#1 Make deployable by terraform to AWS

prepare.deplyoment.sh

@@ -0,0 +1,6 @@
+pip3 install -r src/requirements.txt -t dependencies/ --platform manylinux2014_x86_64 --python-version 3.12 --only-binary=:all: 
+zip -r lambda_function.zip conf
+cd src
+zip -r ../lambda_function.zip .
+cd ../dependencies
+zip -r ../lambda_function.zip .

src/requirements.txt

@@ -0,0 +1,6 @@
+urllib3
+cryptography
+jsonschema
+PyJWT
+requests
+confluent_kafka

terraform/api_gateway.tf

@@ -0,0 +1,136 @@
+resource "aws_api_gateway_rest_api" "event_gate_api" {
+  name = "${var.resource_prefix}event-gate-api"
+  description = "API for EventGate"
+  tags = {"BuiltBy" = "Terraform"}
+  endpoint_configuration {
+    types = ["PRIVATE"]
+  }
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Action = "execute-api:Invoke",
+        Resource = "*",
+        Principal = "*"
+      }
+    ]
+  })
+}
+
+resource "aws_api_gateway_resource" "event_gate_api_token" {
+  rest_api_id = aws_api_gateway_rest_api.event_gate_api.id
+  parent_id = aws_api_gateway_rest_api.event_gate_api.root_resource_id
+  path_part = "Token"
+}
+
+resource "aws_api_gateway_method" "event_gate_api_token_get" {
+  rest_api_id = aws_api_gateway_rest_api.event_gate_api.id
+  resource_id = aws_api_gateway_resource.event_gate_api_token.id
+  authorization = "NONE"
+  http_method  = "GET"
+}
+
+resource "aws_api_gateway_integration" "event_gate_api_token_get_integration" {
+  rest_api_id = aws_api_gateway_rest_api.event_gate_api.id
+  resource_id = aws_api_gateway_resource.event_gate_api_token.id
+  http_method = aws_api_gateway_method.event_gate_api_token_get.http_method
+  integration_http_method = "POST"
+  type = "AWS_PROXY"
+  uri = aws_lambda_function.event_gate_lambda.invoke_arn
+}
+
+resource "aws_api_gateway_resource" "event_gate_api_topics" {
+  rest_api_id = aws_api_gateway_rest_api.event_gate_api.id
+  parent_id = aws_api_gateway_rest_api.event_gate_api.root_resource_id
+  path_part = "Topics"
+}
+
+resource "aws_api_gateway_method" "event_gate_api_topics_get" {
+  rest_api_id = aws_api_gateway_rest_api.event_gate_api.id
+  resource_id = aws_api_gateway_resource.event_gate_api_topics.id
+  authorization = "NONE"
+  http_method = "GET"
+}
+
+resource "aws_api_gateway_integration" "event_gate_api_topics_get_integration" {
+  rest_api_id = aws_api_gateway_rest_api.event_gate_api.id
+  resource_id = aws_api_gateway_resource.event_gate_api_topics.id
+  http_method = aws_api_gateway_method.event_gate_api_topics_get.http_method
+  integration_http_method = "POST"
+  type = "AWS_PROXY"
+  uri = aws_lambda_function.event_gate_lambda.invoke_arn
+}
+
+resource "aws_api_gateway_resource" "event_gate_api_topic_name" {
+  rest_api_id = aws_api_gateway_rest_api.event_gate_api.id
+  parent_id = aws_api_gateway_resource.event_gate_api_topics.id
+  path_part = "{topicName}"
+}
+
+resource "aws_api_gateway_method" "event_gate_api_topic_name_get" {
+  rest_api_id = aws_api_gateway_rest_api.event_gate_api.id
+  resource_id = aws_api_gateway_resource.event_gate_api_topic_name.id
+  authorization = "NONE"
+  http_method = "GET"
+  request_parameters = {
+    "method.request.path.topicName" = true
+  }
+}
+
+resource "aws_api_gateway_integration" "event_gate_api_topic_name_get_integration" {
+  rest_api_id = aws_api_gateway_rest_api.event_gate_api.id
+  resource_id = aws_api_gateway_resource.event_gate_api_topic_name.id
+  http_method = aws_api_gateway_method.event_gate_api_topic_name_get.http_method
+  integration_http_method = "POST"
+  type = "AWS_PROXY"
+  uri = aws_lambda_function.event_gate_lambda.invoke_arn
+}
+
+resource "aws_api_gateway_method" "event_gate_api_topic_name_post" {
+  rest_api_id = aws_api_gateway_rest_api.event_gate_api.id
+  resource_id = aws_api_gateway_resource.event_gate_api_topic_name.id
+  authorization = "NONE"
+  http_method = "POST"
+  request_parameters = {
+    "method.request.path.topicName" = true
+  }
+}
+
+resource "aws_api_gateway_integration" "event_gate_api_topic_name_post_integration" {
+  rest_api_id = aws_api_gateway_rest_api.event_gate_api.id
+  resource_id = aws_api_gateway_resource.event_gate_api_topic_name.id
+  http_method = aws_api_gateway_method.event_gate_api_topic_name_post.http_method
+  integration_http_method = "POST"
+  type = "AWS_PROXY"
+  uri = aws_lambda_function.event_gate_lambda.invoke_arn
+}
+
+resource "aws_lambda_permission" "event_gate_api_lambda_permissions" {
+  action = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.event_gate_lambda.function_name
+  principal = "apigateway.amazonaws.com"
+  source_arn = "${aws_api_gateway_rest_api.event_gate_api.execution_arn}/*"
+}
+
+resource "aws_api_gateway_deployment" "event_gate_api_deployment" {
+  rest_api_id = aws_api_gateway_rest_api.event_gate_api.id
+  triggers = {
+    redeployment = sha1(jsonencode([
+      aws_api_gateway_integration.event_gate_api_token_get_integration,
+	  aws_api_gateway_integration.event_gate_api_topics_get_integration,
+	  aws_api_gateway_integration.event_gate_api_topic_name_get_integration,
+	  aws_api_gateway_integration.event_gate_api_topic_name_post_integration
+    ]))
+  }
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "event_gate_api_stage" {
+  rest_api_id = aws_api_gateway_rest_api.event_gate_api.id
+  deployment_id = aws_api_gateway_deployment.event_gate_api_deployment.id
+  stage_name = "DEV"
+  tags = {"BuiltBy" = "Terraform"}
+}

