85 lines
2.1 KiB
Terraform
85 lines
2.1 KiB
Terraform
|
provider "aws" {
|
||
|
region = "us-west-1"
|
||
|
profile = "playground"
|
||
|
}
|
||
|
|
||
|
# ECR Repository
|
||
|
resource "aws_ecr_repository" "hello_docker" {
|
||
|
name = "hello-docker"
|
||
|
image_scanning_configuration {
|
||
|
scan_on_push = true
|
||
|
}
|
||
|
}
|
||
|
|
||
|
# IAM Role for Lambda
|
||
|
resource "aws_iam_role" "hello_docker_role" {
|
||
|
name = "hello_docker_lambda_role"
|
||
|
|
||
|
assume_role_policy = jsonencode({
|
||
|
Version = "2012-10-17"
|
||
|
Statement = [{
|
||
|
Action = "sts:AssumeRole"
|
||
|
Effect = "Allow"
|
||
|
Principal = {
|
||
|
Service = "lambda.amazonaws.com"
|
||
|
}
|
||
|
}]
|
||
|
})
|
||
|
}
|
||
|
|
||
|
# IAM Policy for Secrets Manager access
|
||
|
resource "aws_iam_role_policy" "hello_docker_policy" {
|
||
|
name = "hello_docker_function_access"
|
||
|
role = aws_iam_role.hello_docker_role.id
|
||
|
|
||
|
policy = jsonencode({
|
||
|
Version = "2012-10-17"
|
||
|
Statement = [{
|
||
|
Effect = "Allow"
|
||
|
Action = ["secretsmanager:GetSecretValue"]
|
||
|
Resource = ["arn:aws:secretsmanager:us-west-1:003525187774:secret:*"]
|
||
|
}]
|
||
|
})
|
||
|
}
|
||
|
|
||
|
# Attach CloudWatch Logs policy
|
||
|
resource "aws_iam_role_policy_attachment" "hello_docker_logs" {
|
||
|
role = aws_iam_role.hello_docker_role.name
|
||
|
policy_arn = "arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs"
|
||
|
}
|
||
|
|
||
|
# Lambda Function
|
||
|
resource "aws_lambda_function" "hello_docker" {
|
||
|
function_name = "hello-docker"
|
||
|
role = aws_iam_role.hello_docker_role.arn
|
||
|
package_type = "Image"
|
||
|
image_uri = "${aws_ecr_repository.hello_docker.repository_url}:latest"
|
||
|
architectures = ["x86_64"]
|
||
|
timeout = 10
|
||
|
|
||
|
environment {
|
||
|
variables = {
|
||
|
PORT = "8000"
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
# Lambda Function URL
|
||
|
resource "aws_lambda_function_url" "hello_docker_url" {
|
||
|
function_name = aws_lambda_function.hello_docker.function_name
|
||
|
authorization_type = "NONE"
|
||
|
|
||
|
cors {
|
||
|
allow_origins = ["*"]
|
||
|
}
|
||
|
}
|
||
|
|
||
|
# Lambda permission for Function URL
|
||
|
resource "aws_lambda_permission" "function_url" {
|
||
|
statement_id = "AllowExecutionFromFunctionURL"
|
||
|
action = "lambda:InvokeFunctionUrl"
|
||
|
function_name = aws_lambda_function.hello_docker.function_name
|
||
|
principal = "*"
|
||
|
function_url_auth_type = "NONE"
|
||
|
}
|