Skip to content

Commit

Permalink
feat: Use the "official" lambda module
Browse files Browse the repository at this point in the history
  • Loading branch information
@haidaraM
haidaraM committed Feb 18, 2024
1 parent 0488d0e commit 8ec6d64
Show file tree
Hide file tree
Showing 8 changed files with 45 additions and 93 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,3 +37,4 @@ terraform.rc
.idea
backend/lambda.zip
.terraform.lock.hcl
builds/
17 changes: 5 additions & 12 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,23 +102,25 @@ when:
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.7 |
| <a name="requirement_archive"></a> [archive](#requirement\_archive) | ~> 2 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5 |
| <a name="requirement_external"></a> [external](#requirement\_external) | ~> 2 |
| <a name="requirement_null"></a> [null](#requirement\_null) | ~> 3 |
| <a name="requirement_ovh"></a> [ovh](#requirement\_ovh) | ~> 0.37 |

### Providers

| Name | Version |
|------|---------|
| <a name="provider_archive"></a> [archive](#provider\_archive) | ~> 2 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5 |
| <a name="provider_aws.cloudfront-us-east-1"></a> [aws.cloudfront-us-east-1](#provider\_aws.cloudfront-us-east-1) | ~> 5 |
| <a name="provider_ovh"></a> [ovh](#provider\_ovh) | ~> 0.37 |
| <a name="provider_terraform"></a> [terraform](#provider\_terraform) | n/a |

### Modules

No modules.
| Name | Source | Version |
|------|--------|---------|
| <a name="module_lambda_function"></a> [lambda\_function](#module\_lambda\_function) | terraform-aws-modules/lambda/aws | 7.2.1 |

### Resources

Expand All @@ -132,17 +134,11 @@ No modules.
| [aws_apigatewayv2_stage.default_stage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_stage) | resource |
| [aws_cloudfront_distribution.website](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |
| [aws_cloudfront_origin_access_identity.origin_access_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_access_identity) | resource |
| [aws_cloudwatch_log_group.log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
| [aws_cloudwatch_metric_alarm.dynamodb_throttled_requests](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
| [aws_cloudwatch_metric_alarm.lambda_errors](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
| [aws_dynamodb_table.users](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource |
| [aws_dynamodb_table_item.users](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table_item) | resource |
| [aws_iam_role.lambda_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy.lambda_dynamodb_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy_attachment.lambda_cloudwatch_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.lambda_xray_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_lambda_function.api_backend](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
| [aws_lambda_permission.allow_apigateway_to_invoke_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
| [aws_s3_bucket.cf_access_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
| [aws_s3_bucket.origin_website](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
| [aws_s3_bucket_acl.cf_logs_acl](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
Expand All @@ -153,13 +149,11 @@ No modules.
| [ovh_domain_zone_record.cert_validation_record](https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/domain_zone_record) | resource |
| [ovh_domain_zone_record.cf_record](https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/domain_zone_record) | resource |
| [terraform_data.deploy_to_s3](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
| [archive_file.lambda_package](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_canonical_user_id.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/canonical_user_id) | data source |
| [aws_cloudfront_cache_policy.cache_optimized](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudfront_cache_policy) | data source |
| [aws_cloudfront_log_delivery_canonical_user_id.awslogsdelivery](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudfront_log_delivery_canonical_user_id) | data source |
| [aws_iam_policy_document.lambda_dynamodb_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.lambda_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.origin_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

### Inputs
Expand All @@ -169,7 +163,6 @@ No modules.
| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | Region to deploy to | `string` | `"eu-west-3"` | no |
| <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | Default tags to apply to resources | `map(string)` | <pre>{<br> "app": "devops-challenge"<br>}</pre> | no |
| <a name="input_env"></a> [env](#input\_env) | Name of the environment | `string` | `"dev"` | no |
| <a name="input_lambda_directory"></a> [lambda\_directory](#input\_lambda\_directory) | The directory containing lambda | `string` | `"backend"` | no |
| <a name="input_ovh_domain_conf"></a> [ovh\_domain\_conf](#input\_ovh\_domain\_conf) | OVH DNS zone configuration if you want to use a custom domain. | <pre>object({<br> dns_zone_name = string<br> subdomain = optional(string, "")<br><br> })</pre> | <pre>{<br> "dns_zone_name": "",<br> "subdomain": ""<br>}</pre> | no |
| <a name="input_prefix"></a> [prefix](#input\_prefix) | A prefix appended to each resource | `string` | `"devops-challenge"` | no |

Expand Down
76 changes: 25 additions & 51 deletions backend.tf
View file
Original file line number Diff line number Diff line change
@@ -1,52 +1,33 @@
resource "aws_iam_role" "lambda_role" {
name = "${var.prefix}-${var.env}-api-backend"
description = "IAM Role for the API Backend"
assume_role_policy = data.aws_iam_policy_document.lambda_role_policy.json
}


resource "aws_iam_role_policy" "lambda_dynamodb_access" {
name = "dynamodb-access"
policy = data.aws_iam_policy_document.lambda_dynamodb_access.json
role = aws_iam_role.lambda_role.id
}


resource "aws_iam_role_policy_attachment" "lambda_cloudwatch_access" {
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
role = aws_iam_role.lambda_role.id
}

resource "aws_iam_role_policy_attachment" "lambda_xray_access" {
policy_arn = "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess"
role = aws_iam_role.lambda_role.id
}


