Skip to content

Commit

Permalink
Merge pull request #10 from martijnvdp/update-v0.0.2
Browse files Browse the repository at this point in the history
Update v0.0.2
  • Loading branch information
martijnvdp authored Apr 11, 2021
2 parents e763c6b + 7ed0d8d commit 0b605e3
Show file tree
Hide file tree
Showing 7 changed files with 43 additions and 21 deletions.
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,9 @@ No requirements.
| docker\_images\_defaults | Default values for the docker images variable. | <pre>object({<br> image_name = string<br> repo_prefix = string<br> include_tags = list(string)<br> exclude_tags = list(string)<br> })</pre> | <pre>{<br> "exclude_tags": [],<br> "image_name": null,<br> "include_tags": [],<br> "repo_prefix": null<br>}</pre> | no |
| dockerhub\_credentials\_sm | AWS secretsmanager item name containing dockerhub credentials (keys:username and password). | `string` | `null` | no |
| dockerhub\_credentials\_ssm | AWS SSM parameter store items containing dockerhub credentials. | <pre>object({<br> username_item = string<br> password_item = string<br> })</pre> | <pre>{<br> "password_item": null,<br> "username_item": null<br>}</pre> | no |
| lambda\_function\_container | Ecr url of the docker container for the lambda function. | `string` | `null` | no |
| lambda\_function\_container\_uri | Ecr url of the docker container for the lambda function. | `string` | `null` | no |
| lambda\_function\_name | Name of the lambda function. | `string` | `"ecr-image-sync"` | no |
| lambda\_function\_zipfile\_folder | Folder containing the zip file for the lambda function. | `string` | `"dist"` | no |
| s3\_bucket | S3 bucket name for the storage of the csv file with the list of images to be synced. | `string` | `"ecr-image-sync"` | no |
| schedule\_expression | Cloudwatch schedule event for the image synchronization in cron notation (UTC). | `string` | `"cron(0 6 * * ? *)"` | no |
| tags | A mapping of tags assigned to the resources. | `map(string)` | `null` | no |
Expand Down
1 change: 1 addition & 0 deletions dist/dist.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
folder for the lambda function zip file
Binary file removed dist/lambda-ecr-image-sync_0.0.1_Linux_x86_64.zip
Binary file not shown.
Binary file added dist/lambda-ecr-image-sync_0.0.2_Linux_x86_64.zip
Binary file not shown.
11 changes: 6 additions & 5 deletions example/example.tf
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
module "ecr-image-sync" {
source = "../"
dockerhub_credentials_sm = "aws_ssm_secret_name" //optional name of the aws secret item with dockerhub credentials , keys username & password
debug = true //optional turn on debug logging
default_repo_prefix = "/default/prefix" //optional default repo prefix for all images , is overridden by the individual setting
lambda_function_container = "aws/ecr/location/ecr-image-sync:latest" // optional if not using a container the function zip file should be in modulepath/dist
source = "../"
dockerhub_credentials_sm = "aws_ssm_secret_name" // optional name of the aws secret item with dockerhub credentials , keys username & password
debug = true // optional turn on debug logging
default_repo_prefix = "/default/prefix" // optional default repo prefix for all images , is overridden by the individual setting
lambda_function_container_uri = "1111111111.dkr.ecr.eu-west-1.amazonaws.com/aws/ecr/location/ecr-image-sync:latest" // optional the function container aws ecr location
lambda_function_zipfile_folder = "dist" // optional folfer containing the function zip file

dockerhub_credentials_ssm = { // optional AWS SSM parameter store item names for dockerhub username and password
username_item = "/dockerhub/username"
Expand Down
41 changes: 27 additions & 14 deletions main.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
locals {
bucket_arn = var.create_bucket ? module.lambda_bucket[0].arn : data.aws_s3_bucket.existing[0].arn
bucket_name = var.create_bucket ? module.lambda_bucket[0].name : data.aws_s3_bucket.existing[0].id
bucket_arn = var.create_bucket ? aws_s3_bucket.lambda_bucket[0].arn : data.aws_s3_bucket.existing[0].arn
bucket_name = var.create_bucket ? aws_s3_bucket.lambda_bucket[0].id : data.aws_s3_bucket.existing[0].id
images = flatten([
for k, v in var.docker_images : [{
image_name = k
Expand All @@ -10,7 +10,7 @@ locals {
}
]
])
lambda_zip = try("${path.module}/${[for f in fileset(path.module, "dist/*.zip") : f][0]}", "no zip file in dist")
lambda_zip = try("${path.module}/${[for f in fileset(path.module, "${var.lambda_function_zipfile_folder}/*.zip") : f][0]}", "no zip file in dist")
}

data "aws_caller_identity" "current" {}
Expand All @@ -26,25 +26,38 @@ data "aws_s3_bucket" "existing" {
bucket = var.s3_bucket
}

module "lambda_bucket" {
#tfsec:ignore:AWS002
resource "aws_s3_bucket" "lambda_bucket" {
count = var.create_bucket ? 1 : 0
source = "github.com/schubergphilis/terraform-aws-mcaf-s3?ref=v0.1.10"
name = "${var.s3_bucket}-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}"
acl = "private"
bucket = "${var.s3_bucket}-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}"
force_destroy = true
kms_key_id = data.aws_kms_alias.s3.target_key_arn
versioning = true
tags = var.tags

server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = data.aws_kms_alias.s3.target_key_arn
sse_algorithm = "aws:kms"
}
}
}

versioning {
enabled = true
}

}

resource "aws_lambda_function" "lambda_function" {
function_name = var.lambda_function_name
filename = var.lambda_function_container == null ? local.lambda_zip : null
image_uri = var.lambda_function_container != null ? "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/${var.lambda_function_container}" : null
package_type = var.lambda_function_container != null ? "Image" : "Zip"
handler = var.lambda_function_container == null ? "main" : null
filename = var.lambda_function_container_uri == null ? local.lambda_zip : null
handler = var.lambda_function_container_uri == null ? "main" : null
image_uri = var.lambda_function_container_uri == null ? null : var.lambda_function_container_uri
package_type = var.lambda_function_container_uri == null ? "Zip" : "Image"
role = aws_iam_role.lambda_assume_role.arn
runtime = var.lambda_function_container == null ? "go1.x" : null
source_code_hash = var.lambda_function_container == null ? filebase64sha256(local.lambda_zip) : null
runtime = var.lambda_function_container_uri == null ? "go1.x" : null
source_code_hash = var.lambda_function_container_uri == null ? filebase64sha256(local.lambda_zip) : null
tags = var.tags

environment {
Expand Down
8 changes: 7 additions & 1 deletion variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ variable "docker_images" {
description = "List of docker images to sync from Docker Hub to ECR."
}

variable "lambda_function_container" {
variable "lambda_function_container_uri" {
type = string
description = "Ecr url of the docker container for the lambda function."
default = null
Expand All @@ -79,6 +79,12 @@ variable "lambda_function_name" {
default = "ecr-image-sync"
}

variable "lambda_function_zipfile_folder" {
type = string
description = "Folder containing the zip file for the lambda function."
default = "dist"
}

variable "schedule_expression" {
type = string
description = "Cloudwatch schedule event for the image synchronization in cron notation (UTC)."
Expand Down

0 comments on commit 0b605e3

Please sign in to comment.