terraform-aws-aqua-cspm/lambda.tf at main · SPHTech-Platform/terraform-aws-aqua-cspm · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
module "lambda" {
  source  = "terraform-aws-modules/lambda/aws"
  version = "~> 4.10.1"

  function_name = "${local.name_prefix}-function"
  description   = "Retrieves the External ID from Aqua CSPM"
  handler       = "index.lambda_handler"
  runtime       = "python3.9"

  memory_size = 128
  timeout     = 30

  create_package         = false
  local_existing_package = "${path.module}/src/lambda_function/lambda_function.zip"

  create_role = false
  lambda_role = module.lambda_role.iam_role_arn

  tags = var.tags
}

resource "aws_lambda_invocation" "external_id" {
  function_name = module.lambda.lambda_function_name
  input = jsonencode({
    ResourceProperties = {
      Secret = local.secret_name
    },
    LogicalResourceId = "ExternalIDInvoke"
  })

  depends_on = [
    module.lambda,
    aws_secretsmanager_secret_version.aqua_cspm_secret,
    time_sleep.wait_10_aqua_cspm_secret,
  ]
}

resource "aws_lambda_invocation" "onboarding" {
  function_name = module.lambda.lambda_function_name
  input = jsonencode({
    ResourceProperties = {
      Secret  = local.secret_name,
      ExtId   = local.external_id,
      Group   = var.aqua_group_name,
      RoleArn = aws_iam_role.aqua_cspm.arn,
      AccId   = data.aws_caller_identity.current.account_id
    },
    LogicalResourceId = "OnboardingInvoke"
  })

  depends_on = [
    time_sleep.wait_10_seconds,
    aws_lambda_invocation.external_id,
    aws_iam_role.aqua_cspm,
  ]
}

resource "time_sleep" "wait_10_seconds" {
  depends_on = [
    aws_lambda_invocation.external_id,
  ]

  create_duration = "10s"
}

resource "time_sleep" "wait_10_aqua_cspm_secret" {
  depends_on = [
    aws_secretsmanager_secret_version.aqua_cspm_secret,
  ]

  create_duration = "10s"
}