refactor terraform modules, add clustering lambda (#4)

terraform/main.tf

@@ -0,0 +1,17 @@
+provider "aws" {
+  region = "us-east-1"
+}
+
+module "alpr_counts" {
+  module_name = "alpr_counts"
+  source = "./modules/alpr_counts"
+  deflock_stats_bucket = var.deflock_stats_bucket
+  rate = "rate(60 minutes)"
+}
+
+module "alpr_clusters" {
+  module_name = "alpr_clusters"
+  source = "./modules/alpr_clusters"
+  deflock_stats_bucket = var.deflock_stats_bucket
+  rate = "rate(1 day)"
+}

terraform/modules/alpr_clusters/main.tf

@@ -0,0 +1,72 @@
+resource "aws_iam_role" "lambda_role" {
+  name = "${var.module_name}_lambda_s3_write_role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "lambda.amazonaws.com"
+        }
+      }
+    ]
+  })
+}
+
+resource "aws_iam_policy" "lambda_s3_write_policy" {
+  name        = "${var.module_name}_lambda_s3_write_policy"
+  description = "Policy for Lambda to write to S3 bucket ${var.deflock_stats_bucket}"
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = [
+          "s3:PutObject",
+          "s3:PutObjectAcl"
+        ]
+        Effect   = "Allow"
+        Resource = "arn:aws:s3:::${var.deflock_stats_bucket}/${var.output_filename}"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "lambda_s3_write_attachment" {
+  role       = aws_iam_role.lambda_role.name
+  policy_arn = aws_iam_policy.lambda_s3_write_policy.arn
+}
+
+resource "aws_lambda_function" "overpass_lambda" {
+  function_name    = var.module_name
+  role             = aws_iam_role.lambda_role.arn
+  package_type     = "Image"
+  image_uri        = "${aws_ecr_repository.lambda_repository.repository_url}:latest"
+  timeout = 90
+}
+
+resource "aws_cloudwatch_event_rule" "lambda_rule" {
+  name        = "${var.module_name}_rule"
+  description = "Rule to trigger ${var.module_name} lambda"
+  schedule_expression = var.rate
+}
+
+resource "aws_cloudwatch_event_target" "lambda_target" {
+  target_id = "${var.module_name}_target"
+  rule      = aws_cloudwatch_event_rule.lambda_rule.name
+  arn       = aws_lambda_function.overpass_lambda.arn
+}
+
+resource "aws_lambda_permission" "allow_cloudwatch_to_call_lambda" {
+  statement_id  = "AllowExecutionFromCloudWatch"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.overpass_lambda.function_name
+  principal     = "events.amazonaws.com"
+  source_arn    = aws_cloudwatch_event_rule.lambda_rule.arn
+}
+
+resource "aws_ecr_repository" "lambda_repository" {
+  name = "${var.module_name}-lambda"
+}

terraform/modules/alpr_clusters/outputs.tf

@@ -0,0 +1,3 @@
+output "ecr_repository_url" {
+  value = aws_ecr_repository.lambda_repository.repository_url
+}

terraform/modules/alpr_clusters/variables.tf

@@ -0,0 +1,16 @@
+variable "module_name" {
+  description = "Name of the module"
+}
+
+variable "output_filename" {
+  description = "Filename for the ALPR clusters JSON file"
+  default     = "alpr_clusters.json"
+}
+
+variable "deflock_stats_bucket" {
+  description = "S3 bucket for the ALPR clusters JSON file"
+}
+
+variable "rate" {
+  description = "Rate at which to run the Lambda function"
+}

terraform/modules/alpr_counts/main.tf

@@ -1,12 +1,3 @@
-locals {
-  alpr_counts_filename = "alpr-counts.json"
-}
-
-
-provider "aws" {
-  region = "us-east-1"
-}
-
 resource "aws_iam_role" "lambda_role" {
   name = "lambda_s3_write_role"
 
