diff --git a/lambdas/export-rds-snapshot-to-s3/main.py b/lambdas/export_rds_snapshot_to_s3/main.py similarity index 100% rename from lambdas/export-rds-snapshot-to-s3/main.py rename to lambdas/export_rds_snapshot_to_s3/main.py diff --git a/terraform/core/10-aws-s3-buckets.tf b/terraform/core/10-aws-s3-buckets.tf index 3fea2d3ce..3f116508a 100644 --- a/terraform/core/10-aws-s3-buckets.tf +++ b/terraform/core/10-aws-s3-buckets.tf @@ -424,3 +424,25 @@ resource "aws_s3_bucket_versioning" "ssl_connection_resources" { status = "Enabled" } } + +module "rds_export_storage" { + source = "../modules/s3-bucket" + + tags = module.tags.values + project = var.project + environment = var.environment + identifier_prefix = local.identifier_prefix + bucket_name = "RDS Export Storage" + bucket_identifier = "rds-export-storage" +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "rds_export_storage_encryption" { + bucket = module.rds_export_storage.bucket_id + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "aws:kms" + } + bucket_key_enabled = true + } +} diff --git a/terraform/core/29-db-snapshot-to-s3-sandbox.tf b/terraform/core/29-db-snapshot-to-s3-sandbox.tf index f3333f289..920a6243e 100644 --- a/terraform/core/29-db-snapshot-to-s3-sandbox.tf +++ b/terraform/core/29-db-snapshot-to-s3-sandbox.tf @@ -2,13 +2,13 @@ # 1. Deploy this first to get the database and bastion host in place module "db_snapshot_to_s3_sandbox_resources" { - count = 0 - source = "../modules/db-snapshot-to-s3-sandbox-resources" - tags = module.tags.values - identifier_prefix = local.identifier_prefix - aws_sandbox_subnet_ids = var.aws_sandbox_subnet_ids - aws_sandbox_account_id = var.aws_sandbox_account_id - aws_sandbox_vpc_id = var.aws_sandbox_vpc_id + count = 0 + source = "../modules/db-snapshot-to-s3-sandbox-resources" + tags = module.tags.values + identifier_prefix = local.identifier_prefix + aws_sandbox_subnet_ids = var.aws_sandbox_subnet_ids + aws_sandbox_account_id = var.aws_sandbox_account_id + aws_sandbox_vpc_id = var.aws_sandbox_vpc_id providers = { aws = aws @@ -20,7 +20,7 @@ module "db_snapshot_to_s3_sandbox_resources" { # 3. lambda_artefact_storage_for_sandbox_account and db_snapshot_to_s3_sandbox can be deployed at the same time module "lambda_artefact_storage_for_sandbox_account" { - count = 0 + count = 0 source = "../modules/s3-bucket" tags = module.tags.values project = var.project @@ -34,25 +34,27 @@ module "lambda_artefact_storage_for_sandbox_account" { } } -module "db_snapshot_to_s3_sandbox" { - count = 0 - source = "../modules/db-snapshot-to-s3" - tags = module.tags.values - project = var.project - environment = var.environment - identifier_prefix = local.identifier_prefix - lambda_artefact_storage_bucket = module.lambda_artefact_storage_for_sandbox_account[0].bucket_id - zone_kms_key_arn = module.raw_zone.kms_key_arn - zone_bucket_arn = module.raw_zone.bucket_arn - zone_bucket_id = module.raw_zone.bucket_id - service_area = "unrestricted" - rds_instance_ids = var.rds_instance_ids - aws_account_suffix = "-sandbox" - - providers = { - aws = aws.aws_sandbox_account - } -} +#module "db_snapshot_to_s3_sandbox" { +# count = 0 +# source = "../modules/db-snapshot-to-s3" +# tags = module.tags.values +# project = var.project +# environment = var.environment +# identifier_prefix = local.identifier_prefix +# lambda_artefact_storage_bucket = module.lambda_artefact_storage_for_sandbox_account[0].bucket_id +# zone_kms_key_arn = module.raw_zone.kms_key_arn +# zone_bucket_arn = module.raw_zone.bucket_arn +# zone_bucket_id = module.raw_zone.bucket_id +# rds_export_storage_bucket_arn = module.rds_export_storage.bucket_arn +# rds_export_storage_kms_key_arn = module.rds_export_storage.kms_key_arn +# service_area = "unrestricted" +# rds_instance_ids = var.rds_instance_ids +# aws_account_suffix = "-sandbox" +# +# providers = { +# aws = aws.aws_sandbox_account +# } +#} #4. Update the raw zone bucket on DP dev account in your workspace with the following bucket and bucket key statements # Use these as inputs for bucket_policy_statements and bucket_key_policy_statements in the raw zone bucket module @@ -60,7 +62,7 @@ module "db_snapshot_to_s3_sandbox" { # sandbox_s3_to_s3_copier_write_access_to_raw_zone_statement = { # sid = "AllowSandboxS3toS3CopierWriteAccessToRawZoneUnrestrictedLocation" # effect = "Allow" - + # actions = [ # "s3:ListBucket", # "s3:PutObject", @@ -95,7 +97,7 @@ module "db_snapshot_to_s3_sandbox" { # "arn:aws:iam::${var.aws_sandbox_account_id}:role/${local.identifier_prefix}-s3-to-s3-copier-lambda" # ] # } - + # } #5. Uncomment the statement in the sandbox database key policy to allow the rds snapshot to s3 lambda role access to the key. This must be done after all other resources have been deployed. diff --git a/terraform/core/29-db-snapshot-to-s3.tf b/terraform/core/29-db-snapshot-to-s3.tf index cdc7dd33f..cd63f5ba6 100644 --- a/terraform/core/29-db-snapshot-to-s3.tf +++ b/terraform/core/29-db-snapshot-to-s3.tf @@ -23,6 +23,10 @@ module "db_snapshot_to_s3" { zone_kms_key_arn = module.raw_zone.kms_key_arn zone_bucket_arn = module.raw_zone.bucket_arn zone_bucket_id = module.raw_zone.bucket_id + rds_export_storage_bucket_arn = module.rds_export_storage.bucket_arn + rds_export_storage_bucket_id = module.rds_export_storage.bucket_id + rds_export_storage_kms_key_arn = module.rds_export_storage.kms_key_arn + rds_export_storage_kms_key_id = module.rds_export_storage.kms_key_id service_area = "unrestricted" rds_instance_ids = var.rds_instance_ids diff --git a/terraform/core/36-liberator-import.tf b/terraform/core/36-liberator-import.tf index b5dc2448a..693828b80 100644 --- a/terraform/core/36-liberator-import.tf +++ b/terraform/core/36-liberator-import.tf @@ -37,6 +37,10 @@ module "liberator_db_snapshot_to_s3" { zone_kms_key_arn = module.landing_zone.kms_key_arn zone_bucket_arn = module.landing_zone.bucket_arn zone_bucket_id = module.landing_zone.bucket_id + rds_export_storage_bucket_arn = module.rds_export_storage.bucket_arn + rds_export_storage_bucket_id = module.rds_export_storage.bucket_id + rds_export_storage_kms_key_arn = module.rds_export_storage.kms_key_arn + rds_export_storage_kms_key_id = module.rds_export_storage.kms_key_id service_area = "parking" rds_instance_ids = [for item in module.liberator_dump_to_rds_snapshot : item.rds_instance_id] workflow_name = aws_glue_workflow.parking_liberator_data.name @@ -79,7 +83,7 @@ data "aws_iam_policy_document" "lambda_assume_role" { ### New modules for liberator ingestion module "liberator_rds_snapshot_to_s3" { - count = 0 + count = 1 source = "../modules/rds-snapshot-to-s3" tags = module.tags.values identifier_prefix = local.identifier_prefix @@ -87,8 +91,11 @@ module "liberator_rds_snapshot_to_s3" { environment = var.environment lambda_artefact_storage_bucket = module.lambda_artefact_storage.bucket_id zone_kms_key_arn = module.landing_zone.kms_key_arn - zone_bucket_arn = module.landing_zone.bucket_arn + source_bucket_arn = module.landing_zone.bucket_arn zone_bucket_id = module.landing_zone.bucket_id + target_bucket_arn = module.raw_zone.bucket_arn + source_prefix = "parking/liberator/" + target_prefix = "parking/liberator/" service_area = "parking" rds_instance_ids = [for item in module.liberator_dump_to_rds_snapshot : item.rds_instance_id] rds_instance_arns = [for item in