diff --git a/README.md b/README.md index 9ccc56c..2f1bcfb 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ In your Terrafom `main.tf` call the module with the required variables. ``` module "ebs_bckup" { // It is recommended that you lock "ref" to a specific release version - source = "git::https://github.com/evergage/ebs_bckup.git?ref=v1.3" + source = "git::https://github.com/evergage/ebs_bckup.git?ref=v1.4" EC2_INSTANCE_TAG_NAME = "environment" EC2_INSTANCE_TAG_VALUE = "prod" RETENTION_DAYS = 10 diff --git a/main.tf b/main.tf index 99a29e0..47a95b1 100644 --- a/main.tf +++ b/main.tf @@ -1,9 +1,26 @@ +terraform { + required_providers { + archive = { + source = "hashicorp/archive" + version = "2.2.0" + } + template = { + source = "hashicorp/template" + version = "2.2.0" + } + aws = { + source = "hashicorp/aws" + version = "3.38.0" + } + } +} + # Create the lambda role (using lambdarole.json file) # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - resource "aws_iam_role" "ebs_bckup-role-lambdarole" { name = "${var.stack_prefix}-role-lambdarole-${var.unique_name}" - assume_role_policy = "${file("${path.module}/files/lambdarole.json")}" + assume_role_policy = file("${path.module}/files/lambdarole.json") } # Apply the Policy Document we just created @@ -11,8 +28,8 @@ resource "aws_iam_role" "ebs_bckup-role-lambdarole" { resource "aws_iam_role_policy" "ebs_bckup-role-lambdapolicy" { name = "${var.stack_prefix}-role-lambdapolicy-${var.unique_name}" - role = "${aws_iam_role.ebs_bckup-role-lambdarole.id}" - policy = "${file("${path.module}/files/lambdapolicy.json")}" + role = aws_iam_role.ebs_bckup-role-lambdarole.id + policy = file("${path.module}/files/lambdapolicy.json") } # Output the ARN of the lambda role @@ -21,13 +38,13 @@ resource "aws_iam_role_policy" "ebs_bckup-role-lambdapolicy" { # Render vars.ini for Lambda function data "template_file" "vars" { - template = "${file("${path.module}/files/vars.ini.template")}" - vars { - EC2_INSTANCE_TAG_NAME = "${var.EC2_INSTANCE_TAG_NAME}" - EC2_INSTANCE_TAG_VALUE = "${var.EC2_INSTANCE_TAG_VALUE}" - RETENTION_DAYS = "${var.RETENTION_DAYS}" - VOLUME_TAG_NAMES_TO_RETAIN = "${join(",", var.VOLUME_TAG_NAMES_TO_RETAIN)}" - REGIONS = "${join(",", var.regions)}" + template = file("${path.module}/files/vars.ini.template") + vars = { + EC2_INSTANCE_TAG_NAME = var.EC2_INSTANCE_TAG_NAME + EC2_INSTANCE_TAG_VALUE = var.EC2_INSTANCE_TAG_VALUE + RETENTION_DAYS = var.RETENTION_DAYS + VOLUME_TAG_NAMES_TO_RETAIN = join(",", var.VOLUME_TAG_NAMES_TO_RETAIN) + REGIONS = join(",", var.regions) } } @@ -36,11 +53,11 @@ data "archive_file" "lambda_zip" { output_path = "${path.module}/lambda-${var.stack_prefix}-${var.unique_name}.zip" source { filename = "ebs_bckup.py" - content = "${file("${path.module}/ebs_bckup/ebs_bckup.py")}" + content = file("${path.module}/ebs_bckup/ebs_bckup.py") } source { filename = "vars.ini" - content = "${data.template_file.vars.rendered}" + content = data.template_file.vars.rendered } } @@ -50,11 +67,11 @@ data "archive_file" "lambda_zip" { resource "aws_lambda_function" "ebs_bckup_lambda" { function_name = "${var.stack_prefix}_lambda_${var.unique_name}" filename = "${path.module}/lambda-${var.stack_prefix}-${var.unique_name}.zip" - source_code_hash = "${data.archive_file.lambda_zip.output_base64sha256}" - role = "${aws_iam_role.ebs_bckup-role-lambdarole.arn}" + source_code_hash = data.archive_file.lambda_zip.output_base64sha256 + role = aws_iam_role.ebs_bckup-role-lambdarole.arn runtime = "python3.8" handler = "ebs_bckup.lambda_handler" - timeout = "${var.timeout}" + timeout = var.timeout publish = true memory_size = 1024 @@ -72,9 +89,9 @@ resource "aws_cloudwatch_event_rule" "ebs_bckup_timer" { # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - resource "aws_cloudwatch_event_target" "run_ebs_bckup_lambda" { - rule = "${aws_cloudwatch_event_rule.ebs_bckup_timer.name}" - target_id = "${aws_lambda_function.ebs_bckup_lambda.id}" - arn = "${aws_lambda_function.ebs_bckup_lambda.arn}" + rule = aws_cloudwatch_event_rule.ebs_bckup_timer.name + target_id = aws_lambda_function.ebs_bckup_lambda.id + arn = aws_lambda_function.ebs_bckup_lambda.arn } # Allow lambda to be called from cloudwatch @@ -83,7 +100,7 @@ resource "aws_cloudwatch_event_target" "run_ebs_bckup_lambda" { resource "aws_lambda_permission" "allow_cloudwatch_to_call" { statement_id = "${var.stack_prefix}_AllowExecutionFromCloudWatch_${var.unique_name}" action = "lambda:InvokeFunction" - function_name = "${aws_lambda_function.ebs_bckup_lambda.function_name}" + function_name = aws_lambda_function.ebs_bckup_lambda.function_name principal = "events.amazonaws.com" - source_arn = "${aws_cloudwatch_event_rule.ebs_bckup_timer.arn}" + source_arn = aws_cloudwatch_event_rule.ebs_bckup_timer.arn } diff --git a/outputs.tf b/outputs.tf index 2b2c2cb..5ce3270 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,8 +1,8 @@ output "aws_iam_role_arn" { - value = "${aws_iam_role.ebs_bckup-role-lambdarole.arn}" + value = aws_iam_role.ebs_bckup-role-lambdarole.arn } output "lambda_function_name" { - value = "${aws_lambda_function.ebs_bckup_lambda.function_name}" + value = aws_lambda_function.ebs_bckup_lambda.function_name } diff --git a/variables.tf b/variables.tf index 198c155..86e68e1 100644 --- a/variables.tf +++ b/variables.tf @@ -17,7 +17,7 @@ variable "RETENTION_DAYS" { variable "VOLUME_TAG_NAMES_TO_RETAIN" { default = [] - type = "list" + type = list description = "List of volume tag names, which will be copied to the snapshot tags from the volume" } @@ -36,11 +36,11 @@ variable "cron_expression" { } variable "regions" { - type = "list" + type = list description = "List of regions in which this Lambda function may run. At least one region is required." } variable "timeout" { - default = "600" + default = 600 description = "Number of seconds that the snapshotting Lambda is allowed to run. Increase if you have a large number of instances." }