Made changes to main.tf and readme

archiev4 · archiev4 · commit 144e018fb4b2 · 2026-03-14T11:15:14.000+05:30
diff --git a/lambda-durable-function-chaining-terraform/README.md b/lambda-durable-function-chaining-terraform/README.md
@@ -1,6 +1,6 @@
 # Function chaining with AWS Lambda durable functions in Terraform
 
-This Terraform pattern demonstrates function chaining using AWS Lambda durable functions. A durable orchestrator invokes three Lambda functions in sequence (add, transform and finalize). The output of each step is passed as the input to the next. The framework automatically checkpoints after every step, so if the orchestrator fails mid-workflow, it replays from the beginning and skips already-completed work. This ensures exactly-once execution without re-processing.
+This Terraform pattern demonstrates function chaining using AWS Lambda durable functions. A durable orchestrator invokes three Lambda functions in sequence (add, transform and finalize). The output of each step is passed as the input to the next. The durable functions framework automatically checkpoints after every step, so if the orchestrator fails mid-workflow, it replays from the beginning and skips already-completed work. This ensures exactly-once execution without re-processing.
 
 Learn more about this pattern at Serverless Land Patterns: https://serverlessland.com/patterns/lambda-durable-function-chaining-terraform
 
@@ -11,7 +11,7 @@ Important: this application uses various AWS services and there are costs associ
 * [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources.
 * [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured
 * [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
-* [Terraform](https://learn.hashicorp.cxom/tutorials/terraform/install-cli?in=terraform/aws-get-started) installed
+* [Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli?in=terraform/aws-get-started) installed
 
 ## Deployment Instructions
 
@@ -46,7 +46,7 @@ Important: this application uses various AWS services and there are costs associ
 
 This pattern uses a durable orchestrator to chain three Lambda functions in sequence. Each function receives the output of the previous step as its input, forming a pipeline: **Add → Transform → Finalize**.
 
-At each `context.invoke()` call, the durable framework creates a checkpoint. If the orchestrator fails at any point, it automatically replays from the beginning but skips already-completed steps using stored results, ensuring no work is repeated. Workflows resume from the last successful checkpoint, recovering automatically without manual intervention.
+At each `context.invoke()` call, the durable function creates a checkpoint. If the orchestrator fails at any point, it automatically replays from the beginning but skips already-completed steps using stored results, ensuring no work is repeated. Workflows resume from the last successful checkpoint, recovering automatically without manual intervention.
 
 Consider the following input,
 
diff --git a/lambda-durable-function-chaining-terraform/main.tf b/lambda-durable-function-chaining-terraform/main.tf
@@ -10,6 +10,10 @@ terraform {
       source  = "hashicorp/aws"
       version = "~> 6.32.1"
     }
+    archive = {
+      source  = "hashicorp/archive"
+      version = "~> 2.7"
+    }
   }
 }
 
@@ -52,11 +56,11 @@ variable "log_retention_days" {
 }
 
 ############################################################
-# IAM Role for All Lambda Functions
+# IAM Role – Worker Lambda Functions (non-durable)
 ############################################################
 
-resource "aws_iam_role" "lambda_role" {
-  name = "${var.prefix}-durable-orchestrator-role"
+resource "aws_iam_role" "worker_role" {
+  name = "${var.prefix}-worker-role"
 
   force_detach_policies = true
 
@@ -70,13 +74,32 @@ resource "aws_iam_role" "lambda_role" {
   })
 }
 
-resource "aws_iam_role_policy_attachment" "basic_execution" {
-  role       = aws_iam_role.lambda_role.name
+resource "aws_iam_role_policy_attachment" "worker_basic_execution" {
+  role       = aws_iam_role.worker_role.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
 }
 
+############################################################
+# IAM Role – Durable Orchestrator Lambda Function
+############################################################
+
+resource "aws_iam_role" "orchestrator_role" {
+  name = "${var.prefix}-durable-orchestrator-role"
+
+  force_detach_policies = true
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Effect    = "Allow"
+      Action    = "sts:AssumeRole"
+      Principal = { Service = "lambda.amazonaws.com" }
+    }]
+  })
+}
+
 resource "aws_iam_role_policy_attachment" "durable_execution" {
-  role       = aws_iam_role.lambda_role.name
+  role       = aws_iam_role.orchestrator_role.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicDurableExecutionRolePolicy"
 }
 
@@ -108,32 +131,6 @@ resource "aws_cloudwatch_log_group" "orchestrator" {
   skip_destroy      = false
 }
 
-############################################################
-# Scoped CloudWatch Logs Write Policy
-############################################################
-
-resource "aws_iam_role_policy" "lambda_logging" {
-  name = "${var.prefix}-lambda-cloudwatch-logging"
-  role = aws_iam_role.lambda_role.id
-
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [{
-      Effect = "Allow"
-      Action = [
-        "logs:CreateLogStream",
-        "logs:PutLogEvents"
-      ]
-      Resource = [
-        "${aws_cloudwatch_log_group.step1.arn}:*",
-        "${aws_cloudwatch_log_group.step2.arn}:*",
-        "${aws_cloudwatch_log_group.step3.arn}:*",
-        "${aws_cloudwatch_log_group.orchestrator.arn}:*"
-      ]
-    }]
-  })
-}
-
 ############################################################
 # Worker Lambda Functions
 ############################################################
@@ -145,16 +142,15 @@ resource "aws_lambda_function" "step1" {
   runtime       = "python3.14"
   memory_size   = 512
   timeout       = 30
-  role          = aws_iam_role.lambda_role.arn
+  role          = aws_iam_role.worker_role.arn
 
   logging_config {
     log_group  = aws_cloudwatch_log_group.step1.name
     log_format = "Text"
   }
 
   depends_on = [
-    aws_cloudwatch_log_group.step1,
-    aws_iam_role_policy.lambda_logging
+    aws_cloudwatch_log_group.step1
   ]
 }
 
@@ -165,16 +161,15 @@ resource "aws_lambda_function" "step2" {
   runtime       = "python3.14"
   memory_size   = 512
   timeout       = 30
-  role          = aws_iam_role.lambda_role.arn
+  role          = aws_iam_role.worker_role.arn
 
   logging_config {
     log_group  = aws_cloudwatch_log_group.step2.name
     log_format = "Text"
   }
 
   depends_on = [
-    aws_cloudwatch_log_group.step2,
-    aws_iam_role_policy.lambda_logging
+    aws_cloudwatch_log_group.step2
   ]
 }
 
@@ -185,16 +180,15 @@ resource "aws_lambda_function" "step3" {
   runtime       = "python3.14"
   memory_size   = 512
   timeout       = 30
-  role          = aws_iam_role.lambda_role.arn
+  role          = aws_iam_role.worker_role.arn
 
   logging_config {
     log_group  = aws_cloudwatch_log_group.step3.name
     log_format = "Text"
   }
 
   depends_on = [
-    aws_cloudwatch_log_group.step3,
-    aws_iam_role_policy.lambda_logging
+    aws_cloudwatch_log_group.step3
   ]
 }
 
@@ -204,7 +198,7 @@ resource "aws_lambda_function" "step3" {
 
 resource "aws_iam_role_policy" "invoke_workers" {
   name = "${var.prefix}-invoke-worker-functions"
-  role = aws_iam_role.lambda_role.id
+  role = aws_iam_role.orchestrator_role.id
 
   policy = jsonencode({
     Version = "2012-10-17"
@@ -223,19 +217,102 @@ resource "aws_iam_role_policy" "invoke_workers" {
   })
 }
 
+############################################################
+# Inline Orchestrator Source Code
+#
+# The durable execution SDK (@durable_execution decorator and
+# DurableContext) is built into the python3.14 runtime when
+# durable_config is set — no extra layer is needed.
+############################################################
+
+data "archive_file" "orchestrator" {
+  type        = "zip"
+  output_path = "${path.module}/orchestrator.zip"
+
+  source {
+    filename = "orchestrator.py"
+    content  = <<-PYTHON
+      import json
+      import os
+      import logging
+      import boto3
+      from aws_durable_execution_sdk_python import DurableContext, durable_execution
+
+      logger = logging.getLogger()
+      logger.setLevel(logging.INFO)
+
+      lambda_client = boto3.client('lambda')
+
+
+      def call_lambda(function_arn, payload):
+          """Invoke a regular Lambda function and return parsed response."""
+          response = lambda_client.invoke(
+              FunctionName=function_arn,
+              InvocationType='RequestResponse',
+              Payload=json.dumps(payload)
+          )
+
+          if 'FunctionError' in response:
+              error_payload = json.loads(response['Payload'].read())
+              raise RuntimeError(f"Function {function_arn} failed: {error_payload}")
+
+          return json.loads(response['Payload'].read())
+
+
+      @durable_execution
+      def lambda_handler(event, context: DurableContext):
+          step1_arn = os.environ['STEP1_FUNCTION_ARN']
+          step2_arn = os.environ['STEP2_FUNCTION_ARN']
+          step3_arn = os.environ['STEP3_FUNCTION_ARN']
+
+          logger.info("Orchestrator invoked with event: %s", json.dumps(event, default=str))
+
+          # Step 1 — lambda receives the arg context.step() passes; ignored here
+          result1 = context.step(
+              lambda _: call_lambda(step1_arn, event),
+              name='step1-add'
+          )
+          logger.info("STEP1 result: %s", json.dumps(result1, default=str))
+
+          # Step 2
+          result2 = context.step(
+              lambda _: call_lambda(step2_arn, result1),
+              name='step2-transform'
+          )
+          logger.info("STEP2 result: %s", json.dumps(result2, default=str))
+
+          # Step 3
+          result3 = context.step(
+              lambda _: call_lambda(step3_arn, result2),
+              name='step3-finalize'
+          )
+          logger.info("STEP3 result: %s", json.dumps(result3, default=str))
+
+          response = {
+              'workflow': 'completed',
+              'input': event,
+              'output': result3
+          }
+          logger.info("Final response: %s", json.dumps(response, default=str))
+          return response
+    PYTHON
+  }
+}
+
 ############################################################
 # Durable Orchestrator Function
 ############################################################
 
 resource "aws_lambda_function" "orchestrator" {
-  function_name = "${var.prefix}-durable-orchestrator"
-  filename      = "orchestrator.zip"
-  handler       = "orchestrator.lambda_handler"
-  runtime       = "python3.14"
-  memory_size   = 512
-  timeout       = 90
-  role          = aws_iam_role.lambda_role.arn
-  publish       = true
+  function_name    = "${var.prefix}-durable-orchestrator"
+  filename         = data.archive_file.orchestrator.output_path
+  source_code_hash = data.archive_file.orchestrator.output_base64sha256
+  handler          = "orchestrator.lambda_handler"
+  runtime          = "python3.14"
+  memory_size      = 512
+  timeout          = 90
+  role             = aws_iam_role.orchestrator_role.arn
+  publish          = true
 
   durable_config {
     execution_timeout = 90
@@ -266,8 +343,7 @@ resource "aws_lambda_function" "orchestrator" {
   }
 
   depends_on = [
-    aws_cloudwatch_log_group.orchestrator,
-    aws_iam_role_policy.lambda_logging
+    aws_cloudwatch_log_group.orchestrator
   ]
 }
 
diff --git a/lambda-durable-function-chaining-terraform/orchestrator.zip b/lambda-durable-function-chaining-terraform/orchestrator.zip
