-
Notifications
You must be signed in to change notification settings - Fork 3
/
main.tf
110 lines (97 loc) · 3.02 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
terraform {
required_version = "1.3.9"
required_providers {
aws = "~> 4.55.0"
}
}
locals {
dd_tags = merge(
{
for item in compact(split(",", try(var.additional_environment_variables.DD_TAGS, ""))) :
split(":", trimspace(item))[0] => try(split(":", trimspace(item))[1], "")
},
var.datadog_custom_tags,
{ handlername = lower(var.function_name), },
)
}
data "aws_s3_bucket" "download_target" {
bucket = var.download_target_bucket_name
}
data "aws_sqs_queue" "ffis_downloads" {
name = var.source_queue_name
}
module "lambda_execution_policy" {
source = "cloudposse/iam-policy/aws"
version = "0.4.0"
iam_source_policy_documents = var.additional_lambda_execution_policy_documents
iam_policy_statements = {
AllowS3DownloadWrite = {
effect = "Allow"
actions = ["s3:PutObject"]
resources = [
# Path: /sources/YYYY/mm/dd/ffis/download.xlsx
"${data.aws_s3_bucket.download_target.arn}/sources/*/*/*/ffis/download.xlsx"
]
}
AllowSQSGet = {
effect = "Allow"
actions = ["sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes"]
resources = [
data.aws_sqs_queue.ffis_downloads.arn,
]
}
}
}
module "lambda_function" {
source = "terraform-aws-modules/lambda/aws"
version = "4.12.1"
function_name = "${var.namespace}-${var.function_name}"
description = "Downloads FFIS XLSX files and saves to S3"
role_permissions_boundary = var.permissions_boundary_arn
attach_cloudwatch_logs_policy = true
cloudwatch_logs_retention_in_days = var.log_retention_in_days
attach_policy_json = true
policy_json = module.lambda_execution_policy.json
handler = "bootstrap"
runtime = "provided.al2"
architectures = [var.lambda_arch]
publish = true
layers = var.lambda_layer_arns
source_path = [{
path = var.lambda_code_path
commands = [
"task build-DownloadFFISSpreadsheet",
"cd bin/DownloadFFISSpreadsheet",
":zip",
],
}]
store_on_s3 = true
s3_bucket = var.lambda_artifact_bucket
s3_server_side_encryption = "AES256"
timeout = 30 # seconds
memory_size = 128
environment_variables = merge(var.additional_environment_variables, {
DD_TAGS = join(",", sort([for k, v in local.dd_tags : "${k}:${v}"]))
TARGET_BUCKET_NAME = data.aws_s3_bucket.download_target.id
LOG_LEVEL = var.log_level
S3_USE_PATH_STYLE = "true"
})
event_source_mapping = {
sqs = {
enabled = true
batch_size = 1
maximum_batching_window_in_seconds = 20
event_source_arn = data.aws_sqs_queue.ffis_downloads.arn
scaling_config = {
maximum_concurrency = 1
}
}
}
allowed_triggers = {
SQSQueueNotification = {
principal = "sqs.amazonaws.com"
sqs_queue_arn = data.aws_sqs_queue.ffis_downloads.arn
batch_size = 1
}
}
}