xpk/terraform.aws-baseline-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

UPD: added lambda invocation permission

Browse Source
This commit is contained in:
xpk 2024-02-26 12:16:02 +08:00
parent 2ac422441b
commit 2052166d45
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
1 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
modules/compute/ec2-instance-scheduler/main.tf
View File

@ -22,7 +22,7 @@ resource "aws_iam_role" "eventscheduler" {
) )
} }
resource "aws_iam_role_policy_attachment" "this" { resource "aws_iam_role_policy_attachment" "default" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEventBridgeSchedulerFullAccess" policy_arn = "arn:aws:iam::aws:policy/AmazonEventBridgeSchedulerFullAccess"
role = aws_iam_role.eventscheduler.name role = aws_iam_role.eventscheduler.name
} }
@ -85,6 +85,24 @@ resource "aws_iam_role_policy" "this" {
name = "LambdaExecutionPolicy" name = "LambdaExecutionPolicy"
} }
resource "aws_iam_role_policy" "eventscheduler" {
policy = jsonencode(
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "AllowInvocationOfLambdaFunction",
"Effect" : "Allow",
"Action" : "lambda:InvokeFunction",
"Resource" : "*"
}
]
}
)
role = aws_iam_role.eventscheduler.id
name = "LambdaInvocation"
}
resource "aws_scheduler_schedule" "start" { resource "aws_scheduler_schedule" "start" {
name = "scheduled-start-of-${var.description}-instances" name = "scheduled-start-of-${var.description}-instances"
description = "Starts ${var.description} ec2 instance" description = "Starts ${var.description} ec2 instance"
@ -169,3 +187,8 @@ resource "aws_lambda_permission" "lambda_permission" {
function_name = aws_lambda_function.ec2-start-stop.function_name function_name = aws_lambda_function.ec2-start-stop.function_name
principal = "events.amazonaws.com" principal = "events.amazonaws.com"
} }
resource "aws_cloudwatch_log_group" "this" {
name = "/aws/lambda/${var.description}-ec2-start-stop"
retention_in_days = var.cloudwatchlog-retention
}