more terraform fix

README.md

@@ -82,6 +82,8 @@ module "rdscheck-check" {
   lambda_rate = "rate(30 minutes)"
   release_version = "v0.0.1"
   command = "check"
+  subnet_ids = ["subnet-12345,subnet-6789"]
+  security_group_ids = ["sg-1234,sg-5678"]
   lambda_env_vars {
     variables = {
       S3_BUCKET         = "s3-bucket-with-yaml-file"

terraform/terraform.tf

@@ -37,7 +37,8 @@ data "archive_file" "lambda_code" {
   depends_on = ["null_resource.get_release"]
 }
 
-resource "aws_lambda_function" "rdscheck_lambda" {
+resource "aws_lambda_function" "rdscheck_lambda_copy" {
+  count            = "${var.command != "check" ? 1 : 0}"
   filename         = "${data.archive_file.lambda_code.output_path}"
   function_name    = "${var.command}-rdscheck"
   role             = "${aws_iam_role.rdscheck_iam_role.arn}"
@@ -49,6 +50,23 @@ resource "aws_lambda_function" "rdscheck_lambda" {
   environment      = ["${slice(list(var.lambda_env_vars), 0, length(var.lambda_env_vars) == 0 ? 0 : 1)}"]
 }
 
+resource "aws_lambda_function" "rdscheck_lambda_check" {
+  count            = "${var.command != "copy" ? 1 : 0}"
+  filename         = "${data.archive_file.lambda_code.output_path}"
+  function_name    = "${var.command}-rdscheck"
+  role             = "${aws_iam_role.rdscheck_iam_role.arn}"
+  handler          = "main"
+  source_code_hash = "${data.archive_file.lambda_code.output_base64sha256}"
+  runtime          = "go1.x"
+  memory_size      = 128
+  timeout          = 120
+  environment      = ["${slice(list(var.lambda_env_vars), 0, length(var.lambda_env_vars) == 0 ? 0 : 1)}"]
+  vpc_config {
+    subnet_ids         = ["${var.subnet_ids}"]
+    security_group_ids = ["${var.security_group_ids}"]
+  }
+}
+
 data "aws_iam_policy" "AWSLambdaVPCAccessExecutionRole" {
   count = "${var.command != "copy" ? 1 : 0}"
   arn   = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
@@ -93,15 +111,32 @@ resource "aws_cloudwatch_event_rule" "rdscheck_rule" {
   is_enabled          = true
 }
 
-resource "aws_cloudwatch_event_target" "rdscheck_target" {
-  rule = "${aws_cloudwatch_event_rule.rdscheck_rule.name}"
-  arn  = "${aws_lambda_function.rdscheck_lambda.arn}"
+resource "aws_cloudwatch_event_target" "rdscheck_target_check" {
+  count = "${var.command != "copy" ? 1 : 0}"
+  rule  = "${aws_cloudwatch_event_rule.rdscheck_rule.name}"
+  arn   = "${aws_lambda_function.rdscheck_lambda_check.arn}"
 }
 
-resource "aws_lambda_permission" "allow_cloudwatch_to_call_rdscheck" {
+resource "aws_cloudwatch_event_target" "rdscheck_target_copy" {
+  count = "${var.command != "check" ? 1 : 0}"
+  rule  = "${aws_cloudwatch_event_rule.rdscheck_rule.name}"
+  arn   = "${aws_lambda_function.rdscheck_lambda_copy.arn}"
+}
+
+resource "aws_lambda_permission" "allow_cloudwatch_to_call_rdscheck_check" {
+  count         = "${var.command != "copy" ? 1 : 0}"
+  statement_id  = "AllowExecutionFromCloudWatch"
+  action        = "lambda:InvokeFunction"
+  function_name = "${aws_lambda_function.rdscheck_lambda_check.function_name}"
+  principal     = "events.amazonaws.com"
+  source_arn    = "${aws_cloudwatch_event_rule.rdscheck_rule.arn}"
+}
+
+resource "aws_lambda_permission" "allow_cloudwatch_to_call_rdscheck_copy" {
+  count         = "${var.command != "check" ? 1 : 0}"
   statement_id  = "AllowExecutionFromCloudWatch"
   action        = "lambda:InvokeFunction"
-  function_name = "${aws_lambda_function.rdscheck_lambda.function_name}"
+  function_name = "${aws_lambda_function.rdscheck_lambda_copy.function_name}"
   principal     = "events.amazonaws.com"
   source_arn    = "${aws_cloudwatch_event_rule.rdscheck_rule.arn}"
 }
@@ -118,3 +153,13 @@ variable "lambda_env_vars" {
   type    = "map"
   default = {}
 }
+
+variable "security_group_ids" {
+  type    = "list"
+  default = []
+}
+
+variable "subnet_ids" {
+  type    = "list"
+  default = []
+}