From 95d1f1963441fcc7009f5c795d16b04efdce9136 Mon Sep 17 00:00:00 2001 From: Mariia Rudenko Date: Tue, 4 Feb 2025 13:07:55 -0500 Subject: [PATCH 01/15] runs pre-commit hooks --- wrappers/README.md | 6 +++--- wrappers/alias/README.md | 6 +++--- wrappers/deploy/README.md | 6 +++--- wrappers/docker-build/README.md | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/wrappers/README.md b/wrappers/README.md index 954ea7d1..169057f9 100644 --- a/wrappers/README.md +++ b/wrappers/README.md @@ -12,9 +12,9 @@ This wrapper does not implement any extra functionality. ```hcl terraform { - source = "tfr:///terraform-aws-modules/lambda/aws//wrappers" + source = "tfr:///terraform-aws-modules/lambda-secure-fork/aws//wrappers" # Alternative source: - # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers?ref=master" + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda-secure-fork.git//wrappers?ref=master" } inputs = { @@ -42,7 +42,7 @@ inputs = { ```hcl module "wrapper" { - source = "terraform-aws-modules/lambda/aws//wrappers" + source = "terraform-aws-modules/lambda-secure-fork/aws//wrappers" defaults = { # Default values create = true diff --git a/wrappers/alias/README.md b/wrappers/alias/README.md index a296ced7..4db41a1e 100644 --- a/wrappers/alias/README.md +++ b/wrappers/alias/README.md @@ -12,9 +12,9 @@ This wrapper does not implement any extra functionality. ```hcl terraform { - source = "tfr:///terraform-aws-modules/lambda/aws//wrappers/alias" + source = "tfr:///terraform-aws-modules/lambda-secure-fork/aws//wrappers/alias" # Alternative source: - # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers/alias?ref=master" + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda-secure-fork.git//wrappers/alias?ref=master" } inputs = { @@ -42,7 +42,7 @@ inputs = { ```hcl module "wrapper" { - source = "terraform-aws-modules/lambda/aws//wrappers/alias" + source = "terraform-aws-modules/lambda-secure-fork/aws//wrappers/alias" defaults = { # Default values create = true diff --git a/wrappers/deploy/README.md b/wrappers/deploy/README.md index 5d24d8b2..5e695a59 100644 --- a/wrappers/deploy/README.md +++ b/wrappers/deploy/README.md @@ -12,9 +12,9 @@ This wrapper does not implement any extra functionality. ```hcl terraform { - source = "tfr:///terraform-aws-modules/lambda/aws//wrappers/deploy" + source = "tfr:///terraform-aws-modules/lambda-secure-fork/aws//wrappers/deploy" # Alternative source: - # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers/deploy?ref=master" + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda-secure-fork.git//wrappers/deploy?ref=master" } inputs = { @@ -42,7 +42,7 @@ inputs = { ```hcl module "wrapper" { - source = "terraform-aws-modules/lambda/aws//wrappers/deploy" + source = "terraform-aws-modules/lambda-secure-fork/aws//wrappers/deploy" defaults = { # Default values create = true diff --git a/wrappers/docker-build/README.md b/wrappers/docker-build/README.md index 093f989b..5a098ee1 100644 --- a/wrappers/docker-build/README.md +++ b/wrappers/docker-build/README.md @@ -12,9 +12,9 @@ This wrapper does not implement any extra functionality. ```hcl terraform { - source = "tfr:///terraform-aws-modules/lambda/aws//wrappers/docker-build" + source = "tfr:///terraform-aws-modules/lambda-secure-fork/aws//wrappers/docker-build" # Alternative source: - # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers/docker-build?ref=master" + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda-secure-fork.git//wrappers/docker-build?ref=master" } inputs = { @@ -42,7 +42,7 @@ inputs = { ```hcl module "wrapper" { - source = "terraform-aws-modules/lambda/aws//wrappers/docker-build" + source = "terraform-aws-modules/lambda-secure-fork/aws//wrappers/docker-build" defaults = { # Default values create = true From 8bf47683955d0188ddb3380e585a00b5b054e8bd Mon Sep 17 00:00:00 2001 From: Mariia Rudenko Date: Tue, 4 Feb 2025 13:59:59 -0500 Subject: [PATCH 02/15] fix: INFR-3792 comments out external local and null resources --- README.md | 53 -- examples/alias/README.md | 49 +- examples/alias/main.tf | 258 +++--- examples/alias/outputs.tf | 292 +++---- examples/async/README.md | 38 +- examples/async/main.tf | 60 +- examples/async/outputs.tf | 208 ++--- examples/build-package/README.md | 33 +- examples/build-package/main.tf | 960 +++++++++++------------ examples/code-signing/README.md | 25 +- examples/code-signing/main.tf | 236 +++--- examples/code-signing/outputs.tf | 32 +- examples/complete/README.md | 57 +- examples/complete/main.tf | 876 ++++++++++----------- examples/complete/outputs.tf | 240 +++--- examples/container-image/README.md | 5 - examples/container-image/main.tf | 4 +- examples/container-image/outputs.tf | 48 +- examples/deploy/README.md | 29 +- examples/deploy/main.tf | 126 +-- examples/deploy/outputs.tf | 88 +-- examples/event-source-mapping/README.md | 42 +- examples/event-source-mapping/main.tf | 558 ++++++------- examples/event-source-mapping/outputs.tf | 124 +-- examples/multiple-regions/README.md | 40 +- examples/multiple-regions/main.tf | 438 +++++------ examples/multiple-regions/outputs.tf | 208 ++--- examples/runtimes/README.md | 26 +- examples/runtimes/checks.tf | 60 +- examples/runtimes/main.tf | 196 ++--- examples/runtimes/outputs.tf | 40 +- examples/simple-cicd/README.md | 12 +- examples/simple-cicd/main.tf | 40 +- examples/simple/README.md | 35 +- examples/simple/main.tf | 608 +++++++------- examples/simple/outputs.tf | 208 ++--- examples/triggers/README.md | 38 +- examples/triggers/main.tf | 126 +-- examples/triggers/outputs.tf | 208 ++--- examples/with-efs/README.md | 40 +- examples/with-efs/main.tf | 168 ++-- examples/with-efs/outputs.tf | 208 ++--- examples/with-vpc-s3-endpoint/README.md | 45 +- examples/with-vpc-s3-endpoint/main.tf | 454 +++++------ examples/with-vpc-s3-endpoint/outputs.tf | 208 ++--- examples/with-vpc/README.md | 36 +- examples/with-vpc/main.tf | 88 +-- examples/with-vpc/outputs.tf | 208 ++--- main.tf | 186 ++--- outputs.tf | 82 +- package.tf | 128 +-- variables.tf | 382 ++++----- versions.tf | 24 +- wrappers/main.tf | 33 - wrappers/versions.tf | 24 +- 55 files changed, 4259 insertions(+), 4779 deletions(-) diff --git a/README.md b/README.md index 10cdbe39..3cc6f87d 100644 --- a/README.md +++ b/README.md @@ -668,18 +668,12 @@ Q4: What does this error mean - `"We currently do not support adding policies fo |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 5.79 | -| [external](#requirement\_external) | >= 1.0 | -| [local](#requirement\_local) | >= 1.0 | -| [null](#requirement\_null) | >= 2.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 5.79 | -| [external](#provider\_external) | >= 1.0 | -| [local](#provider\_local) | >= 1.0 | -| [null](#provider\_null) | >= 2.0 | ## Modules @@ -706,15 +700,9 @@ No modules. | [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | | [aws_lambda_function_recursion_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_recursion_config) | resource | | [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource | -| [aws_lambda_layer_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_layer_version) | resource | | [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | | [aws_lambda_permission.unqualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | | [aws_lambda_provisioned_concurrency_config.current_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_provisioned_concurrency_config) | resource | -| [aws_s3_object.lambda_package](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource | -| [local_file.archive_plan](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | -| [null_resource.archive](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [null_resource.sam_metadata_aws_lambda_function](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [null_resource.sam_metadata_aws_lambda_layer_version](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_arn.log_group_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | data source | @@ -727,7 +715,6 @@ No modules. | [aws_iam_policy_document.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [external_external.archive_prepare](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | ## Inputs @@ -735,7 +722,6 @@ No modules. |------|-------------|------|---------|:--------:| | [allowed\_triggers](#input\_allowed\_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | | [architectures](#input\_architectures) | Instruction set architecture for your Lambda function. Valid values are ["x86\_64"] and ["arm64"]. | `list(string)` | `null` | no | -| [artifacts\_dir](#input\_artifacts\_dir) | Directory name where artifacts should be stored | `string` | `"builds"` | no | | [assume\_role\_policy\_statements](#input\_assume\_role\_policy\_statements) | Map of dynamic policy statements for assuming Lambda Function role (trust relationship) | `any` | `{}` | no | | [attach\_async\_event\_policy](#input\_attach\_async\_event\_policy) | Controls whether async event policy should be added to IAM role for Lambda Function | `bool` | `false` | no | | [attach\_cloudwatch\_logs\_policy](#input\_attach\_cloudwatch\_logs\_policy) | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | `bool` | `true` | no | @@ -749,15 +735,12 @@ No modules. | [attach\_policy\_statements](#input\_attach\_policy\_statements) | Controls whether policy\_statements should be added to IAM role for Lambda Function | `bool` | `false` | no | | [attach\_tracing\_policy](#input\_attach\_tracing\_policy) | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | `bool` | `false` | no | | [authorization\_type](#input\_authorization\_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS\_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no | -| [build\_in\_docker](#input\_build\_in\_docker) | Whether to build dependencies in Docker | `bool` | `false` | no | | [cloudwatch\_logs\_kms\_key\_id](#input\_cloudwatch\_logs\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | | [cloudwatch\_logs\_log\_group\_class](#input\_cloudwatch\_logs\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no | | [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | | [cloudwatch\_logs\_skip\_destroy](#input\_cloudwatch\_logs\_skip\_destroy) | Whether to keep the log group (and any logs it may contain) at destroy time. | `bool` | `false` | no | | [cloudwatch\_logs\_tags](#input\_cloudwatch\_logs\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | | [code\_signing\_config\_arn](#input\_code\_signing\_config\_arn) | Amazon Resource Name (ARN) for a Code Signing Configuration | `string` | `null` | no | -| [compatible\_architectures](#input\_compatible\_architectures) | A list of Architectures Lambda layer is compatible with. Currently x86\_64 and arm64 can be specified. | `list(string)` | `null` | no | -| [compatible\_runtimes](#input\_compatible\_runtimes) | A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified. | `list(string)` | `[]` | no | | [cors](#input\_cors) | CORS settings to be used by the Lambda Function URL | `any` | `{}` | no | | [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | | [create\_async\_event\_config](#input\_create\_async\_event\_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | @@ -766,9 +749,7 @@ No modules. | [create\_function](#input\_create\_function) | Controls whether Lambda Function resource should be created | `bool` | `true` | no | | [create\_lambda\_function\_url](#input\_create\_lambda\_function\_url) | Controls whether the Lambda Function URL resource should be created | `bool` | `false` | no | | [create\_layer](#input\_create\_layer) | Controls whether Lambda Layer resource should be created | `bool` | `false` | no | -| [create\_package](#input\_create\_package) | Controls whether Lambda package should be created | `bool` | `true` | no | | [create\_role](#input\_create\_role) | Controls whether IAM role for Lambda Function should be created | `bool` | `true` | no | -| [create\_sam\_metadata](#input\_create\_sam\_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no | | [create\_unqualified\_alias\_allowed\_triggers](#input\_create\_unqualified\_alias\_allowed\_triggers) | Whether to allow triggers on unqualified alias pointing to $LATEST version | `bool` | `true` | no | | [create\_unqualified\_alias\_async\_event\_config](#input\_create\_unqualified\_alias\_async\_event\_config) | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | `bool` | `true` | no | | [create\_unqualified\_alias\_lambda\_function\_url](#input\_create\_unqualified\_alias\_lambda\_function\_url) | Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL | `bool` | `true` | no | @@ -776,13 +757,6 @@ No modules. | [description](#input\_description) | Description of your Lambda Function (or Layer) | `string` | `""` | no | | [destination\_on\_failure](#input\_destination\_on\_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | | [destination\_on\_success](#input\_destination\_on\_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | -| [docker\_additional\_options](#input\_docker\_additional\_options) | Additional options to pass to the docker run command (e.g. to set environment variables, volumes, etc.) | `list(string)` | `[]` | no | -| [docker\_build\_root](#input\_docker\_build\_root) | Root dir where to build in Docker | `string` | `""` | no | -| [docker\_entrypoint](#input\_docker\_entrypoint) | Path to the Docker entrypoint to use | `string` | `null` | no | -| [docker\_file](#input\_docker\_file) | Path to a Dockerfile when building in Docker | `string` | `""` | no | -| [docker\_image](#input\_docker\_image) | Docker image to use for the build | `string` | `""` | no | -| [docker\_pip\_cache](#input\_docker\_pip\_cache) | Whether to mount a shared pip cache folder into docker environment or not | `any` | `null` | no | -| [docker\_with\_ssh\_agent](#input\_docker\_with\_ssh\_agent) | Whether to pass SSH\_AUTH\_SOCK into docker environment or not | `bool` | `false` | no | | [environment\_variables](#input\_environment\_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no | | [ephemeral\_storage\_size](#input\_ephemeral\_storage\_size) | Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | `number` | `512` | no | | [event\_source\_mapping](#input\_event\_source\_mapping) | Map of event source mapping | `any` | `{}` | no | @@ -791,8 +765,6 @@ No modules. | [function\_name](#input\_function\_name) | A unique name for your Lambda Function | `string` | `""` | no | | [function\_tags](#input\_function\_tags) | A map of tags to assign only to the lambda function | `map(string)` | `{}` | no | | [handler](#input\_handler) | Lambda Function entrypoint in your code | `string` | `""` | no | -| [hash\_extra](#input\_hash\_extra) | The string to add into hashing function. Useful when building same source path for different functions. | `string` | `""` | no | -| [ignore\_source\_code\_hash](#input\_ignore\_source\_code\_hash) | Whether to ignore changes to the function's source code hash. Set to true if you manage infrastructure and code deployments separately. | `bool` | `false` | no | | [image\_config\_command](#input\_image\_config\_command) | The CMD for the docker image | `list(string)` | `[]` | no | | [image\_config\_entry\_point](#input\_image\_config\_entry\_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | | [image\_config\_working\_directory](#input\_image\_config\_working\_directory) | The working directory for the docker image | `string` | `null` | no | @@ -804,11 +776,7 @@ No modules. | [lambda\_at\_edge](#input\_lambda\_at\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | | [lambda\_at\_edge\_logs\_all\_regions](#input\_lambda\_at\_edge\_logs\_all\_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no | | [lambda\_role](#input\_lambda\_role) | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | -| [layer\_name](#input\_layer\_name) | Name of Lambda Layer to create | `string` | `""` | no | -| [layer\_skip\_destroy](#input\_layer\_skip\_destroy) | Whether to retain the old version of a previously deployed Lambda Layer. | `bool` | `false` | no | | [layers](#input\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `null` | no | -| [license\_info](#input\_license\_info) | License info for your Lambda Layer. Eg, MIT or full url of a license. | `string` | `""` | no | -| [local\_existing\_package](#input\_local\_existing\_package) | The absolute path to an existing zip-file to use | `string` | `null` | no | | [logging\_application\_log\_level](#input\_logging\_application\_log\_level) | The application log level of the Lambda Function. Valid values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", or "FATAL". | `string` | `"INFO"` | no | | [logging\_log\_format](#input\_logging\_log\_format) | The log format of the Lambda Function. Valid values are "JSON" or "Text". | `string` | `"Text"` | no | | [logging\_log\_group](#input\_logging\_log\_group) | The CloudWatch log group to send logs to. | `string` | `null` | no | @@ -829,7 +797,6 @@ No modules. | [provisioned\_concurrent\_executions](#input\_provisioned\_concurrent\_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | | [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | | [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | -| [recreate\_missing\_package](#input\_recreate\_missing\_package) | Whether to recreate missing Lambda package if it is missing locally or not | `bool` | `true` | no | | [recursive\_loop](#input\_recursive\_loop) | Lambda function recursion configuration. Valid values are Allow or Terminate. | `string` | `null` | no | | [replace\_security\_groups\_on\_destroy](#input\_replace\_security\_groups\_on\_destroy) | (Optional) When true, all security groups defined in vpc\_security\_group\_ids will be replaced with the default security group after the function is destroyed. Set the replacement\_security\_group\_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no | | [replacement\_security\_group\_ids](#input\_replacement\_security\_group\_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace\_security\_groups\_on\_destroy must be set to true to use this attribute. | `list(string)` | `null` | no | @@ -842,25 +809,12 @@ No modules. | [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | `string` | `null` | no | | [role\_tags](#input\_role\_tags) | A map of tags to assign to IAM role | `map(string)` | `{}` | no | | [runtime](#input\_runtime) | Lambda Function runtime | `string` | `""` | no | -| [s3\_acl](#input\_s3\_acl) | The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, and bucket-owner-full-control. Defaults to private. | `string` | `"private"` | no | -| [s3\_bucket](#input\_s3\_bucket) | S3 bucket to store artifacts | `string` | `null` | no | -| [s3\_existing\_package](#input\_s3\_existing\_package) | The S3 bucket object with keys bucket, key, version pointing to an existing zip-file to use | `map(string)` | `null` | no | -| [s3\_kms\_key\_id](#input\_s3\_kms\_key\_id) | Specifies a custom KMS key to use for S3 object encryption. | `string` | `null` | no | -| [s3\_object\_override\_default\_tags](#input\_s3\_object\_override\_default\_tags) | Whether to override the default\_tags from provider? NB: S3 objects support a maximum of 10 tags. | `bool` | `false` | no | -| [s3\_object\_storage\_class](#input\_s3\_object\_storage\_class) | Specifies the desired Storage Class for the artifact uploaded to S3. Can be either STANDARD, REDUCED\_REDUNDANCY, ONEZONE\_IA, INTELLIGENT\_TIERING, or STANDARD\_IA. | `string` | `"ONEZONE_IA"` | no | -| [s3\_object\_tags](#input\_s3\_object\_tags) | A map of tags to assign to S3 bucket object. | `map(string)` | `{}` | no | -| [s3\_object\_tags\_only](#input\_s3\_object\_tags\_only) | Set to true to not merge tags with s3\_object\_tags. Useful to avoid breaching S3 Object 10 tag limit. | `bool` | `false` | no | -| [s3\_prefix](#input\_s3\_prefix) | Directory name where artifacts should be stored in the S3 bucket. If unset, the path from `artifacts_dir` is used | `string` | `null` | no | -| [s3\_server\_side\_encryption](#input\_s3\_server\_side\_encryption) | Specifies server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms". | `string` | `null` | no | | [skip\_destroy](#input\_skip\_destroy) | Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. Useful for Lambda@Edge functions attached to CloudFront distributions. | `bool` | `null` | no | | [snap\_start](#input\_snap\_start) | (Optional) Snap start settings for low-latency startups | `bool` | `false` | no | -| [source\_path](#input\_source\_path) | The absolute path to a local file or directory containing your Lambda source code | `any` | `null` | no | -| [store\_on\_s3](#input\_store\_on\_s3) | Whether to store produced artifacts on S3 or locally. | `bool` | `false` | no | | [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | | [timeout](#input\_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no | | [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting Lambda Function resources | `map(string)` | `{}` | no | | [tracing\_mode](#input\_tracing\_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no | -| [trigger\_on\_package\_timestamp](#input\_trigger\_on\_package\_timestamp) | Whether to recreate the Lambda package if the timestamp changes | `bool` | `true` | no | | [trusted\_entities](#input\_trusted\_entities) | List of additional trusted entities for assuming Lambda Function role (trust relationship) | `any` | `[]` | no | | [use\_existing\_cloudwatch\_log\_group](#input\_use\_existing\_cloudwatch\_log\_group) | Whether to use an existing CloudWatch log group or create new | `bool` | `false` | no | | [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no | @@ -892,16 +846,9 @@ No modules. | [lambda\_function\_url](#output\_lambda\_function\_url) | The URL of the Lambda Function URL | | [lambda\_function\_url\_id](#output\_lambda\_function\_url\_id) | The Lambda Function URL generated id | | [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | -| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | | [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [lambda\_role\_unique\_id](#output\_lambda\_role\_unique\_id) | The unique id of the IAM role created for the Lambda Function | -| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | -| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | ## Development diff --git a/examples/alias/README.md b/examples/alias/README.md index c4037dd6..90a74ad6 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -25,27 +25,15 @@ Note that this example may create resources which cost money. Run `terraform des ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.79 | -| [random](#provider\_random) | >= 2.0 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [alias\_existing](#module\_alias\_existing) | ../../modules/alias | n/a | -| [alias\_no\_refresh](#module\_alias\_no\_refresh) | ../../modules/alias | n/a | -| [alias\_refresh](#module\_alias\_refresh) | ../../modules/alias | n/a | -| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | -| [sqs\_events](#module\_sqs\_events) | terraform-aws-modules/sqs/aws | ~> 3.0 | +No modules. ## Resources -| Name | Type | -|------|------| -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | -| [aws_organizations_organization.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source | +No resources. ## Inputs @@ -53,34 +41,5 @@ No inputs. ## Outputs -| Name | Description | -|------|-------------| -| [lambda\_alias\_arn](#output\_lambda\_alias\_arn) | The ARN of the Lambda Function Alias | -| [lambda\_alias\_description](#output\_lambda\_alias\_description) | Description of alias | -| [lambda\_alias\_event\_source\_mapping\_function\_arn](#output\_lambda\_alias\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | -| [lambda\_alias\_event\_source\_mapping\_state](#output\_lambda\_alias\_event\_source\_mapping\_state) | The state of the event source mapping | -| [lambda\_alias\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_alias\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | -| [lambda\_alias\_event\_source\_mapping\_uuid](#output\_lambda\_alias\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | -| [lambda\_alias\_function\_version](#output\_lambda\_alias\_function\_version) | Lambda function version which the alias uses | -| [lambda\_alias\_invoke\_arn](#output\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | -| [lambda\_alias\_name](#output\_lambda\_alias\_name) | The name of the Lambda Function Alias | -| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | -| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | -| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | -| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | -| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | -| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | -| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | -| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +No outputs. diff --git a/examples/alias/main.tf b/examples/alias/main.tf index 5fed7678..d8fc0f8c 100644 --- a/examples/alias/main.tf +++ b/examples/alias/main.tf @@ -1,136 +1,136 @@ -provider "aws" { - region = "eu-west-1" +# provider "aws" { +# region = "eu-west-1" - # Make it faster by skipping something - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true -} +# # Make it faster by skipping something +# skip_metadata_api_check = true +# skip_region_validation = true +# skip_credentials_validation = true +# } -data "aws_organizations_organization" "this" {} +# data "aws_organizations_organization" "this" {} -resource "random_pet" "this" { - length = 2 -} +# resource "random_pet" "this" { +# length = 2 +# } -module "sqs_events" { - source = "terraform-aws-modules/sqs/aws" - version = "~> 3.0" +# module "sqs_events" { +# source = "terraform-aws-modules/sqs/aws" +# version = "~> 3.0" - name = "${random_pet.this.id}-events" -} +# name = "${random_pet.this.id}-events" +# } -module "lambda_function" { - source = "../../" +# module "lambda_function" { +# source = "../../" - function_name = "${random_pet.this.id}-lambda" - handler = "index.lambda_handler" - runtime = "python3.12" - publish = true - - source_path = "${path.module}/../fixtures/python-app1" - hash_extra = "yo" - - create_async_event_config = true - maximum_event_age_in_seconds = 100 - - attach_policies = true - policies = [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole", - ] - number_of_policies = 1 - - allowed_triggers = { - APIGatewayAny = { - service = "apigateway" - source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*" - } - } - - # current version - # create_current_version_async_event_config = false - # create_current_version_triggers = false - - # unqualified alias - # create_unqualified_alias_async_event_config = false - # create_unqualified_alias_triggers = false -} - -module "alias_no_refresh" { - source = "../../modules/alias" - - create = true - refresh_alias = false - - name = "current-no-refresh" - - function_name = module.lambda_function.lambda_function_name - function_version = module.lambda_function.lambda_function_version - - # create_version_async_event_config = false - # create_async_event_config = true - # maximum_event_age_in_seconds = 130 - - event_source_mapping = { - sqs = { - service = "sqs" - event_source_arn = module.sqs_events.sqs_queue_arn - maximum_concurrency = 10 - } - } - - allowed_triggers = { - Config = { - principal = "config.amazonaws.com" - principal_org_id = data.aws_organizations_organization.this.id - } - AnotherAPIGatewayAny = { # keys should be unique - service = "apigateway" - source_arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse/*/*/*" - } - } - -} - -module "alias_refresh" { - source = "../../modules/alias" - - create = true - refresh_alias = true - - name = "current-with-refresh" - - function_name = module.lambda_function.lambda_function_name -} - -module "alias_existing" { - source = "../../modules/alias" - - create = true - use_existing_alias = true - - name = module.alias_refresh.lambda_alias_name - function_name = module.lambda_function.lambda_function_name - - create_async_event_config = true - maximum_event_age_in_seconds = 100 - - event_source_mapping = { - sqs = { - service = "sqs" - event_source_arn = module.sqs_events.sqs_queue_arn - } - } - - allowed_triggers = { - Config = { - principal = "config.amazonaws.com" - principal_org_id = data.aws_organizations_organization.this.id - } - ThirdAPIGatewayAny = { - service = "apigateway" - source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*" - } - } - -} +# function_name = "${random_pet.this.id}-lambda" +# handler = "index.lambda_handler" +# runtime = "python3.12" +# publish = true + +# source_path = "${path.module}/../fixtures/python-app1" +# hash_extra = "yo" + +# create_async_event_config = true +# maximum_event_age_in_seconds = 100 + +# attach_policies = true +# policies = [ +# "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole", +# ] +# number_of_policies = 1 + +# allowed_triggers = { +# APIGatewayAny = { +# service = "apigateway" +# source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*" +# } +# } + +# # current version +# # create_current_version_async_event_config = false +# # create_current_version_triggers = false + +# # unqualified alias +# # create_unqualified_alias_async_event_config = false +# # create_unqualified_alias_triggers = false +# } + +# module "alias_no_refresh" { +# source = "../../modules/alias" + +# create = true +# refresh_alias = false + +# name = "current-no-refresh" + +# function_name = module.lambda_function.lambda_function_name +# function_version = module.lambda_function.lambda_function_version + +# # create_version_async_event_config = false +# # create_async_event_config = true +# # maximum_event_age_in_seconds = 130 + +# event_source_mapping = { +# sqs = { +# service = "sqs" +# event_source_arn = module.sqs_events.sqs_queue_arn +# maximum_concurrency = 10 +# } +# } + +# allowed_triggers = { +# Config = { +# principal = "config.amazonaws.com" +# principal_org_id = data.aws_organizations_organization.this.id +# } +# AnotherAPIGatewayAny = { # keys should be unique +# service = "apigateway" +# source_arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse/*/*/*" +# } +# } + +# } + +# module "alias_refresh" { +# source = "../../modules/alias" + +# create = true +# refresh_alias = true + +# name = "current-with-refresh" + +# function_name = module.lambda_function.lambda_function_name +# } + +# module "alias_existing" { +# source = "../../modules/alias" + +# create = true +# use_existing_alias = true + +# name = module.alias_refresh.lambda_alias_name +# function_name = module.lambda_function.lambda_function_name + +# create_async_event_config = true +# maximum_event_age_in_seconds = 100 + +# event_source_mapping = { +# sqs = { +# service = "sqs" +# event_source_arn = module.sqs_events.sqs_queue_arn +# } +# } + +# allowed_triggers = { +# Config = { +# principal = "config.amazonaws.com" +# principal_org_id = data.aws_organizations_organization.this.id +# } +# ThirdAPIGatewayAny = { +# service = "apigateway" +# source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*" +# } +# } + +# } diff --git a/examples/alias/outputs.tf b/examples/alias/outputs.tf index 8a3e2274..cf3115cf 100644 --- a/examples/alias/outputs.tf +++ b/examples/alias/outputs.tf @@ -1,146 +1,146 @@ -# Lambda Function -output "lambda_function_arn" { - description = "The ARN of the Lambda Function" - value = module.lambda_function.lambda_function_arn -} - -output "lambda_function_arn_static" { - description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" - value = module.lambda_function.lambda_function_arn_static -} - -output "lambda_function_invoke_arn" { - description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function.lambda_function_invoke_arn -} - -output "lambda_function_name" { - description = "The name of the Lambda Function" - value = module.lambda_function.lambda_function_name -} - -output "lambda_function_qualified_arn" { - description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function.lambda_function_qualified_arn -} - -output "lambda_function_version" { - description = "Latest published version of Lambda Function" - value = module.lambda_function.lambda_function_version -} - -output "lambda_function_last_modified" { - description = "The date Lambda Function resource was last modified" - value = module.lambda_function.lambda_function_last_modified -} - -output "lambda_function_kms_key_arn" { - description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function.lambda_function_kms_key_arn -} - -output "lambda_function_source_code_hash" { - description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function.lambda_function_source_code_hash -} - -output "lambda_function_source_code_size" { - description = "The size in bytes of the function .zip file" - value = module.lambda_function.lambda_function_source_code_size -} - -# Lambda Layer -output "lambda_layer_arn" { - description = "The ARN of the Lambda Layer with version" - value = module.lambda_function.lambda_layer_arn -} - -output "lambda_layer_layer_arn" { - description = "The ARN of the Lambda Layer without version" - value = module.lambda_function.lambda_layer_layer_arn -} - -output "lambda_layer_created_date" { - description = "The date Lambda Layer resource was created" - value = module.lambda_function.lambda_layer_created_date -} - -output "lambda_layer_source_code_size" { - description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function.lambda_layer_source_code_size -} - -output "lambda_layer_version" { - description = "The Lambda Layer version" - value = module.lambda_function.lambda_layer_version -} - -# IAM Role -output "lambda_role_arn" { - description = "The ARN of the IAM role created for the Lambda Function" - value = module.lambda_function.lambda_role_arn -} - -output "lambda_role_name" { - description = "The name of the IAM role created for the Lambda Function" - value = module.lambda_function.lambda_role_name -} - -# Deployment package -output "local_filename" { - description = "The filename of zip archive deployed (if deployment was from local)" - value = module.lambda_function.local_filename -} - -output "s3_object" { - description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" - value = module.lambda_function.s3_object -} - -############### -# Lambda Alias -############### -output "lambda_alias_name" { - description = "The name of the Lambda Function Alias" - value = module.alias_refresh.lambda_alias_name -} - -output "lambda_alias_arn" { - description = "The ARN of the Lambda Function Alias" - value = module.alias_refresh.lambda_alias_arn -} - -output "lambda_alias_invoke_arn" { - description = "The ARN to be used for invoking Lambda Function from API Gateway" - value = module.alias_refresh.lambda_alias_invoke_arn -} - -output "lambda_alias_description" { - description = "Description of alias" - value = module.alias_refresh.lambda_alias_description -} - -output "lambda_alias_function_version" { - description = "Lambda function version which the alias uses" - value = module.alias_refresh.lambda_alias_function_version -} - -output "lambda_alias_event_source_mapping_function_arn" { - description = "The the ARN of the Lambda function the event source mapping is sending events to" - value = module.alias_no_refresh.lambda_alias_event_source_mapping_function_arn -} - -output "lambda_alias_event_source_mapping_state" { - description = "The state of the event source mapping" - value = module.alias_no_refresh.lambda_alias_event_source_mapping_state -} - -output "lambda_alias_event_source_mapping_state_transition_reason" { - description = "The reason the event source mapping is in its current state" - value = module.alias_no_refresh.lambda_alias_event_source_mapping_state_transition_reason -} - -output "lambda_alias_event_source_mapping_uuid" { - description = "The UUID of the created event source mapping" - value = module.alias_no_refresh.lambda_alias_event_source_mapping_uuid -} +# # Lambda Function +# output "lambda_function_arn" { +# description = "The ARN of the Lambda Function" +# value = module.lambda_function.lambda_function_arn +# } + +# output "lambda_function_arn_static" { +# description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" +# value = module.lambda_function.lambda_function_arn_static +# } + +# output "lambda_function_invoke_arn" { +# description = "The Invoke ARN of the Lambda Function" +# value = module.lambda_function.lambda_function_invoke_arn +# } + +# output "lambda_function_name" { +# description = "The name of the Lambda Function" +# value = module.lambda_function.lambda_function_name +# } + +# output "lambda_function_qualified_arn" { +# description = "The ARN identifying your Lambda Function Version" +# value = module.lambda_function.lambda_function_qualified_arn +# } + +# output "lambda_function_version" { +# description = "Latest published version of Lambda Function" +# value = module.lambda_function.lambda_function_version +# } + +# output "lambda_function_last_modified" { +# description = "The date Lambda Function resource was last modified" +# value = module.lambda_function.lambda_function_last_modified +# } + +# output "lambda_function_kms_key_arn" { +# description = "The ARN for the KMS encryption key of Lambda Function" +# value = module.lambda_function.lambda_function_kms_key_arn +# } + +# output "lambda_function_source_code_hash" { +# description = "Base64-encoded representation of raw SHA-256 sum of the zip file" +# value = module.lambda_function.lambda_function_source_code_hash +# } + +# output "lambda_function_source_code_size" { +# description = "The size in bytes of the function .zip file" +# value = module.lambda_function.lambda_function_source_code_size +# } + +# # Lambda Layer +# output "lambda_layer_arn" { +# description = "The ARN of the Lambda Layer with version" +# value = module.lambda_function.lambda_layer_arn +# } + +# output "lambda_layer_layer_arn" { +# description = "The ARN of the Lambda Layer without version" +# value = module.lambda_function.lambda_layer_layer_arn +# } + +# output "lambda_layer_created_date" { +# description = "The date Lambda Layer resource was created" +# value = module.lambda_function.lambda_layer_created_date +# } + +# output "lambda_layer_source_code_size" { +# description = "The size in bytes of the Lambda Layer .zip file" +# value = module.lambda_function.lambda_layer_source_code_size +# } + +# output "lambda_layer_version" { +# description = "The Lambda Layer version" +# value = module.lambda_function.lambda_layer_version +# } + +# # IAM Role +# output "lambda_role_arn" { +# description = "The ARN of the IAM role created for the Lambda Function" +# value = module.lambda_function.lambda_role_arn +# } + +# output "lambda_role_name" { +# description = "The name of the IAM role created for the Lambda Function" +# value = module.lambda_function.lambda_role_name +# } + +# # Deployment package +# output "local_filename" { +# description = "The filename of zip archive deployed (if deployment was from local)" +# value = module.lambda_function.local_filename +# } + +# output "s3_object" { +# description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" +# value = module.lambda_function.s3_object +# } + +# ############### +# # Lambda Alias +# ############### +# output "lambda_alias_name" { +# description = "The name of the Lambda Function Alias" +# value = module.alias_refresh.lambda_alias_name +# } + +# output "lambda_alias_arn" { +# description = "The ARN of the Lambda Function Alias" +# value = module.alias_refresh.lambda_alias_arn +# } + +# output "lambda_alias_invoke_arn" { +# description = "The ARN to be used for invoking Lambda Function from API Gateway" +# value = module.alias_refresh.lambda_alias_invoke_arn +# } + +# output "lambda_alias_description" { +# description = "Description of alias" +# value = module.alias_refresh.lambda_alias_description +# } + +# output "lambda_alias_function_version" { +# description = "Lambda function version which the alias uses" +# value = module.alias_refresh.lambda_alias_function_version +# } + +# output "lambda_alias_event_source_mapping_function_arn" { +# description = "The the ARN of the Lambda function the event source mapping is sending events to" +# value = module.alias_no_refresh.lambda_alias_event_source_mapping_function_arn +# } + +# output "lambda_alias_event_source_mapping_state" { +# description = "The state of the event source mapping" +# value = module.alias_no_refresh.lambda_alias_event_source_mapping_state +# } + +# output "lambda_alias_event_source_mapping_state_transition_reason" { +# description = "The reason the event source mapping is in its current state" +# value = module.alias_no_refresh.lambda_alias_event_source_mapping_state_transition_reason +# } + +# output "lambda_alias_event_source_mapping_uuid" { +# description = "The UUID of the created event source mapping" +# value = module.alias_no_refresh.lambda_alias_event_source_mapping_uuid +# } diff --git a/examples/async/README.md b/examples/async/README.md index bfc7647b..1ba10577 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -25,24 +25,15 @@ Note that this example may create resources which cost money. Run `terraform des ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.79 | -| [random](#provider\_random) | >= 2.0 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | +No modules. ## Resources -| Name | Type | -|------|------| -| [aws_sns_topic.