Merge pull request #18 from kunduso/add-lambda

Add lambda

README.md

@@ -1,3 +1,27 @@
 [![License: Unlicense](https://img.shields.io/badge/license-Unlicense-white.svg)](https://choosealicense.com/licenses/unlicense/) [![GitHub pull-requests closed](https://img.shields.io/github/issues-pr-closed/kunduso/add-aws-lambda-terraform)](https://github.com/kunduso/add-aws-lambda-terraform/pulls?q=is%3Apr+is%3Aclosed) [![GitHub pull-requests](https://img.shields.io/github/issues-pr/kunduso/add-aws-lambda-terraform)](https://GitHub.com/kunduso/add-aws-lambda-terraform/pull/) 
 [![GitHub issues-closed](https://img.shields.io/github/issues-closed/kunduso/add-aws-lambda-terraform)](https://github.com/kunduso/add-aws-lambda-terraform/issues?q=is%3Aissue+is%3Aclosed) [![GitHub issues](https://img.shields.io/github/issues/kunduso/add-aws-lambda-terraform)](https://GitHub.com/kunduso/add-aws-lambda-terraform/issues/) 
-[![terraform-infra-provisioning](https://github.com/kunduso/add-aws-lambda-terraform/actions/workflows/terraform.yml/badge.svg?branch=main)](https://github.com/kunduso/add-aws-lambda-terraform/actions/workflows/terraform.yml) [![checkov-static-analysis-scan](https://github.com/kunduso/add-aws-lambda-terraform/actions/workflows/code-scan.yml/badge.svg?branch=main)](https://github.com/kunduso/add-aws-lambda-terraform/actions/workflows/code-scan.yml)
+[![terraform-infra-provisioning](https://github.com/kunduso/add-aws-lambda-terraform/actions/workflows/terraform.yml/badge.svg?branch=main)](https://github.com/kunduso/add-aws-lambda-terraform/actions/workflows/terraform.yml) [![checkov-static-analysis-scan](https://github.com/kunduso/add-aws-lambda-terraform/actions/workflows/code-scan.yml/badge.svg?branch=main)](https://github.com/kunduso/add-aws-lambda-terraform/actions/workflows/code-scan.yml)
+![Image](https://skdevops.files.wordpress.com/2024/06/95-image-0-1.png)
+This repository contains the necessary files and configurations to deploy AWS cloud infrastructure resources using Terraform. For a detailed walkthrough on creating an AWS Lambda function using Terraform please check [-create-aws-lambda-using-github-actions](https://skundunotes.com/2024/06/18/automating-aws-lambda-deployment-harnessing-terraform-github-actions-and-python-for-cloudwatch-logging/).
+
+Additionally, this repository includes:
+</br> - a [Checkov pipeline](./.github/workflows/code-scan.yml) for scanning the Terraform code for security and compliance issues.
+
+The entire setup and deployment process is automated via the GitHub Actions pipelines, eliminating the need for manual steps.
+
+## Prerequisites
+For this code to function without errors, create an OpenID connect identity provider in Amazon Identity and Access Management that has a trust relationship with your GitHub repository. You can read about it [here](https://skundunotes.com/2023/02/28/securely-integrate-aws-credentials-with-github-actions-using-openid-connect/) to get a detailed explanation with steps.
+<br />Store the `ARN` of the `IAM Role` as a GitHub secret which is referred in the `terraform.yml` file.
+<br />For the **Infracost** integration, create an `INFRACOST_API_KEY` and store that as a GitHub Actions secret. You can manage the cost estimate process using a GitHub Actions variable `INFRACOST_SCAN_TYPE` where the value is either `hcl_code` or `tf_plan`, depending on the type of scan desired.
+<br />You can read about that at - [integrate-Infracost-with-GitHub-Actions.](http://skundunotes.com/2023/07/17/estimate-aws-cloud-resource-cost-with-infracost-terraform-and-github-actions/)
+## Usage
+Ensure that the policy attached to the IAM role whose credentials are being used in this configuration has permission to create and manage all the resources that are included in this repository.
+<br />Review the code including the [`terraform.yml`](./.github/workflows/terraform.ymlt) to understand the steps in the GitHub Actions pipeline. Also review the terraform code to understand all the concepts associated with creating the AWS Cloud resources..
+
+<br />If you want to check the pipeline logs, click on the **Build Badges** above the image in this ReadMe.
+
+## Contributing
+If you find any issues or have suggestions for improvement, feel free to open an issue or submit a pull request. Contributions are always welcome!
+
+## License
+This code is released under the Unlicense License. See [LICENSE](LICENSE).

cloudwatch.tf

@@ -3,7 +3,6 @@ resource "aws_cloudwatch_log_group" "lambda_log" {
   name              = "${var.log_group_prefix}${var.name}" #"/aws/lambda/${var.name}"
   retention_in_days = 365
   kms_key_id        = aws_kms_key.encryption_rest.arn
-  # depends_on = [ aws_kms_key.encryption_rest ]
 }
 #
 #https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_stream

iam_role.tf

@@ -35,7 +35,6 @@ resource "aws_iam_policy" "lambda_policy" {
       {
         Effect = "Allow",
         Action = [
-          "logs:CreateLogGroup",
           "logs:CreateLogStream",
           "logs:PutLogEvents"
         ],
@@ -52,6 +51,7 @@ resource "aws_iam_policy" "lambda_policy" {
   })
 }
 
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment
 resource "aws_iam_role_policy_attachment" "lambda_policy_attachement" {
   role       = aws_iam_role.lambda_role.name
   policy_arn = aws_iam_policy.lambda_policy.arn

lambda.tf

@@ -1,9 +1,10 @@
+#https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file
 data "archive_file" "python_file" {
   type        = "zip"
   source_dir  = "${path.module}/lambda_function/"
   output_path = "${path.module}/lambda_function/lambda_function.zip"
 }
-
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function
 resource "aws_lambda_function" "lambda_run" {
   filename         = "${path.module}/lambda_function/lambda_function.zip"
   source_code_hash = data.archive_file.python_file.output_base64sha256
@@ -23,7 +24,6 @@ resource "aws_lambda_function" "lambda_run" {
       log_group_name  = aws_cloudwatch_log_group.lambda_log.name
       log_stream_name = aws_cloudwatch_log_stream.log_stream.name
     }
-
   }
   #checkov:skip=CKV_AWS_50: Not applicable in this use case: X-Ray tracing is enabled for Lambda
   #checkov:skip=CKV_AWS_115: Not applicable in this use case: Ensure that AWS Lambda function is configured for function-level concurrent execution limit
@@ -32,17 +32,20 @@ resource "aws_lambda_function" "lambda_run" {
   #checkov:skip=CKV_AWS_173: Not applicable in this use case
   #checkov:skip=CKV_AWS_272: Not applicable in this use case: Ensure AWS Lambda function is configured to validate code-signing
 }
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule
 resource "aws_cloudwatch_event_rule" "lambda_trigger" {
-  name                = "lambda_trigger_rule"
+  name                = "${var.name}-lambda-trigger-rule"
   schedule_expression = "rate(10 minutes)"
 }
 
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target
 resource "aws_cloudwatch_event_target" "lambda_target" {
   rule      = aws_cloudwatch_event_rule.lambda_trigger.name
   target_id = "lambda_target"
   arn       = aws_lambda_function.lambda_run.arn
 }
 
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission
 resource "aws_lambda_permission" "allow_cloudwatch" {
   statement_id  = "AllowExecutionFromCloudWatch"
   action        = "lambda:InvokeFunction"