Add lambda

.gitignore

@@ -32,4 +32,7 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
-.terraform.lock.hcl
+.terraform.lock.hcl
+
+# Ignore zip file generated as part of testing the python function
+*.zip

cloudwatch.tf

@@ -1,5 +1,11 @@
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group
 resource "aws_cloudwatch_log_group" "lambda_log" {
   name              = var.name
   retention_in_days = 365
   kms_key_id        = aws_kms_key.encryption_rest.arn
+}
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_stream
+resource "aws_cloudwatch_log_stream" "lambda_log_stream" {
+  name           = "${var.name}-lambda-log-stream"
+  log_group_name = aws_cloudwatch_log_group.lambda_log.name
 }

lambda.tf

@@ -0,0 +1,32 @@
+data "archive_file" "python_file" {
+  type        = "zip"
+  source_dir  = "${path.module}/lambda_function/"
+  output_path = "${path.module}/lambda_function/lambda_function.zip"
+}
+
+resource "aws_lambda_function" "lambda_run" {
+  filename      = "${path.module}/lambda_function/lambda_function.zip"
+  function_name = "write_parameter_to_cloudwatch"
+  role          = aws_iam_role.lambda_role.arn
+  handler       = "handler.lambda_handler"
+  runtime       = "python3.8"
+}
+
+# resource "aws_cloudwatch_event_rule" "lambda_trigger" {
+#   name                = "lambda_trigger_rule"
+#   schedule_expression = "rate(10 minutes)"
+# }
+
+# resource "aws_cloudwatch_event_target" "lambda_target" {
+#   rule      = aws_cloudwatch_event_rule.lambda_trigger.name
+#   target_id = "lambda_target"
+#   arn       = aws_lambda_function.lambda_run.arn
+# }
+
+# resource "aws_lambda_permission" "allow_cloudwatch" {
+#   statement_id  = "AllowExecutionFromCloudWatch"
+#   action        = "lambda:InvokeFunction"
+#   function_name = aws_lambda_function.lambda_run.function_name
+#   principal     = "events.amazonaws.com"
+#   source_arn = aws_cloudwatch_event_rule.lambda_trigger.arn
+# }

lambda_function/handler.py

@@ -0,0 +1,32 @@
+import boto3
+import logging
+import time
+
+def lambda_handler(event, context):
+    # Initialize the Boto3 clients for SSM and CloudWatch Logs
+    ssm_client = boto3.client('ssm')
+    logs_client = boto3.client('logs')
+    parameter_name = '/app-7'
+    log_group_name = 'app-7'
+    log_stream_name = 'app-7-lambda-log-stream'
+    try:
+        # Read the parameter from SSM Parameter Store
+        response = ssm_client.get_parameter(Name=parameter_name, WithDecryption=True)
+        parameter_value = response['Parameter']['Value']
+
+        # Write the parameter value to CloudWatch Logs
+        logs_client.create_log_stream(logGroupName=log_group_name, logStreamName=log_stream_name)
+        logs_client.put_log_events(
+            logGroupName=log_group_name,
+            logStreamName=log_stream_name,
+            logEvents=[
+                {
+                    'timestamp': int(round(time.time() * 1000)),
+                    'message': f"Parameter value read from SSM Parameter Store: {parameter_value}"
+                }
+            ]
+        )
+        logging.info(f"Parameter value '{parameter_value}' written to CloudWatch Logs group '{log_group_name}'")
+
+    except Exception as e:
+        logging.error(f"An error occurred: {e}")