Last active
December 11, 2019 00:32
-
-
Save ultim8k/5707b31d02b2c965e8d4522bc33d88af to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
provider "aws" { | |
region = "eu-west-1" | |
} | |
# Lambda | |
resource "aws_lambda_function" "tf-example" { | |
function_name = "ServerlessExample" | |
# The bucket name as created earlier with "aws s3api create-bucket" | |
s3_bucket = "tf-example-store" | |
s3_key = "v1.0.0/tf-example.zip" | |
# "main" is the filename within the zip file (main.js) and "handler" | |
# is the name of the property under which the handler function was | |
# exported in that file. | |
handler = "main.handler" | |
runtime = "nodejs10.x" | |
role = aws_iam_role.lambda_exec.arn | |
} | |
# IAM role which dictates what other AWS services the Lambda function | |
# may access. | |
resource "aws_iam_role" "lambda_exec" { | |
name = "serverless_example_lambda" | |
assume_role_policy = <<EOF | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": "sts:AssumeRole", | |
"Principal": { | |
"Service": "lambda.amazonaws.com" | |
}, | |
"Effect": "Allow", | |
"Sid": "" | |
} | |
] | |
} | |
EOF | |
} | |
# API Gateway | |
resource "aws_api_gateway_rest_api" "tf-example" { | |
name = "ServerlessExample" | |
description = "Terraform Serverless Application Example" | |
} | |
resource "aws_api_gateway_resource" "proxy" { | |
rest_api_id = aws_api_gateway_rest_api.tf-example.id | |
parent_id = aws_api_gateway_rest_api.tf-example.root_resource_id | |
path_part = "{proxy+}" | |
} | |
resource "aws_api_gateway_method" "proxy" { | |
rest_api_id = aws_api_gateway_rest_api.tf-example.id | |
resource_id = aws_api_gateway_resource.proxy.id | |
http_method = "ANY" | |
authorization = "NONE" | |
} | |
resource "aws_api_gateway_integration" "lambda" { | |
rest_api_id = aws_api_gateway_rest_api.tf-example.id | |
resource_id = aws_api_gateway_method.proxy.resource_id | |
http_method = aws_api_gateway_method.proxy.http_method | |
integration_http_method = "POST" | |
type = "AWS_PROXY" | |
uri = aws_lambda_function.tf-example.invoke_arn | |
} | |
resource "aws_api_gateway_method" "proxy_root" { | |
rest_api_id = aws_api_gateway_rest_api.tf-example.id | |
resource_id = aws_api_gateway_rest_api.tf-example.root_resource_id | |
http_method = "ANY" | |
authorization = "NONE" | |
} | |
resource "aws_api_gateway_integration" "lambda_root" { | |
rest_api_id = aws_api_gateway_rest_api.tf-example.id | |
resource_id = aws_api_gateway_method.proxy_root.resource_id | |
http_method = aws_api_gateway_method.proxy_root.http_method | |
integration_http_method = "POST" | |
type = "AWS_PROXY" | |
uri = aws_lambda_function.tf-example.invoke_arn | |
} | |
resource "aws_api_gateway_deployment" "tf-example" { | |
depends_on = [ | |
aws_api_gateway_integration.lambda, | |
aws_api_gateway_integration.lambda_root, | |
] | |
rest_api_id = aws_api_gateway_rest_api.tf-example.id | |
stage_name = "test" | |
} | |
# Permission for API to run lambda | |
resource "aws_lambda_permission" "apigw" { | |
statement_id = "AllowAPIGatewayInvoke" | |
action = "lambda:InvokeFunction" | |
function_name = aws_lambda_function.tf-example.function_name | |
principal = "apigateway.amazonaws.com" | |
# The "/*/*" portion grants access from any method on any resource | |
# within the API Gateway REST API. | |
source_arn = "${aws_api_gateway_rest_api.tf-example.execution_arn}/*/*" | |
} | |
output "base_url" { | |
value = aws_api_gateway_deployment.tf-example.invoke_url | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# resource "aws_ses_email_identity" "sender_address" { | |
# email = "email@example.com" | |
# } | |
# resource "aws_ses_email_identity" "recepient_address" { | |
# email = "email@example.com" | |
# } | |
provider "aws" { | |
region = "eu-west-1" | |
} | |
# Lambda | |
resource "aws_lambda_function" "darth_mailer" { | |
function_name = "DarthMailer" | |
