AWS LambdaをTerraformで作成

作成するリソース

Lambda用のロール

lambda関数

code:terraform

// AWS Lambda Role

resource "aws_iam_role" "aws_lambda_service_role" {

name = "aws_lambda_service_role"

description = "Role for AWS Lambda"

assume_role_policy = "${data.aws_iam_policy_document.aws_lambda_service_role.json}"

}

data "aws_iam_policy_document" "aws_lambda_service_role" {

statement {

principals {

type = "Service"

}

}

}

// 基本的な実行ポリシーとクラウドウォッチのReadOnly付与する

resource "aws_iam_role_policy_attachment" "aws_lambda_service_role1" {

role = "${aws_iam_role.aws_lambda_service_role.name}"

policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"

}

resource "aws_iam_role_policy_attachment" "aws_lambda_service_role2" {

role = "${aws_iam_role.aws_lambda_service_role.name}"

policy_arn = "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess"

}

// lambdaの準備

data "archive_file" "post_slack" {

type = "zip"

source_dir = "./source_code"

output_path = "./source_code.zip"

}

resource "aws_lambda_function" "job_failed_notify" {

function_name = "slack-notify"

role = "${aws_iam_role.aws_lambda_service_role.arn}"

filename = "${data.archive_file.post_slack.output_path}"

source_code_hash = "${data.archive_file.post_slack.output_base64sha256}"

handler = "main.lambda_handler"

runtime = "python3.7"

memory_size = 128

timeout = 300

environment {

variables = {

SLACK_CHANNEL = "${terraform.workspace == "staging" ? "#debug-channel" : "#pred-channel"}"

}

}

}

resource "aws_lambda_permission" "job_failed_notify" {

statement_id = "job-failed-notify-${terraform.workspace}"

action = "lambda:InvokeFunction"

function_name = "${aws_lambda_function.job_failed_notify.function_name}"

principal = "events.amazonaws.com"

source_arn = "${aws_cloudwatch_event_rule.job_failed.arn}"

}