Skip to content

Instantly share code, notes, and snippets.

@ultim8k
Last active December 11, 2019 00:32
Show Gist options
  • Save ultim8k/5707b31d02b2c965e8d4522bc33d88af to your computer and use it in GitHub Desktop.
Save ultim8k/5707b31d02b2c965e8d4522bc33d88af to your computer and use it in GitHub Desktop.
provider "aws" {
region = "eu-west-1"
}
# Lambda
resource "aws_lambda_function" "tf-example" {
function_name = "ServerlessExample"
# The bucket name as created earlier with "aws s3api create-bucket"
s3_bucket = "tf-example-store"
s3_key = "v1.0.0/tf-example.zip"
# "main" is the filename within the zip file (main.js) and "handler"
# is the name of the property under which the handler function was
# exported in that file.
handler = "main.handler"
runtime = "nodejs10.x"
role = aws_iam_role.lambda_exec.arn
}
# IAM role which dictates what other AWS services the Lambda function
# may access.
resource "aws_iam_role" "lambda_exec" {
name = "serverless_example_lambda"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
# API Gateway
resource "aws_api_gateway_rest_api" "tf-example" {
name = "ServerlessExample"
description = "Terraform Serverless Application Example"
}
resource "aws_api_gateway_resource" "proxy" {
rest_api_id = aws_api_gateway_rest_api.tf-example.id
parent_id = aws_api_gateway_rest_api.tf-example.root_resource_id
path_part = "{proxy+}"
}
resource "aws_api_gateway_method" "proxy" {
rest_api_id = aws_api_gateway_rest_api.tf-example.id
resource_id = aws_api_gateway_resource.proxy.id
http_method = "ANY"
authorization = "NONE"
}
resource "aws_api_gateway_integration" "lambda" {
rest_api_id = aws_api_gateway_rest_api.tf-example.id
resource_id = aws_api_gateway_method.proxy.resource_id
http_method = aws_api_gateway_method.proxy.http_method
integration_http_method = "POST"
type = "AWS_PROXY"
uri = aws_lambda_function.tf-example.invoke_arn
}
resource "aws_api_gateway_method" "proxy_root" {
rest_api_id = aws_api_gateway_rest_api.tf-example.id
resource_id = aws_api_gateway_rest_api.tf-example.root_resource_id
http_method = "ANY"
authorization = "NONE"
}
resource "aws_api_gateway_integration" "lambda_root" {
rest_api_id = aws_api_gateway_rest_api.tf-example.id
resource_id = aws_api_gateway_method.proxy_root.resource_id
http_method = aws_api_gateway_method.proxy_root.http_method
integration_http_method = "POST"
type = "AWS_PROXY"
uri = aws_lambda_function.tf-example.invoke_arn
}
resource "aws_api_gateway_deployment" "tf-example" {
depends_on = [
aws_api_gateway_integration.lambda,
aws_api_gateway_integration.lambda_root,
]
rest_api_id = aws_api_gateway_rest_api.tf-example.id
stage_name = "test"
}
# Permission for API to run lambda
resource "aws_lambda_permission" "apigw" {
statement_id = "AllowAPIGatewayInvoke"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.tf-example.function_name
principal = "apigateway.amazonaws.com"
# The "/*/*" portion grants access from any method on any resource
# within the API Gateway REST API.
source_arn = "${aws_api_gateway_rest_api.tf-example.execution_arn}/*/*"
}
output "base_url" {
value = aws_api_gateway_deployment.tf-example.invoke_url
}
# resource "aws_ses_email_identity" "sender_address" {
# email = "email@example.com"
# }
# resource "aws_ses_email_identity" "recepient_address" {
# email = "email@example.com"
# }
provider "aws" {
region = "eu-west-1"
}
# Lambda
resource "aws_lambda_function" "darth_mailer" {
function_name = "DarthMailer"
# The bucket name as created earlier with "aws s3api create-bucket"
s3_bucket = "tf-example-store"
s3_key = "v1.0.1/tf-example.zip"
# "main" is the filename within the zip file (main.js) and "handler"
# is the name of the property under which the handler function was
# exported in that file.
handler = "main.handler"
runtime = "nodejs12.x"
