7 @@ jobs:
         with:
           ref: ${{ inputs.infra_version }}
 
-      - name: Deploy lambda code bucket
+      - name: Deploy build artifact bucket
         id: deploy_bucket
         uses: chrispsheehan/terragrunt-aws-oidc-action@0.4.1
         with:

infra/modules/aws/_shared/lambda/data.tf

@@ -1,5 +1,5 @@
-data "aws_s3_bucket" "lambda_code" {
-  bucket = var.lambda_bucket
+data "aws_s3_bucket" "code_bucket" {
+  bucket = var.code_bucket
 }
 
 data "archive_file" "bootstrap_lambda" {
@@ -55,7 +55,7 @@ data "aws_iam_policy_document" "codedeploy_lambda" {
     effect  = "Allow"
     actions = ["s3:GetObject", "s3:GetObjectVersion"]
     resources = [
-      "arn:aws:s3:::${data.aws_s3_bucket.lambda_code.bucket}/*"
+      "arn:aws:s3:::${data.aws_s3_bucket.code_bucket.bucket}/*"
     ]
   }
 
@@ -64,7 +64,7 @@ data "aws_iam_policy_document" "codedeploy_lambda" {
     sid       = "ListArtifactPrefix"
     effect    = "Allow"
     actions   = ["s3:ListBucket", "s3:GetBucketLocation"]
-    resources = ["arn:aws:s3:::${data.aws_s3_bucket.lambda_code.bucket}"]
+    resources = ["arn:aws:s3:::${data.aws_s3_bucket.code_bucket.bucket}"]
   }
 
   statement {

infra/modules/aws/_shared/lambda/main.tf

@@ -21,7 +21,7 @@ resource "aws_iam_role_policy_attachment" "additional_iam_attachments" {
 }
 
 resource "aws_s3_object" "bootstrap_lambda_zip" {
-  bucket = data.aws_s3_bucket.lambda_code.bucket
+  bucket = data.aws_s3_bucket.code_bucket.bucket
   key    = local.lambda_bootstrap_zip_key
 
   source = data.archive_file.bootstrap_lambda.output_path
@@ -38,7 +38,7 @@ resource "aws_lambda_function" "lambda" {
 
   reserved_concurrent_executions = local.pc_reserved_count
 
-  s3_bucket = data.aws_s3_bucket.lambda_code.bucket
+  s3_bucket = data.aws_s3_bucket.code_bucket.bucket
   s3_key    = aws_s3_object.bootstrap_lambda_zip.key
 
   # publish ONE immutable version so we can create an alias

infra/modules/aws/_shared/lambda/variables.tf

@@ -9,9 +9,9 @@ variable "environment" {
   description = "Environment reference used in naming resources i.e. 'dev'"
 }
 
-variable "lambda_bucket" {
+variable "code_bucket" {
   type        = string
-  description = "Lambda bucket where the code zip(s) are uploaded to"
+  description = "Bucket where deployable code artifacts are uploaded"
 }
 ### end of static vars set in root.hcl ###
 
@@ -220,4 +220,4 @@ variable "provisioned_config" {
     )
     error_message = "When sqs_scale is set, both scale_in_cooldown_seconds and scale_out_cooldown_seconds must be specified and each must be at least 60 seconds."
   }
-}
+}

infra/modules/aws/api/main.tf

@@ -1,9 +1,9 @@
 module "lambda_api" {
   source = "../_shared/lambda"
 
-  project_name  = var.project_name
-  environment   = var.environment
-  lambda_bucket = var.lambda_bucket
+  project_name = var.project_name
+  environment  = var.environment
+  code_bucket  = var.code_bucket
 
   lambda_name = local.lambda_name
 

infra/modules/aws/api/variables.tf

@@ -9,9 +9,9 @@ variable "environment" {
   description = "Environment reference used in naming resources i.e. 'dev'"
 }
 
-variable "lambda_bucket" {
+variable "code_bucket" {
   type        = string
-  description = "Lambda bucket where the code zip(s) are uploaded to"
+  description = "Bucket where deployable code artifacts are uploaded"
 }
 ### end of static vars set in root.hcl ###
 
@@ -57,4 +57,4 @@ variable "api_5xx_alarm_evaluation_periods" {
 variable "api_5xx_alarm_datapoints_to_alarm" {
   type        = number
   description = "The number of evaluated periods that must be breaching to trigger ALARM"
-}
+}

infra/modules/aws/code_bucket/main.tf

@@ -1,11 +1,11 @@
-resource "aws_s3_bucket" "lambda" {
-  bucket        = var.lambda_bucket
+resource "aws_s3_bucket" "code" {
+  bucket        = var.code_bucket
   force_destroy = true
 }
 
