This module is basically combination of Terraform open source and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself.
To use this module, you can include it in your Terraform configuration. Here's an example of how to use it:
module "lambda" {
source = "git::https://github.com/opsstation/terraform-aws-lambda.git?ref=v1.0.0"
name = local.name
environment = local.environment
filename = "../../lambda_packages/index.zip" # -- The content of index.py should be present in zip format
handler = "index.lambda_handler"
runtime = "python3.7"
variables = {
foo = "bar"
}
}module "lambda" {
source = "git::https://github.com/opsstation/terraform-aws-lambda.git?ref=v1.0.0"
name = local.name
environment = local.environment
s3_bucket = "bucket-test"
s3_key = "index.zip"
handler = "index.handler"
runtime = "nodejs18.x"
variables = {
foo = "bar"
}
}module "lambda" {
source = "git::https://github.com/opsstation/terraform-aws-lambda.git?ref=v1.0.0"
name = local.name
environment = local.environment
create_layers = true
timeout = 60
filename = "../../lambda_packages/index.zip" # -- The content of index.py should be present in zip format
handler = "index.lambda_handler"
runtime = "python3.8"
compatible_architectures = ["arm64"]
cloudwatch_logs_retention_in_days = 7
reserved_concurrent_executions = 90
iam_actions = [
"logs:CreateLogStream",
"logs:CreateLogGroup",
"logs:PutLogEvents"
]
names = [
"python_layer"
]
layer_filenames = ["../../lambda_packages/layer.zip"] # -- The content of layer.py should be present in zip format
compatible_runtimes = [
["python3.8"]
]
statement_ids = [
"AllowExecutionFromCloudWatch"
]
actions = [
"lambda:InvokeFunction"
]
principals = [
"events.amazonaws.com"
]
source_arns = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/alarm-lambda-role"]
variables = {
foo = "bar"
}
}For detailed examples on how to use this module, please refer to the 'example' directory within this repository.
Your Name Replace '[License Name]' and '[Your Name]' with the appropriate license and your information. Feel free to expand this README with additional details or usage instructions as needed for your specific use case.
This project is licensed under the MIT License - see the LICENSE file for details.
| Name | Version |
|---|---|
| terraform | >= 1.6.2 |
| aws | >= 5.22.0 |
| Name | Version |
|---|---|
| aws | >= 5.22.0 |
| Name | Source | Version |
|---|---|---|
| labels | git::https://github.com/opsstation/terraform-aws-labels.git | v1.0.0 |
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.lambda | resource |
| aws_iam_policy.default | resource |
| aws_iam_policy.logs | resource |
| aws_iam_role.default | resource |
| aws_iam_role_policy_attachment.default | resource |
| aws_iam_role_policy_attachment.logs | resource |
| aws_kms_alias.kms-alias | resource |
| aws_kms_alias.kms-alias-cloudwatch | resource |
| aws_kms_key.kms | resource |
| aws_kms_key_policy.cloudwatch | resource |
| aws_kms_key_policy.lambda | resource |
| aws_lambda_function.default | resource |
| aws_lambda_layer_version.default | resource |
| aws_lambda_permission.default | resource |
| aws_caller_identity.current | data source |
| aws_cloudwatch_log_group.lambda | data source |
| aws_iam_policy_document.default | data source |
| aws_iam_policy_document.logs | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| actions | The AWS Lambda action you want to allow in this statement. (e.g. lambda:InvokeFunction). | list(any) |
[] |
no |
| architectures | Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. | list(string) |
null |
no |
| assume_role_policy | assume role policy document in JSON format | string |
"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"lambda.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n" |
no |
| attach_cloudwatch_logs_policy | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | bool |
true |
no |
| attributes | Additional attributes (e.g. 1). |
list(any) |
[] |
no |
| aws_iam_policy_path | IAM policy path default value | string |
"/" |
no |
| cloudwatch_logs_kms_key_arn | The arn for the KMS encryption key for cloudwatch log group | string |
null |
no |
| cloudwatch_logs_retention_in_days | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | number |
null |
no |
| code_signing_config_arn | Amazon Resource Name (ARN) for a Code Signing Configuration | string |
null |
no |
| compatible_architectures | List of Architectures lambda layer is compatible with. Currently x86_64 and arm64 can be specified. | list(string) |
null |
no |
| compatible_runtimes | A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified. | list(any) |
[] |
no |
| create_iam_role | Flag to control creation of iam role and its related resources. | bool |
true |
no |
| create_layers | Flag to control creation of lambda layers. | bool |
false |
no |
| dead_letter_target_arn | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | string |
null |
no |
| description | Description of what your Lambda Function does. | string |
"" |
no |
| descriptions | Description of what your Lambda Layer does. | list(any) |
[] |
no |
| enable | Whether to create lambda function. | bool |
true |
no |
| enable_key_rotation | Specifies whether key rotation is enabled. Defaults to true(security best practice) | bool |
true |
no |
| enable_kms | Flag to control creation of kms key for lambda encryption | bool |
true |
no |
| enable_source_code_hash | Whether to ignore changes to the function's source code hash. Set to true if you manage infrastructure and code deployments separately. | bool |
false |
no |
| environment | Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| ephemeral_storage_size | Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | number |
512 |
no |
| event_source_tokens | The Event Source Token to validate. Used with Alexa Skills. | list(any) |
[] |
no |
| existing_cloudwatch_log_group | Whether to use an existing CloudWatch log group or create new | bool |