role = aws_iam_role.lambda_exec.arn
}
# IAM role which dictates what other AWS services the Lambda function
# may access.
resource "aws_iam_role" "lambda_exec" {
name = "serverless_example_lambda"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
# Use SES iam policy
resource "aws_iam_role_policy" "ses_policy" {
name = "ses-policy"
role = aws_iam_role.lambda_exec.id
# description = "Give access to SES"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ses:SendEmail"
],
"Resource": "*"
}
]
}
EOF
}
# Use logs iam policy
resource "aws_iam_role_policy" "logs_policy" {
name = "logs-policy"
role = aws_iam_role.lambda_exec.id
# description = "Give access to logs"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
EOF
}
# API Gateway
resource "aws_api_gateway_rest_api" "darth_mailer" {
name = "DarthMailer"
description = "A Serverless Application for Email Forms"
}
# resource "aws_api_gateway_resource" "root" {
# rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
# parent_id = aws_api_gateway_rest_api.darth_mailer.root_resource_id
# path_part = ""
# }
# resource "aws_api_gateway_resource" "proxy" {
# rest_api_id = aws_api_gateway_rest_api.tf-example.id
# parent_id = aws_api_gateway_rest_api.tf-example.root_resource_id
# path_part = "{proxy+}"
# }
# resource "aws_api_gateway_method" "proxy" {
# rest_api_id = aws_api_gateway_rest_api.tf-example.id
# resource_id = aws_api_gateway_resource.proxy.id
# http_method = "ANY"
# authorization = "NONE"
# }
# resource "aws_api_gateway_integration" "lambda" {
# rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
# resource_id = aws_api_gateway_method.proxy.resource_id
# http_method = aws_api_gateway_method.proxy.http_method
# integration_http_method = "POST"
# type = "AWS_PROXY"
# uri = aws_lambda_function.darth_mailer.invoke_arn
# }
resource "aws_api_gateway_method" "method_request_post_root" {
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
resource_id = aws_api_gateway_rest_api.darth_mailer.root_resource_id
http_method = "POST"
authorization = "NONE"
}
resource "aws_api_gateway_method" "method_request_options_root" {
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
resource_id = aws_api_gateway_rest_api.darth_mailer.root_resource_id
http_method = "OPTIONS"
authorization = "NONE"
}
resource "aws_api_gateway_integration" "integration_request_options_lambda_root" {
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
resource_id = aws_api_gateway_method.method_request_options_root.resource_id
http_method = aws_api_gateway_method.method_request_options_root.http_method
integration_http_method = "OPTIONS"
type = "MOCK"
passthrough_behavior = "WHEN_NO_MATCH"
}
resource "aws_api_gateway_integration" "integration_request_post_lambda_root" {
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
resource_id = aws_api_gateway_method.method_request_post_root.resource_id
http_method = aws_api_gateway_method.method_request_post_root.http_method
integration_http_method = "POST"
type = "AWS"
uri = aws_lambda_function.darth_mailer.invoke_arn
content_handling = "CONVERT_TO_TEXT"
passthrough_behavior = "WHEN_NO_TEMPLATES"
request_templates = {
"application/json" = <<EOF
{
"grecaptcha" : $input.json('$.g-recaptcha-response'),
"senderName" : $input.json('$.name'),
"senderAddress": $input.json('$.email'),
"apiKey" : $input.json('$.key'),
"message" : $input.json('$.message')
}
EOF
}
}
resource "aws_api_gateway_method_response" "method_response_options_200" {
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
resource_id = aws_api_gateway_method.method_request_options_root.resource_id
http_method = aws_api_gateway_method.method_request_options_root.http_method
status_code = "200"
response_models = { "application/json" = "Empty" }
response_parameters = {
"method.response.header.Access-Control-Allow-Origin" = true,
"method.response.header.Access-Control-Allow-Methods" = true,
"method.response.header.Access-Control-Allow-Headers" = true,
}
}
resource "aws_api_gateway_method_response" "method_response_post_200" {
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
resource_id = aws_api_gateway_method.method_request_post_root.resource_id
http_method = aws_api_gateway_method.method_request_post_root.http_method
status_code = "200"
response_models = { "application/json" = "Empty" }
response_parameters = {
"method.response.header.Access-Control-Allow-Origin" = true
}
}
resource "aws_api_gateway_method_response" "method_response_post_400" {
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
resource_id = aws_api_gateway_method.method_request_post_root.resource_id
http_method = aws_api_gateway_method.method_request_post_root.http_method
status_code = "400"
}
resource "aws_api_gateway_method_response" "method_response_post_401" {
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
resource_id = aws_api_gateway_method.method_request_post_root.resource_id
http_method = aws_api_gateway_method.method_request_post_root.http_method
status_code = "401"
}
resource "aws_api_gateway_method_response" "method_response_post_422" {