-resource "aws_s3_bucket_ownership_controls" "lambda" {
-  depends_on = [aws_s3_bucket.lambda]
-  bucket     = aws_s3_bucket.lambda.id
+resource "aws_s3_bucket_ownership_controls" "code" {
+  depends_on = [aws_s3_bucket.code]
+  bucket     = aws_s3_bucket.code.id
   rule {
     object_ownership = "BucketOwnerEnforced"
   }
@@ -14,7 +14,7 @@ resource "aws_s3_bucket_ownership_controls" "lambda" {
 resource "aws_s3_bucket_lifecycle_configuration" "delete_old_files" {
   count = var.s3_expiration_days > 0 ? 1 : 0
 
-  bucket = aws_s3_bucket.lambda.id
+  bucket = aws_s3_bucket.code.id
 
   rule {
     id     = "delete-expired-objects"

infra/modules/aws/code_bucket/outputs.tf

@@ -1,3 +1,3 @@
 output "bucket" {
-  value = aws_s3_bucket.lambda.bucket
+  value = aws_s3_bucket.code.bucket
 }

infra/modules/aws/code_bucket/variables.tf

@@ -1,6 +1,6 @@
 ### start of static vars set in root.hcl ###
-variable "lambda_bucket" {
-  description = "S3 bucket to host lambda code files"
+variable "code_bucket" {
+  description = "S3 bucket to host build artifacts"
   type        = string
 }
 ### end of static vars set in root.hcl ###

infra/modules/aws/frontend/data.tf

@@ -51,11 +51,3 @@ data "aws_cloudfront_cache_policy" "caching_disabled" {
 
 data "aws_caller_identity" "current" {}
 
-data "terraform_remote_state" "api" {
-  backend = "s3"
-  config = {
-    bucket = var.state_bucket
-    key    = "${var.environment}/aws/api/terraform.tfstate"
-    region = var.aws_region
-  }
-}

infra/modules/aws/frontend/locals.tf

@@ -1,7 +1,7 @@
 locals {
   name        = "${var.environment}-${var.project_name}"
   bucket_name = "${data.aws_caller_identity.current.account_id}-${local.name}"
-  api_domain  = replace(data.terraform_remote_state.api.outputs.invoke_url, "https://", "")
+  api_domain  = replace(var.api_invoke_url, "https://", "")
 
   s3_origin_id  = "s3"
   api_origin_id = "api"

infra/modules/aws/frontend/variables.tf

@@ -23,3 +23,8 @@ variable "deploy_role_arn" {
   description = "ARN of the OIDC deploy role to grant frontend bucket access"
 }
 ### end of static vars set in root.hcl ###
+
+variable "api_invoke_url" {
+  type        = string
+  description = "Invoke URL of the API Gateway HTTP API"
+}

infra/modules/aws/lambda_worker/main.tf

@@ -1,9 +1,9 @@
 module "lambda_worker" {
   source = "../_shared/lambda"
 
-  project_name  = var.project_name
-  environment   = var.environment
-  lambda_bucket = var.lambda_bucket
+  project_name = var.project_name
+  environment  = var.environment
+  code_bucket  = var.code_bucket
 
   lambda_name = local.lambda_name
 

infra/modules/aws/lambda_worker/variables.tf

@@ -9,9 +9,9 @@ variable "environment" {
   description = "Environment reference used in naming resources i.e. 'dev'"
 }
 
-variable "lambda_bucket" {
+variable "code_bucket" {
   type        = string
-  description = "Lambda bucket where the code zip(s) are uploaded to"
+  description = "Bucket where deployable code artifacts are uploaded"
 }
 ### end of static vars set in root.hcl ###
 
@@ -63,4 +63,4 @@ variable "sqs_dlq_alarm_evaluation_periods" {
 variable "sqs_dlq_alarm_datapoints_to_alarm" {
   type        = number
   description = "The number of evaluated periods that must be breaching to trigger ALARM"
-}
+}

infra/root.hcl

@@ -26,7 +26,7 @@ locals {
 
   # separate s3 version bucket when dev, otherwise ci
   s3_bucket_base = local.environment == "dev" ? "${local.base_reference}-${local.environment}" : "${local.base_reference}-ci"
-  lambda_bucket  = "${local.s3_bucket_base}-lambda"
+  code_bucket    = "${local.s3_bucket_base}-code"
 }
 
 terraform {
@@ -97,6 +97,6 @@ inputs = merge(
     deploy_role_arn  = local.deploy_role_arn
     state_bucket     = local.state_bucket
     state_lock_table = local.state_lock_table
-    lambda_bucket    = local.lambda_bucket
+    code_bucket      = local.code_bucket
   }
 )