Invoking an AWS Lambda Function with Terraform
Introduction
AWS Lambda is a serverless compute service that allows you to run code without provisioning or managing servers. Terraform, on the other hand, is an infrastructure-as-code (IaC) tool that enables you to define and provision cloud resources in a declarative manner. In this article, we’ll explore how to create an AWS Lambda function using Terraform and set up automatic invocations whenever a terraform apply command is executed.
Prerequisites
Before we begin, ensure that you have the following prerequisites:
An AWS account with appropriate permissions to create Lambda functions and IAM roles.
Terraform installed on your local machine.
Terraform Code
Below is an example of Terraform code that achieves our goal. We’ll create an AWS Lambda function, an IAM role for the function, and configure a CloudWatch Events rule to trigger the Lambda function on every terraform apply.
region = “us-west-2” # Replace with your desired AWS region
}
# Create an AWS Lambda function
resource “aws_lambda_function” “my_lambda_function” {
function_name = “my-lambda-function”
role = aws_iam_role.my_lambda_role.arn
handler = “index.handler”
runtime = “python3.8”
filename = “lambda_function.zip” # Replace with the actual path to your Lambda code ZIP file
}
# Create an IAM role for the Lambda function
resource “aws_iam_role” “my_lambda_role” {
name = “my-lambda-role”
assume_role_policy = jsonencode({
Version = “2012-10-17”,
Statement = [
{
Action = “sts:AssumeRole”,
Effect = “Allow”,
Principal = {
Service = “lambda.amazonaws.com”
}
}
]
})
}
# Attach a policy to the Lambda role (e.g., permissions to log to CloudWatch)
resource “aws_iam_policy_attachment” “my_lambda_policy_attachment” {
policy_arn = “arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole” # Replace with your desired policy ARN
roles = [aws_iam_role.my_lambda_role.name]
}
# Create a CloudWatch Events rule to trigger the Lambda function on every `terraform apply`
resource “aws_cloudwatch_event_rule” “my_lambda_trigger” {
name = “my-lambda-trigger”
description = “Trigger Lambda on Terraform apply”
event_pattern = jsonencode({
source = [“aws.terraform”],
detail_type = [“Terraform Apply”]
})
}
# Create a CloudWatch Events target to invoke the Lambda function
resource “aws_cloudwatch_event_target” “my_lambda_target” {
rule = aws_cloudwatch_event_rule.my_lambda_trigger.name
arn = aws_lambda_function.my_lambda_function.arn
target_id = “my-lambda-target”
}
Conclusion
By following the steps above, you can create an AWS Lambda function using Terraform and ensure that it is automatically invoked whenever you apply changes to your infrastructure. Remember to replace the placeholders with your actual values, and happy coding!