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
resource_id = aws_api_gateway_method.method_request_post_root.resource_id
http_method = aws_api_gateway_method.method_request_post_root.http_method
status_code = "422"
}
resource "aws_api_gateway_method_response" "method_response_post_500" {
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
resource_id = aws_api_gateway_method.method_request_post_root.resource_id
http_method = aws_api_gateway_method.method_request_post_root.http_method
status_code = "500"
}
resource "aws_api_gateway_integration_response" "integration_response_root_options_200" {
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
resource_id = aws_api_gateway_method.method_request_options_root.resource_id
http_method = aws_api_gateway_method.method_request_options_root.http_method
status_code = "200"
depends_on = [
aws_api_gateway_integration.integration_request_options_lambda_root,
aws_api_gateway_method_response.method_response_options_200
]
selection_pattern = "-"
response_parameters = {
"method.response.header.Access-Control-Allow-Methods" = "'POST,OPTIONS'",
"method.response.header.Access-Control-Allow-Headers" = "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'",
"method.response.header.Access-Control-Allow-Origin" = "'*'"
}
}
resource "aws_api_gateway_integration_response" "integration_response_root_post_200" {
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
resource_id = aws_api_gateway_method.method_request_post_root.resource_id
http_method = aws_api_gateway_method.method_request_post_root.http_method
status_code = "200"
depends_on = [
aws_api_gateway_integration.integration_request_post_lambda_root,
aws_api_gateway_method_response.method_response_post_200
]
selection_pattern = "-"
response_parameters = {
"method.response.header.Access-Control-Allow-Origin" = "'*'"
}
}
resource "aws_api_gateway_integration_response" "integration_response_root_post_400" {
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
resource_id = aws_api_gateway_method.method_request_post_root.resource_id
http_method = aws_api_gateway_method.method_request_post_root.http_method
status_code = "400"
depends_on = [
aws_api_gateway_integration.integration_request_post_lambda_root,
aws_api_gateway_method_response.method_response_post_400
]
selection_pattern = ".*400.*"
}
resource "aws_api_gateway_integration_response" "integration_response_root_post_401" {
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
resource_id = aws_api_gateway_method.method_request_post_root.resource_id
http_method = aws_api_gateway_method.method_request_post_root.http_method
status_code = "401"
depends_on = [
aws_api_gateway_integration.integration_request_post_lambda_root,
aws_api_gateway_method_response.method_response_post_401
]
selection_pattern = ".*401.*"
}
resource "aws_api_gateway_integration_response" "integration_response_root_post_422" {
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
resource_id = aws_api_gateway_method.method_request_post_root.resource_id
http_method = aws_api_gateway_method.method_request_post_root.http_method
status_code = "422"
depends_on = [
aws_api_gateway_integration.integration_request_post_lambda_root,
aws_api_gateway_method_response.method_response_post_422
]
selection_pattern = ".*422.*"
}
resource "aws_api_gateway_integration_response" "integration_response_root_post_500" {
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
resource_id = aws_api_gateway_method.method_request_post_root.resource_id
http_method = aws_api_gateway_method.method_request_post_root.http_method
status_code = "500"
depends_on = [
aws_api_gateway_integration.integration_request_post_lambda_root,
aws_api_gateway_method_response.method_response_post_500
]
selection_pattern = ".*500.*"
}
resource "aws_api_gateway_deployment" "darth_mailer" {
depends_on = [
# aws_api_gateway_integration.lambda,
# aws_api_gateway_integration.integration_request_options_lambda_root,
# aws_api_gateway_integration.integration_request_post_lambda_root,
aws_api_gateway_integration_response.integration_response_root_options_200,
aws_api_gateway_integration_response.integration_response_root_post_200,
aws_api_gateway_integration_response.integration_response_root_post_400,
aws_api_gateway_integration_response.integration_response_root_post_401,
aws_api_gateway_integration_response.integration_response_root_post_422,
aws_api_gateway_integration_response.integration_response_root_post_500,
]
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id
stage_name = "dev"
}
# Permission for API to run lambda
resource "aws_lambda_permission" "apigw" {
statement_id = "AllowAPIGatewayInvoke"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.darth_mailer.function_name
principal = "apigateway.amazonaws.com"
# The "/*/*" portion grants access from any method on any resource
# within the API Gateway REST API.
source_arn = "${aws_api_gateway_rest_api.darth_mailer.execution_arn}/*/*"
}
output "base_url" {
value = aws_api_gateway_deployment.darth_mailer.invoke_url
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment