in squid_app/squid_lambda_construct.py [0:0]
def __init__(self, scope: core.Construct, id: str) -> None:
super().__init__(scope, id)
# Create IAM role for Lambda
lambda_iam_role = iam.Role(self,"lambda-role",
assumed_by=iam.ServicePrincipal("lambda.amazonaws.com"),
managed_policies=[iam.ManagedPolicy.from_aws_managed_policy_name("service-role/AWSLambdaBasicExecutionRole")]
)
# Add policies to allow Lambda that allow it to update route tables of the VPC to point to a healthy Squid instance ENI
lambda_iam_role.add_to_policy(statement= iam.PolicyStatement(effect=iam.Effect.ALLOW,
actions=['ec2:ModifyInstanceAttribute',
'autoscaling:Describe*',
'autoscaling:CompleteLifecycleAction',
'autoscaling:SetInstanceHealth',
'cloudwatch:Describe*',
'ec2:CreateRoute',
'ec2:CreateTags',
'ec2:ReplaceRoute',
'ec2:Describe*',
],
resources=['*']
)
)
# Create a Lambda function that is triggered when the Squid Alarm state changes
self.squid_alarm_lambda_function = _lambda.Function(self, "alarm-function",
runtime=_lambda.Runtime.PYTHON_3_8,
handler="lambda-handler.handler",
code=_lambda.Code.asset("./squid_app/squid_config_files/lambda"),
role=lambda_iam_role,
timeout=core.Duration.seconds(60)
)