Architecture Diagram
Project Status : POC Ongoing
Steps to be followed :
Create a GitHub Repository: Create a new GitHub repository to host your Python script and deployment code.
Write Your Python Script: Write your Python script and add it to your GitHub repository. Make sure it’s properly structured as a Lambda function handler.
Set Up AWS Credentials: In your GitHub repository, go to the “Settings” tab. Click on “Secrets” from the left sidebar. Click on “New repository secret” and create two secrets: AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
. These secrets should contain your AWS IAM user’s access key and secret access key.
Create a GitHub Actions Workflow:
name: Terraform GitHub Actions
on:
push:
branches: [main]
jobs:
Deploy_Resources:
runs-on: ubuntu-20.04
steps:
- name: Checkout Code
uses: actions/checkout@v2
- name: AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Terraform Install
uses: hashicorp/setup-terraform@v1
- name: Terraform fmt
id: fmt
run: |
terraform --version
terraform fmt
continue-on-error: true
working-directory: ./
- name: Terraform Init
id: init
run: terraform init
working-directory: ./
- name: Terraform Validate
id: validate
run: terraform validate -no-color
working-directory: ./
- name: Terraform Plan
id: plan
run: terraform plan -no-color
continue-on-error: true
working-directory: ./
- name: Terraform Apply
id: Apply
run: terraform apply -auto-approve
continue-on-error: true
working-directory: ./
# - name: Terraform Destroy
# id: Destory
# run: terraform destroy -auto-approve
# continue-on-error: true
# working-directory: ./
Add Below terraform code to create Lambda, IAM Role and create zip of script to deploy application to lambda
provider "aws" {
region = "us-east-1"
}
### Backend ###
# S3
###############
terraform {
backend "s3" {
bucket = ""
key = ""
region = ""
}
}
####
resource "aws_iam_role_policy" "lambda-policy" {
name = "lambda_policy"
role = "${aws_iam_role.lambda_role.id}"
policy = "${file("iam/lambda-policy.json")}"
}
resource "aws_iam_role" "lambda_role" {
name = "lambda_role"
assume_role_policy = "${file("iam/lambda-assume-policy.json")}"
}
locals {
lambda_zip_location = "outputs/welcome.zip"
}
data "archive_file" "welcome" {
type = "zip"
source_file = "welcome.py"
output_path = "${local.lambda_zip_location}"
}
resource "aws_lambda_function" "terraform_lambda_func" {
filename = "${local.lambda_zip_location}"
function_name = "welcome"
role = "${aws_iam_role.lambda_role.arn}"
handler = "welcome.hello"
source_code_hash = "${data.archive_file.welcome.output_base64sha256}"
runtime = "python3.8"
}
Create a IAM folder and place below two iam policies into it. lambda-assume-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*",
"Effect": "Allow"
}
]
}