Skip to content

Commit

Permalink
Merge pull request #372 from NASA-IMPACT/iss655__CognitoLayer_Deploym…
Browse files Browse the repository at this point in the history
…ents

renamed the resources
  • Loading branch information
krisstanton authored Jul 31, 2024
2 parents 35a08a5 + 1ff6da3 commit d68337d
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 17 deletions.
25 changes: 13 additions & 12 deletions app/stacks/post-deploy-mods/main.tf
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# main.tf for post-deploy-mods

# Define the Lambda Function
resource "aws_lambda_function" "pre_filter_DistributionApiEndpoints" {
resource "aws_lambda_function" "pre_filter_DistApiEndpoints" {
# function_name = "ks-test-pre-filter-DistributionApiEndpoints"
function_name = "${var.prefix}-pre-filter-DistributionApiEndpoints"
function_name = "${var.prefix}-pre-filter-DistApiEndpoints"
filename = "${path.module}/resources/lambdas/pre-filter-DistributionApiEndpoints/distro/lambda.zip"
role = aws_iam_role.lambda_exec_pre_filter_DistributionApiEndpoints.arn
handler = "index.preFilterDistributionApiEndpointsHandler"
role = aws_iam_role.lambda_exec_pre_filter_DistApiEndpoints.arn
handler = "index.preFilterDistApiEndpoints"
runtime = "python3.10" #local.lambda_runtime
timeout = 300
memory_size = 3008
Expand All @@ -15,13 +15,14 @@ resource "aws_lambda_function" "pre_filter_DistributionApiEndpoints" {

lifecycle {
create_before_destroy = true
prevent_destroy = true
}
}

# Define the Execution Role and Policy
resource "aws_iam_role" "lambda_exec_pre_filter_DistributionApiEndpoints" {
resource "aws_iam_role" "lambda_exec_pre_filter_DistApiEndpoints" {
#name = "lambda_exec_role_pre_filter_DistributionApiEndpoints"
name = "${var.prefix}-lambda_exe_role_pf_DistApiEndpoints" # Must be 64 chars or less
name = "${var.prefix}-lamb_exe_role_pf_DistApiEndpoints" # Must be 64 chars or less

assume_role_policy = jsonencode({
Version = "2012-10-17"
Expand All @@ -40,14 +41,14 @@ resource "aws_iam_role" "lambda_exec_pre_filter_DistributionApiEndpoints" {

# Define an attachment to the aws_iam_role above
resource "aws_iam_role_policy_attachment" "lambda_exec_policy" {
role = aws_iam_role.lambda_exec_pre_filter_DistributionApiEndpoints.name
role = aws_iam_role.lambda_exec_pre_filter_DistApiEndpoints.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}

# Define another policy attachment to allow invoking of another lambda
resource "aws_iam_policy" "lambda_invoke_policy" {
#name = "lambda_invoke_policy"
name = "${var.prefix}-lambda_invoke_policy"
name = "${var.prefix}-lambda_pf_invoke_policy"
description = "Policy to allow Lambda functions to invoke other Lambda functions"
policy = jsonencode({
Version = "2012-10-17"
Expand All @@ -65,7 +66,7 @@ resource "aws_iam_policy" "lambda_invoke_policy" {

# Attach the Policy, which allows a Lambda to be Invoked, to the Lambda Role
resource "aws_iam_role_policy_attachment" "lambda_invoke_policy_attachment" {
role = aws_iam_role.lambda_exec_pre_filter_DistributionApiEndpoints.name
role = aws_iam_role.lambda_exec_pre_filter_DistApiEndpoints.name
policy_arn = aws_iam_policy.lambda_invoke_policy.arn
}

Expand Down Expand Up @@ -100,7 +101,7 @@ data "aws_api_gateway_resource" "proxy_resource" {
# http_method = "GET"
# integration_http_method = "POST" #"GET"
# type = "AWS_PROXY"
# uri = aws_lambda_function.pre_filter_DistributionApiEndpoints.invoke_arn
# uri = aws_lambda_function.pre_filter_DistApiEndpoints.invoke_arn
#}

# Update the integration for the root resource with GET method
Expand All @@ -110,14 +111,14 @@ resource "aws_api_gateway_integration" "proxy_lambda_integration" {
http_method = "ANY"
integration_http_method = "POST" #"GET"
type = "AWS_PROXY"
uri = aws_lambda_function.pre_filter_DistributionApiEndpoints.invoke_arn
uri = aws_lambda_function.pre_filter_DistApiEndpoints.invoke_arn
}

# Ensure the Lambda function as the necessary permissions to be invoked by API Gateway
resource "aws_lambda_permission" "api_gateway" {
statement_id = "AllowAPIGatewayInvoke"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.pre_filter_DistributionApiEndpoints.function_name
function_name = aws_lambda_function.pre_filter_DistApiEndpoints.function_name
principal = "apigateway.amazonaws.com"
source_arn = "${data.aws_api_gateway_rest_api.distribution_api.execution_arn}/*/*"
}
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Imports Section
# Import Section
import json

# For catching generic errors
Expand All @@ -7,11 +7,12 @@
# To call another lambda, from this lambda
import boto3


# SETTINGS
#
# This function's name (for logging purposes)
#this_function_name = "cumulus-prod-pre-filter-DistributionApiEndpoints"
this_function_name = "cumulus-kris-sbx7894-pre-filter-DistributionApiEndpoints"
this_function_name = "cumulus-kris-sbx7894-pre-filter-DistApiEndpoints"

#
# If this is set to False, this function does nothing extra than the original lambda did, it just allows a pass through
Expand Down Expand Up @@ -185,7 +186,7 @@ def lambda_handler(event, context):
statusCode = 200

msg_to_user = f'"insufficient permissions"'
# ret_event = {'statusCode': 200, 'body': json.dumps('Hello from Lambda!: cumulus-uat-pre-filter-DistributionApiEndpoints') }
# ret_event = {'statusCode': 200, 'body': json.dumps('Hello from Lambda!: cumulus-uat-pre-filter-DistApiEndpoints') }
ret_event = {'statusCode': statusCode, 'body': json.dumps(f'{msg_to_user}')}


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
#
# This function's name (for logging purposes)
#this_function_name = "cumulus-prod-pre-filter-DistributionApiEndpoints"
this_function_name = "ENV_VAR__CUMULUS_PREFIX-pre-filter-DistributionApiEndpoints"
this_function_name = "ENV_VAR__CUMULUS_PREFIX-pre-filter-DistApiEndpoints"

#
# If this is set to False, this function does nothing extra than the original lambda did, it just allows a pass through
Expand Down Expand Up @@ -186,7 +186,7 @@ def lambda_handler(event, context):
statusCode = 200

msg_to_user = f'"insufficient permissions"'
# ret_event = {'statusCode': 200, 'body': json.dumps('Hello from Lambda!: cumulus-uat-pre-filter-DistributionApiEndpoints') }
# ret_event = {'statusCode': 200, 'body': json.dumps('Hello from Lambda!: cumulus-uat-pre-filter-DistApiEndpoints') }
ret_event = {'statusCode': statusCode, 'body': json.dumps(f'{msg_to_user}')}


Expand Down

0 comments on commit d68337d

Please sign in to comment.