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource | -| [aws_sqs_queue.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +No resources. ## Inputs @@ -50,26 +41,5 @@ No inputs. ## Outputs -| Name | Description | -|------|-------------| -| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | -| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | -| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | -| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | -| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | -| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | -| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | -| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | -| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +No outputs. diff --git a/examples/async/main.tf b/examples/async/main.tf index ff1b361c..ae3b7912 100644 --- a/examples/async/main.tf +++ b/examples/async/main.tf @@ -1,40 +1,40 @@ -provider "aws" { - region = "eu-west-1" +# provider "aws" { +# region = "eu-west-1" - # Make it faster by skipping something - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true -} +# # Make it faster by skipping something +# skip_metadata_api_check = true +# skip_region_validation = true +# skip_credentials_validation = true +# } -resource "random_pet" "this" { - length = 2 -} +# resource "random_pet" "this" { +# length = 2 +# } -module "lambda_function" { - source = "../../" +# module "lambda_function" { +# source = "../../" - function_name = "${random_pet.this.id}-lambda-async" - handler = "index.lambda_handler" - runtime = "python3.12" - architectures = ["arm64"] +# function_name = "${random_pet.this.id}-lambda-async" +# handler = "index.lambda_handler" +# runtime = "python3.12" +# architectures = ["arm64"] - source_path = "${path.module}/../fixtures/python-app1" +# source_path = "${path.module}/../fixtures/python-app1" - create_async_event_config = true - attach_async_event_policy = true +# create_async_event_config = true +# attach_async_event_policy = true - maximum_event_age_in_seconds = 100 - maximum_retry_attempts = 1 +# maximum_event_age_in_seconds = 100 +# maximum_retry_attempts = 1 - destination_on_failure = aws_sns_topic.async.arn - destination_on_success = aws_sqs_queue.async.arn -} +# destination_on_failure = aws_sns_topic.async.arn +# destination_on_success = aws_sqs_queue.async.arn +# } -resource "aws_sns_topic" "async" { - name_prefix = random_pet.this.id -} +# resource "aws_sns_topic" "async" { +# name_prefix = random_pet.this.id +# } -resource "aws_sqs_queue" "async" { - name_prefix = random_pet.this.id -} +# resource "aws_sqs_queue" "async" { +# name_prefix = random_pet.this.id +# } diff --git a/examples/async/outputs.tf b/examples/async/outputs.tf index 00d490a9..92500b1b 100644 --- a/examples/async/outputs.tf +++ b/examples/async/outputs.tf @@ -1,104 +1,104 @@ -# Lambda Function -output "lambda_function_arn" { - description = "The ARN of the Lambda Function" - value = module.lambda_function.lambda_function_arn -} - -output "lambda_function_arn_static" { - description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" - value = module.lambda_function.lambda_function_arn_static -} - -output "lambda_function_invoke_arn" { - description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function.lambda_function_invoke_arn -} - -output "lambda_function_name" { - description = "The name of the Lambda Function" - value = module.lambda_function.lambda_function_name -} - -output "lambda_function_qualified_arn" { - description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function.lambda_function_qualified_arn -} - -output "lambda_function_version" { - description = "Latest published version of Lambda Function" - value = module.lambda_function.lambda_function_version -} - -output "lambda_function_last_modified" { - description = "The date Lambda Function resource was last modified" - value = module.lambda_function.lambda_function_last_modified -} - -output "lambda_function_kms_key_arn" { - description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function.lambda_function_kms_key_arn -} - -output "lambda_function_source_code_hash" { - description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function.lambda_function_source_code_hash -} - -output "lambda_function_source_code_size" { - description = "The size in bytes of the function .zip file" - value = module.lambda_function.lambda_function_source_code_size -} - -# Lambda Layer -output "lambda_layer_arn" { - description = "The ARN of the Lambda Layer with version" - value = module.lambda_function.lambda_layer_arn -} - -output "lambda_layer_layer_arn" { - description = "The ARN of the Lambda Layer without version" - value = module.lambda_function.lambda_layer_layer_arn -} - -output "lambda_layer_created_date" { - description = "The date Lambda Layer resource was created" - value = module.lambda_function.lambda_layer_created_date -} - -output "lambda_layer_source_code_size" { - description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function.lambda_layer_source_code_size -} - -output "lambda_layer_version" { - description = "The Lambda Layer version" - value = module.lambda_function.lambda_layer_version -} - -# IAM Role -output "lambda_role_arn" { - description = "The ARN of the IAM role created for the Lambda Function" - value = module.lambda_function.lambda_role_arn -} - -output "lambda_role_name" { - description = "The name of the IAM role created for the Lambda Function" - value = module.lambda_function.lambda_role_name -} - -# CloudWatch Log Group -output "lambda_cloudwatch_log_group_arn" { - description = "The ARN of the Cloudwatch Log Group" - value = module.lambda_function.lambda_cloudwatch_log_group_arn -} - -# Deployment package -output "local_filename" { - description = "The filename of zip archive deployed (if deployment was from local)" - value = module.lambda_function.local_filename -} - -output "s3_object" { - description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" - value = module.lambda_function.s3_object -} +# # Lambda Function +# output "lambda_function_arn" { +# description = "The ARN of the Lambda Function" +# value = module.lambda_function.lambda_function_arn +# } + +# output "lambda_function_arn_static" { +# description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" +# value = module.lambda_function.lambda_function_arn_static +# } + +# output "lambda_function_invoke_arn" { +# description = "The Invoke ARN of the Lambda Function" +# value = module.lambda_function.lambda_function_invoke_arn +# } + +# output "lambda_function_name" { +# description = "The name of the Lambda Function" +# value = module.lambda_function.lambda_function_name +# } + +# output "lambda_function_qualified_arn" { +# description = "The ARN identifying your Lambda Function Version" +# value = module.lambda_function.lambda_function_qualified_arn +# } + +# output "lambda_function_version" { +# description = "Latest published version of Lambda Function" +# value = module.lambda_function.lambda_function_version +# } + +# output "lambda_function_last_modified" { +# description = "The date Lambda Function resource was last modified" +# value = module.lambda_function.lambda_function_last_modified +# } + +# output "lambda_function_kms_key_arn" { +# description = "The ARN for the KMS encryption key of Lambda Function" +# value = module.lambda_function.lambda_function_kms_key_arn +# } + +# output "lambda_function_source_code_hash" { +# description = "Base64-encoded representation of raw SHA-256 sum of the zip file" +# value = module.lambda_function.lambda_function_source_code_hash +# } + +# output "lambda_function_source_code_size" { +# description = "The size in bytes of the function .zip file" +# value = module.lambda_function.lambda_function_source_code_size +# } + +# # Lambda Layer +# output "lambda_layer_arn" { +# description = "The ARN of the Lambda Layer with version" +# value = module.lambda_function.lambda_layer_arn +# } + +# output "lambda_layer_layer_arn" { +# description = "The ARN of the Lambda Layer without version" +# value = module.lambda_function.lambda_layer_layer_arn +# } + +# output "lambda_layer_created_date" { +# description = "The date Lambda Layer resource was created" +# value = module.lambda_function.lambda_layer_created_date +# } + +# output "lambda_layer_source_code_size" { +# description = "The size in bytes of the Lambda Layer .zip file" +# value = module.lambda_function.lambda_layer_source_code_size +# } + +# output "lambda_layer_version" { +# description = "The Lambda Layer version" +# value = module.lambda_function.lambda_layer_version +# } + +# # IAM Role +# output "lambda_role_arn" { +# description = "The ARN of the IAM role created for the Lambda Function" +# value = module.lambda_function.lambda_role_arn +# } + +# output "lambda_role_name" { +# description = "The name of the IAM role created for the Lambda Function" +# value = module.lambda_function.lambda_role_name +# } + +# # CloudWatch Log Group +# output "lambda_cloudwatch_log_group_arn" { +# description = "The ARN of the Cloudwatch Log Group" +# value = module.lambda_function.lambda_cloudwatch_log_group_arn +# } + +# # Deployment package +# output "local_filename" { +# description = "The filename of zip archive deployed (if deployment was from local)" +# value = module.lambda_function.local_filename +# } + +# output "s3_object" { +# description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" +# value = module.lambda_function.s3_object +# } diff --git a/examples/build-package/README.md b/examples/build-package/README.md index d26739dd..f32d518a 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -27,42 +27,15 @@ Note that this example may create resources which cost money. Run `terraform des ## Providers -| Name | Version | -|------|---------| -| [random](#provider\_random) | >= 2.0 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [lambda\_function\_from\_package](#module\_lambda\_function\_from\_package) | ../../ | n/a | -| [lambda\_layer](#module\_lambda\_layer) | ../../ | n/a | -| [lambda\_layer\_pip\_requirements](#module\_lambda\_layer\_pip\_requirements) | ../.. | n/a | -| [lambda\_layer\_poetry](#module\_lambda\_layer\_poetry) | ../../ | n/a | -| [npm\_package\_with\_commands\_and\_patterns](#module\_npm\_package\_with\_commands\_and\_patterns) | ../../ | n/a | -| [package\_dir](#module\_package\_dir) | ../../ | n/a | -| [package\_dir\_pip\_dir](#module\_package\_dir\_pip\_dir) | ../../ | n/a | -| [package\_dir\_poetry](#module\_package\_dir\_poetry) | ../../ | n/a | -| [package\_dir\_poetry\_no\_docker](#module\_package\_dir\_poetry\_no\_docker) | ../../ | n/a | -| [package\_dir\_with\_npm\_install](#module\_package\_dir\_with\_npm\_install) | ../../ | n/a | -| [package\_dir\_without\_npm\_install](#module\_package\_dir\_without\_npm\_install) | ../../ | n/a | -| [package\_dir\_without\_pip\_install](#module\_package\_dir\_without\_pip\_install) | ../../ | n/a | -| [package\_file](#module\_package\_file) | ../../ | n/a | -| [package\_file\_with\_pip\_requirements](#module\_package\_file\_with\_pip\_requirements) | ../../ | n/a | -| [package\_src\_poetry](#module\_package\_src\_poetry) | ../../ | n/a | -| [package\_src\_poetry2](#module\_package\_src\_poetry2) | ../../ | n/a | -| [package\_with\_commands\_and\_patterns](#module\_package\_with\_commands\_and\_patterns) | ../../ | n/a | -| [package\_with\_docker](#module\_package\_with\_docker) | ../../ | n/a | -| [package\_with\_npm\_requirements\_in\_docker](#module\_package\_with\_npm\_requirements\_in\_docker) | ../../ | n/a | -| [package\_with\_patterns](#module\_package\_with\_patterns) | ../../ | n/a | -| [package\_with\_pip\_requirements\_in\_docker](#module\_package\_with\_pip\_requirements\_in\_docker) | ../../ | n/a | -| [package\_with\_pip\_requirements\_in\_docker\_overriding\_entrypoint](#module\_package\_with\_pip\_requirements\_in\_docker\_overriding\_entrypoint) | ../../ | n/a | +No modules. ## Resources -| Name | Type | -|------|------| -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +No resources. ## Inputs diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 2afce855..3aff92b2 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -1,480 +1,480 @@ -provider "aws" { - region = "eu-west-1" - - # Make it faster by skipping something - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true -} - -resource "random_pet" "this" { - length = 2 -} - -################# -# Build packages -################# - -# Create zip-archive of a single directory where "pip install" will also be executed (default for python runtime with requirements.txt present) -module "package_dir" { - source = "../../" - - create_function = false - - build_in_docker = true - runtime = "python3.12" - source_path = "${path.module}/../fixtures/python-app1" - artifacts_dir = "${path.root}/builds/package_dir/" -} - -# Create zip-archive of a single directory where "pip install" will also be executed (default for python runtime with requirements.txt present) and set temporary directory for pip install -module "package_dir_pip_dir" { - source = "../../" - - create_function = false - - build_in_docker = true - runtime = "python3.12" - source_path = [{ - path = "${path.module}/../fixtures/python-app1" - pip_tmp_dir = "${path.cwd}/../fixtures" - pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" - }] - artifacts_dir = "${path.root}/builds/package_dir_pip_dir/" -} - -# Create zip-archive of a single directory where "poetry export" & "pip install --no-deps" will also be executed (using docker) -module "package_dir_poetry" { - source = "../../" - - create_function = false - - build_in_docker = true - runtime = "python3.12" - docker_image = "build-python-poetry" - docker_file = "${path.module}/../fixtures/python-app-poetry/docker/Dockerfile" - - source_path = [ - { - path = "${path.module}/../fixtures/python-app-poetry" - poetry_install = true - } - ] - artifacts_dir = "${path.root}/builds/package_dir_poetry/" -} - -# Create zip-archive of a src directory where "poetry export" & "pip install --no-deps" will also be executed (using docker) -module "package_src_poetry" { - source = "../../" - - create_function = false - - build_in_docker = true - runtime = "python3.12" - docker_image = "build-python-poetry" - docker_file = "${path.module}/../fixtures/python-app-src-poetry/docker/Dockerfile" - - source_path = [ - "${path.module}/../fixtures/python-app-src-poetry/src", - { - path = "${path.module}/../fixtures/python-app-src-poetry/pyproject.toml" - poetry_install = true - } - ] - artifacts_dir = "${path.root}/builds/package_src_poetry/" -} - -# Create zip-archive of a src directory where "poetry export" & "pip install --no-deps" will also be executed (using docker) -module "package_src_poetry2" { - source = "../../" - - create_function = false - - build_in_docker = true - runtime = "python3.12" - docker_image = "build-python-poetry" - docker_file = "${path.module}/../fixtures/python-app-src-poetry/docker/Dockerfile" - - source_path = [ - "${path.module}/../fixtures/python-app-src-poetry/src", - "${path.module}/../fixtures/python-app-src-poetry/pyproject.toml" - ] - artifacts_dir = "${path.root}/builds/package_src_poetry2/" -} - -# Create zip-archive of a single directory where "poetry export" & "pip install --no-deps" will also be executed (not using docker) -module "package_dir_poetry_no_docker" { - source = "../../" - - create_function = false - - runtime = "python3.12" - - source_path = [ - { - path = "${path.module}/../fixtures/python-app-poetry" - poetry_install = true - } - ] - artifacts_dir = "${path.root}/builds/package_dir_poetry/" -} - -# Create zip-archive of a single directory without running "pip install" (which is default for python runtime) -module "package_dir_without_pip_install" { - source = "../../" - - create_function = false - - runtime = "python3.12" - source_path = [ - { - path = "${path.module}/../fixtures/python-app1" - pip_requirements = false - # pip_requirements = true # Will run "pip install" with default requirements.txt - } - ] -} - -# Create zip-archive of a single file (without running "pip install") -module "package_file" { - source = "../../" - - create_function = false - - runtime = "python3.12" - source_path = "${path.module}/../fixtures/python-app1/index.py" -} - -# Create zip-archive which contains: -# 1. A single file - index.py -# 2. Run "pip install" with specified requirements.txt into "vendor" directory inside of zip-archive -module "package_file_with_pip_requirements" { - source = "../../" - - create_function = false - - runtime = "python3.12" - source_path = [ - "${path.module}/../fixtures/python-app1/index.py", - { - pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" - prefix_in_zip = "vendor" - } - ] -} - -# Create zip-archive which contains: -# 1. A single file - index.py -# 2. Content of directory "dir2" -# 3. Install pip requirements -# "pip install" is running in a Docker container for the specified runtime -module "package_with_pip_requirements_in_docker" { - source = "../../" - - create_function = false - - runtime = "python3.12" - source_path = [ - "${path.module}/../fixtures/python-app1/index.py", - "${path.module}/../fixtures/python-app1/dir1/dir2", - { - pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" - } - ] - - build_in_docker = true -} - -# Create zip-archive which contains: -# 1. A single file - index.py -# 2. Content of directory "dir2" -# 3. Install pip requirements -# "pip install" is running in a Docker container for the specified runtime -# The docker entrypoint is overridden, allowing you to run additional commands within the container -module "package_with_pip_requirements_in_docker_overriding_entrypoint" { - source = "../../" - - create_function = false - - runtime = "python3.12" - source_path = [ - "${path.module}/../fixtures/python-app1/index.py", - "${path.module}/../fixtures/python-app1/dir1/dir2", - { - pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" - } - ] - hash_extra = "package_with_pip_requirements_in_docker_overriding_entrypoint" - - build_in_docker = true - docker_additional_options = [ - "-e", "MY_ENV_VAR='My environment variable value'", - "-v", "${abspath(path.module)}/../fixtures/python-app1/docker/entrypoint.sh:/entrypoint/entrypoint.sh:ro", - ] - docker_entrypoint = "/entrypoint/entrypoint.sh" -} - -# Create zip-archive which contains content of directory with commands and patterns applied. -# -# Notes: -# 1. `:zip` is a special command which creates content of current working -# directory (first argument) and places it inside of path (second argument). -# 2. Patterns (Python Regex) apply to all elements before putting them in zip-archive -module "package_with_commands_and_patterns" { - source = "../../" - - create_function = false - - runtime = "python3.12" - source_path = [ - { - path = "${path.module}/../fixtures/python-app1" - commands = [ - ":zip", - "cd `mktemp -d`", - "pip install --target=. -r ${abspath(path.module)}/../fixtures/python-app1/requirements.txt", - ":zip . vendor/", - ] - patterns = [ - "!vendor/colorful-0.5.4.dist-info/RECORD", - "!vendor/colorful-.+.dist-info/.*", - "!vendor/colorful/__pycache__/?.*", - ] - } - ] -} - -# Some use cases might require the production packages are deployed while maintaining local node_modules folder -# This example saves the node_modules folder by moving it to an ignored directory -# After the zip file is created with production node_modules, the dev node_modules folder is restored -module "npm_package_with_commands_and_patterns" { - source = "../../" - - create_function = false - - runtime = "nodejs18.x" - source_path = [ - { - path = "${path.module}/../fixtures/node-app" - commands = [ - "[ ! -d node_modules ] || mv node_modules node_modules_temp", - "npm install --production", - ":zip", - "rm -rf node_modules", - "[ ! -d node_modules_temp ] || mv node_modules_temp node_modules", - ] - patterns = [ - "!node_modules_temp/.*" - ] - } - ] -} -# Create zip-archive with various sources and patterns. -# Note, that it is possible to write comments in patterns. -module "package_with_patterns" { - source = "../../" - - create_function = false - - runtime = "python3.12" - source_path = [ - { - pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" - }, - "${path.module}/../fixtures/python-app1/index.py", - { - path = "${path.module}/../fixtures/python-app1/index.py" - patterns = < [aws](#provider\_aws) | >= 5.79 | -| [random](#provider\_random) | >= 2.0 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [lambda](#module\_lambda) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | +No modules. ## Resources -| Name | Type | -|------|------| -| [aws_lambda_code_signing_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_code_signing_config) | resource | -| [aws_s3_object.unsigned](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource | -| [aws_signer_signing_job.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/signer_signing_job) | resource | -| [aws_signer_signing_profile.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/signer_signing_profile) | resource | -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +No resources. ## Inputs @@ -53,10 +41,5 @@ No inputs. ## Outputs -| Name | Description | -|------|-------------| -| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [lambda\_function\_signing\_job\_arn](#output\_lambda\_function\_signing\_job\_arn) | ARN of the signing job | -| [lambda\_function\_signing\_profile\_version\_arn](#output\_lambda\_function\_signing\_profile\_version\_arn) | ARN of the signing profile version | +No outputs. diff --git a/examples/code-signing/main.tf b/examples/code-signing/main.tf index b899a401..cfd35573 100644 --- a/examples/code-signing/main.tf +++ b/examples/code-signing/main.tf @@ -1,118 +1,118 @@ -provider "aws" { - region = "eu-west-1" - - # Make it faster by skipping something - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true -} - -################################################################################ -# Lambda Function -################################################################################ - -module "lambda" { - source = "../../" - - function_name = random_pet.this.id - handler = "index.lambda_handler" - runtime = "python3.12" - code_signing_config_arn = aws_lambda_code_signing_config.this.arn - create_package = false - - s3_existing_package = { - bucket = aws_signer_signing_job.this.signed_object[0].s3[0].bucket - key = aws_signer_signing_job.this.signed_object[0].s3[0].key - } -} - -################################################################################ -# Lambda Code Signing -################################################################################ - -resource "aws_s3_object" "unsigned" { - bucket = module.s3_bucket.s3_bucket_id - key = "unsigned/existing_package.zip" - source = "${path.module}/../fixtures/python-zip/existing_package.zip" - - # Making sure that S3 versioning configuration is propagated properly - depends_on = [ - module.s3_bucket - ] -} - -resource "aws_signer_signing_profile" "this" { - platform_id = "AWSLambda-SHA384-ECDSA" - # invalid value for name (must be alphanumeric with max length of 64 characters) - name = replace(random_pet.this.id, "-", "") - - signature_validity_period { - value = 3 - type = "MONTHS" - } -} - -resource "aws_signer_signing_job" "this" { - profile_name = aws_signer_signing_profile.this.name - - source { - s3 { - bucket = module.s3_bucket.s3_bucket_id - key = aws_s3_object.unsigned.id - version = aws_s3_object.unsigned.version_id - } - } - - destination { - s3 { - bucket = module.s3_bucket.s3_bucket_id - prefix = "signed/" - } - } - - ignore_signing_job_failure = true -} - -resource "aws_lambda_code_signing_config" "this" { - allowed_publishers { - signing_profile_version_arns = [aws_signer_signing_profile.this.version_arn] - } - - policies { - untrusted_artifact_on_deployment = "Enforce" - } -} - -################################################################################ -# Supporting Resources -################################################################################ - -resource "random_pet" "this" { - length = 2 -} - -module "s3_bucket" { - source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 3.0" - - bucket_prefix = "${random_pet.this.id}-" - force_destroy = true - - # S3 bucket-level Public Access Block configuration - block_public_acls = true - block_public_policy = true - ignore_public_acls = true - restrict_public_buckets = true - - versioning = { - enabled = true - } - - server_side_encryption_configuration = { - rule = { - apply_server_side_encryption_by_default = { - sse_algorithm = "AES256" - } - } - } -} +# provider "aws" { +# region = "eu-west-1" + +# # Make it faster by skipping something +# skip_metadata_api_check = true +# skip_region_validation = true +# skip_credentials_validation = true +# } + +# ################################################################################ +# # Lambda Function +# ################################################################################ + +# module "lambda" { +# source = "../../" + +# function_name = random_pet.this.id +# handler = "index.lambda_handler" +# runtime = "python3.12" +# code_signing_config_arn = aws_lambda_code_signing_config.this.arn +# create_package = false + +# s3_existing_package = { +# bucket = aws_signer_signing_job.this.signed_object[0].s3[0].bucket +# key = aws_signer_signing_job.this.signed_object[0].s3[0].key +# } +# } + +# ################################################################################ +# # Lambda Code Signing +# ################################################################################ + +# resource "aws_s3_object" "unsigned" { +# bucket = module.s3_bucket.s3_bucket_id +# key = "unsigned/existing_package.zip" +# source = "${path.module}/../fixtures/python-zip/existing_package.zip" + +# # Making sure that S3 versioning configuration is propagated properly +# depends_on = [ +# module.s3_bucket +# ] +# } + +# resource "aws_signer_signing_profile" "this" { +# platform_id = "AWSLambda-SHA384-ECDSA" +# # invalid value for name (must be alphanumeric with max length of 64 characters) +# name = replace(random_pet.this.id, "-", "") + +# signature_validity_period { +# value = 3 +# type = "MONTHS" +# } +# } + +# resource "aws_signer_signing_job" "this" { +# profile_name = aws_signer_signing_profile.this.name + +# source { +# s3 { +# bucket = module.s3_bucket.s3_bucket_id +# key = aws_s3_object.unsigned.id +# version = aws_s3_object.unsigned.version_id +# } +# } + +# destination { +# s3 { +# bucket = module.s3_bucket.s3_bucket_id +# prefix = "signed/" +# } +# } + +# ignore_signing_job_failure = true +# } + +# resource "aws_lambda_code_signing_config" "this" { +# allowed_publishers { +# signing_profile_version_arns = [aws_signer_signing_profile.this.version_arn] +# } + +# policies { +# untrusted_artifact_on_deployment = "Enforce" +# } +# } + +# ################################################################################ +# # Supporting Resources +# ################################################################################ + +# resource "random_pet" "this" { +# length = 2 +# } + +# module "s3_bucket" { +# source = "terraform-aws-modules/s3-bucket/aws" +# version = "~> 3.0" + +# bucket_prefix = "${random_pet.this.id}-" +# force_destroy = true + +# # S3 bucket-level Public Access Block configuration +# block_public_acls = true +# block_public_policy = true +# ignore_public_acls = true +# restrict_public_buckets = true + +# versioning = { +# enabled = true +# } + +# server_side_encryption_configuration = { +# rule = { +# apply_server_side_encryption_by_default = { +# sse_algorithm = "AES256" +# } +# } +# } +# } diff --git a/examples/code-signing/outputs.tf b/examples/code-signing/outputs.tf index de42ca30..7b665165 100644 --- a/examples/code-signing/outputs.tf +++ b/examples/code-signing/outputs.tf @@ -1,19 +1,19 @@ -output "lambda_function_signing_job_arn" { - description = "ARN of the signing job" - value = module.lambda.lambda_function_signing_job_arn -} +# output "lambda_function_signing_job_arn" { +# description = "ARN of the signing job" +# value = module.lambda.lambda_function_signing_job_arn +# } -output "lambda_function_signing_profile_version_arn" { - description = "ARN of the signing profile version" - value = module.lambda.lambda_function_signing_profile_version_arn -} +# output "lambda_function_signing_profile_version_arn" { +# description = "ARN of the signing profile version" +# value = module.lambda.lambda_function_signing_profile_version_arn +# } -output "lambda_function_arn" { - description = "The ARN of the Lambda Function" - value = module.lambda.lambda_function_arn -} +# output "lambda_function_arn" { +# description = "The ARN of the Lambda Function" +# value = module.lambda.lambda_function_arn +# } -output "lambda_function_invoke_arn" { - description = "The Invoke ARN of the Lambda Function" - value = module.lambda.lambda_function_invoke_arn -} +# output "lambda_function_invoke_arn" { +# description = "The Invoke ARN of the Lambda Function" +# value = module.lambda.lambda_function_invoke_arn +# } diff --git a/examples/complete/README.md b/examples/complete/README.md index edebc13a..9acd1826 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -26,40 +26,15 @@ Note that this example may create resources which cost money. Run `terraform des ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.79 | -| [random](#provider\_random) | >= 2.0 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [disabled\_lambda](#module\_disabled\_lambda) | ../../ | n/a | -| [lambda\_at\_edge](#module\_lambda\_at\_edge) | ../../ | n/a | -| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | -| [lambda\_function\_existing\_package\_local](#module\_lambda\_function\_existing\_package\_local) | ../../ | n/a | -| [lambda\_function\_for\_each](#module\_lambda\_function\_for\_each) | ../../ | n/a | -| [lambda\_function\_no\_create\_log\_group\_permission](#module\_lambda\_function\_no\_create\_log\_group\_permission) | ../../ | n/a | -| [lambda\_function\_with\_custom\_auto\_log\_group](#module\_lambda\_function\_with\_custom\_auto\_log\_group) | ../../ | n/a | -| [lambda\_function\_with\_custom\_log\_group](#module\_lambda\_function\_with\_custom\_log\_group) | ../../ | n/a | -| [lambda\_function\_with\_package\_deploying\_externally](#module\_lambda\_function\_with\_package\_deploying\_externally) | ../../ | n/a | -| [lambda\_layer\_local](#module\_lambda\_layer\_local) | ../../ | n/a | -| [lambda\_layer\_s3](#module\_lambda\_layer\_s3) | ../../ | n/a | -| [lambda\_layer\_with\_package\_deploying\_externally](#module\_lambda\_layer\_with\_package\_deploying\_externally) | ../../ | n/a | -| [lambda\_with\_mixed\_trusted\_entities](#module\_lambda\_with\_mixed\_trusted\_entities) | ../../ | n/a | -| [lambda\_with\_provisioned\_concurrency](#module\_lambda\_with\_provisioned\_concurrency) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | +No modules. ## Resources -| Name | Type | -|------|------| -| [aws_cloudwatch_log_group.custom](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | -| [aws_sqs_queue.dlq](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_organizations_organization.