From 8e4a3cfe867a5fea526f6a2c11fa06424102023c Mon Sep 17 00:00:00 2001
From: edebrye <edebrye@ippon.fr>
Date: Tue, 30 Mar 2021 11:43:55 +0200
Subject: [PATCH] added lambda provisionning
---
deploy/cloudwatch_api_logs.tf | 2 +-
deploy/lambda.tf | 24 ++++++++++++++++++++++--
deploy/lambda/src/create-one.js | 1 +
3 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/deploy/cloudwatch_api_logs.tf b/deploy/cloudwatch_api_logs.tf
index 64b01a7..be6dc06 100644
--- a/deploy/cloudwatch_api_logs.tf
+++ b/deploy/cloudwatch_api_logs.tf
@@ -61,7 +61,7 @@ resource "aws_iam_role_policy_attachment" "lambda_apigw" {
}
resource "aws_iam_policy" "apigw_read_only" {
- name = "ApiGatewayReadOnly"
+ name = "${local.prefix}-ApiGatewayReadOnly"
path = "/"
description = "Read only for describing APIGateway services"
# Terraform's "jsonencode" function converts a
diff --git a/deploy/lambda.tf b/deploy/lambda.tf
index ee4146e..aec22bc 100644
--- a/deploy/lambda.tf
+++ b/deploy/lambda.tf
@@ -9,9 +9,10 @@ resource "aws_lambda_function" "crud" {
role = aws_iam_role.iam_for_lambda.arn
handler = "${each.key}.handler"
timeout = 10
- source_code_hash = filebase64sha256(data.archive_file.lambda_file.output_path)
+ source_code_hash = data.archive_file.lambda_file.output_base64sha256
runtime = "nodejs12.x"
reserved_concurrent_executions = 2
+ publish = true
layers = [
"arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension:14"
]
@@ -36,7 +37,7 @@ resource "aws_lambda_function" "index" {
role = aws_iam_role.iam_for_lambda.arn
handler = "index.handler"
timeout = 10
- source_code_hash = filebase64sha256(data.archive_file.lambda_index_file.output_path)
+ source_code_hash = data.archive_file.lambda_index_file.output_base64sha256
runtime = "nodejs12.x"
reserved_concurrent_executions = 2
layers = [
@@ -46,6 +47,10 @@ resource "aws_lambda_function" "index" {
tags = local.common_tags
}
+###############
+# Permissions #
+###############
+
resource "aws_iam_role" "iam_for_lambda" {
name = "${local.prefix}-lambda"
assume_role_policy = file("./templates/lambda/assume-role-policy.json")
@@ -75,6 +80,10 @@ resource "aws_iam_role_policy_attachment" "lambda_insights" {
policy_arn = "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy"
}
+#########
+# Files #
+#########
+
data "archive_file" "lambda_file" {
type = "zip"
output_path = "${local.lambda_loc}/zip/lambda.zip"
@@ -86,3 +95,14 @@ data "archive_file" "lambda_index_file" {
output_path = "${local.lambda_loc}/zip/index.zip"
source_file = "${local.lambda_loc}/src/index.js"
}
+
+#################
+# Provisionning #
+#################
+
+resource "aws_lambda_provisioned_concurrency_config" "crud" {
+ for_each = local.lambdas
+ function_name = aws_lambda_function.crud[each.key].function_name
+ provisioned_concurrent_executions = 1
+ qualifier = aws_lambda_function.crud[each.key].version
+}
diff --git a/deploy/lambda/src/create-one.js b/deploy/lambda/src/create-one.js
index 94950b4..3c10b00 100644
--- a/deploy/lambda/src/create-one.js
+++ b/deploy/lambda/src/create-one.js
@@ -5,6 +5,7 @@ const {v4:uuidv4} = require('uuid');
const TABLE_NAME = process.env.TABLE_NAME || '';
const PRIMARY_KEY = process.env.TABLE_KEY || '';
const RESERVED_RESPONSE = `Error: You're using AWS reserved keywords as attributes`, DYNAMODB_EXECUTION_ERROR = `Error: Execution update, caused a Dynamodb error, please take a look at your CloudWatch Logs.`;
+
exports.handler = async (event = {}) => {
console.log(event)
if (!event.body) {
--
GitLab