data "aws_caller_identity" "this" {} resource "random_id" "this" { byte_length = 4 } resource "aws_iam_role" "eventscheduler" { name = "EventSchedulerRole-${random_id.this.dec}" assume_role_policy = jsonencode( { "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Principal" : { "Service" : "scheduler.amazonaws.com" }, "Action" : "sts:AssumeRole" } ] } ) } resource "aws_iam_role_policy_attachment" "default" { policy_arn = "arn:aws:iam::aws:policy/AmazonEventBridgeSchedulerFullAccess" role = aws_iam_role.eventscheduler.name } resource "aws_iam_role" "this" { name = "lambda-startstop-ec2-${var.description}" assume_role_policy = jsonencode( { "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Principal" : { "Service" : "lambda.amazonaws.com" }, "Action" : "sts:AssumeRole" } ] } ) } resource "aws_iam_role_policy" "this" { policy = jsonencode( { "Version" : "2012-10-17", "Statement" : [ { "Sid" : "AllowCreationOfCloudwatchLogGroup", "Effect" : "Allow", "Action" : "logs:CreateLogGroup", "Resource" : "arn:aws:logs:ap-east-1:${data.aws_caller_identity.this.account_id}:*" }, { "Sid" : "AllowWritingToCloudwatchLogGroup", "Effect" : "Allow", "Action" : [ "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource" : [ "arn:aws:logs:ap-east-1:${data.aws_caller_identity.this.account_id}:log-group:/aws/lambda/*" ] }, { "Sid" : "AllowStartingStoppingOfEc2Instance", "Action" : [ "ec2:StopInstances", "ec2:StartInstances", "kms:CreateGrant" ], "Effect" : "Allow", "Resource" : "*" } ] } ) role = aws_iam_role.this.id name = "LambdaExecutionPolicy" } resource "aws_iam_role_policy" "eventscheduler" { policy = jsonencode( { "Version" : "2012-10-17", "Statement" : [ { "Sid" : "AllowInvocationOfLambdaFunction", "Effect" : "Allow", "Action" : "lambda:InvokeFunction", "Resource" : "*" } ] } ) role = aws_iam_role.eventscheduler.id name = "LambdaInvocation" } resource "aws_scheduler_schedule" "start" { name = "scheduled-start-of-${var.description}-instances" description = "Starts ${var.description} ec2 instance" flexible_time_window { mode = "OFF" } schedule_expression = var.instance-start-cron-expression target { arn = aws_lambda_function.ec2-start-stop.arn role_arn = aws_iam_role.eventscheduler.arn input = jsonencode({ "action" : "start" }) retry_policy { maximum_event_age_in_seconds = 600 maximum_retry_attempts = 1 } } } resource "aws_scheduler_schedule" "stop" { name = "scheduled-stop-of-${var.description}-instances" description = "Stops ${var.description} ec2 instance" flexible_time_window { mode = "OFF" } schedule_expression = var.instance-stop-cron-expression target { arn = aws_lambda_function.ec2-start-stop.arn role_arn = aws_iam_role.eventscheduler.arn input = jsonencode({ "action" : "stop" }) retry_policy { maximum_event_age_in_seconds = 600 maximum_retry_attempts = 1 } } } # #resource "aws_cloudwatch_event_rule" "start" { # name = "scheduled-start-of-${var.description}-instances" # description = "Starts automation ec2 instance" # schedule_expression = var.instance-start-cron-expression #} # #resource "aws_cloudwatch_event_rule" "stop" { # name = "scheduled-stop-of-${var.description}-instances" # description = "Stops automation ec2 instance" # schedule_expression = var.instance-stop-cron-expression #} # #resource "aws_cloudwatch_event_target" "start" { # rule = aws_cloudwatch_event_rule.start.name # arn = aws_lambda_function.ec2-start-stop.arn # input = "{\"action\": \"start\"}" #} # #resource "aws_cloudwatch_event_target" "stop" { # rule = aws_cloudwatch_event_rule.stop.name # arn = aws_lambda_function.ec2-start-stop.arn # input = "{\"action\": \"stop\"}" #} # Lambda function for instance scheduler data "archive_file" "lambda-package" { type = "zip" source_file = "${path.module}/Ec2Scheduler.py" output_path = "lambda-package.zip" } resource "aws_lambda_function" "ec2-start-stop" { function_name = "${var.description}-ec2-start-stop" filename = data.archive_file.lambda-package.output_path source_code_hash = data.archive_file.lambda-package.output_base64sha256 handler = "Ec2Scheduler.lambda_handler" runtime = "python3.12" role = aws_iam_role.this.arn timeout = 30 environment { variables = { instances = jsonencode(var.instance-ids) } } } resource "aws_lambda_permission" "lambda_permission" { statement_id = "AllowCloudWatchToInvokeLambda" action = "lambda:InvokeFunction" function_name = aws_lambda_function.ec2-start-stop.function_name principal = "events.amazonaws.com" } resource "aws_cloudwatch_log_group" "this" { name = "/aws/lambda/${var.description}-ec2-start-stop" retention_in_days = var.cloudwatchlog-retention }