provider "aws" { region = "us-west-1" profile = "playground" } # ECR Repository resource "aws_ecr_repository" "hello_docker" { name = "hello-docker" image_scanning_configuration { scan_on_push = true } } # IAM Role for Lambda resource "aws_iam_role" "hello_docker_role" { name = "hello_docker_lambda_role" assume_role_policy = jsonencode({ Version = "2012-10-17" Statement = [{ Action = "sts:AssumeRole" Effect = "Allow" Principal = { Service = "lambda.amazonaws.com" } }] }) } # IAM Policy for Secrets Manager access resource "aws_iam_role_policy" "hello_docker_policy" { name = "hello_docker_function_access" role = aws_iam_role.hello_docker_role.id policy = jsonencode({ Version = "2012-10-17" Statement = [{ Effect = "Allow" Action = ["secretsmanager:GetSecretValue"] Resource = ["arn:aws:secretsmanager:us-west-1:003525187774:secret:*"] }] }) } # Attach CloudWatch Logs policy resource "aws_iam_role_policy_attachment" "hello_docker_logs" { role = aws_iam_role.hello_docker_role.name policy_arn = "arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs" } # Lambda Function resource "aws_lambda_function" "hello_docker" { function_name = "hello-docker" role = aws_iam_role.hello_docker_role.arn package_type = "Image" image_uri = "${aws_ecr_repository.hello_docker.repository_url}:latest" architectures = ["x86_64"] timeout = 10 environment { variables = { PORT = "8000" } } } # Lambda Function URL resource "aws_lambda_function_url" "hello_docker_url" { function_name = aws_lambda_function.hello_docker.function_name authorization_type = "NONE" cors { allow_origins = ["*"] } } # Lambda permission for Function URL resource "aws_lambda_permission" "function_url" { statement_id = "AllowExecutionFromFunctionURL" action = "lambda:InvokeFunctionUrl" function_name = aws_lambda_function.hello_docker.function_name principal = "*" function_url_auth_type = "NONE" }