# The bucket name as created earlier with "aws s3api create-bucket" | |
s3_bucket = "tf-example-store" | |
s3_key = "v1.0.1/tf-example.zip" | |
# "main" is the filename within the zip file (main.js) and "handler" | |
# is the name of the property under which the handler function was | |
# exported in that file. | |
handler = "main.handler" | |
runtime = "nodejs12.x" | |
role = aws_iam_role.lambda_exec.arn | |
} | |
# IAM role which dictates what other AWS services the Lambda function | |
# may access. | |
resource "aws_iam_role" "lambda_exec" { | |
name = "serverless_example_lambda" | |
assume_role_policy = <<EOF | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": "sts:AssumeRole", | |
"Principal": { | |
"Service": "lambda.amazonaws.com" | |
}, | |
"Effect": "Allow", | |
"Sid": "" | |
} | |
] | |
} | |
EOF | |
} | |
# Use SES iam policy | |
resource "aws_iam_role_policy" "ses_policy" { | |
name = "ses-policy" | |
role = aws_iam_role.lambda_exec.id | |
# description = "Give access to SES" | |
policy = <<EOF | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"ses:SendEmail" | |
], | |
"Resource": "*" | |
} | |
] | |
} | |
EOF | |
} | |
# Use logs iam policy | |
resource "aws_iam_role_policy" "logs_policy" { | |
name = "logs-policy" | |
role = aws_iam_role.lambda_exec.id | |
# description = "Give access to logs" | |
policy = <<EOF | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents" | |
], | |
"Resource": "arn:aws:logs:*:*:*" | |
} | |
] | |
} | |
EOF | |
} | |
# API Gateway | |
resource "aws_api_gateway_rest_api" "darth_mailer" { | |
name = "DarthMailer" | |
description = "A Serverless Application for Email Forms" | |
} | |
# resource "aws_api_gateway_resource" "root" { | |
# rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
# parent_id = aws_api_gateway_rest_api.darth_mailer.root_resource_id | |
# path_part = "" | |
# } | |
# resource "aws_api_gateway_resource" "proxy" { | |
# rest_api_id = aws_api_gateway_rest_api.tf-example.id | |
# parent_id = aws_api_gateway_rest_api.tf-example.root_resource_id | |
# path_part = "{proxy+}" | |
# } | |
# resource "aws_api_gateway_method" "proxy" { | |
# rest_api_id = aws_api_gateway_rest_api.tf-example.id | |
# resource_id = aws_api_gateway_resource.proxy.id | |
# http_method = "ANY" | |
# authorization = "NONE" | |
# } | |
# resource "aws_api_gateway_integration" "lambda" { | |
# rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
# resource_id = aws_api_gateway_method.proxy.resource_id | |
# http_method = aws_api_gateway_method.proxy.http_method | |
# integration_http_method = "POST" | |
# type = "AWS_PROXY" | |
# uri = aws_lambda_function.darth_mailer.invoke_arn | |
# } | |
resource "aws_api_gateway_method" "method_request_post_root" { | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
resource_id = aws_api_gateway_rest_api.darth_mailer.root_resource_id | |
http_method = "POST" | |
authorization = "NONE" | |
} | |
resource "aws_api_gateway_method" "method_request_options_root" { | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
resource_id = aws_api_gateway_rest_api.darth_mailer.root_resource_id | |
http_method = "OPTIONS" | |
authorization = "NONE" | |
} | |
resource "aws_api_gateway_integration" "integration_request_options_lambda_root" { | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
resource_id = aws_api_gateway_method.method_request_options_root.resource_id | |
http_method = aws_api_gateway_method.method_request_options_root.http_method | |
integration_http_method = "OPTIONS" | |
type = "MOCK" | |
passthrough_behavior = "WHEN_NO_MATCH" | |
} | |
resource "aws_api_gateway_integration" "integration_request_post_lambda_root" { | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
resource_id = aws_api_gateway_method.method_request_post_root.resource_id | |
http_method = aws_api_gateway_method.method_request_post_root.http_method | |
integration_http_method = "POST" | |
type = "AWS" | |
uri = aws_lambda_function.darth_mailer.invoke_arn | |
content_handling = "CONVERT_TO_TEXT" | |
passthrough_behavior = "WHEN_NO_TEMPLATES" | |
request_templates = { | |
"application/json" = <<EOF | |
{ | |
"grecaptcha" : $input.json('$.g-recaptcha-response'), | |
"senderName" : $input.json('$.name'), | |
"senderAddress": $input.json('$.email'), | |
"apiKey" : $input.json('$.key'), | |
"message" : $input.json('$.message') | |
} | |
EOF | |
} | |
} | |
resource "aws_api_gateway_method_response" "method_response_options_200" { | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
resource_id = aws_api_gateway_method.method_request_options_root.resource_id | |
http_method = aws_api_gateway_method.method_request_options_root.http_method | |
status_code = "200" | |
response_models = { "application/json" = "Empty" } | |
response_parameters = { | |
"method.response.header.Access-Control-Allow-Origin" = true, | |
"method.response.header.Access-Control-Allow-Methods" = true, | |
"method.response.header.Access-Control-Allow-Headers" = true, | |
} | |
} | |
resource "aws_api_gateway_method_response" "method_response_post_200" { | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
resource_id = aws_api_gateway_method.method_request_post_root.resource_id | |
http_method = aws_api_gateway_method.method_request_post_root.http_method | |
status_code = "200" | |
response_models = { "application/json" = "Empty" } | |
response_parameters = { | |
"method.response.header.Access-Control-Allow-Origin" = true | |
} | |
} | |
resource "aws_api_gateway_method_response" "method_response_post_400" { | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
resource_id = aws_api_gateway_method.method_request_post_root.resource_id | |
http_method = aws_api_gateway_method.method_request_post_root.http_method | |
status_code = "400" | |
} | |
resource "aws_api_gateway_method_response" "method_response_post_401" { | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
resource_id = aws_api_gateway_method.method_request_post_root.resource_id | |
http_method = aws_api_gateway_method.method_request_post_root.http_method | |
status_code = "401" | |
} | |
resource "aws_api_gateway_method_response" "method_response_post_422" { | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
resource_id = aws_api_gateway_method.method_request_post_root.resource_id | |
http_method = aws_api_gateway_method.method_request_post_root.http_method | |
status_code = "422" | |
} | |
resource "aws_api_gateway_method_response" "method_response_post_500" { | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
resource_id = aws_api_gateway_method.method_request_post_root.resource_id | |
http_method = aws_api_gateway_method.method_request_post_root.http_method | |
status_code = "500" | |
} | |
resource "aws_api_gateway_integration_response" "integration_response_root_options_200" { | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
resource_id = aws_api_gateway_method.method_request_options_root.resource_id | |
http_method = aws_api_gateway_method.method_request_options_root.http_method | |
status_code = "200" | |
depends_on = [ | |
aws_api_gateway_integration.integration_request_options_lambda_root, | |
aws_api_gateway_method_response.method_response_options_200 | |
] | |
selection_pattern = "-" | |
response_parameters = { | |
"method.response.header.Access-Control-Allow-Methods" = "'POST,OPTIONS'", | |
"method.response.header.Access-Control-Allow-Headers" = "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'", | |
"method.response.header.Access-Control-Allow-Origin" = "'*'" | |
} | |
} | |
resource "aws_api_gateway_integration_response" "integration_response_root_post_200" { | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
resource_id = aws_api_gateway_method.method_request_post_root.resource_id | |