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source | +No resources. ## Inputs @@ -67,29 +42,5 @@ No inputs. ## Outputs -| Name | Description | -|------|-------------| -| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | -| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | -| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | -| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [lambda\_function\_qualified\_invoke\_arn](#output\_lambda\_function\_qualified\_invoke\_arn) | The Invoke ARN identifying your Lambda Function Version | -| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [lambda\_function\_url](#output\_lambda\_function\_url) | The URL of the Lambda Function URL | -| [lambda\_function\_url\_id](#output\_lambda\_function\_url\_id) | The Lambda Function URL generated id | -| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | -| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | -| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | -| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | -| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | -| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +No outputs. diff --git a/examples/complete/main.tf b/examples/complete/main.tf index d0ae09c8..00af3768 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -1,485 +1,485 @@ -provider "aws" { - region = "eu-west-1" - - # Make it faster by skipping something - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true -} - -data "aws_caller_identity" "current" {} - -data "aws_organizations_organization" "this" {} - -#################################################### -# Lambda Function (building locally, storing on S3, -# set allowed triggers, set policies) -#################################################### - -module "lambda_function" { - source = "../../" - - function_name = "${random_pet.this.id}-lambda1" - description = "My awesome lambda function" - handler = "index.lambda_handler" - runtime = "python3.12" - ephemeral_storage_size = 10240 - architectures = ["x86_64"] - publish = true - # recursive_loop = "Allow" - - source_path = "${path.module}/../fixtures/python-app1" - - store_on_s3 = true - s3_bucket = module.s3_bucket.s3_bucket_id - s3_prefix = "lambda-builds/" - - s3_object_override_default_tags = true - s3_object_tags = { - S3ObjectName = "lambda1" - Override = "true" - } - - artifacts_dir = "${path.root}/.terraform/lambda-builds/" - - layers = [ - module.lambda_layer_local.lambda_layer_arn, - module.lambda_layer_s3.lambda_layer_arn, - ] - - environment_variables = { - Hello = "World" - Serverless = "Terraform" - } - - cloudwatch_logs_log_group_class = "INFREQUENT_ACCESS" - - role_path = "/tf-managed/" - - attach_dead_letter_policy = true - dead_letter_target_arn = aws_sqs_queue.dlq.arn - - allowed_triggers = { - Config = { - principal = "config.amazonaws.com" - principal_org_id = data.aws_organizations_organization.this.id - } - APIGatewayAny = { - service = "apigateway" - source_arn = "arn:aws:execute-api:eu-west-1:${data.aws_caller_identity.current.account_id}:aqnku8akd0/*/*/*" - }, - APIGatewayDevPost = { - service = "apigateway" - source_arn = "arn:aws:execute-api:eu-west-1:${data.aws_caller_identity.current.account_id}:aqnku8akd0/dev/POST/*" - }, - OneRule = { - principal = "events.amazonaws.com" - source_arn = "arn:aws:events:eu-west-1:${data.aws_caller_identity.current.account_id}:rule/RunDaily" - } - } - - ###################### - # Lambda Function URL - ###################### - create_lambda_function_url = true - authorization_type = "AWS_IAM" - cors = { - allow_credentials = true - allow_origins = ["*"] - allow_methods = ["*"] - allow_headers = ["date", "keep-alive"] - expose_headers = ["keep-alive", "date"] - max_age = 86400 - } - invoke_mode = "RESPONSE_STREAM" - - ###################### - # Additional policies - ###################### - - assume_role_policy_statements = { - account_root = { - effect = "Allow", - actions = ["sts:AssumeRole"], - principals = { - account_principal = { - type = "AWS", - identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"] - } - } - condition = { - stringequals_condition = { - test = "StringEquals" - variable = "sts:ExternalId" - values = ["12345"] - } - } - } - } - - attach_policy_json = true - policy_json = <<-EOT - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "xray:GetSamplingStatisticSummaries" - ], - "Resource": ["*"] - } - ] - } - EOT - - attach_policy_jsons = true - policy_jsons = [ - <<-EOT - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "xray:*" - ], - "Resource": ["*"] - } - ] - } - EOT - ] - number_of_policy_jsons = 1 - - attach_policy = true - policy = "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess" - - attach_policies = true - policies = ["arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess"] - number_of_policies = 1 - - attach_policy_statements = true - policy_statements = { - dynamodb = { - effect = "Allow", - actions = ["dynamodb:BatchWriteItem"], - resources = ["arn:aws:dynamodb:eu-west-1:052212379155:table/Test"] - }, - s3_read = { - effect = "Deny", - actions = ["s3:HeadObject", "s3:GetObject"], - resources = ["arn:aws:s3:::my-bucket/*"] - } - } - - timeouts = { - create = "20m" - update = "20m" - delete = "20m" - } - - function_tags = { - Language = "python" - } - - tags = { - Module = "lambda1" - } -} - -########################################################## -# Lambda Function (deploying existing package from local) -########################################################## - -module "lambda_function_existing_package_local" { - source = "../../" - - function_name = "${random_pet.this.id}-lambda-existing-package-local" - description = "My awesome lambda function" - handler = "index.lambda_handler" - runtime = "python3.12" - publish = true - - create_package = false - local_existing_package = "${path.module}/../fixtures/python-zip/existing_package.zip" - # s3_existing_package = { - # bucket = "humane-bear-bucket" - # key = "builds/506df8bef5a4fb01883cce3673c9ff0ed88fb52e8583410e0cca7980a72211a0.zip" - # version_id = null - # } - - layers = [ - module.lambda_layer_local.lambda_layer_arn, - module.lambda_layer_s3.lambda_layer_arn, - ] -} - -################################# -# Lambda Layer (storing locally) -################################# - -module "lambda_layer_local" { - source = "../../" - - create_layer = true - - layer_name = "${random_pet.this.id}-layer-local" - description = "My amazing lambda layer (deployed from local)" - compatible_runtimes = ["python3.12"] - compatible_architectures = ["arm64"] - - source_path = "${path.module}/../fixtures/python-app1" -} - -#################################################### -# Lambda Layer with package deploying externally -# (e.g., using separate CI/CD pipeline) -#################################################### - -module "lambda_layer_with_package_deploying_externally" { - source = "../../" - - create_layer = true - - layer_name = "${random_pet.this.id}-layer-local" - description = "My amazing lambda layer (deployed from local)" - compatible_runtimes = ["python3.12"] - - create_package = false - local_existing_package = "../fixtures/python-zip/existing_package.zip" - - ignore_source_code_hash = true -} - -############################### -# Lambda Layer (storing on S3) -############################### - -module "lambda_layer_s3" { - source = "../../" - - create_layer = true - - layer_name = "${random_pet.this.id}-layer-s3" - description = "My amazing lambda layer (deployed from S3)" - compatible_runtimes = ["python3.12"] - - source_path = "${path.module}/../fixtures/python-app1" - - store_on_s3 = true - s3_bucket = module.s3_bucket.s3_bucket_id -} +# provider "aws" { +# region = "eu-west-1" + +# # Make it faster by skipping something +# skip_metadata_api_check = true +# skip_region_validation = true +# skip_credentials_validation = true +# } + +# data "aws_caller_identity" "current" {} + +# data "aws_organizations_organization" "this" {} + +# #################################################### +# # Lambda Function (building locally, storing on S3, +# # set allowed triggers, set policies) +# #################################################### + +# module "lambda_function" { +# source = "../../" + +# function_name = "${random_pet.this.id}-lambda1" +# description = "My awesome lambda function" +# handler = "index.lambda_handler" +# runtime = "python3.12" +# ephemeral_storage_size = 10240 +# architectures = ["x86_64"] +# publish = true +# # recursive_loop = "Allow" + +# source_path = "${path.module}/../fixtures/python-app1" + +# store_on_s3 = true +# s3_bucket = module.s3_bucket.s3_bucket_id +# s3_prefix = "lambda-builds/" + +# s3_object_override_default_tags = true +# s3_object_tags = { +# S3ObjectName = "lambda1" +# Override = "true" +# } + +# artifacts_dir = "${path.root}/.terraform/lambda-builds/" + +# layers = [ +# module.lambda_layer_local.lambda_layer_arn, +# module.lambda_layer_s3.lambda_layer_arn, +# ] + +# environment_variables = { +# Hello = "World" +# Serverless = "Terraform" +# } + +# cloudwatch_logs_log_group_class = "INFREQUENT_ACCESS" + +# role_path = "/tf-managed/" + +# attach_dead_letter_policy = true +# dead_letter_target_arn = aws_sqs_queue.dlq.arn + +# allowed_triggers = { +# Config = { +# principal = "config.amazonaws.com" +# principal_org_id = data.aws_organizations_organization.this.id +# } +# APIGatewayAny = { +# service = "apigateway" +# source_arn = "arn:aws:execute-api:eu-west-1:${data.aws_caller_identity.current.account_id}:aqnku8akd0/*/*/*" +# }, +# APIGatewayDevPost = { +# service = "apigateway" +# source_arn = "arn:aws:execute-api:eu-west-1:${data.aws_caller_identity.current.account_id}:aqnku8akd0/dev/POST/*" +# }, +# OneRule = { +# principal = "events.amazonaws.com" +# source_arn = "arn:aws:events:eu-west-1:${data.aws_caller_identity.current.account_id}:rule/RunDaily" +# } +# } + +# ###################### +# # Lambda Function URL +# ###################### +# create_lambda_function_url = true +# authorization_type = "AWS_IAM" +# cors = { +# allow_credentials = true +# allow_origins = ["*"] +# allow_methods = ["*"] +# allow_headers = ["date", "keep-alive"] +# expose_headers = ["keep-alive", "date"] +# max_age = 86400 +# } +# invoke_mode = "RESPONSE_STREAM" + +# ###################### +# # Additional policies +# ###################### + +# assume_role_policy_statements = { +# account_root = { +# effect = "Allow", +# actions = ["sts:AssumeRole"], +# principals = { +# account_principal = { +# type = "AWS", +# identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"] +# } +# } +# condition = { +# stringequals_condition = { +# test = "StringEquals" +# variable = "sts:ExternalId" +# values = ["12345"] +# } +# } +# } +# } + +# attach_policy_json = true +# policy_json = <<-EOT +# { +# "Version": "2012-10-17", +# "Statement": [ +# { +# "Effect": "Allow", +# "Action": [ +# "xray:GetSamplingStatisticSummaries" +# ], +# "Resource": ["*"] +# } +# ] +# } +# EOT + +# attach_policy_jsons = true +# policy_jsons = [ +# <<-EOT +# { +# "Version": "2012-10-17", +# "Statement": [ +# { +# "Effect": "Allow", +# "Action": [ +# "xray:*" +# ], +# "Resource": ["*"] +# } +# ] +# } +# EOT +# ] +# number_of_policy_jsons = 1 + +# attach_policy = true +# policy = "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess" + +# attach_policies = true +# policies = ["arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess"] +# number_of_policies = 1 + +# attach_policy_statements = true +# policy_statements = { +# dynamodb = { +# effect = "Allow", +# actions = ["dynamodb:BatchWriteItem"], +# resources = ["arn:aws:dynamodb:eu-west-1:052212379155:table/Test"] +# }, +# s3_read = { +# effect = "Deny", +# actions = ["s3:HeadObject", "s3:GetObject"], +# resources = ["arn:aws:s3:::my-bucket/*"] +# } +# } + +# timeouts = { +# create = "20m" +# update = "20m" +# delete = "20m" +# } + +# function_tags = { +# Language = "python" +# } + +# tags = { +# Module = "lambda1" +# } +# } + +# ########################################################## +# # Lambda Function (deploying existing package from local) +# ########################################################## + +# module "lambda_function_existing_package_local" { +# source = "../../" + +# function_name = "${random_pet.this.id}-lambda-existing-package-local" +# description = "My awesome lambda function" +# handler = "index.lambda_handler" +# runtime = "python3.12" +# publish = true + +# create_package = false +# local_existing_package = "${path.module}/../fixtures/python-zip/existing_package.zip" +# # s3_existing_package = { +# # bucket = "humane-bear-bucket" +# # key = "builds/506df8bef5a4fb01883cce3673c9ff0ed88fb52e8583410e0cca7980a72211a0.zip" +# # version_id = null +# # } + +# layers = [ +# module.lambda_layer_local.lambda_layer_arn, +# module.lambda_layer_s3.lambda_layer_arn, +# ] +# } + +# ################################# +# # Lambda Layer (storing locally) +# ################################# + +# module "lambda_layer_local" { +# source = "../../" + +# create_layer = true + +# layer_name = "${random_pet.this.id}-layer-local" +# description = "My amazing lambda layer (deployed from local)" +# compatible_runtimes = ["python3.12"] +# compatible_architectures = ["arm64"] + +# source_path = "${path.module}/../fixtures/python-app1" +# } + +# #################################################### +# # Lambda Layer with package deploying externally +# # (e.g., using separate CI/CD pipeline) +# #################################################### + +# module "lambda_layer_with_package_deploying_externally" { +# source = "../../" + +# create_layer = true + +# layer_name = "${random_pet.this.id}-layer-local" +# description = "My amazing lambda layer (deployed from local)" +# compatible_runtimes = ["python3.12"] + +# create_package = false +# local_existing_package = "../fixtures/python-zip/existing_package.zip" + +# ignore_source_code_hash = true +# } + +# ############################### +# # Lambda Layer (storing on S3) +# ############################### + +# module "lambda_layer_s3" { +# source = "../../" + +# create_layer = true + +# layer_name = "${random_pet.this.id}-layer-s3" +# description = "My amazing lambda layer (deployed from S3)" +# compatible_runtimes = ["python3.12"] + +# source_path = "${path.module}/../fixtures/python-app1" + +# store_on_s3 = true +# s3_bucket = module.s3_bucket.s3_bucket_id +# } -############## -# Lambda@Edge -############## +# ############## +# # Lambda@Edge +# ############## -module "lambda_at_edge" { - source = "../../" +# module "lambda_at_edge" { +# source = "../../" - lambda_at_edge = true +# lambda_at_edge = true - function_name = "${random_pet.this.id}-lambda-at-edge" - description = "My awesome lambda@edge function" - handler = "index.lambda_handler" - runtime = "python3.12" +# function_name = "${random_pet.this.id}-lambda-at-edge" +# description = "My awesome lambda@edge function" +# handler = "index.lambda_handler" +# runtime = "python3.12" - source_path = "${path.module}/../fixtures/python-app1" - hash_extra = "this string should be included in hash function to produce different filename for the same source" # this is also a build trigger if this changes +# source_path = "${path.module}/../fixtures/python-app1" +# hash_extra = "this string should be included in hash function to produce different filename for the same source" # this is also a build trigger if this changes - tags = { - Module = "lambda-at-edge" - } -} +# tags = { +# Module = "lambda-at-edge" +# } +# } -############################################### -# Lambda Function with provisioned concurrency -############################################### +# ############################################### +# # Lambda Function with provisioned concurrency +# ############################################### -module "lambda_with_provisioned_concurrency" { - source = "../../" +# module "lambda_with_provisioned_concurrency" { +# source = "../../" - function_name = "${random_pet.this.id}-lambda-provisioned" - handler = "index.lambda_handler" - runtime = "python3.12" +# function_name = "${random_pet.this.id}-lambda-provisioned" +# handler = "index.lambda_handler" +# runtime = "python3.12" - source_path = "${path.module}/../fixtures/python-app1" - publish = true +# source_path = "${path.module}/../fixtures/python-app1" +# publish = true - hash_extra = "hash-extra-lambda-provisioned" +# hash_extra = "hash-extra-lambda-provisioned" - provisioned_concurrent_executions = -1 # 2 -} +# provisioned_concurrent_executions = -1 # 2 +# } -############################################### -# Lambda Function with mixed trusted entities -############################################### +# ############################################### +# # Lambda Function with mixed trusted entities +# ############################################### -module "lambda_with_mixed_trusted_entities" { - source = "../../" +# module "lambda_with_mixed_trusted_entities" { +# source = "../../" - function_name = "${random_pet.this.id}-lambda-mixed-trusted-entities" - handler = "index.lambda_handler" - runtime = "python3.12" +# function_name = "${random_pet.this.id}-lambda-mixed-trusted-entities" +# handler = "index.lambda_handler" +# runtime = "python3.12" - source_path = "${path.module}/../fixtures/python-app1" +# source_path = "${path.module}/../fixtures/python-app1" - trusted_entities = [ - "appsync.amazonaws.com", - { - type = "AWS", - identifiers = [ - "arn:aws:iam::307990089504:root", - ] - }, - { - type = "Service", - identifiers = [ - "codedeploy.amazonaws.com", - "ecs.amazonaws.com" - ] - } - ] -} +# trusted_entities = [ +# "appsync.amazonaws.com", +# { +# type = "AWS", +# identifiers = [ +# "arn:aws:iam::307990089504:root", +# ] +# }, +# { +# type = "Service", +# identifiers = [ +# "codedeploy.amazonaws.com", +# "ecs.amazonaws.com" +# ] +# } +# ] +# } -############################## -# Lambda Functions + for_each -############################## +# ############################## +# # Lambda Functions + for_each +# ############################## -module "lambda_function_for_each" { - source = "../../" +# module "lambda_function_for_each" { +# source = "../../" - for_each = toset(["dev", "staging", "prod"]) +# for_each = toset(["dev", "staging", "prod"]) - function_name = "my-${each.value}" - description = "My awesome lambda function" - handler = "index.lambda_handler" - runtime = "python3.12" - publish = true +# function_name = "my-${each.value}" +# description = "My awesome lambda function" +# handler = "index.lambda_handler" +# runtime = "python3.12" +# publish = true - create_package = false - local_existing_package = "${path.module}/../fixtures/python-zip/existing_package.zip" -} +# create_package = false +# local_existing_package = "${path.module}/../fixtures/python-zip/existing_package.zip" +# } -#################################################### -# Lambda Function with package deploying externally -# (e.g., using separate CI/CD pipeline) -#################################################### +# #################################################### +# # Lambda Function with package deploying externally +# # (e.g., using separate CI/CD pipeline) +# #################################################### -module "lambda_function_with_package_deploying_externally" { - source = "../../" +# module "lambda_function_with_package_deploying_externally" { +# source = "../../" - function_name = "${random_pet.this.id}-lambda-with-package-deploying-externally" - handler = "index.lambda_handler" - runtime = "python3.12" +# function_name = "${random_pet.this.id}-lambda-with-package-deploying-externally" +# handler = "index.lambda_handler" +# runtime = "python3.12" - create_package = false - local_existing_package = "../fixtures/python-zip/existing_package.zip" +# create_package = false +# local_existing_package = "../fixtures/python-zip/existing_package.zip" - ignore_source_code_hash = true -} +# ignore_source_code_hash = true +# } -#################################################### -# Lambda Function no create log group permission -#################################################### +# #################################################### +# # Lambda Function no create log group permission +# #################################################### -module "lambda_function_no_create_log_group_permission" { - source = "../../" +# module "lambda_function_no_create_log_group_permission" { +# source = "../../" - function_name = "${random_pet.this.id}-lambda-no-create-log-group-permission" - handler = "index.lambda_handler" - runtime = "python3.12" +# function_name = "${random_pet.this.id}-lambda-no-create-log-group-permission" +# handler = "index.lambda_handler" +# runtime = "python3.12" - create_package = false - local_existing_package = "../fixtures/python-zip/existing_package.zip" +# create_package = false +# local_existing_package = "../fixtures/python-zip/existing_package.zip" - attach_create_log_group_permission = false -} +# attach_create_log_group_permission = false +# } -#################################################### -# Lambda Function with custom log group (existing) -#################################################### +# #################################################### +# # Lambda Function with custom log group (existing) +# #################################################### -module "lambda_function_with_custom_log_group" { - source = "../../" +# module "lambda_function_with_custom_log_group" { +# source = "../../" - function_name = "${random_pet.this.id}-lambda-with-custom-log-group" - handler = "index.lambda_handler" - runtime = "python3.12" - - create_package = false - local_existing_package = "../fixtures/python-zip/existing_package.zip" - - use_existing_cloudwatch_log_group = true - - logging_log_group = aws_cloudwatch_log_group.custom.name - logging_log_format = "JSON" - logging_application_log_level = "INFO" - logging_system_log_level = "DEBUG" -} - -#################################################################### -# Lambda Function with custom log group (automatically provisioned) -#################################################################### - -module "lambda_function_with_custom_auto_log_group" { - source = "../../" - - function_name = "${random_pet.this.id}-lambda-with-custom-auto-log-group" - handler = "index.lambda_handler" - runtime = "python3.12" - - create_package = false - local_existing_package = "../fixtures/python-zip/existing_package.zip" +# function_name = "${random_pet.this.id}-lambda-with-custom-log-group" +# handler = "index.lambda_handler" +# runtime = "python3.12" + +# create_package = false +# local_existing_package = "../fixtures/python-zip/existing_package.zip" + +# use_existing_cloudwatch_log_group = true + +# logging_log_group = aws_cloudwatch_log_group.custom.name +# logging_log_format = "JSON" +# logging_application_log_level = "INFO" +# logging_system_log_level = "DEBUG" +# } + +# #################################################################### +# # Lambda Function with custom log group (automatically provisioned) +# #################################################################### + +# module "lambda_function_with_custom_auto_log_group" { +# source = "../../" + +# function_name = "${random_pet.this.id}-lambda-with-custom-auto-log-group" +# handler = "index.lambda_handler" +# runtime = "python3.12" + +# create_package = false +# local_existing_package = "../fixtures/python-zip/existing_package.zip" - logging_log_group = "/example-auto/${random_pet.this.id}" - logging_log_format = "JSON" - logging_application_log_level = "INFO" - logging_system_log_level = "DEBUG" -} +# logging_log_group = "/example-auto/${random_pet.this.id}" +# logging_log_format = "JSON" +# logging_application_log_level = "INFO" +# logging_system_log_level = "DEBUG" +# } -########### -# Disabled -########### +# ########### +# # Disabled +# ########### -module "disabled_lambda" { - source = "../../" +# module "disabled_lambda" { +# source = "../../" - create = false -} +# create = false +# } -################## -# Extra resources -################## +# ################## +# # Extra resources +# ################## -resource "random_pet" "this" { - length = 2 -} +# resource "random_pet" "this" { +# length = 2 +# } -module "s3_bucket" { - source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 3.0" +# module "s3_bucket" { +# source = "terraform-aws-modules/s3-bucket/aws" +# version = "~> 3.0" - bucket_prefix = "${random_pet.this.id}-" - force_destroy = true +# bucket_prefix = "${random_pet.this.id}-" +# force_destroy = true - # S3 bucket-level Public Access Block configuration - block_public_acls = true - block_public_policy = true - ignore_public_acls = true - restrict_public_buckets = true +# # S3 bucket-level Public Access Block configuration +# block_public_acls = true +# block_public_policy = true +# ignore_public_acls = true +# restrict_public_buckets = true - versioning = { - enabled = true - } -} +# versioning = { +# enabled = true +# } +# } -resource "aws_sqs_queue" "dlq" { - name = random_pet.this.id -} +# resource "aws_sqs_queue" "dlq" { +# name = random_pet.this.id +# } -resource "aws_cloudwatch_log_group" "custom" { - name = "/example/${random_pet.this.id}" - retention_in_days = 1 -} +# resource "aws_cloudwatch_log_group" "custom" { +# name = "/example/${random_pet.this.id}" +# retention_in_days = 1 +# } diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 77c78702..4d107ae0 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -1,120 +1,120 @@ -# Lambda Function -output "lambda_function_arn" { - description = "The ARN of the Lambda Function" - value = module.lambda_function.lambda_function_arn -} - -output "lambda_function_arn_static" { - description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" - value = module.lambda_function.lambda_function_arn_static -} - -output "lambda_function_invoke_arn" { - description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function.lambda_function_invoke_arn -} - -output "lambda_function_name" { - description = "The name of the Lambda Function" - value = module.lambda_function.lambda_function_name -} - -output "lambda_function_qualified_arn" { - description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function.lambda_function_qualified_arn -} - -output "lambda_function_qualified_invoke_arn" { - description = "The Invoke ARN identifying your Lambda Function Version" - value = module.lambda_function.lambda_function_qualified_invoke_arn -} - -output "lambda_function_version" { - description = "Latest published version of Lambda Function" - value = module.lambda_function.lambda_function_version -} - -output "lambda_function_last_modified" { - description = "The date Lambda Function resource was last modified" - value = module.lambda_function.lambda_function_last_modified -} - -output "lambda_function_kms_key_arn" { - description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function.lambda_function_kms_key_arn -} - -output "lambda_function_source_code_hash" { - description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function.lambda_function_source_code_hash -} - -output "lambda_function_source_code_size" { - description = "The size in bytes of the function .zip file" - value = module.lambda_function.lambda_function_source_code_size -} - -# Lambda Function URL -output "lambda_function_url" { - description = "The URL of the Lambda Function URL" - value = module.lambda_function.lambda_function_url -} - -output "lambda_function_url_id" { - description = "The Lambda Function URL generated id" - value = module.lambda_function.lambda_function_url_id -} - -# Lambda Layer -output "lambda_layer_arn" { - description = "The ARN of the Lambda Layer with version" - value = module.lambda_function.lambda_layer_arn -} - -output "lambda_layer_layer_arn" { - description = "The ARN of the Lambda Layer without version" - value = module.lambda_function.lambda_layer_layer_arn -} - -output "lambda_layer_created_date" { - description = "The date Lambda Layer resource was created" - value = module.lambda_function.lambda_layer_created_date -} - -output "lambda_layer_source_code_size" { - description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function.lambda_layer_source_code_size -} - -output "lambda_layer_version" { - description = "The Lambda Layer version" - value = module.lambda_function.lambda_layer_version -} - -# IAM Role -output "lambda_role_arn" { - description = "The ARN of the IAM role created for the Lambda Function" - value = module.lambda_function.lambda_role_arn -} - -output "lambda_role_name" { - description = "The name of the IAM role created for the Lambda Function" - value = module.lambda_function.lambda_role_name -} - -# CloudWatch Log Group -output "lambda_cloudwatch_log_group_arn" { - description = "The ARN of the Cloudwatch Log Group" - value = module.lambda_function.lambda_cloudwatch_log_group_arn -} - -# Deployment package -output "local_filename" { - description = "The filename of zip archive deployed (if deployment was from local)" - value = module.lambda_function.local_filename -} - -output "s3_object" { - description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" - value = module.lambda_function.s3_object -} +# # Lambda Function +# output "lambda_function_arn" { +# description = "The ARN of the Lambda Function" +# value = module.lambda_function.lambda_function_arn +# } + +# output "lambda_function_arn_static" { +# description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" +# value = module.lambda_function.lambda_function_arn_static +# } + +# output "lambda_function_invoke_arn" { +# description = "The Invoke ARN of the Lambda Function" +# value = module.lambda_function.lambda_function_invoke_arn +# } + +# output "lambda_function_name" { +# description = "The name of the Lambda Function" +# value = module.lambda_function.lambda_function_name +# } + +# output "lambda_function_qualified_arn" { +# description = "The ARN identifying your Lambda Function Version" +# value = module.lambda_function.lambda_function_qualified_arn +# } + +# output "lambda_function_qualified_invoke_arn" { +# description = "The Invoke ARN identifying your Lambda Function Version" +# value = module.lambda_function.lambda_function_qualified_invoke_arn +# } + +# output "lambda_function_version" { +# description = "Latest published version of Lambda Function" +# value = module.lambda_function.lambda_function_version +# } + +# output "lambda_function_last_modified" { +# description = "The date Lambda Function resource was last modified" +# value = module.lambda_function.lambda_function_last_modified +# } + +# output "lambda_function_kms_key_arn" { +# description = "The ARN for the KMS encryption key of Lambda Function" +# value = module.lambda_function.lambda_function_kms_key_arn +# } + +# output "lambda_function_source_code_hash" { +# description = "Base64-encoded representation of raw SHA-256 sum of the zip file" +# value = module.lambda_function.lambda_function_source_code_hash +# } + +# output "lambda_function_source_code_size" { +# description = "The size in bytes of the function .zip file" +# value = module.lambda_function.lambda_function_source_code_size +# } + +# # Lambda Function URL +# output "lambda_function_url" { +# description = "The URL of the Lambda Function URL" +# value = module.lambda_function.lambda_function_url +# } + +# output "lambda_function_url_id" { +# description = "The Lambda Function URL generated id" +# value = module.lambda_function.lambda_function_url_id +# } + +# # Lambda Layer +# output "lambda_layer_arn" { +# description = "The ARN of the Lambda Layer with version" +# value = module.lambda_function.lambda_layer_arn +# } + +# output "lambda_layer_layer_arn" { +# description = "The ARN of the Lambda Layer without version" +# value = module.lambda_function.lambda_layer_layer_arn +# } + +# output "lambda_layer_created_date" { +# description = "The date Lambda Layer resource was created" +# value = module.lambda_function.lambda_layer_created_date +# } + +# output "lambda_layer_source_code_size" { +# description = "The size in bytes of the Lambda Layer .zip file" +# value = module.lambda_function.lambda_layer_source_code_size +# } + +# output "lambda_layer_version" { +# description = "The Lambda Layer version" +# value = module.lambda_function.lambda_layer_version +# } + +# # IAM Role +# output "lambda_role_arn" { +# description = "The ARN of the IAM role created for the Lambda Function" +# value = module.lambda_function.lambda_role_arn +# } + +# output "lambda_role_name" { +# description = "The name of the IAM role created for the Lambda Function" +# value = module.lambda_function.lambda_role_name +# } + +# # CloudWatch Log Group +# output "lambda_cloudwatch_log_group_arn" { +# description = "The ARN of the Cloudwatch Log Group" +# value = module.lambda_function.lambda_cloudwatch_log_group_arn +# } + +# # Deployment package +# output "local_filename" { +# description = "The filename of zip archive deployed (if deployment was from local)" +# value = module.lambda_function.local_filename +# } + +# output "s3_object" { +# description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" +# value = module.lambda_function.s3_object +# } diff --git a/examples/container-image/README.md b/examples/container-image/README.md index d7d83e0d..77294b52 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -72,11 +72,6 @@ No inputs. | [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | | [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | | [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | -| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | | [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index 75a36ffc..efd34f38 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -38,7 +38,7 @@ module "lambda_function_with_docker_build" { function_name = "${random_pet.this.id}-lambda-with-docker-build" description = "My awesome lambda function with container image by modules/docker-build" - create_package = false + # create_package = false ################## # Container Image @@ -55,7 +55,7 @@ module "lambda_function_with_docker_build_from_ecr" { function_name = "${random_pet.this.id}-lambda-with-docker-build-from-ecr" description = "My awesome lambda function with container image by modules/docker-build and ECR repository created by terraform-aws-ecr module" - create_package = false + # create_package = false ################## # Container Image diff --git a/examples/container-image/outputs.tf b/examples/container-image/outputs.tf index 7e6f0d2c..7e246731 100644 --- a/examples/container-image/outputs.tf +++ b/examples/container-image/outputs.tf @@ -50,30 +50,30 @@ output "lambda_function_source_code_size" { } # Lambda Layer -output "lambda_layer_arn" { - description = "The ARN of the Lambda Layer with version" - value = module.lambda_function_with_docker_build.lambda_layer_arn -} - -output "lambda_layer_layer_arn" { - description = "The ARN of the Lambda Layer without version" - value = module.lambda_function_with_docker_build.lambda_layer_layer_arn -} - -output "lambda_layer_created_date" { - description = "The date Lambda Layer resource was created" - value = module.lambda_function_with_docker_build.lambda_layer_created_date -} - -output "lambda_layer_source_code_size" { - description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function_with_docker_build.lambda_layer_source_code_size -} - -output "lambda_layer_version" { - description = "The Lambda Layer version" - value = module.lambda_function_with_docker_build.lambda_layer_version -} +# output "lambda_layer_arn" { +# description = "The ARN of the Lambda Layer with version" +# value = module.lambda_function_with_docker_build.lambda_layer_arn +# } + +# output "lambda_layer_layer_arn" { +# description = "The ARN of the Lambda Layer without version" +# value = module.lambda_function_with_docker_build.lambda_layer_layer_arn +# } + +# output "lambda_layer_created_date" { +# description = "The date Lambda Layer resource was created" +# value = module.lambda_function_with_docker_build.lambda_layer_created_date +# } + +# output "lambda_layer_source_code_size" { +# description = "The size in bytes of the Lambda Layer .zip file" +# value = module.lambda_function_with_docker_build.lambda_layer_source_code_size +# } + +# output "lambda_layer_version" { +# description = "The Lambda Layer version" +# value = module.lambda_function_with_docker_build.lambda_layer_version +# } # IAM Role output "lambda_role_arn" { diff --git a/examples/deploy/README.md b/examples/deploy/README.md index 86d5e5a5..d59bf7e4 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -25,26 +25,15 @@ Note that this example may create resources which cost money. Run `terraform des ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.79 | -| [random](#provider\_random) | >= 2.0 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [alias\_refresh](#module\_alias\_refresh) | ../../modules/alias | n/a | -| [deploy](#module\_deploy) | ../../modules/deploy | n/a | -| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | +No modules. ## Resources -| Name | Type | -|------|------| -| [aws_sns_topic.sns1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource | -| [aws_sns_topic.sns2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource | -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +No resources. ## Inputs @@ -52,15 +41,5 @@ No inputs. ## Outputs -| Name | Description | -|------|-------------| -| [appspec](#output\_appspec) | Appspec data as HCL | -| [appspec\_content](#output\_appspec\_content) | Appspec data as valid JSON | -| [appspec\_sha256](#output\_appspec\_sha256) | SHA256 of Appspec JSON | -| [codedeploy\_app\_name](#output\_codedeploy\_app\_name) | Name of CodeDeploy application | -| [codedeploy\_deployment\_group\_id](#output\_codedeploy\_deployment\_group\_id) | CodeDeploy deployment group id | -| [codedeploy\_deployment\_group\_name](#output\_codedeploy\_deployment\_group\_name) | CodeDeploy deployment group name | -| [codedeploy\_iam\_role\_name](#output\_codedeploy\_iam\_role\_name) | Name of IAM role used by CodeDeploy | -| [deploy\_script](#output\_deploy\_script) | Path to a deployment script | -| [script](#output\_script) | Deployment script | +No outputs. diff --git a/examples/deploy/main.tf b/examples/deploy/main.tf index ee8c8bed..0d4be428 100644 --- a/examples/deploy/main.tf +++ b/examples/deploy/main.tf @@ -1,83 +1,83 @@ -provider "aws" { - region = "eu-west-1" +# provider "aws" { +# region = "eu-west-1" - # Make it faster by skipping something - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true -} +# # Make it faster by skipping something +# skip_metadata_api_check = true +# skip_region_validation = true +# skip_credentials_validation = true +# } -resource "random_pet" "this" { - length = 2 -} +# resource "random_pet" "this" { +# length = 2 +# } -module "lambda_function" { - source = "../../" +# module "lambda_function" { +# source = "../../" - function_name = "${random_pet.this.id}-lambda" - handler = "index.lambda_handler" - runtime = "python3.12" - publish = true +# function_name = "${random_pet.this.id}-lambda" +# handler = "index.lambda_handler" +# runtime = "python3.12" +# publish = true - source_path = "${path.module}/../fixtures/python-app1" - hash_extra = "yo1" -} +# source_path = "${path.module}/../fixtures/python-app1" +# hash_extra = "yo1" +# } -module "alias_refresh" { - source = "../../modules/alias" +# module "alias_refresh" { +# source = "../../modules/alias" - refresh_alias = true +# refresh_alias = true - name = "current-with-refresh" +# name = "current-with-refresh" - function_name = module.lambda_function.lambda_function_name +# function_name = module.lambda_function.lambda_function_name - # Set function_version when creating alias to be able to deploy using it, - # because AWS CodeDeploy doesn't understand $LATEST as CurrentVersion. - function_version = module.lambda_function.lambda_function_version -} +# # Set function_version when creating alias to be able to deploy using it, +# # because AWS CodeDeploy doesn't understand $LATEST as CurrentVersion. +# function_version = module.lambda_function.lambda_function_version +# } -module "deploy" { - source = "../../modules/deploy" +# module "deploy" { +# source = "../../modules/deploy" - alias_name = module.alias_refresh.lambda_alias_name - function_name = module.lambda_function.lambda_function_name +# alias_name = module.alias_refresh.lambda_alias_name +# function_name = module.lambda_function.lambda_function_name - target_version = module.lambda_function.lambda_function_version - description = "This is my awesome deploy!" +# target_version = module.lambda_function.lambda_function_version +# description = "This is my awesome deploy!" - create_app = true - app_name = "my-awesome-app" +# create_app = true +# app_name = "my-awesome-app" - create_deployment_group = true - deployment_group_name = "something" +# create_deployment_group = true +# deployment_group_name = "something" - create_deployment = true - run_deployment = true - save_deploy_script = true - wait_deployment_completion = true - force_deploy = true +# create_deployment = true +# run_deployment = true +# save_deploy_script = true +# wait_deployment_completion = true +# force_deploy = true - attach_triggers_policy = true - triggers = { - start = { - events = ["DeploymentStart"] - name = "DeploymentStart" - target_arn = aws_sns_topic.sns1.arn - } - success = { - events = ["DeploymentSuccess"] - name = "DeploymentSuccess" - target_arn = aws_sns_topic.sns2.arn - } - } +# attach_triggers_policy = true +# triggers = { +# start = { +# events = ["DeploymentStart"] +# name = "DeploymentStart" +# target_arn = aws_sns_topic.sns1.arn +# } +# success = { +# events = ["DeploymentSuccess"] +# name = "DeploymentSuccess" +# target_arn = aws_sns_topic.sns2.arn +# } +# } -} +# } -resource "aws_sns_topic" "sns1" { - name_prefix = random_pet.this.id -} +# resource "aws_sns_topic" "sns1" { +# name_prefix = random_pet.this.id +# } -resource "aws_sns_topic" "sns2" { - name_prefix = random_pet.this.id -} +# resource "aws_sns_topic" "sns2" { +# name_prefix = random_pet.this.id +# } diff --git a/examples/deploy/outputs.tf b/examples/deploy/outputs.tf index 4e329b82..e2aca635 100644 --- a/examples/deploy/outputs.tf +++ b/examples/deploy/outputs.tf @@ -1,44 +1,44 @@ -output "codedeploy_app_name" { - description = "Name of CodeDeploy application" - value = module.deploy.codedeploy_app_name -} - -output "codedeploy_deployment_group_name" { - description = "CodeDeploy deployment group name" - value = module.deploy.codedeploy_deployment_group_name -} - -output "codedeploy_deployment_group_id" { - description = "CodeDeploy deployment group id" - value = module.deploy.codedeploy_deployment_group_id -} - -output "codedeploy_iam_role_name" { - description = "Name of IAM role used by CodeDeploy" - value = module.deploy.codedeploy_iam_role_name -} - -output "appspec" { - description = "Appspec data as HCL" - value = module.deploy.appspec -} - -output "appspec_content" { - description = "Appspec data as valid JSON" - value = module.deploy.appspec_content -} - -output "appspec_sha256" { - description = "SHA256 of Appspec JSON" - value = module.deploy.appspec_sha256 -} - -output "script" { - description = "Deployment script" - value = module.deploy.script -} - -output "deploy_script" { - description = "Path to a deployment script" - value = module.deploy.deploy_script -} +# output "codedeploy_app_name" { +# description = "Name of CodeDeploy application" +# value = module.deploy.codedeploy_app_name +# } + +# output "codedeploy_deployment_group_name" { +# description = "CodeDeploy deployment group name" +# value = module.deploy.codedeploy_deployment_group_name +# } + +# output "codedeploy_deployment_group_id" { +# description = "CodeDeploy deployment group id" +# value = module.deploy.codedeploy_deployment_group_id +# } + +# output "codedeploy_iam_role_name" { +# description = "Name of IAM role used by CodeDeploy" +# value = module.deploy.codedeploy_iam_role_name +# } + +# output "appspec" { +# description = "Appspec data as HCL" +# value = module.deploy.appspec +# } + +# output "appspec_content" { +# description = "Appspec data as valid JSON" +# value = module.deploy.appspec_content +# } + +# output "appspec_sha256" { +# description = "SHA256 of Appspec JSON" +# value = module.deploy.appspec_sha256 +# } + +# output "script" { +# description = "Deployment script" +# value = module.deploy.script +# } + +# output "deploy_script" { +# description = "Path to a deployment script" +# value = module.deploy.deploy_script +# } diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md index 60c28525..680831d9 100644 --- a/examples/event-source-mapping/README.md +++ b/examples/event-source-mapping/README.md @@ -25,33 +25,15 @@ Note that this example may create resources which cost money. Run `terraform des ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.79 | -| [random](#provider\_random) | >= 2.0 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | +No modules. ## Resources -| Name | Type | -|------|------| -| [aws_dynamodb_table.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource | -| [aws_kinesis_stream.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_stream) | resource | -| [aws_mq_broker.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker) | resource | -| [aws_secretsmanager_secret.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource | -| [aws_secretsmanager_secret_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource | -| [aws_sqs_queue.failure](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | -| [aws_sqs_queue.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | -| [random_password.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | -| [aws_organizations_organization.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source | +No resources. ## Inputs @@ -59,21 +41,5 @@ No inputs. ## Outputs -| Name | Description | -|------|-------------| -| [lambda\_event\_source\_mapping\_arn](#output\_lambda\_event\_source\_mapping\_arn) | The event source mapping ARN | -| [lambda\_event\_source\_mapping\_function\_arn](#output\_lambda\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | -| [lambda\_event\_source\_mapping\_state](#output\_lambda\_event\_source\_mapping\_state) | The state of the event source mapping | -| [lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | -| [lambda\_event\_source\_mapping\_uuid](#output\_lambda\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | -| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | -| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | -| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | +No outputs. diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index f76d30c8..fcb05282 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -1,279 +1,279 @@ -provider "aws" { - region = "eu-west-1" - - # Make it faster by skipping something - - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true -} - -data "aws_availability_zones" "available" {} - -data "aws_organizations_organization" "this" {} - -locals { - vpc_cidr = "10.0.0.0/16" - azs = slice(data.aws_availability_zones.available.names, 0, 3) -} - -#################################################### -# Lambda Function with event source mapping -#################################################### - -module "lambda_function" { - source = "../../" - - function_name = "${random_pet.this.id}-lambda-event-source-mapping" - handler = "index.lambda_handler" - runtime = "python3.12" - - source_path = "${path.module}/../fixtures/python-app1/index.py" - - event_source_mapping = { - sqs = { - event_source_arn = aws_sqs_queue.this.arn - function_response_types = ["ReportBatchItemFailures"] - scaling_config = { - maximum_concurrency = 20 - } - metrics_config = { - metrics = ["EventCount"] - } - } - dynamodb = { - event_source_arn = aws_dynamodb_table.this.stream_arn - starting_position = "LATEST" - destination_arn_on_failure = aws_sqs_queue.failure.arn - filter_criteria = [ - { - pattern = jsonencode({ - eventName : ["INSERT"] - }) - }, - { - pattern = jsonencode({ - data : { - Temperature : [{ numeric : [">", 0, "<=", 100] }] - Location : ["Oslo"] - } - }) - } - ] - } - kinesis = { - event_source_arn = aws_kinesis_stream.this.arn - starting_position = "LATEST" - filter_criteria = { - pattern = jsonencode({ - data : { - Temperature : [{ numeric : [">", 0, "<=", 100] }] - Location : ["Oslo"] - } - }) - } - } - mq = { - event_source_arn = aws_mq_broker.this.arn - queues = ["my-queue"] - source_access_configuration = [ - { - type = "BASIC_AUTH" - uri = aws_secretsmanager_secret.this.arn - }, - { - type = "VIRTUAL_HOST" - uri = "/" - } - ] - tags = { mapping = "amq" } - } - # self_managed_kafka = { - # batch_size = 1 - # starting_position = "TRIM_HORIZON" - # topics = ["topic1", "topic2"] - # self_managed_event_source = [ - # { - # endpoints = { - # KAFKA_BOOTSTRAP_SERVERS = "kafka1.example.com:9092,kafka2.example.com:9092" - # } - # } - # ] - # self_managed_kafka_event_source_config = [ - # { - # consumer_group_id = "example-consumer-group" - # } - # ] - # source_access_configuration = [ - # { - # type = "SASL_SCRAM_512_AUTH", - # uri = "SECRET_AUTH_INFO" - # }, - # { - # type = "VPC_SECURITY_GROUP", - # uri = "security_group:sg-12345678" - # }, - # { - # type = "VPC_SUBNET" - # uri = "subnet:subnet-12345678" - # } - # ] - # } - } - - allowed_triggers = { - config = { - principal = "config.amazonaws.com" - principal_org_id = data.aws_organizations_organization.this.id - } - sqs = { - principal = "sqs.amazonaws.com" - source_arn = aws_sqs_queue.this.arn - } - dynamodb = { - principal = "dynamodb.amazonaws.com" - source_arn = aws_dynamodb_table.this.stream_arn - } - kinesis = { - principal = "kinesis.amazonaws.com" - source_arn = aws_kinesis_stream.this.arn - } - mq = { - principal = "mq.amazonaws.com" - source_arn = aws_mq_broker.this.arn - } - } - - create_current_version_allowed_triggers = false - - attach_network_policy = true - - attach_policy_statements = true - policy_statements = { - # Allow failures to be sent to SQS queue - sqs_failure = { - effect = "Allow", - actions = ["sqs:SendMessage"], - resources = [aws_sqs_queue.failure.arn] - }, - # Execution role permissions to read records from an Amazon MQ broker - # https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#events-mq-permissions - mq_event_source = { - effect = "Allow", - actions = ["ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs"], - resources = ["*"] - }, - mq_describe_broker = { - effect = "Allow", - actions = ["mq:DescribeBroker"], - resources = [aws_mq_broker.this.arn] - }, - secrets_manager_get_value = { - effect = "Allow", - actions = ["secretsmanager:GetSecretValue"], - resources = [aws_secretsmanager_secret.this.arn] - } - } - - attach_policies = true - number_of_policies = 3 - - policies = [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole", - "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole", - "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole", - ] - - tags = { - example = "event-source-mapping" - } -} - -################## -# Extra resources -################## - -# Shared resources -resource "random_pet" "this" { - length = 2 -} - -resource "random_password" "this" { - length = 40 - special = false -} - -# SQS -resource "aws_sqs_queue" "this" { - name = random_pet.this.id -} - -resource "aws_sqs_queue" "failure" { - name = "${random_pet.this.id}-failure" -} - -# DynamoDB -resource "aws_dynamodb_table" "this" { - name = random_pet.this.id - billing_mode = "PAY_PER_REQUEST" - hash_key = "UserId" - range_key = "GameTitle" - stream_view_type = "NEW_AND_OLD_IMAGES" - stream_enabled = true - - attribute { - name = "UserId" - type = "S" - } - - attribute { - name = "GameTitle" - type = "S" - } -} - -# Kinesis -resource "aws_kinesis_stream" "this" { - name = random_pet.this.id - shard_count = 1 -} - -# Amazon MQ -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "~> 5.0" - - name = random_pet.this.id - cidr = local.vpc_cidr - - azs = local.azs - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - - enable_nat_gateway = false -} - -resource "aws_mq_broker" "this" { - broker_name = random_pet.this.id - engine_type = "RabbitMQ" - engine_version = "3.12.13" - host_instance_type = "mq.t3.micro" - security_groups = [module.vpc.default_security_group_id] - subnet_ids = slice(module.vpc.public_subnets, 0, 1) - - user { - username = random_pet.this.id - password = random_password.this.result - } -} - -resource "aws_secretsmanager_secret" "this" { - name = "${random_pet.this.id}-mq-credentials" -} - -resource "aws_secretsmanager_secret_version" "this" { - secret_id = aws_secretsmanager_secret.this.id - secret_string = jsonencode({ - username = random_pet.this.id - password = random_password.this.result - }) -} +# provider "aws" { +# region = "eu-west-1" + +# # Make it faster by skipping something + +# skip_metadata_api_check = true +# skip_region_validation = true +# skip_credentials_validation = true +# } + +# data "aws_availability_zones" "available" {} + +# data "aws_organizations_organization" "this" {} + +# locals { +# vpc_cidr = "10.0.0.0/16" +# azs = slice(data.aws_availability_zones.available.names, 0, 3) +# } + +# #################################################### +# # Lambda Function with event source mapping +# #################################################### + +# module "lambda_function" { +# source = "../../" + +# function_name = "${random_pet.this.id}-lambda-event-source-mapping" +# handler = "index.lambda_handler" +# runtime = "python3.12" + +# source_path = "${path.module}/../fixtures/python-app1/index.py" + +# event_source_mapping = { +# sqs = { +# event_source_arn = aws_sqs_queue.this.arn +# function_response_types = ["ReportBatchItemFailures"] +# scaling_config = { +# maximum_concurrency = 20 +# } +# metrics_config = { +# metrics = ["EventCount"] +# } +# } +# dynamodb = { +# event_source_arn = aws_dynamodb_table.this.stream_arn +# starting_position = "LATEST" +# destination_arn_on_failure = aws_sqs_queue.failure.arn +# filter_criteria = [ +# { +# pattern = jsonencode({ +# eventName : ["INSERT"] +# }) +# }, +# { +# pattern = jsonencode({ +# data : { +# Temperature : [{ numeric : [">", 0, "<=", 100] }] +# Location : ["Oslo"] +# } +# }) +# } +# ] +# } +# kinesis = { +# event_source_arn = aws_kinesis_stream.this.arn +# starting_position = "LATEST" +# filter_criteria = { +# pattern = jsonencode({ +# data : { +# Temperature : [{ numeric : [">", 0, "<=", 100] }] +# Location : ["Oslo"] +# } +# }) +# } +# } +# mq = { +# event_source_arn = aws_mq_broker.this.arn +# queues = ["my-queue"] +# source_access_configuration = [ +# { +# type = "BASIC_AUTH" +# uri = aws_secretsmanager_secret.this.arn +# }, +# { +# type = "VIRTUAL_HOST" +# uri = "/" +# } +# ] +# tags = { mapping = "amq" } +# } +# # self_managed_kafka = { +# # batch_size = 1 +# # starting_position = "TRIM_HORIZON" +# # topics = ["topic1", "topic2"] +# # self_managed_event_source = [ +# # { +# # endpoints = { +# # KAFKA_BOOTSTRAP_SERVERS = "kafka1.example.com:9092,kafka2.example.com:9092" +# # } +# # } +# # ] +# # self_managed_kafka_event_source_config = [ +# # { +# # consumer_group_id = "example-consumer-group" +# # } +# # ] +# # source_access_configuration = [ +# # { +# # type = "SASL_SCRAM_512_AUTH", +# # uri = "SECRET_AUTH_INFO" +# # }, +# # { +# # type = "VPC_SECURITY_GROUP", +# # uri = "security_group:sg-12345678" +# # }, +# # { +# # type = "VPC_SUBNET" +# # uri = "subnet:subnet-12345678" +# # } +# # ] +# # } +# } + +# allowed_triggers = { +# config = { +# principal = "config.amazonaws.com" +# principal_org_id = data.aws_organizations_organization.this.id +# } +# sqs = { +# principal = "sqs.amazonaws.com" +# source_arn = aws_sqs_queue.this.arn +# } +# dynamodb = { +# principal = "dynamodb.amazonaws.com" +# source_arn = aws_dynamodb_table.this.stream_arn +# } +# kinesis = { +# principal = "kinesis.amazonaws.com" +# source_arn = aws_kinesis_stream.this.arn +# } +# mq = { +# principal = "mq.amazonaws.com" +# source_arn = aws_mq_broker.this.arn +# } +# } + +# create_current_version_allowed_triggers = false + +# attach_network_policy = true + +# attach_policy_statements = true +# policy_statements = { +# # Allow failures to be sent to SQS queue +# sqs_failure = { +# effect = "Allow", +# actions = ["sqs:SendMessage"], +# resources = [aws_sqs_queue.failure.arn] +# }, +# # Execution role permissions to read records from an Amazon MQ broker +# # https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#events-mq-permissions +# mq_event_source = { +# effect = "Allow", +# actions = ["ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs"], +# resources = ["*"] +# }, +# mq_describe_broker = { +# effect = "Allow", +# actions = ["mq:DescribeBroker"], +# resources = [aws_mq_broker.this.arn] +# }, +# secrets_manager_get_value = { +# effect = "Allow", +# actions = ["secretsmanager:GetSecretValue"], +# resources = [aws_secretsmanager_secret.this.arn] +# } +# } + +# attach_policies = true +# number_of_policies = 3 + +# policies = [ +# "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole", +# "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole", +# "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole", +# ] + +# tags = { +# example = "event-source-mapping" +# } +# } + +# ################## +# # Extra resources +# ################## + +# # Shared resources +# resource "random_pet" "this" { +# length = 2 +# } + +# resource "random_password" "this" { +# length = 40 +# special = false +# } + +# # SQS +# resource "aws_sqs_queue" "this" { +# name = random_pet.this.id +# } + +# resource "aws_sqs_queue" "failure" { +# name = "${random_pet.this.id}-failure" +# } + +# # DynamoDB +# resource "aws_dynamodb_table" "this" { +# name = random_pet.this.id +# billing_mode = "PAY_PER_REQUEST" +# hash_key = "UserId" +# range_key = "GameTitle" +# stream_view_type = "NEW_AND_OLD_IMAGES" +# stream_enabled = true + +# attribute { +# name = "UserId" +# type = "S" +# } + +# attribute { +# name = "GameTitle" +# type = "S" +# } +# } + +# # Kinesis +# resource "aws_kinesis_stream" "this" { +# name = random_pet.this.id +# shard_count = 1 +# } + +# # Amazon MQ +# module "vpc" { +# source = "terraform-aws-modules/vpc/aws" +# version = "~> 5.0" + +# name = random_pet.this.id +# cidr = local.vpc_cidr + +# azs = local.azs +# public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] + +# enable_nat_gateway = false +# } + +# resource "aws_mq_broker" "this" { +# broker_name = random_pet.this.id +# engine_type = "RabbitMQ" +# engine_version = "3.12.13" +# host_instance_type = "mq.t3.micro" +# security_groups = [module.vpc.default_security_group_id] +# subnet_ids = slice(module.vpc.public_subnets, 0, 1) + +# user { +# username = random_pet.this.id +# password = random_password.this.result +# } +# } + +# resource "aws_secretsmanager_secret" "this" { +# name = "${random_pet.this.id}-mq-credentials" +# } + +# resource "aws_secretsmanager_secret_version" "this" { +# secret_id = aws_secretsmanager_secret.this.id +# secret_string = jsonencode({ +# username = random_pet.this.id +# password = random_password.this.result +# }) +# } diff --git a/examples/event-source-mapping/outputs.tf b/examples/event-source-mapping/outputs.tf index 764a91c5..067e264f 100644 --- a/examples/event-source-mapping/outputs.tf +++ b/examples/event-source-mapping/outputs.tf @@ -1,76 +1,76 @@ -# Lambda Function -output "lambda_function_arn" { - description = "The ARN of the Lambda Function" - value = module.lambda_function.lambda_function_arn -} +# # Lambda Function +# output "lambda_function_arn" { +# description = "The ARN of the Lambda Function" +# value = module.lambda_function.lambda_function_arn +# } -output "lambda_function_arn_static" { - description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" - value = module.lambda_function.lambda_function_arn_static -} +# output "lambda_function_arn_static" { +# description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" +# value = module.lambda_function.lambda_function_arn_static +# } -output "lambda_function_invoke_arn" { - description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function.lambda_function_invoke_arn -} +# output "lambda_function_invoke_arn" { +# description = "The Invoke ARN of the Lambda Function" +# value = module.lambda_function.lambda_function_invoke_arn +# } -output "lambda_function_name" { - description = "The name of the Lambda Function" - value = module.lambda_function.lambda_function_name -} +# output "lambda_function_name" { +# description = "The name of the Lambda Function" +# value = module.lambda_function.lambda_function_name +# } -output "lambda_function_qualified_arn" { - description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function.lambda_function_qualified_arn -} +# output "lambda_function_qualified_arn" { +# description = "The ARN identifying your Lambda Function Version" +# value = module.lambda_function.lambda_function_qualified_arn +# } -output "lambda_function_version" { - description = "Latest published version of Lambda Function" - value = module.lambda_function.lambda_function_version -} +# output "lambda_function_version" { +# description = "Latest published version of Lambda Function" +# value = module.lambda_function.lambda_function_version +# } -output "lambda_function_last_modified" { - description = "The date Lambda Function resource was last modified" - value = module.lambda_function.lambda_function_last_modified -} +# output "lambda_function_last_modified" { +# description = "The date Lambda Function resource was last modified" +# value = module.lambda_function.lambda_function_last_modified +# } -output "lambda_function_kms_key_arn" { - description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function.lambda_function_kms_key_arn -} +# output "lambda_function_kms_key_arn" { +# description = "The ARN for the KMS encryption key of Lambda Function" +# value = module.lambda_function.lambda_function_kms_key_arn +# } -output "lambda_function_source_code_hash" { - description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function.lambda_function_source_code_hash -} +# output "lambda_function_source_code_hash" { +# description = "Base64-encoded representation of raw SHA-256 sum of the zip file" +# value = module.lambda_function.lambda_function_source_code_hash +# } -output "lambda_function_source_code_size" { - description = "The size in bytes of the function .zip file" - value = module.lambda_function.lambda_function_source_code_size -} +# output "lambda_function_source_code_size" { +# description = "The size in bytes of the function .zip file" +# value = module.lambda_function.lambda_function_source_code_size +# } -# Lambda Event Source Mapping -output "lambda_event_source_mapping_function_arn" { - description = "The the ARN of the Lambda function the event source mapping is sending events to" - value = module.lambda_function.lambda_event_source_mapping_function_arn -} +# # Lambda Event Source Mapping +# output "lambda_event_source_mapping_function_arn" { +# description = "The the ARN of the Lambda function the event source mapping is sending events to" +# value = module.lambda_function.lambda_event_source_mapping_function_arn +# } -output "lambda_event_source_mapping_state" { - description = "The state of the event source mapping" - value = module.lambda_function.lambda_event_source_mapping_state -} +# output "lambda_event_source_mapping_state" { +# description = "The state of the event source mapping" +# value = module.lambda_function.lambda_event_source_mapping_state +# } -output "lambda_event_source_mapping_state_transition_reason" { - description = "The reason the event source mapping is in its current state" - value = module.lambda_function.lambda_event_source_mapping_state_transition_reason -} +# output "lambda_event_source_mapping_state_transition_reason" { +# description = "The reason the event source mapping is in its current state" +# value = module.lambda_function.lambda_event_source_mapping_state_transition_reason +# } -output "lambda_event_source_mapping_uuid" { - description = "The UUID of the created event source mapping" - value = module.lambda_function.lambda_event_source_mapping_uuid -} +# output "lambda_event_source_mapping_uuid" { +# description = "The UUID of the created event source mapping" +# value = module.lambda_function.lambda_event_source_mapping_uuid +# } -output "lambda_event_source_mapping_arn" { - description = "The event source mapping ARN" - value = module.lambda_function.lambda_event_source_mapping_arn -} +# output "lambda_event_source_mapping_arn" { +# description = "The event source mapping ARN" +# value = module.lambda_function.lambda_event_source_mapping_arn +# } diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 7c09e0b0..f712da63 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -26,26 +26,15 @@ Note that this example may create resources which cost money. Run `terraform des ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.79 | -| [aws.us-east-1](#provider\_aws.us-east-1) | >= 5.79 | -| [random](#provider\_random) | >= 2.0 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | -| [lambda\_function\_another\_region](#module\_lambda\_function\_another\_region) | ../../ | n/a | +No modules. ## Resources -| Name | Type | -|------|------| -| [aws_sqs_queue.dlq](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | -| [aws_sqs_queue.dlq_us_east_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +No resources. ## Inputs @@ -53,26 +42,5 @@ No inputs. ## Outputs -| Name | Description | -|------|-------------| -| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | -| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | -| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | -| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | -| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | -| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | -| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | -| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | -| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +No outputs. diff --git a/examples/multiple-regions/main.tf b/examples/multiple-regions/main.tf index d30e1c2a..ab2550ba 100644 --- a/examples/multiple-regions/main.tf +++ b/examples/multiple-regions/main.tf @@ -1,219 +1,219 @@ -provider "aws" { - region = "eu-west-1" - - # Make it faster by skipping something - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true -} - -provider "aws" { - region = "us-east-1" - alias = "us-east-1" - - # Make it faster by skipping something - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true -} - -################################ -# Lambda Function in one region -################################ - -module "lambda_function" { - source = "../../" - - function_name = "${random_pet.this.id}-lambda1" - description = "My awesome lambda function" - handler = "index.lambda_handler" - runtime = "python3.12" - publish = true - - source_path = "${path.module}/../fixtures/python-app1" - - attach_dead_letter_policy = true - dead_letter_target_arn = aws_sqs_queue.dlq.arn - - ###################### - # Additional policies - ###################### - - attach_policy_json = true - policy_json = < [aws](#provider\_aws) | >= 5.79 | -| [http](#provider\_http) | >= 3.0 | -| [random](#provider\_random) | >= 3.0 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [go\_lambda\_function](#module\_go\_lambda\_function) | ../../ | n/a | -| [java21\_lambda\_function](#module\_java21\_lambda\_function) | ../../ | n/a | -| [rust\_lambda\_function](#module\_rust\_lambda\_function) | ../../ | n/a | +No modules. ## Resources -| Name | Type | -|------|------| -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | -| [aws_lambda_invocation.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_invocation) | data source | -| [http_http.this](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | +No resources. ## Inputs @@ -58,11 +46,5 @@ No inputs. ## Outputs -| Name | Description | -|------|-------------| -| [go\_lambda\_function\_url](#output\_go\_lambda\_function\_url) | The URL of the Lambda Function in Go | -| [java21\_lambda\_function\_arn](#output\_java21\_lambda\_function\_arn) | The ARN of the Lambda Function in Java 21 | -| [lambda\_function\_result](#output\_lambda\_function\_result) | The results of the Lambda Function calls | -| [lambda\_function\_status\_codes](#output\_lambda\_function\_status\_codes) | The status codes of the Lambda Function calls | -| [rust\_lambda\_function\_url](#output\_rust\_lambda\_function\_url) | The URL of the Lambda Function in Rust | +No outputs. diff --git a/examples/runtimes/checks.tf b/examples/runtimes/checks.tf index cbf0f2b8..2065826f 100644 --- a/examples/runtimes/checks.tf +++ b/examples/runtimes/checks.tf @@ -1,37 +1,37 @@ -locals { - successful_response_keyword = "serverless.tf" -} +# locals { +# successful_response_keyword = "serverless.tf" +# } -data "http" "this" { - for_each = { - rust = module.rust_lambda_function.lambda_function_url, - go = module.go_lambda_function.lambda_function_url, - } +# data "http" "this" { +# for_each = { +# rust = module.rust_lambda_function.lambda_function_url, +# go = module.go_lambda_function.lambda_function_url, +# } - url = each.value +# url = each.value - lifecycle { - postcondition { - condition = length(regexall(local.successful_response_keyword, self.response_body)) > 0 - error_message = "${each.key}: ${local.successful_response_keyword} should be in the response." - } - } -} +# lifecycle { +# postcondition { +# condition = length(regexall(local.successful_response_keyword, self.response_body)) > 0 +# error_message = "${each.key}: ${local.successful_response_keyword} should be in the response." +# } +# } +# } -# I don't know how to make Java21 example to work with Lambda Function URL, so using Lambda Function invocation instead -data "aws_lambda_invocation" "this" { - for_each = { - java21 = module.java21_lambda_function.lambda_function_name, - } +# # I don't know how to make Java21 example to work with Lambda Function URL, so using Lambda Function invocation instead +# data "aws_lambda_invocation" "this" { +# for_each = { +# java21 = module.java21_lambda_function.lambda_function_name, +# } - function_name = each.value +# function_name = each.value - input = jsonencode({}) +# input = jsonencode({}) - lifecycle { - postcondition { - condition = length(regexall(local.successful_response_keyword, jsondecode(self.result))) > 0 - error_message = "${each.key}: ${local.successful_response_keyword} should be in the response." - } - } -} +# lifecycle { +# postcondition { +# condition = length(regexall(local.successful_response_keyword, jsondecode(self.result))) > 0 +# error_message = "${each.key}: ${local.successful_response_keyword} should be in the response." +# } +# } +# } diff --git a/examples/runtimes/main.tf b/examples/runtimes/main.tf index b9bd61a9..27e281fa 100644 --- a/examples/runtimes/main.tf +++ b/examples/runtimes/main.tf @@ -1,98 +1,98 @@ -provider "aws" { - region = "eu-west-1" -} - -module "rust_lambda_function" { - source = "../../" - - function_name = "${random_pet.this.id}-rust" - - attach_cloudwatch_logs_policy = false - cloudwatch_logs_retention_in_days = 1 - - create_lambda_function_url = true - - handler = "bootstrap" - runtime = "provided.al2023" - architectures = ["arm64"] # x86_64 (empty); arm64 (cargo lambda build --arm64) - - trigger_on_package_timestamp = false - - source_path = [ - { - path = "${path.module}/../fixtures/runtimes/rust" - commands = [ - # https://www.cargo-lambda.info/ - "cargo lambda build --release --arm64", - "cd target/lambda/rust-app1", - ":zip", - ] - patterns = [ - "!.*", - "bootstrap", - ] - } - ] -} - -module "go_lambda_function" { - source = "../../" - - function_name = "${random_pet.this.id}-go" - - attach_cloudwatch_logs_policy = false - cloudwatch_logs_retention_in_days = 1 - - create_lambda_function_url = true - - handler = "bootstrap" - runtime = "provided.al2023" - architectures = ["arm64"] # x86_64 (GOARCH=amd64); arm64 (GOARCH=arm64) - - trigger_on_package_timestamp = false - - source_path = [ - { - path = "${path.module}/../fixtures/runtimes/go" - commands = [ - "GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -o bootstrap main.go", - ":zip", - ] - patterns = [ - "!.