locals { environment_vars = { "HTTP_PROXY" = "http://${var.proxy}" "HTTPS_PROXY" = "http://${var.proxy}" "NO_PROXY" = "${var.dns_info["legacy_private"]["zone"]},${var.dns_info["private"]["zone"]}" "VAULT_HOST" = "vault.${var.dns_info["private"]["zone"]}" "VAULT_PATH" = "threatq-lambda/data/lambda_sync_env" "PYTHONWARNINGS" = "ignore:Unverified HTTPS request" } } #### # #Security Group # #### data "aws_security_group" "typical-host" { name = "typical-host" vpc_id = var.vpc_id } resource "aws_security_group" "threatq_lambda_splunk_sg" { vpc_id = var.vpc_id name = "threatq-data-sync-lambda-splunk-sg" description = "Allow Lambda access to Splunk" } resource "aws_security_group_rule" "threatq_lambda_splunk_out" { type = "egress" from_port = 8089 to_port = 8089 protocol = "tcp" cidr_blocks = ["10.0.0.0/8"] description = "All Splunk SH" security_group_id = aws_security_group.threatq_lambda_splunk_sg.id } # Env variables for bootstrap only; true secrets should be in vault resource "aws_lambda_function" "function" { description = "Sync data between ThreatQ and Splunk" filename = "code.zip" source_code_hash = filebase64sha256("code.zip") function_name = "threatq_data_sync" role = aws_iam_role.role.arn handler = "lambda_function.lambda_handler" runtime = "python3.8" timeout = "900" vpc_config { subnet_ids = var.subnets security_group_ids = [ data.aws_security_group.typical-host.id, aws_security_group.threatq_lambda_splunk_sg.id ] } environment { variables = merge(local.environment_vars) } tags = merge(var.standard_tags, var.tags) lifecycle { # Ignoring changes to the code of the function so that we won't # overlay changes to the function made outside of terraform. Installing # new versions of a lambda should not be a terraform-ish action we don't think ignore_changes = [ last_modified, source_code_hash ] } }