Setup ECR Terraform, update GitHub Actions for OIDC

rabianadeem-121 · rabianadeem-121 · commit 4130d124a630 · 2025-12-15T12:17:23.000+05:00
diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
diff --git a/terraform/lambda.tf b/terraform/lambda.tf
@@ -20,3 +20,4 @@ resource "aws_lambda_function" "crud_api" {
   }
 }
 
+
diff --git a/terraform/security_groups.tf b/terraform/security_groups.tf
@@ -0,0 +1,53 @@
+# terraform/security_groups.tf
+
+# Lambda security group
+resource "aws_security_group" "lambda_sg" {
+  name        = "lambda-sg"
+  description = "Security group for Lambda functions"
+  vpc_id      = aws_vpc.main.id   # replace with your VPC resource
+
+  # Outbound to anywhere (for now)
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # Inbound rules (if Lambda needs to receive traffic from VPC resources)
+  ingress {
+    from_port   = 5432        # RDS PostgreSQL port
+    to_port     = 5432
+    protocol    = "tcp"
+    security_groups = [aws_security_group.rds_sg.id]  # allow Lambda → RDS
+  }
+
+  tags = {
+    Project = "Serverless CRUD API"
+  }
+}
+
+# RDS security group
+resource "aws_security_group" "rds_sg" {
+  name        = "rds-sg"
+  description = "Security group for RDS PostgreSQL"
+  vpc_id      = aws_vpc.main.id
+
+  ingress {
+    from_port       = 5432
+    to_port         = 5432
+    protocol        = "tcp"
+    security_groups = [aws_security_group.lambda_sg.id] # allow Lambda → RDS
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Project = "Serverless CRUD API"
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -20,3 +20,4 @@ resource "aws_lambda_function" "crud_api" {`
`20`	`20`	`}`
`21`	`21`	`}`
`22`	`22`
	`23`	`+`