false |
no |
| existing_cloudwatch_log_group_name | Name of existing cloudwatch log group. | string |
null |
no |
| file_system_arn | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | string |
null |
no |
| file_system_local_mount_path | The path where the function can access the file system, starting with /mnt/. | string |
null |
no |
| filename | The path to the function's deployment package within the local filesystem. If defined, The s3_-prefixed options cannot be used. | string |
null |
no |
| handler | The function entrypoint in your code. | string |
n/a | yes |
| iam_actions | The actions for Iam Role Policy. | list(any) |
[ |
no |
| iam_role_arn | Iam Role arn to be attached to lambda function. | string |
null |
no |
| image_config_command | The CMD for the docker image | list(string) |
[] |
no |
| image_config_entry_point | The ENTRYPOINT for the docker image | list(string) |
[] |
no |
| image_config_working_directory | The working directory for the docker image | string |
null |
no |
| image_uri | The ECR image URI containing the function's deployment package. | string |
null |
no |
| kms_key_deletion_window | KMS Key deletion window in days. | number |
10 |
no |
| label_order | Label order, e.g. name,application. |
list(any) |
[ |
no |
| lambda_kms_key_arn | The ARN for the KMS encryption key. | string |
null |
no |
| layer_filenames | The path to the function's deployment package within the local filesystem. If defined, The s3_-prefixed options cannot be used. | list(any) |
[] |
no |
| layers | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | list(string) |
null |
no |
| license_infos | License info for your Lambda Layer. See License Info. | list(any) |
[] |
no |
| managedby | ManagedBy, eg 'opsstation'. | string |
"opsstation" |
no |
| memory_size | Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. | number |
128 |
no |
| name | Name (e.g. app or cluster). |
string |
"" |
no |
| names | A unique name for your Lambda Layer. | list(any) |
[] |
no |
| package_type | The Lambda deployment package type. Valid options: Zip or Image | string |
"Zip" |
no |
| policy_path | Path of policies to that should be added to IAM role for Lambda Function | string |
null |
no |
| principal_org_id | The identifier for your organization in AWS Organizations. Use this to grant permissions to all the AWS accounts under this organization. | string |
null |
no |
| principals | The principal who is getting this permission. e.g. s3.amazonaws.com, an AWS account ID, or any valid AWS service principal such as events.amazonaws.com or sns.amazonaws.com. | list(any) |
[] |
no |
| publish | Whether to publish creation/change as new Lambda Function Version. Defaults to false. | bool |
false |
no |
| qualifiers | Query parameter to specify function version or alias name. The permission will then apply to the specific qualified ARN. e.g. arn:aws:lambda:aws-region:acct-id:function:function-name:2 | list(any) |
[] |
no |
| repository | Terraform current module repo | string |
"https://github.com/opsstation/terraform-aws-lambda" |
no |
| reserved_concurrent_executions | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | number |
10 |
no |
| runtime | Runtimes. | string |
"python3.7" |
no |
| s3_bucket | The S3 bucket location containing the function's deployment package. Conflicts with filename. This bucket must reside in the same AWS region where you are creating the Lambda function. | string |
null |
no |
| s3_buckets | The S3 bucket location containing the function's deployment package. Conflicts with filename. This bucket must reside in the same AWS region where you are creating the Lambda function. | list(any) |
[] |
no |
| s3_keies | The S3 key of an object containing the function's deployment package. Conflicts with filename. | list(any) |
[] |
no |
| s3_key | The S3 key of an object containing the function's deployment package. Conflicts with filename. | string |
null |
no |
| s3_object_version | The object version containing the function's deployment package. Conflicts with filename. | string |
null |
no |
| s3_object_versions | The object version containing the function's deployment package. Conflicts with filename. | list(any) |
[] |
no |
| security_group_ids | Security group ids for vpc config. | list(any) |
[] |
no |
| skip_destroy | Whether to retain the old version of a previously deployed Lambda Layer. | bool |
false |
no |
| snap_start | (Optional) Snap start settings for low-latency startups | bool |
false |
no |
| source_accounts | This parameter is used for S3 and SES. The AWS account ID (without a hyphen) of the source owner. | list(any) |
[] |
no |
| source_arns | When granting Amazon S3 or CloudWatch Events permission to invoke your function, you should specify this field with the Amazon Resource Name (ARN) for the S3 Bucket or CloudWatch Events Rule as its value. This ensures that only events generated from the specified bucket or rule can invoke the function. | list(any) |
[] |
no |
| source_file | Path of source file that is required to be converted in .zip file |
string |
null |
no |
| statement_ids | A unique statement identifier. By default generated by Terraform. | list(any) |
[] |
no |
| subnet_ids | Subnet ids for vpc config. | list(any) |
[] |
no |
| timeout | The amount of time your Lambda Function has to run in seconds. Defaults to 3. | number |
3 |
no |
| tracing_mode | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | string |
null |
no |
| variables | A map that defines environment variables for the Lambda function. | map(any) |
{} |
no |
| Name | Description |
|---|---|
| arn | The Amazon Resource Name (ARN) identifying your Lambda Function. |
| invoke_arn | Invoke ARN |
| lambda_log_group_name | A mapping of tags to assign to the resource. |
| name | The name of the Lambda Function |
| tags | A mapping of tags to assign to the resource. |