Add DB maintenance lambda

data_services/db_maintenance/main.py

@@ -0,0 +1,8 @@
+from pg8000.native import Connection
+
+def handler(event, _context):
+  config = event['connection']
+  conn = Connection(**config)
+  for table in event.get('tables', []):
+    conn.run(f"DELETE FROM {table} WHERE updated_at < NOW() - interval '1 WEEK'")
+    conn.run(f"VACUUM {table}")

data_services/db_maintenance/requirements.txt

@@ -0,0 +1 @@
+pg8000

data_services/outputs.tf

@@ -43,6 +43,7 @@ output "postgres" {
     client_security_group = aws_security_group.db_client.id
     admin_user            = "dbadmin"
     admin_password        = random_string.db_master_password.result
+    maintenance_lambda    = module.maintenance_lambda.lambda_function_arn
   }
 }
 

data_services/postgres.tf

@@ -35,6 +35,14 @@ resource "aws_security_group" "db_client" {
   name          = "${local.namespace}-db-client"
   description   = "RDS Client Security Group"
   vpc_id        = module.core.outputs.vpc.id
+
+  egress {
+    from_port   = 5432
+    to_port     = 5432
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
   tags          = local.tags
 }
 
@@ -85,3 +93,19 @@ resource "aws_db_instance" "db" {
   vpc_security_group_ids    = [aws_security_group.db.id]
   tags                      = local.tags
 }
+
+module "maintenance_lambda" {
+  source  = "terraform-aws-modules/lambda/aws"
+  version = "~> 3.3.1"
+
+  function_name          = "${local.namespace}-db-maintenance"
+  description            = "Cleans and vacuums certain database tables"
+  handler                = "main.handler"
+  runtime                = "python3.10"
+  source_path            = "${path.module}/db_maintenance"
+  timeout                = 120
+
+  vpc_subnet_ids         = module.core.outputs.vpc.public_subnets.ids
+  vpc_security_group_ids = [aws_security_group.db_client.id]
+  attach_network_policy  = true
+}