-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
15 changed files
with
598 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# Binaries for programs and plugins | ||
*.exe | ||
*.dll | ||
*.so | ||
*.dylib | ||
|
||
# Test binary, build with `go test -c` | ||
*.test | ||
|
||
# Output of the go coverage tool, specifically when used with LiteIDE | ||
*.out | ||
|
||
# Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736 | ||
.glide/ | ||
|
||
# Local .terraform directories | ||
**/.terraform/* | ||
|
||
# .tfstate files | ||
*.tfstate | ||
*.tfstate.* | ||
|
||
# .tfvars files | ||
*.tfvars | ||
|
||
## local build directory | ||
build/* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
BIN = raptor | ||
OUTPUT_DIR = build | ||
TEST_PROFILE = testing | ||
PROD_PROFILE = production | ||
DTEST_DIR = deploy/terraform/$(TEST_PROFILE) | ||
DPROD_DIR = deploy/terraform/$(PROD_PROFILE) | ||
|
||
export AWS_REGION = us-east-1 | ||
|
||
.PHONY: help | ||
.DEFAULT_GOAL := help | ||
|
||
build/linux: clean ## Build a linux binary ready to be zip'ed for AWS Lambda Deployment | ||
mkdir -p $(OUTPUT_DIR) && GOOS=linux CGO_ENABLED=0 go build -a -installsuffix cgo -o $(OUTPUT_DIR)/$(BIN) . | ||
|
||
build/release: build/linux ## Zip linux binary as AWS Deployment archive | ||
cd $(OUTPUT_DIR) && zip $(BIN).zip $(BIN) | ||
|
||
deploy/testing: ## Deploy zip'ed archive to AWS testing account | ||
export AWS_PROFILE=$(TEST_PROFILE); cd $(DTEST_DIR) && terraform init && terraform apply | ||
|
||
deploy/production: deploy/testing test/integration ## Deploy zip'ed archive to AWS production account | ||
export AWS_PROFILE=$(TEST_PROFILE); cd $(DPROD_DIR) && terraform init && terraform apply | ||
|
||
clean: clean/linux ## Remove all build artifacts | ||
|
||
clean/linux: ## Remove linux build artifacts | ||
$(RM) $(OUTPUT_DIR)/$(BIN).zip | ||
$(RM) $(OUTPUT_DIR)/$(BIN) | ||
|
||
test/integration: ## Integration Testing | ||
AWS_PROFILE=$(TEST_PROFILE) go test -tags integration -timeout 30s ./job -run ^TestS3Events$$ -v | ||
|
||
help: ## Display this help message | ||
@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_\/-]+:.*?## / {printf "\033[34m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST) | \ | ||
sort | \ | ||
grep -v '#' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# raptor | ||
AWS GoLang Lambda Terraform Template for S3/Dynamo/Xray with GoLang Sample Code | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,171 @@ | ||
provider "aws" { | ||
} | ||
|
||
resource "aws_iam_role" "raptor-role" { | ||
name = "raptor-role" | ||
|
||
assume_role_policy = <<EOF | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Effect": "Allow", | ||
"Principal": { | ||
"Service": "lambda.amazonaws.com" | ||
}, | ||
"Action": "sts:AssumeRole" | ||
} | ||
] | ||
} | ||
EOF | ||
} | ||
|
||
resource "aws_iam_policy" "raptor-s3-policy" { | ||
name = "raptor-s3-policy" | ||
description = "raptor-s3-policy" | ||
policy = <<EOF | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Sid": "0", | ||
"Effect": "Allow", | ||
"Action": [ | ||
"s3:ListBucket", | ||
"s3:GetBucketLocation" | ||
], | ||
"Resource": "arn:aws:s3:::${var.s3_bucket_name}" | ||
}, | ||
{ | ||
"Sid": "1", | ||
"Effect": "Allow", | ||
"Action": "s3:*", | ||
"Resource": "arn:aws:s3:::${var.s3_bucket_name}/*" | ||
} | ||
] | ||
} | ||
EOF | ||
} | ||
|
||
resource "aws_iam_policy" "raptor-xray-policy" { | ||
name = "raptor-xray-policy" | ||
description = "raptor-xray-policy" | ||
policy = <<EOF | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": { | ||
"Effect": "Allow", | ||
"Action": [ | ||
"xray:PutTraceSegments", | ||
"xray:PutTelemetryRecords" | ||
], | ||
"Resource": [ | ||
"*" | ||
] | ||
} | ||
} | ||
EOF | ||
} | ||
|
||
resource "aws_iam_policy" "raptor-dynamodb-tables-policy" { | ||
name = "raptor-dynamodb-policy" | ||
description = "grants access to all tables prefixed by raptor_*" | ||
policy = <<EOF | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Effect": "Allow", | ||
"Action": [ | ||
"dynamodb:BatchGetItem", | ||
"dynamodb:BatchWriteItem", | ||
"dynamodb:DeleteItem", | ||
"dynamodb:GetItem", | ||
"dynamodb:PutItem", | ||
"dynamodb:Query", | ||
"dynamodb:UpdateItem" | ||
], | ||
"Resource": [ | ||
"arn:aws:dynamodb:*:*:table/raptor_*" | ||
] | ||
} | ||
] | ||
} | ||
EOF | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "raptor-role-policy-attach-1" { | ||
role = "${aws_iam_role.raptor-role.name}" | ||
policy_arn = "${aws_iam_policy.raptor-s3-policy.arn}" | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "raptor-role-policy-attach-2" { | ||
