Skip to content

Instantly share code, notes, and snippets.

@hervekhg

hervekhg/iam_role_lambda.tf

Created April 29, 2019 15:36
Show Gist options
  • Save hervekhg/8c58583d5258f4a216328f02cfd0d541 to your computer and use it in GitHub Desktop.
Save hervekhg/8c58583d5258f4a216328f02cfd0d541 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
iam_role_lambda.tf
# --------------------------------------------------------------
# IAM ROLES FOR LAMBDA FUNCTION
# ---------------------------------------------------------------
resource "aws_iam_role" "aws_iam_role_lambda" {
name = "${data.consul_keys.ck.var.project_name}-${var.install_name}-${var.env}-lambda-processing"
assume_role_policy = "${data.aws_iam_policy_document.lambda_assume.json}"
tags {
env = "${var.env}"
resource-name = "${data.consul_keys.ck.var.project_name}"
BillingBusinessApp = "${data.consul_keys.ck.var.billing_business_app}"
Name = "${data.consul_keys.ck.var.project_name}-${var.install_name}-iam-lambda"
}
}
resource "aws_iam_role_policy" "iam_role_policy_lambda" {
name = "${data.consul_keys.ck.var.project_name}-${var.install_name}-${var.env}-lambda"
role = "${aws_iam_role.aws_iam_role_lambda.id}"
policy = "${data.aws_iam_policy_document.iam_role_policy_lambda.json}"
}
data "aws_iam_policy_document" "iam_role_policy_lambda" {
statement {
sid = "AllowLambdaActionsOnSns",
effect = "Allow",
actions = [
"sns:Publish"
]
resources = [
"${data.consul_keys.ck.var.sns_nagios_arn}"
]
},
statement {
sid = "AllowLambdaClouWatchVPC",
effect = "Allow",
actions = [
"cloudwatch:*",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:DescribeNetworkInterfaces",
]
resources = [
"*"
]
}
}
data "aws_iam_policy_document" "lambda_assume" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["lambda.amazonaws.com"]
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment