lambda-esm-kinesis-filters-terraform:Initial commit before PR

Author: nareshrajaram2017

lambda-esm-kinesis-filters-terraform/README.md

@@ -0,0 +1,113 @@
+# AWS Event Source Mapping for Lambda from Amazon Kinesis Data Stream (Terraform)
+
+This pattern demonstrates the ability to filter Amazon Kinesis events so that only a subset of all events is sent to an AWS Lambda function for processing. Demo stack will create a single Amazon Kinesis Data Stream (kinesis_stream_lambda_esm) and two AWS Lambda functions (esm_lambda_with_filter and esm_lambda_with_no_filter), one with specific filter criteria and one without any filtering criterias, that are subscribed to that stream using different filter configurations.
+
+Review [Filter Rule Syntax](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-syntax) for more details on the message filtering configuration.
+
+Learn more about this pattern at [Serverless Land Patterns](https://serverlessland.com/patterns/lambda-esm-kinesis-filters-terraform).
+
+Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.
+
+## Requirements
+
+* [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources.
+* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured
+* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+* [Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli?in=terraform/aws-get-started) installed
+
+## Deployment Instructions
+
+1. Clone the project to your local working directory
+
+   ```sh
+   git clone https://github.com/aws-samples/serverless-patterns/ 
+   ```
+
+2. Change the working directory to this pattern's directory
+
+   ```sh
+   cd serverless-patterns/lambda-esm-kinesis-filters-terraform
+   ```
+
+3. From the command line, initialize terraform to  to downloads and installs the providers defined in the configuration:
+    ```
+    terraform init
+    ```
+
+4. From the command line, apply the configuration in the main.tf file:
+    ```
+    terraform apply
+    ```
+
+5. During the prompts:
+   - Enter yes
+
+## How it works
+
+A new Amazon Kinesis Data Stream (kinesis_stream_lambda_esm) is created. Two AWS Lambda functions (esm_lambda_with_filter and esm_lambda_with_no_filter) that are subscribed to that stream with different filter settings. This way we demonstrate how various filtering settings affect which Amazon Kinesis Data Stream events are sent to each AWS Lambda function for processing.
+
+All AWS Lambda functions use the same code for demo purposes.
+
+The following considerations should be taken into account when working with Amazon Kinesis Data Stream events:
+
+- Event payload is base64 encoded and Lambda function is responsible for decoding it before processing
+- Event filtering for Amazon Kinesis Data Stream supports a subset of Amazon EventBridge event patterns, for example, Or (multiple fields) and Ends with didn't work
+- Filter definition should not contain any whitespace (tabs, space, etc.) in order to work properly!
+
+Note: The default region is `us-east-1`, it can also be changed using the variable `region`.
+
+**Note:** Variables can be supplied in different options, check the [Terraform documentation](https://developer.hashicorp.com/terraform/language/values/variables) for more details.
+
+## Testing
+
+You can execute a test script to submit a number of test messages to the demo Kinesis Data Stream (stream-lambda-esm-filter).
+
+    ```sh
+        cd serverless-patterns/lambda-esm-kinesis-filters-terraform/test
+        python stock.py
+    ```
+
+This script sends a series of test events to kinesis_stream_lambda_esm Kinesis Data Stream. It would generate the following sample events, 
+
+{'event_time': '2023-08-31T11:44:06.359748', 'ticker': 'MSFT', 'price': 87.79} <br>
+{'event_time': '2023-08-31T11:44:06.502610', 'ticker': 'TBV', 'price': 14.46} <br>
+{'event_time': '2023-08-31T11:44:06.527346', 'ticker': 'AMZN', 'price': 65.42} <br>
+{'event_time': '2023-08-31T11:44:06.553462', 'ticker': 'INTC', 'price': 48.72} <br>
+{'event_time': '2023-08-31T11:44:06.576400', 'ticker': 'AMZN', 'price': 59.14} <br>
+
+## Viewing Test Results
+
+| Log Group | Pattern(s) | Match messages | Comment |
+| --- | --- | --- | --- |
+| /aws/lambda/esm_lambda_with_no_filter | | ALL | logs all test messages |
+| /aws/lambda/esm_lambda_with_filter | {"data" = {"ticker" : ["AMZN"]}} | AMZN | logs events that matches the 'AMZN' ticker symbol only|         
+   
+## Cleanup
+
+1. Change directory to the pattern directory:
+    ```sh
+    cd serverless-patterns/lambda-esm-kinesis-filters-terraform
+    ```
+
+2. Delete all created resources
+    ```sh
+    terraform destroy
+    ```
+
+3. During the prompts:
+    * Enter yes
+
+4. Confirm all created resources has been deleted
+    ```sh
+    terraform show
+    ```
+
+## Reference
+
+- [AWS Lambda event source mappings](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html)
+- [AWS Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html)
+
+----
+Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+SPDX-License-Identifier: MIT-0

