-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
147 lines (129 loc) · 3.65 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
# DockerイメージでLambaを作成するTerraformテンプレート
# IAMロールなど、直接骨子に関係ないものはmain_extra.tfにおいています。
terraform {
required_version = "~> 1.7.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.41.0"
}
archive = {
source = "hashicorp/archive"
version = "2.4.2"
}
# https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs
docker = {
source = "kreuzwerker/docker"
version = "3.0.2"
}
}
}
provider "aws" {
}
data "aws_ecr_authorization_token" "token" {
}
# https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs#registry-credentials
provider "docker" {
registry_auth {
address = data.aws_ecr_authorization_token.token.proxy_endpoint
username = data.aws_ecr_authorization_token.token.user_name
password = data.aws_ecr_authorization_token.token.password
}
}
resource "aws_ecr_repository" "image_repository" {
name = replace(var.basename, "-", "_")
image_tag_mutability = "MUTABLE"
force_delete = true
image_scanning_configuration {
scan_on_push = true
}
}
resource "aws_ecr_lifecycle_policy" "remove_untagged" {
repository = aws_ecr_repository.image_repository.name
policy = jsonencode({
rules = [
{
rulePriority = 1
description = "Expire untagged in 1 days"
selection = {
tagStatus = "untagged"
countType = "sinceImagePushed"
countUnit = "days"
countNumber = 1
}
action = {
type = "expire"
}
}
]
})
}
# イメージのリビルド判定用
data "archive_file" "lambda" {
type = "zip"
output_path = "${path.module}/lambda.zip"
source_dir = "${path.module}/lambda"
# .dockerignore 相当の指定を行う。
excludes = setunion(
fileset("${path.module}/lambda", ".devcontainer/**/*"),
fileset("${path.module}/lambda", ".github/**/*"),
fileset("${path.module}/lambda", ".gitignore"),
)
}
resource "docker_image" "lambda" {
name = "${aws_ecr_repository.image_repository.repository_url}:latest"
platform = "linix/amd64"
keep_locally = true
build {
context = "${path.module}/lambda"
}
triggers = {
sha256 = data.archive_file.lambda.output_sha256
}
}
resource "docker_registry_image" "lambda" {
name = docker_image.lambda.name
keep_remotely = true
triggers = {
sha256 = data.archive_file.lambda.output_sha256
}
}
locals {
repo_image_url = "${aws_ecr_repository.image_repository.repository_url}@${docker_registry_image.lambda.sha256_digest}"
# Lambda、IAMロール、CloudWatchロググループで循環参照しないように
# 一旦ローカル変数で定義
function_name = "${var.basename}-function"
}
resource "aws_lambda_function" "lambda" {
function_name = local.function_name
role = aws_iam_role.lambda.arn
package_type = "Image"
image_uri = local.repo_image_url
publish = true
}
resource "aws_api_gateway_rest_api" "api" {
name = "${var.basename}-api"
body = jsonencode({
openapi = "3.0.1"
info = {
title = var.basename
version = "1.0"
}
paths = {
"/" = {
get = {
x-amazon-apigateway-integration = {
type = "AWS_PROXY"
uri = aws_lambda_function.lambda.invoke_arn
httpMethod = "POST"
payloadFormatVersion = "1.0"
}
}
}
}
})
}
resource "aws_api_gateway_deployment" "api" {
rest_api_id = aws_api_gateway_rest_api.api.id
stage_name = "prod"
}