fix(iam): add back some of the kinesis iam

Pocket · Jan 2, 2025 · bee6559 · bee6559
1 parent e199c8a
commit bee6559
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 29 deletions.
diff --git a/infrastructure/user-list-search/lambda_codedeploy.tf b/infrastructure/user-list-search/lambda_codedeploy.tf
@@ -0,0 +1,41 @@
+resource "aws_iam_role" "lambda_codedeploy_role" {
+  name               = "${local.prefix}-LambdaCodeDeployRole"
+  assume_role_policy = data.aws_iam_policy_document.codedeploy_assume_role.json
+}
+
+
+resource "aws_iam_role_policy_attachment" "lambda_codedeploy_role" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda"
+  #Depending on the service there are different types.
+  role = aws_iam_role.lambda_codedeploy_role.name
+}
+
+resource "aws_iam_role" "lambda_role" {
+  name               = "${local.prefix}-LambdaExecutionRole"
+  tags               = local.tags
+  assume_role_policy = data.aws_iam_policy_document.lambda_assume.json
+}
+
+resource "aws_iam_role_policy_attachment" "lambda_role_xray_write" {
+  role       = aws_iam_role.lambda_role.name
+  policy_arn = data.aws_iam_policy.aws_xray_write_only_access.arn
+}
+
+data "aws_iam_policy_document" "lambda_assume" {
+  version = "2012-10-17"
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "sts:AssumeRole"
+    ]
+
+    principals {
+      identifiers = [
+        "lambda.amazonaws.com"
+      ]
+
+      type = "Service"
+    }
+  }
+}
diff --git a/infrastructure/user-list-search/metrics_metric_definitions.tf b/infrastructure/user-list-search/metrics_metric_definitions.tf
@@ -70,35 +70,6 @@ locals {
         expression = "IF(user_list_import_queue_messages_deleted, user_list_import_queue_messages_deleted, 1)/IF(user_list_import_queue_messages_sent, user_list_import_queue_messages_sent, 1)*100",
       }
     }
-    event_consumer_lambda = {
-      duration = {
-        id        = "event_consumer_lambda_duration"
-        namespace = "AWS/Lambda"
-        metric    = "Duration"
-        statistic = "Sum"
-        dimensions = {
-          FunctionName = aws_lambda_function.unified_events_consumer.function_name
-        }
-      },
-      errors = {
-        id        = "event_consumer_lambda_errors"
-        namespace = "AWS/Lambda"
-        metric    = "Errors"
-        statistic = "Sum"
-        dimensions = {
-          FunctionName = aws_lambda_function.unified_events_consumer.function_name
-        }
-      },
-      iterator_age = {
-        id        = "event_consumer_lambda_iterator_age"
-        namespace = "AWS/Lambda"
-        metric    = "IteratorAge"
-        statistic = "Sum"
-        dimensions = {
-          FunctionName = aws_lambda_function.unified_events_consumer.function_name
-        }
-      }
-    }
 
     list_item_import_lambda = {
       invocations = {