-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathBrain Blast.tf
146 lines (133 loc) · 4.09 KB
/
Brain Blast.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
variable "region" {}
variable "dynamodb_name" {}
variable "environment_name" {}
variable "vpc_id" {}
variable "subnet_ids" {}
variable "tags" {
default = {}
}
variable "s3_bucket_arn" {}
provider "aws" {
region = var.region
}
module "dynamodb_table" {
source = "terraform-aws-modules/dynamodb-table/aws"
name = var.dynamodb_name
billing_mode = "PAY_PER_REQUEST"
hash_key = "id"
attributes = [
{
name = "id"
type = "S"
}
]
tags = merge(var.tags, { Name = var.dynamodb_name })
}
resource "aws_sqs_queue" "alert_queue" {
name = "alert-queue-${var.environment_name}"
tags = merge(var.tags, { Name = "alert-queue-${var.environment_name}" })
}
resource "aws_sqs_queue" "deadletter_queue" {
name = "deadletter-queue-${var.environment_name}"
tags = merge(var.tags, { Name = "deadletter-queue-${var.environment_name}" })
}
resource "aws_iam_role" "iam_for_lambda" {
name = "iam_for_lambda_${var.environment_name}"
assume_role_policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Action = "sts:AssumeRole",
Effect = "Allow",
Principal = {
Service = "lambda.amazonaws.com"
}
}
]
})
}
resource "aws_iam_role_policy" "lambda_policy" {
name = "lambda_access_policy_${var.environment_name}"
role = aws_iam_role.iam_for_lambda.id
policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Effect = "Allow",
Action = [
"dynamodb:GetItem",
"dynamodb:PutItem",
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket", // Added permission for listing objects in the S3 bucket
"s3:DeleteObject", // Added permission for deleting objects from the S3 bucket
"sqs:SendMessage",
"sqs:ReceiveMessage",
"comprehend:StartTopicsDetectionJob",
"comprehend:DescribeTopicsDetectionJob",
],
Resource = [
module.dynamodb_table.this_table_arn,
var.s3_bucket_arn,
aws_sqs_queue.alert_queue.arn,
aws_sqs_queue.deadletter_queue.arn,
]
},
]
})
}
resource "aws_security_group" "sg" {
name = "lambda-sg-${var.environment_name}"
description = "Security group for Lambda functions in ${var.environment_name}"
vpc_id = var.vpc_id
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# Note: The "module.lambda_functions" referenced below assumes a custom module that you need to define.
# It should encapsulate the creation of Lambda functions, accepting configuration parameters for each function.
module "lambda_functions" {
source = "./modules/lambda"
lambda_configs = [
{
name = "jimmyneutron"
handler = "jimmyneutron.handler"
filename = "jimmyneutron.zip"
source_code_hash = filebase64sha256("jimmyneutron.zip")
environment_vars = {
DYNAMODB_TABLE = module.dynamodb_table.this_table_name
}
security_group_ids = [aws_security_group.sg.id]
subnet_ids = var.subnet_ids
},
{
name = "goddardcompute"
handler = "goddardcompute.handler"
filename = "goddardcompute.zip"
source_code_hash = filebase64sha256("goddardcompute.zip") // Update this hash whenever the Lambda code changes
environment_vars = {
ALERT_QUEUE_URL = aws_sqs_queue.alert_queue.url
S3_BUCKET = var.s3_bucket_arn // Added environment variable for the S3 bucket
NUM_CENTROIDS = 3 // Added environment variable for the number of centroids
}
security_group_ids = [aws_security_group.sg.id]
subnet_ids = var.subnet_ids
}
]
role_arn = aws_iam_role.iam_for_lambda.arn
}
output "dynamodb_table_name" {
value = module.dynamodb_table.this_table_name
}
output "alert_queue_url" {
value = aws_sqs_queue.alert_queue.url
}
output "deadletter_queue_url" {
value = aws_sqs_queue.deadletter_queue.url
}
output "iam_for_lambda_arn" {
value = aws_iam_role.iam_for_lambda.arn
}