chore: Added examples to show CloudWatch Event Rule as triggers (terraform-aws-modules#126)

Author: antonbabenko

README.md

@@ -564,6 +564,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo
 * [With EFS](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-efs) - Create Lambda Function with Elastic File System attached (Terraform 0.13+ is recommended).
 * [Multiple regions](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/multiple-regions) - Create the same Lambda Function in multiple regions with non-conflicting IAM roles and policies.
 * [Event Source Mapping](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/event-source-mapping) - Create Lambda Function with event source mapping configuration (SQS, DynamoDB, and Kinesis).
+* [Triggers](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/triggers) - Create Lambda Function with some triggers (eg, Cloudwatch Events, EventBridge).
 
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/triggers/.gitignore

@@ -0,0 +1 @@
+builds/*

examples/triggers/README.md

@@ -0,0 +1,75 @@
+# Triggers of AWS Lambda examples
+
+Configuration in this directory creates AWS Lambda Function with some triggers (eg. CloudWatch Events).
+
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.26 |
+| aws | >= 2.67 |
+| random | >= 2 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | >= 2.67 |
+| random | >= 2 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| lambda_function | ../../ |  |
+
+## Resources
+
+| Name |
+|------|
+| [aws_cloudwatch_event_rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) |
+| [aws_cloudwatch_event_target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) |
+| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) |
+
+## Inputs
+
+No input.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group |
+| lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function |
+| lambda\_role\_name | The name of the IAM role created for the Lambda Function |
+| local\_filename | The filename of zip archive deployed (if deployment was from local) |
+| s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) |
+| this\_lambda\_function\_arn | The ARN of the Lambda Function |
+| this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function |
+| this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function |
+| this\_lambda\_function\_last\_modified | The date Lambda Function resource was last modified |
+| this\_lambda\_function\_name | The name of the Lambda Function |
+| this\_lambda\_function\_qualified\_arn | The ARN identifying your Lambda Function Version |
+| this\_lambda\_function\_source\_code\_hash | Base64-encoded representation of raw SHA-256 sum of the zip file |
+| this\_lambda\_function\_source\_code\_size | The size in bytes of the function .zip file |
+| this\_lambda\_function\_version | Latest published version of Lambda Function |
+| this\_lambda\_layer\_arn | The ARN of the Lambda Layer with version |
+| this\_lambda\_layer\_created\_date | The date Lambda Layer resource was created |
+| this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version |
+| this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file |
+| this\_lambda\_layer\_version | The Lambda Layer version |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/triggers/main.tf

@@ -0,0 +1,65 @@
+provider "aws" {
+  region = "eu-west-1"
+
+  # Make it faster by skipping something
+  skip_get_ec2_platforms      = true
+  skip_metadata_api_check     = true
+  skip_region_validation      = true
+  skip_credentials_validation = true
+  skip_requesting_account_id  = true
+}
+
+##########################################
+# Lambda Function (with various triggers)
+##########################################
+
+module "lambda_function" {
+  source = "../../"
+
+  function_name = "${random_pet.this.id}-lambda-triggers"
+  description   = "My awesome lambda function"
+  handler       = "index.lambda_handler"
+  runtime       = "python3.8"
+  publish       = true
+
+  create_package         = false
+  local_existing_package = "${path.module}/../fixtures/python3.8-zip/existing_package.zip"
+
+  allowed_triggers = {
+    ScanAmiRule = {
+      principal  = "events.amazonaws.com"
+      source_arn = aws_cloudwatch_event_rule.scan_ami.arn
+    }
+  }
+}
+
+##################
+# Extra resources
+##################
+
+resource "random_pet" "this" {
+  length = 2
+}
+
+##################################
+# Cloudwatch Events (EventBridge)
+##################################
+resource "aws_cloudwatch_event_rule" "scan_ami" {
+  name          = "EC2CreateImageEvent"
+  description   = "EC2 Create Image Event..."
+  event_pattern = <<EOF
+{
+  "source": ["aws.ec2"],
+  "detail-type": ["AWS API Call via CloudTrail"],
+  "detail": {
+    "eventSource": ["ec2.amazonaws.com"],
+    "eventName": ["CreateImage"]
+  }
+}
+EOF
+}
+
+resource "aws_cloudwatch_event_target" "scan_ami_lambda_function" {
+  rule = aws_cloudwatch_event_rule.scan_ami.name
+  arn  = module.lambda_function.this_lambda_function_arn
+}

