-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathmain.tf
More file actions
105 lines (95 loc) · 2.68 KB
/
main.tf
File metadata and controls
105 lines (95 loc) · 2.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
provider "aws" {
region = "${var.region}"
access_key = "${var.access_key}"
secret_key = "${var.secret_key}"
}
# IAM Role for Lambda function
resource "aws_iam_role" "app_role" {
name = "${var.app_name}_role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sts:AssumeRole"
],
"Sid": "",
"Principal": {
"Service": "lambda.amazonaws.com"
}
}
]
}
EOF
}
resource "aws_iam_role_policy" "app_role_policy" {
name = "${var.app_name}_role_policy"
role = "${aws_iam_role.app_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
EOF
}
# Create bucket to upload source
resource "aws_s3_bucket" "app_bucket" {
bucket = "${var.app_name}_function"
}
# Upload source code to S3 bucket
resource "aws_s3_bucket_object" "app_source" {
bucket = "${aws_s3_bucket.app_bucket.bucket}"
key = "source"
source = "${var.app_name}.zip"
etag = "${md5(file("${var.app_name}.zip"))}"
}
# AWS Lambda function
resource "aws_lambda_function" "app_function" {
s3_bucket = "${aws_s3_bucket_object.app_source.bucket}"
s3_key = "${aws_s3_bucket_object.app_source.key}"
function_name = "${var.app_name}_function"
role = "${aws_iam_role.app_role.arn}"
handler = "${var.function_handler}"
runtime = "${var.function_runtime}"
timeout = 300
memory_size = 1536
source_code_hash = "${base64sha256(file("${var.app_name}.zip"))}"
# environment {
# variables = {}
# }
}
#
# Configuration for triggering a function to run on a schedule.
#
# # Setup an event to trigger the lambafunction
# resource "aws_cloudwatch_event_rule" "app_event_rule" {
# name = "${var.app_name}_event_rule"
# description = "Invoke ${aws_lambda_function.app_function.arn} every 5 mins"
# schedule_expression = "rate(5 minutes)"
# }
#
# # Set the lambda's ARN as the target of the event
# resource "aws_cloudwatch_event_target" "app_target" {
# rule = "${aws_cloudwatch_event_rule.app_event_rule.id}"
# arn = "${aws_lambda_function.app_function.arn}"
# }
#
# resource "aws_lambda_permission" "app_function_allow_cloud_watch" {
# statement_id = "AllowExecutionFromCloudWatch"
# action = "lambda:InvokeFunction"
# function_name = "${aws_lambda_function.app_function.function_name}"
# principal = "events.amazonaws.com"
# source_arn = "${aws_cloudwatch_event_rule.app_event_rule.arn}"
# }