├── .gitignore
├── LICENSE
├── README.md
├── package.json
├── src
    └── index.js
└── terraform
    └── main.tf


/.gitignore:
--------------------------------------------------------------------------------
1 | terraform/.terraform
2 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2017 Torgeir Thoresen
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # nodejs-aws-lambda-s3
 2 | 
 3 | Example repo showing how to use terraform to deploy a node.js aws lambda that handles file uploads from s3
 4 | 
 5 | ## deploy to aws using terraform
 6 | 
 7 | - zip up the lambda 
 8 | - create the lambda
 9 | - create an s3 bucket with read only permissions
10 | - create a lambda execution role, that the lambda takes when running
11 | - create a lambda policy for the role, that allows the lambda to create log streams and write logs to cloudwatch
12 | - create an s3 bucket trigger to call the lambda when new objects are created
13 | - create a permission to allow for s3 to trigger the lambda
14 | 
15 | ```sh
16 | npm run aws:deploy
17 | ```
18 | 
19 | ## destroy what terraform created
20 | 
21 | tear down all of the infrastructure that was created when deploying.
22 | 
23 | ```sh
24 | npm run aws:destroy
25 | ```
26 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "nodejs-aws-lambda-s3",
 3 |   "version": "1.0.0",
 4 |   "description": "nodejs on aws lambda with terraform, to handle uploads to s3. inspired by https://seanmcgary.com/posts/how-to-deploy-an-aws-lambda-with-terraform",
 5 |   "main": "index.js",
 6 |   "dependencies": {},
 7 |   "devDependencies": {},
 8 |   "scripts": {
 9 |     "zip": "zip -jr terraform/function.zip src/index.js",
10 |     "aws:destroy": "cd terraform && terraform destroy && rm function.zip",
11 |     "aws:deploy": "npm run zip && cd terraform && terraform apply"
12 |   },
13 |   "author": "@torgeir",
14 |   "license": "MIT"
15 | }
16 | 


--------------------------------------------------------------------------------
/src/index.js:
--------------------------------------------------------------------------------
 1 | exports.handler = function (event, context, callback) {
 2 |   console.log("Event: ", JSON.stringify(event, null, "\t"));
 3 |   console.log("Context: ", JSON.stringify(context, null, "\t"));
 4 | 
 5 |   const record = event.Records[0];
 6 |   if (!record) throw new Error("No record");
 7 | 
 8 |   const region = record.awsRegion;
 9 |   const bucket = record.s3.bucket.name;
10 |   const file = record.s3.object.key;
11 | 
12 |   console.log("https://s3-" + region + ".amazonaws.com/" + bucket + "/" + file);
13 | 
14 |   callback(null);
15 | };
16 | 


--------------------------------------------------------------------------------
/terraform/main.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   region  = "eu-west-1"
 3 |   profile = "privat"
 4 | }
 5 | 
 6 | # an s3 bucket
 7 | resource "aws_s3_bucket" "bucket" {
 8 |   bucket = "js-plattform-faggruppe-bucket"
 9 |   acl    = "private" 
10 |   policy = <<EOF
11 | {
12 |   "Version":"2012-10-17",
13 |   "Statement":[
14 |     {
15 |       "Sid":"js-plattform-faggruppe-bucket-read-only",
16 |       "Effect":"Allow",
17 |       "Principal": "*",
18 |       "Action":["s3:GetObject"],
19 |       "Resource":["arn:aws:s3:::js-plattform-faggruppe-bucket/*"]
20 |     }
21 |   ]
22 | }
23 | EOF
24 | }
25 | 
26 | # create a lambda
27 | resource "aws_lambda_function" "lambda" {
28 |   function_name    = "js_plattform_faggruppe"
29 |   handler          = "index.handler"
30 |   runtime          = "nodejs6.10"
31 |   filename         = "function.zip"
32 |   source_code_hash = "${base64sha256(file("function.zip"))}"
33 |   role             = "${aws_iam_role.lambda_exec_role.arn}"
34 | }
35 | 
36 | # role for the lambda to assume
37 | resource "aws_iam_role" "lambda_exec_role" {
38 |   name = "js_plattform_faggruppe_lambda_exec_role"
39 |   assume_role_policy = <<EOF
40 | {
41 |   "Version": "2012-10-17",
42 |   "Statement": [
43 |     {
44 |       "Action": "sts:AssumeRole",
45 |       "Principal": {
46 |         "Service": "lambda.amazonaws.com"
47 |       },
48 |       "Effect": "Allow",
49 |       "Sid": ""
50 |     }
51 |   ]
52 | }
53 | EOF
54 | }
55 | 
56 | # a policy for the role the lambda assumes, allowing logs
57 | # to be written to cloudwatch
58 | resource "aws_iam_role_policy" "lambda_exec_role_policy" {
59 |   name = "js_plattform_faggruppe_lambda_exec_role_policy"
60 |   role = "${aws_iam_role.lambda_exec_role.id}"
61 | 
62 |   policy = <<EOF
63 | {
64 |   "Version": "2012-10-17",
65 |   "Statement": [
66 |     {
67 |       "Action": ["logs:*"],
68 |       "Effect": "Allow",
69 |       "Resource": ["arn:aws:logs:*:*:*"]
70 |     }
71 |   ]
72 | }
73 | EOF
74 | }
75 | 
76 | # call the lambda on s3 bucket upload
77 | resource "aws_s3_bucket_notification" "bucket_notification" {
78 |   bucket = "${aws_s3_bucket.bucket.id}"
79 |   lambda_function {
80 |     lambda_function_arn = "${aws_lambda_function.lambda.arn}"
81 |     events              = ["s3:ObjectCreated:*"]
82 |   }
83 | }
84 | 
85 | # allow triggering the lambda from s3
86 | resource "aws_lambda_permission" "allow_bucket" {
87 |   statement_id  = "AllowExecutionFromS3Bucket"
88 |   action        = "lambda:InvokeFunction"
89 |   function_name = "${aws_lambda_function.lambda.arn}"
90 |   principal     = "s3.amazonaws.com"
91 |   source_arn    = "${aws_s3_bucket.bucket.arn}"
92 | }
93 | 
94 | 


--------------------------------------------------------------------------------