manage app through terraform

srprash · srprash · commit bdf0d272d6f8 · 2024-11-27T14:59:00.000-08:00
diff --git a/sample-apps/apigateway-lambda/build.gradle.kts b/sample-apps/apigateway-lambda/build.gradle.kts
@@ -17,6 +17,8 @@ dependencies {
   implementation("com.amazonaws:aws-lambda-java-core:1.2.2")
   implementation("com.squareup.okhttp3:okhttp:4.11.0")
   implementation("software.amazon.awssdk:s3:2.20.0")
+  implementation("org.slf4j:jcl-over-slf4j:2.0.16")
+  implementation("org.json:json:20240303")
   testImplementation("org.junit.jupiter:junit-jupiter:5.10.0")
 }
 
diff --git a/sample-apps/apigateway-lambda/src/main/java/com/amazon/sampleapp/LambdaHandler.java b/sample-apps/apigateway-lambda/src/main/java/com/amazon/sampleapp/LambdaHandler.java
@@ -2,13 +2,15 @@
 
 import com.amazonaws.services.lambda.runtime.Context;
 import com.amazonaws.services.lambda.runtime.RequestHandler;
+import java.util.Map;
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
 import okhttp3.Response;
+import org.json.JSONObject;
 import software.amazon.awssdk.services.s3.S3Client;
 import software.amazon.awssdk.services.s3.model.ListBucketsResponse;
 
-public class LambdaHandler implements RequestHandler<Object, String> {
+public class LambdaHandler implements RequestHandler<Object, Map<String, Object>> {
   private final OkHttpClient httpClient;
   private final S3Client s3Client;
 
@@ -18,15 +20,29 @@ public LambdaHandler() {
   }
 
   @Override
-  public String handleRequest(Object o, Context context) {
+  public Map<String, Object> handleRequest(Object o, Context context) {
     makeRemoteCall();
     listS3Buckets();
 
-    // Get the _X_AMZN_TRACE_ID environment variable
-    String traceId = System.getenv("_X_AMZN_TRACE_ID");
+    // Get the trace id from system property
+    // https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-runtime
+    String traceId = System.getProperty("com.amazonaws.xray.traceHeader");
 
-    // Construct the response string
-    return "Trace ID: " + traceId;
+    // Construct the response body
+    JSONObject responseBody = new JSONObject();
+    responseBody.put("message", "Request successful");
+    responseBody.put("traceId", traceId);
+
+    // Return the API Gateway-compatible response
+    return Map.of(
+        "isBase64Encoded",
+        false,
+        "statusCode",
+        200,
+        "body",
+        responseBody.toString(),
+        "headers",
+        Map.of("Content-Type", "application/json"));
   }
 
   private void makeRemoteCall() {
diff --git a/sample-apps/apigateway-lambda/terraform/main.tf b/sample-apps/apigateway-lambda/terraform/main.tf
@@ -0,0 +1,128 @@
+### Lambda function
+locals {
+  architecture = var.architecture == "x86_64" ? "amd64" : "arm64"
+}
+
+resource "aws_iam_role" "lambda_role" {
+  name               = "lambda_execution_role"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [{
+      Action    = "sts:AssumeRole",
+      Effect    = "Allow",
+      Principal = { Service = "lambda.amazonaws.com" }
+    }]
+  })
+}
+
+resource "aws_iam_policy" "s3_access" {
+  name        = "S3ListBucketsPolicy"
+  description = "Allow Lambda to list S3 buckets"
+  policy      = jsonencode({
+    Version = "2012-10-17",
+    Statement = [{
+      Effect   = "Allow",
+      Action   = ["s3:ListAllMyBuckets"],
+      Resource = "*"
+    }]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "attachBasicExecutionRolePolicy" {
+  role       = aws_iam_role.lambda_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+}
+
+resource "aws_iam_role_policy_attachment" "attach_s3_policy" {
+  role       = aws_iam_role.lambda_role.name
+  policy_arn = aws_iam_policy.s3_access.arn
+}
+
+resource "aws_iam_role_policy_attachment" "attach_xray_policy" {
+  role       = aws_iam_role.lambda_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess"
+}
+
+resource "aws_lambda_function" "sampleLambdaFunction" {
+  function_name    = var.function_name
+  runtime          = var.runtime
+  timeout          = 300
+  handler          = "com.amazon.sampleapp.LambdaHandler::handleRequest"
+  role             = aws_iam_role.lambda_role.arn
+  filename         = "${path.module}/../build/distributions/lambda-function.zip"
+  source_code_hash = filebase64sha256("${path.module}/../build/distributions/lambda-function.zip")
+  tracing_config {
+    mode = var.lambda_tracing_mode
+  }
+}
+
+### API Gateway proxy to Lambda function
+resource "aws_api_gateway_rest_api" "apigw_lambda_api" {
+  name = var.api_gateway_name
+}
+
+resource "aws_api_gateway_resource" "apigw_lambda_resource" {
+  rest_api_id = aws_api_gateway_rest_api.apigw_lambda_api.id
+  parent_id   = aws_api_gateway_rest_api.apigw_lambda_api.root_resource_id
+  path_part   = "lambda"
+}
+
+resource "aws_api_gateway_method" "apigw_lambda_method" {
+  rest_api_id   = aws_api_gateway_rest_api.apigw_lambda_api.id
+  resource_id   = aws_api_gateway_resource.apigw_lambda_resource.id
+  http_method   = "ANY"
+  authorization = "NONE"
+}
+
+resource "aws_api_gateway_integration" "apigw_lambda_integration" {
+  rest_api_id = aws_api_gateway_rest_api.apigw_lambda_api.id
+  resource_id = aws_api_gateway_resource.apigw_lambda_resource.id
+  http_method = aws_api_gateway_method.apigw_lambda_method.http_method
+  integration_http_method = "POST"
+  type                    = "AWS_PROXY"
+  uri                     = aws_lambda_function.sampleLambdaFunction.invoke_arn
+}
+
+# resource "aws_api_gateway_method" "lambda_api_proxy_root_nodejs" {
+#   rest_api_id   = aws_api_gateway_rest_api.lambda_api_proxy.id
+#   resource_id   = aws_api_gateway_rest_api.lambda_api_proxy.root_resource_id
+#   http_method   = "ANY"
+#   authorization = "NONE"
+# }
+#
+# resource "aws_api_gateway_integration" "lambda_api_root_nodejs" {
+#   rest_api_id = aws_api_gateway_rest_api.lambda_api_proxy.id
+#   resource_id = aws_api_gateway_method.lambda_api_proxy_root_nodejs.resource_id
+#   http_method = aws_api_gateway_method.lambda_api_proxy_root_nodejs.http_method
+#
+#   integration_http_method = "POST"
+#   type                    = "AWS_PROXY"
+#   uri                     = var.function_invoke_arn
+# }
+
+resource "aws_api_gateway_deployment" "apigw_lambda_deployment" {
+  depends_on = [
+    aws_api_gateway_integration.apigw_lambda_integration
+  ]
+  rest_api_id = aws_api_gateway_rest_api.apigw_lambda_api.id
+}
+
+resource "aws_api_gateway_stage" "test" {
+  stage_name           = "default"
+  rest_api_id          = aws_api_gateway_rest_api.apigw_lambda_api.id
+  deployment_id        = aws_api_gateway_deployment.apigw_lambda_deployment.id
+  xray_tracing_enabled = var.apigw_tracing_enabled
+}
+
+resource "aws_lambda_permission" "apigw_lambda_invoke" {
+  statement_id  = "AllowAPIGatewayInvoke"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.sampleLambdaFunction.function_name
+  principal     = "apigateway.amazonaws.com"
+  source_arn    = "${aws_api_gateway_rest_api.apigw_lambda_api.execution_arn}/*/*"
+}
+
+# Output the API Gateway URL
+output "invoke_url" {
+  value = "${aws_api_gateway_stage.test.invoke_url}/lambda"
+}
diff --git a/sample-apps/apigateway-lambda/terraform/variables.tf b/sample-apps/apigateway-lambda/terraform/variables.tf
@@ -0,0 +1,35 @@
+variable "function_name" {
+  type        = string
+  description = "Name of sample app function"
+  default     = "aws-opentelemetry-distro-java"
+}
+
+variable "architecture" {
+  type        = string
+  description = "Lambda function architecture, either arm64 or x86_64"
+  default     = "x86_64"
+}
+
+variable "runtime" {
+  type        = string
+  description = "Java runtime version used for Lambda Function"
+  default     = "java17"
+}
+
+variable "lambda_tracing_mode" {
+  type        = string
+  description = "Lambda function tracing mode"
+  default     = "Active"
+}
+
+variable "api_gateway_name" {
+  type        = string
+  description = "Name of API gateway to create"
+  default     = "aws-opentelemetry-distro-java"
+}
+
+variable "apigw_tracing_enabled" {
+  type        = string
+  description = "API Gateway REST API tracing enabled or not"
+  default     = "true"
+}

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,8 @@ dependencies {`
`17`	`17`	`implementation("com.amazonaws:aws-lambda-java-core:1.2.2")`
`18`	`18`	`implementation("com.squareup.okhttp3:okhttp:4.11.0")`
`19`	`19`	`implementation("software.amazon.awssdk:s3:2.20.0")`
	`20`	`+ implementation("org.slf4j:jcl-over-slf4j:2.0.16")`
	`21`	`+ implementation("org.json:json:20240303")`
`20`	`22`	`testImplementation("org.junit.jupiter:junit-jupiter:5.10.0")`
`21`	`23`	`}`
`22`	`24`