Skip to content

Commit

Permalink
tf modules
Browse files Browse the repository at this point in the history
  • Loading branch information
clamorisse committed Oct 24, 2016
1 parent 747d126 commit 4467a78
Show file tree
Hide file tree
Showing 3 changed files with 138 additions and 0 deletions.
48 changes: 48 additions & 0 deletions infrastructure/modules/iam/iam_lambda.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
# ------------------------------------------------
# CREATING POLICIES AND ROLES FOR
# LAMBDA f(x)
# ------------------------------------------------

variable "app_name" { }
variable "policy_file" { }

# CREATING EXECUTION ROLE

resource "aws_iam_role" "exec_role" {
name = "${var.app_name}-lambda-exec_role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}

# Execution Lambda policy, grants permissions to CloudWatch and S3

resource "aws_iam_role_policy_attachment" "lambda_execute" {
role = "${aws_iam_role.exec_role.name}"
policy_arn = "arn:aws:iam::aws:policy/AWSLambdaExecute"
}


# Inline policy for permissions to access resources

resource "aws_iam_role_policy" "lambda_policy" {
name = "${var.app_name}-access-resources-policy"
role = "${aws_iam_role.exec_role.id}"
policy = "${var.policy_file}"
}


output "execution_role_arn" { value = "${aws_iam_role.exec_role.arn}" }

54 changes: 54 additions & 0 deletions infrastructure/modules/lambda/lambda_function.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# ------------------------------------------------
# CREATES LAMBDA f(X)
# ------------------------------------------------

variable "zip_file" { }
variable "app-name" { }
variable "role" { }
#variable "lambda_role_arn" { }
variable "handler" { }
variable "runtime" { }

variable "source_arn" { }
variable "source_id" { }

variable "filter_prefix" { }
variable "filter_suffix" { }
variable "events" { }


# Creates lambda function with a zip file containing code

resource "aws_lambda_function" "lambda" {
filename = "${var.zip_file}"
function_name = "${var.app-name}-function"
role = "${var.role}"
handler = "${var.handler}"
runtime = "${var.runtime}"

source_code_hash = "${base64sha256(file("${var.zip_file}"))}"
}

# Creates permission to have S3 execute Lambda Function

resource "aws_lambda_permission" "allow_bucket" {
statement_id = "AllowExecutionFromS3Bucket"
action = "lambda:InvokeFunction"
function_name = "${aws_lambda_function.lambda.arn}"
principal = "s3.amazonaws.com"
source_arn = "${var.source_arn}"
}

# S3 is allowed to trigger Lambda Function

resource "aws_s3_bucket_notification" "bucket_notification" {
bucket = "${var.source_id}"
lambda_function {
lambda_function_arn = "${aws_lambda_function.lambda.arn}"
events = ["${var.events}"]
filter_prefix = "${var.filter_prefix}"
filter_suffix = "${var.filter_suffix}"
}
}

output "lambda_function_arn" { value = "${aws_lambda_function.lambda.arn}" }
36 changes: 36 additions & 0 deletions infrastructure/modules/s3/buckets_for_lambda.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
#-------------------------------------------
# Source and target Buckets
# for Lambda f(x)
#-------------------------------------------
variable "source_bucket" { }
variable "app_name" { }
variable "env" { }


resource "aws_s3_bucket" "source" {
bucket = "${var.source_bucket}"
acl = "private"

tags {
Name = "${var.app_name}"
Environment = "${var.env}"
}
}

resource "aws_s3_bucket" "target" {
bucket = "${var.source_bucket}resize"
acl = "private"

tags {
Name = "${var.app_name}"
Environment = "${var.env}"
}
}

output "source-bucket-id" { value = "${aws_s3_bucket.source.id}" }
output "source-bucket-arn" { value = "${aws_s3_bucket.source.arn}" }

output "target-bucket-id" { value = "${aws_s3_bucket.target.id}" }
output "target-bucket-arn" { value = "${aws_s3_bucket.target.arn}" }


0 comments on commit 4467a78

Please sign in to comment.