Initial setup

Author: marcoacierno

infrastructure/applications/cluster/iam.tf

@@ -15,6 +15,7 @@ resource "aws_iam_role_policy" "server" {
 }
 
 data "aws_iam_policy_document" "server_assume_role" {
+  # allow ecs
   statement {
     effect = "Allow"
 
@@ -25,6 +26,16 @@ data "aws_iam_policy_document" "server_assume_role" {
 
     actions = ["sts:AssumeRole"]
   }
+
+  # allow lambda
+  statement {
+    effect = "Allow"
+    principals {
+      type = "Service"
+      identifiers = ["lambda.amazonaws.com"]
+    }
+    actions = ["sts:AssumeRole"]
+  }
 }
 
 data "aws_iam_policy_document" "server_role_policy" {

infrastructure/applications/pycon_backend/media_lambda.tf

@@ -0,0 +1,23 @@
+resource "aws_lambda_function" "new_file_uploaded" {
+  function_name = "pythonit-${terraform.workspace}-new-file-uploaded"
+  package_type = "Image"
+  image_uri = "${data.aws_ecr_repository.be_repo.repository_url}@${data.aws_ecr_image.be_arm_image.image_digest}"
+  architectures = ["arm64"]
+  memory_size = 2048
+  timeout = 300
+  role = var.iam_role_arn
+
+  environment {
+    variables = {
+      for variable in local.env_vars:
+        variable.name => variable.value
+        if variable.name != "AWS_DEFAULT_REGION"
+    }
+  }
+}
+
+resource "aws_lambda_event_source_mapping" "new_file_uploaded" {
+  event_source_arn = aws_sqs_queue.new_file_uploaded.arn
+  function_name = aws_lambda_function.new_file_uploaded.function_name
+  enabled = true
+}

infrastructure/applications/pycon_backend/media_queue.tf

@@ -0,0 +1,26 @@
+resource "aws_sqs_queue" "new_file_uploaded" {
+  name = "pythonit-${terraform.workspace}-new-file-uploaded"
+  visibility_timeout_seconds = 300
+}
+
+resource "aws_sqs_queue_policy" "new_file_uploaded" {
+  queue_url = aws_sqs_queue.new_file_uploaded.id
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Principal = {
+          Service = "s3.amazonaws.com"
+        }
+        Action = "sqs:SendMessage"
+        Resource = aws_sqs_queue.new_file_uploaded.arn
+        Condition = {
+          ArnEquals = {
+            "aws:SourceArn" = aws_s3_bucket.backend_media.arn
+          }
+        }
+      }
+    ]
+  })
+}

…ructure/applications/pycon_backend/s3.tf …e/applications/pycon_backend/media_s3.tfinfrastructure/applications/pycon_backend/s3.tf renamed to infrastructure/applications/pycon_backend/media_s3.tf infrastructure/applications/pycon_backend/s3.tf renamed to infrastructure/applications/pycon_backend/media_s3.tf

@@ -13,3 +13,13 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "backend_media" {
     }
   }
 }
+
+resource "aws_s3_bucket_notification" "new_file_uploaded" {
+  bucket = aws_s3_bucket.backend_media.id
+
+  queue {
+    queue_arn = aws_sqs_queue.new_file_uploaded.arn
+    events = ["s3:ObjectCreated:*"]
+    filter_prefix = "files/"
+  }
+}