54 lines
1.5 KiB
HCL
54 lines
1.5 KiB
HCL
resource "aws_cloudwatch_log_group" "lambda" {
|
|
name = "/aws/lambda/${var.project}-processor"
|
|
retention_in_days = 30
|
|
tags = local.tags
|
|
}
|
|
|
|
resource "aws_cloudwatch_log_group" "audit" {
|
|
name = "/aws/${var.project}/audit"
|
|
retention_in_days = 365
|
|
tags = local.tags
|
|
}
|
|
|
|
resource "aws_lambda_function" "processor" {
|
|
filename = "${path.module}/../lambda/function.zip"
|
|
function_name = "${var.project}-processor-${var.environment}"
|
|
role = aws_iam_role.lambda.arn
|
|
handler = "lambda_function.lambda_handler"
|
|
runtime = "python3.11"
|
|
timeout = 30
|
|
memory_size = 128
|
|
|
|
kms_key_arn = local.kms_key_arn
|
|
|
|
environment {
|
|
variables = {
|
|
DYNAMODB_TABLE = aws_dynamodb_table.metadata.name
|
|
SNS_TOPIC_ARN = aws_sns_topic.notifications.arn
|
|
ENVIRONMENT = var.environment
|
|
}
|
|
}
|
|
|
|
tracing_config { mode = "Active" }
|
|
|
|
tags = local.tags
|
|
}
|
|
|
|
resource "aws_lambda_permission" "s3_trigger" {
|
|
statement_id = "AllowExecutionFromS3"
|
|
action = "lambda:InvokeFunction"
|
|
function_name = aws_lambda_function.processor.function_name
|
|
principal = "s3.amazonaws.com"
|
|
source_arn = aws_s3_bucket.images.arn
|
|
}
|
|
|
|
resource "aws_s3_bucket_notification" "lambda_trigger" {
|
|
bucket = aws_s3_bucket.images.id
|
|
lambda_function {
|
|
lambda_function_arn = aws_lambda_function.processor.arn
|
|
events = ["s3:ObjectCreated:*"]
|
|
filter_prefix = "uploads/"
|
|
}
|
|
depends_on = [aws_lambda_permission.s3_trigger]
|
|
}
|