From 3a13b60ca4a7423a6d3e36eb7900aa214ff4e67c Mon Sep 17 00:00:00 2001 From: Buckingham Date: Thu, 28 Nov 2024 09:46:53 +0000 Subject: [PATCH] Update_281124_3 --- terraform/environments/ppud/iam.tf | 23 +++++++++++++++++++ terraform/environments/ppud/lambda.tf | 18 ++++++++++++++- .../environments/ppud/platform_secrets.tf | 7 ++++++ terraform/environments/ppud/s3.tf | 3 ++- 4 files changed, 49 insertions(+), 2 deletions(-) diff --git a/terraform/environments/ppud/iam.tf b/terraform/environments/ppud/iam.tf index 5ab6eb99243..f4ae75dcb0b 100644 --- a/terraform/environments/ppud/iam.tf +++ b/terraform/environments/ppud/iam.tf @@ -1183,6 +1183,29 @@ resource "aws_iam_policy" "iam_policy_for_lambda_cloudwatch_get_metric_data_dev" "arn:aws:cloudwatch:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:*" ] }, + { + "Sid" : "S3BucketPolicy", + "Effect" : "Allow", + "Action" : [ + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject" + ], + "Resource" : [ + "arn:aws:s3:::moj-release-management", + "arn:aws:s3:::moj-release-management/*" + ] + }, + { + "Sid" : "SSMPolicy", + "Effect" : "Allow", + "Action" : [ + "ssm:GetParameter" + ], + "Resource" : [ + "arn:aws:ssm:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:parameter/klayers-account" + ] + }, { "Sid" : "LogPolicy", "Effect" : "Allow", diff --git a/terraform/environments/ppud/lambda.tf b/terraform/environments/ppud/lambda.tf index c10322387f0..e7583635b4e 100644 --- a/terraform/environments/ppud/lambda.tf +++ b/terraform/environments/ppud/lambda.tf @@ -516,6 +516,9 @@ resource "aws_lambda_function" "terraform_lambda_func_send_cpu_graph_dev" { layers = [ "arn:aws:lambda:eu-west-2:770693421928:layer:Klayers-p312-numpy:8", #Publically available ARN for numpy package "arn:aws:lambda:eu-west-2:770693421928:layer:Klayers-p312-pillow:1" #Publically available ARN for pillow package +# "arn:aws:lambda:eu-west-2:${data.aws_ssm_parameter.klayers_account_dev.value}:layer:Klayers-p312-numpy:8", +# "arn:aws:lambda:eu-west-2:${data.aws_ssm_parameter.klayers_account_dev.value}:layer:Klayers-p312-pillow:1", +# aws_lambda_layer_version.lambda_layer_matplotlib_dev[0].arn ] } @@ -526,4 +529,17 @@ data "archive_file" "zip_the_send_cpu_graph_code_dev" { type = "zip" source_dir = "${path.module}/lambda_scripts/" output_path = "${path.module}/lambda_scripts/send_cpu_graph_dev.zip" -} \ No newline at end of file +} + +# Lambda Layer for Matplotlib + +/* +resource "aws_lambda_layer_version" "lambda_layer_matplotlib_dev" { + count = local.is-development == true ? 1 : 0 + layer_name = "matplotlib-layer" + description = "matplotlib-layer for python 3.12" + s3_bucket = aws_s3_bucket.MoJ-Release-Management[0].id + filename = "/lambda_layers/matplotlib-layer.zip" + compatible_runtimes = ["python3.12"] +} +*/ \ No newline at end of file diff --git a/terraform/environments/ppud/platform_secrets.tf b/terraform/environments/ppud/platform_secrets.tf index bb006856534..a0bd20b0fb1 100644 --- a/terraform/environments/ppud/platform_secrets.tf +++ b/terraform/environments/ppud/platform_secrets.tf @@ -15,3 +15,10 @@ data "aws_secretsmanager_secret_version" "environment_management" { provider = aws.modernisation-platform secret_id = data.aws_secretsmanager_secret.environment_management.id } + +# Klayers Account ID - used by lambda layer ARNs - https://github.com/keithrozario/Klayers?tab=readme-ov-file +data "aws_ssm_parameter" "klayers_account_dev" { + count = local.is-development == true ? 1 : 0 + name = "klayers-account" + with_decryption = true +} \ No newline at end of file diff --git a/terraform/environments/ppud/s3.tf b/terraform/environments/ppud/s3.tf index c27b3b03114..599cce0b94f 100644 --- a/terraform/environments/ppud/s3.tf +++ b/terraform/environments/ppud/s3.tf @@ -359,7 +359,8 @@ resource "aws_s3_bucket_policy" "MoJ-Release-Management" { "Principal" : { "AWS" : [ "arn:aws:iam::${local.environment_management.account_ids["ppud-development"]}:role/ec2-iam-role", - "arn:aws:iam::${local.environment_management.account_ids["ppud-preproduction"]}:role/ec2-iam-role" + "arn:aws:iam::${local.environment_management.account_ids["ppud-preproduction"]}:role/ec2-iam-role", + "arn:aws:iam::${local.environment_management.account_ids["ppud-development"]}:role/lambda_role_cloudwatch_get_metric_data_dev" ] } }