included cloudwatch event. changed tf to ce for lambdas (#79)

twarnock · Mark Beacom · commit e30bdf4490de · 2019-09-23T15:56:53.000-04:00
diff --git a/.gitignore b/.gitignore
@@ -112,4 +112,5 @@ venv.bak/
 
 # terraform builds
 .terraform/
-terraform.tfstate*
+terraform.tfstate*
+*.tfvars
diff --git a/step/cloudwatch.tf b/step/cloudwatch.tf
@@ -1,4 +1,30 @@
-resource "aws_cloudwatch_log_group" "copy-and-split-log-group" {
-  name              = "/aws/lambda/copy-and-split"
-  retention_in_days = "1"
+// resource "aws_cloudwatch_log_group" "cloudendure-rehost-migration-log-group" {
+//   name              = "/aws/lambda/cloudendure-rehost-migration"
+//   retention_in_days = "1"
+// }
+
+resource "aws_cloudwatch_event_rule" "rehost-migration-rule" {
+  name          = "ce-rehost-migration-rule"
+  description   = ""
+  event_pattern = <<PATTERN
+{
+  "source": [
+    "aws.ec2"
+  ],
+  "detail-type": [
+    "EC2 Instance State-change Notification"
+  ],
+  "detail": {
+    "state": [
+      "running"
+    ]
+  }
 }
+PATTERN
+}
+
+resource "aws_cloudwatch_event_target" "rehost-migration-target" {
+  rule     = "${aws_cloudwatch_event_rule.rehost-migration-rule.id}"
+  arn      = "${aws_sfn_state_machine.rehost_migration.id}"
+  role_arn = "${aws_iam_role.iam_for_stepfunction.arn}"
+}
diff --git a/step/iam.tf b/step/iam.tf
@@ -1,6 +1,6 @@
 # step function related iam
 resource "aws_iam_role" "iam_for_stepfunction" {
-  name               = "tf-iam-for-stepfunction"
+  name               = "ce-iam-for-stepfunction"
   assume_role_policy = "${data.aws_iam_policy_document.stepfunction_assume_role_policy_document.json}"
 }
 
@@ -9,7 +9,7 @@ data "aws_iam_policy_document" "stepfunction_assume_role_policy_document" {
     actions = ["sts:AssumeRole"]
 
     principals {
-      type        = "Service"
+      type = "Service"
       identifiers = ["states.${var.region}.amazonaws.com"]
     }
   }
@@ -28,12 +28,12 @@ data "aws_iam_policy_document" "lambda-invoke" {
   statement {
     effect = "Allow"
     actions = [ "sts:AssumeRole" ]
-    resources = [ "role/arn" ]
+    resources = [for role in var.assume_role_list: role]
   }
 }
 
 resource "aws_iam_policy" "lambda-invoke" {
-  name   = "tf-lambda-invoke"
+  name   = "ce-lambda-invoke"
   policy = "${data.aws_iam_policy_document.lambda-invoke.json}"
 }
 
@@ -44,7 +44,7 @@ resource "aws_iam_role_policy_attachment" "lambda-invoke" {
 
 # lambda related
 resource "aws_iam_role" "iam_for_lambda" {
-  name               = "tf-iam-for-lambda"
+  name               = "ce-iam-for-lambda"
   assume_role_policy = "${data.aws_iam_policy_document.iam_for_lambda_assume_role.json}"
 }
 
@@ -67,3 +67,4 @@ resource "aws_iam_role_policy_attachment" "role_policy_lambda_ec2" {
   role       = "${aws_iam_role.iam_for_lambda.name}"
   policy_arn = "arn:aws:iam::aws:policy/AmazonEC2FullAccess"
 }
+ 
diff --git a/step/lambdas.tf b/step/lambdas.tf
@@ -7,7 +7,7 @@ data "archive_file" "lambdas" {
 
 resource "aws_lambda_function" "lambda_find_instance" {
   filename         = "lambdas.zip"
-  function_name    = "tf-find-instance"
+  function_name    = "ce-find-instance"
   role             = "${aws_iam_role.iam_for_lambda.arn}"
   handler          = "find_instance.lambda_handler"
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
@@ -17,7 +17,7 @@ resource "aws_lambda_function" "lambda_find_instance" {
 
 resource "aws_lambda_function" "lambda_get_instance_status" {
   filename         = "lambdas.zip"
-  function_name    = "tf-get-instance-status"
+  function_name    = "ce-get-instance-status"
   role             = "${aws_iam_role.iam_for_lambda.arn}"
   handler          = "get_instance_status.lambda_handler"
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
@@ -27,7 +27,7 @@ resource "aws_lambda_function" "lambda_get_instance_status" {
 
 resource "aws_lambda_function" "lambda_create_image" {
   filename         = "lambdas.zip"
-  function_name    = "tf-create-image"
+  function_name    = "ce-create-image"
   role             = "${aws_iam_role.iam_for_lambda.arn}"
   handler          = "create_image.lambda_handler"
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
@@ -37,7 +37,7 @@ resource "aws_lambda_function" "lambda_create_image" {
 
 resource "aws_lambda_function" "lambda_get_image_status" {
   filename         = "lambdas.zip"
-  function_name    = "tf-get-image-status"
+  function_name    = "ce-get-image-status"
   role             = "${aws_iam_role.iam_for_lambda.arn}"
   handler          = "get_image_status.lambda_handler"
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
@@ -47,7 +47,7 @@ resource "aws_lambda_function" "lambda_get_image_status" {
 
