lambdacron-template/main.tf at main · omsf/lambdacron-template · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
locals {
  tags                                = merge({ managed_by = "lambdacron-template" }, var.tags)
  enable_email_notification           = length(var.email_recipients) > 0
  notification_image_uri_override     = var.notification_image_uri_override == null ? null : trimspace(var.notification_image_uri_override)
  use_notification_image_override     = local.notification_image_uri_override != null
  notification_lambda_image_uri       = local.use_notification_image_override ? local.notification_image_uri_override : module.notification_image_republish[0].lambda_image_uri_with_digest
  default_email_subject_template_file = "${path.module}/templates/email-subject.txt"
  default_email_text_template_file    = "${path.module}/templates/email-body.txt"
  default_email_html_template_file    = "${path.module}/templates/email-body.html"
  email_subject_template_file         = length(var.email_subject_template_file) > 0 ? var.email_subject_template_file : local.default_email_subject_template_file
  email_text_template_file            = length(var.email_text_template_file) > 0 ? var.email_text_template_file : local.default_email_text_template_file
  email_html_template_file            = length(var.email_html_template_file) > 0 ? var.email_html_template_file : local.default_email_html_template_file
  additional_policy_name              = coalesce(var.scheduled_lambda_additional_policy_name, "lambdacron-template-scheduled-extra-${terraform.workspace}")
  scheduled_lambda_role_name          = trimprefix(module.lambdacron.scheduled_lambda_role_arn, "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/")
}

check "email_notification_sender_required" {
  assert {
    condition     = !local.enable_email_notification || length(trimspace(var.email_sender)) > 0
    error_message = "email_sender must be non-empty when email_recipients is non-empty."
  }
}

data "aws_caller_identity" "current" {}

provider "aws" {
  region = var.aws_region
}

module "lambda_image_republish" {
  source = "git::https://github.com/omsf/lambdacron.git//modules/lambda-image-republish"

  source_lambda_repo = var.lambda_public_repo_url
  source_lambda_tag  = var.lambda_public_tag

  destination_repository_name = var.lambda_private_repository_name
  enable_kms_encryption       = var.lambda_enable_kms_encryption
  kms_key_arn                 = var.lambda_kms_key_arn

  tags = local.tags
}

module "notification_image_republish" {
  count  = local.use_notification_image_override ? 0 : 1
  source = "git::https://github.com/omsf/lambdacron.git//modules/lambda-image-republish"

  source_lambda_repo = var.notification_public_repo_url
  source_lambda_tag  = var.notification_public_tag

  destination_repository_name = var.notification_private_repository_name
  enable_kms_encryption       = var.notification_enable_kms_encryption
  kms_key_arn                 = var.notification_kms_key_arn

  tags = local.tags
}

module "lambdacron" {
  source = "git::https://github.com/omsf/lambdacron.git"

  aws_region                  = var.aws_region
  lambda_image_uri            = module.lambda_image_republish.lambda_image_uri_with_digest
  schedule_expression         = var.schedule_expression
  topic_name                  = var.topic_name
  fifo_topic                  = var.fifo_topic
  content_based_deduplication = var.content_based_deduplication

  lambda_env      = var.lambda_env
  timeout         = var.lambda_timeout
  memory_size     = var.lambda_memory_size
  lambda_name     = var.lambda_name
  image_command   = var.lambda_image_command
  create_test_url = var.create_test_url

  tags = local.tags
}

module "email_notification" {
  count  = local.enable_email_notification ? 1 : 0
  source = "git::https://github.com/omsf/lambdacron.git//modules/email-notification"

  sns_topic_arn    = module.lambdacron.sns_topic_arn
  result_types     = var.email_result_types
  fifo_queue_name  = var.email_fifo_queue_name
  lambda_image_uri = local.notification_lambda_image_uri
  lambda_name      = var.email_lambda_name

  subject_template_file = local.email_subject_template_file
  text_template_file    = local.email_text_template_file
  html_template_file    = local.email_html_template_file
  sender                = var.email_sender
  recipients            = var.email_recipients
  reply_to              = var.email_reply_to

  timeout     = var.email_timeout
  memory_size = var.email_memory_size
  batch_size  = var.email_batch_size
  enabled     = var.email_enabled

  tags = local.tags
}

resource "aws_iam_policy" "scheduled_lambda_additional" {
  count = var.scheduled_lambda_additional_policy_json == null ? 0 : 1

  name   = local.additional_policy_name
  policy = var.scheduled_lambda_additional_policy_json
  tags   = local.tags
}

resource "aws_iam_role_policy_attachment" "scheduled_lambda_additional" {
  count = var.scheduled_lambda_additional_policy_json == null ? 0 : 1

  role       = local.scheduled_lambda_role_name
  policy_arn = aws_iam_policy.scheduled_lambda_additional[0].arn
}