danvaida/cloudwatch_events.yml

## cloudwatch_events.yml
# For creating the lambda functions, see instructions here: https://github.com/pjodouin/ansible-lambda
# Run this playbook with:
# ansible-playbook cloudwatch_events.yml --extra-vars debug=True
# Ansible CloudWatch Event module PR: https://github.com/ansible/ansible-modules-extras/pull/2101
# Ansible Lambda modules PR: https://github.com/ansible/ansible-modules-extras/pull/1890
---
- name: CloudWatch Events
  hosts: localhost
  connection: local
  gather_facts: False
  vars:
    debug: False
    lambda_functions:
      -
        name: 'hereGoes' #the name of the lambda function
        publish: True
        desc: 'Here goes nothing.'
        s3_bkt: 'bucket-Name'
        s3_key: '/deployment/package/path/inside/the/bucket/'
        runtime: 'python2.7'
        timeout: 15
        handler: 'file-name.function-name' #[1], [2]
        memory: 128
        role: 'lambda_basic_execution'
        region: 'us-west-2'
        version_to_delete: 0
        policy_principal: 'events.amazonaws.com'
        policy_action: 'lambda:InvokeFunction'

    cloudwatch_events_rules:
      - name: 'every-five-minutes'
        schedule: 'rate(5 minutes)'
        description: 'runs every 5 minutes'
        target: 'hereGoes'
        region: 'us-west-2'
        state: present
      - name: 'every-10-minutes'
        schedule: 'rate(10 minutes)'
        description: 'runs every 10 minutes'
        target: 'someOtherLambda'
        region: 'us-west-2'
        state: present

  tasks:
    - name: Fetching facts of the IAM role(s)
      command: 'aws iam list-roles'
      register: _iam_roles_list
      tags: [ cloudwatch, cloudwatch_events, lambda, iam ]

    - debug:
        var: _iam_roles_list.stdout|from_json
      when: debug
      tags: [ cloudwatch, cloudwatch_events, lambda, iam ]

    - name: Fetching facts of the corresponding lambda function(s)
      lambda_facts:
        query: all
        function_name: "{{ item.target }}"
        region: "{{ item.region | default(aws_region) }}"
      with_items: "{{ cloudwatch_events_rules }}"
      register: _lambda_facts
      tags: [ cloudwatch, cloudwatch_events, lambda ]

    - debug:
        var: _lambda_facts.results
      when: debug
      tags: [ cloudwatch, cloudwatch_events, lambda ]

    - name: Creating CloudWatch Events Rule(s) with their Target(s)
      cloudwatchevent_rule:
        name: "{{ item.0.name }}"
        schedule_expression: "{{ item.0.schedule }}"
        description: "{{ item.0.description }}"
        targets:
          - id: '1'
            arn: "{{ item.1.ansible_facts.lambda_facts.function.FunctionArn }}"
#        role_arn: "{{ (_iam_roles_list.stdout|from_json).Roles[0].Arn }}"
        state: "{{ item.0.state }}"
        region: "{{ item.0.region | default(aws_region) }}"
      with_together:
        - "{{ cloudwatch_events_rules }}"
        - "{{ _lambda_facts.results }}"
      when: item.0.target == item.1.ansible_facts.lambda_facts.function.FunctionName
      register: _cloudwatch_events_rules
      tags: [ cloudwatch, cloudwatch_events_rules ]

    - debug:
        var: _cloudwatch_events_rules
      when: debug
      tags: [ cloudwatch, cloudwatch_events_rules ]

    - name: Allowing CloudWatch Event(s) to trigger Lambda function(s)
      lambda_policy:
        function_name: "{{ item.0.name }}"
        version: '0'
        statement_id: 'lambda-cloudwatch-trigger-12345abc'
        action: "{{ item.0.policy_action }}"
        principal: "{{ item.0.policy_principal }}"
        source_arn: "{{ item.1.rule.arn }}"
        region: "{{ item.0.region | default(aws_region) }}"
        state: present
      with_together:
        - "{{ lambda_functions }}"
        - "{{ _cloudwatch_events_rules.results }}"
      when: item.0.name in item.1.targets[0].arn
      register: _lambda_policy
      tags: [ cloudwatch, cloudwatch_events, lambda ]

    - debug:
        var: _lambda_policy
      when: debug
      tags: [ cloudwatch, cloudwatch_events, lambda ]

