Lambda

data "aws_region" "cw_current" {} resource "aws_iam_role" "lambda" { name = "lambda-role" assume_role_policy = jsonencode({ Version = "2012-10-17" Statement = [ { Action = "sts:AssumeRole" Effect = "Allow" Sid = "" Principal = { Service = "lambda.amazonaws.com" } } ] }) managed_policy_arns = ["arn:aws:iam::aws:policy/AdministratorAccess"] } data "archive_file" "lambda" { type = "zip" source_file = "./src/lambda_function.py" output_path = "lambda_function_payload.zip" } resource "aws_lambda_function" "lambda" { function_name = "wsi-project-log-function" handler = "lambda_function.lambda_handler" filename = "lambda_function_payload.zip" role = aws_iam_role.lambda.arn timeout = "60" source_code_hash = data.archive_file.lambda.output_base64sha256 runtime = "python3.12" publish = true } resource "aws_lambda_permission" "logging" { action = "lambda:InvokeFunction" function_name = aws_lambda_function.lambda.function_name principal = "logs.${data.aws_region.cw_current.name}.amazonaws.com" source_arn = "${aws_cloudwatch_log_group.trail.arn}:*" depends_on = [aws_lambda_function.lambda] } resource "aws_cloudwatch_log_subscription_filter" "trail" { name = "trail-filter" destination_arn = aws_lambda_function.lambda.arn log_group_name = aws_cloudwatch_log_group.trail.name filter_pattern = "{ $.eventName = \"ConsoleLogin\" }" depends_on = [aws_lambda_permission.logging] }