-
Notifications
You must be signed in to change notification settings - Fork 1
/
lambda.tf
122 lines (103 loc) · 4.26 KB
/
lambda.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
locals {
source_code_repo_dir_path = "lambda-code"
lambda_code_dir = "lambda_src"
output_dist_file_name = "lambda-code.zip"
runtime = "python3.9"
source_code_dist_dir_path = "lambda-code-dist"
upload_dir = "sentry_integration"
lambda_sg_ids = var.deploy_lambda_in_vpc && length(var.lambda_security_group_ids) == 0 ? [aws_security_group.sentry_integration_lambda_sg.0.id] : var.lambda_security_group_ids
lambda_file_lists = flatten([
[for fn in fileset("${path.module}/${local.source_code_repo_dir_path}", "**") : "${path.module}/${local.source_code_repo_dir_path}/${fn}"],
"${path.module}/scripts/create_dist_pkg.sh"
])
lambda_file_hashes = jsonencode({ for fn in sort(local.lambda_file_lists) : fn => filesha256(fn) })
}
resource "null_resource" "install_python_dependencies" {
# # If this always runs archive_file is fine, else we have an issue during refresh:
# # https://github.com/hashicorp/terraform-provider-archive/issues/78
triggers = {
lambda_file_hashes = local.lambda_file_hashes
}
provisioner "local-exec" {
command = "bash ${path.module}/scripts/create_dist_pkg.sh"
environment = {
source_code_repo_dir_path = "${local.source_code_repo_dir_path}"
lambda_code_dir_path = "${local.source_code_repo_dir_path}/${local.lambda_code_dir}"
source_code_dist_dir_path = local.source_code_dist_dir_path
source_code_upload_dir = local.upload_dir
runtime = local.runtime
path_module = path.module
path_cwd = path.cwd
}
}
}
data "archive_file" "lambda_code" {
source_dir = "${path.module}/${local.source_code_dist_dir_path}/"
output_path = "${path.module}/${local.output_dist_file_name}"
type = "zip"
excludes = [
"__pycache__",
".mypy_cache",
".pytest_cache",
"venv",
".placeholder",
]
depends_on = [null_resource.install_python_dependencies]
}
resource "aws_lambda_function" "sentry_integration_lambda" {
function_name = local.lambda_function_name
role = aws_iam_role.sentry_integration_lambda_assume_role.arn
handler = "sentry_integration.lambda_function.lambda_handler"
memory_size = "4096" # 4 GB
runtime = local.runtime
timeout = "900" # 15 mins
publish = null
filename = data.archive_file.lambda_code.output_path
source_code_hash = data.archive_file.lambda_code.output_size > 500 ? data.archive_file.lambda_code.output_base64sha256 : null
vpc_config {
security_group_ids = var.deploy_lambda_in_vpc ? local.lambda_sg_ids : []
subnet_ids = var.deploy_lambda_in_vpc ? var.lambda_subnet_ids : []
}
environment {
variables = {
LOGGING_LEVEL = var.env == "prod" ? "INFO" : "DEBUG"
DEFAULT_SNOWFLAKE_ERROR_DSN = var.default_snowflake_error_dsn
}
}
depends_on = [
aws_cloudwatch_log_group.sentry_integration_lambda_log_group
]
}
# resource "null_resource" "clean_up_pip_files" {
# # If this always runs archive_file is fine, else we have an issue during refresh:
# # https://github.com/hashicorp/terraform-provider-archive/issues/78
# triggers = {
# always_run = timestamp()
# }
# provisioner "local-exec" {
# command = "bash ${path.module}/scripts/clean_dist_pkg.sh"
# environment = {
# source_code_dist_dir_path = local.source_code_dist_dir_path
# path_module = path.module
# path_cwd = path.cwd
# dist_archive_file_name = local.output_dist_file_name
# }
# }
# depends_on = [
# aws_lambda_function.sentry_integration_lambda,
# ]
# }
resource "aws_lambda_permission" "api_gateway" {
statement_id = "AllowAPIGatewayToInvoke"
function_name = aws_lambda_function.sentry_integration_lambda.function_name
principal = "apigateway.amazonaws.com"
action = "lambda:InvokeFunction"
source_arn = "${aws_api_gateway_rest_api.ef_to_lambda.execution_arn}/*/*"
}
resource "aws_lambda_permission" "allow_invocation_from_sns" {
statement_id = "AllowExecutionFromSNS"
function_name = aws_lambda_function.sentry_integration_lambda.function_name
principal = "sns.amazonaws.com"
action = "lambda:InvokeFunction"
source_arn = aws_sns_topic.sentry_integration_sns.arn
}