iboss-ptk · July 10, 2019 06:13
diff --git a/api_gateway.tf b/api_gateway.tf
 resource "aws_api_gateway_rest_api" "manudped" {
  name        = "manudped"
  description = "manudped rss transformation"

  endpoint_configuration {
    types = ["REGIONAL"]
  }
 }

 resource "aws_api_gateway_resource" "rss" {
  rest_api_id = "${aws_api_gateway_rest_api.manudped.id}"
  parent_id   = "${aws_api_gateway_rest_api.manudped.root_resource_id}"

  path_part = "manudped.rss"
 }

 resource "aws_api_gateway_method" "get" {
  rest_api_id   = "${aws_api_gateway_rest_api.manudped.id}"
  resource_id   = "${aws_api_gateway_resource.rss.id}"
  http_method   = "GET"
  authorization = "NONE"
 }

 resource "aws_api_gateway_integration" "lambda" {
  rest_api_id = "${aws_api_gateway_rest_api.manudped.id}"
  resource_id = "${aws_api_gateway_method.get.resource_id}"
  http_method = "${aws_api_gateway_method.get.http_method}"

  integration_http_method = "POST"
  type                    = "AWS_PROXY"
  uri                     = "${aws_lambda_function.manudped_rss_trans.invoke_arn}"
 }

 resource "aws_api_gateway_deployment" "manudped" {
  depends_on = [
    "aws_api_gateway_integration.lambda",
  ]

  rest_api_id       = "${aws_api_gateway_rest_api.manudped.id}"
  stage_name        = "live"
  stage_description = "${md5(file("api_gateway.tf"))}"
 }

 resource "aws_lambda_permission" "apigw" {
  statement_id  = "AllowAPIGatewayInvoke"
  action        = "lambda:InvokeFunction"
  function_name = "${aws_lambda_function.manudped_rss_trans.arn}"
  principal     = "apigateway.amazonaws.com"

  # The /*/* portion grants access from any method on any resource
  # within the API Gateway "REST API".
  source_arn = "${aws_api_gateway_deployment.manudped.execution_arn}/*/*"
 }

 output "base_url" {
  value = "${aws_api_gateway_deployment.manudped.invoke_url}"
 }
diff --git a/deploy.sh b/deploy.sh
 #!/bin/bash

 set -e


 update_deployment_package () {
    PACKAGE_DIR="deployment"
    PACKAGE_NAME="lambda.zip"
    PACKAGE_PATH="$PACKAGE_DIR/$PACKAGE_NAME"


    if [ ! -d $PACKAGE_DIR ]; then
        echo "deployment directory not found"
        echo "creating  $PACKAGE_DIR directory..."
        mkdir $PACKAGE_DIR
    fi

    if [ -f $PACKAGE_PATH ]; then
        echo "lambda zip found"
        echo "cleaning up $PACKAGE_PATH ..."
        rm -f $PACKAGE_PATH
    fi

    cp app/target/x86_64-unknown-linux-musl/release/manudped-rss-trans ./bootstrap
    zip $PACKAGE_PATH bootstrap
    rm -f bootstrap
    aws s3 cp $PACKAGE_PATH "s3://manudped-rss-lambda-deployment/$PACKAGE_NAME"
 }

 apply_infra () {
    echo "applying infrastructure..."
    cd infrastructure
    terraform apply -auto-approve
 }


 # pipeline

 update_deployment_package
 apply_infra
diff --git a/lambda.tf b/lambda.tf
 resource "aws_s3_bucket" "manudped_rss_lambda_deployment" {
  bucket = "manudped-rss-lambda-deployment"
  acl    = "private"
 }

 resource "aws_lambda_function" "manudped_rss_trans" {
  function_name = "manudped_rss_trans"

  s3_bucket = "${aws_s3_bucket.manudped_rss_lambda_deployment.id}"
  s3_key    = "lambda.zip"

  source_code_hash = "${base64sha256(file("../deployment/lambda.zip"))}"

  handler = "provided"
  runtime = "provided"

  role = "${aws_iam_role.lambda_exec.arn}"
 }

 resource "aws_iam_role" "lambda_exec" {
  name = "manudped_rss_lambda_exec"

  assume_role_policy = <<EOF
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
 }
 EOF
 }

 resource "aws_iam_policy" "lambda_logging" {
  name        = "manudped_rss_lambda_logging"
  path        = "/"
  description = "IAM policy for logging from a lambda"

  policy = <<EOF
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*",
      "Effect": "Allow"
    }
  ]
 }
 EOF
 }

 resource "aws_iam_role_policy_attachment" "attach_lambda_logging_policy_to_lambda_exec_role" {
  role       = "${aws_iam_role.lambda_exec.name}"
  policy_arn = "${aws_iam_policy.lambda_logging.arn}"
 }
	resource "aws_api_gateway_rest_api" "manudped" {
	name = "manudped"
	description = "manudped rss transformation"

	endpoint_configuration {
	types = ["REGIONAL"]
	}
	}

	resource "aws_api_gateway_resource" "rss" {
	rest_api_id = "${aws_api_gateway_rest_api.manudped.id}"
	parent_id = "${aws_api_gateway_rest_api.manudped.root_resource_id}"

	path_part = "manudped.rss"
	}

	resource "aws_api_gateway_method" "get" {
	rest_api_id = "${aws_api_gateway_rest_api.manudped.id}"
	resource_id = "${aws_api_gateway_resource.rss.id}"
	http_method = "GET"
	authorization = "NONE"
	}

	resource "aws_api_gateway_integration" "lambda" {
	rest_api_id = "${aws_api_gateway_rest_api.manudped.id}"
	resource_id = "${aws_api_gateway_method.get.resource_id}"
	http_method = "${aws_api_gateway_method.get.http_method}"

	integration_http_method = "POST"
	type = "AWS_PROXY"
	uri = "${aws_lambda_function.manudped_rss_trans.invoke_arn}"
	}

	resource "aws_api_gateway_deployment" "manudped" {
	depends_on = [
	"aws_api_gateway_integration.lambda",
	]

	rest_api_id = "${aws_api_gateway_rest_api.manudped.id}"
	stage_name = "live"
	stage_description = "${md5(file("api_gateway.tf"))}"
	}

	resource "aws_lambda_permission" "apigw" {
	statement_id = "AllowAPIGatewayInvoke"
	action = "lambda:InvokeFunction"
	function_name = "${aws_lambda_function.manudped_rss_trans.arn}"
	principal = "apigateway.amazonaws.com"

	# The // portion grants access from any method on any resource
	# within the API Gateway "REST API".
	source_arn = "${aws_api_gateway_deployment.manudped.execution_arn}//"
	}

	output "base_url" {
	value = "${aws_api_gateway_deployment.manudped.invoke_url}"
	}
	#!/bin/bash

	set -e


	update_deployment_package () {
	PACKAGE_DIR="deployment"
	PACKAGE_NAME="lambda.zip"
	PACKAGE_PATH="$PACKAGE_DIR/$PACKAGE_NAME"


	if [ ! -d $PACKAGE_DIR ]; then
	echo "deployment directory not found"
	echo "creating $PACKAGE_DIR directory..."
	mkdir $PACKAGE_DIR
	fi

	if [ -f $PACKAGE_PATH ]; then
	echo "lambda zip found"
	echo "cleaning up $PACKAGE_PATH ..."
	rm -f $PACKAGE_PATH
	fi

	cp app/target/x86_64-unknown-linux-musl/release/manudped-rss-trans ./bootstrap
	zip $PACKAGE_PATH bootstrap
	rm -f bootstrap
	aws s3 cp $PACKAGE_PATH "s3://manudped-rss-lambda-deployment/$PACKAGE_NAME"
	}

	apply_infra () {
	echo "applying infrastructure..."
	cd infrastructure
	terraform apply -auto-approve
	}


	# pipeline

	update_deployment_package
	apply_infra
	resource "aws_s3_bucket" "manudped_rss_lambda_deployment" {
	bucket = "manudped-rss-lambda-deployment"
	acl = "private"
	}

	resource "aws_lambda_function" "manudped_rss_trans" {
	function_name = "manudped_rss_trans"

	s3_bucket = "${aws_s3_bucket.manudped_rss_lambda_deployment.id}"
	s3_key = "lambda.zip"

	source_code_hash = "${base64sha256(file("../deployment/lambda.zip"))}"

	handler = "provided"
	runtime = "provided"

	role = "${aws_iam_role.lambda_exec.arn}"
	}

	resource "aws_iam_role" "lambda_exec" {
	name = "manudped_rss_lambda_exec"

	assume_role_policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Action": "sts:AssumeRole",
	"Principal": {
	"Service": "lambda.amazonaws.com"
	},
	"Effect": "Allow",
	"Sid": ""
	}
	]
	}
	EOF
	}

	resource "aws_iam_policy" "lambda_logging" {
	name = "manudped_rss_lambda_logging"
	path = "/"
	description = "IAM policy for logging from a lambda"

	policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Action": [
	"logs:CreateLogGroup",
	"logs:CreateLogStream",
	"logs:PutLogEvents"
	],
	"Resource": "arn:aws:logs:::*",
	"Effect": "Allow"
	}
	]
	}
	EOF
	}

	resource "aws_iam_role_policy_attachment" "attach_lambda_logging_policy_to_lambda_exec_role" {
	role = "${aws_iam_role.lambda_exec.name}"
	policy_arn = "${aws_iam_policy.lambda_logging.arn}"
	}