Added the iam role and policy

Emmy-github-webdev · Emmy-github-webdev · commit c175f881b838 · 2025-12-12T17:16:22.000+01:00
diff --git a/terraform/modules/iam/main.tf b/terraform/modules/iam/main.tf
@@ -0,0 +1,58 @@
+# IAM Role for Lambda function
+resource "aws_iam_role" "lambda_role" {
+  name = "${var.environment}-serverless-health-check-api-lambda-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "lambda.amazonaws.com"
+        }
+      }
+    ]
+  })
+
+  tags = var.common_tags
+}
+
+# IAM Policy for CloudWatch Logs
+resource "aws_iam_role_policy" "lambda_cloudwatch_policy" {
+  name   = "${var.environment}-serverless-health-check-api-lambda-cloudwatch-policy"
+  role   = aws_iam_role.lambda_role.id
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "logs:CreateLogGroup",
+          "logs:CreateLogStream",
+          "logs:PutLogEvents"
+        ]
+        Resource = "arn:aws:logs:*:*:*"
+      }
+    ]
+  })
+}
+
+# IAM Policy for DynamoDB
+resource "aws_iam_role_policy" "lambda_dynamodb_policy" {
+  name = "${var.environment}-serverless-health-check-api-lambda-dynamodb-policy"
+  role = aws_iam_role.lambda_role.id
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "dynamodb:PutItem"
+        ]
+        Resource = var.dynamodb_table_arn
+      }
+    ]
+  })
+}
diff --git a/terraform/modules/iam/outputs.tf b/terraform/modules/iam/outputs.tf
@@ -0,0 +1,9 @@
+output "lambda_role_arn" {
+  description = "ARN of the Lambda execution role"
+  value       = aws_iam_role.lambda_role.arn
+}
+
+output "lambda_role_name" {
+  description = "Name of the Lambda execution role"
+  value       = aws_iam_role.lambda_role.name
+}
diff --git a/terraform/modules/iam/variables.tf b/terraform/modules/iam/variables.tf
@@ -0,0 +1,14 @@
+variable "environment" {
+  description = "Environment name"
+  type        = string
+}
+
+variable "dynamodb_table_arn" {
+  description = "ARN of the DynamoDB"
+  type        = string
+}
+
+variable "common_tags" {
+  description = "Common tags for all resources"
+  type        = map(string)
+}
