diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 7e0ace5..4a9fbb6 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -8,13 +8,14 @@ on: workflow_dispatch: env: - TF_WORKING_DIR: terraform/ + TF_WORKING_DIR: terraform jobs: terraform: name: Terraform (plan & apply) runs-on: ubuntu-latest environment: ${{ github.ref == 'refs/heads/main' && 'prod' || 'staging' }} + permissions: contents: read @@ -34,9 +35,15 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ secrets.AWS_REGION }} + # Backend selection based on branch - name: Terraform Init working-directory: ${{ env.TF_WORKING_DIR }} - run: terraform init -input=false + run: | + if [ "${{ github.ref }}" = "refs/heads/staging" ]; then + terraform init -reconfigure -backend-config=backend-staging.tfvars -input=false + else + terraform init -reconfigure -backend-config=backend-prod.tfvars -input=false + fi - name: Terraform Validate & Format working-directory: ${{ env.TF_WORKING_DIR }} @@ -54,17 +61,17 @@ jobs: terraform plan -var-file="prod.tfvars" -out=tfplan fi - - name: Terraform Apply + - name: Terraform Apply (staging) if: github.ref == 'refs/heads/staging' working-directory: ${{ env.TF_WORKING_DIR }} run: terraform apply -input=false -auto-approve tfplan - - name: Terraform Apply (prod) - requires env approval + - name: Terraform Apply (prod) if: github.ref == 'refs/heads/main' working-directory: ${{ env.TF_WORKING_DIR }} run: terraform apply -input=false -auto-approve tfplan - - name: Show outputs + - name: Show Outputs if: success() working-directory: ${{ env.TF_WORKING_DIR }} run: terraform output -json diff --git a/.github/workflows/destroy.yaml b/.github/workflows/destroy.yaml index 6836253..52361b1 100644 --- a/.github/workflows/destroy.yaml +++ b/.github/workflows/destroy.yaml @@ -12,11 +12,16 @@ on: - prod env: - TF_WORKING_DIR: terraform/ + TF_WORKING_DIR: terraform jobs: destroy: + name: Terraform Destroy runs-on: ubuntu-latest + environment: ${{ github.event.inputs.environment }} + + permissions: + contents: read steps: - name: Checkout @@ -34,9 +39,15 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ secrets.AWS_REGION }} + # Backend selection based on input - name: Terraform Init working-directory: ${{ env.TF_WORKING_DIR }} - run: terraform init -input=false + run: | + if [ "${{ github.event.inputs.environment }}" = "staging" ]; then + terraform init -reconfigure -backend-config=backend-staging.tfvars -input=false + else + terraform init -reconfigure -backend-config=backend-prod.tfvars -input=false + fi - name: Terraform Destroy working-directory: ${{ env.TF_WORKING_DIR }} diff --git a/README.md b/README.md index 34aae76..658bc54 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,91 @@ # Serverless Health Check API with CI/CD +The goal of this project is to build, configure, and automate the deployment of a simple serverless application on AWS. Created a health check endpoint that logs requests and stores them in a database, with a CI/CD pipeline to manage deployments for both staging and production environments, fully provisioned via Terraform and deployed automatically using GitHub Actions. + +## Architectural desig + +### Core Components + +- Amazon API Gateway (HTTP API) +- AWS Lambda (Python) +- Amazon DynamoDB +- AWS IAM +- Amazon CloudWatch Logs + +Each environment (staging, prod) is isolated by naming convention and Terraform variables. + +### Runtime Request Flow + +1. _Client_: sends a GET or POST request to: + +``` +https://.execute-api..amazonaws.com/health +``` +2. _API Gateway_: +- Matches the /health route +- Forwards the request using AWS_PROXY integration +3. _Lambda Function (env-health-check-function)_: +- Logs the full request event to CloudWatch Logs +- Generates a UUID +- Stores request metadata in DynamoDB (env-requests-db) +- Returns a JSON response +4. _DynamoDB_: +- Stores the request record (ID, timestamp, request payload) + +### Pipeline Flow +1. Developer pushes code +- staging branch → auto deploy +- main branch → production deploy +2. GitHub Actions workflow: The GitHub action workflow contain both terraform deploy