90 lines
2.6 KiB
Terraform
90 lines
2.6 KiB
Terraform
# Lambda function and role
|
|
|
|
module "LambdaRole" {
|
|
source = "../modules/security_identity_compliance/iam-role-v2"
|
|
role-name = "AWSLambdaBasicExecutionRole-HashWebApp"
|
|
description = "Lambda execution role for HashWebApp"
|
|
create-instance-profile = false
|
|
trusted-entity = "lambda.amazonaws.com"
|
|
policies = {
|
|
AWSLambdaBasicExecutionRole = {
|
|
description = "AWSLambdaBasicExecutionRole for HashWebApp"
|
|
policy = jsonencode(
|
|
{
|
|
"Version" : "2012-10-17",
|
|
"Statement" : [
|
|
{
|
|
"Effect" : "Allow",
|
|
"Action" : "logs:CreateLogGroup",
|
|
"Resource" : "arn:aws:logs:${var.aws-region}:${data.aws_caller_identity.this.account_id}:*"
|
|
},
|
|
{
|
|
"Effect" : "Allow",
|
|
"Action" : [
|
|
"logs:CreateLogStream",
|
|
"logs:PutLogEvents"
|
|
],
|
|
"Resource" : [
|
|
"arn:aws:logs:${var.aws-region}:${data.aws_caller_identity.this.account_id}:log-group:/aws/lambda/HashWebApp:*"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
)
|
|
}
|
|
}
|
|
}
|
|
|
|
data "archive_file" "HashWebApp" {
|
|
type = "zip"
|
|
source_file = "${path.module}/function.py"
|
|
output_path = "${path.module}/function.zip"
|
|
}
|
|
|
|
resource "aws_lambda_function" "HashWebApp" {
|
|
filename = data.archive_file.HashWebApp.output_path
|
|
function_name = "HashWebApp"
|
|
role = module.LambdaRole.role-arn
|
|
handler = "function.lambda_handler"
|
|
code_sha256 = data.archive_file.HashWebApp.output_base64sha256
|
|
architectures = ["arm64"]
|
|
|
|
runtime = "python3.14"
|
|
}
|
|
|
|
resource "aws_lambda_permission" "HashWebApp" {
|
|
statement_id = "AllowExecutionFromApiGateway"
|
|
action = "lambda:InvokeFunction"
|
|
function_name = aws_lambda_function.HashWebApp.function_name
|
|
principal = "apigateway.amazonaws.com"
|
|
source_arn = "${aws_api_gateway_rest_api.HashWebApp.execution_arn}/*/*/*"
|
|
}
|
|
|
|
# rest api
|
|
resource "aws_api_gateway_rest_api" "HashWebApp" {
|
|
body = file("${path.module}/restapi-oas30.json")
|
|
|
|
name = "HashWebApp"
|
|
|
|
endpoint_configuration {
|
|
types = ["REGIONAL"]
|
|
}
|
|
}
|
|
|
|
resource "aws_api_gateway_deployment" "HashWebApp" {
|
|
rest_api_id = aws_api_gateway_rest_api.HashWebApp.id
|
|
|
|
triggers = {
|
|
redeployment = sha1(jsonencode(aws_api_gateway_rest_api.HashWebApp.body))
|
|
}
|
|
|
|
lifecycle {
|
|
create_before_destroy = true
|
|
}
|
|
}
|
|
|
|
resource "aws_api_gateway_stage" "test" {
|
|
deployment_id = aws_api_gateway_deployment.HashWebApp.id
|
|
rest_api_id = aws_api_gateway_rest_api.HashWebApp.id
|
|
stage_name = "test"
|
|
} |