 resource "aws_lambda_function" "lambda_share_image" {
   filename         = "lambdas.zip"
-  function_name    = "tf-share-image"
+  function_name    = "ce-share-image"
   role             = "${aws_iam_role.iam_for_lambda.arn}"
   handler          = "share_image.lambda_handler"
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
@@ -57,7 +57,7 @@ resource "aws_lambda_function" "lambda_share_image" {
 
 resource "aws_lambda_function" "lambda_copy_image" {
   filename         = "lambdas.zip"
-  function_name    = "tf-copy-image"
+  function_name    = "ce-copy-image"
   role             = "${aws_iam_role.iam_for_lambda.arn}"
   handler          = "copy_image.lambda_handler"
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
@@ -67,7 +67,7 @@ resource "aws_lambda_function" "lambda_copy_image" {
 
 resource "aws_lambda_function" "lambda_get_copy_status" {
   filename         = "lambdas.zip"
-  function_name    = "tf-get-copy-status"
+  function_name    = "ce-get-copy-status"
   role             = "${aws_iam_role.iam_for_lambda.arn}"
   handler          = "get_copy_status.lambda_handler"
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
@@ -77,7 +77,7 @@ resource "aws_lambda_function" "lambda_get_copy_status" {
 
 resource "aws_lambda_function" "lambda_split_image" {
   filename         = "lambdas.zip"
-  function_name    = "tf-split-image"
+  function_name    = "ce-split-image"
   role             = "${aws_iam_role.iam_for_lambda.arn}"
   handler          = "split_image.lambda_handler"
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
@@ -87,7 +87,7 @@ resource "aws_lambda_function" "lambda_split_image" {
 
 resource "aws_lambda_function" "lambda_image_cleanup" {
   filename         = "lambdas.zip"
-  function_name    = "tf-image-cleanup"
+  function_name    = "ce-image-cleanup"
   role             = "${aws_iam_role.iam_for_lambda.arn}"
   handler          = "image_cleanup.lambda_handler"
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
diff --git a/step/step-function.tf b/step/step-function.tf
@@ -1,6 +1,6 @@
 resource "aws_sfn_state_machine" "rehost_migration" {
-  name     = "tf-rehost-migration"
-  role_arn = "${aws_iam_role.iam_for_stepfunction.arn}"
+  name       = "ce-rehost-migration"  
+  role_arn   = "${aws_iam_role.iam_for_stepfunction.arn}"
 
   definition = <<EOF
 {
diff --git a/step/variable.tf b/step/variable.tf
@@ -1,5 +1,11 @@
 variable "region" {
   default     = "us-east-1"
   description = "The AWS region to be used."
-  type        = "string"
+  type        = string
+}
+
+variable "assume_role_list" {
+  default = []
+  description = ""
+  type = list(string)
 }

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`# step function related iam`
`2`	`2`	`resource "aws_iam_role" "iam_for_stepfunction" {`
`3`		`- name = "tf-iam-for-stepfunction"`
	`3`	`+ name = "ce-iam-for-stepfunction"`
`4`	`4`	`assume_role_policy = "${data.aws_iam_policy_document.stepfunction_assume_role_policy_document.json}"`
`5`	`5`	`}`
`6`	`6`
`@@ -9,7 +9,7 @@ data "aws_iam_policy_document" "stepfunction_assume_role_policy_document" {`
`9`	`9`	`actions = ["sts:AssumeRole"]`
`10`	`10`
`11`	`11`	`principals {`
`12`		`- type = "Service"`
	`12`	`+ type = "Service"`
`13`	`13`	`identifiers = ["states.${var.region}.amazonaws.com"]`
`14`	`14`	`}`
`15`	`15`	`}`
`@@ -28,12 +28,12 @@ data "aws_iam_policy_document" "lambda-invoke" {`
`28`	`28`	`statement {`
`29`	`29`	`effect = "Allow"`
`30`	`30`	`actions = [ "sts:AssumeRole" ]`
`31`		`- resources = [ "role/arn" ]`
	`31`	`+ resources = [for role in var.assume_role_list: role]`
`32`	`32`	`}`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`resource "aws_iam_policy" "lambda-invoke" {`
`36`		`- name = "tf-lambda-invoke"`
	`36`	`+ name = "ce-lambda-invoke"`
`37`	`37`	`policy = "${data.aws_iam_policy_document.lambda-invoke.json}"`
`38`	`38`	`}`
`39`	`39`
`@@ -44,7 +44,7 @@ resource "aws_iam_role_policy_attachment" "lambda-invoke" {`
`44`	`44`
`45`	`45`	`# lambda related`
`46`	`46`	`resource "aws_iam_role" "iam_for_lambda" {`
`47`		`- name = "tf-iam-for-lambda"`
	`47`	`+ name = "ce-iam-for-lambda"`
`48`	`48`	`assume_role_policy = "${data.aws_iam_policy_document.iam_for_lambda_assume_role.json}"`
`49`	`49`	`}`
`50`	`50`
`@@ -67,3 +67,4 @@ resource "aws_iam_role_policy_attachment" "role_policy_lambda_ec2" {`
`67`	`67`	`role = "${aws_iam_role.iam_for_lambda.name}"`
`68`	`68`	`policy_arn = "arn:aws:iam::aws:policy/AmazonEC2FullAccess"`
`69`	`69`	`}`
	`70`	`+`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`resource "aws_sfn_state_machine" "rehost_migration" {`
`2`		`- name = "tf-rehost-migration"`
`3`		`- role_arn = "${aws_iam_role.iam_for_stepfunction.arn}"`
	`2`	`+ name = "ce-rehost-migration"`
	`3`	`+ role_arn = "${aws_iam_role.iam_for_stepfunction.arn}"`
`4`	`4`
`5`	`5`	`definition = <<EOF`
`6`	`6`	`{`