Runbook for Lamda with Github Actions

Architecture Diagram

Project Status : POC Ongoing

Steps to be followed :

1. Create a GitHub Repository: Create a new GitHub repository to host your Python script and deployment code.
2. Write Your Python Script: Write your Python script and add it to your GitHub repository. Make sure it’s properly structured as a Lambda function handler.
3. Set Up AWS Credentials: In your GitHub repository, go to the “Settings” tab. Click on “Secrets” from the left sidebar. Click on “New repository secret” and create two secrets: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. These secrets should contain your AWS IAM user’s access key and secret access key.
4. Create a GitHub Actions Workflow:

name: Terraform GitHub Actions

on:
   push:
    branches: [main]
jobs:
  Deploy_Resources:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout Code
        uses: actions/checkout@v2
      - name: AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-east-1
      
      - name: Terraform Install
        uses: hashicorp/setup-terraform@v1
      - name: Terraform fmt
        id: fmt
        run: | 
          terraform --version
          terraform fmt
        continue-on-error: true
        working-directory: ./
      - name: Terraform Init
        id: init
        run: terraform init
        working-directory: ./
      - name: Terraform Validate
        id: validate
        run: terraform validate -no-color  
        working-directory: ./
      - name: Terraform Plan
        id: plan
        run: terraform plan -no-color
        continue-on-error: true
        working-directory: ./
      - name: Terraform Apply
        id: Apply
        run: terraform apply -auto-approve
        continue-on-error: true
        working-directory: ./
      # - name: Terraform Destroy
      #   id: Destory
      #   run: terraform destroy -auto-approve
      #   continue-on-error: true
      #   working-directory: ./

Add Below terraform code to create Lambda, IAM Role and create zip of script to deploy application to lambda

• Lamda-iam.tf

provider "aws" {
  region = "us-east-1"
}

### Backend ###
# S3
###############

terraform {
  backend "s3" {
    bucket = ""
    key = ""
    region = ""
  }
}

####
resource "aws_iam_role_policy" "lambda-policy" {
  name         = "lambda_policy"
  role = "${aws_iam_role.lambda_role.id}"
  policy = "${file("iam/lambda-policy.json")}"
}

resource "aws_iam_role" "lambda_role" {
name   = "lambda_role"
assume_role_policy = "${file("iam/lambda-assume-policy.json")}"
}

• lambda.tf

locals {
  lambda_zip_location = "outputs/welcome.zip"
}

data "archive_file" "welcome" {
  type        = "zip"
  source_file = "welcome.py"
  output_path = "${local.lambda_zip_location}"
}

resource "aws_lambda_function" "terraform_lambda_func" {
  filename                       =  "${local.lambda_zip_location}"
  function_name                  =  "welcome"
  role                           =  "${aws_iam_role.lambda_role.arn}"
  handler                        =  "welcome.hello"
  
  source_code_hash               =   "${data.archive_file.welcome.output_base64sha256}"
  runtime                        =  "python3.8"
}

• Create a IAM folder and place below two iam policies into it. lambda-assume-policy.json

{
 "Version": "2012-10-17",
 "Statement": [
   {
     "Action": "sts:AssumeRole",
     "Principal": {
       "Service": "lambda.amazonaws.com"
     },
     "Effect": "Allow",
     "Sid": ""
   }
 ]
}

• lambda-policy.json

{
 "Version": "2012-10-17",
 "Statement": [
   {
     "Action": [
       "logs:CreateLogGroup",
       "logs:CreateLogStream",
       "logs:PutLogEvents"
     ],
     "Resource": "arn:aws:logs:*:*:*",
     "Effect": "Allow"
   }
 ]
}