Skip to content

Latest commit

 

History

History
executable file
·
82 lines (73 loc) · 9.79 KB

File metadata and controls

executable file
·
82 lines (73 loc) · 9.79 KB

terraform-module-aws-lambda-function

A Terraform module for creating a aws lambda function. Creates a function, aws_iam_role (optional), and trigger (optional).

Code Example

module  "lambda" {
  source                       = "[email protected]:trulioo/terraform-module-aws-lambda-function.git?ref=0.0.1"
  function_name                = "my-function"
  handler                      = "MyProject::Project.MyFunction::FunctionHandler""
  filename                     = "./function_source/function.zip"
  runtime                      = "dotnetcore2.1"
  environment                  = "dev"

  environment_variables = {
    environment_variable_1 = "my-function-1"
	environment_variable_2 = "my-function-2"
  }
}

Providers

Name Version
aws 2.47.0

Inputs

Name Description Type Default Required
aws_lambda_event_source_mapping_event_source_arn n/a string n/a yes
create_role_name_prefix (Optional, Forces new resource) Creates a unique name for the newly created role beginning with the specified prefix. Conflicts with name. string n/a yes
create_role_path (Optional) The path to the newly created role. string n/a yes
dead_letter_config_target_arn (Optional) ARN of a target SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted. string n/a yes
description The description of the lambda function. string n/a yes
environment n/a string n/a yes
filename The path to the deployment package. Tf s3_bucket is defined this is the path relative from the root of the bucket. If s3_bucket is not defined this the path on the local file system. string n/a yes
function_name The name of the lambda function. string n/a yes
handler The executable file name value. For example, 'myHandler' would call the main function in the package “main” of the myHandler executable program.. string n/a yes
kms_key_arn (Optional) Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and Terraform will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration. string n/a yes
lambda_permission_event_source_token (Optional) The Event Source Token to validate. Used with Alexa Skills. string n/a yes
lambda_permission_qualifier (Optional) Query parameter to specify function version or alias name. The permission will then apply to the specific qualified ARN. e.g. arn:aws:lambda:aws-region:acct-id:function:function-name:2 string n/a yes
lambda_permission_source_account (Optional) This parameter is used for S3 and SES. The AWS account ID (without a hyphen) of the source owner. string n/a yes
lambda_permission_source_arn (Optional) When granting Amazon S3 or CloudWatch Events permission to invoke your function, you should specify this field with the Amazon Resource Name (ARN) for the S3 Bucket or CloudWatch Events Rule as its value. This ensures that only events generated from the specified bucket or rule can invoke the function. API Gateway ARNs have a unique structure described here. string n/a yes
lambda_permission_statement_id (Optional) A unique statement identifier. By default generated by Terraform. string n/a yes
layers (Optional) List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers list(string) n/a yes
s3_bucket (Optional) The S3 bucket location containing the function's deployment package. This bucket must reside in the same AWS region where you are creating the Lambda function. string n/a yes
s3_object_version (Optional) The object version containing the function's deployment package. If set s3_bucket if required. string n/a yes
source_code_hash (Optional) Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key. The usual way to set this is filebase64sha256('file.zip') (Terraform 0.11.12 and later) or base64sha256(file('file.zip')) (Terraform 0.11.11 and earlier), where 'file.zip' is the local filename of the lambda function source archive. string n/a yes
create_lambda_permission If true, grants resources permission to invoke lambda function. See lambda_permission variables. bool false no
create_max_session_duration The maximum session duration (in seconds) that you want to set for the newly created role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. number 3600 no
create_role_assume_role_policy_file (Optional) Path to JSON policy to assign to newly created role. Mandatory if no role is supplied. string "templates/default_assume_role_policy.tpl" no
create_role_assume_role_policy_source Whether to load from 'create_role_assume_role_policy_string' or 'create_role_assume_role_policy_file' Acceptable values are 'file', 'string', or 'none' (if not creating a role). string "file" no
create_role_assume_role_policy_string (Optional) Full JSON policy to assign to newly created role. Mandatory if no role is supplied. string "" no
create_role_description Description of the newly created role. string "" no
create_role_force_detach_policies (Optional) Specifies to force detaching any policies the newly created role has before destroying it. Defaults to false. bool false no
create_role_permission_policy_file (Optional) Path to JSON permission policy to assign to newly created role. Mandatory if no role is supplied. string "templates/default_iam_policy.tpl" no
create_role_permission_policy_source Whether to load from 'create_role_permission_policy_string' or 'create_role_permission_policy_file' Acceptable values are 'file', 'string', or 'none' (if not creating a role). string "file" no
create_role_permission_policy_string (Optional) Full JSON permission policy to assign to newly created role. Mandatory if no role is supplied. string "" no
create_role_permissions_boundary (Optional) The ARN of the policy that is used to set the permissions boundary for the newly created role. string "" no
create_role_tags (Optional) Key-value mapping of tags for the newly created role. map(string) {} no
environment_variables (Optional) A map that defines environment variables for the Lambda function. map(string) {} no
lambda_permission_action (Required if assigning a resource policy) The AWS Lambda action you want to allow in this statement. (e.g. lambda:InvokeFunction) string "lambda:InvokeFunction" no
lambda_permission_principal (Required if assigning a resource policy) The principal who is getting this permission. e.g. s3.amazonaws.com, an AWS account ID, or any valid AWS service principal such as events.amazonaws.com or sns.amazonaws.com. string "apigateway.amazonaws.com" no
lambda_permission_statement_id_prefix (Optional) A statement identifier prefix. Terraform will generate a unique suffix. Conflicts with statement_id. string "AllowInvoke" no
memory_size (Optional) Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits number 256 no
publish (Optional) Whether to publish creation/change as new Lambda Function Version. Defaults to false. bool true no
reserved_concurrent_executions (Optional) The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency number -1 no
role The ARN of a role that defines the permissions of your function. string "" no
runtime The runtime of the lambda function. Options can be found here: https://docs.aws.amazon.com/sdkfornet/v3/apidocs/index.html?page=Lambda/TLambdaRuntime.html&tocid=Amazon_Lambda_Runtime string "nodejs12.x" no
tags (Optional) A mapping of tags to assign to the object. map(string) {} no
timeout (Optional) The amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits number 30 no
tracing_config_mode (Optional) Can be either PassThrough or Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with 'sampled=1'. If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision. string "" no
vpc_config_security_group_ids (Required if running Lambda in VPC) A list of security group IDs associated with the Lambda function. list(string) [] no
vpc_config_subnet_ids (Required if running Lambda in VPC) A list of subnet IDs associated with the Lambda function. list(string) [] no

Outputs

Name Description
lambda The lambda function.