forked from kgorskowski/ebs_bckup
-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.tf
91 lines (75 loc) · 3.54 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# Create the lambda role (using lambdarole.json file)
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
resource "aws_iam_role" "ebs_bckup-role-lambdarole" {
name = "${var.stack_prefix}-role-lambdarole-${var.unique_name}"
assume_role_policy = "${file("${path.module}/files/lambdarole.json")}"
}
# Apply the Policy Document we just created
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
resource "aws_iam_role_policy" "ebs_bckup-role-lambdapolicy" {
name = "${var.stack_prefix}-role-lambdapolicy-${var.unique_name}"
role = "${aws_iam_role.ebs_bckup-role-lambdarole.id}"
policy = "${file("${path.module}/files/lambdapolicy.json")}"
}
# Output the ARN of the lambda role
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Render vars.ini for Lambda function
data "template_file" "vars" {
template = "${file("${path.module}/files/vars.ini.template")}"
vars {
EC2_INSTANCE_TAG = "${var.EC2_INSTANCE_TAG}"
RETENTION_DAYS = "${var.RETENTION_DAYS}"
REGIONS = "${join(",", var.regions)}"
}
}
resource "null_resource" "buildlambdazip" {
triggers { key = "${uuid()}" }
provisioner "local-exec" {
command = <<EOF
mkdir -p "${path.module}/lambda" && mkdir -p "${path.module}/tmp"
cp "${path.module}/ebs_bckup/ebs_bckup.py" "${path.module}/tmp/ebs_bckup.py"
echo "${data.template_file.vars.rendered}" > "${path.module}/tmp/vars.ini"
EOF
}
}
data "archive_file" "lambda_zip" {
type = "zip"
source_dir = "${path.module}/tmp"
output_path = "${path.module}/lambda/${var.stack_prefix}-${var.unique_name}.zip"
depends_on = ["null_resource.buildlambdazip"]
}
# Create lambda function
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
resource "aws_lambda_function" "ebs_bckup_lambda" {
function_name = "${var.stack_prefix}_lambda_${var.unique_name}"
filename = "${path.module}/lambda/${var.stack_prefix}-${var.unique_name}.zip"
source_code_hash = "${data.archive_file.lambda_zip.output_base64sha256}"
role = "${aws_iam_role.ebs_bckup-role-lambdarole.arn}"
runtime = "python2.7"
handler = "ebs_bckup.lambda_handler"
timeout = "60"
publish = true
depends_on = ["null_resource.buildlambdazip"]
}
# Run the function with CloudWatch Event cronlike scheduler
resource "aws_cloudwatch_event_rule" "ebs_bckup_timer" {
name = "${var.stack_prefix}_ebs_bckup_event_${var.unique_name}"
description = "Cronlike scheduled Cloudwatch Event for creating and deleting EBS Snapshots"
schedule_expression = "cron(${var.cron_expression})"
}
# Assign event to Lambda target
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
resource "aws_cloudwatch_event_target" "run_ebs_bckup_lambda" {
rule = "${aws_cloudwatch_event_rule.ebs_bckup_timer.name}"
target_id = "${aws_lambda_function.ebs_bckup_lambda.id}"
arn = "${aws_lambda_function.ebs_bckup_lambda.arn}"
}
# Allow lambda to be called from cloudwatch
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
resource "aws_lambda_permission" "allow_cloudwatch_to_call" {
statement_id = "${var.stack_prefix}_AllowExecutionFromCloudWatch_${var.unique_name}"
action = "lambda:InvokeFunction"
function_name = "${aws_lambda_function.ebs_bckup_lambda.function_name}"
principal = "events.amazonaws.com"
source_arn = "${aws_cloudwatch_event_rule.ebs_bckup_timer.arn}"
}