├── default-swagger.yaml
├── import-swagger.py
├── lambda-exec-policy.json
├── main.tf
├── output.tf
└── variables.tf


/default-swagger.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | swagger: "2.0"
 3 | info:
 4 |   version: "2016-03-22T17:33:14Z"
 5 |   title: "${stack_name}"
 6 | basePath: /"${stage_name}"
 7 | schemes:
 8 | - "https"
 9 | paths:
10 |   ${lambda_path}:
11 |     post:
12 |       responses:
13 |         200:
14 |           description: "200 response"
15 |       x-amazon-apigateway-integration:
16 |         responses:
17 |           .*:
18 |             statusCode: "200"
19 |         uri: "${lambda_function_full_arn}"
20 |         httpMethod: "${http_method}"
21 |         type: "aws"
22 |           


--------------------------------------------------------------------------------
/import-swagger.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | import sys, yaml, json, os
 4 | 
 5 | api_id     = sys.argv[1]
 6 | input_file = sys.argv[2]
 7 | 
 8 | def read_json(arg):
 9 | 	with open(arg, 'r') as data_file:    
10 | 		return json.load(data_file)
11 | 
12 | 
13 | def read_yaml(arg):
14 | 	with open( arg, 'r') as stream:
15 | 		return yaml.load(stream)
16 | 
17 | def read_file(arg):
18 | 	if (arg.endswith('.yaml')) or (arg.endswith('.yml')):
19 | 		return read_yaml(arg)
20 | 	elif m.endswith('.json'):
21 | 		return read_json(arg)
22 | 
23 | content = read_file( input_file )
24 | minimized = json.dumps(content)
25 | print minimized
26 | os.system("aws apigateway put-rest-api --rest-api-id {} --mode=merge --body='{}'".format(api_id, minimized))


--------------------------------------------------------------------------------
/lambda-exec-policy.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "Version": "2012-10-17",
 3 |     "Statement": [
 4 |         {
 5 |             "Effect": "Allow",
 6 |             "Action": [
 7 |                 "logs:CreateLogGroup",
 8 |                 "logs:CreateLogStream",
 9 |                 "logs:PutLogEvents"
10 |             ],
11 |             "Resource": [ "arn:aws:logs:*:*:*" ]
12 |         },
13 |         {
14 |             "Effect": "Allow",
15 |             "Resource": "*",
16 |             "Action": [
17 |                 "ec2:DescribeInstances",
18 |                 "ec2:CreateNetworkInterface",
19 |                 "ec2:AttachNetworkInterface",
20 |                 "ec2:DescribeNetworkInterfaces",
21 |                 "autoscaling:CompleteLifecycleAction",
22 |                 "lambda:InvokeFunction"
23 |             ]
24 |         },
25 |         {
26 |             "Effect": "Allow",
27 |             "Action": [
28 |                 "s3:PutObject",
29 |                 "s3:GetObject",
30 |                 "s3:PutObject",
31 |                 "s3:DeleteObject",
32 |                 "s3:ListBucket"
33 |             ],
34 |             "Resource": [ "arn:aws:s3:::*" ]
35 |         }
36 |     ]
37 | }


--------------------------------------------------------------------------------
/main.tf:
--------------------------------------------------------------------------------
 1 | resource "null_resource" "zip_payload" {
 2 | 
 3 |     provisioner "local-exec" {
 4 |         command = <<EOM
 5 | #!/bin/bash
 6 | mkdir -p ${path.cwd}/.terraform/${var.stack_name}/${var.function_name} | true
 7 | cp -f ${var.source_files} ${path.cwd}/.terraform/${var.stack_name}/${var.function_name} 
 8 | ( cd ${path.cwd}/.terraform/${var.stack_name}/${var.function_name}/ && zip -r lambda-payload.zip . )
 9 | EOM
10 |     }
11 | }
12 | 
13 | resource "null_resource" "sleep" {
14 |     provisioner "local-exec" {
15 |         command = "sleep 10"
16 |     }
17 | }
18 | 
19 | resource "aws_lambda_function" "foo" {
20 |     depends_on = ["null_resource.zip_payload",
21 |                   "aws_iam_role_policy.lambda",
22 |                   "null_resource.sleep"] # UnauthorizedOperation. EC2 Error Message: You are not authorized to perform this operation
23 | 
24 | 	function_name = "${var.stack_name}_${var.function_name}"
25 | 	filename = "${path.cwd}/.terraform/${var.stack_name}/${var.function_name}/lambda-payload.zip"
26 |     role = "${var.iam_role_arn}"
27 |     runtime = "${var.runtime}"
28 |     handler = "${var.lambda_handler}"
29 |     memory_size = "${var.memory_size}"
30 |     timeout = "${var.timeout}"
31 |     vpc_config {
32 |     	subnet_ids = ["${split(",", var.subnet_ids)}"]
33 |     	security_group_ids = ["${split(",", var.security_group_ids)}"]
34 |     }
35 | }
36 | 
37 | resource "aws_iam_role_policy" "lambda" {
38 |     name = "${var.stack_name}_${var.function_name}-policy"
39 |     role = "${var.iam_role_id}"
40 |     policy = "${var.lambda_exec_policy}"
41 | }
42 | 
43 | resource "template_file" "swagger" {
44 |     template = "${file( coalesce("${var.custom_swagger_template}", "${path.module}/default-swagger.yaml") )}"
45 | 
46 |     vars {
47 |         stage_name = "${var.stage_name}"
48 |         http_method = "${var.http_method}"
49 |         aws_region = "${var.aws_region}"
50 |         lambda_path = "${var.lambda_path}"
51 |         lambda_function_full_arn = "arn:aws:apigateway:${var.aws_region}:lambda:path/2015-03-31/functions/${aws_lambda_function.foo.arn}/invocations"
52 |         stack_name = "${var.stack_name}"
53 |     }
54 | 
55 |     provisioner "local-exec" {
56 |         command = <<EOM
57 | mkdir -p ${path.cwd}/.terraform/${var.stack_name} | true
58 | cat > ${path.cwd}/.terraform/${var.stack_name}/swagger-${var.function_name}.yaml <<EOF
59 | ${self.rendered}
60 | EOF
61 | ${path.module}/import-swagger.py ${var.rest_api_id} ${path.cwd}/.terraform/${var.stack_name}/swagger-${var.function_name}.yaml
62 | EOM
63 |     }
64 | }
65 | 
66 | 


--------------------------------------------------------------------------------
/output.tf:
--------------------------------------------------------------------------------
1 | output "lambda_function_arn" {
2 |     value = "${aws_lambda_function.foo.arn}"
3 | }
4 | 
5 | output "lambda_function_full_arn" {
6 | 	value = "arn:aws:apigateway:${var.aws_region}:lambda:path/2015-03-31/functions/${aws_lambda_function.foo.arn}/invocations"
7 | }
8 | 


--------------------------------------------------------------------------------
/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "stack_name" {}
 2 | 
 3 | variable "function_name" {}
 4 | 
 5 | variable "source_files" {
 6 | 	default = "./*.js"
 7 | }
 8 | 
 9 | variable "runtime" {
10 | 	default = "nodejs4.3"
11 | }
12 | 
13 | variable "timeout" {
14 | 	default = "300"
15 | }
16 | 
17 | variable "memory_size" {
18 | 	default = "256"
19 | }
20 | 
21 | variable "lambda_handler" {
22 | 	default = "lambda.handler"
23 | }
24 | 
25 | variable "subnet_ids" {
26 | 	default = ""
27 | }
28 | 
29 | variable "security_group_ids" {
30 | 	default = ""
31 | }
32 | 
33 | variable "iam_role_arn" {}
34 | 
35 | variable "iam_role_id" {}
36 | 
37 | variable "aws_region" {
38 | 	default = "eu-west-1"
39 | }
40 | 
41 | variable "lambda_exec_policy" {
42 | 	default = <<EOF
43 | {
44 |     "Version": "2012-10-17",
45 |     "Statement": [
46 |         {
47 |             "Effect": "Allow",
48 |             "Action": [
49 |                 "logs:CreateLogGroup",
50 |                 "logs:CreateLogStream",
51 |                 "logs:PutLogEvents"
52 |             ],
53 |             "Resource": [ "arn:aws:logs:*:*:*" ]
54 |         },
55 |         {
56 |             "Effect": "Allow",
57 |             "Resource": "*",
58 |             "Action": [
59 |                 "ec2:DescribeInstances",
60 |                 "ec2:CreateNetworkInterface",
61 |                 "ec2:AttachNetworkInterface",
62 |                 "ec2:DescribeNetworkInterfaces",
63 |                 "autoscaling:CompleteLifecycleAction",
64 |                 "lambda:InvokeFunction"
65 |             ]
66 |         },
67 |         {
68 |             "Effect": "Allow",
69 |             "Action": [
70 |                 "s3:PutObject",
71 |                 "s3:GetObject",
72 |                 "s3:PutObject",
73 |                 "s3:DeleteObject",
74 |                 "s3:ListBucket"
75 |             ],
76 |             "Resource": [ "arn:aws:s3:::*" ]
77 |         }
78 |     ]
79 | }
80 | EOF
81 | }
82 | 
83 | variable "rest_api_id" {}
84 | 
85 | variable "http_method" {
86 | 	default = "GET"
87 | }
88 | 
89 | variable "stage_name"  {
90 | 	default = ""
91 | }
92 | 
93 | variable "custom_swagger_template" {
94 |     default = ""
95 | }
96 | 
97 | variable "lambda_path" {}


--------------------------------------------------------------------------------