Skip to content

Commit

Permalink
terraform 0.12 upgrade
Browse files Browse the repository at this point in the history
  • Loading branch information
@matthieudolci
matthieudolci committed Feb 7, 2020
1 parent 34d794a commit 3086c02
Show file tree
Hide file tree
Showing 3 changed files with 69 additions and 45 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@
build
copy.zip
check.zip
.terraform
109 changes: 64 additions & 45 deletions terraform/terraform.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ resource "aws_iam_role" "rdscheck_iam_role" {
]
}
EOF

}

resource "null_resource" "get_release" {
Expand All @@ -25,49 +26,62 @@ resource "null_resource" "get_release" {

# We do that so null_resource is called everytime we run terraform apply or plan
triggers = {
always_run = "${timestamp()}"
always_run = timestamp()
}
}

data "archive_file" "lambda_code" {
type = "zip"
source_file = "${path.module}/lambda-files/main"
output_path = "${path.module}/lambda-files/main.zip"
depends_on = ["null_resource.get_release"]
depends_on = [null_resource.get_release]
}

resource "aws_lambda_function" "rdscheck_lambda_copy" {
count = "${var.command != "check" ? 1 : 0}"
filename = "${data.archive_file.lambda_code.output_path}"
count = var.command != "check" ? 1 : 0
filename = data.archive_file.lambda_code.output_path
function_name = "${var.command}-rdscheck"
role = "${aws_iam_role.rdscheck_iam_role.arn}"
role = aws_iam_role.rdscheck_iam_role.arn
handler = "main"
source_code_hash = "${data.archive_file.lambda_code.output_base64sha256}"
source_code_hash = data.archive_file.lambda_code.output_base64sha256
runtime = "go1.x"
memory_size = 128
timeout = 120
environment = ["${slice(list(var.lambda_env_vars), 0, length(var.lambda_env_vars) == 0 ? 0 : 1)}"]

dynamic "environment" {
for_each = var.lambda_env_vars == null ? [] : [var.lambda_env_vars]
content {
variables = environment.value.variables
}
}
}

resource "aws_lambda_function" "rdscheck_lambda_check" {
count = "${var.command != "copy" ? 1 : 0}"
filename = "${data.archive_file.lambda_code.output_path}"
count = var.command != "copy" ? 1 : 0
filename = data.archive_file.lambda_code.output_path
function_name = "${var.command}-rdscheck"
role = "${aws_iam_role.rdscheck_iam_role.arn}"
role = aws_iam_role.rdscheck_iam_role.arn
handler = "main"
source_code_hash = "${data.archive_file.lambda_code.output_base64sha256}"
source_code_hash = data.archive_file.lambda_code.output_base64sha256
runtime = "go1.x"
memory_size = 128
timeout = 120
environment = ["${slice(list(var.lambda_env_vars), 0, length(var.lambda_env_vars) == 0 ? 0 : 1)}"]

dynamic "environment" {
for_each = var.lambda_env_vars == null ? [] : [var.lambda_env_vars]
content {
variables = environment.value.variables
}
}

vpc_config {
subnet_ids = ["${var.subnet_ids}"]
security_group_ids = ["${var.security_group_ids}"]
subnet_ids = var.subnet_ids
security_group_ids = var.security_group_ids
}
}

data "aws_iam_policy" "AWSLambdaVPCAccessExecutionRole" {
count = "${var.command != "copy" ? 1 : 0}"
count = var.command != "copy" ? 1 : 0
arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
}

Expand All @@ -84,28 +98,28 @@ data "aws_iam_policy" "AmazonRDSFullAccess" {
}

resource "aws_iam_role_policy_attachment" "rdscheck_role_AWSLambdaVPCAccessExecutionRole_policy_attach" {
count = "${var.command != "copy" ? 1 : 0}"
role = "${aws_iam_role.rdscheck_iam_role.name}"
policy_arn = "${data.aws_iam_policy.AWSLambdaVPCAccessExecutionRole.arn}"
count = var.command != "copy" ? 1 : 0
role = aws_iam_role.rdscheck_iam_role.name
policy_arn = data.aws_iam_policy.AWSLambdaVPCAccessExecutionRole[0].arn
}

resource "aws_iam_role_policy_attachment" "rdscheck_role_CloudWatchFullAccess_policy_attach" {
role = "${aws_iam_role.rdscheck_iam_role.name}"
policy_arn = "${data.aws_iam_policy.CloudWatchFullAccess.arn}"
role = aws_iam_role.rdscheck_iam_role.name
policy_arn = data.aws_iam_policy.CloudWatchFullAccess.arn
}

