{"id":1764,"date":"2023-11-23T21:02:09","date_gmt":"2023-11-23T13:02:09","guid":{"rendered":"http:\/\/yushuoxin.xyz\/?p=1764"},"modified":"2023-11-23T22:12:25","modified_gmt":"2023-11-23T14:12:25","slug":"terraform-managed-lambda-autoupdatesg4cloudflare","status":"publish","type":"post","link":"https:\/\/yushuoxin.top\/index.php\/2023\/11\/23\/terraform-managed-lambda-autoupdatesg4cloudflare\/","title":{"rendered":"\u7528Terraform\u521b\u5efalambda\u8fd0\u884cpython\u5b9a\u671f\u81ea\u52a8\u66f4\u65b0AWS\u5b89\u5168\u7ec4"},"content":{"rendered":"\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_72 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/yushuoxin.top\/index.php\/2023\/11\/23\/terraform-managed-lambda-autoupdatesg4cloudflare\/#%E8%83%8C%E6%99%AF\" title=\"\u80cc\u666f\">\u80cc\u666f<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/yushuoxin.top\/index.php\/2023\/11\/23\/terraform-managed-lambda-autoupdatesg4cloudflare\/#%E6%93%8D%E4%BD%9C%E6%AD%A5%E9%AA%A4\" title=\"\u64cd\u4f5c\u6b65\u9aa4\">\u64cd\u4f5c\u6b65\u9aa4<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/yushuoxin.top\/index.php\/2023\/11\/23\/terraform-managed-lambda-autoupdatesg4cloudflare\/#%E5%87%86%E5%A4%87%E6%AD%A5%E9%AA%A4\" title=\"\u51c6\u5907\u6b65\u9aa4\">\u51c6\u5907\u6b65\u9aa4<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/yushuoxin.top\/index.php\/2023\/11\/23\/terraform-managed-lambda-autoupdatesg4cloudflare\/#%E5%88%9B%E5%BB%BAlambda\" title=\"\u521b\u5efalambda\">\u521b\u5efalambda<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/yushuoxin.top\/index.php\/2023\/11\/23\/terraform-managed-lambda-autoupdatesg4cloudflare\/#%E5%88%9B%E5%BB%BAIAM%E6%89%A7%E8%A1%8C%E8%A7%92%E8%89%B2\" title=\"\u521b\u5efaIAM\u6267\u884c\u89d2\u8272\">\u521b\u5efaIAM\u6267\u884c\u89d2\u8272<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/yushuoxin.top\/index.php\/2023\/11\/23\/terraform-managed-lambda-autoupdatesg4cloudflare\/#%E5%88%9B%E5%BB%BAIAM_Policy%E7%AD%96%E7%95%A5\" title=\"\u521b\u5efaIAM Policy\u7b56\u7565\">\u521b\u5efaIAM Policy\u7b56\u7565<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/yushuoxin.top\/index.php\/2023\/11\/23\/terraform-managed-lambda-autoupdatesg4cloudflare\/#%E5%88%9B%E5%BB%BAlambda%E8%A7%A6%E5%8F%91%E5%99%A8\" title=\"\u521b\u5efalambda\u89e6\u53d1\u5668\">\u521b\u5efalambda\u89e6\u53d1\u5668<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/yushuoxin.top\/index.php\/2023\/11\/23\/terraform-managed-lambda-autoupdatesg4cloudflare\/#%E7%94%A8terraform%E5%88%9B%E5%BB%BA%E8%B5%84%E6%BA%90\" title=\"\u7528terraform\u521b\u5efa\u8d44\u6e90\">\u7528terraform\u521b\u5efa\u8d44\u6e90<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/yushuoxin.top\/index.php\/2023\/11\/23\/terraform-managed-lambda-autoupdatesg4cloudflare\/#%E5%8A%9F%E8%83%BD%E9%AA%8C%E8%AF%81\" title=\"\u529f\u80fd\u9a8c\u8bc1\">\u529f\u80fd\u9a8c\u8bc1<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/yushuoxin.top\/index.php\/2023\/11\/23\/terraform-managed-lambda-autoupdatesg4cloudflare\/#%E6%80%BB%E7%BB%93\" title=\"\u603b\u7ed3\">\u603b\u7ed3<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/yushuoxin.top\/index.php\/2023\/11\/23\/terraform-managed-lambda-autoupdatesg4cloudflare\/#%E5%90%8E%E7%BB%AD%E8%AE%A1%E5%88%92\" title=\"\u540e\u7eed\u8ba1\u5212\">