forked from StratusGrid/terraform-aws-lambda-pipeline
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathlambda.tf
More file actions
140 lines (127 loc) · 3.55 KB
/
lambda.tf
File metadata and controls
140 lines (127 loc) · 3.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
resource "aws_lambda_function" "this" {
filename = var.lambda_filename
description = var.description
function_name = var.name
handler = var.lambda_handler
layers = []
memory_size = var.lambda_memory_size
reserved_concurrent_executions = -1 //?
role = aws_iam_role.lambda.arn
runtime = var.lambda_runtime
timeout = 60
dynamic "environment" {
for_each = local.environment_map
content {
variables = environment.value
}
}
timeouts {}
tracing_config {
mode = "Active"
}
tags = merge(
local.common_tags,
{
},
)
lifecycle { //todo: remove or add aditional things?
ignore_changes = [
filename,
last_modified,
source_code_hash
]
}
}
### IAM ROLES, POLICIES AND ATTACHMENTS ###
resource "aws_iam_role" "lambda" {
name = var.name
description = "Allows Lambda functions to call AWS services on your behalf."
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement":
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"AWS" : [
"arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
],
"Service": "lambda.amazonaws.com"
}
}
}
EOF
tags = merge(
local.common_tags,
{
},
)
}
locals {
policies = {
for param, policy in var.policy_configs_map : param => policy.arn if policy.enabled
}
}
resource "aws_iam_role_policy_attachment" "lambda" {
role = aws_iam_role.lambda.name
for_each = local.policies
policy_arn = each.value
}
resource "aws_cloudwatch_log_group" "lambda" {
name = var.name
tags = merge(local.common_tags, {})
}
//data "aws_iam_policy" "aws_lambda_execute" {
// arn = "arn:aws:iam::aws:policy/AWSLambdaExecute"
//}
//
//data "aws_iam_policy" "amazon_ssm_read_only_access" {
// arn = "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess"
//}
//
//data "aws_iam_policy" "aws_xray_full_access" {
// arn = "arn:aws:iam::aws:policy/AWSXrayFullAccess"
//}
//
//data "aws_iam_policy" "aws_secretmanager_readwrite" {
// arn = "arn:aws:iam::aws:policy/SecretsManagerReadWrite"
//}
//
//data "aws_iam_policy" "lambda_s3_policy" {
// arn = "arn:aws:iam::aws:policy/AmazonS3FullAccess"
//}
//
//data "aws_iam_policy" "lambda_sqs_policy" {
// arn = "arn:aws:iam::aws:policy/AmazonSQSFullAccess"
//}
//
//resource "aws_iam_role_policy_attachment" "role_policy_attachment" {
// role = aws_iam_role.lambda.name
// policy_arn = data.aws_iam_policy.lambda_s3_policy.arn
//}
//
//resource "aws_iam_role_policy_attachment" "aws_secretmanager_readwrite" {
// role = aws_iam_role.lambda.name
// policy_arn = data.aws_iam_policy.aws_secretmanager_readwrite.arn
//}
//
//resource "aws_iam_role_policy_attachment" "aws_lambda_execute" {
// role = aws_iam_role.lambda.name
// policy_arn = data.aws_iam_policy.aws_lambda_execute.arn
//}
//
//resource "aws_iam_role_policy_attachment" "amazon_ssm_read_only_access" {
// role = aws_iam_role.lambda.name
// policy_arn = data.aws_iam_policy.amazon_ssm_read_only_access.arn
//}
//
//resource "aws_iam_role_policy_attachment" "aws_xray_full_access" {
// role = aws_iam_role.lambda.name
// policy_arn = data.aws_iam_policy.aws_xray_full_access.arn
//}
//
//resource "aws_iam_role_policy_attachment" "aws_sqs_excecution" {
// role = aws_iam_role.lambda.name
// policy_arn = data.aws_iam_policy.lambda_sqs_policy.arn
//}