*", - "bootstrap", - ] - } - ] -} - -module "java21_lambda_function" { - source = "../../" - - function_name = "${random_pet.this.id}-java21" - - attach_cloudwatch_logs_policy = false - cloudwatch_logs_retention_in_days = 1 - - handler = "example.Handler" - runtime = "java21" - architectures = ["arm64"] # x86_64 or arm64 - timeout = 30 - - trigger_on_package_timestamp = false - - source_path = [ - { - path = "${path.module}/../fixtures/runtimes/java21" - commands = [ - "gradle build -i", - "cd build/output", - ":zip", - ] - } - ] -} - -resource "random_pet" "this" { - length = 2 -} +# provider "aws" { +# region = "eu-west-1" +# } + +# module "rust_lambda_function" { +# source = "../../" + +# function_name = "${random_pet.this.id}-rust" + +# attach_cloudwatch_logs_policy = false +# cloudwatch_logs_retention_in_days = 1 + +# create_lambda_function_url = true + +# handler = "bootstrap" +# runtime = "provided.al2023" +# architectures = ["arm64"] # x86_64 (empty); arm64 (cargo lambda build --arm64) + +# trigger_on_package_timestamp = false + +# source_path = [ +# { +# path = "${path.module}/../fixtures/runtimes/rust" +# commands = [ +# # https://www.cargo-lambda.info/ +# "cargo lambda build --release --arm64", +# "cd target/lambda/rust-app1", +# ":zip", +# ] +# patterns = [ +# "!.*", +# "bootstrap", +# ] +# } +# ] +# } + +# module "go_lambda_function" { +# source = "../../" + +# function_name = "${random_pet.this.id}-go" + +# attach_cloudwatch_logs_policy = false +# cloudwatch_logs_retention_in_days = 1 + +# create_lambda_function_url = true + +# handler = "bootstrap" +# runtime = "provided.al2023" +# architectures = ["arm64"] # x86_64 (GOARCH=amd64); arm64 (GOARCH=arm64) + +# trigger_on_package_timestamp = false + +# source_path = [ +# { +# path = "${path.module}/../fixtures/runtimes/go" +# commands = [ +# "GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -o bootstrap main.go", +# ":zip", +# ] +# patterns = [ +# "!.*", +# "bootstrap", +# ] +# } +# ] +# } + +# module "java21_lambda_function" { +# source = "../../" + +# function_name = "${random_pet.this.id}-java21" + +# attach_cloudwatch_logs_policy = false +# cloudwatch_logs_retention_in_days = 1 + +# handler = "example.Handler" +# runtime = "java21" +# architectures = ["arm64"] # x86_64 or arm64 +# timeout = 30 + +# trigger_on_package_timestamp = false + +# source_path = [ +# { +# path = "${path.module}/../fixtures/runtimes/java21" +# commands = [ +# "gradle build -i", +# "cd build/output", +# ":zip", +# ] +# } +# ] +# } + +# resource "random_pet" "this" { +# length = 2 +# } diff --git a/examples/runtimes/outputs.tf b/examples/runtimes/outputs.tf index 9c12c1d6..5cfc1232 100644 --- a/examples/runtimes/outputs.tf +++ b/examples/runtimes/outputs.tf @@ -1,24 +1,24 @@ -output "rust_lambda_function_url" { - description = "The URL of the Lambda Function in Rust" - value = module.rust_lambda_function.lambda_function_url -} +# output "rust_lambda_function_url" { +# description = "The URL of the Lambda Function in Rust" +# value = module.rust_lambda_function.lambda_function_url +# } -output "go_lambda_function_url" { - description = "The URL of the Lambda Function in Go" - value = module.go_lambda_function.lambda_function_url -} +# output "go_lambda_function_url" { +# description = "The URL of the Lambda Function in Go" +# value = module.go_lambda_function.lambda_function_url +# } -output "java21_lambda_function_arn" { - description = "The ARN of the Lambda Function in Java 21" - value = module.java21_lambda_function.lambda_function_arn -} +# output "java21_lambda_function_arn" { +# description = "The ARN of the Lambda Function in Java 21" +# value = module.java21_lambda_function.lambda_function_arn +# } -output "lambda_function_result" { - description = "The results of the Lambda Function calls" - value = { for k, v in data.aws_lambda_invocation.this : k => jsondecode(v.result) } -} +# output "lambda_function_result" { +# description = "The results of the Lambda Function calls" +# value = { for k, v in data.aws_lambda_invocation.this : k => jsondecode(v.result) } +# } -output "lambda_function_status_codes" { - description = "The status codes of the Lambda Function calls" - value = { for k, v in data.http.this : k => v.status_code } -} +# output "lambda_function_status_codes" { +# description = "The status codes of the Lambda Function calls" +# value = { for k, v in data.http.this : k => v.status_code } +# } diff --git a/examples/simple-cicd/README.md b/examples/simple-cicd/README.md index 2edb2e51..46c5d19a 100644 --- a/examples/simple-cicd/README.md +++ b/examples/simple-cicd/README.md @@ -27,21 +27,15 @@ Note that this example may create resources which cost money. Run `terraform des ## Providers -| Name | Version | -|------|---------| -| [random](#provider\_random) | >= 2.0 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | +No modules. ## Resources -| Name | Type | -|------|------| -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +No resources. ## Inputs diff --git a/examples/simple-cicd/main.tf b/examples/simple-cicd/main.tf index deefc9aa..a7fb2956 100644 --- a/examples/simple-cicd/main.tf +++ b/examples/simple-cicd/main.tf @@ -1,25 +1,25 @@ -provider "aws" { - region = "eu-west-1" +# provider "aws" { +# region = "eu-west-1" - # Make it faster by skipping something - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true -} +# # Make it faster by skipping something +# skip_metadata_api_check = true +# skip_region_validation = true +# skip_credentials_validation = true +# } -resource "random_pet" "this" { - length = 2 -} +# resource "random_pet" "this" { +# length = 2 +# } -module "lambda_function" { - source = "../../" +# module "lambda_function" { +# source = "../../" - function_name = "${random_pet.this.id}-lambda-simple" - handler = "index.lambda_handler" - runtime = "python3.12" +# function_name = "${random_pet.this.id}-lambda-simple" +# handler = "index.lambda_handler" +# runtime = "python3.12" - source_path = [ - "${path.module}/src/python-app1", - ] - trigger_on_package_timestamp = false -} +# source_path = [ +# "${path.module}/src/python-app1", +# ] +# trigger_on_package_timestamp = false +# } diff --git a/examples/simple/README.md b/examples/simple/README.md index bee54ded..c70d3be0 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -25,21 +25,15 @@ Note that this example may create resources which cost money. Run `terraform des ## Providers -| Name | Version | -|------|---------| -| [random](#provider\_random) | >= 2.0 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | +No modules. ## Resources -| Name | Type | -|------|------| -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +No resources. ## Inputs @@ -47,26 +41,5 @@ No inputs. ## Outputs -| Name | Description | -|------|-------------| -| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | -| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | -| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | -| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | -| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | -| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | -| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | -| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | -| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +No outputs. diff --git a/examples/simple/main.tf b/examples/simple/main.tf index 20c51910..22f7bce6 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -1,332 +1,332 @@ -provider "aws" { - region = "eu-west-1" - # region = "us-east-1" +# provider "aws" { +# region = "eu-west-1" +# # region = "us-east-1" - # Make it faster by skipping something - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true -} +# # Make it faster by skipping something +# skip_metadata_api_check = true +# skip_region_validation = true +# skip_credentials_validation = true +# } -resource "random_pet" "this" { - length = 2 -} +# resource "random_pet" "this" { +# length = 2 +# } -#module "lambda_at_edge" { -# source = "../../" -# -# function_name = "${random_pet.this.id}-lambda-edge" -# handler = "index.lambda_handler" -# runtime = "python3.12" -# lambda_at_edge = true -# -# attach_cloudwatch_logs_policy = true -# -# source_path = "${path.module}/../fixtures/python-app1/" -#} +# #module "lambda_at_edge" { +# # source = "../../" +# # +# # function_name = "${random_pet.this.id}-lambda-edge" +# # handler = "index.lambda_handler" +# # runtime = "python3.12" +# # lambda_at_edge = true +# # +# # attach_cloudwatch_logs_policy = true +# # +# # source_path = "${path.module}/../fixtures/python-app1/" +# #} -#resource "aws_cloudwatch_log_group" "this" { -# name = "/aws/lambda/us-east-1.${random_pet.this.id}-lambda-simple" -#} +# #resource "aws_cloudwatch_log_group" "this" { +# # name = "/aws/lambda/us-east-1.${random_pet.this.id}-lambda-simple" +# #} -module "lambda_function" { - source = "../../" +# module "lambda_function" { +# source = "../../" - publish = true +# publish = true - function_name = "${random_pet.this.id}-lambda-simple" - handler = "index.lambda_handler" - runtime = "python3.12" +# function_name = "${random_pet.this.id}-lambda-simple" +# handler = "index.lambda_handler" +# runtime = "python3.12" - # role_maximum_session_duration = 7200 +# # role_maximum_session_duration = 7200 - # attach_cloudwatch_logs_policy = false +# # attach_cloudwatch_logs_policy = false - # use_existing_cloudwatch_log_group = true +# # use_existing_cloudwatch_log_group = true - # lambda_at_edge = true +# # lambda_at_edge = true - # independent_file_timestamps = true +# # independent_file_timestamps = true - # store_on_s3 = true - # s3_bucket = module.s3_bucket.s3_bucket_id +# # store_on_s3 = true +# # s3_bucket = module.s3_bucket.s3_bucket_id - # create_package = false - # local_existing_package = data.null_data_source.downloaded_package.outputs["filename"] +# # create_package = false +# # local_existing_package = data.null_data_source.downloaded_package.outputs["filename"] - # snap_start = true +# # snap_start = true - # policy_json = < [aws](#provider\_aws) | >= 5.79 | -| [random](#provider\_random) | >= 2.0 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | +No modules. ## Resources -| Name | Type | -|------|------| -| [aws_cloudwatch_event_rule.scan_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource | -| [aws_cloudwatch_event_target.scan_ami_lambda_function](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource | -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +No resources. ## Inputs @@ -51,26 +42,5 @@ No inputs. ## Outputs -| Name | Description | -|------|-------------| -| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | -| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | -| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | -| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | -| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | -| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | -| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | -| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | -| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +No outputs. diff --git a/examples/triggers/main.tf b/examples/triggers/main.tf index 8317a81a..8955243f 100644 --- a/examples/triggers/main.tf +++ b/examples/triggers/main.tf @@ -1,63 +1,63 @@ -provider "aws" { - region = "eu-west-1" - - # Make it faster by skipping something - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true -} - -########################################## -# Lambda Function (with various triggers) -########################################## - -module "lambda_function" { - source = "../../" - - function_name = "${random_pet.this.id}-lambda-triggers" - description = "My awesome lambda function" - handler = "index.lambda_handler" - runtime = "python3.12" - publish = true - - create_package = false - local_existing_package = "${path.module}/../fixtures/python-zip/existing_package.zip" - - allowed_triggers = { - ScanAmiRule = { - principal = "events.amazonaws.com" - source_arn = aws_cloudwatch_event_rule.scan_ami.arn - } - } -} - -################## -# Extra resources -################## - -resource "random_pet" "this" { - length = 2 -} - -################################## -# Cloudwatch Events (EventBridge) -################################## -resource "aws_cloudwatch_event_rule" "scan_ami" { - name = "EC2CreateImageEvent" - description = "EC2 Create Image Event..." - event_pattern = < [aws](#provider\_aws) | >= 5.79 | -| [random](#provider\_random) | >= 2.0 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [lambda\_function\_with\_efs](#module\_lambda\_function\_with\_efs) | ../../ | n/a | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | +No modules. ## Resources -| Name | Type | -|------|------| -| [aws_efs_access_point.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_access_point) | resource | -| [aws_efs_file_system.shared](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system) | resource | -| [aws_efs_mount_target.alpha](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_mount_target) | resource | -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +No resources. ## Inputs @@ -53,26 +42,5 @@ No inputs. ## Outputs -| Name | Description | -|------|-------------| -| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | -| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | -| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | -| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | -| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | -| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | -| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | -| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | -| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +No outputs. diff --git a/examples/with-efs/main.tf b/examples/with-efs/main.tf index 90a0abed..3b288586 100644 --- a/examples/with-efs/main.tf +++ b/examples/with-efs/main.tf @@ -1,84 +1,84 @@ -provider "aws" { - region = "eu-west-1" - - # Make it faster by skipping something - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true -} - -resource "random_pet" "this" { - length = 2 -} - -module "lambda_function_with_efs" { - source = "../../" - - function_name = "${random_pet.this.id}-lambda-in-vpc" - description = "My awesome lambda function" - handler = "index.lambda_handler" - runtime = "python3.12" - - source_path = "${path.module}/../fixtures/python-app1" - - vpc_subnet_ids = module.vpc.intra_subnets - vpc_security_group_ids = [module.vpc.default_security_group_id] - attach_network_policy = true - - ###################### - # Elastic File System - ###################### - - file_system_arn = aws_efs_access_point.lambda.arn - file_system_local_mount_path = "/mnt/shared-storage" - - # Explicitly declare dependency on EFS mount target. - # When creating or updating Lambda functions, mount target must be in 'available' lifecycle state. - # Note: depends_on on modules became available in Terraform 0.13 - depends_on = [aws_efs_mount_target.alpha] -} - -###### -# VPC -###### - -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "~> 5.0" - - name = random_pet.this.id - cidr = "10.10.0.0/16" - - azs = ["eu-west-1a"] - intra_subnets = ["10.10.101.0/24"] -} - -###### -# EFS -###### - -resource "aws_efs_file_system" "shared" {} - -resource "aws_efs_mount_target" "alpha" { - file_system_id = aws_efs_file_system.shared.id - subnet_id = module.vpc.intra_subnets[0] - security_groups = [module.vpc.default_security_group_id] -} - -resource "aws_efs_access_point" "lambda" { - file_system_id = aws_efs_file_system.shared.id - - posix_user { - gid = 1000 - uid = 1000 - } - - root_directory { - path = "/lambda" - creation_info { - owner_gid = 1000 - owner_uid = 1000 - permissions = "0777" - } - } -} +# provider "aws" { +# region = "eu-west-1" + +# # Make it faster by skipping something +# skip_metadata_api_check = true +# skip_region_validation = true +# skip_credentials_validation = true +# } + +# resource "random_pet" "this" { +# length = 2 +# } + +# module "lambda_function_with_efs" { +# source = "../../" + +# function_name = "${random_pet.this.id}-lambda-in-vpc" +# description = "My awesome lambda function" +# handler = "index.lambda_handler" +# runtime = "python3.12" + +# source_path = "${path.module}/../fixtures/python-app1" + +# vpc_subnet_ids = module.vpc.intra_subnets +# vpc_security_group_ids = [module.vpc.default_security_group_id] +# attach_network_policy = true + +# ###################### +# # Elastic File System +# ###################### + +# file_system_arn = aws_efs_access_point.lambda.arn +# file_system_local_mount_path = "/mnt/shared-storage" + +# # Explicitly declare dependency on EFS mount target. +# # When creating or updating Lambda functions, mount target must be in 'available' lifecycle state. +# # Note: depends_on on modules became available in Terraform 0.13 +# depends_on = [aws_efs_mount_target.alpha] +# } + +# ###### +# # VPC +# ###### + +# module "vpc" { +# source = "terraform-aws-modules/vpc/aws" +# version = "~> 5.0" + +# name = random_pet.this.id +# cidr = "10.10.0.0/16" + +# azs = ["eu-west-1a"] +# intra_subnets = ["10.10.101.0/24"] +# } + +# ###### +# # EFS +# ###### + +# resource "aws_efs_file_system" "shared" {} + +# resource "aws_efs_mount_target" "alpha" { +# file_system_id = aws_efs_file_system.shared.id +# subnet_id = module.vpc.intra_subnets[0] +# security_groups = [module.vpc.default_security_group_id] +# } + +# resource "aws_efs_access_point" "lambda" { +# file_system_id = aws_efs_file_system.shared.id + +# posix_user { +# gid = 1000 +# uid = 1000 +# } + +# root_directory { +# path = "/lambda" +# creation_info { +# owner_gid = 1000 +# owner_uid = 1000 +# permissions = "0777" +# } +# } +# } diff --git a/examples/with-efs/outputs.tf b/examples/with-efs/outputs.tf index 9b554a5a..08a5b343 100644 --- a/examples/with-efs/outputs.tf +++ b/examples/with-efs/outputs.tf @@ -1,104 +1,104 @@ -# Lambda Function -output "lambda_function_arn" { - description = "The ARN of the Lambda Function" - value = module.lambda_function_with_efs.lambda_function_arn -} - -output "lambda_function_arn_static" { - description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" - value = module.lambda_function_with_efs.lambda_function_arn_static -} - -output "lambda_function_invoke_arn" { - description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function_with_efs.lambda_function_invoke_arn -} - -output "lambda_function_name" { - description = "The name of the Lambda Function" - value = module.lambda_function_with_efs.lambda_function_name -} - -output "lambda_function_qualified_arn" { - description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function_with_efs.lambda_function_qualified_arn -} - -output "lambda_function_version" { - description = "Latest published version of Lambda Function" - value = module.lambda_function_with_efs.lambda_function_version -} - -output "lambda_function_last_modified" { - description = "The date Lambda Function resource was last modified" - value = module.lambda_function_with_efs.lambda_function_last_modified -} - -output "lambda_function_kms_key_arn" { - description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function_with_efs.lambda_function_kms_key_arn -} - -output "lambda_function_source_code_hash" { - description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function_with_efs.lambda_function_source_code_hash -} - -output "lambda_function_source_code_size" { - description = "The size in bytes of the function .zip file" - value = module.lambda_function_with_efs.lambda_function_source_code_size -} - -# Lambda Layer -output "lambda_layer_arn" { - description = "The ARN of the Lambda Layer with version" - value = module.lambda_function_with_efs.lambda_layer_arn -} - -output "lambda_layer_layer_arn" { - description = "The ARN of the Lambda Layer without version" - value = module.lambda_function_with_efs.lambda_layer_layer_arn -} - -output "lambda_layer_created_date" { - description = "The date Lambda Layer resource was created" - value = module.lambda_function_with_efs.lambda_layer_created_date -} - -output "lambda_layer_source_code_size" { - description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function_with_efs.lambda_layer_source_code_size -} - -output "lambda_layer_version" { - description = "The Lambda Layer version" - value = module.lambda_function_with_efs.lambda_layer_version -} - -# IAM Role -output "lambda_role_arn" { - description = "The ARN of the IAM role created for the Lambda Function" - value = module.lambda_function_with_efs.lambda_role_arn -} - -output "lambda_role_name" { - description = "The name of the IAM role created for the Lambda Function" - value = module.lambda_function_with_efs.lambda_role_name -} - -# CloudWatch Log Group -output "lambda_cloudwatch_log_group_arn" { - description = "The ARN of the Cloudwatch Log Group" - value = module.lambda_function_with_efs.lambda_cloudwatch_log_group_arn -} - -# Deployment package -output "local_filename" { - description = "The filename of zip archive deployed (if deployment was from local)" - value = module.lambda_function_with_efs.local_filename -} - -output "s3_object" { - description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" - value = module.lambda_function_with_efs.s3_object -} +# # Lambda Function +# output "lambda_function_arn" { +# description = "The ARN of the Lambda Function" +# value = module.lambda_function_with_efs.lambda_function_arn +# } + +# output "lambda_function_arn_static" { +# description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" +# value = module.lambda_function_with_efs.lambda_function_arn_static +# } + +# output "lambda_function_invoke_arn" { +# description = "The Invoke ARN of the Lambda Function" +# value = module.lambda_function_with_efs.lambda_function_invoke_arn +# } + +# output "lambda_function_name" { +# description = "The name of the Lambda Function" +# value = module.lambda_function_with_efs.lambda_function_name +# } + +# output "lambda_function_qualified_arn" { +# description = "The ARN identifying your Lambda Function Version" +# value = module.lambda_function_with_efs.lambda_function_qualified_arn +# } + +# output "lambda_function_version" { +# description = "Latest published version of Lambda Function" +# value = module.lambda_function_with_efs.lambda_function_version +# } + +# output "lambda_function_last_modified" { +# description = "The date Lambda Function resource was last modified" +# value = module.lambda_function_with_efs.lambda_function_last_modified +# } + +# output "lambda_function_kms_key_arn" { +# description = "The ARN for the KMS encryption key of Lambda Function" +# value = module.lambda_function_with_efs.lambda_function_kms_key_arn +# } + +# output "lambda_function_source_code_hash" { +# description = "Base64-encoded representation of raw SHA-256 sum of the zip file" +# value = module.lambda_function_with_efs.lambda_function_source_code_hash +# } + +# output "lambda_function_source_code_size" { +# description = "The size in bytes of the function .zip file" +# value = module.lambda_function_with_efs.lambda_function_source_code_size +# } + +# # Lambda Layer +# output "lambda_layer_arn" { +# description = "The ARN of the Lambda Layer with version" +# value = module.lambda_function_with_efs.lambda_layer_arn +# } + +# output "lambda_layer_layer_arn" { +# description = "The ARN of the Lambda Layer without version" +# value = module.lambda_function_with_efs.lambda_layer_layer_arn +# } + +# output "lambda_layer_created_date" { +# description = "The date Lambda Layer resource was created" +# value = module.lambda_function_with_efs.lambda_layer_created_date +# } + +# output "lambda_layer_source_code_size" { +# description = "The size in bytes of the Lambda Layer .zip file" +# value = module.lambda_function_with_efs.lambda_layer_source_code_size +# } + +# output "lambda_layer_version" { +# description = "The Lambda Layer version" +# value = module.lambda_function_with_efs.lambda_layer_version +# } + +# # IAM Role +# output "lambda_role_arn" { +# description = "The ARN of the IAM role created for the Lambda Function" +# value = module.lambda_function_with_efs.lambda_role_arn +# } + +# output "lambda_role_name" { +# description = "The name of the IAM role created for the Lambda Function" +# value = module.lambda_function_with_efs.lambda_role_name +# } + +# # CloudWatch Log Group +# output "lambda_cloudwatch_log_group_arn" { +# description = "The ARN of the Cloudwatch Log Group" +# value = module.lambda_function_with_efs.lambda_cloudwatch_log_group_arn +# } + +# # Deployment package +# output "local_filename" { +# description = "The filename of zip archive deployed (if deployment was from local)" +# value = module.lambda_function_with_efs.local_filename +# } + +# output "s3_object" { +# description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" +# value = module.lambda_function_with_efs.s3_object +# } diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index 60a93661..773c418d 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -27,31 +27,15 @@ Note that this example may create resources which cost money. Run `terraform des ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.79 | -| [random](#provider\_random) | >= 3.4 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.0 | -| [lambda\_s3\_write](#module\_lambda\_s3\_write) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | -| [security\_group\_lambda](#module\_security\_group\_lambda) | terraform-aws-modules/security-group/aws | ~> 4.0 | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | -| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | ~> 5.0 | +No modules. ## Resources -| Name | Type | -|------|------| -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | -| [aws_ec2_managed_prefix_list.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_managed_prefix_list) | data source | -| [aws_iam_policy_document.bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.endpoint](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +No resources. ## Inputs @@ -59,26 +43,5 @@ No inputs. ## Outputs -| Name | Description | -|------|-------------| -| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | -| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | -| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | -| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | -| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | -| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | -| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | -| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | -| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +No outputs. diff --git a/examples/with-vpc-s3-endpoint/main.tf b/examples/with-vpc-s3-endpoint/main.tf index 50faeb21..441e807d 100644 --- a/examples/with-vpc-s3-endpoint/main.tf +++ b/examples/with-vpc-s3-endpoint/main.tf @@ -1,227 +1,227 @@ -provider "aws" { - region = "eu-west-1" - - # Make it faster by skipping something - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true -} - -data "aws_region" "current" {} - -################################################################################ -# Lambda Module -################################################################################ - -module "lambda_s3_write" { - source = "../../" - - description = "Lambda demonstrating writes to an S3 bucket from within a VPC without Internet access" - - function_name = random_pet.this.id - handler = "index.lambda_handler" - runtime = "python3.12" - - source_path = "${path.module}/../fixtures/python-app2" - - environment_variables = { - BUCKET_NAME = module.s3_bucket.s3_bucket_id - REGION_NAME = data.aws_region.current.name - } - - # Let the module create a role for us - create_role = true - attach_cloudwatch_logs_policy = true - attach_network_policy = true - - # There's no need to attach any extra permission for S3 writes as that's added by the bucket policy when a session is created - # See https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html - - vpc_security_group_ids = [module.security_group_lambda.security_group_id] - vpc_subnet_ids = module.vpc.intra_subnets - - tags = { - Module = "lambda_s3_write" - } -} - -################################################################################ -# Extra Resources -################################################################################ - -resource "random_pet" "this" { - length = 2 -} - -data "aws_ec2_managed_prefix_list" "this" { - name = "com.amazonaws.${data.aws_region.current.name}.s3" -} - -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "~> 5.0" - - name = random_pet.this.id - cidr = "10.0.0.0/16" - - azs = ["${data.aws_region.current.name}a", "${data.aws_region.current.name}b", "${data.aws_region.current.name}c"] - - # Intra subnets are designed to have no Internet access via NAT Gateway. - intra_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] - - intra_dedicated_network_acl = true - intra_inbound_acl_rules = concat( - # NACL rule for local traffic - [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "10.0.0.0/16" - }, - ], - # NACL rules for the response traffic from addresses in the AWS S3 prefix list - [for k, v in zipmap( - range(length(data.aws_ec2_managed_prefix_list.this.entries[*].cidr)), - data.aws_ec2_managed_prefix_list.this.entries[*].cidr - ) : - { - rule_number = 200 + k - rule_action = "allow" - from_port = 1024 - to_port = 65535 - protocol = "tcp" - cidr_block = v - } - ] - ) -} - -module "vpc_endpoints" { - source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints" - version = "~> 5.0" - - vpc_id = module.vpc.vpc_id - - endpoints = { - s3 = { - service = "s3" - service_type = "Gateway" - route_table_ids = module.vpc.intra_route_table_ids - policy = data.aws_iam_policy_document.endpoint.json - } - } -} - -data "aws_iam_policy_document" "endpoint" { - statement { - sid = "RestrictBucketAccessToIAMRole" - - principals { - type = "AWS" - identifiers = ["*"] - } - - actions = [ - "s3:PutObject", - ] - - resources = [ - "${module.s3_bucket.s3_bucket_arn}/*", - ] - - # See https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html#edit-vpc-endpoint-policy-s3 - condition { - test = "ArnEquals" - variable = "aws:PrincipalArn" - values = [module.lambda_s3_write.lambda_role_arn] - } - } -} - -module "kms" { - source = "terraform-aws-modules/kms/aws" - version = "~> 1.0" - - description = "S3 encryption key" - - # Grants - grants = { - lambda = { - grantee_principal = module.lambda_s3_write.lambda_role_arn - operations = [ - "GenerateDataKey", - ] - } - } -} - -module "s3_bucket" { - source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 3.0" - - bucket_prefix = "${random_pet.this.id}-" - force_destroy = true - - # S3 bucket-level Public Access Block configuration - block_public_acls = true - block_public_policy = true - ignore_public_acls = true - restrict_public_buckets = true - - versioning = { - enabled = true - } - - # Bucket policy - attach_policy = true - policy = data.aws_iam_policy_document.bucket.json - - server_side_encryption_configuration = { - rule = { - apply_server_side_encryption_by_default = { - kms_master_key_id = module.kms.key_id - sse_algorithm = "aws:kms" - } - } - } -} - -data "aws_iam_policy_document" "bucket" { - statement { - sid = "RestrictBucketAccessToIAMRole" - - principals { - type = "AWS" - identifiers = [module.lambda_s3_write.lambda_role_arn] - } - - actions = [ - "s3:PutObject", - ] - - resources = [ - "${module.s3_bucket.s3_bucket_arn}/*", - ] - } -} - -module "security_group_lambda" { - source = "terraform-aws-modules/security-group/aws" - version = "~> 4.0" - - name = random_pet.this.id - description = "Security Group for Lambda Egress" - - vpc_id = module.vpc.vpc_id - - egress_cidr_blocks = [] - egress_ipv6_cidr_blocks = [] - - # Prefix list ids to use in all egress rules in this module - egress_prefix_list_ids = [module.vpc_endpoints.endpoints["s3"]["prefix_list_id"]] - - egress_rules = ["https-443-tcp"] -} +# provider "aws" { +# region = "eu-west-1" + +# # Make it faster by skipping something +# skip_metadata_api_check = true +# skip_region_validation = true +# skip_credentials_validation = true +# } + +# data "aws_region" "current" {} + +# ################################################################################ +# # Lambda Module +# ################################################################################ + +# module "lambda_s3_write" { +# source = "../../" + +# description = "Lambda demonstrating writes to an S3 bucket from within a VPC without Internet access" + +# function_name = random_pet.this.id +# handler = "index.lambda_handler" +# runtime = "python3.12" + +# source_path = "${path.module}/../fixtures/python-app2" + +# environment_variables = { +# BUCKET_NAME = module.s3_bucket.s3_bucket_id +# REGION_NAME = data.aws_region.current.name +# } + +# # Let the module create a role for us +# create_role = true +# attach_cloudwatch_logs_policy = true +# attach_network_policy = true + +# # There's no need to attach any extra permission for S3 writes as that's added by the bucket policy when a session is created +# # See https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html + +# vpc_security_group_ids = [module.security_group_lambda.security_group_id] +# vpc_subnet_ids = module.vpc.intra_subnets + +# tags = { +# Module = "lambda_s3_write" +# } +# } + +# ################################################################################ +# # Extra Resources +# ################################################################################ + +# resource "random_pet" "this" { +# length = 2 +# } + +# data "aws_ec2_managed_prefix_list" "this" { +# name = "com.amazonaws.