Implement api->sqs->lambda

Co-authored-by: Ezequiel Bellver <ebellver@itba.edu.ar>
2022-10-26 13:14:09 -03:00 · 2022-10-26 13:14:09 -03:00 · e8d72f88b2
parent 21b2b019a1
commit e8d72f88b2
11 changed files with 132 additions and 40 deletions
--- a/terraform/modules/apigw/main.tf
+++ b/terraform/modules/apigw/main.tf
@ -17,7 +17,7 @@ resource "aws_api_gateway_resource" "this" {
 resource "aws_api_gateway_method" "this" {
  rest_api_id   = aws_api_gateway_rest_api.this.id
  resource_id   = aws_api_gateway_resource.this.id
-  http_method   = "GET"
+  http_method   = "POST"
  authorization = "NONE"
 }
@ -26,9 +26,32 @@ resource "aws_api_gateway_integration" "this" {
  resource_id             = aws_api_gateway_resource.this.id
  http_method             = aws_api_gateway_method.this.http_method
  integration_http_method = "POST"
-  type                    = "AWS_PROXY"
+  type = "AWS"
-  # uri                     = var.lambda_function_arn
+  credentials = var.role_arn
-  uri                     = var.sqs_arn
+  uri         = var.sqs_arn
  request_parameters = {
    "integration.request.header.Content-Type" = "'application/x-www-form-urlencoded'"
  }
  request_templates = {
    "application/json" = <<EOF
 Action=SendMessage&MessageBody={
  "method": "$context.httpMethod",
  "body-json" : $input.json('$'),
  "queryParams": {
    #foreach($param in $input.params().querystring.keySet())
    "$param": "$util.escapeJavaScript($input.params().querystring.get($param))" #if($foreach.hasNext),#end
  #end
  },
  "pathParams": {
    #foreach($param in $input.params().path.keySet())
    "$param": "$util.escapeJavaScript($input.params().path.get($param))" #if($foreach.hasNext),#end
    #end
  }
 }
 EOF
  }
 }
 resource "aws_api_gateway_deployment" "this" {
@ -53,10 +76,17 @@ resource "aws_api_gateway_stage" "this" {
  stage_name    = "production"
 }
-resource "aws_lambda_permission" "this" {
+resource "aws_api_gateway_method_response" "http200" {
-  statement_id  = "AllowExecutionFromAPIGateway"
+  rest_api_id = aws_api_gateway_rest_api.this.id
-  action        = "lambda:InvokeFunction"
+  resource_id = aws_api_gateway_resource.this.id
-  function_name = var.lambda_function_name
+  http_method = aws_api_gateway_method.this.http_method
-  principal     = "apigateway.amazonaws.com"
+  status_code = 200
-  source_arn    = "${var.lambda_source_arn}:${aws_api_gateway_rest_api.this.id}/*/${aws_api_gateway_method.this.http_method}${aws_api_gateway_resource.this.path}"
+}
 resource "aws_api_gateway_integration_response" "http200" {
  rest_api_id       = aws_api_gateway_rest_api.this.id
  resource_id       = aws_api_gateway_resource.this.id
  http_method       = aws_api_gateway_method.this.http_method
  status_code       = aws_api_gateway_method_response.http200.status_code
  selection_pattern = "^2[0-9][0-9]"
 }
--- a/terraform/modules/apigw/variables.tf
+++ b/terraform/modules/apigw/variables.tf
@ -20,6 +20,14 @@ variable "tags" {
  default     = {}
 }
 variable "sqs_arn" {
  type = string
 }
 variable "role_arn" {
  type = string
 }
 variable "lambda_function_arn" {
  description = "The ARN of the Lambda function."
  type        = string
--- a/terraform/modules/lambda/main.tf
+++ b/terraform/modules/lambda/main.tf
@ -9,6 +9,7 @@ resource "aws_lambda_function" "this" {
  handler       = var.handler
  runtime       = var.runtime
  tags          = var.tags
  timeout       = 30
  dynamic "vpc_config" {
    for_each = var.vpc_subnet_ids != null && var.vpc_security_group_ids != null ? [true] : []
--- a/terraform/modules/sqs/main.tf
+++ b/terraform/modules/sqs/main.tf
@ -2,7 +2,7 @@
 # Amazon Simple Queue Service
 # ------------------------------------------------------------------------------
-resource "aws_sqs_queue" "terraform_queue" {
+resource "aws_sqs_queue" "this" {
  name                        = var.name
  delay_seconds               = var.delay_seconds
  max_message_size            = var.max_message_size
@ -13,3 +13,18 @@ resource "aws_sqs_queue" "terraform_queue" {
  tags = var.tags
 }
 resource "aws_lambda_permission" "allows_sqs_to_trigger_lambda" {
  statement_id  = "AllowExecutionFromSQS"
  action        = "lambda:InvokeFunction"
  function_name = var.lambda_name
  principal     = "sqs.amazonaws.com"
  source_arn    = aws_sqs_queue.this.arn
 }
 resource "aws_lambda_event_source_mapping" "event_source_mapping" {
  batch_size       = 1
  event_source_arn =  aws_sqs_queue.this.arn
  enabled          = true
  function_name    =  var.lambda_name
 }
--- a/terraform/modules/sqs/outputs.tf
+++ b/terraform/modules/sqs/outputs.tf
@ -0,0 +1,8 @@
 # --------------------------------------------------------------------
 # Lambda outputs
 # --------------------------------------------------------------------
 output "sqs_arn" {
  description = "The ARN of SQS"
  value       = aws_sqs_queue.this.arn
 }
--- a/terraform/modules/sqs/variables.tf
+++ b/terraform/modules/sqs/variables.tf
@ -48,4 +48,10 @@ variable "tags" {
  description = "A mapping of tags to assign to all resources"
  type        = map(string)
  default     = {}
 }
 variable "lambda_name" {
  description = "."
  type        = string
  default     = null
 }
--- a/terraform/organization/apigw.tf
+++ b/terraform/organization/apigw.tf
@ -11,9 +11,12 @@ module "apigw" {
  name                 = "AWSAPIGateway-g3"
  description          = "..."
