Standardize Terraform resource naming for multi-deployment support

## Problem

This is a template repository intended to be forked and deployed by multiple teams. Currently:
- Resources use a hardcoded `lablink-` prefix
- Only a single `resource_suffix` variable exists for environment differentiation
- Naming conventions are inconsistent (kebab-case vs underscores)
- Tags are minimal, making resource querying difficult

This prevents multiple deployments from coexisting in the same AWS account and makes cost allocation/resource management harder.

## Proposed Solution

### 1. Two Naming Variables

Introduce two variables to construct resource names:

| Variable | Description | Example Values |
|----------|-------------|----------------|
| `deployment_name` | Unique name for this deployment | `sleap-lablink`, `deeplabcut-lablink` |
| `environment` | Deployment environment | `dev`, `test`, `ci-test`, `prod` |

### 2. Standardized Naming Convention

**Format:** `{deployment}-{resource-type}-{environment}`

**Standardize on kebab-case everywhere** (currently IAM resources use underscores inconsistently).

### 3. Complete Resource Naming Table

| Category | AWS Resource | Current Name | Proposed Resource Type | Example Full Name |
|----------|--------------|--------------|------------------------|-------------------|
| **Compute** | | | | |
| | `aws_instance` | `lablink_allocator_server_*` (tag) | `allocator` | `sleap-lablink-allocator-prod` |
| | `aws_key_pair` | `lablink-key-*` | `keypair` | `sleap-lablink-keypair-prod` |
| **Networking** | | | | |
| | `aws_security_group` (allocator) | `allow_http_https_*` ⚠️ | `allocator-sg` | `sleap-lablink-allocator-sg-prod` |
| | `aws_security_group` (ALB) | `lablink-alb-sg-*` | `alb-sg` | `sleap-lablink-alb-sg-prod` |
| | `aws_eip` | `lablink-eip-*` (from config) | `eip` | `sleap-lablink-eip-prod` |
| | `aws_lb` | `lablink-alb-*` | `alb` | `sleap-lablink-alb-prod` |
| | `aws_lb_target_group` | `lablink-tg-*` | `alb-tg` | `sleap-lablink-alb-tg-prod` |
| **DNS** | | | | |
| | `aws_route53_record` (allocator) | Uses `local.dns_domain` † | `allocator-dns` | (uses domain name) |
| | `aws_route53_record` (ALB) | Uses `local.dns_domain` † | `alb-dns` | (uses domain name) |
| **IAM** | | | | |
| | `aws_iam_role` (instance) | `lablink_instance_role_*` ⚠️ | `allocator-role` | `sleap-lablink-allocator-role-prod` |
| | `aws_iam_role` (lambda) | `lablink_lambda_exec_*` ⚠️ | `lambda-role` | `sleap-lablink-lambda-role-prod` |
| | `aws_iam_role` (cloudtrail) | `lablink_cloudtrail_cloudwatch_*` ⚠️ | `cloudtrail-role` | `sleap-lablink-cloudtrail-role-prod` |
| | `aws_iam_policy` (S3) | `lablink_s3_backend_*` ⚠️ | `s3-backend-policy` | `sleap-lablink-s3-backend-policy-prod` |
| | `aws_iam_policy` (EC2) | `lablink_ec2_vm_management_*` ⚠️ | `ec2-mgmt-policy` | `sleap-lablink-ec2-mgmt-policy-prod` |
| | `aws_iam_instance_profile` | `lablink_instance_profile_*` ⚠️ | `allocator-profile` | `sleap-lablink-allocator-profile-prod` |
| **Storage** | | | | |
| | `aws_s3_bucket` | `lablink-cloudtrail-*-{account_id}` | `cloudtrail-bucket` | `sleap-lablink-cloudtrail-bucket-prod-123456789` |
| **Logging** | | | | |
| | `aws_cloudwatch_log_group` (client VMs) | `lablink-cloud-init-*` | `client-logs` | `sleap-lablink-client-logs-prod` |
| | `aws_cloudwatch_log_group` (lambda) | `/aws/lambda/lablink_log_processor_*` ⚠️ | `lambda-logs` | `/aws/lambda/sleap-lablink-log-processor-prod` |
| | `aws_cloudwatch_log_group` (cloudtrail) | `lablink-cloudtrail-*` | `cloudtrail-logs` | `sleap-lablink-cloudtrail-logs-prod` |
| | `aws_cloudtrail` | `lablink-trail-*` | `cloudtrail` | `sleap-lablink-cloudtrail-prod` |
| **Monitoring** | | | | |
| | `aws_sns_topic` | `lablink-admin-alerts-*` | `alerts-topic` | `sleap-lablink-alerts-topic-prod` |
| | `aws_cloudwatch_log_metric_filter` (run instances) | `lablink-run-instances-*` | `metric-run-instances` | `sleap-lablink-metric-run-instances-prod` |
| | `aws_cloudwatch_log_metric_filter` (large instances) | `lablink-large-instances-*` | `metric-large-instances` | `sleap-lablink-metric-large-instances-prod` |
| | `aws_cloudwatch_log_metric_filter` (unauthorized) | `lablink-unauthorized-calls-*` | `metric-unauthorized` | `sleap-lablink-metric-unauthorized-prod` |
| | `aws_cloudwatch_log_metric_filter` (termination) | `lablink-high-termination-rate-*` | `metric-termination` | `sleap-lablink-metric-termination-prod` |
| | `aws_cloudwatch_metric_alarm` (mass launch) | `lablink-mass-instance-launch-*` | `alarm-mass-launch` | `sleap-lablink-alarm-mass-launch-prod` |
| | `aws_cloudwatch_metric_alarm` (large instance) | `lablink-large-instance-launched-*` | `alarm-large-instance` | `sleap-lablink-alarm-large-instance-prod` |
| | `aws_cloudwatch_metric_alarm` (unauthorized) | `lablink-unauthorized-calls-*` | `alarm-unauthorized` | `sleap-lablink-alarm-unauthorized-prod` |
| | `aws_cloudwatch_metric_alarm` (termination) | `lablink-high-termination-rate-*` | `alarm-termination` | `sleap-lablink-alarm-termination-prod` |
| **Lambda** | | | | |
| | `aws_lambda_function` | `lablink_log_processor_*` ⚠️ | `log-processor` | `sleap-lablink-log-processor-prod` |
| **Budget** | | | | |
| | `aws_budgets_budget` | `lablink-monthly-budget-*` | `monthly-budget` | `sleap-lablink-monthly-budget-prod` |