resource "aws_lambda_function" "api_backend" {
function_name = "${var.prefix}-${var.env}-api-backend"
description = "API Backend for the DevOps challenge project"
role = aws_iam_role.lambda_role.arn
handler = "main.handler"
runtime = "python3.8"
timeout = 29
filename = data.archive_file.lambda_package.output_path
source_code_hash = filebase64sha256(data.archive_file.lambda_package.output_path)

tracing_config {
mode = "Active"
module "lambda_function" {
source = "terraform-aws-modules/lambda/aws"
version = "7.2.1"
function_name = "${var.prefix}-${var.env}-api-backend"
description = "API Backend for the DevOps challenge project"
handler = "main.handler"
runtime = "python3.11"
timeout = 29
tracing_mode = "Active"
attach_tracing_policy = true
create_current_version_allowed_triggers = false

source_path = "./backend"

environment_variables = {
DYNAMODB_TABLE = aws_dynamodb_table.users.name
}

environment {
variables = {
DYNAMODB_TABLE = aws_dynamodb_table.users.name
allowed_triggers = {
AllowExecutionFromAPIGateway = {
service = "apigateway"
source_arn = "${aws_apigatewayv2_api.http_api.execution_arn}/*/*"
}
}
}

resource "aws_cloudwatch_log_group" "log_group" {
name = "/aws/lambda/${aws_lambda_function.api_backend.function_name}"
retention_in_days = 14
resource "aws_iam_role_policy" "lambda_dynamodb_access" {
name = "dynamodb-access"
policy = data.aws_iam_policy_document.lambda_dynamodb_access.json
role = module.lambda_function.lambda_role_name
}

resource "aws_dynamodb_table" "users" {
Expand Down Expand Up @@ -89,18 +70,11 @@ resource "aws_apigatewayv2_api" "http_api" {
}
}

resource "aws_lambda_permission" "allow_apigateway_to_invoke_lambda" {
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.api_backend.function_name
principal = "apigateway.amazonaws.com"
source_arn = "${aws_apigatewayv2_api.http_api.execution_arn}/*"
}

resource "aws_apigatewayv2_integration" "lambda_integration" {
api_id = aws_apigatewayv2_api.http_api.id
integration_type = "AWS_PROXY"
integration_method = "POST"
integration_uri = aws_lambda_function.api_backend.invoke_arn
integration_uri = module.lambda_function.lambda_function_invoke_arn
passthrough_behavior = "WHEN_NO_MATCH"
}

Expand Down
2 changes: 2 additions & 0 deletions backend/requirements.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# This is just an example to install dependencies.
requests==2.31.0
18 changes: 0 additions & 18 deletions data.tf
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,3 @@
data "aws_iam_policy_document" "lambda_role_policy" {
statement {
actions = ["sts:AssumeRole"]

principals {
type = "Service"
identifiers = ["lambda.amazonaws.com"]
}
}
}

# Required for cloudfront access logs bucket
data "aws_canonical_user_id" "current" {}

Expand Down Expand Up @@ -43,10 +32,3 @@ data "aws_iam_policy_document" "origin_bucket_policy" {
data "aws_cloudfront_cache_policy" "cache_optimized" {
name = "Managed-CachingOptimized"
}

# Package the lambda in a zip file
data "archive_file" "lambda_package" {
output_path = "${var.lambda_directory}/lambda.zip"
source_file = "${var.lambda_directory}/main.py"
type = "zip"
}
15 changes: 11 additions & 4 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,13 @@ terraform {
version = "~> 0.37"
}

archive = {
source = "hashicorp/archive"
null = {
source = "hashicorp/null"
version = "~> 3"
}

external = {
source = "hashicorp/external"
version = "~> 2"
}
}
Expand All @@ -22,12 +27,14 @@ terraform {
provider "aws" {
region = var.aws_region

default_tags { # Automatically apply these tags to all the resources
default_tags {
# Automatically apply these tags to all the resources
tags = merge({ "env" : var.env }, var.default_tags)
}
}

provider "aws" { # Cloudfront cert needs to be in us-east-1
provider "aws" {
# Cloudfront cert needs to be in us-east-1
alias = "cloudfront-us-east-1"
region = "us-east-1"
}
Expand Down
3 changes: 1 addition & 2 deletions monitoring.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ resource "aws_sns_topic" "alerting" {
display_name = "SNS for DevOps challenge alerting"
}

#
resource "aws_cloudwatch_metric_alarm" "lambda_errors" {
alarm_name = "${var.prefix}-${var.env}-backend-api-errors"
alarm_description = "Alarm triggered when there some errors on the lambda function"
Expand All @@ -17,7 +16,7 @@ resource "aws_cloudwatch_metric_alarm" "lambda_errors" {
metric_name = "Errors"
alarm_actions = [aws_sns_topic.alerting.arn]
dimensions = {
FunctionName = aws_lambda_function.api_backend.function_name
FunctionName = module.lambda_function.lambda_function_name
}
}

Expand Down
6 changes: 0 additions & 6 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,6 @@ variable "default_tags" {
}
}

variable "lambda_directory" {
description = "The directory containing lambda"
type = string
default = "backend"
}

variable "env" {
description = "Name of the environment"
type = string
Expand Down

0 comments on commit 8ec6d64

Please sign in to comment.