Skip to content

Commit

Permalink
Merge pull request #16 from kunduso/add-lambda
Browse files Browse the repository at this point in the history
Add logging and pass environment variables to AWS Lambda
  • Loading branch information
kunduso authored Jun 12, 2024
2 parents c73d6e3 + bde4899 commit 8082d1e
Show file tree
Hide file tree
Showing 7 changed files with 55 additions and 21 deletions.
16 changes: 8 additions & 8 deletions .github/workflows/code-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,14 @@ name: checkov-static-analysis-scan
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the "main" branch
# push:
# branches: [ '*' ]
# paths-ignore:
# - '**/README.md'
# pull_request:
# branches: ["main"]
# paths-ignore:
# - '**/README.md'
push:
branches: [ '*' ]
paths-ignore:
- '**/README.md'
pull_request:
branches: ["main"]
paths-ignore:
- '**/README.md'

# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
Expand Down
4 changes: 3 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1 +1,3 @@
# add-aws-lambda
[![License: Unlicense](https://img.shields.io/badge/license-Unlicense-white.svg)](https://choosealicense.com/licenses/unlicense/) [![GitHub pull-requests closed](https://img.shields.io/github/issues-pr-closed/kunduso/add-aws-lambda-terraform)](https://github.com/kunduso/add-aws-lambda-terraform/pulls?q=is%3Apr+is%3Aclosed) [![GitHub pull-requests](https://img.shields.io/github/issues-pr/kunduso/add-aws-lambda-terraform)](https://GitHub.com/kunduso/add-aws-lambda-terraform/pull/)
[![GitHub issues-closed](https://img.shields.io/github/issues-closed/kunduso/add-aws-lambda-terraform)](https://github.com/kunduso/add-aws-lambda-terraform/issues?q=is%3Aissue+is%3Aclosed) [![GitHub issues](https://img.shields.io/github/issues/kunduso/add-aws-lambda-terraform)](https://GitHub.com/kunduso/add-aws-lambda-terraform/issues/)
[![terraform-infra-provisioning](https://github.com/kunduso/add-aws-lambda-terraform/actions/workflows/terraform.yml/badge.svg?branch=main)](https://github.com/kunduso/add-aws-lambda-terraform/actions/workflows/terraform.yml) [![checkov-static-analysis-scan](https://github.com/kunduso/add-aws-lambda-terraform/actions/workflows/code-scan.yml/badge.svg?branch=main)](https://github.com/kunduso/add-aws-lambda-terraform/actions/workflows/code-scan.yml)
9 changes: 8 additions & 1 deletion cloudwatch.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,13 @@
#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group
resource "aws_cloudwatch_log_group" "lambda_log" {
name = var.name
name = "${var.log_group_prefix}${var.name}" #"/aws/lambda/${var.name}"
retention_in_days = 365
kms_key_id = aws_kms_key.encryption_rest.arn
# depends_on = [ aws_kms_key.encryption_rest ]
}
#
#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_stream
resource "aws_cloudwatch_log_stream" "log_stream" {
name = "${var.name}-lambda-log-stream"
log_group_name = aws_cloudwatch_log_group.lambda_log.name
}
2 changes: 1 addition & 1 deletion data.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@ data "aws_caller_identity" "current" {}
locals {
principal_root_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
principal_logs_arn = "logs.${var.region}.amazonaws.com"
cloudwatch_log_group_arn = "arn:aws:logs:${var.region}:${data.aws_caller_identity.current.account_id}:log-group:${var.name}*"
cloudwatch_log_group_arn = "arn:aws:logs:${var.region}:${data.aws_caller_identity.current.account_id}:log-group:${var.log_group_prefix}${var.name}*"
}
32 changes: 26 additions & 6 deletions lambda.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,33 @@ data "archive_file" "python_file" {
}

resource "aws_lambda_function" "lambda_run" {
filename = "${path.module}/lambda_function/lambda_function.zip"
function_name = "write_parameter_to_cloudwatch"
role = aws_iam_role.lambda_role.arn
handler = "handler.lambda_handler"
runtime = "python3.8"
}
filename = "${path.module}/lambda_function/lambda_function.zip"
source_code_hash = data.archive_file.python_file.output_base64sha256
function_name = var.name
role = aws_iam_role.lambda_role.arn
handler = "handler.lambda_handler"
runtime = "python3.8"
kms_key_arn = aws_kms_key.encryption_rest.arn
logging_config {
log_format = "JSON"
log_group = aws_cloudwatch_log_group.lambda_log.name
system_log_level = "INFO"
}
environment {
variables = {
parameter_name = aws_ssm_parameter.parameter.name
log_group_name = aws_cloudwatch_log_group.lambda_log.name
log_stream_name = aws_cloudwatch_log_stream.log_stream.name
}

}
#checkov:skip=CKV_AWS_50: Not applicable in this use case: X-Ray tracing is enabled for Lambda
#checkov:skip=CKV_AWS_115: Not applicable in this use case: Ensure that AWS Lambda function is configured for function-level concurrent execution limit
#checkov:skip=CKV_AWS_117: This AWS Lambda function does not require access to anything inside a VPC
#checkov:skip=CKV_AWS_116: Not applicable in this use case
#checkov:skip=CKV_AWS_173: Not applicable in this use case
#checkov:skip=CKV_AWS_272: Not applicable in this use case: Ensure AWS Lambda function is configured to validate code-signing
}
resource "aws_cloudwatch_event_rule" "lambda_trigger" {
name = "lambda_trigger_rule"
schedule_expression = "rate(10 minutes)"
Expand Down
8 changes: 4 additions & 4 deletions lambda_function/handler.py
Original file line number Diff line number Diff line change
@@ -1,21 +1,21 @@
import boto3
import logging
import time
import os

def lambda_handler(event, context):
# Initialize the Boto3 clients for SSM and CloudWatch Logs
ssm_client = boto3.client('ssm')
logs_client = boto3.client('logs')
parameter_name = '/app-7'
log_group_name = 'app-7'
log_stream_name = 'app-7-lambda-log-stream'
parameter_name = os.environ['parameter_name']
log_group_name = os.environ['log_group_name']
log_stream_name = os.environ['log_stream_name']
try:
# Read the parameter from SSM Parameter Store
response = ssm_client.get_parameter(Name=parameter_name, WithDecryption=True)
parameter_value = response['Parameter']['Value']

# Write the parameter value to CloudWatch Logs
logs_client.create_log_stream(logGroupName=log_group_name, logStreamName=log_stream_name)
logs_client.put_log_events(
logGroupName=log_group_name,
logStreamName=log_stream_name,
Expand Down
5 changes: 5 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,9 @@ variable "name" {
description = "The name of the application."
type = string
default = "app-7"
}
variable "log_group_prefix" {
description = "The name of the log group."
type = string
default = "/aws/lambda/"
}

0 comments on commit 8082d1e

Please sign in to comment.