Skip to content

Commit

Permalink
Merge branch 'terraform-aws-modules:master' into master
Browse files Browse the repository at this point in the history
  • Loading branch information
NikolayMetchev authored May 14, 2024
2 parents f6bee34 + 8a370ba commit c652616
Show file tree
Hide file tree
Showing 11 changed files with 118 additions and 20 deletions.
4 changes: 2 additions & 2 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.88.4
rev: v1.89.1
hooks:
- id: terraform_fmt
- id: terraform_wrapper_module_for_each
Expand All @@ -24,7 +24,7 @@ repos:
- "--args=--only=terraform_workspace_remote"
- id: terraform_validate
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
rev: v4.6.0
hooks:
- id: check-merge-conflict
- id: end-of-file-fixer
Expand Down
14 changes: 14 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,20 @@

All notable changes to this project will be documented in this file.

## [7.4.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.3.0...v7.4.0) (2024-05-03)


### Features

* Added support for CW log_group_class and skip_destroy ([#565](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/565)) ([7256f7c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/7256f7c226adf294bb6280f1fc4326d015e78d83))

## [7.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.6...v7.3.0) (2024-05-03)


### Features

* Added create before destroy on aws_lambda_permission ([#561](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/561)) ([e9c4676](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/e9c467688de057a454646d5f947f3d4527f78a19))

## [7.2.6](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.5...v7.2.6) (2024-04-12)


Expand Down
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -756,7 +756,9 @@ No modules.
| <a name="input_authorization_type"></a> [authorization\_type](#input\_authorization\_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS\_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no |
| <a name="input_build_in_docker"></a> [build\_in\_docker](#input\_build\_in\_docker) | Whether to build dependencies in Docker | `bool` | `false` | no |
| <a name="input_cloudwatch_logs_kms_key_id"></a> [cloudwatch\_logs\_kms\_key\_id](#input\_cloudwatch\_logs\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no |
| <a name="input_cloudwatch_logs_log_group_class"></a> [cloudwatch\_logs\_log\_group\_class](#input\_cloudwatch\_logs\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no |
| <a name="input_cloudwatch_logs_retention_in_days"></a> [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no |
| <a name="input_cloudwatch_logs_skip_destroy"></a> [cloudwatch\_logs\_skip\_destroy](#input\_cloudwatch\_logs\_skip\_destroy) | Whether to keep the log group (and any logs it may contain) at destroy time. | `bool` | `false` | no |
| <a name="input_cloudwatch_logs_tags"></a> [cloudwatch\_logs\_tags](#input\_cloudwatch\_logs\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no |
| <a name="input_code_signing_config_arn"></a> [code\_signing\_config\_arn](#input\_code\_signing\_config\_arn) | Amazon Resource Name (ARN) for a Code Signing Configuration | `string` | `null` | no |
| <a name="input_compatible_architectures"></a> [compatible\_architectures](#input\_compatible\_architectures) | A list of Architectures Lambda layer is compatible with. Currently x86\_64 and arm64 can be specified. | `list(string)` | `null` | no |
Expand Down
2 changes: 2 additions & 0 deletions examples/complete/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,8 @@ module "lambda_function" {
Serverless = "Terraform"
}

cloudwatch_logs_log_group_class = "INFREQUENT_ACCESS"

role_path = "/tf-managed/"
policy_path = "/tf-managed/"

Expand Down
38 changes: 24 additions & 14 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -232,6 +232,8 @@ resource "aws_cloudwatch_log_group" "lambda" {
name = coalesce(var.logging_log_group, "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}")
retention_in_days = var.cloudwatch_logs_retention_in_days
kms_key_id = var.cloudwatch_logs_kms_key_id
skip_destroy = var.cloudwatch_logs_skip_destroy
log_group_class = var.cloudwatch_logs_log_group_class

tags = merge(var.tags, var.cloudwatch_logs_tags)
}
Expand Down Expand Up @@ -284,13 +286,17 @@ resource "aws_lambda_permission" "current_version_triggers" {
function_name = aws_lambda_function.this[0].function_name
qualifier = aws_lambda_function.this[0].version

statement_id = try(each.value.statement_id, each.key)
action = try(each.value.action, "lambda:InvokeFunction")
principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, "")))
principal_org_id = try(each.value.principal_org_id, null)
source_arn = try(each.value.source_arn, null)
source_account = try(each.value.source_account, null)
event_source_token = try(each.value.event_source_token, null)
statement_id_prefix = try(each.value.statement_id, each.key)
action = try(each.value.action, "lambda:InvokeFunction")
principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, "")))
principal_org_id = try(each.value.principal_org_id, null)
source_arn = try(each.value.source_arn, null)
source_account = try(each.value.source_account, null)
event_source_token = try(each.value.event_source_token, null)