@@ -26,7 +17,7 @@ resource "aws_iam_role" "lambda_role" {
 
 resource "aws_iam_policy" "lambda_s3_write_policy" {
   name        = "lambda_s3_write_policy"
-  description = "Policy for Lambda to write to S3 bucket deflock-clusters"
+  description = "Policy for Lambda to write to S3 bucket ${var.deflock_stats_bucket}"
 
   policy = jsonencode({
     Version = "2012-10-17"
@@ -37,7 +28,7 @@ resource "aws_iam_policy" "lambda_s3_write_policy" {
           "s3:PutObjectAcl"
         ]
         Effect   = "Allow"
-        Resource = "arn:aws:s3:::deflock-clusters/${local.alpr_counts_filename}"
+        Resource = "arn:aws:s3:::${var.deflock_stats_bucket}/${var.output_filename}"
       }
     ]
   })
@@ -51,43 +42,43 @@ resource "aws_iam_role_policy_attachment" "lambda_s3_write_attachment" {
 resource "null_resource" "pip_install" {
   provisioner "local-exec" {
     command = <<EOT
-      cd ${path.module}/../serverless/alpr-counts/src
+      cd ${path.root}/../serverless/${var.module_name}/src
       pip3 install -r requirements.txt -t .
     EOT
   }
 
   triggers = {
     # Re-run the provisioner if the file changes
-    file_hash = "${filemd5("${path.module}/../serverless/alpr-counts/src/alpr_counts.py")}"
+    file_hash = "${filemd5("${path.root}/../serverless/${var.module_name}/src/${var.module_name}.py")}"
   }
 }
 
 data "archive_file" "python_lambda_package" {
   type        = "zip"
-  source_dir  = "${path.module}/../serverless/alpr-counts/src"
-  output_path = "${path.module}/../serverless/alpr-counts/lambda.zip"
+  source_dir  = "${path.root}/../serverless/${var.module_name}/src"
+  output_path = "${path.root}/../serverless/${var.module_name}/lambda.zip"
 
   depends_on = [ null_resource.pip_install ]
 }
 
 resource "aws_lambda_function" "overpass_lambda" {
   filename         = data.archive_file.python_lambda_package.output_path
-  function_name    = "alpr_counts"
+  function_name    = var.module_name
   role             = aws_iam_role.lambda_role.arn
-  handler          = "alpr_counts.lambda_handler"
+  handler          = "${var.module_name}.lambda_handler"
   runtime          = "python3.9"
   source_code_hash = data.archive_file.python_lambda_package.output_base64sha256
   timeout = 30
 }
 
 resource "aws_cloudwatch_event_rule" "lambda_rule" {
-  name        = "alpr_counts_rule"
-  description = "Rule to trigger alpr_counts lambda"
-  schedule_expression = "rate(60 minutes)"
+  name        = "${var.module_name}_rule"
+  description = "Rule to trigger ${var.module_name} lambda"
+  schedule_expression = var.rate
 }
 
 resource "aws_cloudwatch_event_target" "lambda_target" {
-  target_id = "alpr_counts_target"
+  target_id = "${var.module_name}_target"
   rule      = aws_cloudwatch_event_rule.lambda_rule.name
   arn       = aws_lambda_function.overpass_lambda.arn
 }

terraform/modules/alpr_counts/variables.tf

@@ -0,0 +1,16 @@
+variable "module_name" {
+  description = "Name of the module"
+}
+
+variable "output_filename" {
+  description = "Filename for the ALPR counts JSON file"
+  default     = "alpr-counts.json"
+}
+
+variable "deflock_stats_bucket" {
+  description = "S3 bucket for the ALPR counts JSON file"
+}
+
+variable "rate" {
+  description = "Rate at which to run the Lambda function"
+}

terraform/remote-backend.tf

@@ -0,0 +1,39 @@
+resource "aws_s3_bucket" "terraform_state" {
+  bucket = "deflock-terraform-state"
+
+  tags = {
+    Name = "Terraform State Bucket"
+  }
+}
+
+resource "aws_s3_bucket_versioning" "enable_versioning" {
+  bucket = aws_s3_bucket.terraform_state.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_dynamodb_table" "terraform_locks" {
+  name           = "deflock-terraform-state-locks"
+  billing_mode   = "PAY_PER_REQUEST"
+  hash_key       = "LockID"
+
+  attribute {
+    name = "LockID"
+    type = "S"
+  }
+
+  tags = {
+    Name = "Terraform State Lock Table"
+  }
+}
+
+terraform {
+  backend "s3" {
+    bucket         = "deflock-terraform-state"
+    key            = "global/s3/terraform.tfstate"
+    region         = "us-east-1"
+    dynamodb_table = "terraform-state-locks"
+    encrypt        = true
+  }
+}

terraform/variables.tf

@@ -0,0 +1,4 @@
+variable "deflock_stats_bucket" {
+  description = "S3 bucket for the ALPR counts JSON file"
+  default = "deflock-clusters"
+}