diff options
| author | Alex <git@ajschof.me> | 2024-08-19 17:13:56 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-19 17:13:56 +0100 |
| commit | f014d1a15037e3471c0759de3ca31e221e2673de (patch) | |
| tree | dbe1a8a34728d8d8edb36e425ebb0dbd3f7c5352 /terraform | |
| parent | a42d030fb663ad7eb040498cfc5f0627a27d6cc6 (diff) | |
| parent | 58db3807d686a600177f467c96694bec75f0c466 (diff) | |
| download | de-project-bentley-f014d1a15037e3471c0759de3ca31e221e2673de.tar.gz de-project-bentley-f014d1a15037e3471c0759de3ca31e221e2673de.zip | |
Merge branch 'development' into feature/test-process-upload-tables-v2
Diffstat (limited to 'terraform')
| -rw-r--r-- | terraform/iam.tf | 17 | ||||
| -rw-r--r-- | terraform/lambda.tf | 22 | ||||
| -rw-r--r-- | terraform/s3.tf | 5 |
3 files changed, 23 insertions, 21 deletions
diff --git a/terraform/iam.tf b/terraform/iam.tf index 0e5fa6d..7585ff8 100644 --- a/terraform/iam.tf +++ b/terraform/iam.tf @@ -28,17 +28,19 @@ resource "aws_iam_role" "multi_service_role" { ######################################################################## # S3 SETUP # Description: allows allows retention/tagging/access control settings -# Lambda IAM Policy for S3 Write +# Lambda IAM Policy for S3 ######################################################################## # S3 DEFINE POLICY data "aws_iam_policy_document" "s3_data_policy_doc" { statement { + effect = "Allow" actions = [ "s3:PutObject", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectAcl" + "s3:PutObjectAcl", + "s3:ListObjects" ] resources = [ "${aws_s3_bucket.extract_bucket.arn}/*", @@ -46,6 +48,17 @@ data "aws_iam_policy_document" "s3_data_policy_doc" { "${aws_s3_bucket.lambda_code_bucket.arn}/*", ] } + + statement { + effect = "Allow" + actions = [ + "s3:ListBuckets", + "s3:ListAllMyBuckets" + ] + resources = [ + "arn:aws:s3:::*", + ] + } } diff --git a/terraform/lambda.tf b/terraform/lambda.tf index e33bc79..72aae04 100644 --- a/terraform/lambda.tf +++ b/terraform/lambda.tf @@ -90,27 +90,21 @@ resource "aws_lambda_function" "load_lambda" { # Lambda Layer Specification locals { - layer_dir = "lambda_layer" - requirements = "requirements.txt" - layer_zip = "layer.zip" - layer_name = "lambda_layer_dev" + layer_dir = "../" + layer_zip = "layer.zip" + layer_name = "lambda_layer" + script_dir = "../scripts" } resource "null_resource" "prepare_layer" { provisioner "local-exec" { - command = <<EOT - cd ${local.layer_dir} - rm -rf python - mkdir python - pip3 install -r ${local.requirements} -t python/ - zip -r ${local.layer_zip} python - EOT - } #removed / at the end of python in line 99 + command = "bash ${local.script_dir}/make_layer_zip.sh" + } } resource "aws_s3_object" "lambda_layer_zip" { bucket = aws_s3_bucket.lambda_code_bucket.id #bucket instead of id - key = "lambda_layer/${local.layer_name}/${local.layer_zip}" + key = "${local.layer_name}/${local.layer_zip}" source = "${local.layer_dir}/${local.layer_zip}" depends_on = [null_resource.prepare_layer] } @@ -118,7 +112,7 @@ resource "aws_s3_object" "lambda_layer_zip" { resource "aws_lambda_layer_version" "lambda_layer" { layer_name = local.layer_name compatible_runtimes = ["python3.11"] - s3_bucket = aws_s3_bucket.lambda_layer_bucket.id #bucket instead of id + s3_bucket = aws_s3_bucket.lambda_code_bucket.bucket s3_key = aws_s3_object.lambda_layer_zip.key skip_destroy = true depends_on = [aws_s3_object.lambda_layer_zip] diff --git a/terraform/s3.tf b/terraform/s3.tf index b3a863c..d5cdee3 100644 --- a/terraform/s3.tf +++ b/terraform/s3.tf @@ -12,8 +12,3 @@ resource "aws_s3_bucket" "transform_bucket" { resource "aws_s3_bucket" "lambda_code_bucket" { bucket_prefix = "${var.s3_code_bucket_name}-" } - -### LAMBDA LAYER BUCKET -resource "aws_s3_bucket" "lambda_layer_bucket" { - bucket_prefix = "lambda-layer-dev-" -}
\ No newline at end of file |