${data.aws_region.current.name}.s3" +# } + +# module "vpc" { +# source = "terraform-aws-modules/vpc/aws" +# version = "~> 5.0" + +# name = random_pet.this.id +# cidr = "10.0.0.0/16" + +# azs = ["${data.aws_region.current.name}a", "${data.aws_region.current.name}b", "${data.aws_region.current.name}c"] + +# # Intra subnets are designed to have no Internet access via NAT Gateway. +# intra_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] + +# intra_dedicated_network_acl = true +# intra_inbound_acl_rules = concat( +# # NACL rule for local traffic +# [ +# { +# rule_number = 100 +# rule_action = "allow" +# from_port = 0 +# to_port = 0 +# protocol = "-1" +# cidr_block = "10.0.0.0/16" +# }, +# ], +# # NACL rules for the response traffic from addresses in the AWS S3 prefix list +# [for k, v in zipmap( +# range(length(data.aws_ec2_managed_prefix_list.this.entries[*].cidr)), +# data.aws_ec2_managed_prefix_list.this.entries[*].cidr +# ) : +# { +# rule_number = 200 + k +# rule_action = "allow" +# from_port = 1024 +# to_port = 65535 +# protocol = "tcp" +# cidr_block = v +# } +# ] +# ) +# } + +# module "vpc_endpoints" { +# source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints" +# version = "~> 5.0" + +# vpc_id = module.vpc.vpc_id + +# endpoints = { +# s3 = { +# service = "s3" +# service_type = "Gateway" +# route_table_ids = module.vpc.intra_route_table_ids +# policy = data.aws_iam_policy_document.endpoint.json +# } +# } +# } + +# data "aws_iam_policy_document" "endpoint" { +# statement { +# sid = "RestrictBucketAccessToIAMRole" + +# principals { +# type = "AWS" +# identifiers = ["*"] +# } + +# actions = [ +# "s3:PutObject", +# ] + +# resources = [ +# "${module.s3_bucket.s3_bucket_arn}/*", +# ] + +# # See https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html#edit-vpc-endpoint-policy-s3 +# condition { +# test = "ArnEquals" +# variable = "aws:PrincipalArn" +# values = [module.lambda_s3_write.lambda_role_arn] +# } +# } +# } + +# module "kms" { +# source = "terraform-aws-modules/kms/aws" +# version = "~> 1.0" + +# description = "S3 encryption key" + +# # Grants +# grants = { +# lambda = { +# grantee_principal = module.lambda_s3_write.lambda_role_arn +# operations = [ +# "GenerateDataKey", +# ] +# } +# } +# } + +# module "s3_bucket" { +# source = "terraform-aws-modules/s3-bucket/aws" +# version = "~> 3.0" + +# bucket_prefix = "${random_pet.this.id}-" +# force_destroy = true + +# # S3 bucket-level Public Access Block configuration +# block_public_acls = true +# block_public_policy = true +# ignore_public_acls = true +# restrict_public_buckets = true + +# versioning = { +# enabled = true +# } + +# # Bucket policy +# attach_policy = true +# policy = data.aws_iam_policy_document.bucket.json + +# server_side_encryption_configuration = { +# rule = { +# apply_server_side_encryption_by_default = { +# kms_master_key_id = module.kms.key_id +# sse_algorithm = "aws:kms" +# } +# } +# } +# } + +# data "aws_iam_policy_document" "bucket" { +# statement { +# sid = "RestrictBucketAccessToIAMRole" + +# principals { +# type = "AWS" +# identifiers = [module.lambda_s3_write.lambda_role_arn] +# } + +# actions = [ +# "s3:PutObject", +# ] + +# resources = [ +# "${module.s3_bucket.s3_bucket_arn}/*", +# ] +# } +# } + +# module "security_group_lambda" { +# source = "terraform-aws-modules/security-group/aws" +# version = "~> 4.0" + +# name = random_pet.this.id +# description = "Security Group for Lambda Egress" + +# vpc_id = module.vpc.vpc_id + +# egress_cidr_blocks = [] +# egress_ipv6_cidr_blocks = [] + +# # Prefix list ids to use in all egress rules in this module +# egress_prefix_list_ids = [module.vpc_endpoints.endpoints["s3"]["prefix_list_id"]] + +# egress_rules = ["https-443-tcp"] +# } diff --git a/examples/with-vpc-s3-endpoint/outputs.tf b/examples/with-vpc-s3-endpoint/outputs.tf index 7218c63c..c31a0c43 100644 --- a/examples/with-vpc-s3-endpoint/outputs.tf +++ b/examples/with-vpc-s3-endpoint/outputs.tf @@ -1,104 +1,104 @@ -# Lambda Function -output "lambda_function_arn" { - description = "The ARN of the Lambda Function" - value = module.lambda_s3_write.lambda_function_arn -} - -output "lambda_function_arn_static" { - description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" - value = module.lambda_s3_write.lambda_function_arn_static -} - -output "lambda_function_invoke_arn" { - description = "The Invoke ARN of the Lambda Function" - value = module.lambda_s3_write.lambda_function_invoke_arn -} - -output "lambda_function_name" { - description = "The name of the Lambda Function" - value = module.lambda_s3_write.lambda_function_name -} - -output "lambda_function_qualified_arn" { - description = "The ARN identifying your Lambda Function Version" - value = module.lambda_s3_write.lambda_function_qualified_arn -} - -output "lambda_function_version" { - description = "Latest published version of Lambda Function" - value = module.lambda_s3_write.lambda_function_version -} - -output "lambda_function_last_modified" { - description = "The date Lambda Function resource was last modified" - value = module.lambda_s3_write.lambda_function_last_modified -} - -output "lambda_function_kms_key_arn" { - description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_s3_write.lambda_function_kms_key_arn -} - -output "lambda_function_source_code_hash" { - description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_s3_write.lambda_function_source_code_hash -} - -output "lambda_function_source_code_size" { - description = "The size in bytes of the function .zip file" - value = module.lambda_s3_write.lambda_function_source_code_size -} - -# Lambda Layer -output "lambda_layer_arn" { - description = "The ARN of the Lambda Layer with version" - value = module.lambda_s3_write.lambda_layer_arn -} - -output "lambda_layer_layer_arn" { - description = "The ARN of the Lambda Layer without version" - value = module.lambda_s3_write.lambda_layer_layer_arn -} - -output "lambda_layer_created_date" { - description = "The date Lambda Layer resource was created" - value = module.lambda_s3_write.lambda_layer_created_date -} - -output "lambda_layer_source_code_size" { - description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_s3_write.lambda_layer_source_code_size -} - -output "lambda_layer_version" { - description = "The Lambda Layer version" - value = module.lambda_s3_write.lambda_layer_version -} - -# IAM Role -output "lambda_role_arn" { - description = "The ARN of the IAM role created for the Lambda Function" - value = module.lambda_s3_write.lambda_role_arn -} - -output "lambda_role_name" { - description = "The name of the IAM role created for the Lambda Function" - value = module.lambda_s3_write.lambda_role_name -} - -# CloudWatch Log Group -output "lambda_cloudwatch_log_group_arn" { - description = "The ARN of the Cloudwatch Log Group" - value = module.lambda_s3_write.lambda_cloudwatch_log_group_arn -} - -# Deployment package -output "local_filename" { - description = "The filename of zip archive deployed (if deployment was from local)" - value = module.lambda_s3_write.local_filename -} - -output "s3_object" { - description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" - value = module.lambda_s3_write.s3_object -} +# # Lambda Function +# output "lambda_function_arn" { +# description = "The ARN of the Lambda Function" +# value = module.lambda_s3_write.lambda_function_arn +# } + +# output "lambda_function_arn_static" { +# description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" +# value = module.lambda_s3_write.lambda_function_arn_static +# } + +# output "lambda_function_invoke_arn" { +# description = "The Invoke ARN of the Lambda Function" +# value = module.lambda_s3_write.lambda_function_invoke_arn +# } + +# output "lambda_function_name" { +# description = "The name of the Lambda Function" +# value = module.lambda_s3_write.lambda_function_name +# } + +# output "lambda_function_qualified_arn" { +# description = "The ARN identifying your Lambda Function Version" +# value = module.lambda_s3_write.lambda_function_qualified_arn +# } + +# output "lambda_function_version" { +# description = "Latest published version of Lambda Function" +# value = module.lambda_s3_write.lambda_function_version +# } + +# output "lambda_function_last_modified" { +# description = "The date Lambda Function resource was last modified" +# value = module.lambda_s3_write.lambda_function_last_modified +# } + +# output "lambda_function_kms_key_arn" { +# description = "The ARN for the KMS encryption key of Lambda Function" +# value = module.lambda_s3_write.lambda_function_kms_key_arn +# } + +# output "lambda_function_source_code_hash" { +# description = "Base64-encoded representation of raw SHA-256 sum of the zip file" +# value = module.lambda_s3_write.lambda_function_source_code_hash +# } + +# output "lambda_function_source_code_size" { +# description = "The size in bytes of the function .zip file" +# value = module.lambda_s3_write.lambda_function_source_code_size +# } + +# # Lambda Layer +# output "lambda_layer_arn" { +# description = "The ARN of the Lambda Layer with version" +# value = module.lambda_s3_write.lambda_layer_arn +# } + +# output "lambda_layer_layer_arn" { +# description = "The ARN of the Lambda Layer without version" +# value = module.lambda_s3_write.lambda_layer_layer_arn +# } + +# output "lambda_layer_created_date" { +# description = "The date Lambda Layer resource was created" +# value = module.lambda_s3_write.lambda_layer_created_date +# } + +# output "lambda_layer_source_code_size" { +# description = "The size in bytes of the Lambda Layer .zip file" +# value = module.lambda_s3_write.lambda_layer_source_code_size +# } + +# output "lambda_layer_version" { +# description = "The Lambda Layer version" +# value = module.lambda_s3_write.lambda_layer_version +# } + +# # IAM Role +# output "lambda_role_arn" { +# description = "The ARN of the IAM role created for the Lambda Function" +# value = module.lambda_s3_write.lambda_role_arn +# } + +# output "lambda_role_name" { +# description = "The name of the IAM role created for the Lambda Function" +# value = module.lambda_s3_write.lambda_role_name +# } + +# # CloudWatch Log Group +# output "lambda_cloudwatch_log_group_arn" { +# description = "The ARN of the Cloudwatch Log Group" +# value = module.lambda_s3_write.lambda_cloudwatch_log_group_arn +# } + +# # Deployment package +# output "local_filename" { +# description = "The filename of zip archive deployed (if deployment was from local)" +# value = module.lambda_s3_write.local_filename +# } + +# output "s3_object" { +# description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" +# value = module.lambda_s3_write.s3_object +# } diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index a29f0bb3..cc1724bd 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -27,22 +27,15 @@ Note that this example may create resources which cost money. Run `terraform des ## Providers -| Name | Version | -|------|---------| -| [random](#provider\_random) | >= 2.0 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [lambda\_function\_in\_vpc](#module\_lambda\_function\_in\_vpc) | ../../ | n/a | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | +No modules. ## Resources -| Name | Type | -|------|------| -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +No resources. ## Inputs @@ -50,26 +43,5 @@ No inputs. ## Outputs -| Name | Description | -|------|-------------| -| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | -| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | -| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | -| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | -| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | -| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | -| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | -| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | -| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +No outputs. diff --git a/examples/with-vpc/main.tf b/examples/with-vpc/main.tf index d373d724..ded62574 100644 --- a/examples/with-vpc/main.tf +++ b/examples/with-vpc/main.tf @@ -1,44 +1,44 @@ -provider "aws" { - region = "eu-west-1" - - # Make it faster by skipping something - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true -} - -resource "random_pet" "this" { - length = 2 -} - -module "lambda_function_in_vpc" { - source = "../../" - - function_name = "${random_pet.this.id}-lambda-in-vpc" - description = "My awesome lambda function" - handler = "index.lambda_handler" - runtime = "python3.12" - - source_path = "${path.module}/../fixtures/python-app1" - - vpc_subnet_ids = module.vpc.intra_subnets - vpc_security_group_ids = [module.vpc.default_security_group_id] - attach_network_policy = true - replace_security_groups_on_destroy = true - replacement_security_group_ids = [module.vpc.default_security_group_id] -} - -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "~> 5.0" - - name = random_pet.this.id - cidr = "10.10.0.0/16" - - azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] - intra_subnets = ["10.10.101.0/24", "10.10.102.0/24", "10.10.103.0/24"] - - # Add public_subnets and NAT Gateway to allow access to internet from Lambda - # public_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"] - # enable_nat_gateway = true -} +# provider "aws" { +# region = "eu-west-1" + +# # Make it faster by skipping something +# skip_metadata_api_check = true +# skip_region_validation = true +# skip_credentials_validation = true +# } + +# resource "random_pet" "this" { +# length = 2 +# } + +# module "lambda_function_in_vpc" { +# source = "../../" + +# function_name = "${random_pet.this.id}-lambda-in-vpc" +# description = "My awesome lambda function" +# handler = "index.lambda_handler" +# runtime = "python3.12" + +# source_path = "${path.module}/../fixtures/python-app1" + +# vpc_subnet_ids = module.vpc.intra_subnets +# vpc_security_group_ids = [module.vpc.default_security_group_id] +# attach_network_policy = true +# replace_security_groups_on_destroy = true +# replacement_security_group_ids = [module.vpc.default_security_group_id] +# } + +# module "vpc" { +# source = "terraform-aws-modules/vpc/aws" +# version = "~> 5.0" + +# name = random_pet.this.id +# cidr = "10.10.0.0/16" + +# azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] +# intra_subnets = ["10.10.101.0/24", "10.10.102.0/24", "10.10.103.0/24"] + +# # Add public_subnets and NAT Gateway to allow access to internet from Lambda +# # public_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"] +# # enable_nat_gateway = true +# } diff --git a/examples/with-vpc/outputs.tf b/examples/with-vpc/outputs.tf index 546b0192..3347329f 100644 --- a/examples/with-vpc/outputs.tf +++ b/examples/with-vpc/outputs.tf @@ -1,104 +1,104 @@ -# Lambda Function -output "lambda_function_arn" { - description = "The ARN of the Lambda Function" - value = module.lambda_function_in_vpc.lambda_function_arn -} - -output "lambda_function_arn_static" { - description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" - value = module.lambda_function_in_vpc.lambda_function_arn_static -} - -output "lambda_function_invoke_arn" { - description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function_in_vpc.lambda_function_invoke_arn -} - -output "lambda_function_name" { - description = "The name of the Lambda Function" - value = module.lambda_function_in_vpc.lambda_function_name -} - -output "lambda_function_qualified_arn" { - description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function_in_vpc.lambda_function_qualified_arn -} - -output "lambda_function_version" { - description = "Latest published version of Lambda Function" - value = module.lambda_function_in_vpc.lambda_function_version -} - -output "lambda_function_last_modified" { - description = "The date Lambda Function resource was last modified" - value = module.lambda_function_in_vpc.lambda_function_last_modified -} - -output "lambda_function_kms_key_arn" { - description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function_in_vpc.lambda_function_kms_key_arn -} - -output "lambda_function_source_code_hash" { - description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function_in_vpc.lambda_function_source_code_hash -} - -output "lambda_function_source_code_size" { - description = "The size in bytes of the function .zip file" - value = module.lambda_function_in_vpc.lambda_function_source_code_size -} - -# Lambda Layer -output "lambda_layer_arn" { - description = "The ARN of the Lambda Layer with version" - value = module.lambda_function_in_vpc.lambda_layer_arn -} - -output "lambda_layer_layer_arn" { - description = "The ARN of the Lambda Layer without version" - value = module.lambda_function_in_vpc.lambda_layer_layer_arn -} - -output "lambda_layer_created_date" { - description = "The date Lambda Layer resource was created" - value = module.lambda_function_in_vpc.lambda_layer_created_date -} - -output "lambda_layer_source_code_size" { - description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function_in_vpc.lambda_layer_source_code_size -} - -output "lambda_layer_version" { - description = "The Lambda Layer version" - value = module.lambda_function_in_vpc.lambda_layer_version -} - -# IAM Role -output "lambda_role_arn" { - description = "The ARN of the IAM role created for the Lambda Function" - value = module.lambda_function_in_vpc.lambda_role_arn -} - -output "lambda_role_name" { - description = "The name of the IAM role created for the Lambda Function" - value = module.lambda_function_in_vpc.lambda_role_name -} - -# CloudWatch Log Group -output "lambda_cloudwatch_log_group_arn" { - description = "The ARN of the Cloudwatch Log Group" - value = module.lambda_function_in_vpc.lambda_cloudwatch_log_group_arn -} - -# Deployment package -output "local_filename" { - description = "The filename of zip archive deployed (if deployment was from local)" - value = module.lambda_function_in_vpc.local_filename -} - -output "s3_object" { - description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" - value = module.lambda_function_in_vpc.s3_object -} +# # Lambda Function +# output "lambda_function_arn" { +# description = "The ARN of the Lambda Function" +# value = module.lambda_function_in_vpc.lambda_function_arn +# } + +# output "lambda_function_arn_static" { +# description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" +# value = module.lambda_function_in_vpc.lambda_function_arn_static +# } + +# output "lambda_function_invoke_arn" { +# description = "The Invoke ARN of the Lambda Function" +# value = module.lambda_function_in_vpc.lambda_function_invoke_arn +# } + +# output "lambda_function_name" { +# description = "The name of the Lambda Function" +# value = module.lambda_function_in_vpc.lambda_function_name +# } + +# output "lambda_function_qualified_arn" { +# description = "The ARN identifying your Lambda Function Version" +# value = module.lambda_function_in_vpc.lambda_function_qualified_arn +# } + +# output "lambda_function_version" { +# description = "Latest published version of Lambda Function" +# value = module.lambda_function_in_vpc.lambda_function_version +# } + +# output "lambda_function_last_modified" { +# description = "The date Lambda Function resource was last modified" +# value = module.lambda_function_in_vpc.lambda_function_last_modified +# } + +# output "lambda_function_kms_key_arn" { +# description = "The ARN for the KMS encryption key of Lambda Function" +# value = module.lambda_function_in_vpc.lambda_function_kms_key_arn +# } + +# output "lambda_function_source_code_hash" { +# description = "Base64-encoded representation of raw SHA-256 sum of the zip file" +# value = module.lambda_function_in_vpc.lambda_function_source_code_hash +# } + +# output "lambda_function_source_code_size" { +# description = "The size in bytes of the function .zip file" +# value = module.lambda_function_in_vpc.lambda_function_source_code_size +# } + +# # Lambda Layer +# output "lambda_layer_arn" { +# description = "The ARN of the Lambda Layer with version" +# value = module.lambda_function_in_vpc.lambda_layer_arn +# } + +# output "lambda_layer_layer_arn" { +# description = "The ARN of the Lambda Layer without version" +# value = module.lambda_function_in_vpc.lambda_layer_layer_arn +# } + +# output "lambda_layer_created_date" { +# description = "The date Lambda Layer resource was created" +# value = module.lambda_function_in_vpc.lambda_layer_created_date +# } + +# output "lambda_layer_source_code_size" { +# description = "The size in bytes of the Lambda Layer .zip file" +# value = module.lambda_function_in_vpc.lambda_layer_source_code_size +# } + +# output "lambda_layer_version" { +# description = "The Lambda Layer version" +# value = module.lambda_function_in_vpc.lambda_layer_version +# } + +# # IAM Role +# output "lambda_role_arn" { +# description = "The ARN of the IAM role created for the Lambda Function" +# value = module.lambda_function_in_vpc.lambda_role_arn +# } + +# output "lambda_role_name" { +# description = "The name of the IAM role created for the Lambda Function" +# value = module.lambda_function_in_vpc.lambda_role_name +# } + +# # CloudWatch Log Group +# output "lambda_cloudwatch_log_group_arn" { +# description = "The ARN of the Cloudwatch Log Group" +# value = module.lambda_function_in_vpc.lambda_cloudwatch_log_group_arn +# } + +# # Deployment package +# output "local_filename" { +# description = "The filename of zip archive deployed (if deployment was from local)" +# value = module.lambda_function_in_vpc.local_filename +# } + +# output "s3_object" { +# description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" +# value = module.lambda_function_in_vpc.s3_object +# } diff --git a/main.tf b/main.tf index c67f1bbb..4d6ab356 100644 --- a/main.tf +++ b/main.tf @@ -5,19 +5,19 @@ data "aws_caller_identity" "current" {} locals { create = var.create && var.putin_khuylo - archive_filename = try(data.external.archive_prepare[0].result.filename, null) - archive_filename_string = local.archive_filename != null ? local.archive_filename : "" - archive_was_missing = try(data.external.archive_prepare[0].result.was_missing, false) + # archive_filename = try(data.external.archive_prepare[0].result.filename, null) + # archive_filename_string = local.archive_filename != null ? local.archive_filename : "" + # archive_was_missing = try(data.external.archive_prepare[0].result.was_missing, false) # Use a generated filename to determine when the source code has changed. # filename - to get package from local - filename = var.local_existing_package != null ? var.local_existing_package : (var.store_on_s3 ? null : local.archive_filename) - was_missing = var.local_existing_package != null ? !fileexists(var.local_existing_package) : local.archive_was_missing + # filename = var.local_existing_package != null ? var.local_existing_package : (var.store_on_s3 ? null : local.archive_filename) + # was_missing = var.local_existing_package != null ? !fileexists(var.local_existing_package) : local.archive_was_missing # s3_* - to get package from S3 - s3_bucket = var.s3_existing_package != null ? try(var.s3_existing_package.bucket, null) : (var.store_on_s3 ? var.s3_bucket : null) - s3_key = var.s3_existing_package != null ? try(var.s3_existing_package.key, null) : (var.store_on_s3 ? var.s3_prefix != null ? format("%s%s", var.s3_prefix, replace(local.archive_filename_string, "/^.*//", "")) : replace(local.archive_filename_string, "/^\\.//", "") : null) - s3_object_version = var.s3_existing_package != null ? try(var.s3_existing_package.version_id, null) : (var.store_on_s3 ? try(aws_s3_object.lambda_package[0].version_id, null) : null) + # s3_bucket = var.s3_existing_package != null ? try(var.s3_existing_package.bucket, null) : (var.store_on_s3 ? var.s3_bucket : null) + # s3_key = var.s3_existing_package != null ? try(var.s3_existing_package.key, null) : (var.store_on_s3 ? var.s3_prefix != null ? format("%s%s", var.s3_prefix, replace(local.archive_filename_string, "/^.*//", "")) : replace(local.archive_filename_string, "/^\\.//", "") : null) + # s3_object_version = var.s3_existing_package != null ? try(var.s3_existing_package.version_id, null) : (var.store_on_s3 ? try(aws_s3_object.lambda_package[0].version_id, null) : null) } @@ -52,12 +52,12 @@ resource "aws_lambda_function" "this" { } } - filename = local.filename - source_code_hash = var.ignore_source_code_hash ? null : (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null + # filename = local.filename + # source_code_hash = var.ignore_source_code_hash ? null : (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null - s3_bucket = local.s3_bucket - s3_key = local.s3_key - s3_object_version = local.s3_object_version + # s3_bucket = local.s3_bucket + # s3_key = local.s3_key + # s3_object_version = local.s3_object_version dynamic "image_config" { for_each = length(var.image_config_entry_point) > 0 || length(var.image_config_command) > 0 || var.image_config_working_directory != null ? [true] : [] @@ -144,8 +144,8 @@ resource "aws_lambda_function" "this" { ) depends_on = [ - null_resource.archive, - aws_s3_object.lambda_package, + # null_resource.archive, + # aws_s3_object.lambda_package, # Depending on the log group is necessary to allow Terraform to create the log group before AWS can. # When a lambda function is invoked, AWS creates the log group automatically if it doesn't exist yet. @@ -167,53 +167,53 @@ resource "aws_lambda_function" "this" { ] } -resource "aws_lambda_layer_version" "this" { - count = local.create && var.create_layer ? 1 : 0 +# resource "aws_lambda_layer_version" "this" { +# count = local.create && var.create_layer ? 1 : 0 - layer_name = var.layer_name - description = var.description - license_info = var.license_info +# layer_name = var.layer_name +# description = var.description +# license_info = var.license_info - compatible_runtimes = length(var.compatible_runtimes) > 0 ? var.compatible_runtimes : (var.runtime == "" ? null : [var.runtime]) - compatible_architectures = var.compatible_architectures - skip_destroy = var.layer_skip_destroy +# compatible_runtimes = length(var.compatible_runtimes) > 0 ? var.compatible_runtimes : (var.runtime == "" ? null : [var.runtime]) +# compatible_architectures = var.compatible_architectures +# skip_destroy = var.layer_skip_destroy - filename = local.filename - source_code_hash = var.ignore_source_code_hash ? null : (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null +# filename = local.filename +# source_code_hash = var.ignore_source_code_hash ? null : (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null - s3_bucket = local.s3_bucket - s3_key = local.s3_key - s3_object_version = local.s3_object_version +# s3_bucket = local.s3_bucket +# s3_key = local.s3_key +# s3_object_version = local.s3_object_version - depends_on = [null_resource.archive, aws_s3_object.lambda_package] -} +# depends_on = [null_resource.archive, aws_s3_object.lambda_package] +# } -resource "aws_s3_object" "lambda_package" { - count = local.create && var.store_on_s3 && var.create_package ? 1 : 0 +# resource "aws_s3_object" "lambda_package" { +# count = local.create && var.store_on_s3 && var.create_package ? 1 : 0 - bucket = var.s3_bucket - acl = var.s3_acl - key = local.s3_key - source = data.external.archive_prepare[0].result.filename - storage_class = var.s3_object_storage_class +# bucket = var.s3_bucket +# acl = var.s3_acl +# key = local.s3_key +# source = data.external.archive_prepare[0].result.filename +# storage_class = var.s3_object_storage_class - server_side_encryption = var.s3_server_side_encryption - kms_key_id = var.s3_kms_key_id +# server_side_encryption = var.s3_server_side_encryption +# kms_key_id = var.s3_kms_key_id - tags = var.s3_object_tags_only ? var.s3_object_tags : merge(var.tags, var.s3_object_tags) +# tags = var.s3_object_tags_only ? var.s3_object_tags : merge(var.tags, var.s3_object_tags) - dynamic "override_provider" { - for_each = var.s3_object_override_default_tags ? [true] : [] +# dynamic "override_provider" { +# for_each = var.s3_object_override_default_tags ? [true] : [] - content { - default_tags { - tags = {} - } - } - } +# content { +# default_tags { +# tags = {} +# } +# } +# } - depends_on = [null_resource.archive] -} +# depends_on = [null_resource.archive] +# } data "aws_cloudwatch_log_group" "lambda" { count = local.create && var.create_function && !var.create_layer && var.use_existing_cloudwatch_log_group ? 1 : 0 @@ -458,55 +458,55 @@ resource "aws_lambda_function_recursion_config" "this" { # This resource contains the extra information required by SAM CLI to provide the testing capabilities # to the TF application. The required data is where SAM CLI can find the Lambda function source code # and what are the resources that contain the building logic. -resource "null_resource" "sam_metadata_aws_lambda_function" { - count = local.create && var.create_sam_metadata && var.create_package && var.create_function && !var.create_layer ? 1 : 0 +# resource "null_resource" "sam_metadata_aws_lambda_function" { +# count = local.create && var.create_sam_metadata && var.create_package && var.create_function && !var.create_layer ? 1 : 0 - triggers = { - # This is a way to let SAM CLI correlates between the Lambda function resource, and this metadata - # resource - resource_name = "aws_lambda_function.this[0]" - resource_type = "ZIP_LAMBDA_FUNCTION" +# triggers = { +# # This is a way to let SAM CLI correlates between the Lambda function resource, and this metadata +# # resource +# resource_name = "aws_lambda_function.this[0]" +# resource_type = "ZIP_LAMBDA_FUNCTION" - # The Lambda function source code. - original_source_code = jsonencode(var.source_path) +# # The Lambda function source code. +# original_source_code = jsonencode(var.source_path) - # a property to let SAM CLI knows where to find the Lambda function source code if the provided - # value for original_source_code attribute is map. - source_code_property = "path" +# # a property to let SAM CLI knows where to find the Lambda function source code if the provided +# # value for original_source_code attribute is map. +# source_code_property = "path" - # A property to let SAM CLI knows where to find the Lambda function built output - built_output_path = data.external.archive_prepare[0].result.filename - } +# # A property to let SAM CLI knows where to find the Lambda function built output +# built_output_path = data.external.archive_prepare[0].result.filename +# } - # SAM CLI can run terraform apply -target metadata resource, and this will apply the building - # resources as well - depends_on = [data.external.archive_prepare, null_resource.archive] -} +# # SAM CLI can run terraform apply -target metadata resource, and this will apply the building +# # resources as well +# depends_on = [data.external.archive_prepare, null_resource.archive] +# } # This resource contains the extra information required by SAM CLI to provide the testing capabilities # to the TF application. The required data is where SAM CLI can find the Lambda layer source code # and what are the resources that contain the building logic. -resource "null_resource" "sam_metadata_aws_lambda_layer_version" { - count = local.create && var.create_sam_metadata && var.create_package && var.create_layer ? 1 : 0 - - triggers = { - # This is a way to let SAM CLI correlates between the Lambda layer resource, and this metadata - # resource - resource_name = "aws_lambda_layer_version.this[0]" - resource_type = "LAMBDA_LAYER" - - # The Lambda layer source code. - original_source_code = jsonencode(var.source_path) - - # a property to let SAM CLI knows where to find the Lambda layer source code if the provided - # value for original_source_code attribute is map. - source_code_property = "path" - - # A property to let SAM CLI knows where to find the Lambda layer built output - built_output_path = data.external.archive_prepare[0].result.filename - } - - # SAM CLI can run terraform apply -target metadata resource, and this will apply the building - # resources as well - depends_on = [data.external.archive_prepare, null_resource.archive] -} +# resource "null_resource" "sam_metadata_aws_lambda_layer_version" { +# count = local.create && var.create_sam_metadata && var.create_package && var.create_layer ? 1 : 0 + +# triggers = { +# # This is a way to let SAM CLI correlates between the Lambda layer resource, and this metadata +# # resource +# resource_name = "aws_lambda_layer_version.this[0]" +# resource_type = "LAMBDA_LAYER" + +# # The Lambda layer source code. +# original_source_code = jsonencode(var.source_path) + +# # a property to let SAM CLI knows where to find the Lambda layer source code if the provided +# # value for original_source_code attribute is map. +# source_code_property = "path" + +# # A property to let SAM CLI knows where to find the Lambda layer built output +# built_output_path = data.external.archive_prepare[0].result.filename +# } + +# # SAM CLI can run terraform apply -target metadata resource, and this will apply the building +# # resources as well +# depends_on = [data.external.archive_prepare, null_resource.archive] +# } diff --git a/outputs.tf b/outputs.tf index 59197585..a4ee31ab 100644 --- a/outputs.tf +++ b/outputs.tf @@ -76,30 +76,30 @@ output "lambda_function_url_id" { } # Lambda Layer -output "lambda_layer_arn" { - description = "The ARN of the Lambda Layer with version" - value = try(aws_lambda_layer_version.this[0].arn, "") -} - -output "lambda_layer_layer_arn" { - description = "The ARN of the Lambda Layer without version" - value = try(aws_lambda_layer_version.this[0].layer_arn, "") -} - -output "lambda_layer_created_date" { - description = "The date Lambda Layer resource was created" - value = try(aws_lambda_layer_version.this[0].created_date, "") -} - -output "lambda_layer_source_code_size" { - description = "The size in bytes of the Lambda Layer .zip file" - value = try(aws_lambda_layer_version.this[0].source_code_size, "") -} - -output "lambda_layer_version" { - description = "The Lambda Layer version" - value = try(aws_lambda_layer_version.this[0].version, "") -} +# output "lambda_layer_arn" { +# description = "The ARN of the Lambda Layer with version" +# value = try(aws_lambda_layer_version.this[0].arn, "") +# } + +# output "lambda_layer_layer_arn" { +# description = "The ARN of the Lambda Layer without version" +# value = try(aws_lambda_layer_version.this[0].layer_arn, "") +# } + +# output "lambda_layer_created_date" { +# description = "The date Lambda Layer resource was created" +# value = try(aws_lambda_layer_version.this[0].created_date, "") +# } + +# output "lambda_layer_source_code_size" { +# description = "The size in bytes of the Lambda Layer .zip file" +# value = try(aws_lambda_layer_version.this[0].source_code_size, "") +# } + +# output "lambda_layer_version" { +# description = "The Lambda Layer version" +# value = try(aws_lambda_layer_version.this[0].version, "") +# } # Lambda Event Source Mapping output "lambda_event_source_mapping_arn" { @@ -155,20 +155,20 @@ output "lambda_cloudwatch_log_group_name" { } # Deployment package -output "local_filename" { - description = "The filename of zip archive deployed (if deployment was from local)" - value = local.filename - - depends_on = [ - null_resource.archive, - ] -} - -output "s3_object" { - description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" - value = { - bucket = local.s3_bucket - key = local.s3_key - version_id = local.s3_object_version - } -} +# output "local_filename" { +# description = "The filename of zip archive deployed (if deployment was from local)" +# value = local.filename + +# depends_on = [ +# null_resource.archive, +# ] +# } + +# output "s3_object" { +# description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" +# value = { +# bucket = local.s3_bucket +# key = local.s3_key +# version_id = local.s3_object_version +# } +# } diff --git a/package.tf b/package.tf index 34322514..c283732a 100644 --- a/package.tf +++ b/package.tf @@ -1,76 +1,76 @@ -locals { - python = (substr(pathexpand("~"), 0, 1) == "/") ? "python3" : "python.exe" -} +# locals { +# python = (substr(pathexpand("~"), 0, 1) == "/") ? "python3" : "python.exe" +# } -# Generates a filename for the zip archive based on the content of the files -# in source_path. The filename will change when the source code changes. -data "external" "archive_prepare" { - count = var.create && var.create_package ? 1 : 0 +# # Generates a filename for the zip archive based on the content of the files +# # in source_path. The filename will change when the source code changes. +# data "external" "archive_prepare" { +# count = var.create && var.create_package ? 1 : 0 - program = [local.python, "${path.module}/package.py", "prepare"] +# program = [local.python, "${path.module}/package.py", "prepare"] - query = { - paths = jsonencode({ - module = path.module - root = path.root - cwd = path.cwd - }) +# query = { +# paths = jsonencode({ +# module = path.module +# root = path.root +# cwd = path.cwd +# }) - docker = var.build_in_docker ? jsonencode({ - docker_pip_cache = var.docker_pip_cache - docker_build_root = var.docker_build_root - docker_file = var.docker_file - docker_image = var.docker_image - with_ssh_agent = var.docker_with_ssh_agent - docker_additional_options = var.docker_additional_options - docker_entrypoint = var.docker_entrypoint - }) : null +# docker = var.build_in_docker ? jsonencode({ +# docker_pip_cache = var.docker_pip_cache +# docker_build_root = var.docker_build_root +# docker_file = var.docker_file +# docker_image = var.docker_image +# with_ssh_agent = var.docker_with_ssh_agent +# docker_additional_options = var.docker_additional_options +# docker_entrypoint = var.docker_entrypoint +# }) : null - artifacts_dir = var.artifacts_dir - runtime = var.runtime - source_path = jsonencode(var.source_path) - hash_extra = var.hash_extra - hash_extra_paths = jsonencode( - [ - # Temporary fix when building from multiple locations - # We should take into account content of package.py when counting hash - # Related issue: https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/63 - # "${path.module}/package.py" - ] - ) +# artifacts_dir = var.artifacts_dir +# runtime = var.runtime +# source_path = jsonencode(var.source_path) +# hash_extra = var.hash_extra +# hash_extra_paths = jsonencode( +# [ +# # Temporary fix when building from multiple locations +# # We should take into account content of package.py when counting hash +# # Related issue: https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/63 +# # "${path.module}/package.py" +# ] +# ) - recreate_missing_package = var.recreate_missing_package - } -} +# recreate_missing_package = var.recreate_missing_package +# } +# } -# This transitive resource used as a bridge between a state stored -# in a Terraform plan and a call of a build command on the apply stage -# to transfer a noticeable amount of data -resource "local_file" "archive_plan" { - count = var.create && var.create_package ? 