github.com/pbs/terraform-aws-lambda-module?ref=1.4.0
More information can be found on these install methods and more in the documentation here.
This module creates a Lambda function with a basic IAM role with SSM parameter authentication configured, along with logging.
By default, the Lambda function that is created also has integration with X-Ray and Lambda Insights enabled.
Integrate this module like so:
module "role" {
source = "github.com/pbs/terraform-aws-lambda-module?ref=1.4.0"
handler = "main"
filename = "../artifacts/handler.zip"
runtime = "go1.x"
# Tagging Parameters
organization = var.organization
environment = var.environment
product = var.product
repo = var.repo
# Optional Parameters
}
If this repo is added as a subtree, then the version of the module should be close to the version shown here:
1.4.0
Note, however that subtrees can be altered as desired within repositories.
Further documentation on usage can be found here.
Below is automatically generated documentation on this Terraform module using terraform-docs
Name | Version |
---|---|
terraform | >= 1.3.2 |
aws | >= 5.30.0 |
Name | Version |
---|---|
aws | 5.24.0 |
Name | Source | Version |
---|---|---|
default_role | github.com/pbs/terraform-aws-iam-role-module | 0.2.1 |
Name | Type |
---|---|
aws_cloudwatch_log_group.log_group | resource |
aws_lambda_function.lambda | resource |
aws_security_group.sg | resource |
aws_security_group_rule.egress | resource |
aws_caller_identity.current | data source |
aws_default_tags.common_tags | data source |
aws_iam_policy_document.default_policy_document | data source |
aws_region.current | data source |
aws_subnets.private_subnets | data source |
aws_vpc.vpc | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
environment | Environment (sharedtools, dev, staging, qa, prod) | string |
n/a | yes |
organization | Organization using this module. Used to prefix tags so that they are easily identified as being from your organization | string |
n/a | yes |
product | Tag used to group resources according to product | string |
n/a | yes |
repo | Tag used to point to the repo using this module | string |
n/a | yes |
add_app_config_extension_layer | Add the AWS-AppConfig-Lambda-Extension layer to the Lambda function. Ignored if layers is not null or if image_uri is defined. |
bool |
true |
no |
add_ssm_extension_layer | Add the AWS-Parameters-and-Secrets-Lambda-Extension layer to the Lambda function. Ignored if layers is not null or if image_uri is defined. |
bool |
true |
no |
add_vpc_config | Add VPC configuration to the Lambda function | bool |
false |
no |
allow_app_config_access | Allow AppConfig access from the Lambda function. Ignored if policy_json or role_arn are set. |
bool |
true |
no |
app_config_extension_account_number | Account number for the AWS-AppConfig-Extension layer | string |
"027255383542" |
no |
app_config_extension_version | Lambda layer version for the AWS-AppConfig-Extension layer | number |
null |
no |
architectures | Architectures to target for the Lambda function | list(string) |
[ |
no |
description | Description for this lambda function | string |
null |
no |
environment_vars | Map of environment variables for the Lambda. If null, defaults to setting an SSM_PATH based on the environment and name of the function. Set to {} if you would like for there to be no environment variables present. This is important if you are creating a Lambda@Edge. | map(any) |
null |
no |
ephemeral_storage_size | Size of the ephemeral storage in MB. Ignored if runtime is not supported. | number |
512 |
no |
file_system_config | File system configuration for the Lambda function | map(any) |
null |
no |
filename | Filename for the artifact to use for the Lambda | string |
null |
no |
handler | Handler for the lambda function | string |
null |
no |
image_uri | URI of the container image to use for the Lambda | string |
null |
no |
lambda_insights_extension_account_number | Account number for the LambdaInsightsExtension layer | string |
"580247275435" |
no |
lambda_insights_extension_version | Lambda layer version for the LambdaInsightsExtension layer | number |
null |
no |
layers | Lambda layers to apply to function. If null, a Lambda Layer extension is added by default. | list(string) |
null |
no |
log_group_class | Log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS | string |
"STANDARD" |
no |
log_retention_in_days | Number of days to retain CloudWatch Log entries | number |
7 |
no |
memory_size | Amount of memory in MB your Lambda Function can use at runtime | number |
128 |
no |
name | Name of the Lambda function | string |
null |
no |
package_type | Package type for the Lambda function. Valid values are Zip and Image. | string |
"Zip" |
no |
parameters_and_secrets_extension_account_number | Account number for the AWS-Parameters-and-Secrets-Lambda-Extension layer | string |
"177933569100" |
no |
parameters_and_secrets_extension_version | Lambda layer version for the AWS-Parameters-and-Secrets-Lambda-Extension layer | number |
null |
no |
permissions_boundary_arn | ARN of the permissions boundary to use on the role created for this lambda | string |
null |
no |
policy_json | Policy JSON. If null, default policy granting access to SSM and cloudwatch logs is used | string |
null |
no |
publish | Whether to publish creation/change as new Lambda Function Version | bool |
true |
no |
role_arn | ARN of the role to be used for this Lambda | string |
null |
no |
runtime | Runtime for the lambda function | string |
null |
no |
security_group_id | Security group ID. If null, one will be created. | string |
null |
no |
ssm_path | SSM path to use for environment variables. If null, defaults to /${var.environment}/${local.name} | string |
null |
no |
subnets | Subnets to use for the Lambda function. Ignored if add_vpc_config is false. If null, one will be looked up based on environment tag. | list(string) |
null |
no |
tags | Extra tags | map(string) |
{} |
no |
timeout | Timeout in seconds of the Lambda | number |
3 |
no |
tracing_config_mode | Tracing config mode for X-Ray integration on Lambda | string |
"Active" |
no |
use_prefix | Use prefix for resources instead of explicitly defining whole name where possible | bool |
true |
no |
vpc_id | VPC ID. If null, one will be looked up based on environment tag. | string |
null |
no |
Name | Description |
---|---|
arn | ARN of the lambda function |
invoke_arn | Invocation ARN of the lambda function |
name | Name of the lambda function |
qualified_arn | Qualified ARN of the lambda function |
sg | Security group of the lambda function if there is one |