From a561ec7f7ce8704145ea4978563b32a21c3c298e Mon Sep 17 00:00:00 2001
From: Rak Siva <rak.siva@nitric.io>
Date: Tue, 30 Sep 2025 15:01:37 -0600
Subject: [PATCH 1/4] fix: ensure unique Lambda Edge role name

---
 cloudfront/module/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cloudfront/module/main.tf b/cloudfront/module/main.tf
index d43dafb..495c840 100644
--- a/cloudfront/module/main.tf
+++ b/cloudfront/module/main.tf
@@ -138,7 +138,7 @@ resource "aws_cloudfront_function" "api-url-rewrite-function" {
 # Lambda@Edge function for auth preservation and webhook signing
 resource "aws_iam_role" "lambda_edge_origin_request" {
   count = length(local.lambda_origins) > 0 ? 1 : 0
-  name  = "lambda-edge-origin-request-role"
+  name  = "${var.suga.stack_id}-lambda-edge-origin-request-role"
 
   assume_role_policy = jsonencode({
     Version = "2012-10-17"

From ae802d3acec830be149c1f8f083dc4cd6d1c39df Mon Sep 17 00:00:00 2001
From: Rak Siva <rak.siva@nitric.io>
Date: Tue, 30 Sep 2025 15:53:39 -0600
Subject: [PATCH 2/4] fix: ensure unique Lambda function name

---
 cloudfront/module/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cloudfront/module/main.tf b/cloudfront/module/main.tf
index 495c840..04f4433 100644
--- a/cloudfront/module/main.tf
+++ b/cloudfront/module/main.tf
@@ -173,7 +173,7 @@ resource "aws_lambda_function" "origin_request" {
   count            = length(local.lambda_origins) > 0 ? 1 : 0
   region           = "us-east-1"
   filename         = data.archive_file.origin_request_lambda[0].output_path
-  function_name    = "cloudfront-origin-request"
+  function_name    = "${var.suga.stack_id}-cloudfront-origin-request"
   role             = aws_iam_role.lambda_edge_origin_request[0].arn
   handler          = "index.handler"
   source_code_hash = data.archive_file.origin_request_lambda[0].output_base64sha256

From b10fd9105c0a32a515b0989f051d9547d71a5a50 Mon Sep 17 00:00:00 2001
From: Rak Siva <rak.siva@nitric.io>
Date: Tue, 30 Sep 2025 21:08:09 -0600
Subject: [PATCH 3/4] fix: ensure unique api-url-rewrite-function

---
 cloudfront/module/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cloudfront/module/main.tf b/cloudfront/module/main.tf
index 04f4433..333f8c7 100644
--- a/cloudfront/module/main.tf
+++ b/cloudfront/module/main.tf
@@ -126,7 +126,7 @@ resource "aws_s3_bucket_policy" "allow_bucket_access" {
 }
 
 resource "aws_cloudfront_function" "api-url-rewrite-function" {
-  name    = "api-url-rewrite-function"
+  name    = "${var.suga.stack_id}-api-url-rewrite-function"
   runtime = "cloudfront-js-1.0"
   comment = "Rewrite API URLs routed to Suga services"
   publish = true

From 7ec287a7f5c86d05968d7582849fd39fedf54305 Mon Sep 17 00:00:00 2001
From: Ryan Cartwright <fryzee.cartwright@gmail.com>
Date: Thu, 2 Oct 2025 11:10:10 +1000
Subject: [PATCH 4/4] add working directory to properly ignore .terraform
 folder

---
 Makefile               | 8 ++++----
 fargate/module/main.tf | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Makefile b/Makefile
index 562acdc..8846562 100644
--- a/Makefile
+++ b/Makefile
@@ -21,21 +21,21 @@ format-check: ## Check formatting of all Terraform files
 
 validate: ## Validate all Terraform files
 	@echo "Validating..."
-	@find . -name "*.tf" -type f | xargs dirname | sort -u | while read dir; do \
+	@find . -name "*.tf" -type f | xargs dirname | sort -u | grep -v "\.terraform" | while read dir; do \
 		echo "  $$dir"; \
 		cd "$$dir" && terraform init -backend=false -get=true -upgrade=false >/dev/null && terraform validate && cd - >/dev/null || exit 1; \
 	done
 
 lint: ## Lint using tflint
 	@echo "Running tflint..."
-	@find . -name "*.tf" -type f | xargs dirname | sort -u | while read dir; do \
+	@find . -name "*.tf" -type f | xargs dirname | sort -u | grep -v "\.terraform" | while read dir; do \
 		echo "  $$dir"; \
-		docker run --rm -v "$$(pwd)/$$dir:/data" -t ghcr.io/terraform-linters/tflint --format=compact --minimum-failure-severity=error; \
+		docker run --rm -v "$$(pwd):/data" -w "/data/$$dir" -t ghcr.io/terraform-linters/tflint --format=compact --minimum-failure-severity=error; \
 	done
 
 scan: ## Run security scan using Trivy
 	@echo "Running security scan..."
-	@docker run --rm -v "$$(pwd):/work" -w /work ghcr.io/aquasecurity/trivy:latest config . --format=table --quiet --exit-code 1 --severity $(TRIVY_SEVERITY)
+	@docker run --rm -v "$$(pwd):/work" -w /work ghcr.io/aquasecurity/trivy:latest config . --format=table --quiet --exit-code 1 --severity $(TRIVY_SEVERITY) --skip-dirs '**/.terraform/**'
 
 test: format-check validate lint scan ## Run all tests: format-check, validate, lint, and scan
 	@echo "All tests passed!"
diff --git a/fargate/module/main.tf b/fargate/module/main.tf
index af590c1..dbfcfcb 100644
--- a/fargate/module/main.tf
+++ b/fargate/module/main.tf
@@ -143,7 +143,7 @@ resource "aws_ecs_task_definition" "service" {
         logDriver = "awslogs"
         options = {
           awslogs-group         = aws_cloudwatch_log_group.default.name
-          awslogs-region        = data.aws_region.current.name
+          awslogs-region        = data.aws_region.current.id
           awslogs-stream-prefix = var.suga.name
         }
       }