UPD: added lambda invocation permission

2024-02-26 12:16:02 +08:00 · 2024-02-26 12:16:02 +08:00 · 2052166d45
commit 2052166d45
parent 2ac422441b
1 changed files with 24 additions and 1 deletions
--- a/modules/compute/ec2-instance-scheduler/main.tf
+++ b/modules/compute/ec2-instance-scheduler/main.tf
@ -22,7 +22,7 @@ resource "aws_iam_role" "eventscheduler" {
  )
 }

-resource "aws_iam_role_policy_attachment" "this" {
+resource "aws_iam_role_policy_attachment" "default" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEventBridgeSchedulerFullAccess"
  role       = aws_iam_role.eventscheduler.name
 }
@ -85,6 +85,24 @@ resource "aws_iam_role_policy" "this" {
  name = "LambdaExecutionPolicy"
 }

+resource "aws_iam_role_policy" "eventscheduler" {
+  policy = jsonencode(
+    {
+      "Version" : "2012-10-17",
+      "Statement" : [
+        {
+          "Sid" : "AllowInvocationOfLambdaFunction",
+          "Effect" : "Allow",
+          "Action" : "lambda:InvokeFunction",
+          "Resource" : "*"
+        }
+      ]
+    }
+  )
+  role = aws_iam_role.eventscheduler.id
+  name = "LambdaInvocation"
+}
+
 resource "aws_scheduler_schedule" "start" {
  name        = "scheduled-start-of-${var.description}-instances"
  description = "Starts ${var.description} ec2 instance"
@ -168,4 +186,9 @@ resource "aws_lambda_permission" "lambda_permission" {
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.ec2-start-stop.function_name
  principal     = "events.amazonaws.com"
+}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name              = "/aws/lambda/${var.description}-ec2-start-stop"
+  retention_in_days = var.cloudwatchlog-retention
 }