171 lines
4.7 KiB
HCL
171 lines
4.7 KiB
HCL
data "aws_caller_identity" "this" {}
|
|
|
|
resource "random_id" "this" {
|
|
byte_length = 4
|
|
}
|
|
|
|
resource "aws_iam_role" "eventscheduler" {
|
|
name = "EventSchedulerRole-${random_id.this.dec}"
|
|
assume_role_policy = jsonencode(
|
|
{
|
|
"Version" : "2012-10-17",
|
|
"Statement" : [
|
|
{
|
|
"Effect" : "Allow",
|
|
"Principal" : {
|
|
"Service" : "scheduler.amazonaws.com"
|
|
},
|
|
"Action" : "sts:AssumeRole"
|
|
}
|
|
]
|
|
}
|
|
)
|
|
}
|
|
|
|
resource "aws_iam_role_policy_attachment" "this" {
|
|
policy_arn = "arn:aws:iam::aws:policy/AmazonEventBridgeSchedulerFullAccess"
|
|
role = aws_iam_role.eventscheduler.name
|
|
}
|
|
|
|
resource "aws_iam_role" "this" {
|
|
name = "lambda-startstop-ec2-${var.description}"
|
|
|
|
assume_role_policy = jsonencode(
|
|
{
|
|
"Version" : "2012-10-17",
|
|
"Statement" : [
|
|
{
|
|
"Effect" : "Allow",
|
|
"Principal" : {
|
|
"Service" : "lambda.amazonaws.com"
|
|
},
|
|
"Action" : "sts:AssumeRole"
|
|
}
|
|
]
|
|
}
|
|
)
|
|
}
|
|
|
|
resource "aws_iam_role_policy" "this" {
|
|
policy = jsonencode(
|
|
{
|
|
"Version" : "2012-10-17",
|
|
"Statement" : [
|
|
{
|
|
"Sid" : "AllowCreationOfCloudwatchLogGroup",
|
|
"Effect" : "Allow",
|
|
"Action" : "logs:CreateLogGroup",
|
|
"Resource" : "arn:aws:logs:ap-east-1:${data.aws_caller_identity.this.account_id}:*"
|
|
},
|
|
{
|
|
"Sid" : "AllowWritingToCloudwatchLogGroup",
|
|
"Effect" : "Allow",
|
|
"Action" : [
|
|
"logs:CreateLogStream",
|
|
"logs:PutLogEvents"
|
|
],
|
|
"Resource" : [
|
|
"arn:aws:logs:ap-east-1:${data.aws_caller_identity.this.account_id}:log-group:/aws/lambda/*"
|
|
]
|
|
},
|
|
{
|
|
"Sid" : "AllowStartingStoppingOfEc2Instance",
|
|
"Action" : [
|
|
"ec2:StopInstances",
|
|
"ec2:StartInstances",
|
|
"kms:CreateGrant"
|
|
],
|
|
"Effect" : "Allow",
|
|
"Resource" : "*"
|
|
}
|
|
]
|
|
}
|
|
)
|
|
role = aws_iam_role.this.id
|
|
name = "LambdaExecutionPolicy"
|
|
}
|
|
|
|
resource "aws_scheduler_schedule" "start" {
|
|
name = "scheduled-start-of-${var.description}-instances"
|
|
description = "Starts ${var.description} ec2 instance"
|
|
flexible_time_window {
|
|
mode = "OFF"
|
|
}
|
|
|
|
schedule_expression = var.instance-start-cron-expression
|
|
|
|
target {
|
|
arn = aws_lambda_function.ec2-start-stop.arn
|
|
role_arn = aws_iam_role.eventscheduler.arn
|
|
input = jsonencode({ "action" : "start" })
|
|
}
|
|
}
|
|
|
|
resource "aws_scheduler_schedule" "stop" {
|
|
name = "scheduled-stop-of-${var.description}-instances"
|
|
description = "Stops ${var.description} ec2 instance"
|
|
flexible_time_window {
|
|
mode = "OFF"
|
|
}
|
|
|
|
schedule_expression = var.instance-stop-cron-expression
|
|
|
|
target {
|
|
arn = aws_lambda_function.ec2-start-stop.arn
|
|
role_arn = aws_iam_role.eventscheduler.arn
|
|
input = jsonencode({ "action" : "stop" })
|
|
}
|
|
}
|
|
#
|
|
#resource "aws_cloudwatch_event_rule" "start" {
|
|
# name = "scheduled-start-of-${var.description}-instances"
|
|
# description = "Starts automation ec2 instance"
|
|
# schedule_expression = var.instance-start-cron-expression
|
|
#}
|
|
#
|
|
#resource "aws_cloudwatch_event_rule" "stop" {
|
|
# name = "scheduled-stop-of-${var.description}-instances"
|
|
# description = "Stops automation ec2 instance"
|
|
# schedule_expression = var.instance-stop-cron-expression
|
|
#}
|
|
#
|
|
#resource "aws_cloudwatch_event_target" "start" {
|
|
# rule = aws_cloudwatch_event_rule.start.name
|
|
# arn = aws_lambda_function.ec2-start-stop.arn
|
|
# input = "{\"action\": \"start\"}"
|
|
#}
|
|
#
|
|
#resource "aws_cloudwatch_event_target" "stop" {
|
|
# rule = aws_cloudwatch_event_rule.stop.name
|
|
# arn = aws_lambda_function.ec2-start-stop.arn
|
|
# input = "{\"action\": \"stop\"}"
|
|
#}
|
|
|
|
# Lambda function for instance scheduler
|
|
data "archive_file" "lambda-package" {
|
|
type = "zip"
|
|
source_file = "${path.module}/Ec2Scheduler.py"
|
|
output_path = "lambda-package.zip"
|
|
}
|
|
|
|
resource "aws_lambda_function" "ec2-start-stop" {
|
|
function_name = "${var.description}-ec2-start-stop"
|
|
filename = data.archive_file.lambda-package.output_path
|
|
source_code_hash = data.archive_file.lambda-package.output_base64sha256
|
|
handler = "Ec2Scheduler.lambda_handler"
|
|
runtime = "python3.12"
|
|
role = aws_iam_role.this.arn
|
|
timeout = 30
|
|
environment {
|
|
variables = {
|
|
instances = jsonencode(var.instance-ids)
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "aws_lambda_permission" "lambda_permission" {
|
|
statement_id = "AllowCloudWatchToInvokeLambda"
|
|
action = "lambda:InvokeFunction"
|
|
function_name = aws_lambda_function.ec2-start-stop.function_name
|
|
principal = "events.amazonaws.com"
|
|
} |