-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathlambda.tf
More file actions
94 lines (83 loc) · 3.43 KB
/
lambda.tf
File metadata and controls
94 lines (83 loc) · 3.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
resource "aws_cloudwatch_log_group" "nat_zero_logs" {
count = var.enable_logging ? 1 : 0
name = "/aws/lambda/${var.name}-nat-zero"
retention_in_days = var.log_retention_days
tags = local.common_tags
}
# create_duration: waits for IAM role propagation before Lambda is created.
# destroy_duration: when logging is enabled, waits for async CloudWatch log
# delivery to settle before the log group is deleted.
resource "time_sleep" "lambda_ready" {
depends_on = [
aws_cloudwatch_log_group.nat_zero_logs,
aws_iam_role_policy.lambda_iam_policy,
]
create_duration = "10s"
destroy_duration = var.enable_logging ? "10s" : "0s"
}
resource "null_resource" "download_lambda" {
count = var.build_lambda_locally ? 0 : 1
triggers = {
url = var.lambda_binary_url
}
provisioner "local-exec" {
command = "test -f ${path.module}/.build/lambda.zip || (mkdir -p ${path.module}/.build && curl -sfL -o ${path.module}/.build/lambda.zip ${var.lambda_binary_url})"
}
}
resource "null_resource" "build_lambda" {
count = var.build_lambda_locally ? 1 : 0
triggers = {
source_hash = sha256(join("", [
for f in sort(fileset("${path.module}/cmd/lambda", "*.go")) :
filesha256("${path.module}/cmd/lambda/${f}")
]))
}
provisioner "local-exec" {
command = <<-EOT
cd ${path.module}/cmd/lambda && \
GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -tags lambda.norpc -ldflags='-s -w' -o bootstrap && \
zip lambda.zip bootstrap && \
mkdir -p ../../.build && \
cp lambda.zip ../../.build/lambda.zip && \
rm bootstrap lambda.zip
EOT
}
}
resource "aws_lambda_function" "nat_zero" {
filename = "${path.module}/.build/lambda.zip"
function_name = "${var.name}-nat-zero"
handler = "bootstrap"
role = aws_iam_role.lambda_iam_role.arn
runtime = "provided.al2023"
source_code_hash = fileexists("${path.module}/.build/lambda.zip") ? filebase64sha256("${path.module}/.build/lambda.zip") : null
architectures = ["arm64"]
timeout = 90
reserved_concurrent_executions = 1
memory_size = var.lambda_memory_size
tags = local.common_tags
environment {
variables = {
NAT_TAG_KEY = var.nat_tag_key
NAT_TAG_VALUE = var.nat_tag_value
IGNORE_TAG_KEY = var.ignore_tag_key
IGNORE_TAG_VALUE = var.ignore_tag_value
TARGET_VPC_ID = var.vpc_id
AMI_OWNER_ACCOUNT = var.use_fck_nat_ami ? "568608671756" : var.custom_ami_owner
AMI_NAME_PATTERN = var.use_fck_nat_ami ? "fck-nat-al2023-*-arm64-*" : var.custom_ami_name_pattern
CONFIG_VERSION = sha256(join(",", [
var.use_fck_nat_ami ? "568608671756" : var.custom_ami_owner,
var.use_fck_nat_ami ? "fck-nat-al2023-*-arm64-*" : var.custom_ami_name_pattern,
coalesce(var.ami_id, "none"),
var.instance_type,
var.market_type,
tostring(var.block_device_size),
tostring(var.encrypt_root_volume),
]))
}
}
depends_on = [time_sleep.lambda_ready, null_resource.download_lambda, null_resource.build_lambda]
}
resource "aws_lambda_function_event_invoke_config" "nat_zero_invoke_config" {
function_name = aws_lambda_function.nat_zero.function_name
maximum_retry_attempts = 2
}