######### # Lambda ######### data "archive_file" "ecs-scaledown-file" { source_file = "${path.module}/ecs-scaledown-lambda/index.py" output_path = "ecs-scaledown-lambda.zip" type = "zip" } resource "aws_lambda_function" "ecs-asg" { function_name = "${var.project_name}-${var.stack_name}-ecs-asg" role = "${var.iam_role_lambda_ecs_asg_arn}" handler = "index.lambda_handler" runtime = "python2.7" timeout = 300 filename = "${data.archive_file.ecs-scaledown-file.output_path}" source_code_hash = "${data.archive_file.ecs-scaledown-file.output_base64sha256}" } resource "aws_lambda_permission" "allow_sns" { statement_id = "AllowExecutionFromSNS" action = "lambda:InvokeFunction" function_name = "${aws_lambda_function.ecs-asg.function_name}" principal = "sns.amazonaws.com" source_arn = "${var.sns_topic_asg_arn}" } resource "aws_sns_topic_subscription" "lambda-sns" { topic_arn = "${var.sns_topic_asg_arn}" protocol = "lambda" endpoint = "${aws_lambda_function.ecs-asg.arn}" } resource "aws_cloudwatch_log_group" "ecs-asg" { name = "/aws/lambda/${var.project_name}-${var.stack_name}-ecs-asg" retention_in_days = "${var.log_retention}" } data "archive_file" "ecs-unprotect-file" { source_file = "${path.module}/ecs-unprotect-lambda/index.py" output_path = "ecs-unprotect-lambda.zip" type = "zip" } resource "aws_lambda_function" "ecs-asg-unprotect" { function_name = "${var.project_name}-${var.stack_name}-ecs-unprotect-asg" role = "${var.iam_role_lambda_ecs_unprotect_asg_arn}" handler = "index.lambda_handler" runtime = "python2.7" timeout = 300 filename = "${data.archive_file.ecs-unprotect-file.output_path}" source_code_hash = "${data.archive_file.ecs-unprotect-file.output_base64sha256}" environment { variables = { ECS_CLUSTER_NAME = "${var.ecs_cluster_name}" ASG_GROUP_NAME = "${var.asg_name}" RETAIN_INSTANCES = "${var.asg_min_size}" } } } resource "aws_cloudwatch_event_rule" "unprotect-scheduler" { name = "${var.project_name}-${var.stack_name}-unprotect-scheduler" event_pattern = <<PATTERN { "source": [ "aws.ecs" ], "detail-type": [ "ECS Task State Change" ], "detail": { "clusterArn": [ "${var.ecs_cluster_id}" ] } } PATTERN } resource "aws_cloudwatch_event_target" "asg-unprotect" { rule = "${aws_cloudwatch_event_rule.unprotect-scheduler.name}" target_id = "LambdaEcsAsgUnprotect" arn = "${aws_lambda_function.ecs-asg-unprotect.arn}" } resource "aws_lambda_permission" "allow_cloudwatch_to_call_ecs-asg-unprotect" { statement_id = "AllowExecutionFromCloudWatch" action = "lambda:InvokeFunction" function_name = "${aws_lambda_function.ecs-asg-unprotect.function_name}" principal = "events.amazonaws.com" source_arn = "${aws_cloudwatch_event_rule.unprotect-scheduler.arn}" } resource "aws_cloudwatch_log_group" "ecs-asg-unprotect" { name = "/aws/lambda/${var.project_name}-${var.stack_name}-ecs-unprotect-asg" retention_in_days = "${var.log_retention}" }