Commit 5f2dddd5 authored by nimrod's avatar nimrod
Browse files

Lambda functions and triggers.

parent 16210310
Loading
Loading
Loading
Loading
Loading

functions.tf

0 → 100644
+180 −0
Original line number Diff line number Diff line
locals {
  function_name_prefix = local.Name
  functions = [
    "_dns",
  ]
}

data "aws_iam_policy_document" "lambda_assume_policy" {
  statement {
    effect  = "Allow"
    actions = ["sts:AssumeRole"]

    principals {
      type        = "Service"
      identifiers = ["lambda.amazonaws.com"]
    }
  }
}

locals {
  lambda_assume_policy_doc = data.aws_iam_policy_document.lambda_assume_policy.json
}

resource "aws_iam_role" "lambda" {
  name               = local.Name
  assume_role_policy = local.lambda_assume_policy_doc
  tags               = local.common_tags
}

locals {
  lambda_role_arn  = aws_iam_role.lambda.arn
  lambda_role_name = aws_iam_role.lambda.name
}

output "lambda_role_arn" {
  description = "ARN of the Lambda function IAM role."
  value       = local.lambda_role_arn
}

output "lambda_role_name" {
  description = "Name of the Lambda function IAM role."
  value       = local.lambda_role_name
}

locals {
  function_role_policies = [
    local.publish_policy_arn,
    #local.log_policy_arn,
    "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
  ]
}

resource "aws_iam_role_policy_attachment" "function" {
  count      = length(local.function_role_policies)
  role       = local.lambda_role_name
  policy_arn = local.function_role_policies[count.index]
}

variable "runtime" {
  default     = "python3.8"
  description = "The Lambda function runtime."
  type        = string
}

output "runtime" {
  description = "The Lambda function runtime."
  value       = var.runtime
}

variable "memory_size" {
  default     = 128
  description = "Amount of memory in MB allocated to the function invocation."
  type        = number
}

output "memory_size" {
  description = "Amount of memory in MB allocated to the function invocation."
  value       = var.memory_size
}

variable "timeout" {
  default     = 30
  description = "Amouyynt of time in seconds the function has to run."
  type        = number
}

output "timeout" {
  description = "Amount of memory in MB allocated to the function invocation."
  value       = var.timeout
}

resource "aws_lambda_function" "function" {
  count             = length(local.functions)
  runtime           = var.runtime
  function_name     = "${local.function_name_prefix}_${local.functions[count.index]}"
  role              = local.lambda_role_arn
  source_code_hash  = filebase64sha256("payload.zip")
  s3_bucket         = local.payloads_bucket_name
  s3_key            = local.payload_object_name
  s3_object_version = local.payload_object_version
  package_type      = "Zip"
  handler           = "${local.functions[count.index]}.handler"
  description       = "${local.module} ${local.functions[count.index]} check in ${local.env}."
  memory_size       = var.memory_size
  tags              = local.common_tags
  timeout           = var.timeout

  environment {
    variables = {
      ENV       = local.env
      MODULE    = local.module
      TOPIC_ARN = local.topic_arn
      VERSION   = local.payload_object_version
    }
  }

  # Create the log group with retention before the function is created.
  # Otherwise it's created without retention and need to be imported.
  depends_on = [
    aws_cloudwatch_log_group.lambda,
  ]
}

locals {
  function_arns     = aws_lambda_function.function.*.arn
  function_names    = aws_lambda_function.function.*.id
  function_versions = aws_lambda_function.function.*.version
}

output "function_arns" {
  description = "ARNs of the Lambda functions."
  value       = local.function_arns
}

output "function_names" {
  description = "Names of the Lambda functions."
  value       = local.function_names
}

output "function_versions" {
  description = "Versions of the Lambda functions."
  value       = local.function_versions
}

output "function_version_mapping" {
  description = "Mapping of the function and version."
  value       = zipmap(local.functions, local.function_versions)
}

resource "aws_lambda_alias" "function" {
  count            = length(local.functions)
  name             = "${local.function_name_prefix}_${local.functions[count.index]}"
  function_name    = local.function_arns[count.index]
  function_version = local.function_versions[count.index]
}

locals {
  function_alias_arns  = aws_lambda_alias.function.*.arn
  function_alias_names = aws_lambda_alias.function.*.name
}

output "function_alias_arns" {
  description = "ARNs of the Lambda functions aliases."
  value       = local.function_alias_arns
}

output "function_alias_names" {
  description = "Names of the Lambda functions aliases."
  value       = local.function_alias_names
}

resource "aws_lambda_permission" "cloudwatch" {
  count         = length(local.function_arns)
  statement_id  = "AllowExecutionFromCloudWatch"
  action        = "lambda:InvokeFunction"
  principal     = "events.amazonaws.com"
  source_arn    = local.cloudwatch_rule_arn
  function_name = local.function_names[count.index]
  qualifier     = local.function_alias_names[count.index]
}

