Terraform多个cloudwatch事件触发相同的lambda函数

Question

我在 Terraform 中设置了以下内容。所以有两个事件规则，start_event 上午 8 点，stop_event 下午 6 点。

# Create cloudwatch event rules
resource "aws_cloudwatch_event_rule" "stop_ec2_event_rule" {
  name        = "stop-ec2-event-rule"
  description = "Stop EC2 instance at a specified time each day"
  schedule_expression = var.cloudwatch_schedule_stop
}

resource "aws_cloudwatch_event_rule" "start_ec2_event_rule" {
  name        = "start-ec2-event-rule"
  description = "Start EC2 instance at a specified time each day"
  schedule_expression = var.cloudwatch_schedule_start
}

每个事件都会将一个操作传递给 lambda

resource "aws_cloudwatch_event_target" "stop_ec2_event_rule_target" {
  rule      = aws_cloudwatch_event_rule.stop_ec2_event_rule.name
  target_id = "TriggerLambdaFunction"
  arn       = aws_lambda_function.lambda_rscheduler.arn
  input     = "{\"environment\":\"${var.environment}\", \"action\":\"stop\"}"
}

resource "aws_cloudwatch_event_target" "start_ec2_event_rule_target" {
  rule      = aws_cloudwatch_event_rule.start_ec2_event_rule.name
  target_id = "TriggerLambdaFunction"
  arn       = aws_lambda_function.lambda_rscheduler.arn
  input     = "{\"environment\":\"${var.environment}\", \"action\":\"start\"}"
}

这有效

resource "aws_lambda_permission" "allow_cloudwatch" {
  statement_id  = "AllowExecutionFromCloudWatch"
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.lambda_rscheduler.function_name
  principal     = "events.amazonaws.com"
  source_arn    = aws_cloudwatch_event_rule.stop_ec2_event_rule.arn

我面临的问题是我无法让 Terraform 将 start_event 与 lambda 函数关联起来。我进入 AWS 控制台，可以手动将 CloudWatch start_event 触发器添加到 lambda 函数。

如果我有 start_event 资源

resource "aws_lambda_permission" "allow_cloudwatch" {
  statement_id  = "AllowExecutionFromCloudWatch"
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.lambda_rscheduler.function_name
  principal     = "events.amazonaws.com"
  source_arn    = aws_cloudwatch_event_rule.start_ec2_event_rule.arn

它会抱怨statement_id重复。

我需要像 terraform aws_lambda_event_source_mapping 这样的东西，但它只允许 Lambda 函数从 Kinesis、DynamoDB 和 SQS 获取事件；而不是 CloudWatch 事件。

我如何告诉 terraform 将多个 cloudwatch 事件关联到同一个 lambda 函数；我什么时候可以从 AWS 控制台手动执行此操作？

Answer 1

statement_id不是强制性的，因此您可以安全地从您的列表中省略它aws_lambda_permission，并且 terraform 将自动为您生成唯一的 ID。您还可以使用count或for_each来节省 的输入量aws_lambda_permission。

例如，使用for_each您可以定义aws_lambda_permission为：

resource "aws_lambda_permission" "allow_cloudwatch" {
  
  for_each      = {for idx, v in [
      aws_cloudwatch_event_rule.stop_ec2_event_rule,
      aws_cloudwatch_event_rule.start_ec2_event_rule
  ]: idx => v}
  
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.lambda_rscheduler.function_name
  principal     = "events.amazonaws.com"
  source_arn    = each.value.arn
}

可以编写类比版本aws_cloudwatch_event_rule， aws_cloudwatch_event_target以便您的代码基于for_each或count不基于复制粘贴重复。