update

apigw/apigw-hello-world-lambda/data.tf

@@ -0,0 +1,5 @@
+data "archive_file" "lambda" {
+  type        = "zip"
+  source_dir  = "${path.module}/lambda/"
+  output_path = "${path.module}/lambda.zip"
+}

apigw/apigw-hello-world-lambda/lambda.tf

@@ -1,18 +1,6 @@
-data "aws_iam_policy_document" "assume_role" {
-  statement {
-    effect = "Allow"
+resource "aws_iam_policy" "lambda_s3_access_policy" {
+  name = "lambda_s3_access_policy"
 
-    principals {
-      type        = "Service"
-      identifiers = ["lambda.amazonaws.com"]
-    }
-    actions = ["sts:AssumeRole"]
-  }
-}
-
-resource "aws_iam_role_policy" "lambda_policy" {
-  name   = "lambda-policy"
-  role   = aws_iam_role.lambda_execution_role.id
   policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
@@ -23,30 +11,25 @@ resource "aws_iam_role_policy" "lambda_policy" {
           "logs:PutLogEvents"
         ]
         Effect   = "Allow"
-        Resource = "*"
+        Resource = "arn:aws:logs:*:*:*"
       }
     ]
   })
 }
-resource "aws_iam_role" "lambda_execution_role" {
-  name               = "lambda-execution-role"
-  assume_role_policy = data.aws_iam_policy_document.assume_role.json
-}
 
-data "archive_file" "lambda" {
-  type        = "zip"
-  source_dir  = "${path.module}/lambda/"
-  output_path = "${path.module}/lambda_function_payload.zip"
+resource "aws_iam_role_policy_attachment" "lambda_s3_policy_attachment" {
+  role       = aws_iam_role.lambda_execution_role.name
+  policy_arn = aws_iam_policy.lambda_s3_access_policy.arn
 }
 
-resource "aws_lambda_function" "get_data_kinesis" {
-  filename      = "${path.module}/lambda_function_payload.zip"
-  function_name = "hello-world"
-  role          = aws_iam_role.lambda_execution_role.arn
-  handler       = "main.lambda_handler"
 
+# Step 4: Create the Lambda function (assuming the Lambda ZIP package is uploaded)
+resource "aws_lambda_function" "hello-world" {
+  function_name = "hello-world"
+  filename      = "lambda.zip"
   source_code_hash = data.archive_file.lambda.output_base64sha256
-
-  runtime = "python3.10"
+  handler = "main.lambda_handler"  
+  runtime = "python3.10"  # Adjust as per your runtime
+  role    = aws_iam_role.lambda_execution_role.arn
+  timeout = 30
 }
-

apigw/apigw-hello-world-lambda/main.tf

@@ -0,0 +1,16 @@
+resource "aws_iam_role" "lambda_execution_role" {
+  name = "lambda_execution_role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "lambda.amazonaws.com"
+        }
+      },
+    ]
+  })
+}

eventbridge/trigger-event-bus/data.tf

@@ -0,0 +1,5 @@
+data "archive_file" "lambda_zip" {
+  type        = "zip"
+  source_file = "./lambda/main.py" 
+  output_path = "./lambda.zip"
+}

eventbridge/trigger-event-bus/eventbridge.tf

@@ -0,0 +1,3 @@
+# resource "aws_cloudwatch_event_bus" "trigger" {
+#   name = "trigger-event-bridge"
+# }

eventbridge/trigger-event-bus/main.tf

@@ -1,44 +1,43 @@
-resource "aws_cloudwatch_event_bus" "trigger" {
-  name = "trigger-event-bridge"
-}
-
-data "archive_file" "lambda_zip" {
-  type        = "zip"
-  source_file = "./lambda/main.py" 
-  output_path = "./lambda/lambda.zip"
-}
+resource "aws_iam_role" "lambda_execution_role" {
+  name = "lambda_execution_role"
 
-# IAM Role for Lambda
-resource "aws_iam_role" "lambda_role" {
-  name = "lambda_role"
-
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
       {
-        Action    = "sts:AssumeRole"
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
         Principal = {
           Service = "lambda.amazonaws.com"
         }
-        Effect    = "Allow"
-        Sid       = ""
       },
     ]
   })
 }
 
