From da0b152296b2bf96c91c283bbf1a827f17894f76 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Wed, 26 Jan 2022 12:34:10 -0500
Subject: [PATCH] add cloudwatch stuff

---
 README.md     |  5 +++++
 cloudwatch.tf | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 defaults.tf   |  3 +++
 lambda.tf     | 11 ++++++++++-
 version.tf    |  2 +-
 5 files changed, 66 insertions(+), 2 deletions(-)
 create mode 100644 cloudwatch.tf

diff --git a/README.md b/README.md
index bdb7c13..815aa0c 100644
--- a/README.md
+++ b/README.md
@@ -19,10 +19,15 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [aws_cloudwatch_event_rule.ec2_rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
+| [aws_cloudwatch_event_target.ec2_target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
+| [aws_cloudwatch_log_group.log](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_dynamodb_table.table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource |
 | [aws_iam_role.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role_policy_attachment.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_lambda_alias.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource |
 | [aws_lambda_function.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
+| [aws_lambda_permission.allow_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy.lambda_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
diff --git a/cloudwatch.tf b/cloudwatch.tf
new file mode 100644
index 0000000..596183b
--- /dev/null
+++ b/cloudwatch.tf
@@ -0,0 +1,47 @@
+locals {
+  cloudwatch_name = format("/aws/lambda/%v", local.lambda_name)
+  cloudwatch_event_pattern = {
+    "source"      = ["aws.ec2"]
+    "detail-type" = ["EC2 Instance State-change Notification"]
+    "detail" = {
+      "state" = ["running", "shutting-down", "stopped"]
+    }
+  }
+}
+
+resource "aws_cloudwatch_log_group" "log" {
+  count = var.create ? 1 : 0
+  name  = local.cloudwatch_name
+  #  kms_key_id        = var.kms_key_arn
+  retention_in_days = lookup(local._defaults["cloudwatch"], "retention_in_days", 7)
+
+  tags = merge(
+    local.base_tags,
+    var.tags,
+    map("Name", local.name),
+  )
+}
+
+# aws events put-targets --rule ec2_lambda_ddns_rule --targets Id=id123456789012,Arn=<enter-your-lambda-function-arn-here>
+
+resource "aws_cloudwatch_event_rule" "ec2_rule" {
+  name          = local.name
+  description   = "Capture EC2 Events to hande dynamic Route53 registration"
+  event_pattern = json(local.cloudwatch_event_pattern)
+}
+
+resource "aws_cloudwatch_event_target" "ec2_target" {
+  target_id = local.name
+  arn       = aws_lambda_function.lambda.arn
+  rule      = aws_cloudwatch_event_rule.ec2_rule.name
+}
+
+resource "aws_lambda_permission" "allow_cloudwatch" {
+  statement_id = local.name
+  #  statement_id  = 45
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.lambda.function_name
+  principal     = "events.amazonaws.com"
+  source_arn    = aws_cloudwatch_event_rule.ec2_rule.arn
+  qualifier     = aws_lambda_alias.lambda.name
+}
diff --git a/defaults.tf b/defaults.tf
index 7168371..401081b 100644
--- a/defaults.tf
+++ b/defaults.tf
@@ -4,5 +4,8 @@ locals {
     "max_session_duration"  = 3600
     "lambda_handler"        = "ddns-lambda.lambda_handler"
     "lambda_file"           = "ddns-lambda"
+    "lambda_timeout"        = 300
+    "lambda_description"    = "Take EC2 Events and register/deregister from Route53"
+    "cloudwatch"            = 180
   }
 }
diff --git a/lambda.tf b/lambda.tf
index 6efc48c..b4486e0 100644
--- a/lambda.tf
+++ b/lambda.tf
@@ -9,6 +9,7 @@ locals {
 resource "aws_lambda_function" "lambda" {
   count                          = var.create ? 1 : 0
   function_name                  = local.lambda_name
+  description                    = local._defaults["lambda_description"]
   handler                        = local._defaults["lambda_handler"]
   memory_size                    = 128
   reserved_concurrent_executions = -1
@@ -16,7 +17,7 @@ resource "aws_lambda_function" "lambda" {
   runtime                        = "python3.9"
   source_code_hash               = filebase64sha256(local.lambda_file)
   filename                       = local.lambda_file
-  timeout                        = 30
+  timeout                        = local._defaults["lambda_timeout"]
   #    version                        = "$LATEST"
 
   environment {
@@ -32,3 +33,11 @@ resource "aws_lambda_function" "lambda" {
     map("Name", local.lambda_name)
   )
 }
+
+resource "aws_lambda_alias" "lambda" {
+  count            = var.create ? 1 : 0
+  name             = local.lambda_name
+  description      = local._defaults["lambda_description"]
+  function_name    = var.create ? aws_lambda_function.lambda[0].function_name : null
+  function_version = "$LATEST"
+}
diff --git a/version.tf b/version.tf
index 0dd68c9..f6d2caf 100644
--- a/version.tf
+++ b/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "0.0.6"
+  _module_version = "0.0.8"
 }