terraform/lambda.tf

@@ -0,0 +1,26 @@
+resource "aws_security_group" "event_gate_sg" {
+  name = "${var.resource_prefix}event-gate-sg"
+  description = "SG for Event Gate"
+  vpc_id = var.vpc_id
+  tags = {"BuiltBy" = "Terraform"}
+}
+
+resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" {
+  security_group_id = aws_security_group.event_gate_sg.id
+  cidr_ipv4 = "0.0.0.0/0"
+  ip_protocol = "-1"
+}
+
+resource "aws_lambda_function" "event_gate_lambda" {
+  filename = "../lambda_function.zip"
+  function_name = "${var.resource_prefix}event-gate-lambda"
+  role = var.lambda_role_arn
+  handler = "event_gate_lambda.lambda_handler"
+  source_code_hash = filebase64sha256("../lambda_function.zip")
+  runtime = "python3.12"
+  vpc_config {
+    subnet_ids = var.lambda_vpc_subnet_ids
+    security_group_ids = [aws_security_group.event_gate_sg.id]
+  }
+  tags = {"BuiltBy" = "Terraform"}
+}

terraform/provider.tf

@@ -0,0 +1,3 @@
+provider "aws" {
+  region = var.aws_region
+}

terraform/variables.tf

@@ -0,0 +1,5 @@
+variable "aws_region" {}
+variable "vpc_id" {}
+variable "resource_prefix" {}
+variable "lambda_role_arn" {}
+variable "lambda_vpc_subnet_ids" {}