From 2052166d45231430349c842dfb4e3bd2c8ac1d14 Mon Sep 17 00:00:00 2001
From: xpk <xpk@headdesk.me>
Date: Mon, 26 Feb 2024 12:16:02 +0800
Subject: [PATCH] UPD: added lambda invocation permission

---
 .../compute/ec2-instance-scheduler/main.tf    | 25 ++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/modules/compute/ec2-instance-scheduler/main.tf b/modules/compute/ec2-instance-scheduler/main.tf
index 4144a9d..6ce1958 100644
--- a/modules/compute/ec2-instance-scheduler/main.tf
+++ b/modules/compute/ec2-instance-scheduler/main.tf
@@ -22,7 +22,7 @@ resource "aws_iam_role" "eventscheduler" {
   )
 }
 
-resource "aws_iam_role_policy_attachment" "this" {
+resource "aws_iam_role_policy_attachment" "default" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEventBridgeSchedulerFullAccess"
   role       = aws_iam_role.eventscheduler.name
 }
@@ -85,6 +85,24 @@ resource "aws_iam_role_policy" "this" {
   name = "LambdaExecutionPolicy"
 }
 
+resource "aws_iam_role_policy" "eventscheduler" {
+  policy = jsonencode(
+    {
+      "Version" : "2012-10-17",
+      "Statement" : [
+        {
+          "Sid" : "AllowInvocationOfLambdaFunction",
+          "Effect" : "Allow",
+          "Action" : "lambda:InvokeFunction",
+          "Resource" : "*"
+        }
+      ]
+    }
+  )
+  role = aws_iam_role.eventscheduler.id
+  name = "LambdaInvocation"
+}
+
 resource "aws_scheduler_schedule" "start" {
   name        = "scheduled-start-of-${var.description}-instances"
   description = "Starts ${var.description} ec2 instance"
@@ -168,4 +186,9 @@ resource "aws_lambda_permission" "lambda_permission" {
   action        = "lambda:InvokeFunction"
   function_name = aws_lambda_function.ec2-start-stop.function_name
   principal     = "events.amazonaws.com"
+}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name              = "/aws/lambda/${var.description}-ec2-start-stop"
+  retention_in_days = var.cloudwatchlog-retention
 }
\ No newline at end of file