commit lambda

lambdas/email_attachment_saver/lambda.tf

@@ -0,0 +1,64 @@
+locals {
+  lambda_function_name = "email-attachment-saver-dev"
+  timeout              = 30
+  runtime              = "python3.11"
+  powertools_layer_arn = "arn:aws:lambda:${var.aws_region}:017000801446:layer:AWSLambdaPowertoolsPythonV2:67"
+}
+
+data "aws_caller_identity" "current" {}
+
+
+module "lambda_function_container_image" {
+  source = "terraform-aws-modules/lambda/aws"
+  function_name = local.lambda_function_name
+  handler       = "index.lambda_handler"
+  publish       = true
+  runtime = local.runtime
+  timeout = local.timeout
+  layers  = [local.powertools_layer_arn]
+  source_path = "${path.module}/src"
+  s3_bucket   = var.lambda_storage_bucket
+  memory_size              = 256
+  role_name                = "${local.lambda_function_name}-role"
+  attach_policy_statements = true
+
+  policy_statements = {
+    log_group = {
+      effect = "Allow"
+      actions = [
+        "logs:CreateLogGroup"
+      ]
+      resources = [
+        "arn:aws:logs:*:*:*"
+      ]
+    }
+
+    s3 = {
+      effect = "Allow"
+      actions = [
+        "s3:Get*",
+        "s3:List*",
+        "s3:Describe*",
+        "s3:PutObject",
+        "s3-object-lambda:Get*",
+        "s3-object-lambda:List*",
+        "s3-object-lambda:WriteGetObjectResponse"
+      ]
+      resources = var.allowed_s3_resources
+    }
+
+    log_write = {
+      effect = "Allow"
+
+      resources = [
+        "arn:aws:logs:*:*:log-group:/aws/${local.lambda_function_name}/*:*"
+      ]
+
+      actions = [
+        "logs:CreateLogStream",
+        "logs:PutLogEvents",
+      ]
+    }
+
+  }
+}

lambdas/email_attachment_saver/output.tf

@@ -0,0 +1,7 @@
+output "lambda_function_arn" {
+  value = module.lambda_function_container_image.lambda_function_arn
+}
+
+output "lambda_function_name" {
+  value = module.lambda_function_container_image.lambda_function_name
+}

lambdas/email_attachment_saver/src/index.py

@@ -0,0 +1,48 @@
+import boto3
+import email
+import base64
+from botocore.exceptions import NoCredentialsError
+from aws_lambda_powertools import Logger, Metrics
+
+logger = Logger()
+metrics = Metrics()
+s3 = boto3.client('s3')
+
+def lambda_handler(event, context):
+    """
+    This lambda saves email attachments to S3. 
+
+    It expects to receive the s3 bucket and folder where the attachments will be saved
+    """
+
+    logger.info(event)
+    bucket = event['bucket']
+    s3_folder = event['s3_folder']
+    raw_email_data = event['Records'][0]['ses']['mail']['content']
+
+    msg = email.message_from_bytes(base64.b64decode(raw_email_data))
+
+
+    attachment_arns = []
+
+    if msg.is_multipart():
+        for part in msg.walk():
+            if part.get_content_maintype() != 'multipart' and part['Content-Disposition'] is not None:
+                try:
+                    key = part.get_filename()
+                    s3.put_object(Bucket=bucket, Key=s3_folder+key, Body=part.get_payload(decode=True))
+                    attachment_arns.append('arn:aws:s3:::' + bucket + '/' + s3_folder + '/' + key)
+
+                except NoCredentialsError:
+                    logger.error('No AWS credentials found')
+                    return {
+                        'statusCode': 400,
+                        'body': 'Error in the credentials'
+                    }
+
+    logger.info(attachment_arns)
+    return {
+        'statusCode': 200,
+        'body': 'Attachments saved to S3',
+        'attachment_arns': attachment_arns
+    }

lambdas/email_attachment_saver/variables.tf

@@ -0,0 +1,15 @@
+variable "lambda_storage_bucket" {
+  type     = string
+  nullable = false
+}
+
+variable "aws_region" {
+  type     = string
+  nullable = false
+}
+
+variable "allowed_s3_resources" {
+  type     = list(string)
+  nullable = false
+  description = "values for the s3 resources that the lambda function can access"
+}