role = "${aws_iam_role.raptor-role.name}" | ||
policy_arn = "arn:aws:iam::aws:policy/AWSLambdaExecute" | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "raptor-role-policy-attach-3" { | ||
role = "${aws_iam_role.raptor-role.name}" | ||
policy_arn = "${aws_iam_policy.raptor-xray-policy.arn}" | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "raptor-role-policy-attach-4" { | ||
role = "${aws_iam_role.raptor-role.name}" | ||
policy_arn = "${aws_iam_policy.raptor-dynamodb-tables-policy.arn}" | ||
} | ||
|
||
resource "aws_lambda_function" "raptor" { | ||
filename = "../../../build/raptor.zip" | ||
function_name = "raptor" | ||
role = "${aws_iam_role.raptor-role.arn}" | ||
handler = "raptor" | ||
source_code_hash = "${base64sha256(file("../../../build/raptor.zip"))}" | ||
runtime = "go1.x" | ||
memory_size = 128 | ||
timeout = 30 | ||
reserved_concurrent_executions = 50 | ||
publish = true | ||
|
||
tracing_config { | ||
mode = "Active" | ||
} | ||
|
||
environment { | ||
variables = { | ||
BUCKET_NAME = "${var.s3_bucket_name}" | ||
} | ||
} | ||
} | ||
|
||
resource "aws_lambda_permission" "raptor-bucket" { | ||
statement_id = "1" | ||
action = "lambda:InvokeFunction" | ||
function_name = "${aws_lambda_function.raptor.arn}" | ||
principal = "s3.amazonaws.com" | ||
source_arn = "arn:aws:s3:::${var.s3_bucket_name}" | ||
} | ||
|
||
resource "aws_s3_bucket_notification" "bucket_notification" { | ||
bucket = "${var.s3_bucket_name}" | ||
|
||
lambda_function { | ||
id = "one" | ||
lambda_function_arn = "${aws_lambda_function.raptor.arn}" | ||
events = ["s3:ObjectCreated:*","s3:ObjectRemoved:*"] | ||
filter_suffix = "/ONE" | ||
} | ||
|
||
lambda_function { | ||
id = "two" | ||
lambda_function_arn = "${aws_lambda_function.raptor.arn}" | ||
events = ["s3:ObjectCreated:*","s3:ObjectRemoved:*"] | ||
filter_suffix = "/TWO" | ||
} | ||
|
||
lambda_function { | ||
id = "three" | ||
lambda_function_arn = "${aws_lambda_function.raptor.arn}" | ||
events = ["s3:ObjectCreated:*","s3:ObjectRemoved:*"] | ||
filter_suffix = "/THREE" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
variable "s3_bucket_name" { | ||
type = "string" | ||
description = "S3 Bucket name" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
module "lambda" { | ||
source = "../modules/lambda" | ||
s3_bucket_name = "raptor-prod-bucket" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
module "lambda" { | ||
source = "../modules/lambda" | ||
s3_bucket_name = "raptor-test-bucket" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
package job | ||
|
||
import "time" | ||
|
||
// Event - S3 event that we pass around lambda function | ||
type Event struct { | ||
EventName string `json:"eventName"` | ||
EventTime time.Time `json:"eventTime"` | ||
S3Bucket string `json:"s3Bucket"` | ||
S3Key string `json:"s3Key"` | ||
ETag string `json:"eTag"` | ||
RuleID string `json:"ruleID"` | ||
RequestID string `json:"requestID"` | ||
PrincipalID string `json:"principalID"` | ||
SourceIPAddress string `json:"sourceIPAddress"` | ||
AwsRegion string `json:"awsRegion"` | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
package job | ||
|
||
func (a *app) execute() error { | ||
log := a.log | ||
log.Println("do something here ...") | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
package job | ||
|
||
import "time" | ||
|
||
// input - S3 event we receive | ||
type input struct { | ||
Records []struct { | ||
EventVersion string `json:"eventVersion"` | ||
EventSource string `json:"eventSource"` | ||
AwsRegion string `json:"awsRegion"` | ||
EventTime time.Time `json:"eventTime"` | ||
EventName string `json:"eventName"` | ||
UserIdentity struct { | ||
PrincipalID string `json:"principalId"` | ||
} `json:"userIdentity"` | ||
RequestParameters struct { | ||
SourceIPAddress string `json:"sourceIPAddress"` | ||
} `json:"requestParameters"` | ||
ResponseElements struct { | ||
XAmzRequestID string `json:"x-amz-request-id"` | ||
XAmzID2 string `json:"x-amz-id-2"` | ||
} `json:"responseElements"` | ||
S3 struct { | ||
S3SchemaVersion string `json:"s3SchemaVersion"` | ||
ConfigurationID string `json:"configurationId"` | ||
Bucket struct { | ||
Name string `json:"name"` | ||
OwnerIdentity struct { | ||
PrincipalID string `json:"principalId"` | ||
} `json:"ownerIdentity"` | ||
Arn string `json:"arn"` | ||
} `json:"bucket"` | ||
Object struct { | ||
Key string `json:"key"` | ||
Size int `json:"size"` | ||
ETag string `json:"eTag"` | ||
VersionID string `json:"versionId"` | ||
} `json:"object"` | ||
} `json:"s3"` | ||
} `json:"Records"` | ||
} |
Oops, something went wrong.