lambda-esm-kinesis-filters-terraform/example-pattern.json

@@ -0,0 +1,53 @@
+{
+	"title": "AWS Event Source Mapping for Lambda from Amazon Kinesis Data Stream (Terraform)",
+	"description": "This pattern demonstrates the ability to filter Amazon Kinesis events so that only a subset of all events is sent to an AWS Lambda function for processing.",
+	"language": "",
+	"level": "200",
+	"framework": "Terraform",
+	"introBox": {
+		"headline": "How it works",
+		"text": [
+			"A new Amazon Kinesis Data Stream (kinesis_stream_lambda_esm) is created. Two AWS Lambda functions (esm_lambda_with_filter and esm_lambda_with_no_filter) that are subscribed to that stream with different filter settings.",
+			"This way we demonstrate how various filtering settings affect which Amazon Kinesis Data Stream events are sent to each AWS Lambda function for processing."
+		]
+	},
+	"gitHub": {
+		"template": {
+			"repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/lambda-esm-kinesis-filters-terraform",
+			"templateURL": "serverless-patterns/lambda-esm-kinesis-filters-terraform",
+			"projectFolder": "lambda-esm-kinesis-filters-terraform",
+			"templateFile": "lambda-esm-kinesis-filters-terraform/main.tf"
+		}
+	},
+	"resources": {
+		"bullets": [{
+				"text": "AWS Event Source Mapping for Lambda from Amazon Kinesis Data Stream (Terraform)",
+				"link": "https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html"
+			}
+		]
+	},
+	"deploy": {
+		"text": [
+			"terraform init",
+			"terraform plan",
+			"terraform apply"
+		]
+	},
+	"testing": {
+		"text": [
+			"See the README in the GitHub repo for detailed testing instructions."
+		]
+	},
+	"cleanup": {
+		"text": [
+			"terraform destroy",
+			"terraform show"
+		]
+	},
+	"authors": [{
+		"name": "Naresh Rajaram",
+		"image": "",
+		"bio": "Cloud Infrastructure Architect, AWS",
+		"linkedin": "https://www.linkedin.com/in/naresh-rajaram-25bb106/"
+	}]
+}

lambda-esm-kinesis-filters-terraform/main.tf

@@ -0,0 +1,14 @@
+/* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. */
+
+# --- main.tf ---
+
+# Create Kinesis Stream
+module "kinesis_stream" {
+    source = "./modules/kinesisstream" 
+}
+
+# Create Lambda Event Filtering
+module "esm_filter_lambda" {
+    source     = "./modules/lambda" 
+    stream_arn = module.kinesis_stream.stream_arn
+}

lambda-esm-kinesis-filters-terraform/modules/kinesisstream/main.tf

@@ -0,0 +1,14 @@
+/* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. */
+
+# --- modules/kinesisstream/main.tf ---
+
+# Create Kinesis Stream
+resource "aws_kinesis_stream" "kinesis_stream" {
+    name                      = var.name    
+    retention_period          = var.retention_period
+    
+    // PROVISIONED or ON_DEMAND
+    stream_mode_details {
+        stream_mode = "ON_DEMAND"
+    }
+}