log-groups.tf

0 → 100644
+59 −0
Original line number Diff line number Diff line
resource "aws_cloudwatch_log_group" "lambda" {
  count             = length(local.functions)
  name              = "/aws/lambda/${local.function_name_prefix}_${local.functions[count.index]}"
  retention_in_days = var.log_retention
  tags              = local.common_tags
}

locals {
  log_group_arns  = aws_cloudwatch_log_group.lambda.*.arn
  log_group_names = aws_cloudwatch_log_group.lambda.*.name
}

output "log_group_arns" {
  description = "ARNs of the CloudWatch log groups for Lambda function invocations."
  value       = local.log_group_arns
}

output "log_group_names" {
  description = "Names of the CloudWatch log groups for Lambda function invocations."
  value       = local.log_group_names
}

data "aws_iam_policy_document" "log" {
  statement {
    effect = "Allow"

    actions = [
      "logs:CreateLogStream",
      "logs:PutLogEvents",
    ]

    resources = [for arn in local.log_group_arns : "${arn}/*"]
  }
}

locals {
  log_policy_doc = data.aws_iam_policy_document.log.json
}

resource "aws_iam_policy" "log" {
  name   = "${local.module}-${local.env}-log"
  policy = local.log_policy_doc
  tags   = local.common_tags
}

locals {
  log_policy_arn  = aws_iam_policy.log.arn
  log_policy_name = aws_iam_policy.log.name
}

output "log_policy_arn" {
  value       = local.log_policy_arn
  description = "CloudWatch log IAM policy ARN."
}

output "log_policy_name" {
  value       = local.log_policy_name
  description = "CloudWatch log IAM policy name."
}
+65 −1
Original line number Diff line number Diff line
@@ -12,8 +12,72 @@ locals {
  Name = "${local.module}-${local.env}"
}

output "env" {
  description = "Environment (prod/dev etc.)."
  value       = local.env
}

output "module" {
  description = "The name of the Terraform module, used to tagging resources."
  value       = local.module
}

variable "region" {
  default     = "us-east-1"
  description = "AWS region."
  type        = string
}

output "region" {
  description = "AWS region."
  value       = var.region
}

provider "aws" {
  region = var.region
}

provider "template" {}
resource "aws_resourcegroups_group" "group" {
  name = local.Name
  tags = local.common_tags
  resource_query {
    query = <<EOF
{
  "ResourceTypeFilters": [
    "AWS::AllSupported"
  ],
  "TagFilters": [
    {
      "Key": "Module",
      "Values": ["${local.module}"]
    },
    {
      "Key": "Environment",
      "Values": ["${local.env}"]
    }
  ]
}
EOF
  }
}

locals {
  resource_group_arn  = aws_resourcegroups_group.group.arn
  resource_group_name = aws_resourcegroups_group.group.name
}

output "resource_group_arn" {
  description = "ARN of the resource group."
  value       = local.resource_group_arn
}

output "resource_group_name" {
  description = "Name of the resource group."
  value       = local.resource_group_name
}

variable "log_retention" {
  default     = 3
  description = "Number of days to retain logs."
  type        = number
}

outputs.tf

deleted100644 → 0
+0 −14
Original line number Diff line number Diff line
output "env" {
  description = "Environment (prod/dev etc.)."
  value       = local.env
}

output "module" {
  description = "The name of the Terraform module, used to tagging resources."
  value       = local.module
}

output "region" {
  description = "AWS region."
  value       = var.region
}

s3.tf

0 → 100644
+53 −0
Original line number Diff line number Diff line
resource "aws_s3_bucket" "payloads" {
  bucket = local.Name
  tags   = local.common_tags
  acl    = "private"

  versioning {
    enabled = true
  }
}

locals {
  payloads_bucket_arn  = aws_s3_bucket.payloads.arn
  payloads_bucket_name = aws_s3_bucket.payloads.bucket
}

output "payloads_bucket_arn" {
  description = "ARN of the payloads S3 bucket."
  value       = local.payloads_bucket_arn
}

output "payloads_bucket_name" {
  description = "Name of the payloads S3 bucket."
  value       = local.payloads_bucket_name
}

resource "aws_s3_bucket_object" "payload" {
  bucket = local.payloads_bucket_name
  key    = "${local.env}/payload.zip"
  source = "payload.zip"
  etag   = filemd5("payload.zip")
  tags   = local.common_tags
}

locals {
  payload_object_etag    = aws_s3_bucket_object.payload.etag
  payload_object_name    = aws_s3_bucket_object.payload.key
  payload_object_version = aws_s3_bucket_object.payload.version_id
}

output "payload_object_etag" {
  description = "ETag of the payload S3 object."
  value       = local.payload_object_etag
}

output "payload_object_name" {
  description = "Name of the payload S3 object."
  value       = local.payload_object_name
}

output "payload_object_version" {
  description = "Version of the payload S3 object."
  value       = local.payload_object_version
}
Loading