and terraform destroy. +- Configures AWS credentials (GitHub Secrets) +- Terraform deploy - deploy.yaml + - Checks out code + - Runs: + - terraform fmt + - terraform validate + - terraform plan + - terraform apply + +- Terraform destroy - destroy.yaml + - On GitHub console, manually trigger the destroy pipeline from the actions + - Runs: + - terraform int + - terraform destroy + +### Environment separation + +| Aspect | Staging | Production | +| -------------- | ------------------------------- | ---------------------------- | +| Branch | `staging` | `main` | +| Terraform vars | `staging.tfvars` | `prod.tfvars` | +| Lambda | `staging-health-check-function` | `prod-health-check-function` | +| DynamoDB | `staging-requests-db` | `prod-requests-db` | +| API Gateway | `staging-health-check-api` | `prod-health-check-api` | +| Approval | None | Required | + + +### Security and IAM Role +Each Lambda function has one dedicated IAM role with: +- _Allowed permissions_ + - dynamodb:PutItem → specific DynamoDB table ARN + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:PutLogEvents +- Denied by default + - No read access to DynamoDB + - No access to other AWS services + - No wildcard write permissions +- secrets Handling + - AWS credentials stored in GitHub Secrets + - No credentials committed to repository + + + + + + + + create hello lambda funtion using Python ``` @@ -31,4 +117,13 @@ Run the python funtion locally using VS Code Run Button - Create the terraform folder structure -- Deploy with: terraform init then terraform apply -var-file="staging.tfvars" (or prod.tfvars) \ No newline at end of file +- Deploy with: terraform init then terraform apply -var-file="staging.tfvars" (or prod.tfvars) + + +endpoint - https://nrbefv9bcj.execute-api.us-east-1.amazonaws.com/health + + + +terraform init -backend-config=backend-staging.tfvars for staging environment + +terraform init -backend-config=backend-prod.tfvars for prod environment diff --git a/terraform/apigw.tf b/terraform/apigw.tf new file mode 100644 index 0000000..1e15a77 --- /dev/null +++ b/terraform/apigw.tf @@ -0,0 +1,37 @@ +resource "aws_apigatewayv2_api" "http_api" { + name = "${var.env}-health-check-api" + protocol_type = "HTTP" +} + +resource "aws_apigatewayv2_integration" "lambda_integration" { + api_id = aws_apigatewayv2_api.http_api.id + integration_type = "AWS_PROXY" + integration_uri = aws_lambda_function.health_check.arn + payload_format_version = "2.0" +} + +resource "aws_apigatewayv2_route" "health_route" { + api_id = aws_apigatewayv2_api.http_api.id + route_key = "GET /health" + target = "integrations/${aws_apigatewayv2_integration.lambda_integration.id}" +} + +resource "aws_apigatewayv2_route" "health_route_post" { + api_id = aws_apigatewayv2_api.http_api.id + route_key = "POST /health" + target = "integrations/${aws_apigatewayv2_integration.lambda_integration.id}" +} + +resource "aws_apigatewayv2_stage" "default_stage" { + api_id = aws_apigatewayv2_api.http_api.id + name = "$default" + auto_deploy = true +} + +resource "aws_lambda_permission" "allow_apigw" { + statement_id = "${var.env}-allow-apigw" + action = "lambda:InvokeFunction" + function_name = aws_lambda_function.health_check.function_name + principal = "apigateway.amazonaws.com" + source_arn = "${aws_apigatewayv2_api.http_api.execution_arn}/*/*" +} diff --git a/terraform/backend-prod.tfvars b/terraform/backend-prod.tfvars new file mode 100644 index 0000000..35a5adc --- /dev/null +++ b/terraform/backend-prod.tfvars @@ -0,0 +1,4 @@ +bucket = "serverlesshealthcheckapi" +key = "serverless-health-check-api/prod/tfstate" +region = "us-east-1" +encrypt = true diff --git a/terraform/backend-staging.tfvars b/terraform/backend-staging.tfvars new file mode 100644 index 0000000..f306603 --- /dev/null +++ b/terraform/backend-staging.tfvars @@ -0,0 +1,4 @@ +bucket = "serverlesshealthcheckapi" +key = "serverless-health-check-api/staging/tfstate" +region = "us-east-1" +encrypt = true diff --git a/terraform/backend.tfvars b/terraform/backend.tfvars deleted file mode 100644 index 71aaf90..0000000 --- a/terraform/backend.tfvars +++ /dev/null @@ -1,5 +0,0 @@ -# bucket = "serverlesshealthcheckapi" -# key = "health-check-app/terraform.tfstate" -# region = "us-east-1" -# encrypt = true -# dynamodb_table = "terraform-locks" \ No newline at end of file diff --git a/terraform/iam.tf b/terraform/iam.tf new file mode 100644 index 0000000..638aff5 --- /dev/null +++ b/terraform/iam.tf @@ -0,0 +1,45 @@ +data "aws_iam_policy_document" "lambda_assume_role" { + statement { + effect = "Allow" + principals { + type = "Service" + identifiers = ["lambda.amazonaws.com"] + } + actions = ["sts:AssumeRole"] + } +} + +resource "aws_iam_role" "lambda_role" { + name = "${var.env}-health-check-lambda-role" + assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json + tags = { + Environment = var.env + } +} + +resource "aws_iam_role_policy" "lambda_policy" { + name = "${var.env}-health-check-lambda-policy" + role = aws_iam_role.lambda_role.id + + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Effect = "Allow" + Action = [ + "dynamodb:PutItem" + ] + Resource = aws_dynamodb_table.requests.arn + }, + { + Effect = "Allow" + Action = [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ] + Resource = "arn:aws:logs:*:*:*" + } + ] + }) +} diff --git a/terraform/lambda.tf b/terraform/lambda.tf new file mode 100644 index 0000000..bc4b63c --- /dev/null +++ b/terraform/lambda.tf @@ -0,0 +1,28 @@ +data "archive_file" "lambda_zip" { + type = "zip" + output_path = "${path.module}/lambda_package/${var.env}-lambda.zip" + + source { + content = file("${path.module}/../lambda/lambda_function.py") + filename = "lambda_function.py" + } +} + +resource "aws_lambda_function" "health_check" { + function_name = "${var.env}-health-check-function" + filename = data.archive_file.lambda_zip.output_path + handler = var.lambda_handler + runtime = var.lambda_runtime + role = aws_iam_role.lambda_role.arn + source_code_hash = data.archive_file.lambda_zip.output_base64sha256 + + environment { + variables = { + REQUESTS_TABLE = aws_dynamodb_table.requests.name + } + } + + tags = { + Environment = var.env + } +} diff --git a/terraform/lambda_package/staging-lambda.zip b/terraform/lambda_package/staging-lambda.zip new file mode 100644 index 0000000..fade241 Binary files /dev/null and b/terraform/lambda_package/staging-lambda.zip differ diff --git a/terraform/main.tf b/terraform/main.tf index 60f09a3..38f8f5c 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,64 +1,15 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.0" - } - } -} - -provider "aws" { - region = var.aws_region - - default_tags { - tags = local.common_tags +resource "aws_dynamodb_table" "requests" { + name = "${var.env}-requests-db" + billing_mode = "PAY_PER_REQUEST" + hash_key = "id" + + attribute { + name = "id" + type = "S" } -} -locals { - common_tags = { - Environment = var.environment - Project = var.project_name - ManagedBy = "Terraform" - CreatedAt = timestamp() + tags = { + Environment = var.env + Name = "${var.env}-requests-db" } } - -# DynamoDB Module -module "dynamodb" { - source = "./modules/dynamodb" - environment = var.environment - common_tags = local.common_tags -} - -# IAM Module -module "iam" { - source = "./modules/iam" - - environment = var.environment - dynamodb_table_arn = module.dynamodb.table_arn - common_tags = local.common_tags -} - -# API Gateway Module -module "api_gateway" { - source = "./modules/api-gateway" - environment = var.environment - lambda_invoke_arn = module.lambda.function_invoke_arn - common_tags = local.common_tags -} - -# Lambda Module -module "lambda" { - source = "./modules/lambda" - environment = var.environment - lambda_role_arn = module.iam.lambda_role_arn - dynamodb_table_name = module.dynamodb.table_name - api_gateway_execution_arn = module.api_gateway.execution_arn - lambda_funtion_dir = var.lambda_funtion_dir - common_tags = local.common_tags - # depends_on = [module.api_gateway] -} - diff --git a/terraform/modules/api-gateway/main.tf b/terraform/modules/api-gateway/main.tf deleted file mode 100644 index 8152db3..0000000 --- a/terraform/modules/api-gateway/main.tf +++ /dev/null @@ -1,62 +0,0 @@ -resource "aws_apigatewayv2_api" "health_api" { - name = "${var.environment}-serverless-health-check-api" - protocol_type = "HTTP" - - cors_configuration { - allow_origins = ["*"] - allow_methods = ["GET", "POST", "OPTIONS"] - allow_headers = ["*"] - } - - tags = var.common_tags -} - -resource "aws_apigatewayv2_integration" "lambda_integration" { - api_id = aws_apigatewayv2_api.health_api.id - integration_type = "AWS_PROXY" - integration_method = "POST" - payload_format_version = "2.0" - integration_uri = var.lambda_invoke_arn - depends_on = [] -} - -resource "aws_apigatewayv2_route" "health_route_get" { - api_id = aws_apigatewayv2_api.health_api.id - route_key = "GET /health" - target = "integrations/${aws_apigatewayv2_integration.lambda_integration.id}" -} - -resource "aws_apigatewayv2_route" "health_route_post" { - api_id = aws_apigatewayv2_api.health_api.id - route_key = "POST /health" - target = "integrations/${aws_apigatewayv2_integration.lambda_integration.id}" -} - -resource "aws_apigatewayv2_stage" "default" { - api_id = aws_apigatewayv2_api.health_api.id - name = "$default" - auto_deploy = true - - access_log_settings { - destination_arn = aws_cloudwatch_log_group.api_gateway_logs.arn - format = jsonencode({ - requestId = "$context.requestId" - ip = "$context.identity.sourceIp" - requestTime = "$context.requestTime" - httpMethod = "$context.httpMethod" - resourcePath = "$context.resourcePath" - status = "$context.status" - protocol = "$context.protocol" - responseLength = "$context.responseLength" - }) - } - - tags = var.common_tags -} - -resource "aws_cloudwatch_log_group" "api_gateway_logs" { - name = "/aws/apigateway/${var.environment}-serverless-health-check-api" - retention_in_days = 7 - - tags = var.common_tags -} diff --git a/terraform/modules/api-gateway/outputs.tf b/terraform/modules/api-gateway/outputs.tf deleted file mode 100644 index fc6da1c..0000000 --- a/terraform/modules/api-gateway/outputs.tf +++ /dev/null @@ -1,14 +0,0 @@ -output "api_endpoint" { - description = "The endpoint URL of the API Gateway" - value = "${aws_apigatewayv2_api.health_api.api_endpoint}/" -} - -output "api_id" { - description = "The ID of the API Gateway" - value = aws_apigatewayv2_api.health_api.id -} - -output "execution_arn" { - description = "The execution ARN of the API Gateway" - value = aws_apigatewayv2_api.health_api.execution_arn -} diff --git a/terraform/modules/api-gateway/variables.tf b/terraform/modules/api-gateway/variables.tf deleted file mode 100644 index af84d72..0000000 --- a/terraform/modules/api-gateway/variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -variable "environment" { - description = "Environment name" - type = string -} - -variable "lambda_invoke_arn" { - description = "Invoke ARN of the Lambda function" - type = string -} - -variable "common_tags" { - description = "Common tags for all resources" - type = map(string) -} diff --git a/terraform/modules/dynamodb/main.tf b/terraform/modules/dynamodb/main.tf deleted file mode 100644 index b606585..0000000 --- a/terraform/modules/dynamodb/main.tf +++ /dev/null @@ -1,17 +0,0 @@ -resource "aws_dynamodb_table" "requests" { - name = "${var.environment}-requests-db" - billing_mode = "PAY_PER_REQUEST" - hash_key = "request_id" - - attribute { - name = "request_id" - type = "S" - } - - ttl { - attribute_name = "expiration_time" - enabled = true - } - - tags = var.common_tags -} diff --git a/terraform/modules/dynamodb/outputs.tf b/terraform/modules/dynamodb/outputs.tf deleted file mode 100644 index 0d5bc73..0000000 --- a/terraform/modules/dynamodb/outputs.