Add terraform config.

NOAA-OWP · Jan 23, 2025 · 1b282a6 · 1b282a6
1 parent d7cc87d
commit 1b282a6
Show file tree

Hide file tree

Showing 3 changed files with 146 additions and 41 deletions.
diff --git a/Core/LAMBDA/viz_functions/main.tf b/Core/LAMBDA/viz_functions/main.tf
@@ -212,6 +212,10 @@ variable "five_minute_trigger" {
   })
 }
 
+variable "ecr_repository_image_tag" {
+  type = string
+}
+
 ########################################################################################################################################
 ########################################################################################################################################
 
@@ -225,6 +229,8 @@ locals {
   initialize_pipeline_subscriptions = toset([
     "rnr_wrf_hydro_output"
   ])
+
+  viz_update_egis_data_lambda_name = "hv-vpp-${var.environment}-viz-update-egis-data"
 }
 
 ##################################
@@ -742,66 +748,128 @@ resource "aws_lambda_function_event_invoke_config" "viz_fim_data_prep_destinatio
 #############################
 data "archive_file" "update_egis_data_zip" {
   type = "zip"
+  output_path = "${path.module}/temp/viz_update_egis_data_${var.environment}_${var.region}.zip"
+
+  dynamic "source" {
+    for_each = fileset("${path.module}/viz_update_egis_data", "**")
+    content {
+      content  = file("${path.module}/viz_update_egis_data/${source.key}")
+      filename = source.key
+    }
+  }
 
-  source_file = "${path.module}/viz_update_egis_data/lambda_function.py"
+  source {
+    content = file("${path.module}/../layers/viz_lambda_shared_funcs/viz_classes.py")
+    filename = "viz_classes.py"
+  }
 
-  output_path = "${path.module}/temp/viz_update_egis_data_${var.environment}_${var.region}.zip"
+  source {
+    content = templatefile("${path.module}/viz_update_egis_data/serverless.yml.tmpl", {
+      SERVICE_NAME       = replace(local.viz_update_egis_data_lambda_name, "_", "-")
+      LAMBDA_TAGS        = jsonencode(merge(var.default_tags, { Name = local.viz_update_egis_data_lambda_name }))
+      DEPLOYMENT_BUCKET  = var.deployment_bucket
+      AWS_DEFAULT_REGION = var.region
+      LAMBDA_NAME        = local.viz_update_egis_data_lambda_name
+      AWS_ACCOUNT_ID     = var.account_id
+      IMAGE_REPO_NAME    = aws_ecr_repository.viz_update_egis_data_image.name
+      IMAGE_TAG          = var.ecr_repository_image_tag
+      LAMBDA_ROLE_ARN    = var.lambda_role
+    })
+    filename = "serverless.yml"
+  }
 }
 
 resource "aws_s3_object" "update_egis_data_zip_upload" {
-  provider = aws.no_tags  
+  provider = aws.no_tags
   bucket      = var.deployment_bucket
   key         = "terraform_artifacts/${path.module}/viz_update_egis_data.zip"
   source      = data.archive_file.update_egis_data_zip.output_path
   source_hash = filemd5(data.archive_file.update_egis_data_zip.output_path)
 }
 
