locals { # sid cannot have a dash(-) if one is present we will remove and title case the string sid_name = title(join("", [for _, value in split("-", var.name) : title(value)])) service_id = trimsuffix(var.aws_service_principal, ".amazonaws.com") # sid cannot have a dash(-) or a period(.) if present we will remove and title case the string sid_service_id = title( join("", [for _, value in split(".", join("", [for _, value in split("-", local.service_id) : title(value)])) : title(value)] ) ) } resource "aws_cloudwatch_log_group" "main" { name_prefix = "${var.name}-${local.service_id}-" retention_in_days = var.retention_in_days kms_key_id = var.kms_key_id tags = var.tags } # cannot use awscc_iam_role # https://github.com/hashicorp/terraform-provider-awscc/issues/402 resource "aws_iam_role" "main" { name_prefix = "${var.name}-cw-access-role-" description = "Cloudwatch permissions role for ${var.name} with ${local.service_id}" tags = var.tags assume_role_policy = <