\u540e\u7eed\u8ba1\u5212<\/a><\/li><\/ul><\/nav><\/div>\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E8%83%8C%E6%99%AF\"><\/span>\u80cc\u666f<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p>\u57fa\u7840\u8bbe\u65bd\u5373\u4ee3\u7801IaC\uff0c\u662f\u4e00\u79cd\u66f4\u4e3a\u4f18\u96c5\u7684\u7ba1\u7406\u4e91\u4e0a\u57fa\u7840\u8bbe\u65bd\u7684\u65b9\u5f0f\u3002<\/p>\n\n\n\n<p>\u6211\u8fd9\u91cc\u4f7f\u7528\u5f00\u6e90\u7684terraform\uff0c\u521b\u5efa\u548c\u7ba1\u7406AWS\u4e2d\u7684serverless\u8fd0\u884c\u4ee3\u7801\u7684\u670d\u52a1lambda\uff0c\u8fd0\u884cpython\u811a\u672c\uff0c\u83b7\u53d6\u6700\u65b0\u7684Cloudflare IP\u7f51\u6bb5\uff0c\u5e76\u66f4\u65b0\u5230\u76ee\u6807\u5b89\u5168\u7ec4\u4e2d\uff1b<\/p>\n\n\n\n<p>\u7136\u540e\u901a\u8fc7CloudWatch\u7684EventBridge\uff0c\u5b9a\u671f\u7684\u89e6\u53d1\u8be5lambda\u3002<\/p>\n\n\n\n<p>\u8fd9\u4e2a\u8fc7\u7a0b\u4e2d\uff0c\u8fd8\u9700\u8981\u901a\u8fc7terraform\u521b\u5efa\u5fc5\u8981\u7684IAM role\u548cIAM policy\u3002<\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E6%93%8D%E4%BD%9C%E6%AD%A5%E9%AA%A4\"><\/span>\u64cd\u4f5c\u6b65\u9aa4<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%87%86%E5%A4%87%E6%AD%A5%E9%AA%A4\"><\/span>\u51c6\u5907\u6b65\u9aa4<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u786e\u4fdd\u5f53\u524d\u73af\u5883\u5df2\u5b89\u88c5terraform\uff0c\u5e76\u521b\u5efa\u6307\u5b9a\u6587\u4ef6\u5939\u5e76\u8fdb\u5165\uff0c\u7136\u540e\u521b\u5efamain.tf\u6587\u4ef6\u5e76\u51c6\u5907\u5199\u5165\u914d\u7f6e\u6587\u4ef6\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir terraform-experiment3\ncd terraform-experiment3\nvim main.tf<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%88%9B%E5%BB%BAlambda\"><\/span>\u521b\u5efalambda<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u5728main.tf\u4e2d\uff0c\u901a\u8fc7\u5982\u4e0b\u4ee3\u7801\u521b\u5efalambda<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>provider \"aws\" {\n  # access_key and secret_key can be excluded if you\n  # have your creds setup in ~\/.aws\n  access_key = \"AKIA********NU5\"\n  secret_key = \"leVIwk********************dwx\/a\"\n  region = \"ap-east-1\"\n}\n\n# \u521b\u5efa\u540d\u4e3a\"terraform-managed-lambda_AutoUpdateSG4Cloudflare\"\u7684lambda\nresource \"aws_lambda_function\" \"terraform_lambda_AutoUpdateSG4Cloudflare\" {\n  function_name = \"terraform-managed-lambda_AutoUpdateSG4Cloudflare\"\n\n  filename = \"cf-security-group-update.zip\"\n  handler = \"cf-security-group-update.lambda_handler\"\n  role    = \"${aws_iam_role.iam_lambda_AutoUpdateSG4Cloudflare.arn}\"\n  runtime = \"python3.9\"\n  timeout =\"15\"\n  environment {\n    variables = {\n      PORTS_LIST = \"443\"\n      SECURITY_GROUP_ID = \"sg-06dc9f9cfd836b97f\"\n\t  UPDATE_IPV6 = \"0\"\n    }\n  }  \n}<\/code><\/pre>\n\n\n\n<p>\u8fd9\u91cccf-security-group-update.zip\u6765\u81eahttps:\/\/github.com\/johnmccuk\/cloudflare-ip-security-group-update\/blob\/master\/cf-security-group-update.py \u538b\u7f29\u4e3azip\u6587\u4ef6\uff0c\u5e76\u4e0a\u4f20\u81f3\u5f53\u524dterraform\u8fd0\u884c\u670d\u52a1\u5668\u7684terraform-experiment3\u6587\u4ef6\u5939\u4e0b\u3002<\/p>\n\n\n\n<p>\u73af\u5883\u53d8\u91cf\u4e2d\u7684SECURITY_GROUP_ID \u662f\u5df2\u7ecf\u521b\u5efa\u597d\u7684\u5b89\u5168\u7ec4\uff0c\u8fd9\u90e8\u5206\u5b89\u5168\u7ec4\u7684\u521b\u5efa\u5c1a\u672a\u7eb3\u5165terraform\u7ba1\u7406\uff0c\u7b49\u5176\u4ed6\u529f\u80fd\u90fd\u9a8c\u8bc1\u5b8c\u6bd5\u540e\uff0c\u4e4b\u540e\u53ef\u4ee5\u8003\u8651\u7528terraform\u521b\u5efa\u8be5\u5b89\u5168\u7ec4\u3002<\/p>\n\n\n\n<p>handler = &#8220;cf-security-group-update.lambda_handler&#8221; \u4ee3\u8868cf-security-group-update\u8fd9\u4e2a\u6587\u4ef6\u4e0b\u7684lambda_handler\u4e3a\u8be5lambda\u51fd\u6570\u7684\u5165\u53e3\u70b9\uff0c\u5b83\u544a\u8bc9 Lambda \u5728\u54ea\u91cc\u5f00\u59cb\u6267\u884c\u4ee3\u7801\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"724\" src=\"http:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-20-1024x724.png\" alt=\"\" class=\"wp-image-1776\" srcset=\"https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-20-1024x724.png 1024w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-20-300x212.png 300w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-20-768x543.png 768w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-20.png 1156w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>handler \u8fd9\u90e8\u5206\u5b8c\u6210\u914d\u7f6e\u540e\uff0c\u5728AWS\u63a7\u5236\u53f0\u5bf9\u5e94\u914d\u7f6e\u4f4d\u7f6e\u5982\u4e0b\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"536\" src=\"http:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-30-1024x536.png\" alt=\"\" class=\"wp-image-1793\" srcset=\"https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-30-1024x536.png 1024w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-30-300x157.png 300w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-30-768x402.png 768w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-30.png 1204w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%88%9B%E5%BB%BAIAM%E6%89%A7%E8%A1%8C%E8%A7%92%E8%89%B2\"><\/span>\u521b\u5efaIAM\u6267\u884c\u89d2\u8272<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u5728main.tf\u4e2d\uff0c\u901a\u8fc7\u5982\u4e0b\u4ee3\u7801\u521b\u5efa\u540d\u4e3a&#8221;iam_lambda_AutoUpdateSG4Cloudflare&#8221;\u7684IAM\u6267\u884c\u89d2\u8272\uff0c\u5e76\u521b\u5efa\u4fe1\u4efb\u5173\u7cfb<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#\u521b\u5efa\u540d\u4e3a\"iam_lambda_AutoUpdateSG4Cloudflare\"\u7684IAM\u6267\u884c\u89d2\u8272\uff0c\u5e76\u521b\u5efa\u4fe1\u4efb\u5173\u7cfb\nresource \"aws_iam_role\" \"iam_lambda_AutoUpdateSG4Cloudflare\" {\n  name = \"iam_lambda_AutoUpdateSG4Cloudflare\"\n\n  assume_role_policy = &lt;&lt;EOF\n{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": &#91;\n    {\n      \"Action\": \"sts:AssumeRole\",\n      \"Principal\": {\n        \"Service\": \"lambda.amazonaws.com\"\n      },\n      \"Effect\": \"Allow\",\n      \"Sid\": \"\"\n    }\n  ]\n}\nEOF\n}<\/code><\/pre>\n\n\n\n<p>\u4e0a\u8ff0\u6307\u4ee4\u751f\u6210\u7684\u5185\u5bb9\uff0c\u5728AWS\u63a7\u5236\u53f0\u5982\u4e0b\u6240\u793a\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"931\" height=\"759\" src=\"http:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-17.png\" alt=\"\" class=\"wp-image-1768\" srcset=\"https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-17.png 931w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-17-300x245.png 300w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-17-768x626.png 768w\" sizes=\"auto, (max-width: 931px) 100vw, 931px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%88%9B%E5%BB%BAIAM_Policy%E7%AD%96%E7%95%A5\"><\/span>\u521b\u5efaIAM Policy\u7b56\u7565<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u5728main.tf\u4e2d\uff0c\u901a\u8fc7\u5982\u4e0b\u4ee3\u7801\u521b\u5efa\u4e24\u4e2apolicy\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>policy1\uff0c\u6dfb\u52a0\u66f4\u65b0\u5b89\u5168\u7ec4\u5fc5\u8981\u7684\u6743\u9650\uff0c\u5e76\u7ed1\u5b9a\u5230\u5f53\u524dIAM iam_lambda_AutoUpdateSG4Cloudflare\u4e0a\uff1b<\/li>\n\n\n\n<li>policy2\uff0c\u6dfb\u52a0lambda\u6267\u884c\u7684\u57fa\u672c\u6743\u9650\uff0c\u5e76\u7ed1\u5b9a\u5230\u5f53\u524dIAM iam_lambda_AutoUpdateSG4Cloudflare\u4e0a\uff1b<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># \u521b\u5efapolicy1\uff0c\u6dfb\u52a0\u66f4\u65b0\u5b89\u5168\u7ec4\u5fc5\u8981\u7684\u6743\u9650\uff0c\u5e76\u7ed1\u5b9a\u5230\u5f53\u524dIAM iam_lambda_AutoUpdateSG4Cloudflare\u4e0a\uff1b\ndata \"aws_iam_policy_document\" \"lambda_policy_1\" {\n  statement {\n    effect = \"Allow\"\n\n    actions = &#91;\n      \"ec2:AuthorizeSecurityGroupIngress\",\n      \"ec2:RevokeSecurityGroupIngress\",\n      \"ec2:DescribeSecurityGroups\",\n      \"s3:GetBucketPolicyStatus\",\n      \"s3:PutBucketPolicy\",\n      \"s3:GetBucketPolicy\"\n    ]\n\n    resources = &#91;\n      \"*\"\n    ]\n  }\n}\n\nresource \"aws_iam_policy\" \"lambda_policy_1\" {\n  name        = \"Policy-AutoUpdateSG4Cloudflare\"\n  description = \"Policy for Lambda execution\"\n  policy      = data.aws_iam_policy_document.lambda_policy_1.json\n}\n\nresource \"aws_iam_role_policy_attachment\" \"Policy-AutoUpdateSG4Cloudflare\" {\n  role       = aws_iam_role.iam_lambda_AutoUpdateSG4Cloudflare.name\n  policy_arn = aws_iam_policy.lambda_policy_1.arn\n}\n\n\n\n# \u521b\u5efapolicy2\uff0c\u6dfb\u52a0lambda\u6267\u884c\u7684\u57fa\u672c\u6743\u9650\uff0c\u5e76\u7ed1\u5b9a\u5230\u5f53\u524dIAM iam_lambda_AutoUpdateSG4Cloudflare\u4e0a\uff1b\ndata \"aws_iam_policy_document\" \"lambda_policy_2\" {\n  statement {\n    effect = \"Allow\"\n\n    actions = &#91;\n      \"logs:CreateLogGroup\"\n    ]\n\n    resources = &#91;\n      \"arn:aws:logs:*\"\n    ]\n  }\n\n  statement {\n    effect = \"Allow\"\n\n    actions = &#91;\n      \"logs:CreateLogStream\",\n      \"logs:PutLogEvents\"\n    ]\n\n    resources = &#91;\n      \"arn:aws:logs:*\"\n    ]\n  }\n}\n\nresource \"aws_iam_policy\" \"lambda_policy_2\" {\n  name        = \"Policy-AWSLambdaBasicExecutionRole\"\n  description = \"Policy for Lambda execution\"\n  policy      = data.aws_iam_policy_document.lambda_policy_2.json\n}\n\nresource \"aws_iam_role_policy_attachment\" \"Policy-AWSLambdaBasicExecutionRole\" {\n  role       = aws_iam_role.iam_lambda_AutoUpdateSG4Cloudflare.name\n  policy_arn = aws_iam_policy.lambda_policy_2.arn\n}\n<\/code><\/pre>\n\n\n\n<p>\u521b\u5efa\u540e\uff0cAWS\u63a7\u5236\u53f0\u53ef\u89c1\u914d\u7f6e\u5982\u4e0b\u56fe\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"926\" height=\"833\" src=\"http:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-18.png\" alt=\"\" class=\"wp-image-1770\" srcset=\"https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-18.png 926w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-18-300x270.png 300w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-18-768x691.png 768w\" sizes=\"auto, (max-width: 926px) 100vw, 926px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"897\" height=\"796\" src=\"http:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-19.png\" alt=\"\" class=\"wp-image-1771\" srcset=\"https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-19.png 897w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-19-300x266.png 300w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-19-768x682.png 768w\" sizes=\"auto, (max-width: 897px) 100vw, 897px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%88%9B%E5%BB%BAlambda%E8%A7%A6%E5%8F%91%E5%99%A8\"><\/span>\u521b\u5efalambda\u89e6\u53d1\u5668<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u8fd9\u90e8\u5206\u914d\u7f6e\uff0c\u6211\u53c2\u8003\u4e86\u6587\u7ae0https:\/\/www.codenong.com\/44287186\/\u3002<\/p>\n\n\n\n<p>\u5728main.tf\u4e2d\uff0c\u901a\u8fc7\u5982\u4e0b\u4ee3\u7801\u521b\u5efa\u89e6\u53d1lambda\u7684\u89e6\u53d1\u5668\uff0c\u7528Cloudwatch\u7684EventBridge\u5468\u671f\u6027\u89e6\u53d1lambda\u8fd0\u884c\u3002<\/p>\n\n\n\n<p>\u8fd9\u90e8\u5206\u4ee3\u7801\u8fd8\u914d\u7f6e\u4e86Cloudwatch Events\u8fd0\u884cLambda\u6240\u5fc5\u9700\u7684\u6743\u9650\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#\u521b\u5efa\u89e6\u53d1lambda\u7684\u89e6\u53d1\u5668\uff0c\u7528Cloudwatch\u7684EventBridge\u5468\u671f\u6027\u89e6\u53d1lambda\u8fd0\u884c\nresource\"aws_cloudwatch_event_rule\"\"EventBridge_Rule_1minOR1day\" {\n  name                =\"Rule-CloudwatchEventTriggerLambda_1minOR1day\"\n  description         =\"desc\"\n  schedule_expression =\"cron(* * * * ? *)\"\n  # \u6bcf\u5206\u949f\u4e00\u6b21 \"cron(* * * * ? *)\"\n  # \u6bcf\u5c0f\u65f6\u4e00\u6b21 \"cron(0 * * * ? *)\"\n  # \u6bcf\u5929\u4e00\u6b21 \"cron(0 0 * * ? *)\"\n}\n\nresource\"aws_cloudwatch_event_target\"\"daily_target\" {\n  rule  =\"${aws_cloudwatch_event_rule.EventBridge_Rule_1minOR1day.name}\"\n  arn   =\"${aws_lambda_function.terraform_lambda_AutoUpdateSG4Cloudflare.arn}\"\n}\n\ndata\"aws_caller_identity\"\"current\" {\n # account_id = \"118045904350\"\n}\n\nresource\"aws_lambda_permission\"\"allow_cloudwatch\" {\n  statement_id   =\"AllowExecutionFromCloudWatch\"\n  action         =\"lambda:InvokeFunction\"\n  function_name  =\"${aws_lambda_function.terraform_lambda_AutoUpdateSG4Cloudflare.function_name}\"\n  principal      =\"events.amazonaws.com\"\n  source_account =\"${data.aws_caller_identity.current.account_id}\"\n  source_arn     =\"${aws_cloudwatch_event_rule.EventBridge_Rule_1minOR1day.arn}\"\n}<\/code><\/pre>\n\n\n\n<p>\u4e0a\u8ff0\u4ee3\u7801\u4e2d\uff0caccount_id\u4e0d\u9700\u8981\u81ea\u5df1\u586b\u5199\uff0cterraform\u4f1a\u81ea\u5df1\u8bfb\u53d6\u8d26\u53f7\u53c2\u6570\uff0c\u6240\u4ee5\u6211\u8fd9\u91cc\u6ce8\u91ca\u6389\u4e86\u3002<\/p>\n\n\n\n<p>schedule_expression \u7684\u8bed\u6cd5\u53ef\u53c2\u8003\u5982\u4e0b\u94fe\u63a5<\/p>\n\n\n\n<p><a href=\"https:\/\/docs.aws.amazon.com\/lambda\/latest\/dg\/services-cloudwatchevents-expressions.html\">https:\/\/docs.aws.amazon.com\/lambda\/latest\/dg\/services-cloudwatchevents-expressions.html<\/a><\/p>\n\n\n\n<p>\u6211\u8fd9\u91cc\u6dfb\u52a0\u4e86\u6bcf\u5206\u949f\u3001\u6bcf\u5c0f\u65f6\u548c\u6bcf\u5929\u7684\u8bed\u6cd5\u6ce8\u91ca\uff0c\u53ef\u6309\u9700\u4f7f\u7528\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E7%94%A8terraform%E5%88%9B%E5%BB%BA%E8%B5%84%E6%BA%90\"><\/span>\u7528terraform\u521b\u5efa\u8d44\u6e90<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u4e0a\u8ff0\u6240\u6709\u4ee3\u7801\u90fd\u5199\u5165main.tf\u6587\u4ef6\u4e2d\u540e\uff0c\u5c31\u53ef\u4ee5\u8fd0\u884c<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>terraform