Home Explore Help
Register Sign In
AFS
/
xdr-terraform-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 579feedaab
Branches Tags
xdr-terraform-m...
/
base
/
threatquotient_lambda
/
main.tf

main.tf 2.1 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 
  1. locals {
    2. 

  2.   environment_vars = {
    3. 

  3.       "HTTP_PROXY"             = "http://${var.proxy}"
    4. 

  4.       "HTTPS_PROXY"            = "http://${var.proxy}"
    5. 

  5.       "NO_PROXY"               = "${var.dns_info["legacy_private"]["zone"]},${var.dns_info["private"]["zone"]}"
    6. 

  6.       "VAULT_HOST"             = "vault.${var.dns_info["private"]["zone"]}"
    7. 

  7.       "VAULT_PATH"             = "threatq-lambda/data/lambda_sync_env"
    8. 

  8.       "PYTHONWARNINGS"         = "ignore:Unverified HTTPS request"
    9. 

  9.   }
    10. 

  10. }
    11. 

  11. 

  12. ####
    13. 

  13. #
    14. 

  14. #Security Group
    15. 

  15. #
    16. 

  16. ####
    17. 

  17. data "aws_security_group" "typical-host" {
    18. 

  18.   name   = "typical-host"
    19. 

  19.   vpc_id = var.vpc_id
    20. 

  20. }
    21. 

  21. 

  22. resource "aws_security_group" "threatq_lambda_splunk_sg" {
    23. 

  23.   vpc_id      = var.vpc_id
    24. 

  24.   name        = "threatq-data-sync-lambda-splunk-sg"
    25. 

  25.   description = "Allow Lambda access to Splunk"
    26. 

  26. }
    27. 

  27. 

  28. resource "aws_security_group_rule" "threatq_lambda_splunk_out" {
    29. 

  29.   type              = "egress"
    30. 

  30.   from_port         = 8089
    31. 

  31.   to_port           = 8089
    32. 

  32.   protocol          = "tcp"
    33. 

  33.   cidr_blocks       = ["10.0.0.0/8"]
    34. 

  34.   description       = "All Splunk SH"
    35. 

  35.   security_group_id = aws_security_group.threatq_lambda_splunk_sg.id
    36. 

  36. }
    37. 

  37. 

  38. # Env variables for bootstrap only; true secrets should be in vault
    39. 

  39. resource "aws_lambda_function" "function" {
    40. 

  40.   description      = "Sync data between ThreatQ and Splunk"
    41. 

  41.   filename         = "code.zip"
    42. 

  42.   source_code_hash = filebase64sha256("code.zip")
    43. 

  43.   function_name    = "threatq_data_sync"
    44. 

  44.   role             = aws_iam_role.role.arn
    45. 

  45.   handler          = "lambda_function.lambda_handler"
    46. 

  46.   runtime          = "python3.8"
    47. 

  47.   timeout          = "900"
    48. 

  48.   vpc_config {
    49. 

  49.     subnet_ids          = var.subnets
    50. 

  50.     security_group_ids  = [ data.aws_security_group.typical-host.id, aws_security_group.threatq_lambda_splunk_sg.id ]
    51. 

  51.   }
    52. 

  52.   environment { 
    53. 

  53.     variables = merge(local.environment_vars)
    54. 

  54.   }
    55. 

  55.   tags = merge(var.standard_tags, var.tags)
    56. 

  56. 

  57.   lifecycle {
    58. 

  58.     # Ignoring changes to the code of the function so that we won't
    59. 

  59.     # overlay changes to the function made outside of terraform.  Installing
    60. 

  60.     # new versions of a lambda should not be a terraform-ish action we don't think
    61. 

  61.     ignore_changes = [
    62. 

  62.       last_modified,
    63. 

  63.       source_code_hash
    64. 

  64.     ]
    65. 

  65.   }
    66. 

  66. 

  67. }
    68.