initial commit

lestex · lestex · commit aab00af84e7a · 2019-02-28T18:33:37.000+03:00
diff --git a/README.md b/README.md
@@ -0,0 +1,54 @@
+## Module for creating cron based lambdas
+
+What it does:
+- Creates a role for lambda
+- Creates and attaches policy to the role
+- Creates Cloudwatch cron, connects it to lambda and grants permission to run lambda.
+- Creates lambda function
+
+## Module Variables
+- `region` - The AWS region. Defaults to us-east-1"
+- `enabled` - bool, defaults to `true`
+- `lambda_name` - Name for lambda function
+- `project` - Project lambda belongs to
+- `runtime` - Runtime for lambda function
+- `handler` - Handler for lambda function
+- `lambda_zipfile` - Path to zip file that contains lambda function
+- `source_code_hash` - The hash for lambda Zip file"
+- `lambda_policy_document` - Path to policy document for [lambda function](http://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html#lambda-intro-execution-role)
+- `description` - Description for lambda function
+- `timeout` - Timeout for lambda function
+- `subnet_ids` - The list of subnets functions belongs to 
+- `security_group_ids` - The list of security groups
+
+## Usage:
+```sh
+module "lambda_test" {    
+    source              = "../../terraform/modules/aws_lambda_cron"
+    lambda_name         = "test_inventory"
+    runtime             = "python3.6"
+    lambda_zipfile      = "${path.module}/function/function.zip"
+    source_code_hash    = "${base64sha256(file("function/function.zip"))}"
+    handler             = "redshift_inventory.lambda_handler"
+    schedule_expression = "cron(0 */2 * * ? *)"
+    policy_document     = "${file("policies/lambda-policy.json")}"
+
+    # vpc_config parameters
+    # don't set if you want lambda run off VPC
+    # refer to terraform documentation
+    # both variables are lists
+    subnet_ids          = ["subnet-7e19af35"]
+    security_group_ids  = ["sg-aa4519da"]
+    # end vpc_config parameters
+
+    project = "Infra"
+    description = "Test function"
+}
+```
+## Outputs
+- `lambda_arn` - the ARN for lmbda
+- `role_name` - the NAME for the role
+- `role_arn` - the ARN for role
+
+## Author
+This module is created and maintained by [leandevops](https://github.com/leandevops)
diff --git a/main.tf b/main.tf
@@ -0,0 +1,90 @@
+# provider
+provider "aws" {
+  region = "${var.region}"
+}
+
+# create role and policies
+resource "aws_iam_role" "lambda_role" {
+  name        = "${var.lambda_name}_role"
+  description = "Role for ${var.lambda_name} Lambda function [Created with Terraform]"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_policy" "lambda-policy" {
+  name        = "${var.lambda_name}_policy"
+  description = "Defines resources ${var.lambda_name} lambda function has access to [Created with Terraform]"
+
+  policy = "${var.policy_document}"
+}
+
+# attach policy to role
+resource "aws_iam_role_policy_attachment" "attach-policy" {
+  role       = "${aws_iam_role.lambda_role.name}"
+  policy_arn = "${aws_iam_policy.lambda-policy.arn}"
+}
+
+# creates lambda
+resource "aws_lambda_function" "self" {
+  #count = "${var.enabled}"
+
+  runtime          = "${var.runtime}"
+  function_name    = "${var.lambda_name}"
+  filename         = "${var.lambda_zipfile}"
+  role             = "${aws_iam_role.lambda_role.arn}"
+  handler          = "${var.handler}"
+  source_code_hash = "${var.source_code_hash}"
+  description      = "${var.description} [Created with Terraform]"
+
+  publish = true
+  timeout = "${var.timeout}"
+
+  vpc_config = {
+    subnet_ids         = "${var.subnet_ids}"
+    security_group_ids = "${var.security_group_ids}"
+  }
+
+  tags = {
+    name         = "${var.lambda_name}"
+    createdWith  = "Terraform"
+    BUDGET_GROUP = "${var.project}"
+  }
+}
+
+# create CloudWatch cron
+resource "aws_cloudwatch_event_rule" "cron" {
+  count               = "${var.enabled}"
+  name                = "${var.lambda_name}-cron"
+  description         = "Sends event to ${var.lambda_name} cron based [Created with Terraform]"
+  schedule_expression = "${var.schedule_expression}"
+}
+
+resource "aws_cloudwatch_event_target" "lambda" {
+  count     = "${var.enabled}"
+  target_id = "runLambda"
+  rule      = "${aws_cloudwatch_event_rule.cron.name}"
+  arn       = "${aws_lambda_function.self.arn}"
+}
+
+resource "aws_lambda_permission" "cloudwatch" {
+  count         = "${var.enabled}"
+  statement_id  = "AllowExecutionFromCloudWatch"
+  action        = "lambda:InvokeFunction"
+  function_name = "${aws_lambda_function.self.arn}"
+  principal     = "events.amazonaws.com"
+  source_arn    = "${aws_cloudwatch_event_rule.cron.arn}"
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,11 @@
+output "lambda_arn" {
+  value = "${aws_lambda_function.self.*.arn}"
+}
+
+output "role_name" {
+  value = "${aws_iam_role.lambda_role.name}"
+}
+
+output "role_arn" {
+  value = "${aws_iam_role.lambda_role.arn}"
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,62 @@
+##############################
+# input and output variables
+##############################
+variable region {
+  description = "The AWS region. Defaults to us-east-1"
+  default     = "us-east-1"
+}
+
+variable enabled {
+  default = true
+}
+
+variable lambda_name {
+  description = "Name for lambda function"
+}
+
+variable project {
+  description = "Project lambda belongs to"
+}
+
+variable runtime {
+  description = "Runtime for lambda function"
+}
+
+variable handler {
+  description = "Handler for lambda function"
+}
+
+variable lambda_zipfile {
+  description = "Zip that contains lambda function"
+}
+
+variable source_code_hash {
+  description = "The hash for lambda Zip file"
+}
+
+variable description {
+  description = "Description for lambda function"
+}
+
+variable timeout {
+  description = "Timeout for lambda function"
+  default     = 30
+}
+
+variable policy_document {
+  description = "policy document for lambda function"
+}
+
+variable schedule_expression {
+  description = "Expression for CloudWatcvh cron"
+}
+
+variable subnet_ids {
+  description = "List of VPC subnet ids that lambda belongs to"
+  default     = []
+}
+
+variable security_group_ids {
+  description = "List of security groups ids"
+  default     = []
+}
