GenderDysphoria.fyi/terraform/logging.tf

# -----------------------------------------------------------------------------------------------------------
# Grant the log parsing lambda access to the logs bucket

resource "aws_lambda_permission" "allow_bucket" {
  statement_id  = "AllowExecutionFromS3Bucket"
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.logs_parser.arn
  principal     = "s3.amazonaws.com"
  source_arn    = aws_s3_bucket.logs.arn
}


# -----------------------------------------------------------------------------------------------------------
# Log Parsing Lambda

data "archive_file" "logs_parser" {
  type        = "zip"
  source_dir  = "${path.module}/files/decorate"
  output_path = "${path.module}/files/decorate.zip"
}

resource "aws_lambda_function" "logs_parser" {
  filename      = data.archive_file.logs_parser.output_path
  function_name = "${var.site}-lambda"
  handler       = "index.handler"
  source_code_hash = data.archive_file.logs_parser.output_base64sha256
  runtime = "nodejs12.x"
  memory_size = "128"
  timeout = "5"
  role = aws_iam_role.lambda.arn

  tags = {
    Name   = "${var.site}-log-dist"
    Site = var.site
  }
}

resource "aws_s3_bucket_notification" "bucket_notification" {
  bucket = aws_s3_bucket.logs.id

  lambda_function {
    lambda_function_arn = aws_lambda_function.logs_parser.arn
    events              = ["s3:ObjectCreated:*"]
    filter_prefix       = "RAW/"
    filter_suffix       = ".gz"
  }
}

# Reduce log retention to two weeks
resource "aws_cloudwatch_log_group" "logs_parser" {
  name              = "/aws/lambda/${aws_lambda_function.logs_parser.function_name}"
  retention_in_days = 14
}


# -----------------------------------------------------------------------------------------------------------
# Athena Configuration

resource "aws_s3_bucket" "athena" {
  bucket = "${var.site}-athena"
  acl = "private"
  tags = {
    Name = "${var.site}-athena"
    Site = var.site
  }
}

resource "aws_athena_workgroup" "wg" {
  name = "${var.site}-wg"
  tags = {
    Name = "${var.site}-wg"
    Site = var.site
  }
}

resource "aws_athena_database" "db" {
  name = var.site
  bucket = aws_s3_bucket.athena.id
}