This was my first code in terraform to create an AWS Lambda function and scheduling it using AWS cloudwatch.

Terraform is an open-source infrastructure as code software tool. Terraform is a tool for developing, changing and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions. Terraform is the first multi-cloud immutable infrastructure tool that was introduced to the world by HashiCorp.

I work as a Data Engineer in a start up, whereas writing the terraform code is generally the job of a DevOps guy. But that is the beauty of working in a start up where you get to work on different things as the need arises. Since our Dev Ops team was busy, I planned to get my hands dirty with some of their stuff. I ended up writing terraform code to create a Lambda function for one of our use cases, where we have to make an API call daily to get data from a third party.

For scheduling the function, we planned to use cloudwatch. Everything was written in the terraform, I will go through each step one-by-one.

1. Create an IAM role to execute lambda function

This IAM role is required to execute the Lambda function as it grants the function permission to access the AWS resources and services. This role needs to be provided at the time of creating the function. The Lambda function assumes this role when it is invoked.

2. Create a policy to give required permissions to the role

For our use case, we need to get the data from an API call and store it to an s3 bucket. This task requires the following two permissions

1. Permission to write the data to s3 bucket
2. To upload the logs to cloudwatch for the monitoring

For the first permission, I created a policy which allows the role that I had created in step 1 to put and get the objects from the s3 bucket.

For the second permission, I used the AWS managed policy AWSLambdaBasicExecutionRole. This permission could be skipped, if you don't want to check the logs. But its good practice to have logs in place, so that if unfortunately things go bad you will have a way to check what is it?

3. Create a Lambda function

After having the execution role in place along with the required permissions, next step is to go ahead and create the lambda function.

This is simple isn't it?

Now, moving on to the next step of scheduling the function using cloudwatch rule.

4. Create and attach a cloudwatch rule to the lambda function

Scheduling a lambda function is a 3 step process-

1. Create a rule that triggers itself on schedule.
2. Give permissions to events.amazonaws.com to invoke lambda function.
3. Specify the target lambda function.

That's it for today. Happy Learning!