http_method = aws_api_gateway_method.method_request_post_root.http_method | |
status_code = "200" | |
depends_on = [ | |
aws_api_gateway_integration.integration_request_post_lambda_root, | |
aws_api_gateway_method_response.method_response_post_200 | |
] | |
selection_pattern = "-" | |
response_parameters = { | |
"method.response.header.Access-Control-Allow-Origin" = "'*'" | |
} | |
} | |
resource "aws_api_gateway_integration_response" "integration_response_root_post_400" { | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
resource_id = aws_api_gateway_method.method_request_post_root.resource_id | |
http_method = aws_api_gateway_method.method_request_post_root.http_method | |
status_code = "400" | |
depends_on = [ | |
aws_api_gateway_integration.integration_request_post_lambda_root, | |
aws_api_gateway_method_response.method_response_post_400 | |
] | |
selection_pattern = ".*400.*" | |
} | |
resource "aws_api_gateway_integration_response" "integration_response_root_post_401" { | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
resource_id = aws_api_gateway_method.method_request_post_root.resource_id | |
http_method = aws_api_gateway_method.method_request_post_root.http_method | |
status_code = "401" | |
depends_on = [ | |
aws_api_gateway_integration.integration_request_post_lambda_root, | |
aws_api_gateway_method_response.method_response_post_401 | |
] | |
selection_pattern = ".*401.*" | |
} | |
resource "aws_api_gateway_integration_response" "integration_response_root_post_422" { | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
resource_id = aws_api_gateway_method.method_request_post_root.resource_id | |
http_method = aws_api_gateway_method.method_request_post_root.http_method | |
status_code = "422" | |
depends_on = [ | |
aws_api_gateway_integration.integration_request_post_lambda_root, | |
aws_api_gateway_method_response.method_response_post_422 | |
] | |
selection_pattern = ".*422.*" | |
} | |
resource "aws_api_gateway_integration_response" "integration_response_root_post_500" { | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
resource_id = aws_api_gateway_method.method_request_post_root.resource_id | |
http_method = aws_api_gateway_method.method_request_post_root.http_method | |
status_code = "500" | |
depends_on = [ | |
aws_api_gateway_integration.integration_request_post_lambda_root, | |
aws_api_gateway_method_response.method_response_post_500 | |
] | |
selection_pattern = ".*500.*" | |
} | |
resource "aws_api_gateway_deployment" "darth_mailer" { | |
depends_on = [ | |
# aws_api_gateway_integration.lambda, | |
# aws_api_gateway_integration.integration_request_options_lambda_root, | |
# aws_api_gateway_integration.integration_request_post_lambda_root, | |
aws_api_gateway_integration_response.integration_response_root_options_200, | |
aws_api_gateway_integration_response.integration_response_root_post_200, | |
aws_api_gateway_integration_response.integration_response_root_post_400, | |
aws_api_gateway_integration_response.integration_response_root_post_401, | |
aws_api_gateway_integration_response.integration_response_root_post_422, | |
aws_api_gateway_integration_response.integration_response_root_post_500, | |
] | |
rest_api_id = aws_api_gateway_rest_api.darth_mailer.id | |
stage_name = "dev" | |
} | |
# Permission for API to run lambda | |
resource "aws_lambda_permission" "apigw" { | |
statement_id = "AllowAPIGatewayInvoke" | |
action = "lambda:InvokeFunction" | |
function_name = aws_lambda_function.darth_mailer.function_name | |
principal = "apigateway.amazonaws.com" | |
# The "/*/*" portion grants access from any method on any resource | |
# within the API Gateway REST API. | |
source_arn = "${aws_api_gateway_rest_api.darth_mailer.execution_arn}/*/*" | |
} | |
output "base_url" { | |
value = aws_api_gateway_deployment.darth_mailer.invoke_url | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment