Created
August 21, 2019 15:17
-
-
Save gemmadlou/4da08848673b3284d8924fb4116c2e82 to your computer and use it in GitHub Desktop.
Terraform Lambda setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "aws_api_gateway_rest_api" "lambda" { | |
name = "some_lookup" | |
description = "Some lookup API service" | |
} | |
resource "aws_api_gateway_resource" "proxy" { | |
rest_api_id = "${aws_api_gateway_rest_api.lambda.id}" | |
parent_id = "${aws_api_gateway_rest_api.lambda.root_resource_id}" | |
path_part = "{proxy+}" | |
} | |
resource "aws_api_gateway_method" "proxy" { | |
rest_api_id = "${aws_api_gateway_rest_api.lambda.id}" | |
resource_id = "${aws_api_gateway_resource.proxy.id}" | |
http_method = "ANY" | |
authorization = "NONE" | |
} | |
resource "aws_api_gateway_integration" "lambda" { | |
rest_api_id = "${aws_api_gateway_rest_api.lambda.id}" | |
resource_id = "${aws_api_gateway_method.proxy.resource_id}" | |
http_method = "${aws_api_gateway_method.proxy.http_method}" | |
integration_http_method = "POST" | |
type = "AWS_PROXY" | |
uri = "${aws_lambda_function.lambda.invoke_arn}" | |
} | |
resource "aws_api_gateway_method" "proxy_root" { | |
rest_api_id = "${aws_api_gateway_rest_api.lambda.id}" | |
resource_id = "${aws_api_gateway_rest_api.lambda.root_resource_id}" | |
http_method = "ANY" | |
authorization = "NONE" | |
} | |
resource "aws_api_gateway_integration" "lambda_root" { | |
rest_api_id = "${aws_api_gateway_rest_api.lambda.id}" | |
resource_id = "${aws_api_gateway_method.proxy_root.resource_id}" | |
http_method = "${aws_api_gateway_method.proxy_root.http_method}" | |
integration_http_method = "POST" | |
type = "AWS_PROXY" | |
uri = "${aws_lambda_function.lambda.invoke_arn}" | |
} | |
resource "aws_api_gateway_deployment" "deployment" { | |
depends_on = [ | |
"aws_api_gateway_integration.lambda", | |
"aws_api_gateway_integration.lambda_root", | |
] | |
rest_api_id = "${aws_api_gateway_rest_api.lambda.id}" | |
stage_name = "test" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "aws_lambda_function" "lambda" { | |
function_name = "some-lookup" | |
# The bucket name as created earlier with "aws s3api create-bucket" | |
s3_bucket = "${var.s3_bucket}" | |
s3_key = "some-lookup/v${var.lambda_version}/app.zip" | |
# "main" is the filename within the zip file (index.js) and "handler" | |
# is the name of the property under which the handler function was | |
# exported in that file. | |
handler = "server/lambda.handler" | |
runtime = "nodejs8.10" | |
memory_size = 128 | |
timeout = 3 | |
role = "${aws_iam_role.role.arn}" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform { | |
provider = "aws.eu_west" | |
backend "s3" { | |
bucket = "bucketname" | |
key = "terraform-some-lookup" | |
region = "eu-west-1" | |
} | |
} | |
provider "template" { | |
version = "~> 1.0" | |
} | |
provider "aws" { | |
region = "eu-west-1" | |
} | |
# variables | |
variable "lambda_version" { } | |
variable "s3_bucket" { default = "bucket-artefacts"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
output "base_url" { | |
value = "${aws_api_gateway_deployment.example.invoke_url}" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ROLES | |
# IAM role which dictates what other AWS services the Lambda function | |
# may access. | |
resource "aws_iam_role" "role" { | |
name = "some_lookup_role" | |
assume_role_policy = <<EOF | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": "sts:AssumeRole", | |
"Principal": { | |
"Service": "lambda.amazonaws.com" | |
}, | |
"Effect": "Allow", | |
"Sid": "" | |
} | |
] | |
} | |
EOF | |
} | |
# POLICIES | |
resource "aws_iam_role_policy" "dynamodb"{ | |
name = "some_lookup_role_lambda_policy" | |
role = "${aws_iam_role.role.id}" | |
policy = <<EOF | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"dynamodb:*" | |
], | |
"Resource": "arn:aws:dynamodb:eu-west-1:621897733001:table/sometable" | |
} | |
] | |
} | |
EOF | |
} | |
resource "aws_lambda_permission" "apigateway" { | |
statement_id = "AllowAPIGatewayInvoke" | |
action = "lambda:InvokeFunction" | |
function_name = "${aws_lambda_function.lambda.arn}" | |
principal = "apigateway.amazonaws.com" | |
# The /*/* portion grants access from any method on any resource | |
# within the API Gateway "REST API". | |
source_arn = "${aws_api_gateway_deployment.deployment.execution_arn}/*/*" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment