bumpsoo/ssg_today_menu_slack
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ssg_today_menu_slack/main.tf
bumpsoo 1b8b580554 기본 구조 완성. 파일 정리하면 끝. 일단 배포 완료 
todo
- tf 파일의 slack_url 환경변수 등으로 정리
- 배포하는 스크립트? 필요할 것 같기도 함
2024-07-03 05:06:54 +09:00

190 lines
4.8 KiB
HCL
Raw Permalink Blame History

# Provider Configuration
provider "aws" {
region = "ap-northeast-2"
}
# Locals for Constants (replace values as needed)
locals {
prefix = "bumpsoo-menu"
image_bucket_name = "${local.prefix}-img-bucket"
lambda_role_name = "${local.prefix}-lambda-role"
lambda_function_name = "${local.prefix}-lambda"
lambda_filename = "artifacts.zip" # Zip file containing Lambda code
lambda_handler = "main.lambda_handler" # Replace with your handler
weekday_rule_name = "${local.prefix}-weekday-image-upload"
schedule_role_name = "${local.prefix}-schedule-role"
}
# S3 Bucket (Publicly Accessible)
resource "aws_s3_bucket" "image_bucket" {
bucket = local.image_bucket_name
}
# S3 Bucket Public Access Block (disabled for objects)
resource "aws_s3_bucket_public_access_block" "image_bucket_public_access_block" {
bucket = aws_s3_bucket.image_bucket.id
block_public_acls = false # Block public ACLs
block_public_policy = false # Block public bucket policies
ignore_public_acls = false # Ignore public ACLs on existing objects
restrict_public_buckets = false # Restrict public bucket policies on existing buckets
}
resource "aws_s3_bucket_policy" "image_bucket_policy" {
depends_on = [
aws_s3_bucket.image_bucket,
aws_s3_bucket_public_access_block.image_bucket_public_access_block
]
bucket = aws_s3_bucket.image_bucket.id
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bumpsoo-menu-img-bucket/*"
}
]
}
EOF
}
# IAM Role for Lambda (EventBridge Permissions)
resource "aws_iam_role" "lambda_role" {
name = local.lambda_role_name
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Principal = {
Service = "lambda.amazonaws.com"
}
Effect = "Allow"
}
]
})
# Policy to allow EventBridge rule creation/management
inline_policy {
name = "lambda_eventbridge_policy"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"scheduler:CreateSchedule",
"scheduler:UpdateSchedule",
]
Resource = "*"
},
{
Effect = "Allow"
Action = [
"iam:PassRole",
]
Resource = "*"
},
{
Effect = "Allow"
Action = "s3:PutObject"
Resource = "*"
},
{
Effect = "Allow"
Action = [
"logs:CreateLogStream",
"logs:CreateLogGroup",
"logs:PutLogEvents"
]
Resource = "*"
}
]
})
}
}
# IAM Role for Lambda (EventBridge Permissions)
resource "aws_iam_role" "schedule_role" {
name = local.schedule_role_name
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Principal = {
Service = "scheduler.amazonaws.com"
}
Effect = "Allow"
}
]
})
# Policy to allow EventBridge rule creation/management
inline_policy {
name = "schedule_invoke_any_lambda"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"lambda:InvokeFunction"
]
Resource = "*"
}
]
})
}
}
resource "aws_cloudwatch_log_group" "image_lambda_log_group" {
name = "/aws/lambda/${local.lambda_function_name}"
retention_in_days = 14 # Adjust retention period as needed
}
# Lambda Function
resource "aws_lambda_function" "image_lambda" {
function_name = local.lambda_function_name
filename = local.lambda_filename
role = aws_iam_role.lambda_role.arn
handler = local.lambda_handler
runtime = "python3.11"
timeout = 60
environment {
variables = {
SCHEDULE_ROLE_ARN = aws_iam_role.schedule_role.arn
S3_BUCKET_NAME = local.image_bucket_name
}
}
depends_on = [aws_cloudwatch_log_group.image_lambda_log_group]
}
resource "aws_scheduler_schedule" "weekday_schedule" {
name = local.weekday_rule_name # Keep the same name
description = "Trigger Lambda at 10 AM on weekdays (KST)"
schedule_expression = "cron(30 10 ? * MON-FRI *)"
schedule_expression_timezone = "Asia/Seoul"
flexible_time_window {
mode = "OFF"
}
target {
arn = aws_lambda_function.image_lambda.arn
role_arn = aws_iam_role.schedule_role.arn
input = <<EOF
{"slack_url": "https://hooks.slack.com/services/"}
EOF
}
}
Reference in a new issue View git blame Copy permalink