Refactor lambda source code

.gitignore

@@ -24,6 +24,7 @@ crash.*.log
 # to change depending on the environment.
 #
 *.tfvars
+!terraform.*example*.tfvars
 
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in

.pre-commit-config.yaml

@@ -11,7 +11,7 @@ repos:
         args:
           - "--args=--only=terraform_deprecated_interpolation"
           - "--args=--only=terraform_deprecated_index"
-          # - "--args=--only=terraform_unused_declarations"
+          - "--args=--only=terraform_unused_declarations"
           - "--args=--only=terraform_comment_syntax"
           - "--args=--only=terraform_documented_outputs"
           - "--args=--only=terraform_documented_variables"

CHANGELOG.md

@@ -0,0 +1,46 @@
+# Change Log
+
+All notable changes to this module will be documented in this file.
+
+## [1.1.0] - 2022-07-22
+
+### Changed
+
+- Remove upload code from s3
+  - S3 source code is used for versioning
+- Change `additional_lambda_role_policy_arn` to map from list
+
+### Added
+
+- Enable Tracing
+
+## [v1.0.2] - 2022-07-01
+
+### Added
+
+- Add default log retention 90 days, KMS encryption support
+
+### Fixed
+
+- Fix kms security issue by @xshot9011 in #9
+
+## [v1.0.1] - 2022-06-08
+
+### Added
+
+- Add resource base policy for lambda
+
+## [v1.0.0] - 2022-05-17
+
+### Added 
+
+- Since Lambdas are uploaded via zip files, we generate a zip file from the path specified.
+- Upload the zip file containing the build artifacts to S3.
+- Allow access to this lambda function from AWS.
+- Allow lambda to generate logs.
+- Construct a role that AWS services can adopt in order to invoke our function.
+- This policy also has the capability to write logs to CloudWatch.
+- Create the secret SSM parameters that can be retrieved and decoded by the lambda function.
+- Create an IAM policy document granting the ability to read and retrieve SSM parameter values.
+- Develop a policy based on the SSM policy paper
+- Custom policies to attach to this role

examples/complete/README.md

@@ -0,0 +1,35 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name                                                                      | Version  |
+|---------------------------------------------------------------------------|----------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws)                   | >= 4.0.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name                                                   | Source | Version |
+|--------------------------------------------------------|--------|---------|
+| <a name="module_lambda"></a> [lambda](#module\_lambda) | ../../ | n/a     |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name                                                                  | Description                                                                                                  | Type       | Default | Required |
+|-----------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|------------|---------|:--------:|
+| <a name="input_custom_tags"></a> [custom\_tags](#input\_custom\_tags) | Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys | `map(any)` | `{}`    |    no    |
+| <a name="input_environment"></a> [environment](#input\_environment)   | Environment Variable used as a prefix                                                                        | `string`   | n/a     |   yes    |
+| <a name="input_name"></a> [name](#input\_name)                        | Name of the ECS cluster and s3 also redis to create                                                          | `string`   | n/a     |   yes    |
+| <a name="input_prefix"></a> [prefix](#input\_prefix)                  | The prefix name of customer to be displayed in AWS console and resource                                      | `string`   | n/a     |   yes    |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

