Describe AWS Lambda terraform templates

vitalibo · May 9, 2020 · 255890e · 255890e
1 parent 1ee08c7
commit 255890e
Show file tree

Hide file tree

Showing 7 changed files with 158 additions and 4 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,7 @@
 .idea/
 venv/
 .DS_Store
-*.iml
+*.iml
+function_source.zip
+.tf_*
+.terraform/
diff --git a/infrastructure/aws/Makefile b/infrastructure/aws/Makefile
@@ -38,13 +38,21 @@ configure:
 init:
 	$(TF_ENV_VARS) terraform init $(TF_OPTIONS) $(TF_INIT_CONF)
 
+.PHONY: package
+package:
+	rm -rf $(CURDIR)/function_source.zip
+	for module in 'core' 'aws' ; do \
+		cd $(CURDIR)/../../git-lfs-$$module/src/main/ ; \
+		zip -r $(CURDIR)/function_source.zip ./ ; \
+	done
+
 .PHONY: plan
-plan: configure init
+plan: configure init package
 	$(TF_ENV_VARS) terraform plan $(TF_OPTIONS) $(TF_RUN_CONF)
 
 .PHONY: apply
-apply: configure init
-	@echo $(TF_ENV_VARS) terraform apply $(TF_OPTIONS) $(TF_RUN_CONF)
+apply: configure init package
+	$(TF_ENV_VARS) terraform apply $(TF_OPTIONS) $(TF_RUN_CONF)
 
 .PHONY: destroy
 destroy: configure init

diff --git a/infrastructure/aws/outputs.tf b/infrastructure/aws/outputs.tf
@@ -0,0 +1,19 @@
+output "function_name" {
+  description = "The name of the Lambda function"
+  value       = aws_lambda_function.lambda.function_name
+}
+
+output "function_arn" {
+  description = "The ARN of the Lambda function"
+  value       = aws_lambda_function.lambda.arn
+}
+
+output "role_name" {
+  description = "The name of the IAM role created for the Lambda function"
+  value       = aws_iam_role.lambda_role.name
+}
+
+output "role_arn" {
+  description = "The ARN of the IAM role created for the Lambda function"
+  value       = aws_iam_role.lambda_role.arn
+}
diff --git a/infrastructure/aws/resources.tf b/infrastructure/aws/resources.tf
@@ -0,0 +1,83 @@
+provider "aws" {
+  profile = var.profile
+  region  = var.region
+}
+
+locals {
+  resource_name_prefix = "${var.name}-${var.environment}"
+}
+
+data "local_file" "lambda_source" {
+  filename = "${path.module}/function_source.zip"
+}
+
+resource "aws_lambda_function" "lambda" {
+  function_name    = "${local.resource_name_prefix}-api"
+  description      = "This lambda coordinate fetching and storing Git LFS objects"
+  filename         = data.local_file.lambda_source.filename
+  source_code_hash = filebase64sha256(data.local_file.lambda_source.filename)
+  role             = aws_iam_role.lambda_role.arn
+  handler          = "aws.function.handler"
+  runtime          = "python3.7"
+  memory_size      = 128
+  timeout          = 30
+  tags             = var.tags
+}
+
+data "aws_iam_policy_document" "lambda_role_trust_policy" {
+  version = "2012-10-17"
+
+  statement {
+    actions = ["sts:AssumeRole"]
+    effect  = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["lambda.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role" "lambda_role" {
+  name               = "${local.resource_name_prefix}-api-lambda"
+  assume_role_policy = data.aws_iam_policy_document.lambda_role_trust_policy.json
+  tags               = var.tags
+}
+
+data "aws_iam_policy_document" "lambda_role_policy" {
+  version = "2012-10-17"
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:*"
+    ]
+    resources = [
+      "arn:aws:s3:::${var.bucket_name}",
+      "arn:aws:s3:::${var.bucket_name}/*"
+    ]
+  }
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "logs:CreateLogStream",
+      "logs:PutLogEvents"
+    ]
+    resources = [
+      aws_cloudwatch_log_group.lambda_log_group.arn
+    ]
+  }
+}
+
+resource "aws_iam_role_policy" "lambda_role_policy" {
+  name_prefix = local.resource_name_prefix
+  role        = aws_iam_role.lambda_role.id
+  policy      = data.aws_iam_policy_document.lambda_role_policy.json
+}
+
+resource "aws_cloudwatch_log_group" "lambda_log_group" {
+  name              = "/aws/lambda/${local.resource_name_prefix}-api"
+  retention_in_days = 7
+  tags              = var.tags
+}
diff --git a/infrastructure/aws/variables.tf b/infrastructure/aws/variables.tf
@@ -0,0 +1,31 @@
+variable "profile" {
+  type        = string
+  description = "Use a specific profile from your credential file"
+  default     = "default"
+}
+
+variable "region" {
+  type        = string
+  description = "The AWS region to use"
+  default     = "us-west-2"
+}
+
+variable "environment" {
+  type        = string
+  description = "Environment name"
+}
+
+variable "name" {
+  type        = string
+  description = "Service name that will be prefixed to resource names"
+}
+
+variable "bucket_name" {
+  type        = string
+  description = "S3 bucket name where will be stored Git LFS objects"
+}
+
+variable "tags" {
+  type        = map(string)
+  description = "A list of tags to apply to resources"
+}
diff --git a/infrastructure/aws/vars/dev.tfvars b/infrastructure/aws/vars/dev.tfvars
@@ -0,0 +1,5 @@
+region      = "us-west-2"
+environment = "dev"
+name        = "git-lfs"
+bucket_name = "git-lfs-storagebucket-mo410x249ybo"
+tags        = { "Environment" : "develop", "Product" : "Git LFS", "Owner" : "Vitaliy Boyarsky" }
diff --git a/infrastructure/aws/vars/prod.tfvars b/infrastructure/aws/vars/prod.tfvars
@@ -0,0 +1,5 @@
+region      = "us-west-2"
+environment = "prod"
+name        = "git-lfs"
+backet_name = "git-lfs-storagebucket-mo410x249ybo"
+tags        = { "Environment" : "production", "Product" : "Git LFS", "Owner" : "Vitaliy Boyarsky" }