Merge pull request #2360 from enmata/s3-sqs-lambda-terraform_enmata

Add s3-sqs-lambda-terraform pattern

s3-sqs-lambda-terraform/README.md

@@ -0,0 +1,81 @@
+# Amazon S3 to Amazon SQS queue to AWS Lambda
+
+The Terraform code deploys an AWS Lambda function, an Amazon SQS queue, one AWS S3 buckets and the AWS IAM resources required to run the application. The created Lambda function is triggered on every new `.jpg` image file uploaded to the S3 bucket using an SQS queue as a notification target. The Lambda function code contains only contains minimal code for demo purposes.
+
+Learn more about this pattern at Serverless Land Patterns: [serverlessland.com/patterns/s3-sqs-lambda-terraform](https://serverlessland.com/patterns/s3-sqs-lambda-terraform)
+
+Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.
+
+
+## Requirements
+
+* [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources.
+* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured
+* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+* [Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli?in=terraform/aws-get-started) installed
+
+
+## Deployment Instructions
+
+1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository:
+    ``` 
+    git clone https://github.com/aws-samples/serverless-patterns
+    ```
+1. Change directory to the pattern directory:
+    ```
+    cd s3-sqs-lambda-terraform
+    ```
+1. From the command line, initialize terraform to  to downloads and installs the providers defined in the configuration:
+    ```
+    terraform init
+    ```
+1. From the command line, apply the configuration in the main.tf file:
+    ```
+    terraform apply
+    ```
+1. During the prompts:
+    * Enter yes
+1. Note the outputs from the deployment process. These contain the resource names and/or ARNs which are used for testing.
+
+
+## How it works
+
+* Use the AWS CLI or AWS console to upload an image to the source S3 Bucket
+* If the object is a .jpg file, the Lambda function is triggered using SQS as a notification target.
+
+## Testing
+
+Run the following AWS CLI command to upload an image to the S3 bucket. Note, you must edit the {SourceBucketName} placeholder with the name of the source S3 bucket. This is provided in the stack outputs.
+
+```bash
+aws s3 cp './events/exampleImage.png'  s3://{SourceBucketName}
+```
+
+## Documentations and next step
+
+To expand the Step Functions workflow that the pattern created, you can find out example workflows at Step Functions Workflow: [serverlessland.com/workflows](https://serverlessland.com/workflows)
+
+
+## Cleanup
+
+1. Change directory to the pattern directory:
+    ```
+    cd s3-sqs-lambda-terraform
+    ```
+1. Delete all files from the S3 bucket
+1. Delete all created resources by terraform
+    ```bash
+    terraform destroy
+    ```
+1. During the prompts:
+    * Enter yes
+1. Confirm all created resources has been deleted
+    ```bash
+    terraform show
+    ```
+
+
+----
+Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+SPDX-License-Identifier: MIT-0

s3-sqs-lambda-terraform/example-pattern.json

@@ -0,0 +1,57 @@
+{
+  "title": "Amazon S3 to AWS Lambda with Amazon SQS queue",
+  "description": "Create a Lambda function that is triggered for every jpg image file uploaded to S3 via an SQS queue.",
+  "language": "Node.js",
+  "level": "200",
+  "framework": "Terraform",
+  "introBox": {
+    "headline": "Lambda function triggered for every image file stored to S3 via SQS",
+    "text": [
+        "The terraform manifest deploys a Lambda function, an SQS queue, one S3 bucket and the IAM resources required to run the application.",
+        "An SQS queue consumes ObjectCreated events from an Amazon S3 bucket if the file has .jpg extension. The SQS triggers a Lambda function.",
+        "The Lambda function serve as a pre-configured template, providing a starting point for developing your application."
+    ]
+  },
+  "gitHub": {
+    "template": {
+      "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/s3-sqs-lambda-terraform",
+      "templateURL": "serverless-patterns/s3-sqs-lambda-terraform",
+      "projectFolder": "s3-sqs-lambda-terraform",
+      "templateFile": "main.tf"
+    }
+  },
+  "resources": {
+    "bullets": [
+      {
+        "text": "Configuring an Amazon SQS queue to trigger an AWS Lambda function",
+        "link": "https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-lambda-function-trigger.html"
+      }
+    ]
+  },
+  "deploy": {
+    "text": [
+      "terraform init",
+      "terraform apply"
+    ]
+  },
+  "testing": {
+    "text": [
+      "See the GitHub repo for detailed testing instructions."
+    ]
+  },
+  "cleanup": {
+    "text": [
+      "<code>terraform destroy</code>"
+    ]
+  },
+  "authors": [
+    {
+      "name": "Oriol Matavacas",
+      "image": "",
+      "bio": "Oriol Matavacas is a Sr. Solutions Architect at AWS based in Barcelona. Oriol primarily supporting customers on the journey to the Cloud. He enjoys building new solutions with scalability, availability and easy to maintain by using serverless.",
+      "linkedin": "oriol-matavacas-rodriguez-b165868a",
+      "twitter": ""
+    }
+  ]
+}
+