1 : 0 +# # This transitive resource used as a bridge between a state stored +# # in a Terraform plan and a call of a build command on the apply stage +# # to transfer a noticeable amount of data +# resource "local_file" "archive_plan" { +# count = var.create && var.create_package ? 1 : 0 - content = data.external.archive_prepare[0].result.build_plan - filename = data.external.archive_prepare[0].result.build_plan_filename - directory_permission = "0755" - file_permission = "0644" -} +# content = data.external.archive_prepare[0].result.build_plan +# filename = data.external.archive_prepare[0].result.build_plan_filename +# directory_permission = "0755" +# file_permission = "0644" +# } -# Build the zip archive whenever the filename changes. -resource "null_resource" "archive" { - count = var.create && var.create_package ? 1 : 0 +# # Build the zip archive whenever the filename changes. +# resource "null_resource" "archive" { +# count = var.create && var.create_package ? 1 : 0 - triggers = { - filename = data.external.archive_prepare[0].result.filename - timestamp = var.trigger_on_package_timestamp ? data.external.archive_prepare[0].result.timestamp : null - } +# triggers = { +# filename = data.external.archive_prepare[0].result.filename +# timestamp = var.trigger_on_package_timestamp ? data.external.archive_prepare[0].result.timestamp : null +# } - provisioner "local-exec" { - interpreter = [ - local.python, "${path.module}/package.py", "build", - "--timestamp", data.external.archive_prepare[0].result.timestamp - ] - command = data.external.archive_prepare[0].result.build_plan_filename - } +# provisioner "local-exec" { +# interpreter = [ +# local.python, "${path.module}/package.py", "build", +# "--timestamp", data.external.archive_prepare[0].result.timestamp +# ] +# command = data.external.archive_prepare[0].result.build_plan_filename +# } - depends_on = [local_file.archive_plan] -} +# depends_on = [local_file.archive_plan] +# } diff --git a/variables.tf b/variables.tf index c71f68ae..dbabe2c8 100644 --- a/variables.tf +++ b/variables.tf @@ -4,11 +4,11 @@ variable "create" { default = true } -variable "create_package" { - description = "Controls whether Lambda package should be created" - type = bool - default = true -} +# variable "create_package" { +# description = "Controls whether Lambda package should be created" +# type = bool +# default = true +# } variable "create_function" { description = "Controls whether Lambda Function resource should be created" @@ -34,11 +34,11 @@ variable "create_lambda_function_url" { default = false } -variable "create_sam_metadata" { - description = "Controls whether the SAM metadata null resource should be created" - type = bool - default = false -} +# variable "create_sam_metadata" { +# description = "Controls whether the SAM metadata null resource should be created" +# type = bool +# default = false +# } variable "putin_khuylo" { description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!" @@ -200,17 +200,17 @@ variable "function_tags" { default = {} } -variable "s3_object_tags" { - description = "A map of tags to assign to S3 bucket object." - type = map(string) - default = {} -} +# variable "s3_object_tags" { +# description = "A map of tags to assign to S3 bucket object." +# type = map(string) +# default = {} +# } -variable "s3_object_tags_only" { - description = "Set to true to not merge tags with s3_object_tags. Useful to avoid breaching S3 Object 10 tag limit." - type = bool - default = false -} +# variable "s3_object_tags_only" { +# description = "Set to true to not merge tags with s3_object_tags. Useful to avoid breaching S3 Object 10 tag limit." +# type = bool +# default = false +# } variable "package_type" { description = "The Lambda deployment package type. Valid options: Zip or Image" @@ -300,45 +300,45 @@ variable "invoke_mode" { default = null } -variable "s3_object_override_default_tags" { - description = "Whether to override the default_tags from provider? NB: S3 objects support a maximum of 10 tags." - type = bool - default = false -} +# variable "s3_object_override_default_tags" { +# description = "Whether to override the default_tags from provider? NB: S3 objects support a maximum of 10 tags." +# type = bool +# default = false +# } ######## # Layer ######## -variable "layer_name" { - description = "Name of Lambda Layer to create" - type = string - default = "" -} - -variable "layer_skip_destroy" { - description = "Whether to retain the old version of a previously deployed Lambda Layer." - type = bool - default = false -} - -variable "license_info" { - description = "License info for your Lambda Layer. Eg, MIT or full url of a license." - type = string - default = "" -} - -variable "compatible_runtimes" { - description = "A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified." - type = list(string) - default = [] -} - -variable "compatible_architectures" { - description = "A list of Architectures Lambda layer is compatible with. Currently x86_64 and arm64 can be specified." - type = list(string) - default = null -} +# variable "layer_name" { +# description = "Name of Lambda Layer to create" +# type = string +# default = "" +# } + +# variable "layer_skip_destroy" { +# description = "Whether to retain the old version of a previously deployed Lambda Layer." +# type = bool +# default = false +# } + +# variable "license_info" { +# description = "License info for your Lambda Layer. Eg, MIT or full url of a license." +# type = string +# default = "" +# } + +# variable "compatible_runtimes" { +# description = "A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified." +# type = list(string) +# default = [] +# } + +# variable "compatible_architectures" { +# description = "A list of Architectures Lambda layer is compatible with. Currently x86_64 and arm64 can be specified." +# type = list(string) +# default = null +# } ############################ # Lambda Async Event Config @@ -668,143 +668,143 @@ variable "file_system_local_mount_path" { # Build artifact settings ########################## -variable "artifacts_dir" { - description = "Directory name where artifacts should be stored" - type = string - default = "builds" -} - -variable "s3_prefix" { - description = "Directory name where artifacts should be stored in the S3 bucket. If unset, the path from `artifacts_dir` is used" - type = string - default = null -} - -variable "ignore_source_code_hash" { - description = "Whether to ignore changes to the function's source code hash. Set to true if you manage infrastructure and code deployments separately." - type = bool - default = false -} - -variable "local_existing_package" { - description = "The absolute path to an existing zip-file to use" - type = string - default = null -} - -variable "s3_existing_package" { - description = "The S3 bucket object with keys bucket, key, version pointing to an existing zip-file to use" - type = map(string) - default = null -} - -variable "store_on_s3" { - description = "Whether to store produced artifacts on S3 or locally." - type = bool - default = false -} - -variable "s3_object_storage_class" { - description = "Specifies the desired Storage Class for the artifact uploaded to S3. Can be either STANDARD, REDUCED_REDUNDANCY, ONEZONE_IA, INTELLIGENT_TIERING, or STANDARD_IA." - type = string - default = "ONEZONE_IA" # Cheaper than STANDARD and it is enough for Lambda deployments -} - -variable "s3_bucket" { - description = "S3 bucket to store artifacts" - type = string - default = null -} - -variable "s3_acl" { - description = "The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, and bucket-owner-full-control. Defaults to private." - type = string - default = "private" -} - -variable "s3_server_side_encryption" { - description = "Specifies server-side encryption of the object in S3. Valid values are \"AES256\" and \"aws:kms\"." - type = string - default = null -} - -variable "s3_kms_key_id" { - description = "Specifies a custom KMS key to use for S3 object encryption." - type = string - default = null -} - -variable "source_path" { - description = "The absolute path to a local file or directory containing your Lambda source code" - type = any # string | list(string | map(any)) - default = null -} - -variable "hash_extra" { - description = "The string to add into hashing function. Useful when building same source path for different functions." - type = string - default = "" -} - -variable "build_in_docker" { - description = "Whether to build dependencies in Docker" - type = bool - default = false -} - -variable "docker_file" { - description = "Path to a Dockerfile when building in Docker" - type = string - default = "" -} - -variable "docker_build_root" { - description = "Root dir where to build in Docker" - type = string - default = "" -} - -variable "docker_image" { - description = "Docker image to use for the build" - type = string - default = "" -} - -variable "docker_with_ssh_agent" { - description = "Whether to pass SSH_AUTH_SOCK into docker environment or not" - type = bool - default = false -} - -variable "docker_pip_cache" { - description = "Whether to mount a shared pip cache folder into docker environment or not" - type = any - default = null -} - -variable "docker_additional_options" { - description = "Additional options to pass to the docker run command (e.g. to set environment variables, volumes, etc.)" - type = list(string) - default = [] -} - -variable "docker_entrypoint" { - description = "Path to the Docker entrypoint to use" - type = string - default = null -} - -variable "recreate_missing_package" { - description = "Whether to recreate missing Lambda package if it is missing locally or not" - type = bool - default = true -} - -variable "trigger_on_package_timestamp" { - description = "Whether to recreate the Lambda package if the timestamp changes" - type = bool - default = true -} +# variable "artifacts_dir" { +# description = "Directory name where artifacts should be stored" +# type = string +# default = "builds" +# } + +# variable "s3_prefix" { +# description = "Directory name where artifacts should be stored in the S3 bucket. If unset, the path from `artifacts_dir` is used" +# type = string +# default = null +# } + +# variable "ignore_source_code_hash" { +# description = "Whether to ignore changes to the function's source code hash. Set to true if you manage infrastructure and code deployments separately." +# type = bool +# default = false +# } + +# variable "local_existing_package" { +# description = "The absolute path to an existing zip-file to use" +# type = string +# default = null +# } + +# variable "s3_existing_package" { +# description = "The S3 bucket object with keys bucket, key, version pointing to an existing zip-file to use" +# type = map(string) +# default = null +# } + +# variable "store_on_s3" { +# description = "Whether to store produced artifacts on S3 or locally." +# type = bool +# default = false +# } + +# variable "s3_object_storage_class" { +# description = "Specifies the desired Storage Class for the artifact uploaded to S3. Can be either STANDARD, REDUCED_REDUNDANCY, ONEZONE_IA, INTELLIGENT_TIERING, or STANDARD_IA." +# type = string +# default = "ONEZONE_IA" # Cheaper than STANDARD and it is enough for Lambda deployments +# } + +# variable "s3_bucket" { +# description = "S3 bucket to store artifacts" +# type = string +# default = null +# } + +# variable "s3_acl" { +# description = "The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, and bucket-owner-full-control. Defaults to private." +# type = string +# default = "private" +# } + +# variable "s3_server_side_encryption" { +# description = "Specifies server-side encryption of the object in S3. Valid values are \"AES256\" and \"aws:kms\"." +# type = string +# default = null +# } + +# variable "s3_kms_key_id" { +# description = "Specifies a custom KMS key to use for S3 object encryption." +# type = string +# default = null +# } + +# variable "source_path" { +# description = "The absolute path to a local file or directory containing your Lambda source code" +# type = any # string | list(string | map(any)) +# default = null +# } + +# variable "hash_extra" { +# description = "The string to add into hashing function. Useful when building same source path for different functions." +# type = string +# default = "" +# } + +# variable "build_in_docker" { +# description = "Whether to build dependencies in Docker" +# type = bool +# default = false +# } + +# variable "docker_file" { +# description = "Path to a Dockerfile when building in Docker" +# type = string +# default = "" +# } + +# variable "docker_build_root" { +# description = "Root dir where to build in Docker" +# type = string +# default = "" +# } + +# variable "docker_image" { +# description = "Docker image to use for the build" +# type = string +# default = "" +# } + +# variable "docker_with_ssh_agent" { +# description = "Whether to pass SSH_AUTH_SOCK into docker environment or not" +# type = bool +# default = false +# } + +# variable "docker_pip_cache" { +# description = "Whether to mount a shared pip cache folder into docker environment or not" +# type = any +# default = null +# } + +# variable "docker_additional_options" { +# description = "Additional options to pass to the docker run command (e.g. to set environment variables, volumes, etc.)" +# type = list(string) +# default = [] +# } + +# variable "docker_entrypoint" { +# description = "Path to the Docker entrypoint to use" +# type = string +# default = null +# } + +# variable "recreate_missing_package" { +# description = "Whether to recreate missing Lambda package if it is missing locally or not" +# type = bool +# default = true +# } + +# variable "trigger_on_package_timestamp" { +# description = "Whether to recreate the Lambda package if the timestamp changes" +# type = bool +# default = true +# } ############################################ # Lambda Advanced Logging Settings diff --git a/versions.tf b/versions.tf index bf462c65..92cc6b76 100644 --- a/versions.tf +++ b/versions.tf @@ -6,17 +6,17 @@ terraform { source = "hashicorp/aws" version = ">= 5.79" } - external = { - source = "hashicorp/external" - version = ">= 1.0" - } - local = { - source = "hashicorp/local" - version = ">= 1.0" - } - null = { - source = "hashicorp/null" - version = ">= 2.0" - } + # external = { + # source = "hashicorp/external" + # version = ">= 1.0" + # } + # local = { + # source = "hashicorp/local" + # version = ">= 1.0" + # } + # null = { + # source = "hashicorp/null" + # version = ">= 2.0" + # } } } diff --git a/wrappers/main.tf b/wrappers/main.tf index 1092b4d3..6028a239 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -5,7 +5,6 @@ module "wrapper" { allowed_triggers = try(each.value.allowed_triggers, var.defaults.allowed_triggers, {}) architectures = try(each.value.architectures, var.defaults.architectures, null) - artifacts_dir = try(each.value.artifacts_dir, var.defaults.artifacts_dir, "builds") assume_role_policy_statements = try(each.value.assume_role_policy_statements, var.defaults.assume_role_policy_statements, {}) attach_async_event_policy = try(each.value.attach_async_event_policy, var.defaults.attach_async_event_policy, false) attach_cloudwatch_logs_policy = try(each.value.attach_cloudwatch_logs_policy, var.defaults.attach_cloudwatch_logs_policy, true) @@ -19,15 +18,12 @@ module "wrapper" { attach_policy_statements = try(each.value.attach_policy_statements, var.defaults.attach_policy_statements, false) attach_tracing_policy = try(each.value.attach_tracing_policy, var.defaults.attach_tracing_policy, false) authorization_type = try(each.value.authorization_type, var.defaults.authorization_type, "NONE") - build_in_docker = try(each.value.build_in_docker, var.defaults.build_in_docker, false) cloudwatch_logs_kms_key_id = try(each.value.cloudwatch_logs_kms_key_id, var.defaults.cloudwatch_logs_kms_key_id, null) cloudwatch_logs_log_group_class = try(each.value.cloudwatch_logs_log_group_class, var.defaults.cloudwatch_logs_log_group_class, null) cloudwatch_logs_retention_in_days = try(each.value.cloudwatch_logs_retention_in_days, var.defaults.cloudwatch_logs_retention_in_days, null) cloudwatch_logs_skip_destroy = try(each.value.cloudwatch_logs_skip_destroy, var.defaults.cloudwatch_logs_skip_destroy, false) cloudwatch_logs_tags = try(each.value.cloudwatch_logs_tags, var.defaults.cloudwatch_logs_tags, {}) code_signing_config_arn = try(each.value.code_signing_config_arn, var.defaults.code_signing_config_arn, null) - compatible_architectures = try(each.value.compatible_architectures, var.defaults.compatible_architectures, null) - compatible_runtimes = try(each.value.compatible_runtimes, var.defaults.compatible_runtimes, []) cors = try(each.value.cors, var.defaults.cors, {}) create = try(each.value.create, var.defaults.create, true) create_async_event_config = try(each.value.create_async_event_config, var.defaults.create_async_event_config, false) @@ -36,9 +32,7 @@ module "wrapper" { create_function = try(each.value.create_function, var.defaults.create_function, true) create_lambda_function_url = try(each.value.create_lambda_function_url, var.defaults.create_lambda_function_url, false) create_layer = try(each.value.create_layer, var.defaults.create_layer, false) - create_package = try(each.value.create_package, var.defaults.create_package, true) create_role = try(each.value.create_role, var.defaults.create_role, true) - create_sam_metadata = try(each.value.create_sam_metadata, var.defaults.create_sam_metadata, false) create_unqualified_alias_allowed_triggers = try(each.value.create_unqualified_alias_allowed_triggers, var.defaults.create_unqualified_alias_allowed_triggers, true) create_unqualified_alias_async_event_config = try(each.value.create_unqualified_alias_async_event_config, var.defaults.create_unqualified_alias_async_event_config, true) create_unqualified_alias_lambda_function_url = try(each.value.create_unqualified_alias_lambda_function_url, var.defaults.create_unqualified_alias_lambda_function_url, true) @@ -46,13 +40,6 @@ module "wrapper" { description = try(each.value.description, var.defaults.description, "") destination_on_failure = try(each.value.destination_on_failure, var.defaults.destination_on_failure, null) destination_on_success = try(each.value.destination_on_success, var.defaults.destination_on_success, null) - docker_additional_options = try(each.value.docker_additional_options, var.defaults.docker_additional_options, []) - docker_build_root = try(each.value.docker_build_root, var.defaults.docker_build_root, "") - docker_entrypoint = try(each.value.docker_entrypoint, var.defaults.docker_entrypoint, null) - docker_file = try(each.value.docker_file, var.defaults.docker_file, "") - docker_image = try(each.value.docker_image, var.defaults.docker_image, "") - docker_pip_cache = try(each.value.docker_pip_cache, var.defaults.docker_pip_cache, null) - docker_with_ssh_agent = try(each.value.docker_with_ssh_agent, var.defaults.docker_with_ssh_agent, false) environment_variables = try(each.value.environment_variables, var.defaults.environment_variables, {}) ephemeral_storage_size = try(each.value.ephemeral_storage_size, var.defaults.ephemeral_storage_size, 512) event_source_mapping = try(each.value.event_source_mapping, var.defaults.event_source_mapping, {}) @@ -61,8 +48,6 @@ module "wrapper" { function_name = try(each.value.function_name, var.defaults.function_name, "") function_tags = try(each.value.function_tags, var.defaults.function_tags, {}) handler = try(each.value.handler, var.defaults.handler, "") - hash_extra = try(each.value.hash_extra, var.defaults.hash_extra, "") - ignore_source_code_hash = try(each.value.ignore_source_code_hash, var.defaults.ignore_source_code_hash, false) image_config_command = try(each.value.image_config_command, var.defaults.image_config_command, []) image_config_entry_point = try(each.value.image_config_entry_point, var.defaults.image_config_entry_point, []) image_config_working_directory = try(each.value.image_config_working_directory, var.defaults.image_config_working_directory, null) @@ -74,11 +59,7 @@ module "wrapper" { lambda_at_edge = try(each.value.lambda_at_edge, var.defaults.lambda_at_edge, false) lambda_at_edge_logs_all_regions = try(each.value.lambda_at_edge_logs_all_regions, var.defaults.lambda_at_edge_logs_all_regions, true) lambda_role = try(each.value.lambda_role, var.defaults.lambda_role, "") - layer_name = try(each.value.layer_name, var.defaults.layer_name, "") - layer_skip_destroy = try(each.value.layer_skip_destroy, var.defaults.layer_skip_destroy, false) layers = try(each.value.layers, var.defaults.layers, null) - license_info = try(each.value.license_info, var.defaults.license_info, "") - local_existing_package = try(each.value.local_existing_package, var.defaults.local_existing_package, null) logging_application_log_level = try(each.value.logging_application_log_level, var.defaults.logging_application_log_level, "INFO") logging_log_format = try(each.value.logging_log_format, var.defaults.logging_log_format, "Text") logging_log_group = try(each.value.logging_log_group, var.defaults.logging_log_group, null) @@ -99,7 +80,6 @@ module "wrapper" { provisioned_concurrent_executions = try(each.value.provisioned_concurrent_executions, var.defaults.provisioned_concurrent_executions, -1) publish = try(each.value.publish, var.defaults.publish, false) putin_khuylo = try(each.value.putin_khuylo, var.defaults.putin_khuylo, true) - recreate_missing_package = try(each.value.recreate_missing_package, var.defaults.recreate_missing_package, true) recursive_loop = try(each.value.recursive_loop, var.defaults.recursive_loop, null) replace_security_groups_on_destroy = try(each.value.replace_security_groups_on_destroy, var.defaults.replace_security_groups_on_destroy, null) replacement_security_group_ids = try(each.value.replacement_security_group_ids, var.defaults.replacement_security_group_ids, null) @@ -112,25 +92,12 @@ module "wrapper" { role_permissions_boundary = try(each.value.role_permissions_boundary, var.defaults.role_permissions_boundary, null) role_tags = try(each.value.role_tags, var.defaults.role_tags, {}) runtime = try(each.value.runtime, var.defaults.runtime, "") - s3_acl = try(each.value.s3_acl, var.defaults.s3_acl, "private") - s3_bucket = try(each.value.s3_bucket, var.defaults.s3_bucket, null) - s3_existing_package = try(each.value.s3_existing_package, var.defaults.s3_existing_package, null) - s3_kms_key_id = try(each.value.s3_kms_key_id, var.defaults.s3_kms_key_id, null) - s3_object_override_default_tags = try(each.value.s3_object_override_default_tags, var.defaults.s3_object_override_default_tags, false) - s3_object_storage_class = try(each.value.s3_object_storage_class, var.defaults.s3_object_storage_class, "ONEZONE_IA") - s3_object_tags = try(each.value.s3_object_tags, var.defaults.s3_object_tags, {}) - s3_object_tags_only = try(each.value.s3_object_tags_only, var.defaults.s3_object_tags_only, false) - s3_prefix = try(each.value.s3_prefix, var.defaults.s3_prefix, null) - s3_server_side_encryption = try(each.value.s3_server_side_encryption, var.defaults.s3_server_side_encryption, null) skip_destroy = try(each.value.skip_destroy, var.defaults.skip_destroy, null) snap_start = try(each.value.snap_start, var.defaults.snap_start, false) - source_path = try(each.value.source_path, var.defaults.source_path, null) - store_on_s3 = try(each.value.store_on_s3, var.defaults.store_on_s3, false) tags = try(each.value.tags, var.defaults.tags, {}) timeout = try(each.value.timeout, var.defaults.timeout, 3) timeouts = try(each.value.timeouts, var.defaults.timeouts, {}) tracing_mode = try(each.value.tracing_mode, var.defaults.tracing_mode, null) - trigger_on_package_timestamp = try(each.value.trigger_on_package_timestamp, var.defaults.trigger_on_package_timestamp, true) trusted_entities = try(each.value.trusted_entities, var.defaults.trusted_entities, []) use_existing_cloudwatch_log_group = try(each.value.use_existing_cloudwatch_log_group, var.defaults.use_existing_cloudwatch_log_group, false) vpc_security_group_ids = try(each.value.vpc_security_group_ids, var.defaults.vpc_security_group_ids, null) diff --git a/wrappers/versions.tf b/wrappers/versions.tf index bf462c65..92cc6b76 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -6,17 +6,17 @@ terraform { source = "hashicorp/aws" version = ">= 5.79" } - external = { - source = "hashicorp/external" - version = ">= 1.0" - } - local = { - source = "hashicorp/local" - version = ">= 1.0" - } - null = { - source = "hashicorp/null" - version = ">= 2.0" - } + # external = { + # source = "hashicorp/external" + # version = ">= 1.0" + # } + # local = { + # source = "hashicorp/local" + # version = ">= 1.0" + # } + # null = { + # source = "hashicorp/null" + # version = ">= 2.0" + # } } } From 57233469e23c8902130c00fe5a2890ba114ff232 Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Thu, 2 Oct 2025 14:05:58 -0400 Subject: [PATCH 03/15] feat: INFR-4719 add image_uri to lifecycle ignore_changes --- main.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/main.tf b/main.tf index 4d6ab356..6fd0f005 100644 --- a/main.tf +++ b/main.tf @@ -143,6 +143,10 @@ resource "aws_lambda_function" "this" { var.function_tags ) + lifecycle { + ignore_changes = [image_uri] + } + depends_on = [ # null_resource.archive, # aws_s3_object.lambda_package, From 7a690b8ec1e35b5899cbab91c70222a9fa00775f Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 12:24:51 -0400 Subject: [PATCH 04/15] fix: INFR-4719 add module_variable_optional_attrs to backfill tf version --- versions.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/versions.tf b/versions.tf index 92cc6b76..33592aa6 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,6 @@ terraform { required_version = ">= 1.0" + experiments = [module_variable_optional_attrs] required_providers { aws = { From ac45fa7d53766cd42860984addfe9e4e3e6786d3 Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 12:40:05 -0400 Subject: [PATCH 05/15] fix: INFR-4719 add module_variable_optional_attrs to backfill tf version --- modules/alias/versions.tf | 1 + modules/deploy/versions.tf | 1 + modules/docker-build/versions.tf | 1 + wrappers/alias/versions.tf | 1 + wrappers/deploy/versions.tf | 1 + wrappers/docker-build/versions.tf | 1 + 6 files changed, 6 insertions(+) diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index dbc484ad..0f791657 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -1,5 +1,6 @@ terraform { required_version = ">= 1.0" + experiments = [module_variable_optional_attrs] required_providers { aws = { diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index 5a82f93b..00dc70d9 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -1,5 +1,6 @@ terraform { required_version = ">= 1.0" + experiments = [module_variable_optional_attrs] required_providers { aws = { diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index 93aadf1a..15ce25a7 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -1,5 +1,6 @@ terraform { required_version = ">= 1.0" + experiments = [module_variable_optional_attrs] required_providers { aws = { diff --git a/wrappers/alias/versions.tf b/wrappers/alias/versions.tf index dbc484ad..0f791657 100644 --- a/wrappers/alias/versions.tf +++ b/wrappers/alias/versions.tf @@ -1,5 +1,6 @@ terraform { required_version = ">= 1.0" + experiments = [module_variable_optional_attrs] required_providers { aws = { diff --git a/wrappers/deploy/versions.tf b/wrappers/deploy/versions.tf index 5a82f93b..00dc70d9 100644 --- a/wrappers/deploy/versions.tf +++ b/wrappers/deploy/versions.tf @@ -1,5 +1,6 @@ terraform { required_version = ">= 1.0" + experiments = [module_variable_optional_attrs] required_providers { aws = { diff --git a/wrappers/docker-build/versions.tf b/wrappers/docker-build/versions.tf index 93aadf1a..15ce25a7 100644 --- a/wrappers/docker-build/versions.tf +++ b/wrappers/docker-build/versions.tf @@ -1,5 +1,6 @@ terraform { required_version = ">= 1.0" + experiments = [module_variable_optional_attrs] required_providers { aws = { From 5ac812b21a74b3a2d28d4a238d1db07eb445df67 Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 12:51:11 -0400 Subject: [PATCH 06/15] fix: update tf version and remove experiments attr --- modules/alias/versions.tf | 3 +-- modules/deploy/versions.tf | 3 +-- modules/docker-build/versions.tf | 3 +-- versions.tf | 3 +-- wrappers/alias/versions.tf | 3 +-- wrappers/deploy/versions.tf | 3 +-- wrappers/docker-build/versions.tf | 4 +--- wrappers/versions.tf | 2 +- 8 files changed, 8 insertions(+), 16 deletions(-) diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index 0f791657..2ab1e86d 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -1,6 +1,5 @@ terraform { - required_version = ">= 1.0" - experiments = [module_variable_optional_attrs] + required_version = ">= 1.3" required_providers { aws = { diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index 00dc70d9..ce8278d8 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -1,6 +1,5 @@ terraform { - required_version = ">= 1.0" - experiments = [module_variable_optional_attrs] + required_version = ">= 1.3" required_providers { aws = { diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index 15ce25a7..1b75252e 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -1,6 +1,5 @@ terraform { - required_version = ">= 1.0" - experiments = [module_variable_optional_attrs] + required_version = ">= 1.3" required_providers { aws = { diff --git a/versions.tf b/versions.tf index 33592aa6..345b82da 100644 --- a/versions.tf +++ b/versions.tf @@ -1,6 +1,5 @@ terraform { - required_version = ">= 1.0" - experiments = [module_variable_optional_attrs] + required_version = ">= 1.3" required_providers { aws = { diff --git a/wrappers/alias/versions.tf b/wrappers/alias/versions.tf index 0f791657..2ab1e86d 100644 --- a/wrappers/alias/versions.tf +++ b/wrappers/alias/versions.tf @@ -1,6 +1,5 @@ terraform { - required_version = ">= 1.0" - experiments = [module_variable_optional_attrs] + required_version = ">= 1.3" required_providers { aws = { diff --git a/wrappers/deploy/versions.tf b/wrappers/deploy/versions.tf index 00dc70d9..ce8278d8 100644 --- a/wrappers/deploy/versions.tf +++ b/wrappers/deploy/versions.tf @@ -1,6 +1,5 @@ terraform { - required_version = ">= 1.0" - experiments = [module_variable_optional_attrs] + required_version = ">= 1.3" required_providers { aws = { diff --git a/wrappers/docker-build/versions.tf b/wrappers/docker-build/versions.tf index 15ce25a7..58f07068 100644 --- a/wrappers/docker-build/versions.tf +++ b/wrappers/docker-build/versions.tf @@ -1,7 +1,5 @@ terraform { - required_version = ">= 1.0" - experiments = [module_variable_optional_attrs] - + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" diff --git a/wrappers/versions.tf b/wrappers/versions.tf index 92cc6b76..345b82da 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { From 1557bf94c9e38842005cff3d68f4e148b03b1d0d Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 12:55:46 -0400 Subject: [PATCH 07/15] fix: skip examples/** for pre-commit validate --- .pre-commit-config.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2fb09edb..0c3f8df0 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -23,6 +23,7 @@ repos: - "--args=--only=terraform_standard_module_structure" - "--args=--only=terraform_workspace_remote" - id: terraform_validate + exclude: ^examples/ - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 hooks: From 1d1eb16dc9ad3363907938ba179789c0ed57b5ac Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 13:02:53 -0400 Subject: [PATCH 08/15] fix: pre-commit hooks requirements --- README.md | 356 +++++++++++++++++---------------- modules/alias/README.md | 104 +++++----- modules/deploy/README.md | 164 +++++++-------- modules/docker-build/README.md | 98 ++++----- 4 files changed, 364 insertions(+), 358 deletions(-) diff --git a/README.md b/README.md index 3cc6f87d..5c4e0d43 100644 --- a/README.md +++ b/README.md @@ -434,7 +434,7 @@ source_path = [ ] ``` -*Few notes:* +_Few notes:_ - If you specify a source path as a string that references a folder and the runtime begins with `python` or `nodejs`, the build process will automatically build python and nodejs dependencies if `requirements.txt` or `package.json` file will be found in the source folder. If you want to customize this behavior, please use the object notation as explained below. - All arguments except `path` are optional. @@ -560,29 +560,35 @@ module "lambda_function_existing_package_from_remote_url" { ``` ## How to use AWS SAM CLI to test Lambda Function? + [AWS SAM CLI](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-command-reference.html) is an open source tool that help the developers to initiate, build, test, and deploy serverless applications. SAM CLI tool [supports Terraform applications](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/what-is-terraform-support.html). SAM CLI provides two ways of testing: local testing and testing on-cloud (Accelerate). ### Local Testing + Using SAM CLI, you can invoke the lambda functions defined in the terraform application locally using the [sam local invoke](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-local-invoke.html) command, providing the function terraform address, or function name, and to set the `hook-name` to `terraform` to tell SAM CLI that the underlying project is a terraform application. You can execute the `sam local invoke` command from your terraform application root directory as following: + ``` sam local invoke --hook-name terraform module.hello_world_function.aws_lambda_function.this[0] ``` + You can also pass an event to your lambda function, or overwrite its environment variables. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-invoke.html) for more information. You can also invoke your lambda function in debugging mode, and step-through your lambda function source code locally in your preferred editor. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-debugging.html) for more information. ### Testing on-cloud (Accelerate) + You can use AWS SAM CLI to quickly test your application on your AWS development account. Using SAM Accelerate, you will be able to develop your lambda functions locally, and once you save your updates, SAM CLI will update your development account with the updated Lambda functions. So, you can test it on cloud, and if there is any bug, you can quickly update the code, and SAM CLI will take care of pushing it to the cloud. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/accelerate.html) for more information about SAM Accelerate. You can execute the `sam sync` command from your terraform application root directory as following: + ``` sam sync --hook-name terraform --watch ``` @@ -660,20 +666,20 @@ Q4: What does this error mean - `"We currently do not support adding policies fo - [1Mill/serverless-tf-examples](https://github.com/1Mill/serverless-tf-examples/tree/main/src) - + ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| Name | Version | +| ------------------------------------------------------------------------ | ------- | +| [terraform](#requirement_terraform) | >= 1.3 | +| [aws](#requirement_aws) | >= 5.79 | ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| Name | Version | +| ------------------------------------------------ | ------- | +| [aws](#provider_aws) | >= 5.79 | ## Modules @@ -681,174 +687,175 @@ No modules. ## Resources -| Name | Type | -|------|------| -| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | -| [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy_attachment.additional_many](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.additional_one](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | -| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | -| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | -| [aws_lambda_function_recursion_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_recursion_config) | resource | -| [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource | -| [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | -| [aws_lambda_permission.unqualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | -| [aws_lambda_provisioned_concurrency_config.current_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_provisioned_concurrency_config) | resource | -| [aws_arn.log_group_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | data source | -| [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy_document.