lifecycle {
create_before_destroy = true
}
}

# Error: Error adding new Lambda Permission for lambda: InvalidParameterValueException: We currently do not support adding policies for $LATEST.
Expand All @@ -299,13 +305,17 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" {

function_name = aws_lambda_function.this[0].function_name

statement_id = try(each.value.statement_id, each.key)
action = try(each.value.action, "lambda:InvokeFunction")
principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, "")))
principal_org_id = try(each.value.principal_org_id, null)
source_arn = try(each.value.source_arn, null)
source_account = try(each.value.source_account, null)
event_source_token = try(each.value.event_source_token, null)
statement_id_prefix = try(each.value.statement_id, each.key)
action = try(each.value.action, "lambda:InvokeFunction")
principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, "")))
principal_org_id = try(each.value.principal_org_id, null)
source_arn = try(each.value.source_arn, null)
source_account = try(each.value.source_account, null)
event_source_token = try(each.value.event_source_token, null)

lifecycle {
create_before_destroy = true
}
}

resource "aws_lambda_event_source_mapping" "this" {
Expand Down
12 changes: 12 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -432,6 +432,18 @@ variable "cloudwatch_logs_kms_key_id" {
default = null
}

variable "cloudwatch_logs_skip_destroy" {
description = "Whether to keep the log group (and any logs it may contain) at destroy time."
type = bool
default = false
}

variable "cloudwatch_logs_log_group_class" {
description = "Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS`"
type = string
default = null
}

variable "cloudwatch_logs_tags" {
description = "A map of tags to assign to the resource."
type = map(string)
Expand Down
9 changes: 8 additions & 1 deletion wrappers/alias/versions.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
terraform {
required_version = ">= 0.13.1"
required_version = ">= 1.0"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.9"
}
}
}
17 changes: 16 additions & 1 deletion wrappers/deploy/versions.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,18 @@
terraform {
required_version = ">= 0.13.1"
required_version = ">= 1.0"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.35"
}
local = {
source = "hashicorp/local"
version = ">= 1.0"
}
null = {
source = "hashicorp/null"
version = ">= 2.0"
}
}
}
17 changes: 16 additions & 1 deletion wrappers/docker-build/versions.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,18 @@
terraform {
required_version = ">= 0.13.1"
required_version = ">= 1.0"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.22"
}
docker = {
source = "kreuzwerker/docker"
version = ">= 3.0"
}
null = {
source = "hashicorp/null"
version = ">= 2.0"
}
}
}
2 changes: 2 additions & 0 deletions wrappers/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,9 @@ module "wrapper" {
authorization_type = try(each.value.authorization_type, var.defaults.authorization_type, "NONE")
build_in_docker = try(each.value.build_in_docker, var.defaults.build_in_docker, false)
cloudwatch_logs_kms_key_id = try(each.value.cloudwatch_logs_kms_key_id, var.defaults.cloudwatch_logs_kms_key_id, null)
cloudwatch_logs_log_group_class = try(each.value.cloudwatch_logs_log_group_class, var.defaults.cloudwatch_logs_log_group_class, null)
cloudwatch_logs_retention_in_days = try(each.value.cloudwatch_logs_retention_in_days, var.defaults.cloudwatch_logs_retention_in_days, null)
cloudwatch_logs_skip_destroy = try(each.value.cloudwatch_logs_skip_destroy, var.defaults.cloudwatch_logs_skip_destroy, false)
cloudwatch_logs_tags = try(each.value.cloudwatch_logs_tags, var.defaults.cloudwatch_logs_tags, {})
code_signing_config_arn = try(each.value.code_signing_config_arn, var.defaults.code_signing_config_arn, null)
compatible_architectures = try(each.value.compatible_architectures, var.defaults.compatible_architectures, null)
Expand Down
21 changes: 20 additions & 1 deletion wrappers/versions.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,22 @@
terraform {
required_version = ">= 0.13.1"
required_version = ">= 1.0"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.32"
}
external = {
source = "hashicorp/external"
version = ">= 1.0"
}
local = {
source = "hashicorp/local"
version = ">= 1.0"
}
null = {
source = "hashicorp/null"
version = ">= 2.0"
}
}
}

0 comments on commit c652616

Please sign in to comment.