Moving-functions-to-gitlab

Author: Matej Stajduhar

roles/aws/aws_backup_validation/defaults/main.yml

@@ -9,6 +9,7 @@ aws_backup_validation:
   handler: "lambda_handler"
   resources:
     - name: ec2_test_instance
+      git_url: true
       type: EC2
       lambda_policy:
         - "backup:PutRestoreValidationResult"
@@ -17,6 +18,7 @@ aws_backup_validation:
         - "ssm:SendCommand"
         - "ec2:DescribeInstances"
     - name: rds_test_instance
+      git_url: true
       type:  RDS
       lambda_policy:
         - "backup:PutRestoreValidationResult"
@@ -25,10 +27,12 @@ aws_backup_validation:
         - "ec2:DescribeInstances"
         - "rds:DescribeDBInstances"
     - name: aurora_create_instance
+      git_url: true
       type: Aurora
       lambda_policy:
         - "lambda:InvokeFunction"
     - name: aurora_test_instance
+      git_url: true
       type: Aurora
       event_pattern: '{ "source": ["aws.rds"], "detail-type": ["RDS DB Instance Event"], "resources": [{ "prefix": "arn:aws:rds:eu-west-1:{{ _acc_id }}:db:restoretest" }], "detail": { "EventID": ["RDS-EVENT-0005"] } }'
       lambda_policy:
@@ -38,6 +42,7 @@ aws_backup_validation:
         - "rds:DescribeDBClusters"
         - "rds:DeleteDBInstance"
     - name: validation_report
+      git_url: true
       type: Schedule
       schedule: "cron(0 0 ? * MON *)"
       lambda_policy:

roles/aws/aws_backup_validation/tasks/main.yml

@@ -48,7 +48,7 @@
     aws backup list-restore-testing-plans --region {{ _aws_region }}
   register: _testing_plans
 
-- name: Create Lambda functions.
+- name: Create Lambda functions from templates.
   ansible.builtin.include_role:
     name: aws/aws_lambda
   vars:
@@ -64,6 +64,25 @@
       tags:
         Name: "{{ item.name }}"
   loop: "{{ aws_backup_validation.resources }}"
+  when: item.git_url is not defined or not item.git_url
+
+- name: Create Lambda functions from git url.
+  ansible.builtin.include_role:
+    name: aws/aws_lambda
+  vars:
+    aws_lambda:
+      name: "{{ item.name }}"
+      description: "Lambda functions for {{ item.type }} validation."
+      timeout: "{{ aws_backup_validation.timeout }}"
+      role: "{{ aws_iam_role._result[item.name + '_lambda'] }}"
+      runtime: "{{ aws_backup_validation.runtime }}"
+      function_file: "[email protected]:functions/{{ item.name }}.git"
+      s3_bucket: "{{ aws_backup_validation.s3_bucket }}"
+      s3_bucket_prefix: "lambda-functions"
+      tags:
+        Name: "{{ item.name }}"
+  loop: "{{ aws_backup_validation.resources }}"
+  when: item.git_url is defined and item.git_url
 
 - name: Create an IAM Managed Policy for passing roles and setup IAM role.
   ansible.builtin.include_role: