我已经在Terraform中设置了以下内容。所以有两个事件规则,早上8点开始事件,下午6点停止事件。
# Create cloudwatch event rules
resource "aws_cloudwatch_event_rule" "stop_ec2_event_rule" {
name = "stop-ec2-event-rule"
description = "Stop EC2 instance at a specified time each day"
schedule_expression = var.cloudwatch_schedule_stop
}
resource "aws_cloudwatch_event_rule" "start_ec2_event_rule" {
name = "start-ec2-event-rule"
description = "Start EC2 instance at a specified time each day"
schedule_expression = var.cloudwatch_schedule_start
}
每个事件都向lambda 传递一个操作
resource "aws_cloudwatch_event_target" "stop_ec2_event_rule_target" {
rule = aws_cloudwatch_event_rule.stop_ec2_event_rule.name
target_id = "TriggerLambdaFunction"
arn = aws_lambda_function.lambda_rscheduler.arn
input = "{"environment":"${var.environment}", "action":"stop"}"
}
resource "aws_cloudwatch_event_target" "start_ec2_event_rule_target" {
rule = aws_cloudwatch_event_rule.start_ec2_event_rule.name
target_id = "TriggerLambdaFunction"
arn = aws_lambda_function.lambda_rscheduler.arn
input = "{"environment":"${var.environment}", "action":"start"}"
}
这适用于
resource "aws_lambda_permission" "allow_cloudwatch" {
statement_id = "AllowExecutionFromCloudWatch"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.lambda_rscheduler.function_name
principal = "events.amazonaws.com"
source_arn = aws_cloudwatch_event_rule.stop_ec2_event_rule.arn
我面临的这个问题是,我无法让Terraform将start_event与lambda函数关联起来。我进入AWS控制台,可以手动将CloudWatch start_event触发器添加到lambda函数中。
如果我有启动事件资源
resource "aws_lambda_permission" "allow_cloudwatch" {
statement_id = "AllowExecutionFromCloudWatch"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.lambda_rscheduler.function_name
principal = "events.amazonaws.com"
source_arn = aws_cloudwatch_event_rule.start_ec2_event_rule.arn
它会抱怨statement_id重复。
我需要一些类似地形aws_lambda_event_source_mapping的东西,但它只允许lambda函数从Kinesis、DynamoDB和SQS获取事件;而不是CloudWatch事件。
如何告诉terraform将多个cloudwatch事件关联到同一个lambda函数;我什么时候可以从AWS控制台手动完成?
statement_id不是强制的,因此您可以安全地从aws_lambda_permission中省略它,地形将自动为您生成唯一的id。您也可以使用count或for_each为aws_lambda_permission节省一些输入。
例如,使用for_each可以将aws_lambda_permission定义为:
resource "aws_lambda_permission" "allow_cloudwatch" {
for_each = {for idx, v in [
aws_cloudwatch_event_rule.stop_ec2_event_rule,
aws_cloudwatch_event_rule.start_ec2_event_rule
]: idx => v}
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.lambda_rscheduler.function_name
principal = "events.amazonaws.com"
source_arn = each.value.arn
}
可以为aws_cloudwatch_event_rule和aws_cloudwatch_event_target编写类似的版本,以便您的代码基于for_each或count,而不需要复制和粘贴重复。