Skip to content

Commit

Permalink
Add lambda permission for EventBridge rule
Browse files Browse the repository at this point in the history
  • Loading branch information
@mbklein
mbklein committed Oct 20, 2023
1 parent a9ca7bb commit efed084
Showing 1 changed file with 9 additions and 21 deletions.
30 changes: 9 additions & 21 deletions solrcloud/backup.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,15 @@ module "backup_lambda" {
attach_network_policy = true
}

resource "aws_lambda_permission" "allow_cloudwatch" {
for_each = toset(aws_cloudwatch_event_rule.back_up_solr[*].arn)
statement_id = "AllowExecutionFromCloudWatch"
action = "lambda:InvokeFunction"
function_name = module.backup_lambda.lambda_function_name
principal = "events.amazonaws.com"
source_arn = each.key
}

data "aws_iam_policy_document" "solr_backup_rule_assume_role" {
statement {
effect = "Allow"
Expand All @@ -37,27 +46,6 @@ data "aws_iam_policy_document" "solr_backup_rule_assume_role" {
}
}

data "aws_iam_policy_document" "event_rule_solr_backup" {
statement {
effect = "Allow"
actions = ["lambda:InvokeFunction"]
resources = [
module.backup_lambda.lambda_function_arn,
"${module.backup_lambda.lambda_function_arn}:*"
]
}
}

resource "aws_iam_role" "event_rule_solr_backup" {
name = "${local.namespace}-solr-backup-event"
assume_role_policy = data.aws_iam_policy_document.solr_backup_rule_assume_role.json

inline_policy {
name = "${local.namespace}-solr-backup-event-policy"
policy = data.aws_iam_policy_document.event_rule_solr_backup.json
}
}

resource "aws_cloudwatch_event_rule" "back_up_solr" {
count = length(var.backup_schedule) > 0 ? 1 : 0
name = "${local.namespace}-solr-backup"
Expand Down

0 comments on commit efed084

Please sign in to comment.