Skip to content

pbs/terraform-aws-lambda-lb-module

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

342 Commits
.github
.github
 
 
docs
docs
 
 
examples/basic
examples/basic
 
 
scripts
scripts
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.golang-pkgs
.golang-pkgs
 
 
.terraform-docs.yml
.terraform-docs.yml
 
 
.terraform.lock.hcl
.terraform.lock.hcl
 
 
.tflint.hcl
.tflint.hcl
 
 
.tool-versions
.tool-versions
 
 
LICENSE
LICENSE
 
 
README-HEADER.md
README-HEADER.md
 
 
README.md
README.md
 
 
data.tf
data.tf
 
 
dns.tf
dns.tf
 
 
go.work
go.work
 
 
go.work.sum
go.work.sum
 
 
lambda.tf
lambda.tf
 
 
lb.tf
lb.tf
 
 
locals.tf
locals.tf
 
 
optional-dns.tf
optional-dns.tf
 
 
optional-lambda.tf
optional-lambda.tf
 
 
optional-lb.tf
optional-lb.tf
 
 
optional.tf
optional.tf
 
 
outputs.tf
outputs.tf
 
 
required-lambda.tf
required-lambda.tf
 
 
security.tf
security.tf
 
 
tags.tf
tags.tf
 
 
terraform.tf
terraform.tf
 
 

Repository files navigation

PBS TF Lambda LB

Installation

Using the Repo Source

Use this URL for the source of the module. See the usage examples below for more details.

github.com/pbs/terraform-aws-lambda-lb-module?ref=0.0.44

Alternative Installation Methods

More information can be found on these install methods and more in the documentation here.

Usage

Provisions an AWS Lambda function and an Application Load Balancer to route traffic to it.

Integrate this module like so:

module "lambda_lb" {
  source = "github.com/pbs/terraform-aws-lambda-lb-module?ref=0.0.44"

  handler  = "main.lambda_handler"
  filename = "./artifacts/deploy.zip"
  runtime  = "python3.10"

  primary_hosted_zone = var.primary_hosted_zone

  # Tagging Parameters
  organization = var.organization
  environment  = var.environment
  product      = var.product
  repo         = var.repo

  # Optional Parameters
}

Adding This Version of the Module

If this repo is added as a subtree, then the version of the module should be close to the version shown here:

0.0.44

Note, however that subtrees can be altered as desired within repositories.

Further documentation on usage can be found here.

Below is automatically generated documentation on this Terraform module using terraform-docs

Requirements

Name Version
terraform >= 1.3.2
aws >= 4.5.0

Providers

Name Version
aws 5.22.0

Modules

Name Source Version
lambda github.com/pbs/terraform-aws-lambda-module 1.3.40
lambda_permission github.com/pbs/terraform-aws-lambda-permission-module 0.0.14
lb_egress github.com/pbs/terraform-aws-sg-rule-module 0.0.23
lb_http_ingress_cidrs github.com/pbs/terraform-aws-sg-rule-module 0.0.23
lb_http_ingress_sgs github.com/pbs/terraform-aws-sg-rule-module 0.0.23
lb_https_ingress_cidrs github.com/pbs/terraform-aws-sg-rule-module 0.0.23
lb_https_ingress_sgs github.com/pbs/terraform-aws-sg-rule-module 0.0.21

Resources

Name Type
aws_lb.lb resource
aws_lb_listener.http resource
aws_lb_listener.http_redirect resource
aws_lb_listener.https resource
aws_lb_listener_rule.http_forward_rule resource
aws_lb_listener_rule.https_forward_rule resource
aws_lb_target_group.target_group resource
aws_lb_target_group_attachment.target_group_attachment resource
aws_route53_record.record resource
aws_security_group.lb_sg resource
aws_acm_certificate.primary_acm_wildcard_cert data source
aws_default_tags.common_tags data source
aws_route53_zone.hosted_zone data source
aws_subnets.private_subnets data source
aws_subnets.public_subnets data source
aws_vpc.vpc data source

Inputs

Name Description Type Default Required
environment Environment (sharedtools, dev, staging, qa, prod) string n/a yes
organization Organization using this module. Used to prefix tags so that they are easily identified as being from your organization string n/a yes
product Tag used to group resources according to product string n/a yes
repo Tag used to point to the repo using this module string n/a yes
acm_arn ARN of the ACM certificate to use for the load balancer. If null, one will be guessed based on the primary hosted zone of the service. string null no
add_app_config_extension_layer Add the AWS-AppConfig-Lambda-Extension layer to the Lambda function. Ignored if layers is not null or if runtime is not supported. bool true no
add_ssm_extension_layer Add the AWS-Parameters-and-Secrets-Lambda-Extension layer to the Lambda function. Ignored if layers is not null or if using the ARM runtime. bool true no
add_vpc_config Add VPC configuration to the Lambda function bool false no
alb_ssl_policy SSL policy to use for an Application Load Balancer application. string "ELBSecurityPolicy-2016-08" no
aliases CNAME(s) that are allowed to be used for this product in the rules on the load balancer. Any name that does not match one of these will get a 403 response from the load balancer. Default is product.hosted_zone. e.g. [product.example.com] --> [product.example.com] list(string) null no
allow_app_config_access Allow AppConfig access from the Lambda function. Ignored if policy_json or role_arn are set. bool true no
app_config_extension_account_number Account number for the AWS-AppConfig-Extension layer string "027255383542" no
app_config_extension_version Lambda layer version for the AWS-AppConfig-Extension layer number null no
architectures Architectures to target for the Lambda function list(string) 
[
  "x86_64"
]
 no
cnames CNAME(s) that are going to be created for this product in the hosted zone. This can be set to [] to avoid creating a CNAME for the product. Default is product. e.g. [product] --> [product.example.com] list(string) null no
create_http_listeners Create HTTP listeners for the load balancer. By default, these listeners will only be used to redirect to HTTPS. Set create_https_listeners to false to only create http listeners. This is not recommended. bool true no
create_https_listeners Create HTTPS listeners for the load balancer. bool true no
create_lb_sg Create a security group for the load balancer bool true no
dns_evaluate_target_health evaluate health of endpoints by querying DNS records bool false no
environment_vars Map of environment variables for the Lambda. If null, defaults to setting an SSM_PATH based on the environment and name of the function. Set to {} if you would like for there to be no environment variables present. This is important if you are creating a Lambda@Edge. map(any) null no
file_system_config File system configuration for the Lambda function map(any) null no
filename Filename for the artifact to use for the Lambda string null no
handler Lambda handler string null no
http_port HTTP port on which the load balancer is listening number 80 no
https_port HTTPS port on which the load balancer is listening number 443 no
idle_timeout Idle timeout for the load balancer. The time in seconds that the connection is allowed to be idle. number 60 no
image_uri URI of the container image to use for the Lambda string null no
internal Use an internal load balancer. bool false no
lambda_description Description for this lambda function string null no
lambda_insights_extension_account_number Account number for the LambdaInsightsExtension layer string "580247275435" no
lambda_insights_extension_version Lambda layer version for the LambdaInsightsExtension layer number null no
lambda_name Name of the Lambda function string null no
lambda_subnets Subnets to use for the Lambda function. Ignored if add_vpc_config is false. If null, one will be looked up based on environment tag. list(string) null no
layers Lambda layers to apply to function. If null, a Lambda Layer extension is added by default. list(string) null no
lb_subnets Subnets for the product LB. If null, private and public subnets will be looked up based on environment tag and one will be selected based on internal. list(string) null no
load_balancer_name Name of the load balancer. If omitted, this module will a value based on the name value in this module. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. string null no
log_retention_in_days Number of days to retain CloudWatch Log entries number 7 no
memory_size Amount of memory in MB your Lambda Function can use at runtime number 128 no
name Name of the Lambda LB. If null, will default to product. string null no
package_type Package type for the Lambda function. Valid values are Zip and Image. string "Zip" no
parameters_and_secrets_extension_account_number Account number for the AWS-Parameters-and-Secrets-Lambda-Extension layer string "177933569100" no
parameters_and_secrets_extension_version Lambda layer version for the AWS-Parameters-and-Secrets-Lambda-Extension layer number null no
permissions_boundary_arn ARN of the permissions boundary to use on the role created for this lambda string null no
policy_json Policy JSON. If null, default policy granting access to SSM and cloudwatch logs is used string null no
primary_hosted_zone Name of the primary hosted zone for DNS. e.g. primary_hosted_zone = example.org --> service.example.org. If null, it is assumed that a private hosted zone will be used. string null no
private_hosted_zone Name of the private hosted zone for DNS. e.g. private_hosted_zone = example.org --> service.example.private. If null, it is assumed that a public hosted zone will be used. string null no
publish Whether to publish creation/change as new Lambda Function Version bool true no
restricted_cidr_blocks CIDR blocks to receive restricted product access. If empty, no CIDRs will be allowed to connect. list(string) 
[
  "0.0.0.0/0"
]
 no
restricted_sg SG to receive restricted product access. If null, no sg will be configured to connect string null no
role_arn ARN of the role to be used for this Lambda string null no
runtime Runtime for the lambda function string null no
security_group_id Security group ID. If null, one will be created. string null no
ssm_path SSM path to use for environment variables. If null, defaults to /${var.environment}/${local.name} string null no
subnet_data_lookup_filters Values of the filter blocks in the aws_subnets data source used in this module. If null, one will be guessed using the resolved VPC and a Name filter of *-private-* or *-public-* based on the value of internal. Ignored if subnets is populated. map(any) null no
tags Extra tags map(string) {} no
target_group_name Name of the target group. If omitted, this module will a value based on the name value in this module. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. string null no
timeout Timeout in seconds of the Lambda number 3 no
tracing_config_mode Tracing config mode for X-Ray integration on Lambda string "Active" no
use_prefix Use prefix for resources instead of explicitly defining whole name where possible bool true no
vpc_data_lookup_tags Value of the tags parameter in the aws_vpc data source used in this module. If null, a dynamic lookup based on environment will be used. Ignored if vpc_id is populated. map(string) null no
vpc_id VPC ID. If null, one will be looked up based on environment tag. string null no

Outputs

Name Description
domain_name One domain name that will resolve to this product. Might not be a valid alias.
lambda_arn ARN of the Lambda function
lambda_name Name of the Lambda function
lambda_sg Security group of the lambda function
lb_arn Load balancer ARN
lb_sg Load balancer security group

About

Standard PBS TF Lambda + LB Module

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases 44

0.0.44 Latest
Mar 4, 2024
+ 43 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages