-
-
Save yasudacloud/d255cc2742e2ad94cc4a98ef04c8b29e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Terraform code for EFS and Lambda | |
## It is assumed that a VPC already exists | |
data "aws_vpc" "example-vpc" { | |
id = "vpc-xxxxxxxxxxx" | |
} | |
variable "example-subnet-a" { | |
default = "xxxxxx" | |
} | |
variable "example-subnet-c" { | |
default = "yyyyyy" | |
} | |
resource "aws_efs_file_system" "example-efs-filesystem" { | |
tags = { | |
Name = "example-${terraform.workspace}" | |
} | |
} | |
resource "aws_security_group" "example-lambda-vpc" { | |
name = "example-${terraform.workspace}-lambda-vpc-sg" | |
vpc_id = data.aws_vpc.example-vpc.id | |
tags = { | |
Name = "example-${terraform.workspace}" | |
} | |
} | |
resource "aws_security_group" "example-efs" { | |
name = "example-${terraform.workspace}-efs-sg" | |
vpc_id = data.aws_vpc.example-vpc.id | |
ingress { | |
from_port = 2049 | |
protocol = "tcp" | |
to_port = 2049 | |
security_groups = [ | |
aws_security_group.example-lambda-vpc.id | |
] | |
} | |
ingress { | |
from_port = 2049 | |
protocol = "udp" | |
to_port = 2049 | |
security_groups = [ | |
aws_security_group.example-lambda-vpc.id | |
] | |
} | |
egress { | |
from_port = 2049 | |
protocol = "tcp" | |
to_port = 2049 | |
cidr_blocks = [ | |
"0.0.0.0/0" | |
] | |
} | |
tags = { | |
Name = "example-${terraform.workspace}" | |
} | |
} | |
resource "aws_efs_mount_target" "example-efs-mount-target-a" { | |
file_system_id = aws_efs_file_system.example-efs-filesystem.id | |
subnet_id = var.example-subnet-a | |
security_groups = [ | |
aws_security_group.example-efs.id | |
] | |
tags = { | |
Name = "example-${terraform.workspace}" | |
} | |
} | |
resource "aws_efs_mount_target" "example-efs-mount-target-c" { | |
file_system_id = aws_efs_file_system.example-efs-filesystem.id | |
subnet_id = var.example-subnet-c | |
security_groups = [ | |
aws_security_group.example-efs.id | |
] | |
tags = { | |
Name = "example-${terraform.workspace}" | |
} | |
} | |
resource "aws_efs_access_point" "example-efs-access-point" { | |
file_system_id = aws_efs_file_system.example-efs-filesystem.id | |
posix_user { | |
gid = 1000 | |
uid = 1000 | |
} | |
# Please set the appropriate value | |
root_directory { | |
path = "/volume" | |
creation_info { | |
owner_gid = 1000 | |
owner_uid = 1000 | |
permissions = "0755" | |
} | |
} | |
tags = { | |
Name = "example-${terraform.workspace}" | |
} | |
} | |
resource "aws_iam_role" "example-lambda-role" { | |
managed_policy_arns = [ | |
"arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", | |
"arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadWriteAccess", | |
] | |
assume_role_policy = <<EOF | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": "sts:AssumeRole", | |
"Principal": { | |
"Service": "lambda.amazonaws.com" | |
}, | |
"Effect": "Allow", | |
"Sid": "" | |
} | |
] | |
} | |
EOF | |
} | |
data "archive_file" "example-lambda-zip"{ | |
type = "zip" | |
source_dir = "${path.module}/src" | |
output_path = "${path.module}/upload/lambda.zip" | |
} | |
## You need to add index.js to the src directory | |
resource "aws_lambda_function" "example-lambda" { | |
function_name = "hello" | |
role = aws_iam_role.example-lambda-role.arn | |
filename = data.archive_file.example-lambda-zip.output_path | |
handler = "index.handler" | |
runtime = "nodejs16.x" | |
timeout = 30 | |
source_code_hash = data.archive_file.example-lambda-zip.output_base64sha256 | |
file_system_config { | |
arn = aws_efs_access_point.example-efs-access-point.arn | |
local_mount_path = "/mnt/efs" | |
} | |
vpc_config { | |
security_group_ids = [ | |
aws_security_group.example-lambda-vpc.id | |
] | |
subnet_ids = [ | |
var.example-subnet-a, | |
var.example-subnet-c | |
] | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment