forked from gchamon/terraform-aws-bucket-antivirus
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathlambda.tf
111 lines (89 loc) · 3.48 KB
/
lambda.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
resource "aws_lambda_function" "antivirus_scanner" {
depends_on = [
aws_lambda_invocation.antivirus_update,
]
function_name = local.names["lambda_scanner_function"]
timeout = 300
memory_size = 2048
runtime = "python3.7"
handler = "scan.lambda_handler"
role = aws_iam_role.antivirus_scanner_role.arn
source_code_hash = filebase64sha256(local.antivirus_lambda_code_path)
s3_bucket = aws_s3_bucket.antivirus_code.bucket
s3_key = aws_s3_bucket_object.antivirus_code.key
environment {
variables = merge(
{
AV_DEFINITION_S3_BUCKET = aws_s3_bucket.antivirus_definitions.bucket
},
(var.create_sns_scanner_destination_topic ? { AV_STATUS_SNS_ARN = aws_sns_topic.scanner_destination[0].arn } : {}),
(var.create_sns_scanner_destination_topic ? { AV_SCAN_START_SNS_ARN = aws_sns_topic.scanner_destination[0].arn } : {}),
var.scanner_environment_variables,
)
}
}
resource "aws_lambda_function_event_invoke_config" "antivirus_scanner_sns_scan_result_topic" {
count = var.create_sns_scanner_destination_topic ? 1 : 0
function_name = aws_lambda_function.antivirus_scanner.function_name
maximum_event_age_in_seconds = 21600
maximum_retry_attempts = 2
destination_config {
on_success {
destination = aws_sns_topic.scanner_destination[0].arn
}
on_failure {
destination = aws_sns_topic.scanner_destination[0].arn
}
}
}
resource "aws_lambda_permission" "trigger_by_s3" {
count = length(var.buckets_to_scan)
statement_id = "AllowExecutionFromS3BucketsToScan"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.antivirus_scanner.function_name
principal = "s3.amazonaws.com"
source_arn = "arn:aws:s3:::${var.buckets_to_scan[count.index].bucket}"
}
resource "aws_s3_bucket_notification" "staging" {
count = length(var.buckets_to_scan)
bucket = var.buckets_to_scan[count.index].bucket
dynamic "lambda_function" {
for_each = var.buckets_to_scan[count.index].prefixes
content {
events = ["s3:ObjectCreated:*"]
filter_prefix = lambda_function.value
id = "av-scan-${lambda_function.value}"
lambda_function_arn = aws_lambda_function.antivirus_scanner.arn
}
}
}
resource "aws_lambda_function" "antivirus_update" {
function_name = local.names["lambda_updater_function"]
timeout = 300
memory_size = 1024
runtime = "python3.7"
handler = "update.lambda_handler"
role = aws_iam_role.antivirus_update_role.arn
s3_bucket = aws_s3_bucket.antivirus_code.bucket
s3_key = aws_s3_bucket_object.antivirus_code.key
source_code_hash = filebase64sha256(local.antivirus_lambda_code_path)
environment {
variables = merge(
{
AV_DEFINITION_S3_BUCKET = aws_s3_bucket.antivirus_definitions.bucket
},
var.updater_environment_variables
)
}
}
resource "aws_lambda_invocation" "antivirus_update" {
count = var.update_antivirus_definitions_on_deploy ? 1 : 0
function_name = aws_lambda_function.antivirus_update.function_name
input = jsonencode({}) // Some body is needed. Empty object it is then.
}
module "trigger_antivirus_update_periodically" {
source = "./modules/periodic-lambda-trigger"
lambda_function = aws_lambda_function.antivirus_update
schedule_expression = "rate(${var.antivirus_update_rate})"
description = "Update antivirus definitions every ${var.antivirus_update_rate}"
}