-
Notifications
You must be signed in to change notification settings - Fork 0
/
lambda.tf
69 lines (55 loc) · 2.39 KB
/
lambda.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
module "lambda_handle_interaction" {
source = "terraform-aws-modules/lambda/aws"
version = "~> 7.4"
function_name = "${local.title_PascalCase}-handle-interaction"
description = "Handles Discord slash commands interactions to manage the server's instance"
handler = "index.handler"
runtime = "nodejs20.x"
architectures = ["arm64"]
publish = true
create_lambda_function_url = true
source_path = "lambda/handle-interaction/build/index.js"
cloudwatch_logs_retention_in_days = 30
tracing_mode = "Active"
environment_variables = {
MANAGER_INSTRUCTION_SNS_TOPIC_ARN = module.manager_instruction_sns_topic.topic_arn
DISCORD_APP_PUBLIC_KEY = var.discord_app_public_key
}
attach_tracing_policy = true
attach_policies = true
number_of_policies = 2
policies = [aws_iam_policy.allow_publish_to_manager_instruction_sns_topic.arn, "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess"]
}
module "lambda_manage_instance" {
source = "terraform-aws-modules/lambda/aws"
version = "~> 7.4"
function_name = "${local.title_PascalCase}-manage-instance"
description = "Execute commands to manage EC2 instance and updates Discord interaction follow-up message"
handler = "index.handler"
runtime = "nodejs20.x"
architectures = ["arm64"]
timeout = 5
publish = true
source_path = "lambda/manage-instance/build/index.js"
cloudwatch_logs_retention_in_days = 30
tracing_mode = "Active"
environment_variables = {
DISCORD_APP_ID = var.discord_app_id
DISCORD_APP_PUBLIC_KEY = var.discord_app_public_key
DISCORD_BOT_TOKEN = var.discord_bot_token
DUCKDNS_DOMAIN = var.duckdns_domain
MINECRAFT_PORT = var.minecraft_port
INSTANCE_ID = module.ec2_spot_instance.spot_instance_id
}
attach_tracing_policy = true
attach_policies = true
number_of_policies = 2
policies = [aws_iam_policy.allow_manage_and_describe_instance.arn, "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess"]
}
resource "aws_lambda_permission" "with_sns" {
statement_id = "AllowExecutionFromSNS"
action = "lambda:InvokeFunction"
function_name = module.lambda_manage_instance.lambda_function_name
principal = "sns.amazonaws.com"
source_arn = module.manager_instruction_sns_topic.topic_arn
}