examples/complete/main.tf

@@ -0,0 +1,76 @@
+module "lambda" {
+  source = "../../"
+
+  prefix      = var.prefix
+  environment = var.environment
+  name        = var.name
+
+  is_edge = false # Defautl is `false`, If you want to publish to the edge don't forget to override aws's provider to virgina
+
+  # If is_edge is `false`, ignore this config
+  is_create_lambda_bucket = true # Default is `false`; plz use false, if not 1 lambda: 1 bucket
+  bucket_name             = ""   # If `is_create_lambda_bucket` is `false`; specified this, default is `""`
+
+  # Source code
+  source_code_dir           = "./src"
+  file_globs                = ["index.js"]
+  compressed_local_file_dir = "./outputs"
+
+  # Lambda Env
+  runtime = "nodejs12.x"
+  handler = "index.handler"
+
+  # Lambda Specification
+  timeout                        = 3
+  memory_size                    = 128
+  reserved_concurrent_executions = -1
+
+  # Optional to connect Lambda to VPC
+  vpc_config = {
+    security_group_ids      = ["sg-028f637312eea735e"]
+    subnet_ids_to_associate = ["subnet-0b853f8c85796d72d", "subnet-07c068b4b51262793", "subnet-0362f68c559ef7716"]
+  }
+  dead_letter_target_arn = "arn:aws:sns:ap-southeast-1:557291035693:demo" # To send failed processing to target, Default is `""`
+
+  # IAM
+  is_create_lambda_role = true # Default is `true`
+  lambda_role_arn       = ""   # If `is_create_lambda_role` is `false`
+  # The policies that you want to attach to IAM Role created by only this module                                                   # If `is_create_lambda_role` is `false`
+  additional_lambda_role_policy_arns = {
+    allow_lambda_to_read_s3 = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
+  }
+
+  # Resource policy
+  lambda_permission_configurations = {
+    lambda_on_my_account = {
+      pricipal   = "apigateway.amazonaws.com"
+      source_arn = "arn:aws:execute-api:ap-southeast-1:557291035112:lk36vflbha/*/*/"
+    }
+    lambda_on_my_another_account_wrong = {
+      pricipal       = "apigateway.amazonaws.com"
+      source_arn     = "arn:aws:execute-api:ap-southeast-1:224563527112:q6pwa6wgr6/*/*/"
+      source_account = "557291035112"
+    }
+    lambda_on_my_another_account_correct = {
+      pricipal   = "apigateway.amazonaws.com"
+      source_arn = "arn:aws:execute-api:ap-southeast-1:557291035112:wpj4t3scmb/*/*/"
+    }
+  }
+
+  # Logging
+  is_create_cloudwatch_log_group   = true # Default is `true`
+  cloudwatch_log_retention_in_days = 90   # Default is `90`
+
+  # Env
+  ssm_params = {}
+  plaintext_params = {
+    region         = "ap-southeast-1"
+    cluster_name   = "oozou-dev-test-schedule-cluster"
+    nodegroup_name = "oozou-dev-test-schedule-custom-nodegroup"
+    min            = 1,
+    max            = 1,
+    desired        = 1
+  }
+
+  tags = var.custom_tags
+}

examples/complete/src/index.js

@@ -0,0 +1,18 @@
+var http = require('http')
+
+exports.handler = (event, context, callback) => {
+  const options = {
+    hostname: event.Host,
+    port: event.Port
+  }
+
+  const response = {};
+
+  http.get(options, (res) => {
+    response.httpStatus = res.statusCode
+    callback(null, response)
+  }).on('error', (err) => {
+    callback(null, err.message);
+  })
+
+};

examples/complete/terraform.example.tfvars

@@ -0,0 +1,6 @@
+prefix      = "example"
+environment = "devops"
+name        = "cms"
+custom_tags = {
+  "Remark" = "terraform-aws-lambda-example"
+}

examples/complete/variables.tf

@@ -0,0 +1,23 @@
+/* -------------------------------------------------------------------------- */
+/*                                  Generics                                  */
+/* -------------------------------------------------------------------------- */
+variable "prefix" {
+  description = "The prefix name of customer to be displayed in AWS console and resource"
+  type        = string
+}
+
+variable "environment" {
+  description = "Environment Variable used as a prefix"
+  type        = string
+}
+
+variable "name" {
+  description = "Name of the ECS cluster and s3 also redis to create"
+  type        = string
+}
+
+variable "custom_tags" {
+  description = "Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys"
+  type        = map(any)
+  default     = {}
+}

examples/complete/version.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0.0"
+    }
+  }
+}

