a2252fa923
- Remove old Confluence variables - Add NEXT_PUBLIC_API_URL for API access 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
110 lines
3.0 KiB
HCL
110 lines
3.0 KiB
HCL
# IAM role for Lambda functions
|
|
resource "aws_iam_role" "lambda_role" {
|
|
name = "${var.app_name}-lambda-role"
|
|
|
|
assume_role_policy = jsonencode({
|
|
Version = "2012-10-17"
|
|
Statement = [
|
|
{
|
|
Action = "sts:AssumeRole"
|
|
Effect = "Allow"
|
|
Principal = {
|
|
Service = "lambda.amazonaws.com"
|
|
}
|
|
}
|
|
]
|
|
})
|
|
}
|
|
|
|
# IAM policy for Lambda to access DynamoDB
|
|
resource "aws_iam_role_policy" "lambda_dynamodb_policy" {
|
|
name = "${var.app_name}-lambda-dynamodb-policy"
|
|
role = aws_iam_role.lambda_role.id
|
|
|
|
policy = jsonencode({
|
|
Version = "2012-10-17"
|
|
Statement = [
|
|
{
|
|
Effect = "Allow"
|
|
Action = [
|
|
"dynamodb:GetItem",
|
|
"dynamodb:PutItem",
|
|
"dynamodb:UpdateItem",
|
|
"dynamodb:DeleteItem",
|
|
"dynamodb:Scan",
|
|
"dynamodb:Query"
|
|
]
|
|
Resource = [
|
|
aws_dynamodb_table.filaments.arn,
|
|
"${aws_dynamodb_table.filaments.arn}/index/*"
|
|
]
|
|
},
|
|
{
|
|
Effect = "Allow"
|
|
Action = [
|
|
"logs:CreateLogGroup",
|
|
"logs:CreateLogStream",
|
|
"logs:PutLogEvents"
|
|
]
|
|
Resource = "arn:aws:logs:*:*:*"
|
|
}
|
|
]
|
|
})
|
|
}
|
|
|
|
# Lambda function for filaments CRUD
|
|
resource "aws_lambda_function" "filaments_api" {
|
|
filename = data.archive_file.filaments_lambda_zip.output_path
|
|
function_name = "${var.app_name}-filaments-api"
|
|
role = aws_iam_role.lambda_role.arn
|
|
handler = "index.handler"
|
|
runtime = "nodejs18.x"
|
|
timeout = 30
|
|
memory_size = 256
|
|
source_code_hash = data.archive_file.filaments_lambda_zip.output_base64sha256
|
|
|
|
environment {
|
|
variables = {
|
|
TABLE_NAME = aws_dynamodb_table.filaments.name
|
|
CORS_ORIGIN = var.domain_name != "" ? "https://${var.domain_name}" : "*"
|
|
}
|
|
}
|
|
|
|
depends_on = [aws_iam_role_policy.lambda_dynamodb_policy]
|
|
}
|
|
|
|
# Lambda function for authentication
|
|
resource "aws_lambda_function" "auth_api" {
|
|
filename = data.archive_file.auth_lambda_zip.output_path
|
|
function_name = "${var.app_name}-auth-api"
|
|
role = aws_iam_role.lambda_role.arn
|
|
handler = "index.handler"
|
|
runtime = "nodejs18.x"
|
|
timeout = 10
|
|
memory_size = 128
|
|
source_code_hash = data.archive_file.auth_lambda_zip.output_base64sha256
|
|
|
|
environment {
|
|
variables = {
|
|
JWT_SECRET = var.jwt_secret
|
|
ADMIN_USERNAME = var.admin_username
|
|
ADMIN_PASSWORD_HASH = var.admin_password_hash
|
|
CORS_ORIGIN = var.domain_name != "" ? "https://${var.domain_name}" : "*"
|
|
}
|
|
}
|
|
|
|
depends_on = [aws_iam_role_policy.lambda_dynamodb_policy]
|
|
}
|
|
|
|
# Archive files for Lambda deployment
|
|
data "archive_file" "filaments_lambda_zip" {
|
|
type = "zip"
|
|
source_dir = "${path.module}/../lambda/filaments"
|
|
output_path = "${path.module}/../lambda/filaments.zip"
|
|
}
|
|
|
|
data "archive_file" "auth_lambda_zip" {
|
|
type = "zip"
|
|
source_dir = "${path.module}/../lambda/auth"
|
|
output_path = "${path.module}/../lambda/auth.zip"
|
|
} |