refactor(snapshot): address nits

This commit addresses nits uncovered in #58 which were also applicable
to the snapshot module.

Author: João Taveira Araújo

modules/snapshot/README.md

@@ -74,14 +74,14 @@ locals = {
     ]
 }
 # Collect from all endpoints in subset
-module "observe_lambda_snapshot" {
+module "observe_lambda_snapshot_a" {
   source = "observeinc/lambda/aws//modules/snapshot"
   lambda = module.observe_lambda
   action = local.partial
 }
 
 # Collect from all other endpoints
-module "observe_lambda_snapshot" {
+module "observe_lambda_snapshot_b" {
   source = "observeinc/lambda/aws//modules/snapshot"
   lambda  = module.observe_lambda
   exclude = local.partial
@@ -116,13 +116,15 @@ No modules.
 | [aws_iam_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_role_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_lambda_permission.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
+| [aws_arn.function](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_arn.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_action"></a> [action](#input\_action) | List of actions allowed by policy and periodically triggered. By default,<br>this list contains all policies which the lambda can act upon. You should<br>only override this list if you do not want to execute more actions as they<br>become available in future lambda upgrades. If you instead wish to extend<br>this list, or ignore a subset of actions, use \"include\" and \"exclude\". | `list(string)` | <pre>[<br>  "apigateway:Get*",<br>  "autoscaling:Describe*",<br>  "cloudformation:Describe*",<br>  "cloudformation:List*",<br>  "cloudfront:List*",<br>  "dynamodb:Describe*",<br>  "dynamodb:List*",<br>  "ec2:Describe*",<br>  "ecs:Describe*",<br>  "ecs:List*",<br>  "eks:Describe*",<br>  "eks:List*",<br>  "elasticbeanstalk:Describe*",<br>  "elasticache:Describe*",<br>  "elasticfilesystem:Describe*",<br>  "elasticloadbalancing:Describe*",<br>  "elasticmapreduce:Describe*",<br>  "elasticmapreduce:List*",<br>  "events:List*",<br>  "firehose:Describe*",<br>  "firehose:List*",<br>  "iam:Get*",<br>  "iam:List*",<br>  "kinesis:Describe*",<br>  "kinesis:List*",<br>  "kms:Describe*",<br>  "kms:List*",<br>  "lambda:List*",<br>  "logs:Describe*",<br>  "organizations:Describe*",<br>  "organizations:List*",<br>  "rds:Describe*",<br>  "redshift:Describe*",<br>  "route53:List*",<br>  "s3:GetBucket*",<br>  "s3:List*",<br>  "secretsmanager:List*",<br>  "sns:Get*",<br>  "sns:List*",<br>  "sqs:Get*",<br>  "sqs:List*",<br>  "synthetics:Describe*",<br>  "synthetics:List*"<br>]</pre> | no |
-| <a name="input_eventbridge_name_prefix"></a> [eventbridge\_name\_prefix](#input\_eventbridge\_name\_prefix) | Prefix used for eventbridge rule | `string` | `"observe-lambda-snapshot-"` | no |
+| <a name="input_eventbridge_name_prefix"></a> [eventbridge\_name\_prefix](#input\_eventbridge\_name\_prefix) | Prefix used for EventBridge Rule | `string` | `"observe-lambda-snapshot-"` | no |
 | <a name="input_eventbridge_schedule_event_bus_name"></a> [eventbridge\_schedule\_event\_bus\_name](#input\_eventbridge\_schedule\_event\_bus\_name) | Event Bus for EventBridge scheduled events | `string` | `"default"` | no |
 | <a name="input_eventbridge_schedule_expression"></a> [eventbridge\_schedule\_expression](#input\_eventbridge\_schedule\_expression) | Rate at which snapshot is triggered. Must be valid EventBridge expression | `string` | `"rate(3 hours)"` | no |
 | <a name="input_exclude"></a> [exclude](#input\_exclude) | List of actions to exclude from being executed on snapshot request. | `list(string)` | `[]` | no |

modules/snapshot/main.tf

@@ -1,12 +1,17 @@
 locals {
-  role_name     = regex(".*role/(?P<role_name>.*)$", var.lambda.lambda_function.role)["role_name"]
-  function_name = regex(".*:function:(?P<function_name>.*)$", var.lambda.lambda_function.arn)["function_name"]
-
   iam_name_prefix     = var.iam_name_prefix != "" ? var.iam_name_prefix : var.eventbridge_name_prefix
   statement_id_prefix = var.statement_id_prefix != "" ? var.statement_id_prefix : local.iam_name_prefix
   action              = concat(var.action, var.include)
 }
 
+data "aws_arn" "role" {
+  arn = var.lambda.lambda_function.role
+}
+
+data "aws_arn" "function" {
+  arn = var.lambda.lambda_function.arn
+}
+
 resource "aws_iam_policy" "this" {
   name_prefix = local.iam_name_prefix
   policy = jsonencode({
@@ -23,13 +28,13 @@ resource "aws_iam_policy" "this" {
 }
 
 resource "aws_iam_role_policy_attachment" "this" {
-  role       = local.role_name
+  role       = trimprefix(data.aws_arn.role.resource, "role/")
   policy_arn = aws_iam_policy.this.arn
 }
 
 resource "aws_cloudwatch_event_rule" "trigger" {
   name_prefix         = var.eventbridge_name_prefix
-  description         = "Periodically trigger Observe lambda to snapshot AWS API"
+  description         = "Periodically trigger Observe Lambda to snapshot AWS API"
   schedule_expression = var.eventbridge_schedule_expression
   event_bus_name      = var.eventbridge_schedule_event_bus_name
 }
@@ -50,6 +55,6 @@ resource "aws_lambda_permission" "this" {
   statement_id_prefix = local.statement_id_prefix
   action              = "lambda:InvokeFunction"
   principal           = "events.amazonaws.com"
-  function_name       = local.function_name
+  function_name       = trimprefix(data.aws_arn.function.resource, "function:")
   source_arn          = aws_cloudwatch_event_rule.trigger.arn
 }

modules/snapshot/variables.tf

@@ -23,7 +23,7 @@ variable "statement_id_prefix" {
 }
 
 variable "eventbridge_name_prefix" {
-  description = "Prefix used for eventbridge rule"
+  description = "Prefix used for EventBridge Rule"
   type        = string
   nullable    = false
   default     = "observe-lambda-snapshot-"