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "table_name" { - description = "Name of the DynamoDB" - value = aws_dynamodb_table.requests.name -} - -output "table_arn" { - description = "ARN of the DynamoDB" - value = aws_dynamodb_table.requests.arn -} \ No newline at end of file diff --git a/terraform/modules/dynamodb/variables.tf b/terraform/modules/dynamodb/variables.tf deleted file mode 100644 index 705b670..0000000 --- a/terraform/modules/dynamodb/variables.tf +++ /dev/null @@ -1,9 +0,0 @@ -variable "environment" { - description = "Environment name" - type = string -} - -variable "common_tags" { - description = "Common tags for all resources" - type = map(string) -} diff --git a/terraform/modules/iam/main.tf b/terraform/modules/iam/main.tf deleted file mode 100644 index f837f7a..0000000 --- a/terraform/modules/iam/main.tf +++ /dev/null @@ -1,58 +0,0 @@ -# IAM Role for Lambda function -resource "aws_iam_role" "lambda_role" { - name = "${var.environment}-serverless-health-check-api-lambda-role" - - assume_role_policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Action = "sts:AssumeRole" - Effect = "Allow" - Principal = { - Service = "lambda.amazonaws.com" - } - } - ] - }) - - tags = var.common_tags -} - -# IAM Policy for CloudWatch Logs -resource "aws_iam_role_policy" "lambda_cloudwatch_policy" { - name = "${var.environment}-serverless-health-check-api-lambda-cloudwatch-policy" - role = aws_iam_role.lambda_role.id - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Effect = "Allow" - Action = [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ] - Resource = "arn:aws:logs:*:*:*" - } - ] - }) -} - -# IAM Policy for DynamoDB -resource "aws_iam_role_policy" "lambda_dynamodb_policy" { - name = "${var.environment}-serverless-health-check-api-lambda-dynamodb-policy" - role = aws_iam_role.lambda_role.id - - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Effect = "Allow" - Action = [ - "dynamodb:PutItem" - ] - Resource = var.dynamodb_table_arn - } - ] - }) -} diff --git a/terraform/modules/iam/outputs.tf b/terraform/modules/iam/outputs.tf deleted file mode 100644 index b63be17..0000000 --- a/terraform/modules/iam/outputs.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "lambda_role_arn" { - description = "ARN of the Lambda execution role" - value = aws_iam_role.lambda_role.arn -} - -output "lambda_role_name" { - description = "Name of the Lambda execution role" - value = aws_iam_role.lambda_role.name -} diff --git a/terraform/modules/iam/variables.tf b/terraform/modules/iam/variables.tf deleted file mode 100644 index a688f79..0000000 --- a/terraform/modules/iam/variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -variable "environment" { - description = "Environment name" - type = string -} - -variable "dynamodb_table_arn" { - description = "ARN of the DynamoDB" - type = string -} - -variable "common_tags" { - description = "Common tags for all resources" - type = map(string) -} diff --git a/terraform/modules/lambda/main.tf b/terraform/modules/lambda/main.tf deleted file mode 100644 index 054e2aa..0000000 --- a/terraform/modules/lambda/main.tf +++ /dev/null @@ -1,33 +0,0 @@ -data "archive_file" "lambda_zip" { - type = "zip" - source_dir = var.lambda_funtion_dir - output_path = "${path.module}/${var.environment}_lambda_function.zip" -} - -resource "aws_lambda_function" "health_check" { - function_name = "${var.environment}-serverless-health-check-api" - role = var.lambda_role_arn - handler = "lambda_function.lambda_handler" - source_code_hash = data.archive_file.lambda_zip.output_base64sha256 - runtime = "python3.11" - filename = data.archive_file.lambda_zip.output_path - - environment { - variables = { - DYNAMODB_TABLE_NAME = var.dynamodb_table_name - ENVIRONMENT = var.environment - } - } - - tags = var.common_tags - - depends_on = [data.archive_file.lambda_zip] -} - -resource "aws_lambda_permission" "api_gateway" { - statement_id = "AllowAPIGatewayInvoke" - action = "lambda:InvokeFunction" - function_name = aws_lambda_function.health_check.function_name - principal = "apigateway.amazonaws.com" - source_arn = "${var.api_gateway_execution_arn}/*/*" -} diff --git a/terraform/modules/lambda/outputs.tf b/terraform/modules/lambda/outputs.tf deleted file mode 100644 index c8b0bb7..0000000 --- a/terraform/modules/lambda/outputs.tf +++ /dev/null @@ -1,14 +0,0 @@ -output "function_arn" { - description = "ARN of the Lambda function" - value = aws_lambda_function.health_check.arn -} - -output "function_name" { - description = "Name of the Lambda function" - value = aws_lambda_function.health_check.function_name -} - -output "function_invoke_arn" { - description = "Invoke ARN of the Lambda function" - value = aws_lambda_function.health_check.invoke_arn -} diff --git a/terraform/modules/lambda/variables.tf b/terraform/modules/lambda/variables.tf deleted file mode 100644 index b595507..0000000 --- a/terraform/modules/lambda/variables.tf +++ /dev/null @@ -1,29 +0,0 @@ -variable "environment" { - description = "Environment name" - type = string -} - -variable "lambda_role_arn" { - description = "ARN of the IAM role for Lambda" - type = string -} - -variable "dynamodb_table_name" { - description = "Name of the DynamoDB table" - type = string -} - -variable "api_gateway_execution_arn" { - description = "Execution ARN of the API Gateway" - type = string -} - -variable "lambda_funtion_dir" { - description = "Path to the Lambda function source code directory" - type = string -} - -variable "common_tags" { - description = "Common tags for all resources" - type = map(string) -} diff --git a/terraform/outputs.tf b/terraform/outputs.tf index 8b3a508..355b119 100644 --- a/terraform/outputs.tf +++ b/terraform/outputs.tf @@ -1,19 +1,12 @@ output "api_endpoint" { - description = "The endpoint URL of the API Gateway" - value = module.api_gateway.api_endpoint + description = "HTTP API endpoint" + value = aws_apigatewayv2_api.http_api.api_endpoint } -output "dynamodb_table_name" { - description = "The name of the DynamoDB table" - value = module.dynamodb.table_name +output "lambda_name" { + value = aws_lambda_function.health_check.function_name } -output "lambda_function_name" { - description = "The name of the Lambda function" - value = module.lambda.function_name -} - -output "environment" { - description = "The environment name" - value = var.environment +output "dynamodb_table" { + value = aws_dynamodb_table.requests.name } diff --git a/terraform/prod.tfvars b/terraform/prod.tfvars index 26f4f3d..012a7f5 100644 --- a/terraform/prod.tfvars +++ b/terraform/prod.tfvars @@ -1,3 +1,2 @@ -environment = "prod" -aws_region = "us-east-1" -project_name = "serverless-health-check-api" \ No newline at end of file +env = "prod" +aws_region = "us-east-1" diff --git a/terraform/provider.tf b/terraform/provider.tf new file mode 100644 index 0000000..2df72a9 --- /dev/null +++ b/terraform/provider.tf @@ -0,0 +1,14 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + } + required_version = ">= 1.2.0" + backend "s3" {} +} + +provider "aws" { + region = var.aws_region +} diff --git a/terraform/staging.tfvars b/terraform/staging.tfvars index 9b0a55c..da3c370 100644 --- a/terraform/staging.tfvars +++ b/terraform/staging.tfvars @@ -1,3 +1,2 @@ -environment = "staging" -aws_region = "us-east-1" -project_name = "serverless-health-check-api" \ No newline at end of file +env = "staging" +aws_region = "us-east-1" diff --git a/terraform/variables.tf b/terraform/variables.tf index 0754d5d..8cbeac6 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -1,31 +1,21 @@ -variable "aws_region" { - default = "us-east-1" - description = "AWS region" +variable "env" { + description = "Environment name (staging or prod)" type = string } -variable "terraform_backend_bucket" { - default = "serverlesshealthcheckapi" - description = "AWS S3 Bucket for Terraform backend" +variable "aws_region" { + description = "AWS region" type = string + default = "us-east-1" } -variable "environment" { - validation { - condition = contains(["staging", "prod"], var.environment) - error_message = "Environment must be either staging or prod" - } - description = "Deployment environment name (staging or prod)" - type = string +# Lambda settings +variable "lambda_handler" { + type = string + default = "lambda_function.lambda_handler" } -variable "lambda_funtion_dir" { - default = "../lambda" - description = "Directory containing Lambda function source code" - type = string +variable "lambda_runtime" { + type = string + default = "python3.9" } -variable "project_name" { - default = "serverless-health-check-api" - description = "Project name for tagging and resource naming" - type = string -} \ No newline at end of file