Lambda

data "aws_iam_policy_document" "lambda_assume_role" { statement { effect = "Allow" principals { type = "Service" identifiers = ["lambda.amazonaws.com"] } actions = ["sts:AssumeRole"] } } data "aws_iam_policy_document" "lambda_policy" { statement { effect = "Allow" actions = [ "ec2:*", "config:PutEvaluations", "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents" ] resources = ["*"] } statement { effect = "Allow" actions = [ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents" ] resources = ["arn:aws:logs:*:*:*"] } } resource "aws_iam_role" "lambda" { name = "Lambda-role" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json } resource "aws_iam_role_policy" "lambda_policy" { name = "LambdaPolicy" role = aws_iam_role.lambda.id policy = data.aws_iam_policy_document.lambda_policy.json } data "archive_file" "lambda" { type = "zip" source_file = "./src/lambda_function.py" output_path = "lambda_function_payload.zip" } resource "aws_lambda_function" "lambda" { filename = "lambda_function_payload.zip" function_name = "wsi-sg-function" role = aws_iam_role.lambda.arn handler = "lambda_function.lambda_handler" timeout = "5" source_code_hash = data.archive_file.lambda.output_base64sha256 runtime = "python3.12" } resource "aws_lambda_permission" "permission" { action = "lambda:InvokeFunction" function_name = aws_lambda_function.lambda.arn principal = "config.amazonaws.com" statement_id = "AllowExecutionFromConfig" }