[Terraform][Module/Test] AWS S3 Notification with Lambda

[Terraform][Module/Test] AWS S3 Notification with Lambda

terraform/modules/aws/serverless/s3_notification_lambda/_.provider.tf

@@ -0,0 +1,4 @@
+provider "aws" {
+  profile = var.profile
+  region  = var.region
+}

terraform/modules/aws/serverless/s3_notification_lambda/_.variables.tf

@@ -0,0 +1,58 @@
+# [Provider]
+variable "profile" {
+  type        = string
+  description = "aws configuration profile name"
+}
+
+variable "region" {
+  type        = string
+  description = "aws configuration region name"
+}
+
+
+# [Structure]
+variable "prefix" {
+  type        = string
+  description = <<-DESCRIPTION
+  Generally, prefix contains "service" and "stage"
+
+  - service must be 2~5, for example : "kevin"
+  - stage must be 2~5, for example : ["prod", "dev", "stage", "test"]
+  - prefix for examples : ["kevin-prod", "kevin-dev", "kevin-stage", "kevin-test"]
+  DESCRIPTION
+
+  validation {
+    condition     = can(regex("^[a-z\\-]{4,11}$", var.prefix))
+    error_message = "var.prefix must be 10 with lowercase eng"
+  }
+}
+
+variable "suffix" {
+  type        = string
+  description = <<-DESCRIPTION
+  Generally, suffix contains "region_name"
+
+  - regaion_name
+  - Best : "ap-ne-2"
+  - Worst : "ap-northeast-2"
+  DESCRIPTION
+
+  validation {
+    condition     = can(regex("^[a-z0-9\\-]{4,71}$", var.suffix))
+    error_message = "var.suffix must be 10 with lowercase eng"
+  }
+}
+
+# [Resource]
+variable "module_name" { type =  string }
+variable "s3_arn" { type = string }
+variable "s3_noti_trigger_events" { type=list(string) }
+
+variable "s3_noti_module_name" { type = string }
+variable "s3_noti_expression" { type = string }
+
+variable "s3_noti_labmda_vpc_id" { type = string }
+variable "s3_noti_labmda_subnet_ids" { type = list(string) }
+
+variable "s3_noti_lambda_tags" { type = map(any) }
+variable "s3_noti_lambda_sg_tags" { type = map(any) }

terraform/modules/aws/serverless/s3_notification_lambda/s3.noti.iam.role.tf

@@ -0,0 +1,32 @@
+module "s3_noti_iam_role" {
+    source = "../../../../resources/aws/iam/role"
+
+    name = "${var.prefix}-iam-role-${var.module_name}-${var.suffix}"
+    assume_role_policy = {
+        Version = "2012-10-17",
+        Statement = [
+        {
+            Action    = ["sts:AssumeRole"],
+            Effect    = "Allow",
+            Principal = { Service = "lambda.amazonaws.com" }
+        }
+        ]
+    }
+
+    managed_policy_arns = []
+
+    inline_policy_name    = "${var.prefix}-iam-policy-${var.module_name}-${var.suffix}"
+    inline_policy_version = "2012-10-17"
+    inline_policy_statements = [
+        {
+        Action = [
+            "logs:CreateLogStream",
+            "logs:CreateLogGroup",
+            "logs:PutLogEvents"
+        ],
+        Effect   = "Allow",
+        Resource = ["*"]
+        }
+    ]
+
+}

terraform/modules/aws/serverless/s3_notification_lambda/s3.noti.lambda.permission.tf

@@ -0,0 +1,7 @@
+module "s3_noti_lambda_permission" {
+  source = "../../../../resources/aws/lambda/permission"
+
+  principal     = "s3.amazonaws.com"
+  source_arn    = var.s3_arn
+  function_name = module.s3_noti_lambda.function_name
+}

terraform/modules/aws/serverless/s3_notification_lambda/s3.noti.lambda.sg.tf

@@ -0,0 +1,16 @@
+module "s3_noti_lambda_sg" {
+  source = "../../../../resources/aws/ec2/sg"
+
+  vpc_id = var.s3_noti_labmda_vpc_id
+  name   = "${var.prefix}-ec2-sg-${var.module_name}-${var.suffix}"
+
+  ingress_rules = []
+  egress_rules = [{
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }]
+
+  tags = var.s3_noti_lambda_sg_tags
+}

terraform/modules/aws/serverless/s3_notification_lambda/s3.noti.lambda.tf

@@ -0,0 +1,31 @@
+module "s3_noti_lambda" {
+    source = "../../../../resources/aws/lambda/function"
+
+  architectures = ["x86_64"]
+  function_name = "${var.prefix}-lambda-${var.module_name}-${var.suffix}"
+  handler       = "index.handler"
+  role          = module.s3_noti_iam_role.arn
+
+    runtime          = "nodejs16.x"
+  filename         = "./sample-lambda.zip"
+  skip_destroy     = false
+  source_code_hash = "gp9qRIEwMBPJNVaM+zj7DBQokrdIKhLQ9HMntWNNzf8="
+  layers           = []
+
+  memory_size                    = 128
+  package_type                   = null
+  reserved_concurrent_executions = -1
+  timeout                        = 60
+  ephemeral_storage_size         = 512
+  tracing_config_mode            = "PassThrough"
+  environment                    = {}
+
+  vpc_config = {
+    ipv6_allowed_for_dual_stack = false
+    security_group_ids          = [module.s3_noti_lambda_sg.id]
+    subnet_ids                  = var.s3_noti_labmda_subnet_ids
+  }
+
+  tags = var.s3_noti_lambda_tags
+
+}

terraform/modules/aws/serverless/s3_notification_lambda/s3.noti.trigger.tf

@@ -0,0 +1,11 @@
+module "s3_noti_trigger" {
+    source = "../../../../resources/aws/s3/bucket_notification"
+
+    bucket_id = ""
+    lambda_functions = [{
+      lambda_function_arn = module.s3_noti_lambda.arn
+      events = var.s3_noti_trigger_events
+      filter_prefix = null
+      filter_suffix = null
+    }]
+}

terraform/test/modules/aws/serverless/s3_notification_lambda/main.serverless.s3_notification_lambda._test.go

@@ -0,0 +1,18 @@
+package main
+
+import (
+	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
+)
+
+func Test_Terraform_Modules_Aws_Serverless_S3NotificationLambda(t *testing.T) {
+	tfOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+		TerraformDir: "../../../../../modules/aws/serverless/s3_notification_lambda",
+		VarFiles:     []string{"./sample.tfvars"},
+	})
+
+	defer terraform.Destroy(t, tfOptions)
+
+	terraform.Init(t, tfOptions)
+}