From 2c1ed28250c74493e111cc005dcdd4038ef43ba0 Mon Sep 17 00:00:00 2001 From: Moritz Zimmer Date: Thu, 24 Oct 2019 15:58:56 +0200 Subject: [PATCH] added submodule for S3 events (#43) --- README.md | 2 + examples/example-with-s3-event/README.md | 15 ++++++++ examples/example-with-s3-event/main.tf | 38 +++++++++++++++++++ .../example-with-s3-event/test_function.zip | 0 examples/example-with-s3-event/versions.tf | 4 ++ main.tf | 9 +++++ modules/event/s3/main.tf | 8 ++++ modules/event/s3/variables.tf | 34 +++++++++++++++++ modules/event/s3/versions.tf | 4 ++ variables.tf | 2 +- 10 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 examples/example-with-s3-event/README.md create mode 100644 examples/example-with-s3-event/main.tf create mode 100644 examples/example-with-s3-event/test_function.zip create mode 100644 examples/example-with-s3-event/versions.tf create mode 100644 modules/event/s3/main.tf create mode 100644 modules/event/s3/variables.tf create mode 100644 modules/event/s3/versions.tf diff --git a/README.md b/README.md index b320097..bacb449 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ The following [event sources](https://docs.aws.amazon.com/lambda/latest/dg/invok - `cloudwatch-scheduled-event`: configures a [CloudWatch Event Rule](https://www.terraform.io/docs/providers/aws/r/cloudwatch_event_rule.html) to trigger the Lambda on a regular, scheduled basis - `dynamodb`: configures an [Event Source Mapping](https://www.terraform.io/docs/providers/aws/r/lambda_event_source_mapping.html) to trigger the Lambda by DynamoDb events +- `s3`: configures permission to trigger the Lambda by S3 - `sns`: to trigger Lambda by [SNS Topic Subscription](https://www.terraform.io/docs/providers/aws/r/sns_topic_subscription.html) Furthermore this module supports: @@ -73,6 +74,7 @@ module "lambda" { - [example-with-cloudwatch-scheduled-event](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-cloudwatch-scheduled-event) - [example-with-dynamodb-event-source](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-dynamodb-event) +- [example-with-s3-event](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-s3-event) - [example-with-sns-event](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-sns-event) - [example-with-vpc](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-vpc) - [example-without-event](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-without-event) diff --git a/examples/example-with-s3-event/README.md b/examples/example-with-s3-event/README.md new file mode 100644 index 0000000..cea0332 --- /dev/null +++ b/examples/example-with-s3-event/README.md @@ -0,0 +1,15 @@ +# Example with S3 event + +Creates an AWS Lambda function triggered by a S3 [event](https://docs.aws.amazon.com/lambda/latest/dg/with-s3.html). + +## requirements + +- [Terraform 0.12+](https://www.terraform.io/) +- authentication configuration for the [aws provider](https://www.terraform.io/docs/providers/aws/) + +## usage + +``` +terraform init +terraform plan +``` diff --git a/examples/example-with-s3-event/main.tf b/examples/example-with-s3-event/main.tf new file mode 100644 index 0000000..fa48f91 --- /dev/null +++ b/examples/example-with-s3-event/main.tf @@ -0,0 +1,38 @@ +provider "aws" { + region = "eu-west-1" +} + +resource "aws_s3_bucket_notification" "bucket_notification" { + bucket = "bucketname" + + lambda_function { + lambda_function_arn = module.lambda.arn + events = ["s3:ObjectCreated:*"] + } +} + +module "lambda" { + source = "../../" + description = "Example AWS Lambda using go with S3 trigger" + filename = "${path.module}/test_function.zip" + function_name = "tf-example-go-s3" + handler = "example-lambda-func" + runtime = "go1.x" + + event = { + type = "s3" + s3_bucket_arn = "arn:aws:s3:::bucketname" + s3_bucket_id = "bucketname" + } + + tags = { + key = "value" + } + + environment = { + variables = { + key = "value" + } + } +} + diff --git a/examples/example-with-s3-event/test_function.zip b/examples/example-with-s3-event/test_function.zip new file mode 100644 index 0000000..e69de29 diff --git a/examples/example-with-s3-event/versions.tf b/examples/example-with-s3-event/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/examples/example-with-s3-event/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/main.tf b/main.tf index 3364d74..91cd8a2 100644 --- a/main.tf +++ b/main.tf @@ -40,6 +40,15 @@ module "event-sns" { topic_arn = lookup(var.event, "topic_arn", "") } +module "event-s3" { + source = "./modules/event/s3" + enable = lookup(var.event, "type", "") == "s3" ? true : false + + lambda_function_arn = module.lambda.arn + s3_bucket_arn = lookup(var.event, "s3_bucket_arn", "") + s3_bucket_id = lookup(var.event, "s3_bucket_id", "") +} + resource "aws_cloudwatch_log_group" "lambda" { name = "/aws/lambda/${module.lambda.function_name}" retention_in_days = var.log_retention_in_days diff --git a/modules/event/s3/main.tf b/modules/event/s3/main.tf new file mode 100644 index 0000000..8ee0176 --- /dev/null +++ b/modules/event/s3/main.tf @@ -0,0 +1,8 @@ +resource "aws_lambda_permission" "allow_bucket" { + count = var.enable ? 1 : 0 + action = "lambda:InvokeFunction" + function_name = var.lambda_function_arn + principal = "s3.amazonaws.com" + statement_id = "AllowExecutionFromS3Bucket" + source_arn = var.s3_bucket_arn +} diff --git a/modules/event/s3/variables.tf b/modules/event/s3/variables.tf new file mode 100644 index 0000000..435a3bf --- /dev/null +++ b/modules/event/s3/variables.tf @@ -0,0 +1,34 @@ +# --------------------------------------------------------------------------------------------------------------------- +# REQUIRED PARAMETERS +# You must provide a value for each of these parameters. +# --------------------------------------------------------------------------------------------------------------------- + +variable "lambda_function_arn" { + description = "The Amazon Resource Name (ARN) identifying the Lambda Function triggered by S3" +} + +variable "s3_bucket_arn" { + description = "The ARN of the bucket." +} + +variable "s3_bucket_id" { + description = "The name of the bucket." +} + +# --------------------------------------------------------------------------------------------------------------------- +# OPTIONAL PARAMETERS +# These parameters have reasonable defaults. +# --------------------------------------------------------------------------------------------------------------------- + +variable "enable" { + description = "Conditionally enables this module (and all it's ressources)." + type = bool + default = false +} + +variable "lambda_function_notification" { + description = "(multiple) Used to configure notifications to a Lambda Function. See https://www.terraform.io/docs/providers/aws/r/s3_bucket_notification.html#lambda_function for allowed values." + type = list(map(string)) + default = [] +} + diff --git a/modules/event/s3/versions.tf b/modules/event/s3/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/modules/event/s3/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/variables.tf b/variables.tf index c0203e0..c422965 100644 --- a/variables.tf +++ b/variables.tf @@ -32,7 +32,7 @@ variable "environment" { } variable "event" { - description = "Event source configuration which triggers the Lambda function. Supported events: Scheduled Events, DynamoDb." + description = "Event source configuration which triggers the Lambda function. Supported events: cloudwatch-scheduled-event, dynamodb, s3, sns" type = map(string) default = {} }