**Legend:**
- ⚠️ = Currently uses underscores (inconsistent with kebab-case convention)
- † = Route53 records use the actual DNS domain name (e.g., `sleap.example.com`) as their `name` attribute, not a resource identifier. This is correct behavior for DNS records. These resources should still receive standard tags for consistency.

### 4. Tags for Resource Querying

Add consistent tags across **all** resources (including Route53 records):

| Tag | Purpose | Example Value |
|-----|---------|---------------|
| `Name` | Resource identifier | `sleap-lablink-alb-prod` |
| `Environment` | Deployment environment | `prod` |
| `Project` | Deployment/project name | `sleap-lablink` |
| `ManagedBy` | Infrastructure management tool | `terraform` |
| `Repository` | Source repository | `talmolab/sleap-lablink` |

**Benefits:**
- **Cost allocation**: AWS Cost Explorer can group costs by `Project` tag
- **Resource queries**: Find all resources for a deployment:
  ```bash
  aws resourcegroupstaggingapi get-resources --tag-filters Key=Project,Values=sleap-lablink
  ```
- **Cleanup/auditing**: Identify orphaned or unmanaged resources
- **Multi-deployment support**: Multiple teams can deploy to the same AWS account

## Tasks

- [ ] Add `deployment_name` variable (required, no default)
- [ ] Rename `resource_suffix` to `environment` for clarity
- [ ] Update all resource names to use `{deployment}-{resource-type}-{environment}` format
- [ ] Standardize on kebab-case for all resources (including IAM)
- [ ] Add `Project`, `ManagedBy`, and `Repository` tags to all resources
- [ ] Add tags to Route53 records
- [ ] Update `config.yaml` examples with new variables
- [ ] Update documentation