init\nterraform apply<\/code><\/pre>\n\n\n\n<p>\u6765\u521b\u5efa\u5fc5\u8981\u7684\u8d44\u6e90\u4e86\u3002<\/p>\n\n\n\n<p>\u8fd0\u884cprintout\u622a\u56fe\u5982\u4e0b\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"832\" height=\"889\" src=\"http:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-21.png\" alt=\"\" class=\"wp-image-1777\" srcset=\"https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-21.png 832w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-21-281x300.png 281w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-21-768x821.png 768w\" sizes=\"auto, (max-width: 832px) 100vw, 832px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"832\" height=\"889\" src=\"http:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-22.png\" alt=\"\" class=\"wp-image-1778\" srcset=\"https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-22.png 832w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-22-281x300.png 281w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-22-768x821.png 768w\" sizes=\"auto, (max-width: 832px) 100vw, 832px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"832\" height=\"889\" src=\"http:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-23.png\" alt=\"\" class=\"wp-image-1779\" srcset=\"https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-23.png 832w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-23-281x300.png 281w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-23-768x821.png 768w\" sizes=\"auto, (max-width: 832px) 100vw, 832px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"832\" height=\"889\" src=\"http:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-24.png\" alt=\"\" class=\"wp-image-1780\" srcset=\"https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-24.png 832w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-24-281x300.png 281w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-24-768x821.png 768w\" sizes=\"auto, (max-width: 832px) 100vw, 832px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"832\" height=\"268\" src=\"http:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-25.png\" alt=\"\" class=\"wp-image-1781\" srcset=\"https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-25.png 832w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-25-300x97.png 300w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-25-768x247.png 768w\" sizes=\"auto, (max-width: 832px) 100vw, 832px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%8A%9F%E8%83%BD%E9%AA%8C%E8%AF%81\"><\/span>\u529f\u80fd\u9a8c\u8bc1<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u5b8c\u6210\u914d\u7f6e\u540e\uff0c\u53ef\u767b\u9646AWS\u63a7\u5236\u53f0\u67e5\u770blambda\u7b49\u76f8\u5173\u8d44\u6e90\u662f\u5426\u90fd\u6b63\u5e38\u521b\u5efa\u4e86\u3002<\/p>\n\n\n\n<p>\u7136\u540e\u8fdb\u5165\u76ee\u6807\u5b89\u5168\u7ec4\uff0c\u5220\u9664\u6240\u6709\u5f53\u524d\u5165\u7ad9\u89c4\u5219\uff0c\u7b49\u5f851\u5206\u949f\u540e\uff