resource "aws_iam_role_policy_attachment" "rdscheck_role_AmazonS3ReadOnlyAccess_policy_attach" {
role = "${aws_iam_role.rdscheck_iam_role.name}"
policy_arn = "${data.aws_iam_policy.AmazonS3ReadOnlyAccess.arn}"
role = aws_iam_role.rdscheck_iam_role.name
policy_arn = data.aws_iam_policy.AmazonS3ReadOnlyAccess.arn
}

resource "aws_iam_role_policy_attachment" "rdscheck_role_AmazonRDSFullAccess_policy_attach" {
role = "${aws_iam_role.rdscheck_iam_role.name}"
policy_arn = "${data.aws_iam_policy.AmazonRDSFullAccess.arn}"
role = aws_iam_role.rdscheck_iam_role.name
policy_arn = data.aws_iam_policy.AmazonRDSFullAccess.arn
}

resource "aws_cloudwatch_event_rule" "rdscheck_rule_copy" {
count = "${var.command != "check" ? 1 : 0}"
count = var.command != "check" ? 1 : 0
name = "rdscheck_copy_rule"
is_enabled = true
event_pattern = <<PATTERN
Expand All @@ -118,64 +132,69 @@ resource "aws_cloudwatch_event_rule" "rdscheck_rule_copy" {
]
}
PATTERN

}

resource "aws_cloudwatch_event_rule" "rdscheck_rule_check" {
count = "${var.command != "copy" ? 1 : 0}"
count = var.command != "copy" ? 1 : 0
name = "rdscheck_check_rule"
schedule_expression = "${var.lambda_rate}"
schedule_expression = var.lambda_rate
is_enabled = true
}

resource "aws_cloudwatch_event_target" "rdscheck_target_check" {
count = "${var.command != "copy" ? 1 : 0}"
rule = "${aws_cloudwatch_event_rule.rdscheck_rule_check.name}"
arn = "${aws_lambda_function.rdscheck_lambda_check.arn}"
count = var.command != "copy" ? 1 : 0
rule = aws_cloudwatch_event_rule.rdscheck_rule_check[0].name
arn = aws_lambda_function.rdscheck_lambda_check[0].arn
}

resource "aws_cloudwatch_event_target" "rdscheck_target_copy" {
count = "${var.command != "check" ? 1 : 0}"
rule = "${aws_cloudwatch_event_rule.rdscheck_rule_copy.name}"
arn = "${aws_lambda_function.rdscheck_lambda_copy.arn}"
count = var.command != "check" ? 1 : 0
rule = aws_cloudwatch_event_rule.rdscheck_rule_copy[0].name
arn = aws_lambda_function.rdscheck_lambda_copy[0].arn
}

resource "aws_lambda_permission" "allow_cloudwatch_to_call_rdscheck_check" {
count = "${var.command != "copy" ? 1 : 0}"
count = var.command != "copy" ? 1 : 0
statement_id = "AllowExecutionFromCloudWatch"
action = "lambda:InvokeFunction"
function_name = "${aws_lambda_function.rdscheck_lambda_check.function_name}"
function_name = aws_lambda_function.rdscheck_lambda_check[0].function_name
principal = "events.amazonaws.com"
source_arn = "${aws_cloudwatch_event_rule.rdscheck_rule_check.arn}"
source_arn = aws_cloudwatch_event_rule.rdscheck_rule_check[0].arn
}

resource "aws_lambda_permission" "allow_cloudwatch_to_call_rdscheck_copy" {
count = "${var.command != "check" ? 1 : 0}"
count = var.command != "check" ? 1 : 0
statement_id = "AllowExecutionFromCloudWatch"
action = "lambda:InvokeFunction"
function_name = "${aws_lambda_function.rdscheck_lambda_copy.function_name}"
function_name = aws_lambda_function.rdscheck_lambda_copy[0].function_name
principal = "events.amazonaws.com"
source_arn = "${aws_cloudwatch_event_rule.rdscheck_rule_copy.arn}"
source_arn = aws_cloudwatch_event_rule.rdscheck_rule_copy[0].arn
}

variable "lambda_rate" {
default = "rate(30 minutes)"
}

variable "release_version" {}
variable "release_version" {
}

variable "command" {}
variable "command" {
}

variable "lambda_env_vars" {
type = "map"
default = {}
type = object({
variables = map(string)
})
default = null
}

variable "security_group_ids" {
type = "list"
type = list(string)
default = []
}

variable "subnet_ids" {
type = "list"
type = list(string)
default = []
}
4 changes: 4 additions & 0 deletions terraform/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@

terraform {
required_version = ">= 0.12"
}

0 comments on commit 3086c02

Please sign in to comment.