-  # lambda_function_arn  = module.lambda["lambda"].lambda_function_arn
+  lambda_function_arn  = module.lambda["lambda"].lambda_function_arn
-  # lambda_function_name = module.lambda["lambda"].lambda_function_name
+  lambda_function_name = module.lambda["lambda"].lambda_function_name
-  # lambda_source_arn    = "arn:aws:execute-api:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}"
+  lambda_source_arn    = "arn:aws:execute-api:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}"
  role_arn             = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole"
  # sqs_arn              = "arn:aws:sqs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:AWS-SQS-g3"
  sqs_arn                = "arn:aws:apigateway:${data.aws_region.current.name}:sqs:path/AWS-SQS-g3"
  tags = {
    name = "Api Gateway"
--- a/terraform/organization/lambda.tf
+++ b/terraform/organization/lambda.tf
@ -16,7 +16,6 @@ module "lambda" {
  package       = each.value.package
  iam_role      = each.value.role
  # vpc_subnet_ids         = module.vpc.private_subnets
  vpc_subnet_ids         = module.vpc.public_subnets
  vpc_security_group_ids = [module.vpc.default_security_group_id]
 }
--- a/terraform/organization/sqs.tf
+++ b/terraform/organization/sqs.tf
@ -6,6 +6,7 @@ module "sqs" {
  }
  name = "AWS-SQS-g3"
  lambda_name = "AWSLambdaHandler-${replace(local.bucket_name, "-", "")}"
  tags = {
    name = "SQS"
--- a/terraform/organization/vpc.tf
+++ b/terraform/organization/vpc.tf
@ -49,7 +49,27 @@ module "vpc_endpoints" {
      service         = "dynamodb"
      service_type    = "Gateway"
      route_table_ids = flatten([module.vpc.intra_route_table_ids, module.vpc.private_route_table_ids, module.vpc.public_route_table_ids])
-      policy          = data.aws_iam_policy_document.dynamodb_endpoint_policy.json
+      policy          = data.aws_iam_policy_document.dynamodb_endpoint_policy.json # TODO: usar policy de abajo: (ahora lo estamos cargando a mano)
 #       {
 #     "Version": "2012-10-17",
 #     "Statement": [
 #         {
 #             "Principal": "*",
 #             "Effect": "Allow",
 #             "Action": [
 #                 "dynamodb:BatchGetItem",
 #                 "dynamodb:GetItem",
 #                 "dynamodb:Scan",
 #                 "dynamodb:Query",
 #                 "dynamodb:BatchWriteItem",
 #                 "dynamodb:PutItem",
 #                 "dynamodb:UpdateItem",
 #                 "dynamodb:DeleteItem"
 #             ],
 #             "Resource": "arn:aws:dynamodb:us-east-1:025685231147:table/AWSDynamoDB-g3"
 #         }
 #     ]
 # }
      tags            = { Name = "dynamodb-vpc-endpoint" }
    },
    lambda = {
@ -66,12 +86,6 @@ module "vpc_endpoints" {
  }
 }
 # module "vpc_endpoints_nocreate" {
 #   source = "terraform-aws-modules/vpc/aws//modules/vpc"
 #   create = false
 # }
 ################################################################################
 # Supporting Resources
 ################################################################################
--- a/terraform/resources/lambda/lambda_handler.py
+++ b/terraform/resources/lambda/lambda_handler.py
@ -1,28 +1,35 @@
 import boto3
 import json
 import boto3
-
+def main (event, context):
-def main(event, context):
+	payload = event
-    client = boto3.client('dynamodb')
+	payload = payload["Records"][0]
-
+	body = payload["body"]
-    client.put_item(Item={
+	body = body.replace('\n', '')
 	print(body)
 	#body = json.dumps(body) 
 	body = json.loads(body)
 	query = body["body-json"]
 	print("payload-> " + str(query) )
 	client = boto3.resource('dynamodb', region_name="us-east-1")
 	table = client.Table("AWSDynamoDB-g3")
 	table.put_item(Item={
        "id": {
            "N": "1"
        },
        "stock": {
            "N": "2212"
        },
-    },
+    })
        TableName='AWSDynamoDB-g3')
-    print ("In lambda handler")
+	resp = {
 		"statusCode": 200,
 		"headers": {
 			"Access-Control-Allow-Origin": "*",
 		},
 		"body": "El lab ha sido finalizado correctamente"
 	}
-    resp = {
+	return resp
        "statusCode": 200,
        "headers": {
            "Access-Control-Allow-Origin": "*",
        },
        "body": "Se cargó el elemento correctamente"
    }
    return resp