Skip to content

Terraform module for AWS Lambda functions without the bad aws_iam_policy_attachment resource

License

Notifications You must be signed in to change notification settings

SemanticSugar/terraform-aws-lambda

 
 

Repository files navigation

DEPRECATION WARNING:

Please use the official AWS Lambda Terraform module; module inputs should be nearly identical and the module is maintained by the wider Terraform community.

terraform-aws-lambda

This Terraform module creates and uploads an AWS Lambda function and hides the ugly parts from you.

Features

  • Only appears in the Terraform plan when there are legitimate changes.
  • Creates a standard IAM role and policy for CloudWatch Logs.
    • You can add additional policies if required.
  • Zips up a source file or directory.
  • Installs dependencies from requirements.txt for Python functions.
    • It only does this when necessary, not every time.

Requirements

  • Python 2.7 or higher
  • Linux/Unix/Windows

Terraform version compatibility

Module version Terraform version
1.x.x 0.12.x
0.x.x 0.11.x

Usage

module "lambda" {
  source = "github.com/claranet/terraform-aws-lambda"

  function_name = "deployment-deploy-status"
  description   = "Deployment deploy status task"
  handler       = "main.lambda_handler"
  runtime       = "python3.6"
  timeout       = 300

  // Specify a file or directory for the source code.
  source_path = "${path.module}/lambda.py"

  // Add additional trusted entities for assuming roles (trust relationships).
  trusted_entities = ["events.amazonaws.com", "s3.amazonaws.com"]

  // Attach a policy.
  policy = {
    json = data.aws_iam_policy_document.lambda.json
  }

  // Add a dead letter queue.
  dead_letter_config = {
    target_arn = aws_sqs_queue.dlq.arn
  }

  // Add environment variables.
  environment = {
    variables = {
      SLACK_URL = var.slack_url
    }
  }

  // Deploy into a VPC.
  vpc_config = {
    subnet_ids         = [aws_subnet.test.id]
    security_group_ids = [aws_security_group.test.id]
  }
}

Inputs

Inputs for this module are the same as the aws_lambda_function resource with the following additional arguments:

Name Description Type Default Required
source_path The absolute path to a local file or directory containing your Lambda source code string yes
build_command The command to run to create the Lambda package zip file string "python build.py '$filename' '$runtime' '$source'" no
build_paths The files or directories used by the build command, to trigger new Lambda package builds whenever build scripts change list(string) ["build.py"] no
cloudwatch_logs Set this to false to disable logging your Lambda output to CloudWatch Logs bool true no
lambda_at_edge Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function bool false no
policy An additional policy to attach to the Lambda function role object({json=string}) no
trusted_entities Additional trusted entities for the Lambda function. The lambda.amazonaws.com (and edgelambda.amazonaws.com if lambda_at_edge is true) is always set list(string) no

The following arguments from the aws_lambda_function resource are not supported:

  • filename (use source_path instead)
  • role (one is automatically created)
  • s3_bucket
  • s3_key
  • s3_object_version
  • source_code_hash (changes are handled automatically)

Outputs

Name Description
function_arn The ARN of the Lambda function
function_invoke_arn The Invoke ARN of the Lambda function
function_name The name of the Lambda function
function_qualified_arn The qualified ARN of the Lambda function
role_arn The ARN of the IAM role created for the Lambda function
role_name The name of the IAM role created for the Lambda function

About

Terraform module for AWS Lambda functions without the bad aws_iam_policy_attachment resource

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • HCL 63.2%
  • Python 33.6%
  • Shell 3.2%