Add lambda & dynamodb; tied up all this

Author: root

access_lambda_s3_dynamodb.tf

@@ -0,0 +1,60 @@
+resource "aws_iam_role" "parser_lambda_role" {
+  name = "parser_lambda_role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Sid    = ""
+        Effect = "Allow"
+        Action = "sts:AssumeRole"
+        Principal = {
+          Service = "lambda.amazonaws.com"
+        }
+      }
+    ]
+  })
+}
+
+resource "aws_iam_policy" "parser_s3_dynamodb_policy" {
+  name        = "AccessParserGetS3PutDynamodb"
+  description = "A policy to allow get from S3 and put in DynamoDB"
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        "Effect" : "Allow",
+        "Action" : [
+          "s3:GetObject"
+        ],
+        "Resource" : "arn:aws:s3:::bucket-patients-result-docs-1/*"
+      },
+      {
+        "Effect" : "Allow",
+        "Action" : [
+          "dynamodb:PutItem"
+        ],
+        "Resource" : "arn:aws:dynamodb:us-east-1:867673051707:table/Prepared"
+      }
+
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "lambda_s3_dynamodb_attachment" {
+  policy_arn = aws_iam_policy.parser_s3_dynamodb_policy.arn
+  role       = aws_iam_role.parser_lambda_role.name
+}
+
+resource "aws_iam_policy_attachment" "lambda_logs_policy" {
+  name       = "lambda_logs_policy_attachment"
+  roles      = [aws_iam_role.parser_lambda_role.name]
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+}
+
+resource "aws_iam_instance_profile" "lambda_s3_dynamodb_instance_profile" {
+  name = "lambda_s3_dynamodb_instance_profile"
+  role = aws_iam_role.parser_lambda_role.name
+}
+

access_s3_lambda.tf

@@ -0,0 +1,8 @@
+resource "aws_lambda_permission" "allow_s3" {
+  statement_id  = "AllowS3Invoke"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.parser_lambda_function.function_name
+  principal     = "s3.amazonaws.com"
+  source_arn    = aws_s3_bucket.bucket_patient_result_docs.arn
+}
+

access_web_s3.tf

@@ -39,7 +39,7 @@ resource "aws_iam_policy" "web_ag_s3_policy" {
         "s3:GetObject"
         #"s3:*"
       ]
-      Resource = "${aws_s3_bucket.res_bucket.arn}/*"
+      Resource = "${aws_s3_bucket.bucket_patient_result_docs.arn}/*"
     }]
   })
 }

dynamodb.tf

@@ -0,0 +1,50 @@
+resource "aws_dynamodb_table" "prepared-dynamodb" {
+  name           = "Prepared"
+  billing_mode   = "PROVISIONED"
+  read_capacity  = 20
+  write_capacity = 20
+  hash_key       = "EMail"
+  range_key      = "PacientName"
+
+  attribute {
+    name = "EMail"
+    type = "S"
+  }
+
+  attribute {
+    name = "PacientName"
+    type = "S"
+  }
+
+  #  attribute {
+  #    name = "INR"
+  #    type = "S"
+  #  }
+
+
+  #  global_secondary_index {
+  #    name               = "PacientName-index"
+  #    hash_key           = "PacientName"
+  #    write_capacity     = 10
+  #    read_capacity      = 10
+  #    projection_type    = "KEYS_ONLY" # Corrected projection_type
+  #    non_key_attributes = []
+  #  }
+
+
+  #  global_secondary_index {
+  #    name               = "INR-index"
+  #    hash_key           = "INR"
+  #    write_capacity     = 10
+  #    read_capacity      = 10
+  #    projection_type    = "ALL"
+  #    non_key_attributes = []
+  #  }
+
+
+  tags = {
+    Name        = "pacients-db"
+    Environment = "Dev"
+  }
+}
+

lambda.tf

@@ -0,0 +1,45 @@
+#resource "aws_lambda_layer_version" "parser_lambda_layer" {
+#  layer_name          = "parser_lambda_layer"
+#  description         = "A layer for PDF processing with pdfplumber and cryptography"
+#  compatible_runtimes = ["python3.12"]
+#
+#  filename = "lambda_layer.zip"
+#
+#  source_code_hash = filebase64sha256("lambda_layer.zip")
+#}
+
+resource "aws_lambda_function" "parser_lambda_function" {
+  function_name = "parser_lambda_function"
+  handler       = "lambda_function.lambda_handler"
+  runtime       = "python3.12"
+  role          = aws_iam_role.parser_lambda_role.arn
+
+  #layers = [aws_lambda_layer_version.parser_lambda_layer.arn]
+  timeout = 30
+
+  filename = "lambda_parser.zip"
+}
+
+resource "aws_cloudwatch_log_group" "lambda_log_group" {
+  name              = "/aws/lambda/${aws_lambda_function.parser_lambda_function.function_name}"
+  retention_in_days = 1
+}
+
+resource "aws_lambda_permission" "allow_cloudwatch" {
+  statement_id  = "AllowExecutionFromCloudWatch"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.parser_lambda_function.function_name
+  principal     = "logs.amazonaws.com"
+  source_arn    = "${aws_cloudwatch_log_group.lambda_log_group.arn}:*"
+}
+
+
+resource "aws_s3_bucket_notification" "s3_notification" {
+  bucket = aws_s3_bucket.bucket_patient_result_docs.id
+
+  lambda_function {
+    lambda_function_arn = aws_lambda_function.parser_lambda_function.arn
+    events              = ["s3:ObjectCreated:*"]
+  }
+  depends_on = [aws_lambda_permission.allow_s3]
+}

lambda_parser.zip

@@ -13,3 +13,7 @@ output "web_alb" {
   description = "Web Application Load Balancer URL"
 
 }
+
+#output "layer_arn" {
+#  value = aws_lambda_layer_version.parser_lambda_layer.arn
+#}

outputs.tf

@@ -1,8 +1,8 @@
-resource "aws_s3_bucket" "res_bucket" {
+resource "aws_s3_bucket" "bucket_patient_result_docs" {
   bucket = var.bucket_name
 
   tags = {
-    Name        = "My bucket"
+    Name        = "Patients Result Docs Bucket"
     Environment = "Dev"
   }
 }

s3.tf

@@ -39,7 +39,7 @@ variable "azs" {
 variable "bucket_name" {
   description = "Bucket to store patients results"
   type        = string
-  default     = "bucket-results-doc-1"
+  default     = "bucket-patients-result-docs-1"
 }
 
 

variables.tf

@@ -19,7 +19,7 @@ from flask import *
 import boto3
 from botocore.exceptions import NoCredentialsError
 
-bucket_name = 'bucket-results-doc-1'
+bucket_name = 'bucket-patients-result-docs-1'
 path_to_htmls = '/var/www/web/templates'
 
 def upload_to_s3(file_name, bucket, object_name=None):