genesis

.gitignore

@@ -0,0 +1,27 @@
+# Binaries for programs and plugins
+*.exe
+*.dll
+*.so
+*.dylib
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736
+.glide/
+
+#  Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# .tfvars files
+*.tfvars
+
+## local build directory
+build/*

Makefile

@@ -0,0 +1,37 @@
+BIN             = raptor
+OUTPUT_DIR      = build
+TEST_PROFILE    = testing
+PROD_PROFILE    = production
+DTEST_DIR       = deploy/terraform/$(TEST_PROFILE)
+DPROD_DIR       = deploy/terraform/$(PROD_PROFILE)
+
+export AWS_REGION = us-east-1
+
+.PHONY: help
+.DEFAULT_GOAL := help
+
+build/linux: clean ## Build a linux binary ready to be zip'ed for AWS Lambda Deployment
+	mkdir -p $(OUTPUT_DIR) && GOOS=linux CGO_ENABLED=0 go build -a -installsuffix cgo -o $(OUTPUT_DIR)/$(BIN) .
+
+build/release: build/linux ## Zip linux binary as AWS Deployment archive
+	cd $(OUTPUT_DIR) && zip $(BIN).zip $(BIN)
+
+deploy/testing: ## Deploy zip'ed archive to AWS testing account
+	export AWS_PROFILE=$(TEST_PROFILE); cd $(DTEST_DIR) && terraform init && terraform apply
+
+deploy/production: deploy/testing test/integration ## Deploy zip'ed archive to AWS production account
+	export AWS_PROFILE=$(TEST_PROFILE); cd $(DPROD_DIR) && terraform init && terraform apply
+
+clean: clean/linux ## Remove all build artifacts
+
+clean/linux: ## Remove linux build artifacts
+	$(RM) $(OUTPUT_DIR)/$(BIN).zip
+	$(RM) $(OUTPUT_DIR)/$(BIN)
+
+test/integration: ## Integration Testing
+	AWS_PROFILE=$(TEST_PROFILE) go test -tags integration -timeout 30s ./job -run ^TestS3Events$$ -v
+
+help: ## Display this help message
+	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_\/-]+:.*?## / {printf "\033[34m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST) | \
+		sort | \
+		grep -v '#'	

README.md

@@ -0,0 +1,3 @@
+# raptor
+AWS GoLang Lambda Terraform Template for S3/Dynamo/Xray with GoLang Sample Code
+

deploy/terraform/modules/lambda/main.tf

@@ -0,0 +1,171 @@
+provider "aws" {
+}
+
+resource "aws_iam_role" "raptor-role" {
+  name = "raptor-role"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_policy" "raptor-s3-policy" {
+    name        = "raptor-s3-policy"
+    description = "raptor-s3-policy"
+    policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "0",
+            "Effect": "Allow",
+            "Action": [
+                "s3:ListBucket",
+                "s3:GetBucketLocation"
+            ],
+            "Resource": "arn:aws:s3:::${var.s3_bucket_name}"
+        },
+        {
+            "Sid": "1",
+            "Effect": "Allow",
+            "Action": "s3:*",
+            "Resource": "arn:aws:s3:::${var.s3_bucket_name}/*"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_policy" "raptor-xray-policy" {
+    name        = "raptor-xray-policy"
+    description = "raptor-xray-policy"
+    policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": {
+        "Effect": "Allow",
+        "Action": [
+            "xray:PutTraceSegments",
+            "xray:PutTelemetryRecords"
+        ],
+        "Resource": [
+            "*"
+        ]
+    }
+}
+EOF
+}
+
+resource "aws_iam_policy" "raptor-dynamodb-tables-policy" {
+    name        = "raptor-dynamodb-policy"
+    description = "grants access to all tables prefixed by raptor_*"
+    policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "dynamodb:BatchGetItem",
+                "dynamodb:BatchWriteItem",
+                "dynamodb:DeleteItem",
+                "dynamodb:GetItem",
+                "dynamodb:PutItem",
+                "dynamodb:Query",
+                "dynamodb:UpdateItem"
+            ],
+            "Resource": [
+                "arn:aws:dynamodb:*:*:table/raptor_*"
+            ]
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "raptor-role-policy-attach-1" {
+  role = "${aws_iam_role.raptor-role.name}"
+  policy_arn = "${aws_iam_policy.raptor-s3-policy.arn}"
+}
+
+resource "aws_iam_role_policy_attachment" "raptor-role-policy-attach-2" {
+  role = "${aws_iam_role.raptor-role.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AWSLambdaExecute"
+}
+
+resource "aws_iam_role_policy_attachment" "raptor-role-policy-attach-3" {
+  role = "${aws_iam_role.raptor-role.name}"
+  policy_arn = "${aws_iam_policy.raptor-xray-policy.arn}"
+}
+
+resource "aws_iam_role_policy_attachment" "raptor-role-policy-attach-4" {
+  role = "${aws_iam_role.raptor-role.name}"
+  policy_arn = "${aws_iam_policy.raptor-dynamodb-tables-policy.arn}"
+}
+
+resource "aws_lambda_function" "raptor" {
+  filename         = "../../../build/raptor.zip"
+  function_name    = "raptor"
+  role             = "${aws_iam_role.raptor-role.arn}"
+  handler          = "raptor"
+  source_code_hash = "${base64sha256(file("../../../build/raptor.zip"))}"
+  runtime          = "go1.x"
+  memory_size      = 128
+  timeout          = 30
+  reserved_concurrent_executions = 50
+  publish          = true
+
+  tracing_config {
+    mode = "Active"
+  }
+
+  environment {
+    variables = {
+      BUCKET_NAME = "${var.s3_bucket_name}"
+    }
+  }
+}
+
+resource "aws_lambda_permission" "raptor-bucket" {
+  statement_id  = "1"
+  action        = "lambda:InvokeFunction"
+  function_name = "${aws_lambda_function.raptor.arn}"
+  principal     = "s3.amazonaws.com"
+  source_arn    = "arn:aws:s3:::${var.s3_bucket_name}"
+}
+
+resource "aws_s3_bucket_notification" "bucket_notification" {
+  bucket = "${var.s3_bucket_name}"
+
+  lambda_function {
+    id                  = "one"
+    lambda_function_arn = "${aws_lambda_function.raptor.arn}"
+    events              = ["s3:ObjectCreated:*","s3:ObjectRemoved:*"]
+    filter_suffix       = "/ONE"
+  }
+
+  lambda_function {
+    id                  = "two"
+    lambda_function_arn = "${aws_lambda_function.raptor.arn}"
+    events              = ["s3:ObjectCreated:*","s3:ObjectRemoved:*"]
+    filter_suffix       = "/TWO"
+  }
+
+  lambda_function {
+    id                  = "three"
+    lambda_function_arn = "${aws_lambda_function.raptor.arn}"
+    events              = ["s3:ObjectCreated:*","s3:ObjectRemoved:*"]
+    filter_suffix       = "/THREE"
+  }
+}

