Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add lambda example #3168

Merged
merged 2 commits into from
Feb 9, 2018
Merged

Add lambda example #3168

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cb80c79
Add lambda example
oscr Jan 28, 2018
d58ed23
Update lambda example
oscr Jan 30, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
*.zip
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We actually have a few examples where we need those zips, as in: https://github.com/terraform-providers/terraform-provider-aws/tree/master/examples/cognito-user-pool so we should remov this one

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will fix that mistake.

*.dll
*.exe
.DS_Store
Expand Down
9 changes: 9 additions & 0 deletions examples/lambda/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Lambda Example

This examples shows how to deploy an AWS Lambda function.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would like to enhance this message with: This examples shows how to deploy an AWS Lambda function using Terraform only.

Just to expose my point of view: another way to deploy a given lambda is by building the ZIP in your CI, put it on S3, and use a s3 object data source to get the file.
With this logic, you can version your lambdas and benefit from a real build - deploy phase.

Thoughts? :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that's an improvement. I'll add it.


To run, configure your AWS provider as described in https://www.terraform.io/docs/providers/aws/index.html

Running the example

run `terraform apply` to see it work.
6 changes: 6 additions & 0 deletions examples/lambda/hello_lambda.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
import os

def lambda_handler(event, context):
# This will show up in CloudWatch
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should either update this message to This will log to a CloudWatch Logs group if allowed by the Lambda role or add the correct permission to the IAM role, as we are not defining the CloudWatch:Logs action to actually log.

In both cases, we should rewrite it to This will log to a CloudWatch Logs group to better explain what's going on.

What do you think?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will remove logging because it's not that clear cut due to the AWS console. If you run the lambda you'll see the following under Log output:

START RequestId: dd6b2bf4-05e8-11e8-8679-a50298ecb88b Version: $LATEST
Value of 'foo': bar
END RequestId: dd6b2bf4-05e8-11e8-8679-a50298ecb88b
REPORT RequestId: dd6b2bf4-05e8-11e8-8679-a50298ecb88b	Duration: 1.13 ms	Billed Duration: 100 ms 	Memory Size: 128 MB	Max Memory Used: 21 MB

If we were to print This will log to a CloudWatch Logs group if allowed by the Lambda role and it appears in the console then it wouldn't be unreasonable to believe that the correct permissions are set. So I'll simplify the example.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@oscr My question was meant for the comment line only, not the log line that would appear in CloudWatch Logs 😄, sorry for the confusion!

print("Value of 'foo': " + os.environ['foo'])
return 'Hello from Lambda!'
48 changes: 48 additions & 0 deletions examples/lambda/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
# Specify the provider and access details
provider "aws" {
region = "${var.aws_region}"
}

provider "archive" {}

data "archive_file" "zip" {
type = "zip"
source_file = "hello_lambda.py"
output_path = "hello_lambda.zip"
}

data "aws_iam_policy_document" "policy" {
statement {
sid = ""
effect = "Allow"

principals {
identifiers = ["lambda.amazonaws.com"]
type = "Service"
}

actions = ["sts:AssumeRole"]
}
}

resource "aws_iam_role" "iam_for_lambda" {
name = "iam_for_lambda"
assume_role_policy = "${data.aws_iam_policy_document.policy.json}"
}

resource "aws_lambda_function" "lambda" {
function_name = "hello_lambda"

filename = "${data.archive_file.zip.output_path}"
source_code_hash = "${data.archive_file.zip.output_sha}"

role = "${aws_iam_role.iam_for_lambda.arn}"
handler = "hello_lambda.lambda_handler"
runtime = "python3.6"

environment {
variables = {
foo = "bar"
}
}
}
3 changes: 3 additions & 0 deletions examples/lambda/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
output "lambda" {
value = "${aws_lambda_function.lambda.qualified_arn}"
}
4 changes: 4 additions & 0 deletions examples/lambda/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
variable "aws_region" {
description = "The AWS region to create things in."
default = "us-east-1"
}