s3-sqs-lambda-terraform/main.tf

@@ -0,0 +1,173 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.57.0"
+    }
+  }
+
+  required_version = ">= 0.14.9"
+}
+
+data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
+
+
+#################################################################
+# S3 Buckets
+#################################################################
+# Create a new Source S3 bucket
+resource "aws_s3_bucket" "MySourceS3Bucket" {
+  bucket_prefix = "s3-sqs-lambda-tf-sources3bucket-"
+}
+
+# Send notifications to SQS for all events in the bucket
+resource "aws_s3_bucket_notification" "MySourceS3BucketNotification" {
+  bucket      = aws_s3_bucket.MySourceS3Bucket.id
+
+  queue {
+    queue_arn     = aws_sqs_queue.MyHandlerQueue.arn
+    events        = [
+      "s3:ObjectCreated:*"
+    ]
+    filter_suffix = ".jpg"
+  }
+
+}
+
+#################################################################
+# SQS - Queue
+#################################################################
+# Create SQS - Queue
+resource "aws_sqs_queue" "MyHandlerQueue" {
+  name      = "s3-sqs-lambda-tf-SQSResizerQueue"
+}
+
+# Create SQS - Policy
+resource "aws_sqs_queue_policy" "MyHandlerQueuePolicy" {
+  queue_url = aws_sqs_queue.MyHandlerQueue.id
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Id": "QueuePolicy",
+  "Statement": [
+    {
+      "Sid": "Allow-SendMessage-To-Queue-From-S3-Event-Notification",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "s3.amazonaws.com"
+      },
+      "Action": "sqs:SendMessage",
+      "Resource": "arn:aws:sqs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:${aws_sqs_queue.MyHandlerQueue.name}",
+      "Condition": {
+        "StringEquals": {
+          "aws:SourceAccount": "${data.aws_caller_identity.current.account_id}"
+        },
+        "ArnLike": {
+          "aws:SourceArn": "arn:aws:s3:::${aws_s3_bucket.MySourceS3Bucket.id}"
+        }
+      }
+    }
+  ]
+}
+POLICY
+}
+
+
+#################################################################
+# Lambda Function
+#################################################################
+# Creating Lambda Function
+resource "aws_lambda_function" "MyHandlerFunction-Function" {
+  filename      = data.archive_file.LambdaZipFile.output_path
+  function_name = "s3-sqs-lambda-tf-LambdaFunction"
+  role          = aws_iam_role.MyHandlerFunction-Role.arn
+  handler       = "app.handler"
+  runtime       = "nodejs20.x"
+}
+
+# Create a zip file from the Lambda source code
+data "archive_file" "LambdaZipFile" {
+  type        = "zip"
+  source_file = "${path.module}/src/app.mjs"
+  output_path = "${path.module}/lambda-src.zip"
+}
+
+# Creating SQS Queue Trigger for Lambda Function
+resource "aws_lambda_event_source_mapping" "MyHandlerFunction-Function-to-SQS" {
+  event_source_arn = aws_sqs_queue.MyHandlerQueue.arn
+  function_name    = aws_lambda_function.MyHandlerFunction-Function.arn
+}
+
+# Creating IAM Role for Lambda Function
+resource "aws_iam_role" "MyHandlerFunction-Role" {
+  name = "s3-sqs-lambda-tf-MyHandlerFunction-Role"
+
+  assume_role_policy = jsonencode({
+    Version   = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "lambda.amazonaws.com"
+        }
+      }
+    ]
+  })
+}
+
+# Creating IAM Policies for Lambda
+resource "aws_iam_role_policy" "MyHandlerFunction-Policy-source" {
+  name   = "s3-sqs-lambda-tf-MyHandlerFunction-Role"
+  policy = jsonencode(
+{
+    "Statement": [
+        {
+            "Action": [
+                "s3:GetObject",
+                "s3:ListBucket",
+                "s3:GetBucketLocation",
+                "s3:GetObjectVersion",
+                "s3:GetLifecycleConfiguration"
+            ],
+            "Resource": [
+      				"arn:aws:s3:::${aws_s3_bucket.MySourceS3Bucket.id}",
+      				"arn:aws:s3:::${aws_s3_bucket.MySourceS3Bucket.id}/*"
+            ],
+            "Effect": "Allow"
+        }
+    ]
+}
+  )
+  role = aws_iam_role.MyHandlerFunction-Role.name
+}
+
+resource "aws_iam_role_policy_attachment" "AWSLambdaBasicExecutionRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+  role       = "${aws_iam_role.MyHandlerFunction-Role.name}"
+}
+
+resource "aws_iam_role_policy_attachment" "AWSLambdaSQSQueueExecutionRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole"
+  role       = "${aws_iam_role.MyHandlerFunction-Role.name}"
+}
+
+
+#################################################################
+# Outputs
+#################################################################
+# Displaying the SQS Queue, SourceS3 buckets and Lambda Function
+output "SQSQueueName" {
+  value       = aws_sqs_queue.MyHandlerQueue.name
+  description = "SQS Queue for queuing the s3 events"
+}
+output "SourceS3BucketName" {
+  value       = aws_s3_bucket.MySourceS3Bucket.id
+  description = "S3 Bucket for object storage"
+}
+output "LambdaFunctionArn" {
+  value       = aws_lambda_function.MyHandlerFunction-Function.arn
+  description = "HandlerFunction function Arn"
+}