Merge pull request #19 from ministryofjustice/uniq-sids

Update SIDs to be unique
ministryofjustice · Mar 29, 2023 · fdf9cd7 · fdf9cd7
2 parents a238f5f + 148faea
commit fdf9cd7
Show file tree

Hide file tree

Showing 11 changed files with 19 additions and 19 deletions.
diff --git a/api-gateway.tf b/api-gateway.tf
@@ -1,6 +1,6 @@
 data "aws_iam_policy_document" "api_gateway_for_github" {
   statement {
-    sid       = "AllowGetOwn"
+    sid       = "AllowAPIGatewayGetOwn"
     effect    = "Allow"
     actions   = ["apigateway:GET"]
     resources = ["*"]

diff --git a/cloudwatch.tf b/cloudwatch.tf
@@ -1,6 +1,6 @@
 data "aws_iam_policy_document" "cloudwatch_for_github" {
   statement {
-    sid    = "AllowList"
+    sid    = "AllowCloudwatchList"
     effect = "Allow"
     actions = [
       "cloudwatch:ListMetric*",
@@ -11,7 +11,7 @@ data "aws_iam_policy_document" "cloudwatch_for_github" {
   }
 
   statement {
-    sid    = "AllowViewOwn"
+    sid    = "AllowCloudwatchViewOwn"
     effect = "Allow"
     actions = [
       "cloudwatch:GetDashboard"

diff --git a/cognito-idp.tf b/cognito-idp.tf
@@ -1,6 +1,6 @@
 data "aws_iam_policy_document" "cognito_idp_for_github" {
   statement {
-    sid    = "AllowList"
+    sid    = "AllowCognitoList"
     effect = "Allow"
     actions = [
       "cognito-idp:ListUserPools"
@@ -9,7 +9,7 @@ data "aws_iam_policy_document" "cognito_idp_for_github" {
   }
 
   statement {
-    sid    = "AllowGetOwn"
+    sid    = "AllowCognitoGetOwn"
     effect = "Allow"
     actions = [
       "cognito-idp:List*",

diff --git a/iam.tf b/iam.tf
@@ -1,6 +1,6 @@
 data "aws_iam_policy_document" "iam_for_github" {
   statement {
-    sid    = "AllowListDescribe"
+    sid    = "AllowIAMListDescribe"
     effect = "Allow"
     actions = [
       "iam:ListRoles",
@@ -12,7 +12,7 @@ data "aws_iam_policy_document" "iam_for_github" {
   }
 
   statement {
-    sid    = "AllowGetOwn"
+    sid    = "AllowIAMGetOwn"
     effect = "Allow"
     actions = [
       "iam:Get*",

diff --git a/kms.tf b/kms.tf
@@ -1,6 +1,6 @@
 data "aws_iam_policy_document" "kms_for_github" {
   statement {
-    sid    = "AllowRead"
+    sid    = "AllowKMSRead"
     effect = "Allow"
     actions = [
       "kms:DescribeKey",
@@ -19,7 +19,7 @@ data "aws_iam_policy_document" "kms_for_github" {
   }
 
   statement {
-    sid    = "AllowEncryptDecryptOwn"
+    sid    = "AllowKMSEncryptDecryptOwn"
     effect = "Allow"
     actions = [
       "kms:Decrypt",

diff --git a/opensearch.tf b/opensearch.tf
@@ -1,6 +1,6 @@
 data "aws_iam_policy_document" "opensearch_for_github" {
   statement {
-    sid    = "AllowListDescribe"
+    sid    = "AllowOpenSearchListDescribe"
     effect = "Allow"
     actions = [
       "es:DescribeDomain",

diff --git a/rds.tf b/rds.tf
@@ -1,6 +1,6 @@
 data "aws_iam_policy_document" "rds_for_github" {
   statement {
-    sid    = "AllowListDescribe"
+    sid    = "AllowRDSListDescribe"
     effect = "Allow"
     actions = [
       "rds:Describe*",
@@ -10,7 +10,7 @@ data "aws_iam_policy_document" "rds_for_github" {
   }
 
   statement {
-    sid    = "AllowGetOwn"
+    sid    = "AllowRDSGetOwn"
     effect = "Allow"
     actions = [
       "rds:CreateDBSnapshot",

diff --git a/s3.tf b/s3.tf
@@ -1,6 +1,6 @@
 data "aws_iam_policy_document" "s3_for_github" {
   statement {
-    sid    = "AllowListDescribe"
+    sid    = "AllowS3ListDescribe"
     effect = "Allow"
     actions = [
       "s3:GetAccelerateConfiguration",
@@ -30,7 +30,7 @@ data "aws_iam_policy_document" "s3_for_github" {
   }
 
   statement {
-    sid    = "AllowGetOwn"
+    sid    = "AllowS3GetOwn"
     effect = "Allow"
     actions = [
       "s3:ListBucket*",

diff --git a/sns.tf b/sns.tf
@@ -1,6 +1,6 @@
 data "aws_iam_policy_document" "sns_for_github" {
   statement {
-    sid    = "AllowListDescribe"
+    sid    = "AllowSNSListDescribe"
     effect = "Allow"
     actions = [
       "sns:ListPlatformApplications",
@@ -12,7 +12,7 @@ data "aws_iam_policy_document" "sns_for_github" {
   }
 
   statement {
-    sid    = "AllowPublishOwn"
+    sid    = "AllowSNSPublishOwn"
     effect = "Allow"
     actions = [
       "sns:Publish",

diff --git a/sqs.tf b/sqs.tf
@@ -1,6 +1,6 @@
 data "aws_iam_policy_document" "sqs_for_github" {
   statement {
-    sid    = "AllowListDescribe"
+    sid    = "AllowSQSListDescribe"
     effect = "Allow"
     actions = [
       "sqs:GetQueueAttributes",
@@ -13,7 +13,7 @@ data "aws_iam_policy_document" "sqs_for_github" {
   }
 
   statement {
-    sid    = "AllowSendRecvOwn"
+    sid    = "AllowSQSSendRecvOwn"
     effect = "Allow"
     actions = [
       "sqs:ChangeMessageVisibility",

diff --git a/vpc.tf b/vpc.tf
@@ -1,6 +1,6 @@
 data "aws_iam_policy_document" "vpc_for_github" {
   statement {
-    sid    = "AllowListDescribe"
+    sid    = "AllowVPCListDescribe"
     effect = "Allow"
     actions = [
       "ec2:DescribeAccountAttributes",