examples/simple/README.md

@@ -0,0 +1,35 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name                                                                      | Version  |
+|---------------------------------------------------------------------------|----------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws)                   | >= 4.0.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name                                                   | Source | Version |
+|--------------------------------------------------------|--------|---------|
+| <a name="module_lambda"></a> [lambda](#module\_lambda) | ../../ | n/a     |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name                                                                  | Description                                                                                                  | Type       | Default | Required |
+|-----------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|------------|---------|:--------:|
+| <a name="input_custom_tags"></a> [custom\_tags](#input\_custom\_tags) | Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys | `map(any)` | `{}`    |    no    |
+| <a name="input_environment"></a> [environment](#input\_environment)   | Environment Variable used as a prefix                                                                        | `string`   | n/a     |   yes    |
+| <a name="input_name"></a> [name](#input\_name)                        | Name of the ECS cluster and s3 also redis to create                                                          | `string`   | n/a     |   yes    |
+| <a name="input_prefix"></a> [prefix](#input\_prefix)                  | The prefix name of customer to be displayed in AWS console and resource                                      | `string`   | n/a     |   yes    |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

examples/simple/main.tf

@@ -0,0 +1,45 @@
+module "lambda" {
+  source = "../../"
+
+  prefix      = var.prefix
+  environment = var.environment
+  name        = var.name
+
+  source_code_dir           = "./src"
+  file_globs                = ["index.js"]
+  compressed_local_file_dir = "./outputs"
+
+  runtime = "nodejs12.x"
+  handler = "index.handler"
+
+  additional_lambda_role_policy_arns = {
+    allow_lambda_to_read_s3 = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
+  }
+  lambda_permission_configurations = {
+    lambda_on_my_account = {
+      pricipal   = "apigateway.amazonaws.com"
+      source_arn = "arn:aws:execute-api:ap-southeast-1:557291035112:lk36vflbha/*/*/"
+    }
+    lambda_on_my_another_account_wrong = {
+      pricipal       = "apigateway.amazonaws.com"
+      source_arn     = "arn:aws:execute-api:ap-southeast-1:224563527112:q6pwa6wgr6/*/*/"
+      source_account = "557291035112"
+    }
+    lambda_on_my_another_account_correct = {
+      pricipal   = "apigateway.amazonaws.com"
+      source_arn = "arn:aws:execute-api:ap-southeast-1:557291035112:wpj4t3scmb/*/*/"
+    }
+  }
+
+  ssm_params = {}
+  plaintext_params = {
+    region         = "ap-southeast-1"
+    cluster_name   = "oozou-dev-test-schedule-cluster"
+    nodegroup_name = "oozou-dev-test-schedule-custom-nodegroup"
+    min            = 1,
+    max            = 1,
+    desired        = 1
+  }
+
+  tags = var.custom_tags
+}

examples/simple/src/index.js

@@ -0,0 +1,18 @@
+var http = require('http')
+
+exports.handler = (event, context, callback) => {
+  const options = {
+    hostname: event.Host,
+    port: event.Port
+  }
+
+  const response = {};
+
+  http.get(options, (res) => {
+    response.httpStatus = res.statusCode
+    callback(null, response)
+  }).on('error', (err) => {
+    callback(null, err.message);
+  })
+
+};

examples/simple/terraform.example.tfvars

@@ -0,0 +1,6 @@
+prefix      = "example"
+environment = "devops"
+name        = "cms"
+custom_tags = {
+  "Remark" = "terraform-aws-lambda-example"
+}

examples/simple/variables.tf

@@ -0,0 +1,23 @@
+/* -------------------------------------------------------------------------- */
+/*                                  Generics                                  */
+/* -------------------------------------------------------------------------- */
+variable "prefix" {
+  description = "The prefix name of customer to be displayed in AWS console and resource"
+  type        = string
+}
+
+variable "environment" {
+  description = "Environment Variable used as a prefix"
+  type        = string
+}
+
+variable "name" {
+  description = "Name of the ECS cluster and s3 also redis to create"
+  type        = string
+}
+
+variable "custom_tags" {
+  description = "Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys"
+  type        = map(any)
+  default     = {}
+}

examples/simple/version.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0.0"
+    }
+  }
+}