08\u5f53\u524d\u6d4b\u8bd5\u73af\u5883\uff0c\u6211\u914d\u7f6e\u7684\u89e6\u53d1\u9891\u7387\u4e3a1\u5206\u949f\u4e00\u6b21\uff09\uff0c\u53ef\u4ee5\u5237\u65b0\u9875\u9762\uff0c\u786e\u8ba4\u5b89\u5168\u7ec4\u7b56\u7565\u53ef\u81ea\u52a8\u6dfb\u52a0\u4e0a\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"979\" height=\"833\" src=\"http:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-26.png\" alt=\"\" class=\"wp-image-1782\" srcset=\"https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-26.png 979w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-26-300x255.png 300w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-26-768x653.png 768w\" sizes=\"auto, (max-width: 979px) 100vw, 979px\" \/><\/figure>\n\n\n\n<p>\u8fd8\u53ef\u5230lambda\u9875\u9762\u7684\u76d1\u63a7\u9875\u4e2d\uff0c\u70b9\u51fb\u201c\u67e5\u770bCloudWatch Logs\u201d\uff0c\u67e5\u770b\u76f8\u5173log\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"715\" src=\"http:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-27-1024x715.png\" alt=\"\" class=\"wp-image-1783\" srcset=\"https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-27-1024x715.png 1024w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-27-300x210.png 300w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-27-768x536.png 768w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-27.png 1161w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"705\" src=\"http:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-28-1024x705.png\" alt=\"\" class=\"wp-image-1784\" srcset=\"https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-28-1024x705.png 1024w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-28-300x207.png 300w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-28-768x529.png 768w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-28.png 1259w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"999\" height=\"831\" src=\"http:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-29.png\" alt=\"\" class=\"wp-image-1785\" srcset=\"https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-29.png 999w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-29-300x250.png 300w, https:\/\/yushuoxin.top\/wp-content\/uploads\/2023\/11\/image-29-768x639.png 768w\" sizes=\"auto, (max-width: 999px) 100vw, 999px\" \/><\/figure>\n\n\n\n<p>\u901a\u8fc7\u4e0a\u8ff0\u9a8c\u8bc1\uff0c\u53ef\u89c1\u81ea\u52a8\u66f4\u65b0\u5b89\u5168\u7ec4\u7684\u529f\u80fd\uff0c\u53ef\u4ee5\u6b63\u5e38\u5b9e\u73b0\u3002<\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E6%80%BB%E7%BB%93\"><\/span>\u603b\u7ed3<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p>\u901a\u8fc7\u4e0a\u9762\u7684\u914d\u7f6e\uff0c\u6211\u4eec\u6210\u529f\u5b9e\u73b0\u4e86\uff0c\u901a\u8fc7terraform\u7684\u58f0\u660e\u5f0f\u7684\u65b9\u5f0f\uff0c\u521b\u5efa\u4e86lambda\u51fd\u6570\uff0c\u5e76\u521b\u5efa\u4e86\u5fc5\u8981\u7684IAM role\u548cpolicy\uff0c\u4ee5\u53calambda\u7684trigger\uff0c\u4ece\u800c\u5b9e\u73b0\uff1a<\/p>\n\n\n\n<p>\u5b9a\u671f\u89e6\u53d1lambda\uff0c\u8fd0\u884cpython\u811a\u672c\uff0c\u83b7\u53d6\u6700\u65b0\u7684Cloudflare