Category	AWS Resource	Current Name	Proposed Resource Type	Example Full Name
Compute
	`aws_instance`	`lablink_allocator_server_*` (tag)	`allocator`	`sleap-lablink-allocator-prod`
	`aws_key_pair`	`lablink-key-*`	`keypair`	`sleap-lablink-keypair-prod`
Networking
	`aws_security_group` (allocator)	`allow_http_https_*` ⚠️	`allocator-sg`	`sleap-lablink-allocator-sg-prod`
	`aws_security_group` (ALB)	`lablink-alb-sg-*`	`alb-sg`	`sleap-lablink-alb-sg-prod`
	`aws_eip`	`lablink-eip-*` (from config)	`eip`	`sleap-lablink-eip-prod`
	`aws_lb`	`lablink-alb-*`	`alb`	`sleap-lablink-alb-prod`
	`aws_lb_target_group`	`lablink-tg-*`	`alb-tg`	`sleap-lablink-alb-tg-prod`
DNS
	`aws_route53_record` (allocator)	Uses `local.dns_domain` †	`allocator-dns`	(uses domain name)
	`aws_route53_record` (ALB)	Uses `local.dns_domain` †	`alb-dns`	(uses domain name)
IAM
	`aws_iam_role` (instance)	`lablink_instance_role_*` ⚠️	`allocator-role`	`sleap-lablink-allocator-role-prod`
	`aws_iam_role` (lambda)	`lablink_lambda_exec_*` ⚠️	`lambda-role`	`sleap-lablink-lambda-role-prod`
	`aws_iam_role` (cloudtrail)	`lablink_cloudtrail_cloudwatch_*` ⚠️	`cloudtrail-role`	`sleap-lablink-cloudtrail-role-prod`
	`aws_iam_policy` (S3)	`lablink_s3_backend_*` ⚠️	`s3-backend-policy`	`sleap-lablink-s3-backend-policy-prod`
	`aws_iam_policy` (EC2)	`lablink_ec2_vm_management_*` ⚠️	`ec2-mgmt-policy`	`sleap-lablink-ec2-mgmt-policy-prod`
	`aws_iam_instance_profile`	`lablink_instance_profile_*` ⚠️	`allocator-profile`	`sleap-lablink-allocator-profile-prod`
Storage
	`aws_s3_bucket`	`lablink-cloudtrail-*-{account_id}`	`cloudtrail-bucket`	`sleap-lablink-cloudtrail-bucket-prod-123456789`
Logging
	`aws_cloudwatch_log_group` (client VMs)	`lablink-cloud-init-*`	`client-logs`	`sleap-lablink-client-logs-prod`
	`aws_cloudwatch_log_group` (lambda)	`/aws/lambda/lablink_log_processor_*` ⚠️	`lambda-logs`	`/aws/lambda/sleap-lablink-log-processor-prod`
	`aws_cloudwatch_log_group` (cloudtrail)	`lablink-cloudtrail-*`	`cloudtrail-logs`	`sleap-lablink-cloudtrail-logs-prod`
	`aws_cloudtrail`	`lablink-trail-*`	`cloudtrail`	`sleap-lablink-cloudtrail-prod`
Monitoring
	`aws_sns_topic`	`lablink-admin-alerts-*`	`alerts-topic`	`sleap-lablink-alerts-topic-prod`
	`aws_cloudwatch_log_metric_filter` (run instances)	`lablink-run-instances-*`	`metric-run-instances`	`sleap-lablink-metric-run-instances-prod`
	`aws_cloudwatch_log_metric_filter` (large instances)	`lablink-large-instances-*`	`metric-large-instances`	`sleap-lablink-metric-large-instances-prod`
	`aws_cloudwatch_log_metric_filter` (unauthorized)	`lablink-unauthorized-calls-*`	`metric-unauthorized`	`sleap-lablink-metric-unauthorized-prod`
	`aws_cloudwatch_log_metric_filter` (termination)	`lablink-high-termination-rate-*`	`metric-termination`	`sleap-lablink-metric-termination-prod`
	`aws_cloudwatch_metric_alarm` (mass launch)	`lablink-mass-instance-launch-*`	`alarm-mass-launch`	`sleap-lablink-alarm-mass-launch-prod`
	`aws_cloudwatch_metric_alarm` (large instance)	`lablink-large-instance-launched-*`	`alarm-large-instance`	`sleap-lablink-alarm-large-instance-prod`
	`aws_cloudwatch_metric_alarm` (unauthorized)	`lablink-unauthorized-calls-*`	`alarm-unauthorized`	`sleap-lablink-alarm-unauthorized-prod`
	`aws_cloudwatch_metric_alarm` (termination)	`lablink-high-termination-rate-*`	`alarm-termination`	`sleap-lablink-alarm-termination-prod`
Lambda
	`aws_lambda_function`	`lablink_log_processor_*` ⚠️	`log-processor`	`sleap-lablink-log-processor-prod`
Budget
	`aws_budgets_budget`	`lablink-monthly-budget-*`	`monthly-budget`	`sleap-lablink-monthly-budget-prod`

Tag	Purpose	Example Value
`Name`	Resource identifier	`sleap-lablink-alb-prod`
`Environment`	Deployment environment	`prod`
`Project`	Deployment/project name	`sleap-lablink`
`ManagedBy`	Infrastructure management tool	`terraform`
`Repository`	Source repository	`talmolab/sleap-lablink`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Standardize Terraform resource naming for multi-deployment support #28

Problem

Proposed Solution

1. Two Naming Variables

2. Standardized Naming Convention

3. Complete Resource Naming Table

4. Tags for Resource Querying

Tasks

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Variable	Description	Example Values
`deployment_name`	Unique name for this deployment	`sleap-lablink`, `deeplabcut-lablink`
`environment`	Deployment environment	`dev`, `test`, `ci-test`, `prod`

Standardize Terraform resource naming for multi-deployment support #28

Description

Problem

Proposed Solution

1. Two Naming Variables

2. Standardized Naming Convention

3. Complete Resource Naming Table

4. Tags for Resource Querying

Tasks

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions