-
Notifications
You must be signed in to change notification settings - Fork 1
/
lambda.tf
116 lines (101 loc) · 2.97 KB
/
lambda.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
resource "aws_iam_role" "lambda" {
name = "${var.PROJECT}-lambda-role-${var.ENVIROMENT}"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
data "aws_iam_policy_document" "lambda_to_cloudwatch_logs" {
statement {
effect = "Allow"
actions = [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
]
resources = ["*"]
}
}
resource "aws_iam_role_policy" "lambda_to_cloudwatch_policy" {
name = "${var.PROJECT}-lambda_to_cloudwatch_policy-${var.ENVIROMENT}"
role = "${aws_iam_role.lambda.id}"
policy = "${data.aws_iam_policy_document.lambda_to_cloudwatch_logs.json}"
}
resource "aws_iam_role_policy" "lambda_to_kinesis_policy" {
name = "${var.PROJECT}-kinesis-policy-${var.ENVIROMENT}"
//description = "Policy to allow reading from the ${var.stream_name} stream"
role = "${aws_iam_role.lambda.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kinesis:GetShardIterator",
"kinesis:GetRecords",
"kinesis:DescribeStream"
],
"Resource": "${aws_kinesis_stream.kinesis_stream.arn}"
},
{
"Effect": "Allow",
"Action": "kinesis:ListStreams",
"Resource": "*"
}
]
}
EOF
}
data "null_data_source" "lambda_file" {
inputs = {
filename = "/function/logsConsumer.js"
}
}
data "null_data_source" "lambda_archive" {
inputs = {
filename = "${path.module}/function/logsConsumer.zip"
}
}
data "archive_file" "lambda_kinesis_stream_to_influxDB" {
type = "zip"
# source_file = "${data.null_data_source.lambda_file.outputs.filename}"
source_dir = "${path.module}/function"
output_path = "${data.null_data_source.lambda_archive.outputs.filename}"
}
resource "aws_cloudwatch_log_group" "lambda_function_logging_group" {
name = "/aws/lambda/${var.LAMBDA_FUNCTION_NAME}"
}
resource "aws_lambda_function" "lambda_kinesis_stream_to_influxDB" {
filename = "${data.archive_file.lambda_kinesis_stream_to_influxDB.output_path}"
function_name = "${var.LAMBDA_FUNCTION_NAME}"
role = "${aws_iam_role.lambda.arn}"
handler = "logsConsumer.handler"
source_code_hash = "${data.archive_file.lambda_kinesis_stream_to_influxDB.output_base64sha256}"
runtime = "nodejs10.x"
timeout = 60
environment {
variables = {
INFLUXDB_IP = "${aws_instance.influxdb.public_ip}"
INFLUXDB_BUCKET = "${var.INFLUXDB_BUCKET}"
INFLUXDB_ORG = "${var.INFLUXDB_ORG}"
INFLUXDB_TOKEN = "${var.INFLUXDB_TOKEN}"
}
}
}
resource "aws_lambda_event_source_mapping" "kinesis" {
event_source_arn = "${aws_kinesis_stream.kinesis_stream.arn}"
function_name = "${aws_lambda_function.lambda_kinesis_stream_to_influxDB.arn}"
starting_position = "LATEST"
}