IP\u7f51\u6bb5\uff0c\u5e76\u66f4\u65b0\u5230\u76ee\u6807\u5b89\u5168\u7ec4\u4e2d\u3002<\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%90%8E%E7%BB%AD%E8%AE%A1%E5%88%92\"><\/span>\u540e\u7eed\u8ba1\u5212<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p>\u4e0a\u9762\u7684\u914d\u7f6e\u4e2d\uff0c\u5b89\u5168\u7ec4\u7684\u521b\u5efa\u662f\u624b\u52a8\u5b8c\u6210\u7684\uff0c\u8fd8\u6ca1\u6709\u7eb3\u5165terraform\u7684\u7ba1\u7406\u3002<\/p>\n\n\n\n<p>\u8fd9\u90e8\u5206\u7b49\u672a\u6765\u6709\u65f6\u95f4\uff0c\u53ef\u4ee5\u628a\u5b89\u5168\u7ec4\u7684\u521b\u5efa\u4e5f\u7eb3\u5165terraform\u7ba1\u7406\u3002<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>2023\u5e7411\u670823\u65e522:06:41\u66f4\u65b0\uff0c\u5b8c\u6210\u4e86\u4e0a\u8ff0\u7684\u540e\u7eed\u8ba1\u5212\u3002<\/p>\n\n\n\n<p>\u5728main.tf\u4e2d\uff0c\u901a\u8fc7\u5982\u4e0b\u4ee3\u7801\u521b\u5efa\u540d\u4e3a&#8221;SG-Cloudflare-AutoUpdate-terraform&#8221;\u7684\u5b89\u5168\u7ec4\uff0c\u5e76\u8bbe\u7f6e\u51fa\u7ad9\u89c4\u5219\u4e3a\u5168\u90e8\u653e\u901a\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u521b\u5efa\u540d\u4e3a\"SG-Cloudflare-AutoUpdate-terraform\"\u7684\u5b89\u5168\u7ec4\r\nresource \"aws_security_group\" \"sg-terraform\" {\r\n  name        = \"SG-Cloudflare-AutoUpdate-terraform\"\r\n  description = \"SG-Cloudflare-AutoUpdate managed by terraform\"\r\n\r\n  # \u5141\u8bb8\u6240\u6709\u51fa\u7ad9\u6d41\u91cf\r\n  egress {\r\n    from_port   = 0\r\n    to_port     = 0\r\n    protocol    = \"-1\"\r\n    cidr_blocks = &#91;\"0.0.0.0\/0\"]\r\n  }\r\n}<\/code><\/pre>\n\n\n\n<p>\u7136\u540e\u628a\u4e4b\u524d\u4ee3\u7801\u4e2d SECURITY_GROUP_ID \u7684\u90e8\u5206\uff0c\u6539\u4e3a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SECURITY_GROUP_ID = aws_security_group.sg-terraform.id<\/code><\/pre>\n\n\n\n<p>\u5373\u53ef\u5b8c\u6210\uff1a<\/p>\n\n\n\n<p>\u65b0\u5efa\u5b89\u5168\u7ec4\u5e76\u7eb3\u5165terraform\u7ba1\u7406\uff1b<\/p>\n\n\n\n<p>\u901a\u8fc7\u4e0a\u8ff0lambda\u4ee3\u7801\u66f4\u65b0\u8be5\u5b89\u5168\u7ec4\u7684\u5165\u7ad9\u89c4\u5219\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u80cc\u666f \u57fa\u7840\u8bbe\u65bd\u5373\u4ee3\u7801IaC\uff0c\u662f\u4e00\u79cd\u66f4\u4e3a\u4f18\u96c5\u7684\u7ba1\u7406\u4e91\u4e0a\u57fa\u7840\u8bbe\u65bd\u7684\u65b9\u5f0f\u3002 \u6211\u8fd9\u91cc\u4f7f\u7528\u5f00\u6e90\u7684terraform\uff0c\u521b\u5efa [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,8],"tags":[7,13,23,16],"class_list":["post-1764","post","type-post","status-publish","format-standard","hentry","category-2","category-8","tag-aws","tag-lambda","tag-terraform","tag-16"],"_links":{"self":[{"href":"https:\/\/yushuoxin.top\/index.php\/wp-json\/wp\/v2\/posts\/1764","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/yushuoxin.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/yushuoxin.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/yushuoxin.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/yushuoxin.top\/index.php\/wp-json\/wp\/v2\/comments?post=1764"}],"version-history":[{"count":0,"href":"https:\/\/yushuoxin.top\/index.php\/wp-json\/wp\/v2\/posts\/1764\/revisions"}],"wp:attachment":[{"href":"https:\/\/yushuoxin.top\/index.php\/wp-json\/wp\/v2\/media?parent=1764"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/yushuoxin.top\/index.php\/wp-json\/wp\/v2\/categories?post=1764"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/yushuoxin.top\/index.php\/wp-json\/wp\/v2\/tags?post=1764"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}