azavea · KlaasH · Mar 8, 2019 · Mar 7, 2019 · ddohler · Mar 8, 2019
diff --git a/deployment/README.md b/deployment/README.md
@@ -131,7 +131,7 @@ $ cp ./src/tilegarden/.env.example ./src/tilegarden/.env
 
 Edit the new file to fill in or adjust variables.  The required variables are:
 - `AWS_PROFILE`: the name of the AWS credentials profile you created above, e.g. "pfb"
-- `PROJECT_NAME`: a name to identify this deployment, which should include the environment name
+- `LAMBDA_FUNCTION_NAME`: a name to identify this deployment, which should include the environment name
 - `LAMBDA_REGION`
 - `LAMBDA_ROLE`: the role the Lambda function should run under. Use the one created by Terraform, e.g. "pfbStagingTilegardenExecutor"
 

diff --git a/deployment/terraform/iam.tf b/deployment/terraform/iam.tf
@@ -212,7 +212,7 @@ data "aws_iam_policy_document" "lambda_assume_role" {
 data "aws_iam_policy_document" "lambda_invoke" {
   statement {
     effect = "Allow"
-    resources = ["*"]
+    resources = ["arn:aws:lambda:*:*:function:${var.tilegarden_function_name}"]
     actions = [
       "lambda:InvokeFunction",
     ]
@@ -263,7 +263,7 @@ data "aws_iam_policy_document" "s3_write_tile_cache" {
 }
 
 resource "aws_iam_role" "tilegarden_executor" {
-  name               = "pfb${var.environment}TilegardenExecutor"
+  name               = "${var.tilegarden_function_name}Executor"
   assume_role_policy = "${data.aws_iam_policy_document.lambda_assume_role.json}"
 }
 

diff --git a/deployment/terraform/variables.tf b/deployment/terraform/variables.tf
@@ -162,3 +162,6 @@ variable "tilegarden_api_gateway_domain_name" {}
 variable "cloudfront_price_class" {
   default = "PriceClass_100"
 }
+
+# Should be environment-specific and match the value in the Tilegarden .env file
+variable "tilegarden_function_name" {}
diff --git a/src/tilegarden/.env.example b/src/tilegarden/.env.example
@@ -2,15 +2,13 @@
 # If you want to set them specifically, change them to assignments
 AWS_PROFILE
 
-# Name of the lambda function
-PROJECT_NAME=
+# Name of the lambda function. Should match the `tilegarden_function_name` Terraform variable.
+LAMBDA_FUNCTION_NAME=
 
 # Function config information
 ## REQUIRED ##
 LAMBDA_REGION=
 
-# name of role associated with this lambda function (created by Terraform)
-LAMBDA_ROLE=role-name
 # Amount of time in seconds your lambdas will run before timing out.
 # Default is 3, so some override is necessary.
 LAMBDA_TIMEOUT=

diff --git a/src/tilegarden/scripts/deploy-new b/src/tilegarden/scripts/deploy-new
@@ -1,8 +1,10 @@
 #!/bin/bash
 
 yarn claudia create --config claudia/claudia.json --no-optional-dependencies \
-    --api-module dist/api --name ${PROJECT_NAME} --region ${LAMBDA_REGION} \
-    ${LAMBDA_ROLE:+--role ${LAMBDA_ROLE}} \
+    --api-module dist/api \
+    --name ${LAMBDA_FUNCTION_NAME} \
+    --region ${LAMBDA_REGION} \
+    --role "${LAMBDA_FUNCTION_NAME}Executor" \
     ${LAMBDA_TIMEOUT:+--timeout ${LAMBDA_TIMEOUT}} \
     ${LAMBDA_MEMORY:+--memory ${LAMBDA_MEMORY}} \
     ${LAMBDA_SECURITY_GROUPS:+--security-group-ids ${LAMBDA_SECURITY_GROUPS}} \