lambda-esm-kinesis-filters-terraform/modules/kinesisstream/outputs.tf

@@ -0,0 +1,16 @@
+/* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. */
+
+# --- modules/kinesisstream/outputs.tf ---
+
+# Kinesis Stream Name
+output "stream_name" {
+    value       = aws_kinesis_stream.kinesis_stream.name
+    description = "Output of Kinesis stream name"
+}
+
+# Kinesis Stream ARN
+output "stream_arn" {
+    value       = aws_kinesis_stream.kinesis_stream.arn
+    description = "Output of Kinesis stream ARN"
+}
+

lambda-esm-kinesis-filters-terraform/modules/kinesisstream/variables.tf

@@ -0,0 +1,18 @@
+/* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. */
+
+# --- modules/kinesisstream/variables.tf ---
+
+# Name of the Kinesis streams
+variable "name" {
+    description = "name"
+    type        = string 
+    default     = "kinesis_stream_lambda_esm"
+}
+
+# Kinesis streams - Retention Period
+variable "retention_period" {
+    description = "retention_period"
+    type        = number 
+    default     = 24
+}
+

lambda-esm-kinesis-filters-terraform/modules/lambda/esm_lambda_with_filter.tf

@@ -0,0 +1,85 @@
+/* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. */
+
+# --- modules/lambda/esm_lambda_with_filter.tf ---
+
+# Zip the source code
+data "archive_file" "esm_lambda_with_filter_in_zip_format" {
+    type        = "zip"
+    source_dir  = "${path.module}/src/with_filter"
+    output_path = "${path.module}/tmp/esm_lambda_with_filter.zip"
+}
+
+# Create AWS Lambda - Event Source Mapping (ESM) with filter
+resource "aws_lambda_function" "esm_lambda_with_filter" {
+    filename          = "${path.module}/tmp/esm_lambda_with_filter.zip"
+    function_name     = var.esm_lambda_with_filter_function_name
+    role              = aws_iam_role.iam_role_for_esm_lambda_with_filter.arn
+    handler           = var.esm_lambda_with_filter_handler
+    runtime           = var.runtime
+    timeout           = var.timeout
+
+    provisioner "local-exec" {
+        environment = {
+            file_path = "${path.module}/tmp/esm_lambda_with_filter.zip" //Change this location per your application needs
+        }
+        
+        command = "rm -f $file_path"
+        when    = destroy
+    }
+}
+
+
+# Random number generator
+resource "random_id" "random_generator_with_filter" {
+    byte_length = 8
+}
+
+# IAM Role for Lambda 
+resource "aws_iam_role" "iam_role_for_esm_lambda_with_filter" {
+    name               = "iam_role_for_esm_lambda_with_filter_${random_id.random_generator_with_filter.hex}"
+    assume_role_policy = file("${path.module}/iam_role_for_lambda.json")
+    force_detach_policies = true
+}
+
+# IAM Policy for Lambda
+resource "aws_iam_policy" "iam_policy_for_esm_lambda_with_filter" {
+    name   = "iam_policy_for_esm_lambda_with_filter_${random_id.random_generator_with_filter.hex}"
+    policy = templatefile("${path.module}/iam_policy_for_lambda.tftpl", 
+                            {esm_filter_lambda_arn = aws_lambda_function.esm_lambda_with_filter.arn,
+                            stream_arn = var.stream_arn})
+}
+
+# Attach IAM Role with IAM Policy for Lambda
+resource "aws_iam_role_policy_attachment" "attach_iam_role_with_iam_policy_with_filter" {
+    policy_arn      = aws_iam_policy.iam_policy_for_esm_lambda_with_filter.arn
+    role            = aws_iam_role.iam_role_for_esm_lambda_with_filter.name
+}
+
+# Event Source Mapping 
+resource "aws_lambda_event_source_mapping" "esm_lambda_with_filter" {
+    event_source_arn               = var.stream_arn
+    function_name                  = aws_lambda_function.esm_lambda_with_filter.arn
+    starting_position              = "LATEST"
+    batch_size                     = 5 //default - 100
+
+
+    filter_criteria {
+        filter {
+            pattern = jsonencode({
+                data = {                
+                    "ticker" : ["AMZN"]
+                }
+            })
+        }
+    }
+}
+
+# Cloudwatch Log Group
+resource "aws_cloudwatch_log_group" "esm_lambda_with_filter_log_group" {
+    name              = "/aws/lambda/${aws_lambda_function.esm_lambda_with_filter.function_name}"
+    retention_in_days = 3
+    
+    lifecycle {
+        prevent_destroy = false
+    }
+}

