From 97480cedfb160743f7cbba9b4682027af20dfb15 Mon Sep 17 00:00:00 2001 From: RiceAndmeet Date: Thu, 25 Apr 2024 17:43:59 -0400 Subject: [PATCH] feat: deploy lambda via docker image testnet --- terraform/testnet/main.tf | 117 ++++++++++++++++--------- terraform/testnet/variables.tf.example | 9 ++ 2 files changed, 85 insertions(+), 41 deletions(-) diff --git a/terraform/testnet/main.tf b/terraform/testnet/main.tf index 0e1848da..0d5e48d4 100644 --- a/terraform/testnet/main.tf +++ b/terraform/testnet/main.tf @@ -24,8 +24,6 @@ provider "aws" { } } -provider "archive" {} - locals { url_subpath_api_mapping = "api" # map apigw to url subpath /api from aws_api_gateway_domain_name } @@ -34,55 +32,92 @@ data "aws_api_gateway_domain_name" "testnet" { domain_name = "testnet.api.axelarscan.io" } -data "archive_file" "zip" { - type = "zip" - source_dir = "../../" - excludes = ["terraform", ".gitignore", "README.md", "LICENSE", "yarn.lock", ".env.example", ".env", "test"] - output_path = "${var.package_name}.zip" -} - -data "aws_iam_policy_document" "policy" { - statement { - sid = "" - effect = "Allow" - actions = ["sts:AssumeRole"] - principals { - identifiers = ["lambda.amazonaws.com"] - type = "Service" +resource "aws_iam_role" "lambda_role" { + name = "${var.package_name}-${var.environment}-role" + assume_role_policy = jsonencode( + { + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { + Service = "lambda.amazonaws.com" + } + }, + ] + Version = "2012-10-17" } + ) + + inline_policy { + name = "secret_manager_policy" + policy = jsonencode( + { + Statement = [ + { + Action = [ + "secretsmanager:GetSecretValue", + ] + Effect = "Allow" + Resource = "*" + }, + ] + Version = "2012-10-17" + } + ) } -} -data "aws_iam_role" "role" { - name = var.iam_role -} - -resource "aws_iam_policy_attachment" "attachment" { - name = "${var.project_name}-attachment" - roles = [data.aws_iam_role.role.name] - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + inline_policy { + name = "lambda_execution_policy" + policy = jsonencode( + { + Statement = [ + { + Action = [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ] + Effect = "Deny" + Resource = "*" + }, + ] + Version = "2012-10-17" + } + ) + } } resource "aws_lambda_function" "function" { - function_name = "${var.package_name}-${var.environment}" - filename = data.archive_file.zip.output_path - source_code_hash = data.archive_file.zip.output_base64sha256 - role = data.aws_iam_role.role.arn - handler = "index.handler" - runtime = "nodejs20.x" - timeout = 30 - memory_size = 512 - publish = true + function_name = "${var.package_name}-${var.environment}" + package_type = "Image" + image_uri = "499786161782.dkr.ecr.us-east-2.amazonaws.com/axelarscan-api:v${var.app_version}" + role = aws_iam_role.lambda_role.arn + timeout = 30 + memory_size = 512 + publish = true environment { variables = { - NODE_NO_WARNINGS = 1 - ENVIRONMENT = var.environment - INDEXER_URL = var.indexer_url - INDEXER_USERNAME = var.indexer_username - INDEXER_PASSWORD = var.indexer_password - LOG_LEVEL = var.log_level + NODE_NO_WARNINGS = 1 + ENVIRONMENT = var.environment + INDEXER_URL = var.indexer_url + INDEXER_USERNAME = var.indexer_username + INDEXER_PASSWORD = var.indexer_password + LOG_LEVEL = var.log_level + DD_LAMBDA_HANDLER = "index.handler" + DD_SITE = "datadoghq.com" + DD_API_KEY_SECRET_ARN = "arn:aws:secretsmanager:us-east-2:499786161782:secret:DdApiKeySecret-gJ9EIYVknJGu-HYZ3nM" + DD_TRACE_ENABLED = true + DD_ENV = var.environment + DD_SERVICE = "${var.package_name}-${var.environment}" + DD_VERSION = "${var.app_version}" } } + image_config { + command = [ + "node_modules/datadog-lambda-js/dist/handler.handler", + ] + } kms_key_arn = "" } diff --git a/terraform/testnet/variables.tf.example b/terraform/testnet/variables.tf.example index 063fa7b1..ffbc39a0 100644 --- a/terraform/testnet/variables.tf.example +++ b/terraform/testnet/variables.tf.example @@ -41,4 +41,13 @@ variable "indexer_password" { variable "log_level" { description = "Log level" default = "debug" +} + +variable "app_version" { + description = "App version, same as docker image version" + default = "0.0.1" + validation { + error_message = "Must be valid semantic version. $Major.$Minor.$Patch" + condition = can(regex("^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", var.app_version)) + } } \ No newline at end of file