module.liberator_dump_to_rds_snapshot : item.rds_instance_arn] diff --git a/terraform/modules/db-snapshot-to-s3/01-inputs-required.tf b/terraform/modules/db-snapshot-to-s3/01-inputs-required.tf index 03f89a14f..7fd0d2dcf 100644 --- a/terraform/modules/db-snapshot-to-s3/01-inputs-required.tf +++ b/terraform/modules/db-snapshot-to-s3/01-inputs-required.tf @@ -42,3 +42,19 @@ variable "service_area" { variable "rds_instance_ids" { type = list(string) } + +variable "rds_export_storage_bucket_arn" { + type = string +} + +variable "rds_export_storage_kms_key_arn" { + type = string +} + +variable "rds_export_storage_kms_key_id" { + type = string +} + +variable "rds_export_storage_bucket_id" { + type = string +} diff --git a/terraform/modules/db-snapshot-to-s3/20-rds-to-s3-lambda.tf b/terraform/modules/db-snapshot-to-s3/20-rds-to-s3-lambda.tf index 71fef2490..f48dd59e3 100644 --- a/terraform/modules/db-snapshot-to-s3/20-rds-to-s3-lambda.tf +++ b/terraform/modules/db-snapshot-to-s3/20-rds-to-s3-lambda.tf @@ -159,8 +159,8 @@ resource "aws_lambda_function" "rds_snapshot_to_s3_lambda" { environment { variables = { IAM_ROLE_ARN = aws_iam_role.rds_snapshot_export_service.arn, - KMS_KEY_ID = module.rds_export_storage.kms_key_id, - S3_BUCKET_NAME = module.rds_export_storage.bucket_id, + KMS_KEY_ID = var.rds_export_storage_kms_key_id, + S3_BUCKET_NAME = var.rds_export_storage_bucket_id, COPIER_QUEUE_ARN = aws_sqs_queue.s3_to_s3_copier.arn } } diff --git a/terraform/modules/db-snapshot-to-s3/25-rds-to-s3-queue.tf b/terraform/modules/db-snapshot-to-s3/25-rds-to-s3-queue.tf index 0a73da849..0d6779b98 100644 --- a/terraform/modules/db-snapshot-to-s3/25-rds-to-s3-queue.tf +++ b/terraform/modules/db-snapshot-to-s3/25-rds-to-s3-queue.tf @@ -128,7 +128,7 @@ resource "aws_sns_topic_subscription" "subscribe_sqs_to_sns_topic" { resource "aws_lambda_event_source_mapping" "event_source_mapping" { event_source_arn = aws_sqs_queue.rds_snapshot_to_s3.arn - enabled = true + enabled = false function_name = aws_lambda_function.rds_snapshot_to_s3_lambda.arn batch_size = 1 } diff --git a/terraform/modules/db-snapshot-to-s3/30-rds-snapshot-export-service.tf b/terraform/modules/db-snapshot-to-s3/30-rds-snapshot-export-service.tf index d836a7dc5..4072a87b8 100644 --- a/terraform/modules/db-snapshot-to-s3/30-rds-snapshot-export-service.tf +++ b/terraform/modules/db-snapshot-to-s3/30-rds-snapshot-export-service.tf @@ -41,10 +41,8 @@ data "aws_iam_policy_document" "rds_snapshot_export_service" { "s3:DeleteObject*" ] resources = [ - module.rds_export_storage.bucket_arn, - "${module.rds_export_storage.bucket_arn}/*", - module.rds_export_storage.bucket_arn, - "${module.rds_export_storage.bucket_arn}/*", + var.rds_export_storage_bucket_arn, + "${var.rds_export_storage_bucket_arn}/*" ] } @@ -54,7 +52,7 @@ data "aws_iam_policy_document" "rds_snapshot_export_service" { ] effect = "Allow" resources = [ - module.rds_export_storage.kms_key_arn + var.rds_export_storage_kms_key_arn ] } } diff --git a/terraform/modules/db-snapshot-to-s3/40-s3-to-s3-copier-lambda.tf b/terraform/modules/db-snapshot-to-s3/40-s3-to-s3-copier-lambda.tf index 6ec390879..f534dfc5d 100644 --- a/terraform/modules/db-snapshot-to-s3/40-s3-to-s3-copier-lambda.tf +++ b/terraform/modules/db-snapshot-to-s3/40-s3-to-s3-copier-lambda.tf @@ -53,8 +53,8 @@ data "aws_iam_policy_document" "s3_to_s3_copier_lambda" { ] effect = "Allow" resources = [ - module.rds_export_storage.kms_key_arn, - "${module.rds_export_storage.bucket_arn}/*", + var.rds_export_storage_bucket_arn, + "${var.rds_export_storage_bucket_arn}/*", var.zone_kms_key_arn, var.zone_bucket_arn, "${var.zone_bucket_arn}/*", @@ -73,8 +73,8 @@ data "aws_iam_policy_document" "s3_to_s3_copier_lambda" { resources = [ var.zone_bucket_arn, "${var.zone_bucket_arn}/*", - module.rds_export_storage.bucket_arn, - "${module.rds_export_storage.bucket_arn}/*" + var.rds_export_storage_bucket_arn, + "${var.rds_export_storage_bucket_arn}/*" ] } diff --git a/terraform/modules/db-snapshot-to-s3/45-s3-to-s3-copier-queue.tf b/terraform/modules/db-snapshot-to-s3/45-s3-to-s3-copier-queue.tf index dca7a064d..6a08a345e 100644 --- a/terraform/modules/db-snapshot-to-s3/45-s3-to-s3-copier-queue.tf +++ b/terraform/modules/db-snapshot-to-s3/45-s3-to-s3-copier-queue.tf @@ -13,7 +13,7 @@ resource "aws_sqs_queue" "s3_to_s3_copier" { visibility_timeout_seconds = local.lambda_timeout * 6 name = lower("${var.identifier_prefix}-s3-to-s3-copier") - kms_master_key_id = aws_kms_key.s3_to_s3_copier_kms_key.key_id + kms_master_key_id = var.rds_export_storage_kms_key_id } resource "aws_kms_key" "s3_to_s3_copier_kms_key" { diff --git a/terraform/modules/rds-snapshot-to-s3/01-inputs-required.tf b/terraform/modules/rds-snapshot-to-s3/01-inputs-required.tf index a7e3fe55d..3618f1ac5 100644 --- a/terraform/modules/rds-snapshot-to-s3/01-inputs-required.tf +++ b/terraform/modules/rds-snapshot-to-s3/01-inputs-required.tf @@ -26,9 +26,6 @@ variable "zone_kms_key_arn" { type = string } -variable "zone_bucket_arn" { - type = string -} variable "zone_bucket_id" { type = string @@ -46,3 +43,11 @@ variable "rds_instance_ids" { variable "rds_instance_arns" { type = list(string) } + +variable "source_bucket_arn" { + type = string +} + +variable "target_bucket_arn" { + type = string +} diff --git a/terraform/modules/rds-snapshot-to-s3/02-inputs-optional.tf b/terraform/modules/rds-snapshot-to-s3/02-inputs-optional.tf index 86faba8a8..2dadb940f 100644 --- a/terraform/modules/rds-snapshot-to-s3/02-inputs-optional.tf +++ b/terraform/modules/rds-snapshot-to-s3/02-inputs-optional.tf @@ -27,3 +27,15 @@ variable "aws_account_suffix" { type = string default = "" } + +variable "source_prefix" { + description = "Prefix to be used for the source bucket location" + type = string + default = "" +} + +variable "target_prefix" { + description = "Prefix to be used for the target bucket location" + type = string + default = "" +} diff --git a/terraform/modules/rds-snapshot-to-s3/99-outputs.tf b/terraform/modules/rds-snapshot-to-s3/99-outputs.tf index 03946c479..da7ee1b28 100644 --- a/terraform/modules/rds-snapshot-to-s3/99-outputs.tf +++ b/terraform/modules/rds-snapshot-to-s3/99-outputs.tf @@ -1,4 +1,4 @@ -output "cloudwatch_event_rule_names" { - description = "The names of the CloudWatch Event Rules" - value = [for rule in aws_cloudwatch_event_rule.rds_event_rule : rule.name] -} \ No newline at end of file +output "rds_snapshot_s3_to_s3_copier_lambda_role_arn" { + description = "ARN for the s3_to_s3_copier_lambda_role" + value = aws_iam_role.rds_snapshot_s3_to_s3_copier_lambda_role.arn +} diff --git a/terraform/modules/rds-snapshot-to-s3/eventbridge.tf b/terraform/modules/rds-snapshot-to-s3/eventbridge.tf index c45bae813..c9e1f6146 100644 --- a/terraform/modules/rds-snapshot-to-s3/eventbridge.tf +++ b/terraform/modules/rds-snapshot-to-s3/eventbridge.tf @@ -5,29 +5,54 @@ locals { }] } -resource "aws_cloudwatch_event_rule" "rds_event_rule" { +resource "aws_cloudwatch_event_rule" "rds_snapshot_created_event_rule" { for_each = { for instance in local.rds_instances : instance.id => instance } - name = "rds-event-rule-${each.value.id}" - description = "Capture RDS Event 0161 for ${each.value.id}" + name = "rds-event-rule-${each.value.id}-snapshot-created" + description = "Capture RDS Event 0042 (Snapshot Created) for ${each.value.id}" event_pattern = jsonencode({ - source = ["aws.rds"], - detail-type = ["RDS DB Instance Event"], - resources = [each.value.arn], + source = ["aws.rds"], detail = { - EventCategories = ["snapshot"], - SourceType = ["db-instance"], - Message = ["RDS-EVENT-0161"] + SourceArn = [{ + "prefix" : "arn:aws:rds:eu-west-2:120038763019:snapshot:sql-to-parquet" + }], + EventID = ["RDS-EVENT-0042"] } }) tags = var.tags } -resource "aws_cloudwatch_event_target" "rds_event_target" { +resource "aws_cloudwatch_event_target" "rds_snapshot_created_event_target" { for_each = { for instance in local.rds_instances : instance.id => instance } - rule = aws_cloudwatch_event_rule.rds_event_rule[each.key].name - arn = module.rds-to-s3-copier.lambda_function_arn + rule = aws_cloudwatch_event_rule.rds_snapshot_created_event_rule[each.key].name + arn = module.trigger_rds_snapshot_export.lambda_function_arn +} + +resource "aws_cloudwatch_event_rule" "rds_snapshot_exported_event_rule" { + for_each = { for instance in local.rds_instances : instance.id => instance } + + name = "rds-event-rule-${each.value.id}-snapshot-exported" + description = "Capture RDS Event 0161 (Snapshot Exported) for ${each.value.id}" + + event_pattern = jsonencode({ + source = ["aws.rds"], + detail = { + SourceArn = [{ + "prefix" : "arn:aws:rds:eu-west-2:120038763019:snapshot:sql-to-parquet" + }], + EventID = ["RDS-EVENT-0161"] + } + }) + + tags = var.tags +} + +resource "aws_cloudwatch_event_target" "rds_export_s3_to_s3_event_target" { + for_each = { for instance in local.rds_instances : instance.id => instance } + + rule = aws_cloudwatch_event_rule.rds_snapshot_exported_event_rule[each.key].name + arn = module.rds_snapshot_s3_to_s3_copier.lambda_function_arn } diff --git a/terraform/modules/rds-snapshot-to-s3/iam.tf b/terraform/modules/rds-snapshot-to-s3/iam.tf index 4cf3f99a6..77c80e4e2 100644 --- a/terraform/modules/rds-snapshot-to-s3/iam.tf +++ b/terraform/modules/rds-snapshot-to-s3/iam.tf @@ -1,10 +1,19 @@ -resource "aws_lambda_permission" "allow_cloudwatch" { +resource "aws_lambda_permission" "allow_cloudwatch_snapshot_export_trigger" { for_each = { for instance in local.rds_instances : instance.id => instance } action = "lambda:InvokeFunction" - function_name = module.rds-to-s3-copier.lambda_function_arn + function_name = module.trigger_rds_snapshot_export.lambda_function_arn principal = "events.amazonaws.com" - source_arn = aws_cloudwatch_event_rule.rds_event_rule[each.key].arn + source_arn = aws_cloudwatch_event_rule.rds_snapshot_created_event_rule[each.key].arn +} + +resource "aws_lambda_permission" "allow_cloudwatch_snapshot_copier" { + for_each = { for instance in local.rds_instances : instance.id => instance } + + action = "lambda:InvokeFunction" + function_name = module.rds_snapshot_s3_to_s3_copier.lambda_function_arn + principal = "events.amazonaws.com" + source_arn = aws_cloudwatch_event_rule.rds_snapshot_exported_event_rule[each.key].arn } resource "aws_iam_role" "cloudwatch_events_role" { @@ -32,10 +41,109 @@ resource "aws_iam_role_policy" "cloudwatch_events_policy" { Version = "2012-10-17", Statement = [ { - Effect = "Allow", - Action = "lambda:InvokeFunction", - Resource = module.rds-to-s3-copier.lambda_function_arn, + Effect = "Allow", + Action = "lambda:InvokeFunction", + Resource = [ + module.trigger_rds_snapshot_export.lambda_function_arn, + module.rds_snapshot_s3_to_s3_copier.lambda_function_arn + ] } ] }) } + +resource "aws_iam_role" "rds_snapshot_to_s3_lambda_role" { + name = "rds-snapshot-to-s3-lambda-role" + assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json + +} + +data "aws_iam_policy_document" "rds_snapshot_to_s3_lambda" { + statement { + actions = [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + ] + effect = "Allow" + resources = [ + "*" + ] + } + + statement { + actions = [ + "rds:StartExportTask", + "rds:DescribeExportTasks" + ] + effect = "Allow" + resources = [ + local.rds_instances[0].arn + ] + } +} + + + +resource "aws_iam_role" "rds_snapshot_s3_to_s3_copier_lambda_role" { + name = "rds-snapshot-s3-to-s3-copier-lambda-role" + assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json +} + +data "aws_iam_policy_document" "rds_snapshot_s3_to_s3_copier_role_policy" { + statement { + actions = [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + ] + effect = "Allow" + resources = [ + "*" + ] + } + + statement { + actions = [ + "s3:GetObject", + "s3:PutObject", + "s3:ListBucket", + "s3:DeleteObject" + ] + effect = "Allow" + resources = [ + var.source_bucket_arn, + "${var.source_bucket_arn}/*", + var.target_bucket_arn, + "${var.target_bucket_arn}/*" + ] + } +} + +resource "aws_iam_policy" "rds_snapshot_s3_to_s3_copier_role_policy" { + name = lower("${var.identifier_prefix}-rds-snapshot-s3-to-s3-copier-lambda-policy") + policy = data.aws_iam_policy_document.rds_snapshot_s3_to_s3_copier_role_policy.json + tags = var.tags +} + +resource "aws_iam_policy_attachment" "rds_snapshot_copier_attachment" { + name = "${var.identifier_prefix}-rds-snapshot-s3-to-s3-lambda-policy-attachment" + policy_arn = aws_iam_policy.rds_snapshot_s3_to_s3_copier_role_policy.arn + roles = [ + aws_iam_role.rds_snapshot_to_s3_lambda_role.name + ] +} + +data "aws_iam_policy_document" "lambda_assume_role" { + statement { + actions = [ + "sts:AssumeRole" + ] + principals { + identifiers = [ + "lambda.amazonaws.com" + ] + type = "Service" + } + } +} diff --git a/terraform/modules/rds-snapshot-to-s3/lambda.tf b/terraform/modules/rds-snapshot-to-s3/lambda.tf index b11421373..ddb0ed9fb 100644 --- a/terraform/modules/rds-snapshot-to-s3/lambda.tf +++ b/terraform/modules/rds-snapshot-to-s3/lambda.tf @@ -1,12 +1,37 @@ -module "rds-to-s3-copier" { +module "trigger_rds_snapshot_export" { source = "../aws-lambda" - lambda_name = "rds-to-s3-copier" - runtime = "python3.8" + lambda_name = "export-rds-snapshot-to-s3" + runtime = "python3.9" handler = "lambda_function.lambda_handler" lambda_artefact_storage_bucket = var.lambda_artefact_storage_bucket - lambda_source_dir = "../../lambdas/s3-to-s3-export-copier-python" - lambda_output_path = "../../lambdas/rds-to-s3-copier.zip" - s3_key = "rds-to-s3-copier.zip" + lambda_source_dir = "../../lambdas/export_rds_snapshot_to_s3" + lambda_output_path = "../../lambdas/export-rds-snapshot-to-s3.zip" + s3_key = "export-rds-snapshot-to-s3.zip" identifier_prefix = var.identifier_prefix tags = var.tags + environment_variables = { + "BUCKET_NAME" = var.zone_bucket_id + "IAM_ROLE_ARN" = aws_iam_role.rds_snapshot_to_s3_lambda_role.arn + "KMS_KEY_ID" = var.zone_kms_key_arn + } +} + +module "rds_snapshot_s3_to_s3_copier" { + source = "../aws-lambda" + lambda_name = "rds-export-s3-to-s3-copier" + runtime = "python3.9" + handler = "lambda_function.lambda_handler" + lambda_artefact_storage_bucket = var.lambda_artefact_storage_bucket + lambda_source_dir = "../../lambdas/rds_snapshot_export_s3_to_s3_copier" + lambda_output_path = "../../lambdas/rds_snapshot_export_s3_to_s3_copier.zip" + s3_key = "rds-export-s3-to-s3-copier.zip" + identifier_prefix = var.identifier_prefix + tags = var.tags + environment_variables = { + "SOURCE_BUCKET" = var.source_bucket_arn + "TARGET_BUCKET" = var.target_bucket_arn + "SOURCE_PREFIX" = var.source_prefix + "TARGET_PREFIX" = var.target_prefix + "WORKFLOW_NAME" = var.workflow_name + } }