-resource "aws_lambda_function" "viz_update_egis_data" {
-  function_name = "hv-vpp-${var.environment}-viz-update-egis-data"
-  description   = "Lambda function to copy a postprocesses service table into the egis postgreql database, as well as cache data in the viz database."
-  memory_size   = 128
-  timeout       = 900
-  vpc_config {
-    security_group_ids = var.db_lambda_security_groups
-    subnet_ids         = var.db_lambda_subnets
+resource "aws_ecr_repository" "viz_update_egis_data_image" {
+  name                 = local.viz_update_egis_data_lambda_name
+  image_tag_mutability = "MUTABLE"
+
+  force_delete = true
+
+  image_scanning_configuration {
+    scan_on_push = true
   }
+}
+
+resource "aws_codebuild_project" "viz_update_egis_data_lambda" {
+  name          = local.viz_update_egis_data_lambda_name
+  description   = "Codebuild project that builds the lambda container based on a zip file with lambda code and dockerfile. Also deploys a lambda function using the ECR image"
+  build_timeout = "60"
+  service_role  = var.lambda_role
+
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+
   environment {
-    variables = {
-      EGIS_DB_DATABASE = var.egis_db_name
-      EGIS_DB_HOST     = var.egis_db_host
-      EGIS_DB_USERNAME = jsondecode(var.egis_db_user_secret_string)["username"]
-      EGIS_DB_PASSWORD = jsondecode(var.egis_db_user_secret_string)["password"]
-      VIZ_DB_DATABASE  = var.viz_db_name
-      VIZ_DB_HOST      = var.viz_db_host
-      VIZ_DB_USERNAME  = jsondecode(var.viz_db_user_secret_string)["username"]
-      VIZ_DB_PASSWORD  = jsondecode(var.viz_db_user_secret_string)["password"]
-      CACHE_BUCKET     = var.viz_cache_bucket
+    compute_type                = "BUILD_GENERAL1_SMALL"
+    image                       = "aws/codebuild/standard:6.0"
+    type                        = "LINUX_CONTAINER"
+    image_pull_credentials_type = "CODEBUILD"
+    privileged_mode             = true
+
+    environment_variable {
+      name  = "AWS_DEFAULT_REGION"
+      value = var.region
+    }
+
+    environment_variable {
+      name  = "AWS_ACCOUNT_ID"
+      value = var.account_id
+    }
+
+    environment_variable {
+      name  = "IMAGE_REPO_NAME"
+      value = aws_ecr_repository.viz_update_egis_data_image.name
+    }
+
+    environment_variable {
+      name  = "IMAGE_TAG"
+      value = var.ecr_repository_image_tag
     }
   }
-  s3_bucket        = aws_s3_object.update_egis_data_zip_upload.bucket
-  s3_key           = aws_s3_object.update_egis_data_zip_upload.key
-  source_code_hash = filebase64sha256(data.archive_file.update_egis_data_zip.output_path)
-  runtime          = "python3.9"
-  handler          = "lambda_function.lambda_handler"
-  role             = var.lambda_role
-  layers = [
-    var.pandas_layer,
-    var.psycopg2_sqlalchemy_layer,
-    var.viz_lambda_shared_funcs_layer
-  ]
-  tags = {
-    "Name" = "hv-vpp-${var.environment}-viz-update-egis-data"
+
+  source {
+    type     = "S3"
+    location = "${aws_s3_object.update_egis_data_zip_upload.bucket}/${aws_s3_object.update_egis_data_zip_upload.key}"
   }
 }
 
-resource "aws_lambda_function_event_invoke_config" "viz_update_egis_data_destinations" {
-  function_name          = resource.aws_lambda_function.viz_update_egis_data.function_name
-  maximum_retry_attempts = 0
-  destination_config {
-    on_failure {
-      destination = var.email_sns_topics["viz_lambda_errors"].arn
-    }
+resource "null_resource" "viz_update_egis_data_cluster" {
+  # Changes to any instance of the cluster requires re-provisioning
+  triggers = {
+    source_hash = data.archive_file.update_egis_data_zip.output_md5
   }
+
+  depends_on = [ aws_s3_object.update_egis_data_zip_upload ]
+
+  provisioner "local-exec" {
+    command = "aws codebuild start-build --project-name ${aws_codebuild_project.viz_update_egis_data_lambda.name} --profile ${var.environment} --region ${var.region}"
+  }
+}
+
+resource "time_sleep" "wait_for_viz_update_egis_data_cluster" {
+  triggers = {
+    function_update = null_resource.viz_update_egis_data.triggers.source_hash
+  }
+  depends_on = [null_resource.viz_update_egis_data]
+
+  create_duration = "120s"
+}
+
+data "aws_lambda_function" "viz_update_egis_data" {
+  function_name = local.viz_update_egis_data_lambda_name
+
+  depends_on = [
+    time_sleep.wait_for_viz_update_egis_data_cluster
+  ]
 }
 
 #############################

diff --git a/Core/LAMBDA/viz_functions/viz_update_egis_data/buildspec.yml b/Core/LAMBDA/viz_functions/viz_update_egis_data/buildspec.yml
@@ -0,0 +1,21 @@
+version: 0.2
+
+phases:
+  pre_build:
+    commands:
+      - echo Logging in to Amazon ECR...
+      - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
+  build:
+    commands:
+      - echo Build started on `date`
+      - echo Building the Docker image...
+      - docker buildx build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
+      - docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG      
+  post_build:
+    commands:
+      - echo Build completed on `date`
+      - echo Pushing the Docker image...
+      - docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
+      - echo Updating lambda
+      - npm install -g [email protected]
+      - sls deploy
diff --git a/Core/LAMBDA/viz_functions/viz_update_egis_data/serverless.yml.tmpl b/Core/LAMBDA/viz_functions/viz_update_egis_data/serverless.yml.tmpl
@@ -0,0 +1,16 @@
+service: ${SERVICE_NAME}
+provider:
+  stackTags: ${LAMBDA_TAGS}
+  name: aws
+  deploymentBucket: 
+    name: ${DEPLOYMENT_BUCKET}
+    serverSideEncryption: AES256
+  region: ${AWS_DEFAULT_REGION}
+functions:
+  lambda:
+    name: ${LAMBDA_NAME}
+    image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${IMAGE_TAG}
+    role: ${LAMBDA_ROLE_ARN}
+    memorySize: 1024
+    timeout: 900
+    ephemeralStorageSize: 1024