fmaree-uk/lambda-slack.tf

## lambda-slack.tf
resource "aws_iam_role" "lambda_iam_role" {
  name = "lambda_iam_role"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

resource "aws_iam_role_policy" "lambda_iam_access_policy" {
  name   = "${var.environment}_lambda_iam_access_policy"
  role   = "${aws_iam_role.lambda_iam_role.id}"
  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "logs:DescribeLogStreams"
      ],
      "Resource": [
        "arn:aws:logs:*:*:*"
      ]
    },
    {
      "Action": [
        "cloudwatch:*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": [
        "sns:*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
EOF
}

resource "aws_lambda_function" "sns_to_slack_lambda_function" {
  filename         = "${var.lambda_function_sns_to_slack_file}"
  function_name    = "lambda_function_SnsToSlack_EncyptedHookUrl"
  role             = "${aws_iam_role.lambda_iam_role.arn}"
  handler          = "index.handler"
  source_code_hash = "${base64sha256(file("files/lambda_function_SnsToSlack.zip"))}"
  runtime          = "nodejs4.3"
  kms_key_arn 	   = "${var.ksm_sns_to_slack}"
}

resource "aws_cloudwatch_log_group" "sns_to_slack_lambda_cloudwatch_log_group" {
  name              = "/aws/lambda/${aws_lambda_function.sns_to_slack_lambda_function.function_name}"
  retention_in_days = "14"
}
	resource "aws_iam_role" "lambda_iam_role" {
	name = "lambda_iam_role"

	assume_role_policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Action": "sts:AssumeRole",
	"Principal": {
	"Service": "lambda.amazonaws.com"
	},
	"Effect": "Allow",
	"Sid": ""
	}
	]
	}
	EOF
	}

	resource "aws_iam_role_policy" "lambda_iam_access_policy" {
	name = "${var.environment}_lambda_iam_access_policy"
	role = "${aws_iam_role.lambda_iam_role.id}"
	policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"logs:CreateLogGroup",
	"logs:CreateLogStream",
	"logs:PutLogEvents",
	"logs:DescribeLogStreams"
	],
	"Resource": [
	"arn:aws:logs:::*"
	]
	},
	{
	"Action": [
	"cloudwatch:*"
	],
	"Effect": "Allow",
	"Resource": "*"
	},
	{
	"Action": [
	"sns:*"
	],
	"Effect": "Allow",
	"Resource": "*"
	}
	]
	}
	EOF
	}

	resource "aws_lambda_function" "sns_to_slack_lambda_function" {
	filename = "${var.lambda_function_sns_to_slack_file}"
	function_name = "lambda_function_SnsToSlack_EncyptedHookUrl"
	role = "${aws_iam_role.lambda_iam_role.arn}"
	handler = "index.handler"
	source_code_hash = "${base64sha256(file("files/lambda_function_SnsToSlack.zip"))}"
	runtime = "nodejs4.3"
	kms_key_arn = "${var.ksm_sns_to_slack}"
	}

	resource "aws_cloudwatch_log_group" "sns_to_slack_lambda_cloudwatch_log_group" {
	name = "/aws/lambda/${aws_lambda_function.sns_to_slack_lambda_function.function_name}"
	retention_in_days = "14"
	}