· 7 years ago · Aug 23, 2018, 04:50 PM
1provider "aws" {
2 region = "eu-west-1"
3 access_key = "${var.access_key}"
4 secret_key = "${var.secret_key}"
5 token = "${var.token}"
6}
7
8variable "access_key" {}
9variable "secret_key" {}
10variable "token" {}
11
12/* create an S3 bucket */
13resource "aws_s3_bucket" "test_bucket" {
14 bucket = "76f61adb-8e27-43a4-b3f1-84f4cd5c9941"
15}
16
17resource "aws_s3_bucket_policy" "test_bucket" {
18 bucket = "${aws_s3_bucket.test_bucket.id}"
19 policy =<<EOF
20{
21 "Version":"2012-10-17",
22 "Statement":[
23 {
24 "Sid":"AddPerm",
25 "Effect":"Allow",
26 "Principal": "*",
27 "Action":["s3:ListBucket"],
28 "Resource":["${aws_s3_bucket.test_bucket.arn}"]
29 },
30 {
31 "Sid":"AddPerm",
32 "Effect":"Allow",
33 "Principal": "*",
34 "Action":["s3:GetObject"],
35 "Resource":["${aws_s3_bucket.test_bucket.arn}/*"]
36 },
37 {
38 "Sid":"AddPerm",
39 "Effect":"Allow",
40 "Principal": {
41 "AWS": ["${aws_iam_role.bucket_writer.arn}"]
42 },
43 "Action":["s3:GetObject"],
44 "Resource":["${aws_s3_bucket.test_bucket.arn}/*"]
45 }
46 ]
47}
48EOF
49}
50
51/* create a lambda function which does something to this S3 bucket */
52resource "aws_lambda_function" "govuk_fetcher" {
53 function_name = "GovukFetcher"
54 filename = "govuk_fetcher.zip"
55 source_code_hash = "${base64sha256(file("govuk_fetcher.zip"))}"
56 handler = "govuk_fetcher.handler"
57 runtime = "python3.6"
58 role = "${aws_iam_role.bucket_writer.arn}"
59
60 environment {
61 variables = {
62 bucket_arn = "${aws_s3_bucket.test_bucket.arn}"
63 }
64 }
65}
66
67resource "aws_iam_role" "bucket_writer" {
68 name = "bucket_writer"
69 assume_role_policy = <<EOF
70{
71 "Version": "2012-10-17",
72 "Statement": [
73 {
74 "Action": "sts:AssumeRole",
75 "Principal": {
76 "Service": "lambda.amazonaws.com"
77 },
78 "Effect": "Allow",
79 "Sid": ""
80 }
81 ]
82}
83EOF
84}
85
86/* schedule the lambda function */
87resource "aws_cloudwatch_event_rule" "every_half_hour" {
88 name = "every-half-hour"
89 schedule_expression = "rate(30 minutes)"
90}
91
92resource "aws_cloudwatch_event_target" "fetch_govuk_every_half_hour" {
93 rule = "${aws_cloudwatch_event_rule.every_half_hour.name}"
94 arn = "${aws_lambda_function.govuk_fetcher.arn}"
95}
96
97resource "aws_lambda_permission" "allow_cloudwatch_to_call_govuk_fetcher" {
98 statement_id = "AllowExecutionFromCloudWatch"
99 action = "lambda:InvokeFunction"
100 function_name = "${aws_lambda_function.govuk_fetcher.function_name}"
101 principal = "events.amazonaws.com"
102 source_arn = "${aws_cloudwatch_event_rule.every_half_hour.arn}"
103}