#[1] file-name as in the name of the .py file within the .zip archive.
#[2] function-name as in the python function. don't confuse with the Lambda function name.
	# For creating the lambda functions, see instructions here: https://github.com/pjodouin/ansible-lambda
	# Run this playbook with:
	# ansible-playbook cloudwatch_events.yml --extra-vars debug=True
	# Ansible CloudWatch Event module PR: https://github.com/ansible/ansible-modules-extras/pull/2101
	# Ansible Lambda modules PR: https://github.com/ansible/ansible-modules-extras/pull/1890
	---
	- name: CloudWatch Events
	hosts: localhost
	connection: local
	gather_facts: False
	vars:
	debug: False
	lambda_functions:
	-
	name: 'hereGoes' #the name of the lambda function
	publish: True
	desc: 'Here goes nothing.'
	s3_bkt: 'bucket-Name'
	s3_key: '/deployment/package/path/inside/the/bucket/'
	runtime: 'python2.7'
	timeout: 15
	handler: 'file-name.function-name' #[1], [2]
	memory: 128
	role: 'lambda_basic_execution'
	region: 'us-west-2'
	version_to_delete: 0
	policy_principal: 'events.amazonaws.com'
	policy_action: 'lambda:InvokeFunction'

	cloudwatch_events_rules:
	- name: 'every-five-minutes'
	schedule: 'rate(5 minutes)'
	description: 'runs every 5 minutes'
	target: 'hereGoes'
	region: 'us-west-2'
	state: present
	- name: 'every-10-minutes'
	schedule: 'rate(10 minutes)'
	description: 'runs every 10 minutes'
	target: 'someOtherLambda'
	region: 'us-west-2'
	state: present

	tasks:
	- name: Fetching facts of the IAM role(s)
	command: 'aws iam list-roles'
	register: _iam_roles_list
	tags: [ cloudwatch, cloudwatch_events, lambda, iam ]

	- debug:
	var: _iam_roles_list.stdout\|from_json
	when: debug
	tags: [ cloudwatch, cloudwatch_events, lambda, iam ]

	- name: Fetching facts of the corresponding lambda function(s)
	lambda_facts:
	query: all
	function_name: "{{ item.target }}"
	region: "{{ item.region \| default(aws_region) }}"
	with_items: "{{ cloudwatch_events_rules }}"
	register: _lambda_facts
	tags: [ cloudwatch, cloudwatch_events, lambda ]

	- debug:
	var: _lambda_facts.results
	when: debug
	tags: [ cloudwatch, cloudwatch_events, lambda ]

	- name: Creating CloudWatch Events Rule(s) with their Target(s)
	cloudwatchevent_rule:
	name: "{{ item.0.name }}"
	schedule_expression: "{{ item.0.schedule }}"
	description: "{{ item.0.description }}"
	targets:
	- id: '1'
	arn: "{{ item.1.ansible_facts.lambda_facts.function.FunctionArn }}"
	# role_arn: "{{ (_iam_roles_list.stdout\|from_json).Roles[0].Arn }}"
	state: "{{ item.0.state }}"
	region: "{{ item.0.region \| default(aws_region) }}"
	with_together:
	- "{{ cloudwatch_events_rules }}"
	- "{{ _lambda_facts.results }}"
	when: item.0.target == item.1.ansible_facts.lambda_facts.function.FunctionName
	register: _cloudwatch_events_rules
	tags: [ cloudwatch, cloudwatch_events_rules ]

	- debug:
	var: _cloudwatch_events_rules
	when: debug
	tags: [ cloudwatch, cloudwatch_events_rules ]

	- name: Allowing CloudWatch Event(s) to trigger Lambda function(s)
	lambda_policy:
	function_name: "{{ item.0.name }}"
	version: '0'
	statement_id: 'lambda-cloudwatch-trigger-12345abc'
	action: "{{ item.0.policy_action }}"
	principal: "{{ item.0.policy_principal }}"
	source_arn: "{{ item.1.rule.arn }}"
	region: "{{ item.0.region \| default(aws_region) }}"
	state: present
	with_together:
	- "{{ lambda_functions }}"
	- "{{ _cloudwatch_events_rules.results }}"
	when: item.0.name in item.1.targets[0].arn
	register: _lambda_policy
	tags: [ cloudwatch, cloudwatch_events, lambda ]

	- debug:
	var: _lambda_policy
	when: debug
	tags: [ cloudwatch, cloudwatch_events, lambda ]

	#[1] file-name as in the name of the .py file within the .zip archive.
	#[2] function-name as in the python function. don't confuse with the Lambda function name.