-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathlecture_4.tf
144 lines (122 loc) · 4.26 KB
/
lecture_4.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
# Lecture 4:
/*
#######################################################################
# Lambda function resources #
resource "aws_iam_role" "db_reader_lambda_iam_role" {
name = "${var.my_name}db_reader_lambda_iam_role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "db_reader_lambda_basic_execution_role" {
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
role = aws_iam_role.db_reader_lambda_iam_role.name
}
resource "aws_iam_policy" "db_reader_lambda_additional_policies" {
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"dynamodb:GetItem",
"dynamodb:Scan"
],
"Effect": "Allow",
"Resource": "${aws_dynamodb_table.my_dynamodb_table.arn}"
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "dynamodb_policy_attachment" {
policy_arn = aws_iam_policy.db_reader_lambda_additional_policies.arn
role = aws_iam_role.db_reader_lambda_iam_role.name
}
data "archive_file" "db_reader_lambda_zip" {
type = "zip"
source_dir = "./lambda_code/lecture_4"
output_path = "./lambda_code/lecture_4/lambda.zip"
}
resource "aws_lambda_function" "db_reader_lambda" {
filename = "./lambda_code/lecture_4/lambda.zip"
function_name = "${var.my_name}_db_reader"
role = aws_iam_role.db_reader_lambda_iam_role.arn
handler = "db_reader.lambda_handler"
source_code_hash = data.archive_file.db_reader_lambda_zip.output_base64sha256
runtime = "python3.9"
environment {
variables = {
DB_NAME = aws_dynamodb_table.my_dynamodb_table.name
}
}
}
#######################################################################
# API Gateway #
resource "aws_api_gateway_rest_api" "birds_api" {
name = "${var.my_name}_birds_api"
}
# creating the '/birds' resource
resource "aws_api_gateway_resource" "birds_resource" {
parent_id = aws_api_gateway_rest_api.birds_api.root_resource_id
path_part = ""
rest_api_id = aws_api_gateway_rest_api.birds_api.id
}
# creating the '/{id}' resource and attaches it to the '/birds' resource
resource "aws_api_gateway_resource" "bird_resource" {
parent_id = aws_api_gateway_resource.birds_resource.id
path_part = "{id}"
rest_api_id = aws_api_gateway_rest_api.birds_api.id
}
# creating a GET method on the '/{id)' resource
resource "aws_api_gateway_method" "bird_resource_get_method" {
authorization = "NONE"
http_method = "GET"
resource_id = aws_api_gateway_resource.bird_resource.id
rest_api_id = aws_api_gateway_rest_api.birds_api.id
request_parameters = {
"method.request.path.id" = true
}
}
# integrating a lambda function on the GET method
resource "aws_api_gateway_integration" "lambda_integration_db_reader" {
http_method = aws_api_gateway_method.bird_resource_get_method.http_method
resource_id = aws_api_gateway_resource.bird_resource.id
rest_api_id = aws_api_gateway_rest_api.birds_api.id
type = "AWS_PROXY"
integration_http_method = "POST"
uri = aws_lambda_function.db_reader_lambda.invoke_arn
}
# grants the API Gateway access to invoke the db_reader lambda function.
resource "aws_lambda_permission" "api_gateway_invoke_db_reader_lambda_permission" {
statement_id = "AllowAPIGatewayInvoke"
action = "lambda:InvokeFunction"
function_name = ""
principal = "apigateway.amazonaws.com"
# Uncomment the three lines bellow. I had to do some special line commenting to ensure the source_arn variable would not not escape the block comment.
*/
// source_arn = "${aws_api_gateway_rest_api.birds_api.execution_arn}/*/*/*"
/*
}
# creating a deployment of our API Gateway
resource "aws_api_gateway_deployment" "demo_env" {
depends_on = [aws_api_gateway_integration.lambda_integration_db_reader, aws_lambda_function.db_reader_lambda]
rest_api_id = aws_api_gateway_rest_api.birds_api.id
stage_name = "demo"
# Added timestamp to enforce new deployment of the api gateway.
description = "Deployed at ${timestamp()}"
}
# outputs the deployment URL
*/