Support for scheduled lambda runs through Cloudwatch Events rule

Rafael Felix Correa · Rafael Felix Correa · commit 441b8c42a3cd · 2019-01-31T17:39:56.000+01:00
diff --git a/README.md b/README.md
@@ -93,7 +93,15 @@ function name unique per region, for example by setting
 
 | Name | Description |
 |------|-------------|
+<<<<<<< HEAD
 | function\_arn | The ARN of the Lambda function |
 | function\_name | The name of the Lambda function |
 | role\_arn | The ARN of the IAM role created for the Lambda function |
 | role\_name | The name of the IAM role created for the Lambda function |
+=======
+| function_arn | The ARN of the Lambda function |
+| function_name | The name of the Lambda function |
+| role_arn | The ARN of the IAM role created for the Lambda function |
+| role_name | The name of the IAM role created for the Lambda function |
+| cloudwatch_rule_arn | The ARN of the Cloudwatch rule |
+>>>>>>> Support for scheduled lambda runs through Cloudwatch Events rule
diff --git a/cloudwatch.tf b/cloudwatch.tf
@@ -0,0 +1,13 @@
+resource "aws_cloudwatch_event_rule" "rule" {
+    count               = "${var.attach_cloudwatch_rule_config ? 1 : 0}"
+    name                = "${var.cloudwatch_rule_config["name"]}"
+    description         = "${var.cloudwatch_rule_config["description"]}"
+    schedule_expression = "${var.cloudwatch_rule_config["schedule_expression"]}"
+}
+
+resource "aws_cloudwatch_event_target" "target" {
+    count     = "${var.attach_cloudwatch_rule_config ? 1 : 0}"
+    target_id = "${element(concat(aws_lambda_function.lambda.*.function_name, aws_lambda_function.lambda_s3.*.function_name, aws_lambda_function.lambda_with_dl.*.function_name, aws_lambda_function.lambda_with_vpc.*.function_name, aws_lambda_function.lambda_with_dl_and_vpc.*.function_name), 0)}"
+    rule      = "${aws_cloudwatch_event_rule.rule.name}"
+    arn       = "${element(concat(aws_lambda_function.lambda.*.arn, aws_lambda_function.lambda_s3.*.arn, aws_lambda_function.lambda_with_dl.*.arn, aws_lambda_function.lambda_with_vpc.*.arn, aws_lambda_function.lambda_with_dl_and_vpc.*.arn), 0)}"
+}
diff --git a/lambda.tf b/lambda.tf
@@ -147,3 +147,12 @@ resource "aws_lambda_function" "lambda_with_dl_and_vpc" {
   depends_on                     = ["null_resource.archive"]
   environment                    = ["${slice( list(var.environment), 0, length(var.environment) == 0 ? 0 : 1 )}"]
 }
+
+resource "aws_lambda_permission" "cloudwatch_trigger" {
+    count         = "${var.attach_cloudwatch_rule_config ? 1 : 0}"
+    statement_id  = "AllowExecutionFromCloudWatch"
+    action        = "lambda:InvokeFunction"
+    function_name = "${element(concat(aws_lambda_function.lambda.*.function_name, aws_lambda_function.lambda_s3.*.arn, aws_lambda_function.lambda_with_dl.*.function_name, aws_lambda_function.lambda_with_vpc.*.function_name, aws_lambda_function.lambda_with_dl_and_vpc.*.function_name), 0)}"
+    principal     = "events.amazonaws.com"
+    source_arn    = "${aws_cloudwatch_event_rule.rule.arn}"
+}
diff --git a/outputs.tf b/outputs.tf
@@ -17,3 +17,8 @@ output "role_name" {
   description = "The name of the IAM role created for the Lambda function"
   value       = "${aws_iam_role.lambda.name}"
 }
+
+output "cloudwatch_rule_arn" {
+  description = "The ARN of the Cloudwatch rule"
+  value       = "${element(concat(aws_cloudwatch_event_rule.rule.*.arn), 0)}"
+}
diff --git a/tests/cloudwatch-event-trigger/lambda.py b/tests/cloudwatch-event-trigger/lambda.py
@@ -0,0 +1,2 @@
+def lambda_handler(event, context):
+    return 'test passed'
diff --git a/tests/cloudwatch-event-trigger/main.tf b/tests/cloudwatch-event-trigger/main.tf
@@ -0,0 +1,38 @@
+terraform {
+  backend "local" {
+    path = "terraform.tfstate"
+  }
+}
+
+provider "aws" {
+  region = "eu-west-1"
+}
+
+resource "random_id" "name" {
+  byte_length = 6
+  prefix      = "terraform-aws-lambda-scheduled-"
+}
+
+module "lambda" {
+  source = "../../"
+
+  function_name = "${random_id.name.hex}"
+  description   = "Test cloudwatch rule trigger in terraform-aws-lambda"
+  handler       = "lambda.lambda_handler"
+  runtime       = "python3.6"
+  timeout       = 30
+
+  source_path = "${path.module}/lambda.py"
+
+  attach_cloudwatch_rule_config = true
+
+  cloudwatch_rule_config {
+    name = "scheduled-run"
+    description = "Test scheduled lambda run"
+    schedule_expression = "cron(0 20 * * ? *)"
+  }
+}
+
+output "cloudwatchrule_arn" {
+  value = "${module.lambda.cloudwatch_rule_arn}"
+}
diff --git a/variables.tf b/variables.tf
@@ -73,6 +73,18 @@ variable "attach_vpc_config" {
   default     = false
 }
 
+variable "cloudwatch_rule_config" {
+  description = "Cloudwatch Rule for the Lambda function"
+  type        = "map"
+  default     = {}
+}
+
+variable "attach_cloudwatch_rule_config" {
+  description = "Set this to true if using the cloudwatch_rule_config variable"
+  type        = "string"
+  default     = false
+}
+
 variable "source_from_s3" {
   description = "Set this to true if fetching the Lambda source code from S3."
   type        = "string"

Original file line number	Diff line number	Diff line change
`@@ -17,3 +17,8 @@ output "role_name" {`
`17`	`17`	`description = "The name of the IAM role created for the Lambda function"`
`18`	`18`	`value = "${aws_iam_role.lambda.name}"`
`19`	`19`	`}`
	`20`	`+`
	`21`	`+output "cloudwatch_rule_arn" {`
	`22`	`+ description = "The ARN of the Cloudwatch rule"`
	`23`	`+ value = "${element(concat(aws_cloudwatch_event_rule.rule.*.arn), 0)}"`
	`24`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+def lambda_handler(event, context):`
	`2`	`+ return 'test passed'`