Skip to content

Instantly share code, notes, and snippets.

@yasudacloud
Last active Aug 30, 2022
Embed
What would you like to do?
# Terraform code for EFS and Lambda
## It is assumed that a VPC already exists
data "aws_vpc" "example-vpc" {
id = "vpc-xxxxxxxxxxx"
}
variable "example-subnet-a" {
default = "xxxxxx"
}
variable "example-subnet-c" {
default = "yyyyyy"
}
resource "aws_efs_file_system" "example-efs-filesystem" {
tags = {
Name = "example-${terraform.workspace}"
}
}
resource "aws_security_group" "example-lambda-vpc" {
name = "example-${terraform.workspace}-lambda-vpc-sg"
vpc_id = data.aws_vpc.example-vpc.id
tags = {
Name = "example-${terraform.workspace}"
}
}
resource "aws_security_group" "example-efs" {
name = "example-${terraform.workspace}-efs-sg"
vpc_id = data.aws_vpc.example-vpc.id
ingress {
from_port = 2049
protocol = "tcp"
to_port = 2049
security_groups = [
aws_security_group.example-lambda-vpc.id
]
}
ingress {
from_port = 2049
protocol = "udp"
to_port = 2049
security_groups = [
aws_security_group.example-lambda-vpc.id
]
}
egress {
from_port = 2049
protocol = "tcp"
to_port = 2049
cidr_blocks = [
"0.0.0.0/0"
]
}
tags = {
Name = "example-${terraform.workspace}"
}
}
resource "aws_efs_mount_target" "example-efs-mount-target-a" {
file_system_id = aws_efs_file_system.example-efs-filesystem.id
subnet_id = var.example-subnet-a
security_groups = [
aws_security_group.example-efs.id
]
tags = {
Name = "example-${terraform.workspace}"
}
}
resource "aws_efs_mount_target" "example-efs-mount-target-c" {
file_system_id = aws_efs_file_system.example-efs-filesystem.id
subnet_id = var.example-subnet-c
security_groups = [
aws_security_group.example-efs.id
]
tags = {
Name = "example-${terraform.workspace}"
}
}
resource "aws_efs_access_point" "example-efs-access-point" {
file_system_id = aws_efs_file_system.example-efs-filesystem.id
posix_user {
gid = 1000
uid = 1000
}
# Please set the appropriate value
root_directory {
path = "/volume"
creation_info {
owner_gid = 1000
owner_uid = 1000
permissions = "0755"
}
}
tags = {
Name = "example-${terraform.workspace}"
}
}
resource "aws_iam_role" "example-lambda-role" {
managed_policy_arns = [
"arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole",
"arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadWriteAccess",
]
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
data "archive_file" "example-lambda-zip"{
type = "zip"
source_dir = "${path.module}/src"
output_path = "${path.module}/upload/lambda.zip"
}
## You need to add index.js to the src directory
resource "aws_lambda_function" "example-lambda" {
function_name = "hello"
role = aws_iam_role.example-lambda-role.arn
filename = data.archive_file.example-lambda-zip.output_path
handler = "index.handler"
runtime = "nodejs16.x"
timeout = 30
source_code_hash = data.archive_file.example-lambda-zip.output_base64sha256
file_system_config {
arn = aws_efs_access_point.example-efs-access-point.arn
local_mount_path = "/mnt/efs"
}
vpc_config {
security_group_ids = [
aws_security_group.example-lambda-vpc.id
]
subnet_ids = [
var.example-subnet-a,
var.example-subnet-c
]
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment