From 0f0751f90db8a9ac694a15a30f1cc5de691a74c6 Mon Sep 17 00:00:00 2001
From: Phil Jory <Philip.Jory@albelli.com>
Date: Tue, 30 Jun 2020 13:50:45 +0200
Subject: [PATCH] CMS-11964 Allow lambda security groups to be upgraded

---
 .../lambda.tf                                              | 7 +++++--
 .../lambda.tf                                              | 7 +++++--
 .../lambda.tf                                              | 7 +++++--
 .../lambda.tf                                              | 7 +++++--
 apps/lambda_function_scheduled_vpc/lambda.tf               | 7 +++++--
 apps/lambda_function_sns/lambda.tf                         | 7 +++++--
 apps/lambda_function_sns_no_vpc/lambda.tf                  | 7 +++++--
 apps/lambda_function_sns_shared_vpc/lambda.tf              | 5 ++++-
 apps/lambda_function_sqs_vpc/lambda.tf                     | 7 +++++--
 apps/lambda_function_vpc/lambda.tf                         | 7 +++++--
 10 files changed, 49 insertions(+), 19 deletions(-)

diff --git a/apps/lambda_function_api_gateway_all_methods_passthrough/lambda.tf b/apps/lambda_function_api_gateway_all_methods_passthrough/lambda.tf
index 9e49ef39..24f6bec2 100644
--- a/apps/lambda_function_api_gateway_all_methods_passthrough/lambda.tf
+++ b/apps/lambda_function_api_gateway_all_methods_passthrough/lambda.tf
@@ -5,7 +5,7 @@ module "lambda_s3_bucket_object" {
   tags = "${local.tags}"
   providers = {
    aws = "aws"
-  } 
+  }
 }
 
 resource "aws_lambda_function" "app" {
@@ -63,7 +63,10 @@ resource "aws_iam_role_policy" "iam_policy_for_app" {
 }
 
 resource "aws_security_group" "sg_for_app" {
-  name = "${var.app_name}"
+  name_prefix = "${var.app_name}-"
+  lifecycle {
+    create_before_destroy = true
+  }
   description = "Allow all inbound traffic for the scheduled lambda function"
   vpc_id = "${module.aws_core_data.vpc_id}"
 
diff --git a/apps/lambda_function_api_gateway_all_methods_passthrough_no_vpc/lambda.tf b/apps/lambda_function_api_gateway_all_methods_passthrough_no_vpc/lambda.tf
index 9742c892..26afdac4 100644
--- a/apps/lambda_function_api_gateway_all_methods_passthrough_no_vpc/lambda.tf
+++ b/apps/lambda_function_api_gateway_all_methods_passthrough_no_vpc/lambda.tf
@@ -5,7 +5,7 @@ module "lambda_s3_bucket_object" {
   tags = "${local.tags}"
   providers = {
    aws = "aws"
-  } 
+  }
 }
 
 resource "aws_lambda_function" "app" {
@@ -59,7 +59,10 @@ resource "aws_iam_role_policy" "iam_policy_for_app" {
 }
 
 resource "aws_security_group" "sg_for_app" {
-  name = "${var.app_name}"
+  name_prefix = "${var.app_name}-"
+  lifecycle {
+    create_before_destroy = true
+  }
   description = "Allow all inbound traffic for the scheduled lambda function"
   vpc_id = "${module.aws_core_data.vpc_id}"
 
diff --git a/apps/lambda_function_api_gateway_all_methods_passthrough_no_vpc_authentication/lambda.tf b/apps/lambda_function_api_gateway_all_methods_passthrough_no_vpc_authentication/lambda.tf
index 9742c892..26afdac4 100644
--- a/apps/lambda_function_api_gateway_all_methods_passthrough_no_vpc_authentication/lambda.tf
+++ b/apps/lambda_function_api_gateway_all_methods_passthrough_no_vpc_authentication/lambda.tf
@@ -5,7 +5,7 @@ module "lambda_s3_bucket_object" {
   tags = "${local.tags}"
   providers = {
    aws = "aws"
-  } 
+  }
 }
 
 resource "aws_lambda_function" "app" {
@@ -59,7 +59,10 @@ resource "aws_iam_role_policy" "iam_policy_for_app" {
 }
 
 resource "aws_security_group" "sg_for_app" {
-  name = "${var.app_name}"
+  name_prefix = "${var.app_name}-"
+  lifecycle {
+    create_before_destroy = true
+  }
   description = "Allow all inbound traffic for the scheduled lambda function"
   vpc_id = "${module.aws_core_data.vpc_id}"
 
diff --git a/apps/lambda_function_api_gateway_all_methods_passthrough_no_vpc_custom_authenticator/lambda.tf b/apps/lambda_function_api_gateway_all_methods_passthrough_no_vpc_custom_authenticator/lambda.tf
index 9742c892..26afdac4 100644
--- a/apps/lambda_function_api_gateway_all_methods_passthrough_no_vpc_custom_authenticator/lambda.tf
+++ b/apps/lambda_function_api_gateway_all_methods_passthrough_no_vpc_custom_authenticator/lambda.tf
@@ -5,7 +5,7 @@ module "lambda_s3_bucket_object" {
   tags = "${local.tags}"
   providers = {
    aws = "aws"
-  } 
+  }
 }
 
 resource "aws_lambda_function" "app" {
@@ -59,7 +59,10 @@ resource "aws_iam_role_policy" "iam_policy_for_app" {
 }
 
 resource "aws_security_group" "sg_for_app" {
-  name = "${var.app_name}"
+  name_prefix = "${var.app_name}-"
+  lifecycle {
+    create_before_destroy = true
+  }
   description = "Allow all inbound traffic for the scheduled lambda function"
   vpc_id = "${module.aws_core_data.vpc_id}"
 
diff --git a/apps/lambda_function_scheduled_vpc/lambda.tf b/apps/lambda_function_scheduled_vpc/lambda.tf
index e357f3b0..c26e369b 100644
--- a/apps/lambda_function_scheduled_vpc/lambda.tf
+++ b/apps/lambda_function_scheduled_vpc/lambda.tf
@@ -5,7 +5,7 @@ module "lambda_s3_bucket_object" {
   tags = "${local.tags}"
   providers = {
    aws = "aws"
-  } 
+  }
 }
 
 resource "aws_lambda_function" "app" {
@@ -64,7 +64,10 @@ resource "aws_iam_role_policy" "iam_policy_for_app" {
 }
 
 resource "aws_security_group" "sg_for_app" {
-  name = "${var.app_name}"
+  name_prefix = "${var.app_name}-"
+  lifecycle {
+    create_before_destroy = true
+  }
   description = "Allow all inbound traffic for the scheduled lambda function"
   vpc_id = "${module.aws_core_data.vpc_id}"
 
diff --git a/apps/lambda_function_sns/lambda.tf b/apps/lambda_function_sns/lambda.tf
index 11dbb82e..314fed53 100644
--- a/apps/lambda_function_sns/lambda.tf
+++ b/apps/lambda_function_sns/lambda.tf
@@ -5,7 +5,7 @@ module "lambda_s3_bucket_object" {
   tags = "${local.tags}"
   providers = {
    aws = "aws"
-  } 
+  }
 }
 
 resource "aws_lambda_function" "app" {
@@ -67,7 +67,10 @@ resource "aws_iam_role_policy" "iam_policy_for_app" {
 }
 
 resource "aws_security_group" "sg_for_app" {
-  name = "${var.app_name}"
+  name_prefix = "${var.app_name}-"
+  lifecycle {
+    create_before_destroy = true
+  }
   description = "Allow all inbound traffic for the scheduled lambda function"
   vpc_id = "${module.aws_core_data.vpc_id}"
 
diff --git a/apps/lambda_function_sns_no_vpc/lambda.tf b/apps/lambda_function_sns_no_vpc/lambda.tf
index eb86e055..abcb8609 100644
--- a/apps/lambda_function_sns_no_vpc/lambda.tf
+++ b/apps/lambda_function_sns_no_vpc/lambda.tf
@@ -5,7 +5,7 @@ module "lambda_s3_bucket_object" {
   tags = "${local.tags}"
   providers = {
    aws = "aws"
-  } 
+  }
 }
 
 resource "aws_lambda_function" "app" {
@@ -63,7 +63,10 @@ resource "aws_iam_role_policy" "iam_policy_for_app" {
 }
 
 resource "aws_security_group" "sg_for_app" {
-  name = "${var.app_name}"
+  name_prefix = "${var.app_name}-"
+  lifecycle {
+    create_before_destroy = true
+  }
   description = "Allow all inbound traffic for the scheduled lambda function"
   vpc_id = "${module.aws_core_data.vpc_id}"
 
diff --git a/apps/lambda_function_sns_shared_vpc/lambda.tf b/apps/lambda_function_sns_shared_vpc/lambda.tf
index 7cffe61e..9600727d 100644
--- a/apps/lambda_function_sns_shared_vpc/lambda.tf
+++ b/apps/lambda_function_sns_shared_vpc/lambda.tf
@@ -68,7 +68,10 @@ resource "aws_iam_role_policy" "iam_policy_for_app" {
 }
 
 resource "aws_security_group" "sg_for_app" {
-  name = "${var.app_name}"
+  name_prefix = "${var.app_name}-"
+  lifecycle {
+    create_before_destroy = true
+  }
   description = "Allow all inbound traffic for the scheduled lambda function"
   vpc_id = "${module.aws_shared_data.vpc_id}"
 
diff --git a/apps/lambda_function_sqs_vpc/lambda.tf b/apps/lambda_function_sqs_vpc/lambda.tf
index 723e857c..b544873d 100644
--- a/apps/lambda_function_sqs_vpc/lambda.tf
+++ b/apps/lambda_function_sqs_vpc/lambda.tf
@@ -5,7 +5,7 @@ module "lambda_s3_bucket_object" {
   tags = "${local.tags}"
   providers = {
    aws = "aws"
-  } 
+  }
 }
 
 resource "aws_lambda_function" "app" {
@@ -74,7 +74,10 @@ resource "aws_iam_role_policy" "iam_policy_for_app" {
 }
 
 resource "aws_security_group" "sg_for_app" {
-  name = "${var.app_name}"
+  name_prefix = "${var.app_name}-"
+  lifecycle {
+    create_before_destroy = true
+  }
   description = "Allow all inbound traffic for the scheduled lambda function"
   vpc_id = "${module.aws_core_data.vpc_id}"
 
diff --git a/apps/lambda_function_vpc/lambda.tf b/apps/lambda_function_vpc/lambda.tf
index fcb4e1da..9329bc4e 100644
--- a/apps/lambda_function_vpc/lambda.tf
+++ b/apps/lambda_function_vpc/lambda.tf
@@ -5,7 +5,7 @@ module "lambda_s3_bucket_object" {
   tags = "${local.tags}"
   providers = {
    aws = "aws"
-  } 
+  }
 }
 
 resource "aws_lambda_function" "app" {
@@ -42,7 +42,10 @@ resource "aws_iam_role_policy" "iam_policy_for_app" {
 }
 
 resource "aws_security_group" "sg_for_app" {
-  name        = "${var.app_name}"
+  name_prefix = "${var.app_name}-"
+  lifecycle {
+    create_before_destroy = true
+  }
   description = "Allow all inbound traffic for the scheduled lambda function"
   vpc_id      = "${module.aws_core_data.vpc_id}"