-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
106 lines (89 loc) · 3.64 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
terraform {
required_providers {
archive = {
source = "hashicorp/archive"
version = "2.2.0"
}
template = {
source = "hashicorp/template"
version = "2.2.0"
}
aws = {
source = "hashicorp/aws"
version = "3.38.0"
}
}
}
# Create the lambda role (using lambdarole.json file)
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
resource "aws_iam_role" "ebs_bckup-role-lambdarole" {
name = "${var.stack_prefix}-role-lambdarole-${var.unique_name}"
assume_role_policy = file("${path.module}/files/lambdarole.json")
}
# Apply the Policy Document we just created
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
resource "aws_iam_role_policy" "ebs_bckup-role-lambdapolicy" {
name = "${var.stack_prefix}-role-lambdapolicy-${var.unique_name}"
role = aws_iam_role.ebs_bckup-role-lambdarole.id
policy = file("${path.module}/files/lambdapolicy.json")
}
# Output the ARN of the lambda role
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Render vars.ini for Lambda function
data "template_file" "vars" {
template = file("${path.module}/files/vars.ini.template")
vars = {
EC2_INSTANCE_TAG_NAME = var.EC2_INSTANCE_TAG_NAME
EC2_INSTANCE_TAG_VALUE = var.EC2_INSTANCE_TAG_VALUE
RETENTION_DAYS = var.RETENTION_DAYS
VOLUME_TAG_NAMES_TO_RETAIN = join(",", var.VOLUME_TAG_NAMES_TO_RETAIN)
REGIONS = join(",", var.regions)
}
}
data "archive_file" "lambda_zip" {
type = "zip"
output_path = "${path.module}/lambda-${var.stack_prefix}-${var.unique_name}.zip"
source {
filename = "ebs_bckup.py"
content = file("${path.module}/ebs_bckup/ebs_bckup.py")
}
source {
filename = "vars.ini"
content = data.template_file.vars.rendered
}
}
# Create lambda function
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
resource "aws_lambda_function" "ebs_bckup_lambda" {
function_name = "${var.stack_prefix}_lambda_${var.unique_name}"
filename = "${path.module}/lambda-${var.stack_prefix}-${var.unique_name}.zip"
source_code_hash = data.archive_file.lambda_zip.output_base64sha256
role = aws_iam_role.ebs_bckup-role-lambdarole.arn
runtime = "python3.9"
handler = "ebs_bckup.lambda_handler"
timeout = var.timeout
publish = true
memory_size = 1024
}
# Run the function with CloudWatch Event cronlike scheduler
resource "aws_cloudwatch_event_rule" "ebs_bckup_timer" {
name = "${var.stack_prefix}_ebs_bckup_event_${var.unique_name}"
description = "Cronlike scheduled Cloudwatch Event for creating and deleting EBS Snapshots"
schedule_expression = "cron(${var.cron_expression})"
}
# Assign event to Lambda target
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
resource "aws_cloudwatch_event_target" "run_ebs_bckup_lambda" {
rule = aws_cloudwatch_event_rule.ebs_bckup_timer.name
target_id = aws_lambda_function.ebs_bckup_lambda.id
arn = aws_lambda_function.ebs_bckup_lambda.arn
}
# Allow lambda to be called from cloudwatch
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
resource "aws_lambda_permission" "allow_cloudwatch_to_call" {
statement_id = "${var.stack_prefix}_AllowExecutionFromCloudWatch_${var.unique_name}"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.ebs_bckup_lambda.function_name
principal = "events.amazonaws.com"
source_arn = aws_cloudwatch_event_rule.ebs_bckup_timer.arn
}