deploy/terraform/modules/lambda/vars.tf

@@ -0,0 +1,4 @@
+variable "s3_bucket_name" {
+  type = "string"
+  description = "S3 Bucket name"
+}

deploy/terraform/production/production.tf

@@ -0,0 +1,4 @@
+module "lambda" {
+  source = "../modules/lambda"
+  s3_bucket_name = "raptor-prod-bucket"
+}

deploy/terraform/testing/testing.tf

@@ -0,0 +1,4 @@
+module "lambda" {
+  source = "../modules/lambda"
+  s3_bucket_name = "raptor-test-bucket"
+}

job/event.go

@@ -0,0 +1,17 @@
+package job
+
+import "time"
+
+// Event - S3 event that we pass around lambda function
+type Event struct {
+	EventName       string    `json:"eventName"`
+	EventTime       time.Time `json:"eventTime"`
+	S3Bucket        string    `json:"s3Bucket"`
+	S3Key           string    `json:"s3Key"`
+	ETag            string    `json:"eTag"`
+	RuleID          string    `json:"ruleID"`
+	RequestID       string    `json:"requestID"`
+	PrincipalID     string    `json:"principalID"`
+	SourceIPAddress string    `json:"sourceIPAddress"`
+	AwsRegion       string    `json:"awsRegion"`
+}

job/execute.go

@@ -0,0 +1,7 @@
+package job
+
+func (a *app) execute() error {
+	log := a.log
+	log.Println("do something here ...")
+	return nil
+}

job/input.go

@@ -0,0 +1,41 @@
+package job
+
+import "time"
+
+// input - S3 event we receive
+type input struct {
+	Records []struct {
+		EventVersion string    `json:"eventVersion"`
+		EventSource  string    `json:"eventSource"`
+		AwsRegion    string    `json:"awsRegion"`
+		EventTime    time.Time `json:"eventTime"`
+		EventName    string    `json:"eventName"`
+		UserIdentity struct {
+			PrincipalID string `json:"principalId"`
+		} `json:"userIdentity"`
+		RequestParameters struct {
+			SourceIPAddress string `json:"sourceIPAddress"`
+		} `json:"requestParameters"`
+		ResponseElements struct {
+			XAmzRequestID string `json:"x-amz-request-id"`
+			XAmzID2       string `json:"x-amz-id-2"`
+		} `json:"responseElements"`
+		S3 struct {
+			S3SchemaVersion string `json:"s3SchemaVersion"`
+			ConfigurationID string `json:"configurationId"`
+			Bucket          struct {
+				Name          string `json:"name"`
+				OwnerIdentity struct {
+					PrincipalID string `json:"principalId"`
+				} `json:"ownerIdentity"`
+				Arn string `json:"arn"`
+			} `json:"bucket"`
+			Object struct {
+				Key       string `json:"key"`
+				Size      int    `json:"size"`
+				ETag      string `json:"eTag"`
+				VersionID string `json:"versionId"`
+			} `json:"object"`
+		} `json:"s3"`
+	} `json:"Records"`
+}