Merge pull request #3 from byu-oit/no-codedeploy

allow module to be used without codedeploy

Author: joshgubler

README.md

@@ -18,7 +18,7 @@ This is done by:
 ## Usage
 ```hcl
 module "lambda_api" {
-  source                        = "github.com/byu-oit/terraform-aws-lambda-api?ref=v0.0.2"
+  source                        = "github.com/byu-oit/terraform-aws-lambda-api?ref=v0.1.0"
   app_name                      = "my-lambda"
   env                           = "dev"
   codedeploy_service_role_arn   = module.acs.power_builder_role.arn
@@ -85,6 +85,7 @@ module "lambda_api" {
 | log_retention_in_days | number | CloudWatch log group retention in days. Defaults to 7. | 7
 | lambda_policies | list(string) | List of IAM Policy ARNs to attach to the lambda role. | []
 | security_groups | list(string) | List of extra security group IDs to attach to the lambda. | []
+| use_codedeploy | bool | If true, CodeDeploy App and Deployment Group will be created and TF will not update alias to point to new versions of the Lambda (becuase CodeDeploy will do that). | false
 
 #### codedeploy_lifecycle_hooks
 

examples/no-codedeploy/example.tf

@@ -0,0 +1,28 @@
+provider "aws" {
+  version = "~> 2.56"
+  region  = "us-west-2"
+}
+
+module "acs" {
+  source = "github.com/byu-oit/terraform-aws-acs-info?ref=v2.1.0"
+}
+
+module "lambda_api" {
+  # source                        = "../../"
+  source                        = "github.com/byu-oit/terraform-aws-lambda-api?ref=v0.1.0"
+  app_name                      = "my-lambda"
+  env                           = "dev"
+  lambda_zip_file               = "./src/lambda.zip"
+  handler                       = "index.handler"
+  runtime                       = "nodejs12.x"
+  hosted_zone                   = module.acs.route53_zone
+  https_certificate_arn         = module.acs.certificate.arn
+  vpc_id                        = module.acs.vpc.id
+  public_subnet_ids             = module.acs.public_subnet_ids
+  private_subnet_ids            = module.acs.private_subnet_ids
+  role_permissions_boundary_arn = module.acs.role_permissions_boundary.arn
+}
+
+output "url" {
+  value = module.lambda_api.dns_record.fqdn
+}

examples/no-codedeploy/src/index.js

@@ -0,0 +1,42 @@
+exports.handler = async function (event, context) {
+  /*
+  const event = {
+    'requestContext': {
+      'elb': {
+        'targetGroupArn': 'arn:aws:elasticloadbalancing:region:123456789012:targetgroup/my-target-group/6d0ecf831eec9f09'
+      }
+    },
+    'httpMethod': 'GET',
+    'path': '/',
+    'queryStringParameters': { some_query: 'blah' },
+    'headers': {
+      'accept': 'text/html,application/xhtml+xml',
+      'accept-language': 'en-US,en;q=0.8',
+      'content-type': 'text/plain',
+      'cookie': 'cookies',
+      'host': 'lambda-846800462-us-east-2.elb.amazonaws.com',
+      'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6)',
+      'x-amzn-trace-id': 'Root=1-5bdb40ca-556d8b0c50dc66f0511bf520',
+      'x-forwarded-for': '72.21.198.66',
+      'x-forwarded-port': '443',
+      'x-forwarded-proto': 'https'
+    },
+    'isBase64Encoded': false,
+    'body': 'request_body' // This is a string - If you want an object, you'll need to parse it
+  }
+  */
+
+  console.log(event)
+  console.log(context)
+
+  return {
+    'isBase64Encoded': false,
+    'statusCode': 200,
+    'statusDescription': '200 OK',
+    'headers': {
+      'Set-cookie': 'cookies',
+      'Content-Type': 'application/json'
+    },
+    'body': '{"message":"Hello, World! ... Yo!"}' // This needs to be a string - If you want to return JSON, you'll need to stringify it
+  }
+}

examples/no-codedeploy/src/package-lock.json

@@ -0,0 +1,11 @@
+{
+  "name": "handler",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\""
+  },
+  "author": "",
+  "license": "Apache-2.0"
+}

examples/no-codedeploy/src/package.json

@@ -8,9 +8,9 @@ module "acs" {
 }
 
 module "lambda_api" {
-  // source                        = "../../"
-  source                        = "github.com/byu-oit/terraform-aws-lambda-api?ref=v0.0.2"
-  app_name                      = "my-lambda"
+  # source                        = "../../"
+  source                        = "github.com/byu-oit/terraform-aws-lambda-api?ref=v0.1.0"
+  app_name                      = "my-lambda-codedeploy"
   env                           = "dev"
   codedeploy_service_role_arn   = module.acs.power_builder_role.arn
   lambda_zip_file               = "./src/lambda.zip"
@@ -23,6 +23,7 @@ module "lambda_api" {
   private_subnet_ids            = module.acs.private_subnet_ids
   role_permissions_boundary_arn = module.acs.role_permissions_boundary.arn
   codedeploy_test_listener_port = 4443
+  use_codedeploy                = true
 
   codedeploy_lifecycle_hooks = {
     BeforeAllowTraffic = aws_lambda_function.test_lambda.function_name

examples/simple-lambda-with-deploy-test/example.tf

@@ -29,10 +29,10 @@
 					"raw": ""
 				},
 				"url": {
-					"raw": "https://my-lambda.byu-oit-terraform-dev.amazon.byu.edu:4443/",
