lambda and vpc

.gitignore

@@ -7,4 +7,5 @@ terraform.tfstate
 pike
 .pytest_cache/
 *.backup
-__debug_bin.exe
+__debug_bin.exe
+.DS_Store

src/mapping/aws/aws_lambda_function.json

@@ -1,20 +1,24 @@
 [
   {
     "apply": [
-      "ec2:CreateVpc",
-      "ec2:DescribeVpcAttribute",
-      "ec2:DescribeVpcs",
-      "ec2:DescribeAccountAttributes", 
-      "ec2:DeleteVpc"
+      "ec2:DescribeAccountAttributes",
+      "lambda:CreateFunction",
+      "iam:PassRole",
+      "lambda:GetFunctionCodeSigningConfig"
     ],
     "attributes": {
-
       "tags": [
+        "lambda:TagResource",
+        "lambda:UntagResource"
       ]
     },
     "destroy": [
+      "lambda:DeleteFunction"
+    ],
+    "modify": [
+      "lambda:GetFunction",
+      "lambda:ListVersionsByFunction"
     ],
-    "modify": [],
     "plan": []
   }
 ]

src/mapping/aws/data/aws_vpcs.json

@@ -0,0 +1,14 @@
+[
+  {
+    "apply": [
+      "ec2:DescribeAccountAttributes",
+      "ec2:DescribeVpcs"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

terraform/aws_lambda_function.tf → terraform/backup/aws_lambda_function.tf

@@ -4,4 +4,7 @@ resource "aws_lambda_function" "examplea" {
   handler       = "anyoldguff"
   runtime       = "python3.8"
   filename      = "todo.zip"
-}
+  # tags = {
+  #   createdby="james woolfenden"
+  # }
+}

terraform/backup/aws_vpc.tf

@@ -0,0 +1,17 @@
+resource "aws_vpc" "example" {
+  cidr_block = "10.0.0.0/16"
+  //instance_tenancy = "default"
+  //ipv4_ipam_pool_id =
+  //ipv4_netmask_length =
+  # ipv6_ipam_pool_id =
+  # ipv6_netmask_length =
+  # ipv6_cidr_block =
+  # ipv6_cidr_block_network_border_group =
+  # enable_dns_support =
+  # enable_dns_hostnames =
+
+  //assign_generated_ipv6_cidr_block = true
+  # tags = {
+  #   "test" = "pass"
+  # }
+}

terraform/backup/data.aws_vpcs.all.tf

@@ -0,0 +1 @@
+data "aws_vpcs" "list" {}

terraform/backup/index.js

@@ -0,0 +1,3 @@
+exports.handler = async function(event, context, callback) {
+  return 'hello world';
+}

terraform/role/aws_iam_policy.basic.tf

@@ -5,7 +5,7 @@ resource "aws_iam_policy" "basic" {
     Statement = [
       {
         Action = [
-          "ec2:DeleteTags",
+          "ec2:DescribeAccountAttributes",
         ]
         Effect   = "Allow"
         Resource = "*"
@@ -21,7 +21,7 @@ resource "aws_iam_role_policy_attachment" "basic" {
 }
 
 resource "aws_iam_user_policy_attachment" "basic" {
-	# checkov:skip=CKV_AWS_40: By design
+  # checkov:skip=CKV_AWS_40: By design
   user       = "basic"
   policy_arn = aws_iam_policy.basic.arn
 }

terraform/role/aws_lambda.md

@@ -0,0 +1,35 @@
+resource "aws_iam_policy" "basic" {
+  name = "basic"
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = [
+        "ec2:DescribeAccountAttributes",
+        "lambda:CreateFunction",
+        "iam:PassRole",
+        "lambda:GetFunction",
+        "lambda:ListVersionsByFunction",
+        "lambda:DeleteFunction",
+        "lambda:GetFunctionCodeSigningConfig",
+        "lambda:TagResource",
+        "lambda:UntagResource"
+        ]
+        Effect   = "Allow"
+        Resource = "*"
+      },
+    ]
+  })
+  tags = { createdby = "JamesWoolfenden" }
+}
+
+resource "aws_iam_role_policy_attachment" "basic" {
+  role       = aws_iam_role.basic.name
+  policy_arn = aws_iam_policy.basic.arn
+}
+
+resource "aws_iam_user_policy_attachment" "basic" {
+	# checkov:skip=CKV_AWS_40: By design
+  user       = "basic"
+  policy_arn = aws_iam_policy.basic.arn
+}

terraform/set-profile.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+export AWS_PROFILE="basic"
+export AWS_DEFAULT_PROFILE="basic"

todo.md

@@ -1,4 +1,4 @@
-aws_lambda
+
 aws_api_gateway_rest_api
 aws_apigatewayv2_api
 aws_launch_config
@@ -29,12 +29,9 @@ sqs
 sns
 
 nacl
-vpc
 subnet
 route_table
 nat_gateway
 
-handle 
+handle
 2022/07/24 07:00:37 data aws_caller_identity not found
-2022/07/24 07:00:37 provider aws not found
-