fix: ensure unique Lambda Edge role name and Lambda Function name

Makefile

@@ -21,21 +21,21 @@ format-check: ## Check formatting of all Terraform files
 
 validate: ## Validate all Terraform files
 	@echo "Validating..."
-	@find . -name "*.tf" -type f | xargs dirname | sort -u | while read dir; do \
+	@find . -name "*.tf" -type f | xargs dirname | sort -u | grep -v "\.terraform" | while read dir; do \
 		echo "  $$dir"; \
 		cd "$$dir" && terraform init -backend=false -get=true -upgrade=false >/dev/null && terraform validate && cd - >/dev/null || exit 1; \
 	done
 
 lint: ## Lint using tflint
 	@echo "Running tflint..."
-	@find . -name "*.tf" -type f | xargs dirname | sort -u | while read dir; do \
+	@find . -name "*.tf" -type f | xargs dirname | sort -u | grep -v "\.terraform" | while read dir; do \
 		echo "  $$dir"; \
-		docker run --rm -v "$$(pwd)/$$dir:/data" -t ghcr.io/terraform-linters/tflint --format=compact --minimum-failure-severity=error; \
+		docker run --rm -v "$$(pwd):/data" -w "/data/$$dir" -t ghcr.io/terraform-linters/tflint --format=compact --minimum-failure-severity=error; \
 	done
 
 scan: ## Run security scan using Trivy
 	@echo "Running security scan..."
-	@docker run --rm -v "$$(pwd):/work" -w /work ghcr.io/aquasecurity/trivy:latest config . --format=table --quiet --exit-code 1 --severity $(TRIVY_SEVERITY)
+	@docker run --rm -v "$$(pwd):/work" -w /work ghcr.io/aquasecurity/trivy:latest config . --format=table --quiet --exit-code 1 --severity $(TRIVY_SEVERITY) --skip-dirs '**/.terraform/**'
 
 test: format-check validate lint scan ## Run all tests: format-check, validate, lint, and scan
 	@echo "All tests passed!"

cloudfront/module/main.tf

@@ -126,7 +126,7 @@ resource "aws_s3_bucket_policy" "allow_bucket_access" {
 }
 
 resource "aws_cloudfront_function" "api-url-rewrite-function" {
-  name    = "api-url-rewrite-function"
+  name    = "${var.suga.stack_id}-api-url-rewrite-function"
   runtime = "cloudfront-js-1.0"
   comment = "Rewrite API URLs routed to Suga services"
   publish = true
@@ -138,7 +138,7 @@ resource "aws_cloudfront_function" "api-url-rewrite-function" {
 # Lambda@Edge function for auth preservation and webhook signing
 resource "aws_iam_role" "lambda_edge_origin_request" {
   count = length(local.lambda_origins) > 0 ? 1 : 0
-  name  = "lambda-edge-origin-request-role"
+  name  = "${var.suga.stack_id}-lambda-edge-origin-request-role"
 
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
@@ -173,7 +173,7 @@ resource "aws_lambda_function" "origin_request" {
   count            = length(local.lambda_origins) > 0 ? 1 : 0
   region           = "us-east-1"
   filename         = data.archive_file.origin_request_lambda[0].output_path
-  function_name    = "cloudfront-origin-request"
+  function_name    = "${var.suga.stack_id}-cloudfront-origin-request"
   role             = aws_iam_role.lambda_edge_origin_request[0].arn
   handler          = "index.handler"
   source_code_hash = data.archive_file.origin_request_lambda[0].output_base64sha256

fargate/module/main.tf

@@ -143,7 +143,7 @@ resource "aws_ecs_task_definition" "service" {
         logDriver = "awslogs"
         options = {
           awslogs-group         = aws_cloudwatch_log_group.default.name
-          awslogs-region        = data.aws_region.current.name
+          awslogs-region        = data.aws_region.current.id
           awslogs-stream-prefix = var.suga.name
         }
       }