-# Lambda Function
-resource "aws_lambda_function" "my_lambda" {
-  function_name = "event-bridge-integration"
-
-  # Use the zip file created by archive_file
-  filename         = data.archive_file.lambda_zip.output_path
+
+resource "aws_iam_policy" "trigger_event_bus_policy" {
+  name = "trigger-event-bus"
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "lambda_s3_policy_attachment" {
+  role       = aws_iam_role.lambda_execution_role.name
+  policy_arn = aws_iam_policy.trigger_event_bus_policy.arn
+}
+
+
+resource "aws_lambda_function" "trigger-event-bus" {
+  function_name = "trigger-event-bus"
+  filename      = "lambda.zip"
   source_code_hash = data.archive_file.lambda_zip.output_base64sha256
-
-  role             = aws_iam_role.lambda_role.arn
-  handler          = "main.lambda_handler"  # Ensure this matches the function in main.py
-  runtime          = "python3.10"            # Or another Python runtime version
-
-  memory_size      = 128
-  timeout          = 10
+  handler = "main.lambda_handler"  
+  runtime = "python3.10"  # Adjust as per your runtime
+  role    = aws_iam_role.lambda_execution_role.arn
+  timeout = 30
 }

rds/promote-read-replicas/data.tf

@@ -1,7 +1,7 @@
 data "archive_file" "lambda" {
   type        = "zip"
   source_dir  = "${path.module}/lambda"
-  output_path = "${path.module}/python.zip"
+  output_path = "${path.module}/lambda.zip"
 }
 
 data "aws_vpc" "default" {

rds/promote-read-replicas/lambda.tf

@@ -0,0 +1,43 @@
+resource "aws_iam_policy" "lambda_s3_access_policy" {
+  name = "lambda_s3_access_policy"
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = [
+          "logs:CreateLogGroup",
+          "logs:CreateLogStream",
+          "logs:PutLogEvents"
+        ]
+        Effect   = "Allow"
+        Resource = "arn:aws:logs:*:*:*"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "lambda_s3_policy_attachment" {
+  role       = aws_iam_role.lambda_execution_role.name
+  policy_arn = aws_iam_policy.lambda_s3_access_policy.arn
+}
+
+
+# Step 4: Create the Lambda function (assuming the Lambda ZIP package is uploaded)
+resource "aws_lambda_function" "hello-world" {
+  function_name = "hello-world"
+  filename      = "lambda.zip"
+  source_code_hash = data.archive_file.lambda.output_base64sha256
+  handler = "main.lambda_handler"  
+  runtime = "python3.10"  # Adjust as per your runtime
+  role    = aws_iam_role.lambda_execution_role.arn
+  timeout = 30
+  environment {
+    variables = {
+      DB_INSTANCE_ID    = aws_rds_cluster.primary.id
+      SNS_TOPIC_ARN     = aws_sns_topic.notify.arn
+      SECRET_NAME       = aws_rds_cluster.primary.master_user_secret[0].secret_arn
+      SUBNET_GROUP_NAME = aws_db_subnet_group.all.name
+    }
+}
+}

rds/promote-read-replicas/main.tf

@@ -37,24 +37,6 @@ resource "aws_iam_role_policy_attachment" "lambda_attach_policy" {
   policy_arn = aws_iam_policy.lambda_policy.arn
 }
 
-resource "aws_lambda_function" "promote_read_replica" {
-  function_name = "promote-read-replica"
-  role          = aws_iam_role.lambda_role.arn
-  handler       = "lambda_function.lambda_handler"
-  runtime       = "python3.9"
-
-  environment {
-    variables = {
-      DB_INSTANCE_ID    = aws_rds_cluster.primary.id
-      SNS_TOPIC_ARN     = aws_sns_topic.notify.arn
-      SECRET_NAME       = aws_rds_cluster.primary.master_user_secret[0].secret_arn
-      SUBNET_GROUP_NAME = aws_db_subnet_group.all.name
-    }
-  }
-
-  source_code_hash = data.archive_file.lambda.output_base64sha256
-  filename         = "python.zip"
-}
 
 resource "aws_sns_topic" "notify" {
   name = "rds-disaster-recovery"