resource "aws_cloudwatch_log_group" "function" {
  name              = "/aws/lambda/${aws_lambda_function.function.function_name}"
  retention_in_days = 14
  tags = merge(var.standard_tags, var.tags)
}


###
### Trigger Portal Sync Lambda with Rules and Targets
###

### Time-based rules for portal sync:
resource "aws_cloudwatch_event_rule" "event_rule" {
  name = "threatq-lambda-data-sync"
  description = "Rule for threatq data sync lambda function - every 20 minutes"
  schedule_expression = "rate(20 minutes)"
  is_enabled = var.environment == "test" ? false : true
  tags = merge(var.standard_tags, var.tags)
}

### Time-based targets for portal sync:
resource "aws_cloudwatch_event_target" "event_target" {
  target_id = "ThreatQSync"
  rule = aws_cloudwatch_event_rule.event_rule.name
  arn  = aws_lambda_function.function.arn
}

### Invoke permissions for Time-based rules for portal sync:
resource "aws_lambda_permission" "permission" {
  statement_id  = "AllowExecutionFromCloudWatch"
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.function.function_name
  principal     = "events.amazonaws.com"
  source_arn    = aws_cloudwatch_event_rule.event_rule.arn
}