Skip to content

Commit

Permalink
Deploy subfootball tracker
Browse files Browse the repository at this point in the history
  • Loading branch information
jordansimsmith committed Nov 14, 2024
1 parent 4b542dc commit 7e6dfa2
Show file tree
Hide file tree
Showing 2 changed files with 278 additions and 0 deletions.
63 changes: 63 additions & 0 deletions subfootball_tracker_api/infra/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

215 changes: 215 additions & 0 deletions subfootball_tracker_api/infra/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,215 @@
terraform {
backend "s3" {
bucket = "jordansimsmith-terraform"
key = "subfootball_tracker_api/infra/terraform.tfstate"
region = "ap-southeast-2"
}

required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.61"
}
}

required_version = ">= 1.9.0"
}

provider "aws" {
region = "ap-southeast-2"
}

locals {
application_id = "subfootball_tracker_api"
tags = {
application_id = local.application_id
}

lambdas = {
update_page_content = {
target = "//subfootball_tracker_api:update-page-content-handler_deploy.jar"
handler = "com.jordansimsmith.subfootballtracker.UpdatePageContentHandler"
}
}

subscriptions = ["[email protected]"]
}

data "aws_iam_policy_document" "lambda_sts_allow_policy_document" {
statement {
effect = "Allow"

principals {
identifiers = ["lambda.amazonaws.com"]
type = "Service"
}

actions = ["sts:AssumeRole"]
}
}

resource "aws_iam_role" "lambda_role" {
name = "${local.application_id}_lambda_exec"
assume_role_policy = data.aws_iam_policy_document.lambda_sts_allow_policy_document.json
tags = local.tags
}

resource "aws_iam_role_policy_attachment" "lambda_basic" {
role = aws_iam_role.lambda_role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}

resource "aws_dynamodb_table" "subfootball_tracker" {
name = "subfootball_tracker"
billing_mode = "PAY_PER_REQUEST"
hash_key = "pk"
range_key = "sk"

attribute {
name = "pk"
type = "S"
}

attribute {
name = "sk"
type = "S"
}

point_in_time_recovery {
enabled = true
}

deletion_protection_enabled = true

tags = local.tags
}

data "aws_iam_policy_document" "lambda_dynamodb" {
statement {
effect = "Allow"

resources = [
aws_dynamodb_table.subfootball_tracker.arn
]

actions = [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:BatchWriteItem",
"dynamodb:GetItem",
"dynamodb:BatchGetItem",
"dynamodb:Scan",
"dynamodb:Query",
"dynamodb:ConditionCheckItem",
]
}
}

resource "aws_iam_policy" "lambda_dynamodb" {
name = "${local.application_id}_lambda_dynamodb"
policy = data.aws_iam_policy_document.lambda_dynamodb.json
tags = local.tags
}

resource "aws_iam_role_policy_attachment" "lambda_dynamodb" {
role = aws_iam_role.lambda_role.name
policy_arn = aws_iam_policy.lambda_dynamodb.arn
}

resource "aws_sns_topic" "page_content_updates" {
name = "${local.application_id}_page_content_updates"
}

resource "aws_sns_topic_subscription" "page_content_updates" {
for_each = toset(local.subscriptions)
topic_arn = aws_sns_topic.page_content_updates.arn
protocol = "email"
endpoint = each.value
}

data "aws_iam_policy_document" "lambda_sns" {
statement {
effect = "Allow"

resources = [
aws_sns_topic.page_content_updates.arn,
]

actions = [
"SNS:Publish",
"SNS:GetTopicAttributes",
]
}

statement {
effect = "Allow"

resources = [
"*"
]

actions = [
"SNS:ListTopics"
]
}
}

resource "aws_iam_policy" "lambda_sns" {
name = "${local.application_id}_lambda_sns"
policy = data.aws_iam_policy_document.lambda_sns.json
tags = local.tags
}

resource "aws_iam_role_policy_attachment" "lambda_sns" {
role = aws_iam_role.lambda_role.name
policy_arn = aws_iam_policy.lambda_sns.arn
}

data "external" "handler_location" {
for_each = local.lambdas

program = ["bash", "../../tools/terraform/resolve_location.sh"]

query = {
target = each.value.target
}
}

data "local_file" "handler_file" {
for_each = local.lambdas

filename = data.external.handler_location[each.key].result.location
}

resource "aws_lambda_function" "lambda" {
for_each = local.lambdas

filename = data.local_file.handler_file[each.key].filename
function_name = "${local.application_id}_${each.key}"
role = aws_iam_role.lambda_role.arn
source_code_hash = data.local_file.handler_file[each.key].content_base64sha256
handler = each.value.handler
runtime = "java17"
memory_size = 1024
timeout = 30
tags = local.tags
}

resource "aws_cloudwatch_event_rule" "trigger" {
name = "${local.application_id}_trigger"
schedule_expression = "rate(1 hour)"
}

resource "aws_cloudwatch_event_target" "trigger" {
rule = aws_cloudwatch_event_rule.trigger.name
target_id = "lambda"
arn = aws_lambda_function.lambda["update_page_content"].arn
}

resource "aws_lambda_permission" "cloudwatch_trigger" {
statement_id = "AllowExecutionFromCloudWatch"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.lambda["update_page_content"].function_name
principal = "events.amazonaws.com"
source_arn = aws_cloudwatch_event_rule.trigger.arn
}

0 comments on commit 7e6dfa2

Please sign in to comment.