examples/triggers/outputs.tf

@@ -0,0 +1,99 @@
+# Lambda Function
+output "this_lambda_function_arn" {
+  description = "The ARN of the Lambda Function"
+  value       = module.lambda_function.this_lambda_function_arn
+}
+
+output "this_lambda_function_invoke_arn" {
+  description = "The Invoke ARN of the Lambda Function"
+  value       = module.lambda_function.this_lambda_function_invoke_arn
+}
+
+output "this_lambda_function_name" {
+  description = "The name of the Lambda Function"
+  value       = module.lambda_function.this_lambda_function_name
+}
+
+output "this_lambda_function_qualified_arn" {
+  description = "The ARN identifying your Lambda Function Version"
+  value       = module.lambda_function.this_lambda_function_qualified_arn
+}
+
+output "this_lambda_function_version" {
+  description = "Latest published version of Lambda Function"
+  value       = module.lambda_function.this_lambda_function_version
+}
+
+output "this_lambda_function_last_modified" {
+  description = "The date Lambda Function resource was last modified"
+  value       = module.lambda_function.this_lambda_function_last_modified
+}
+
+output "this_lambda_function_kms_key_arn" {
+  description = "The ARN for the KMS encryption key of Lambda Function"
+  value       = module.lambda_function.this_lambda_function_kms_key_arn
+}
+
+output "this_lambda_function_source_code_hash" {
+  description = "Base64-encoded representation of raw SHA-256 sum of the zip file"
+  value       = module.lambda_function.this_lambda_function_source_code_hash
+}
+
+output "this_lambda_function_source_code_size" {
+  description = "The size in bytes of the function .zip file"
+  value       = module.lambda_function.this_lambda_function_source_code_size
+}
+
+# Lambda Layer
+output "this_lambda_layer_arn" {
+  description = "The ARN of the Lambda Layer with version"
+  value       = module.lambda_function.this_lambda_layer_arn
+}
+
+output "this_lambda_layer_layer_arn" {
+  description = "The ARN of the Lambda Layer without version"
+  value       = module.lambda_function.this_lambda_layer_layer_arn
+}
+
+output "this_lambda_layer_created_date" {
+  description = "The date Lambda Layer resource was created"
+  value       = module.lambda_function.this_lambda_layer_created_date
+}
+
+output "this_lambda_layer_source_code_size" {
+  description = "The size in bytes of the Lambda Layer .zip file"
+  value       = module.lambda_function.this_lambda_layer_source_code_size
+}
+
+output "this_lambda_layer_version" {
+  description = "The Lambda Layer version"
+  value       = module.lambda_function.this_lambda_layer_version
+}
+
+# IAM Role
+output "lambda_role_arn" {
+  description = "The ARN of the IAM role created for the Lambda Function"
+  value       = module.lambda_function.lambda_role_arn
+}
+
+output "lambda_role_name" {
+  description = "The name of the IAM role created for the Lambda Function"
+  value       = module.lambda_function.lambda_role_name
+}
+
+# CloudWatch Log Group
+output "lambda_cloudwatch_log_group_arn" {
+  description = "The ARN of the Cloudwatch Log Group"
+  value       = module.lambda_function.lambda_cloudwatch_log_group_arn
+}
+
+# Deployment package
+output "local_filename" {
+  description = "The filename of zip archive deployed (if deployment was from local)"
+  value       = module.lambda_function.local_filename
+}
+
+output "s3_object" {
+  description = "The map with S3 object data of zip archive deployed (if deployment was from S3)"
+  value       = module.lambda_function.s3_object
+}

examples/triggers/variables.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_version = ">= 0.12.26"
+
+  required_providers {
+    aws    = ">= 2.67"
+    random = ">= 2"
+  }
+}