lambda-esm-kinesis-filters-terraform/modules/lambda/esm_lambda_with_no_filter.tf

@@ -0,0 +1,72 @@
+/* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. */
+
+# --- modules/lambda/esm_lambda_with_no_filter.tf ---
+
+# Zip the source code
+data "archive_file" "esm_lambda_with_no_filter_in_zip_format" {
+    type        = "zip"
+    source_dir  = "${path.module}/src/with_no_filter"
+    output_path = "${path.module}/tmp/esm_lambda_with_no_filter.zip"
+}
+
+# Create AWS Lambda - Event Source Mapping (ESM) with no filter (Basic)
+resource "aws_lambda_function" "esm_lambda_with_no_filter" {
+    filename          = "${path.module}/tmp/esm_lambda_with_no_filter.zip"
+    function_name     = var.esm_lambda_with_no_filter_function_name
+    role              = aws_iam_role.iam_role_for_esm_lambda_with_no_filter.arn
+    handler           = var.esm_lambda_with_no_filter_handler
+    runtime           = var.runtime
+    timeout           = var.timeout
+
+    provisioner "local-exec" {
+        environment = {
+            file_path = "${path.module}/tmp/esm_lambda_with_no_filter.zip" //Change this location per your application needs
+        }
+        
+        command = "rm -f $file_path"
+        when    = destroy
+    }
+}
+
+# Random number generator
+resource "random_id" "random_generator_no_filter" {
+    byte_length = 8
+}
+
+# IAM Role for Lambda 
+resource "aws_iam_role" "iam_role_for_esm_lambda_with_no_filter" {
+    name               = "iam_role_for_esm_lambda_with_no_filter_${random_id.random_generator_no_filter.hex}"
+    assume_role_policy = file("${path.module}/iam_role_for_lambda.json")
+    force_detach_policies = true
+}
+
+# IAM Policy for Lambda
+resource "aws_iam_policy" "iam_policy_for_esm_lambda_with_no_filter" {
+    name   = "iam_policy_for_esm_lambda_with_no_filter_${random_id.random_generator_no_filter.hex}"
+    policy = templatefile("${path.module}/iam_policy_for_lambda.tftpl", 
+                            {esm_filter_lambda_arn = aws_lambda_function.esm_lambda_with_filter.arn,
+                            stream_arn = var.stream_arn})
+}
+
+# Attach IAM Role with IAM Policy for Lambda
+resource "aws_iam_role_policy_attachment" "attach_iam_role_with_iam_policy_no_filter" {
+    policy_arn      = aws_iam_policy.iam_policy_for_esm_lambda_with_no_filter.arn
+    role            = aws_iam_role.iam_role_for_esm_lambda_with_no_filter.name
+}
+
+# Event Source Mapping 
+resource "aws_lambda_event_source_mapping" "esm_with_no_filter" {
+    event_source_arn               = var.stream_arn
+    function_name                  = aws_lambda_function.esm_lambda_with_no_filter.arn
+    starting_position              = "LATEST"
+    batch_size                     = 5 //default - 100      
+}
+
+# Cloudwatch log group
+resource "aws_cloudwatch_log_group" "esm_with_no_filter_log_group" {
+    name              = "/aws/lambda/${aws_lambda_function.esm_lambda_with_no_filter.function_name}"
+    retention_in_days = 3
+    lifecycle {
+        prevent_destroy = false
+    }
+}