tf: Deploy rko-router as a lambda function

Author: sorah

tf/iam_LambdaRkoRouter.tf

@@ -0,0 +1,25 @@
+resource "aws_iam_role" "LambdaRkoRouter" {
+  name               = "LambdaRkoRouter"
+  description        = "rko-router//tf/lambda.tf"
+  assume_role_policy = data.aws_iam_policy_document.LambdaRkoRouter-trust.json
+}
+
+data "aws_iam_policy_document" "LambdaRkoRouter-trust" {
+  statement {
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+    principals {
+      type = "Service"
+      identifiers = [
+        "lambda.amazonaws.com"
+      ]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "lambda-AWSLambdaBasicExecutionRole" {
+  role       = aws_iam_role.LambdaRkoRouter.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+}
+
+

tf/iam_SchedulerRkoRouter.tf

@@ -0,0 +1,36 @@
+resource "aws_iam_role" "SchedulerRkoRouter" {
+  name                 = "SchedulerRkoRouter"
+  description          = "rko-router//tf/iam_SchedulerRkoRouter.tf"
+  assume_role_policy   = data.aws_iam_policy_document.SchedulerRkoRouter-trust.json
+  max_session_duration = 3600
+}
+
+data "aws_iam_policy_document" "SchedulerRkoRouter-trust" {
+  statement {
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+    principals {
+      type = "Service"
+      identifiers = [
+        "scheduler.amazonaws.com",
+      ]
+    }
+  }
+}
+
+resource "aws_iam_role_policy" "SchedulerRkoRouter" {
+  role   = aws_iam_role.SchedulerRkoRouter.name
+  policy = data.aws_iam_policy_document.SchedulerRkoRouter.json
+}
+
+data "aws_iam_policy_document" "SchedulerRkoRouter" {
+  statement {
+    effect = "Allow"
+    actions = [
+      "lambda:InvokeFunction",
+    ]
+    resources = [
+      aws_lambda_function.rko-router.arn,
+    ]
+  }
+}

tf/lambda.tf

@@ -0,0 +1,41 @@
+resource "aws_lambda_function" "rko-router" {
+  function_name = "rko-router"
+
+  package_type  = "Image"
+  image_uri     = "${aws_ecr_repository.rko-router.repository_url}:3285c10bdd196708e97523c116baeba981b8b8a7"
+  architectures = ["x86_64"]
+
+  role = aws_iam_role.LambdaRkoRouter.arn
+
+  memory_size = 256
+  timeout     = 30
+
+  environment {
+    variables = {
+      AWS_LWA_INVOKE_MODE         = "response_stream"
+      NGINX_ENTRYPOINT_QUIET_LOGS = "1"
+
+      JUMP_HOST = "*.lambda-url.us-west-2.on.aws"
+    }
+  }
+
+  tags = {
+    Name = "rko-router"
+  }
+
+  # lifecycle {
+  #   ignore_changes = [
+  #     image_uri,
+  #   ]
+  # }
+}
+
+resource "aws_lambda_function_url" "rko-router" {
+  function_name      = aws_lambda_function.rko-router.function_name
+  authorization_type = "NONE"
+  invoke_mode        = "RESPONSE_STREAM"
+}
+
+output "function_url" {
+  value = aws_lambda_function_url.rko-router.function_url
+}

tf/scheduler.tf

@@ -0,0 +1,16 @@
+resource "aws_scheduler_schedule" "rko-router-wakeup" {
+  name = "rko-router-wakeup"
+
+  flexible_time_window {
+    mode                      = "FLEXIBLE"
+    maximum_window_in_minutes = 90
+  }
+
+  schedule_expression = "rate(12 hours)"
+
+  target {
+    arn      = aws_lambda_function.rko-router.arn
+    role_arn = aws_iam_role.SchedulerRkoRouter.arn
+    input    = jsonencode({ action = "wake-up" })
+  }
+}