+					"raw": "https://my-lambda-codedeploy-dev.byu-oit-terraform-dev.amazon.byu.edu:4443/",
 					"protocol": "https",
 					"host": [
-						"my-lambda",
+						"my-lambda-codedeploy-dev",
 						"byu-oit-terraform-dev",
 						"amazon",
 						"byu",

examples/simple-lambda-with-deploy-test/tst/my-lambda.postman_collection.json

@@ -140,7 +140,7 @@ resource "aws_lambda_permission" "with_lb" {
   function_name = aws_lambda_function.api_lambda.arn
   principal     = "elasticloadbalancing.amazonaws.com"
   source_arn    = aws_alb_target_group.tg.arn
-  qualifier     = aws_lambda_alias.live.name
+  qualifier     = var.use_codedeploy ? aws_lambda_alias.live_codedeploy[0].name : aws_lambda_alias.live[0].name
 }
 
 resource "aws_lambda_permission" "with_tst_lb" {
@@ -153,7 +153,7 @@ resource "aws_lambda_permission" "with_tst_lb" {
 
 resource "aws_alb_target_group_attachment" "live_attachment" {
   target_group_arn = aws_alb_target_group.tg.arn
-  target_id        = aws_lambda_alias.live.arn
+  target_id        = var.use_codedeploy ? aws_lambda_alias.live_codedeploy[0].arn : aws_lambda_alias.live[0].arn
   depends_on       = [aws_lambda_permission.with_lb]
 }
 
@@ -189,7 +189,7 @@ resource "aws_route53_record" "aaaa_record" {
 # ==================== Lambda ====================
 
 resource "aws_iam_role" "iam_for_lambda" {
-  name                 = "iam_for_lambda"
+  name                 = "${local.long_name}-role"
   permissions_boundary = var.role_permissions_boundary_arn
   assume_role_policy   = <<EOF
 {
@@ -259,6 +259,15 @@ resource "aws_lambda_function" "api_lambda" {
 }
 
 resource "aws_lambda_alias" "live" {
+  count = !var.use_codedeploy ? 1 : 0
+  name          = "live"
+  description   = "ALB sends traffic to this version"
+  function_name = aws_lambda_function.api_lambda.arn
+  function_version = aws_lambda_function.api_lambda.version
+}
+
+resource "aws_lambda_alias" "live_codedeploy" {
+  count = var.use_codedeploy ? 1 : 0
   name          = "live"
   description   = "ALB sends traffic to this version"
   function_name = aws_lambda_function.api_lambda.arn
@@ -275,12 +284,14 @@ resource "aws_lambda_alias" "live" {
 # ==================== CodeDeploy ====================
 
 resource "aws_codedeploy_app" "app" {
+  count = var.use_codedeploy ? 1 : 0
   compute_platform = "Lambda"
   name             = "${local.long_name}-cd"
 }
 
 resource "aws_codedeploy_deployment_group" "deployment_group" {
-  app_name               = aws_codedeploy_app.app.name
+  count = var.use_codedeploy ? 1 : 0
+  app_name               = aws_codedeploy_app.app[0].name
   deployment_group_name  = "${local.long_name}-dg"
   service_role_arn       = var.codedeploy_service_role_arn
   deployment_config_name = "CodeDeployDefault.LambdaAllAtOnce"
@@ -311,6 +322,7 @@ resource "aws_iam_role_policy_attachment" "lambda_cloudwatch_attach" {
 # ==================== AppSpec file ====================
 
 resource "local_file" "appspec_json" {
+  count = var.use_codedeploy ? 1 : 0
   filename = "${path.cwd}/appspec.json"
   content = jsonencode({
     version = 1
@@ -319,8 +331,8 @@ resource "local_file" "appspec_json" {
         Type = "AWS::Lambda::Function"
         Properties = {
           Name  = aws_lambda_function.api_lambda.function_name
-          Alias = aws_lambda_alias.live.name
-          # CurrentVersion = local.is_initial ? aws_lambda_alias.initial.function_version : data.aws_lambda_alias.alias_for_old_version[0].function_version
+          Alias = aws_lambda_alias.live_codedeploy[0].name
+          CurrentVersion = aws_lambda_function.api_lambda.version # TODO: figure out how to get previous version for rollback
           TargetVersion = aws_lambda_function.api_lambda.version
         }
       }

main.tf

@@ -7,15 +7,15 @@ output "lambda_security_group" {
 }
 
 output "lambda_live_alias" {
-  value = aws_lambda_alias.live
+  value = var.use_codedeploy ? aws_lambda_alias.live_codedeploy[0] : aws_lambda_alias.live[0]
 }
 
 output "codedeploy_deployment_group" {
-  value = aws_codedeploy_deployment_group.deployment_group
+  value = var.use_codedeploy ? aws_codedeploy_deployment_group.deployment_group[0] : null
 }
 
 output "codedeploy_appspec_json_file" {
-  value = local_file.appspec_json.filename
+  value = var.use_codedeploy ? local_file.appspec_json[0].filename : null
 }
 
 output "alb" {

outputs.tf

@@ -11,6 +11,7 @@ variable "env" {
 variable "codedeploy_service_role_arn" {
   type        = string
   description = "ARN of the IAM Role for the CodeDeploy to use to initiate new deployments. (usually the PowerBuilder Role)"
+  default     = null
 }
 
 variable "lambda_zip_file" {
@@ -103,3 +104,9 @@ variable "security_groups" {
   description = "List of extra security group IDs to attach to the lambda."
   default     = []
 }
+
+variable "use_codedeploy" {
+  type        = bool
+  description = "If true, CodeDeploy App and Deployment Group will be created and TF will not update alias to point to new versions of the Lambda (becuase CodeDeploy will do that)."
+  default     = false
+}