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| Name | Type | +| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------- | +| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | +| [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy_attachment.additional_many](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.additional_one](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | +| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | +| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | +| [aws_lambda_function_recursion_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_recursion_config) | resource | +| [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource | +| [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_permission.unqualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_provisioned_concurrency_config.current_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_provisioned_concurrency_config) | resource | +| [aws_arn.log_group_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | data source | +| [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | +| [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | +| [aws_iam_policy_document.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [allowed\_triggers](#input\_allowed\_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | -| [architectures](#input\_architectures) | Instruction set architecture for your Lambda function. Valid values are ["x86\_64"] and ["arm64"]. | `list(string)` | `null` | no | -| [assume\_role\_policy\_statements](#input\_assume\_role\_policy\_statements) | Map of dynamic policy statements for assuming Lambda Function role (trust relationship) | `any` | `{}` | no | -| [attach\_async\_event\_policy](#input\_attach\_async\_event\_policy) | Controls whether async event policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach\_cloudwatch\_logs\_policy](#input\_attach\_cloudwatch\_logs\_policy) | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | `bool` | `true` | no | -| [attach\_create\_log\_group\_permission](#input\_attach\_create\_log\_group\_permission) | Controls whether to add the create log group permission to the CloudWatch logs policy | `bool` | `true` | no | -| [attach\_dead\_letter\_policy](#input\_attach\_dead\_letter\_policy) | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach\_network\_policy](#input\_attach\_network\_policy) | Controls whether VPC/network policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach\_policies](#input\_attach\_policies) | Controls whether list of policies should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach\_policy](#input\_attach\_policy) | Controls whether policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach\_policy\_json](#input\_attach\_policy\_json) | Controls whether policy\_json should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach\_policy\_jsons](#input\_attach\_policy\_jsons) | Controls whether policy\_jsons should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach\_policy\_statements](#input\_attach\_policy\_statements) | Controls whether policy\_statements should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach\_tracing\_policy](#input\_attach\_tracing\_policy) | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [authorization\_type](#input\_authorization\_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS\_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no | -| [cloudwatch\_logs\_kms\_key\_id](#input\_cloudwatch\_logs\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | -| [cloudwatch\_logs\_log\_group\_class](#input\_cloudwatch\_logs\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no | -| [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | -| [cloudwatch\_logs\_skip\_destroy](#input\_cloudwatch\_logs\_skip\_destroy) | Whether to keep the log group (and any logs it may contain) at destroy time. | `bool` | `false` | no | -| [cloudwatch\_logs\_tags](#input\_cloudwatch\_logs\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | -| [code\_signing\_config\_arn](#input\_code\_signing\_config\_arn) | Amazon Resource Name (ARN) for a Code Signing Configuration | `string` | `null` | no | -| [cors](#input\_cors) | CORS settings to be used by the Lambda Function URL | `any` | `{}` | no | -| [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | -| [create\_async\_event\_config](#input\_create\_async\_event\_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | -| [create\_current\_version\_allowed\_triggers](#input\_create\_current\_version\_allowed\_triggers) | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| [create\_current\_version\_async\_event\_config](#input\_create\_current\_version\_async\_event\_config) | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| [create\_function](#input\_create\_function) | Controls whether Lambda Function resource should be created | `bool` | `true` | no | -| [create\_lambda\_function\_url](#input\_create\_lambda\_function\_url) | Controls whether the Lambda Function URL resource should be created | `bool` | `false` | no | -| [create\_layer](#input\_create\_layer) | Controls whether Lambda Layer resource should be created | `bool` | `false` | no | -| [create\_role](#input\_create\_role) | Controls whether IAM role for Lambda Function should be created | `bool` | `true` | no | -| [create\_unqualified\_alias\_allowed\_triggers](#input\_create\_unqualified\_alias\_allowed\_triggers) | Whether to allow triggers on unqualified alias pointing to $LATEST version | `bool` | `true` | no | -| [create\_unqualified\_alias\_async\_event\_config](#input\_create\_unqualified\_alias\_async\_event\_config) | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | `bool` | `true` | no | -| [create\_unqualified\_alias\_lambda\_function\_url](#input\_create\_unqualified\_alias\_lambda\_function\_url) | Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL | `bool` | `true` | no | -| [dead\_letter\_target\_arn](#input\_dead\_letter\_target\_arn) | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | `string` | `null` | no | -| [description](#input\_description) | Description of your Lambda Function (or Layer) | `string` | `""` | no | -| [destination\_on\_failure](#input\_destination\_on\_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | -| [destination\_on\_success](#input\_destination\_on\_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | -| [environment\_variables](#input\_environment\_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no | -| [ephemeral\_storage\_size](#input\_ephemeral\_storage\_size) | Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | `number` | `512` | no | -| [event\_source\_mapping](#input\_event\_source\_mapping) | Map of event source mapping | `any` | `{}` | no | -| [file\_system\_arn](#input\_file\_system\_arn) | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | `string` | `null` | no | -| [file\_system\_local\_mount\_path](#input\_file\_system\_local\_mount\_path) | The path where the function can access the file system, starting with /mnt/. | `string` | `null` | no | -| [function\_name](#input\_function\_name) | A unique name for your Lambda Function | `string` | `""` | no | -| [function\_tags](#input\_function\_tags) | A map of tags to assign only to the lambda function | `map(string)` | `{}` | no | -| [handler](#input\_handler) | Lambda Function entrypoint in your code | `string` | `""` | no | -| [image\_config\_command](#input\_image\_config\_command) | The CMD for the docker image | `list(string)` | `[]` | no | -| [image\_config\_entry\_point](#input\_image\_config\_entry\_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | -| [image\_config\_working\_directory](#input\_image\_config\_working\_directory) | The working directory for the docker image | `string` | `null` | no | -| [image\_uri](#input\_image\_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no | -| [include\_default\_tag](#input\_include\_default\_tag) | Set to false to not include the default tag in the tags map. | `bool` | `true` | no | -| [invoke\_mode](#input\_invoke\_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE\_STREAM. | `string` | `null` | no | -| [ipv6\_allowed\_for\_dual\_stack](#input\_ipv6\_allowed\_for\_dual\_stack) | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets | `bool` | `null` | no | -| [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | -| [lambda\_at\_edge](#input\_lambda\_at\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | -| [lambda\_at\_edge\_logs\_all\_regions](#input\_lambda\_at\_edge\_logs\_all\_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no | -| [lambda\_role](#input\_lambda\_role) | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | -| [layers](#input\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `null` | no | -| [logging\_application\_log\_level](#input\_logging\_application\_log\_level) | The application log level of the Lambda Function. Valid values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", or "FATAL". | `string` | `"INFO"` | no | -| [logging\_log\_format](#input\_logging\_log\_format) | The log format of the Lambda Function. Valid values are "JSON" or "Text". | `string` | `"Text"` | no | -| [logging\_log\_group](#input\_logging\_log\_group) | The CloudWatch log group to send logs to. | `string` | `null` | no | -| [logging\_system\_log\_level](#input\_logging\_system\_log\_level) | The system log level of the Lambda Function. Valid values are "DEBUG", "INFO", or "WARN". | `string` | `"INFO"` | no | -| [maximum\_event\_age\_in\_seconds](#input\_maximum\_event\_age\_in\_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | -| [maximum\_retry\_attempts](#input\_maximum\_retry\_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | -| [memory\_size](#input\_memory\_size) | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | `number` | `128` | no | -| [number\_of\_policies](#input\_number\_of\_policies) | Number of policies to attach to IAM role for Lambda Function | `number` | `0` | no | -| [number\_of\_policy\_jsons](#input\_number\_of\_policy\_jsons) | Number of policies JSON to attach to IAM role for Lambda Function | `number` | `0` | no | -| [package\_type](#input\_package\_type) | The Lambda deployment package type. Valid options: Zip or Image | `string` | `"Zip"` | no | -| [policies](#input\_policies) | List of policy statements ARN to attach to Lambda Function role | `list(string)` | `[]` | no | -| [policy](#input\_policy) | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no | -| [policy\_json](#input\_policy\_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | -| [policy\_jsons](#input\_policy\_jsons) | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no | -| [policy\_name](#input\_policy\_name) | IAM policy name. It override the default value, which is the same as role\_name | `string` | `null` | no | -| [policy\_path](#input\_policy\_path) | Path of policies to that should be added to IAM role for Lambda Function | `string` | `null` | no | -| [policy\_statements](#input\_policy\_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | -| [provisioned\_concurrent\_executions](#input\_provisioned\_concurrent\_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | -| [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | -| [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | -| [recursive\_loop](#input\_recursive\_loop) | Lambda function recursion configuration. Valid values are Allow or Terminate. | `string` | `null` | no | -| [replace\_security\_groups\_on\_destroy](#input\_replace\_security\_groups\_on\_destroy) | (Optional) When true, all security groups defined in vpc\_security\_group\_ids will be replaced with the default security group after the function is destroyed. Set the replacement\_security\_group\_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no | -| [replacement\_security\_group\_ids](#input\_replacement\_security\_group\_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace\_security\_groups\_on\_destroy must be set to true to use this attribute. | `list(string)` | `null` | no | -| [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | -| [role\_description](#input\_role\_description) | Description of IAM role to use for Lambda Function | `string` | `null` | no | -| [role\_force\_detach\_policies](#input\_role\_force\_detach\_policies) | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no | -| [role\_maximum\_session\_duration](#input\_role\_maximum\_session\_duration) | Maximum session duration, in seconds, for the IAM role | `number` | `3600` | no | -| [role\_name](#input\_role\_name) | Name of IAM role to use for Lambda Function | `string` | `null` | no | -| [role\_path](#input\_role\_path) | Path of IAM role to use for Lambda Function | `string` | `null` | no | -| [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | `string` | `null` | no | -| [role\_tags](#input\_role\_tags) | A map of tags to assign to IAM role | `map(string)` | `{}` | no | -| [runtime](#input\_runtime) | Lambda Function runtime | `string` | `""` | no | -| [skip\_destroy](#input\_skip\_destroy) | Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. Useful for Lambda@Edge functions attached to CloudFront distributions. | `bool` | `null` | no | -| [snap\_start](#input\_snap\_start) | (Optional) Snap start settings for low-latency startups | `bool` | `false` | no | -| [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | -| [timeout](#input\_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no | -| [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting Lambda Function resources | `map(string)` | `{}` | no | -| [tracing\_mode](#input\_tracing\_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no | -| [trusted\_entities](#input\_trusted\_entities) | List of additional trusted entities for assuming Lambda Function role (trust relationship) | `any` | `[]` | no | -| [use\_existing\_cloudwatch\_log\_group](#input\_use\_existing\_cloudwatch\_log\_group) | Whether to use an existing CloudWatch log group or create new | `bool` | `false` | no | -| [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no | -| [vpc\_subnet\_ids](#input\_vpc\_subnet\_ids) | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | `list(string)` | `null` | no | +| Name | Description | Type | Default | Required | +| --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------- | -------- | :------: | +| [allowed_triggers](#input_allowed_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | +| [architectures](#input_architectures) | Instruction set architecture for your Lambda function. Valid values are ["x86\_64"] and ["arm64"]. | `list(string)` | `null` | no | +| [assume_role_policy_statements](#input_assume_role_policy_statements) | Map of dynamic policy statements for assuming Lambda Function role (trust relationship) | `any` | `{}` | no | +| [attach_async_event_policy](#input_attach_async_event_policy) | Controls whether async event policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach_cloudwatch_logs_policy](#input_attach_cloudwatch_logs_policy) | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | `bool` | `true` | no | +| [attach_create_log_group_permission](#input_attach_create_log_group_permission) | Controls whether to add the create log group permission to the CloudWatch logs policy | `bool` | `true` | no | +| [attach_dead_letter_policy](#input_attach_dead_letter_policy) | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach_network_policy](#input_attach_network_policy) | Controls whether VPC/network policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach_policies](#input_attach_policies) | Controls whether list of policies should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach_policy](#input_attach_policy) | Controls whether policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach_policy_json](#input_attach_policy_json) | Controls whether policy_json should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach_policy_jsons](#input_attach_policy_jsons) | Controls whether policy_jsons should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach_policy_statements](#input_attach_policy_statements) | Controls whether policy_statements should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach_tracing_policy](#input_attach_tracing_policy) | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [authorization_type](#input_authorization_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no | +| [cloudwatch_logs_kms_key_id](#input_cloudwatch_logs_kms_key_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | +| [cloudwatch_logs_log_group_class](#input_cloudwatch_logs_log_group_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no | +| [cloudwatch_logs_retention_in_days](#input_cloudwatch_logs_retention_in_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | +| [cloudwatch_logs_skip_destroy](#input_cloudwatch_logs_skip_destroy) | Whether to keep the log group (and any logs it may contain) at destroy time. | `bool` | `false` | no | +| [cloudwatch_logs_tags](#input_cloudwatch_logs_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | +| [code_signing_config_arn](#input_code_signing_config_arn) | Amazon Resource Name (ARN) for a Code Signing Configuration | `string` | `null` | no | +| [cors](#input_cors) | CORS settings to be used by the Lambda Function URL | `any` | `{}` | no | +| [create](#input_create) | Controls whether resources should be created | `bool` | `true` | no | +| [create_async_event_config](#input_create_async_event_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | +| [create_current_version_allowed_triggers](#input_create_current_version_allowed_triggers) | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [create_current_version_async_event_config](#input_create_current_version_async_event_config) | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [create_function](#input_create_function) | Controls whether Lambda Function resource should be created | `bool` | `true` | no | +| [create_lambda_function_url](#input_create_lambda_function_url) | Controls whether the Lambda Function URL resource should be created | `bool` | `false` | no | +| [create_layer](#input_create_layer) | Controls whether Lambda Layer resource should be created | `bool` | `false` | no | +| [create_role](#input_create_role) | Controls whether IAM role for Lambda Function should be created | `bool` | `true` | no | +| [create_unqualified_alias_allowed_triggers](#input_create_unqualified_alias_allowed_triggers) | Whether to allow triggers on unqualified alias pointing to $LATEST version | `bool` | `true` | no | +| [create_unqualified_alias_async_event_config](#input_create_unqualified_alias_async_event_config) | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | `bool` | `true` | no | +| [create_unqualified_alias_lambda_function_url](#input_create_unqualified_alias_lambda_function_url) | Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL | `bool` | `true` | no | +| [dead_letter_target_arn](#input_dead_letter_target_arn) | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | `string` | `null` | no | +| [description](#input_description) | Description of your Lambda Function (or Layer) | `string` | `""` | no | +| [destination_on_failure](#input_destination_on_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | +| [destination_on_success](#input_destination_on_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | +| [environment_variables](#input_environment_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no | +| [ephemeral_storage_size](#input_ephemeral_storage_size) | Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | `number` | `512` | no | +| [event_source_mapping](#input_event_source_mapping) | Map of event source mapping | `any` | `{}` | no | +| [file_system_arn](#input_file_system_arn) | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | `string` | `null` | no | +| [file_system_local_mount_path](#input_file_system_local_mount_path) | The path where the function can access the file system, starting with /mnt/. | `string` | `null` | no | +| [function_name](#input_function_name) | A unique name for your Lambda Function | `string` | `""` | no | +| [function_tags](#input_function_tags) | A map of tags to assign only to the lambda function | `map(string)` | `{}` | no | +| [handler](#input_handler) | Lambda Function entrypoint in your code | `string` | `""` | no | +| [image_config_command](#input_image_config_command) | The CMD for the docker image | `list(string)` | `[]` | no | +| [image_config_entry_point](#input_image_config_entry_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | +| [image_config_working_directory](#input_image_config_working_directory) | The working directory for the docker image | `string` | `null` | no | +| [image_uri](#input_image_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no | +| [include_default_tag](#input_include_default_tag) | Set to false to not include the default tag in the tags map. | `bool` | `true` | no | +| [invoke_mode](#input_invoke_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE_STREAM. | `string` | `null` | no | +| [ipv6_allowed_for_dual_stack](#input_ipv6_allowed_for_dual_stack) | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets | `bool` | `null` | no | +| [kms_key_arn](#input_kms_key_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | +| [lambda_at_edge](#input_lambda_at_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | +| [lambda_at_edge_logs_all_regions](#input_lambda_at_edge_logs_all_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no | +| [lambda_role](#input_lambda_role) | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | +| [layers](#input_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `null` | no | +| [logging_application_log_level](#input_logging_application_log_level) | The application log level of the Lambda Function. Valid values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", or "FATAL". | `string` | `"INFO"` | no | +| [logging_log_format](#input_logging_log_format) | The log format of the Lambda Function. Valid values are "JSON" or "Text". | `string` | `"Text"` | no | +| [logging_log_group](#input_logging_log_group) | The CloudWatch log group to send logs to. | `string` | `null` | no | +| [logging_system_log_level](#input_logging_system_log_level) | The system log level of the Lambda Function. Valid values are "DEBUG", "INFO", or "WARN". | `string` | `"INFO"` | no | +| [maximum_event_age_in_seconds](#input_maximum_event_age_in_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | +| [maximum_retry_attempts](#input_maximum_retry_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | +| [memory_size](#input_memory_size) | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | `number` | `128` | no | +| [number_of_policies](#input_number_of_policies) | Number of policies to attach to IAM role for Lambda Function | `number` | `0` | no | +| [number_of_policy_jsons](#input_number_of_policy_jsons) | Number of policies JSON to attach to IAM role for Lambda Function | `number` | `0` | no | +| [package_type](#input_package_type) | The Lambda deployment package type. Valid options: Zip or Image | `string` | `"Zip"` | no | +| [policies](#input_policies) | List of policy statements ARN to attach to Lambda Function role | `list(string)` | `[]` | no | +| [policy](#input_policy) | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no | +| [policy_json](#input_policy_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | +| [policy_jsons](#input_policy_jsons) | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no | +| [policy_name](#input_policy_name) | IAM policy name. It override the default value, which is the same as role_name | `string` | `null` | no | +| [policy_path](#input_policy_path) | Path of policies to that should be added to IAM role for Lambda Function | `string` | `null` | no | +| [policy_statements](#input_policy_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | +| [provisioned_concurrent_executions](#input_provisioned_concurrent_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | +| [publish](#input_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | +| [putin_khuylo](#input_putin_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | +| [recursive_loop](#input_recursive_loop) | Lambda function recursion configuration. Valid values are Allow or Terminate. | `string` | `null` | no | +| [replace_security_groups_on_destroy](#input_replace_security_groups_on_destroy) | (Optional) When true, all security groups defined in vpc_security_group_ids will be replaced with the default security group after the function is destroyed. Set the replacement_security_group_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no | +| [replacement_security_group_ids](#input_replacement_security_group_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace_security_groups_on_destroy must be set to true to use this attribute. | `list(string)` | `null` | no | +| [reserved_concurrent_executions](#input_reserved_concurrent_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | +| [role_description](#input_role_description) | Description of IAM role to use for Lambda Function | `string` | `null` | no | +| [role_force_detach_policies](#input_role_force_detach_policies) | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no | +| [role_maximum_session_duration](#input_role_maximum_session_duration) | Maximum session duration, in seconds, for the IAM role | `number` | `3600` | no | +| [role_name](#input_role_name) | Name of IAM role to use for Lambda Function | `string` | `null` | no | +| [role_path](#input_role_path) | Path of IAM role to use for Lambda Function | `string` | `null` | no | +| [role_permissions_boundary](#input_role_permissions_boundary) | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | `string` | `null` | no | +| [role_tags](#input_role_tags) | A map of tags to assign to IAM role | `map(string)` | `{}` | no | +| [runtime](#input_runtime) | Lambda Function runtime | `string` | `""` | no | +| [skip_destroy](#input_skip_destroy) | Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. Useful for Lambda@Edge functions attached to CloudFront distributions. | `bool` | `null` | no | +| [snap_start](#input_snap_start) | (Optional) Snap start settings for low-latency startups | `bool` | `false` | no | +| [tags](#input_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | +| [timeout](#input_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no | +| [timeouts](#input_timeouts) | Define maximum timeout for creating, updating, and deleting Lambda Function resources | `map(string)` | `{}` | no | +| [tracing_mode](#input_tracing_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no | +| [trusted_entities](#input_trusted_entities) | List of additional trusted entities for assuming Lambda Function role (trust relationship) | `any` | `[]` | no | +| [use_existing_cloudwatch_log_group](#input_use_existing_cloudwatch_log_group) | Whether to use an existing CloudWatch log group or create new | `bool` | `false` | no | +| [vpc_security_group_ids](#input_vpc_security_group_ids) | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no | +| [vpc_subnet_ids](#input_vpc_subnet_ids) | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | `list(string)` | `null` | no | ## Outputs -| Name | Description | -|------|-------------| -| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | -| [lambda\_cloudwatch\_log\_group\_name](#output\_lambda\_cloudwatch\_log\_group\_name) | The name of the Cloudwatch Log Group | -| [lambda\_event\_source\_mapping\_arn](#output\_lambda\_event\_source\_mapping\_arn) | The event source mapping ARN | -| [lambda\_event\_source\_mapping\_function\_arn](#output\_lambda\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | -| [lambda\_event\_source\_mapping\_state](#output\_lambda\_event\_source\_mapping\_state) | The state of the event source mapping | -| [lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | -| [lambda\_event\_source\_mapping\_uuid](#output\_lambda\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | -| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | -| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | -| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [lambda\_function\_qualified\_invoke\_arn](#output\_lambda\_function\_qualified\_invoke\_arn) | The Invoke ARN identifying your Lambda Function Version | -| [lambda\_function\_signing\_job\_arn](#output\_lambda\_function\_signing\_job\_arn) | ARN of the signing job | -| [lambda\_function\_signing\_profile\_version\_arn](#output\_lambda\_function\_signing\_profile\_version\_arn) | ARN of the signing profile version | -| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [lambda\_function\_url](#output\_lambda\_function\_url) | The URL of the Lambda Function URL | -| [lambda\_function\_url\_id](#output\_lambda\_function\_url\_id) | The Lambda Function URL generated id | -| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | -| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | -| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | -| [lambda\_role\_unique\_id](#output\_lambda\_role\_unique\_id) | The unique id of the IAM role created for the Lambda Function | +| Name | Description | +| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | +| [lambda_cloudwatch_log_group_arn](#output_lambda_cloudwatch_log_group_arn) | The ARN of the Cloudwatch Log Group | +| [lambda_cloudwatch_log_group_name](#output_lambda_cloudwatch_log_group_name) | The name of the Cloudwatch Log Group | +| [lambda_event_source_mapping_arn](#output_lambda_event_source_mapping_arn) | The event source mapping ARN | +| [lambda_event_source_mapping_function_arn](#output_lambda_event_source_mapping_function_arn) | The the ARN of the Lambda function the event source mapping is sending events to | +| [lambda_event_source_mapping_state](#output_lambda_event_source_mapping_state) | The state of the event source mapping | +| [lambda_event_source_mapping_state_transition_reason](#output_lambda_event_source_mapping_state_transition_reason) | The reason the event source mapping is in its current state | +| [lambda_event_source_mapping_uuid](#output_lambda_event_source_mapping_uuid) | The UUID of the created event source mapping | +| [lambda_function_arn](#output_lambda_function_arn) | The ARN of the Lambda Function | +| [lambda_function_arn_static](#output_lambda_function_arn_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | +| [lambda_function_invoke_arn](#output_lambda_function_invoke_arn) | The Invoke ARN of the Lambda Function | +| [lambda_function_kms_key_arn](#output_lambda_function_kms_key_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda_function_last_modified](#output_lambda_function_last_modified) | The date Lambda Function resource was last modified | +| [lambda_function_name](#output_lambda_function_name) | The name of the Lambda Function | +| [lambda_function_qualified_arn](#output_lambda_function_qualified_arn) | The ARN identifying your Lambda Function Version | +| [lambda_function_qualified_invoke_arn](#output_lambda_function_qualified_invoke_arn) | The Invoke ARN identifying your Lambda Function Version | +| [lambda_function_signing_job_arn](#output_lambda_function_signing_job_arn) | ARN of the signing job | +| [lambda_function_signing_profile_version_arn](#output_lambda_function_signing_profile_version_arn) | ARN of the signing profile version | +| [lambda_function_source_code_hash](#output_lambda_function_source_code_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda_function_source_code_size](#output_lambda_function_source_code_size) | The size in bytes of the function .zip file | +| [lambda_function_url](#output_lambda_function_url) | The URL of the Lambda Function URL | +| [lambda_function_url_id](#output_lambda_function_url_id) | The Lambda Function URL generated id | +| [lambda_function_version](#output_lambda_function_version) | Latest published version of Lambda Function | +| [lambda_role_arn](#output_lambda_role_arn) | The ARN of the IAM role created for the Lambda Function | +| [lambda_role_name](#output_lambda_role_name) | The name of the IAM role created for the Lambda Function | +| [lambda_role_unique_id](#output_lambda_role_unique_id) | The unique id of the IAM role created for the Lambda Function | + ## Development @@ -870,6 +877,7 @@ tox -e py ``` You can also pass additional positional arguments to pytest which is used to run test, e.g. to make it verbose: + ``` tox -e py -- -vvv ``` @@ -886,6 +894,6 @@ Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraf ## Additional information for users from Russia and Belarus -* Russia has [illegally annexed Crimea in 2014](https://en.wikipedia.org/wiki/Annexation_of_Crimea_by_the_Russian_Federation) and [brought the war in Donbas](https://en.wikipedia.org/wiki/War_in_Donbas) followed by [full-scale invasion of Ukraine in 2022](https://en.wikipedia.org/wiki/2022_Russian_invasion_of_Ukraine). -* Russia has brought sorrow and devastations to millions of Ukrainians, killed hundreds of innocent people, damaged thousands of buildings, and forced several million people to flee. -* [Putin khuylo!](https://en.wikipedia.org/wiki/Putin_khuylo!) +- Russia has [illegally annexed Crimea in 2014](https://en.wikipedia.org/wiki/Annexation_of_Crimea_by_the_Russian_Federation) and [brought the war in Donbas](https://en.wikipedia.org/wiki/War_in_Donbas) followed by [full-scale invasion of Ukraine in 2022](https://en.wikipedia.org/wiki/2022_Russian_invasion_of_Ukraine). +- Russia has brought sorrow and devastations to millions of Ukrainians, killed hundreds of innocent people, damaged thousands of buildings, and forced several million people to flee. +- [Putin khuylo!](https://en.wikipedia.org/wiki/Putin_khuylo!) diff --git a/modules/alias/README.md b/modules/alias/README.md index 4d1871d3..c11d0692 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -6,7 +6,6 @@ Lambda Alias is required to do complex Lambda deployments, eg. using external to This Terraform module is the part of [serverless.tf framework](https://github.com/antonbabenko/serverless.tf), which aims to simplify all operations when working with the serverless in Terraform. - ## Usage ### Lambda Function and statically configured alias with the version of Lambda Function @@ -83,7 +82,6 @@ module "alias_existing" { } ``` - ## Conditional creation Sometimes you need to have a way to create resources conditionally but Terraform does not allow usage of `count` inside `module` block, so the solution is to specify `create` arguments. @@ -107,22 +105,22 @@ module "lambda" { ## Examples -* [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create Lambda function and aliases in various combinations with all supported features. - +- [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create Lambda function and aliases in various combinations with all supported features. + ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.9 | +| Name | Version | +| ------------------------------------------------------------------------ | ------- | +| [terraform](#requirement_terraform) | >= 1.3 | +| [aws](#requirement_aws) | >= 4.9 | ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 4.9 | +| Name | Version | +| ------------------------------------------------ | ------- | +| [aws](#provider_aws) | >= 4.9 | ## Modules @@ -130,53 +128,54 @@ No modules. ## Resources -| Name | Type | -|------|------| -| [aws_lambda_alias.no_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | -| [aws_lambda_alias.with_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | -| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | -| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | -| [aws_lambda_permission.qualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | -| [aws_lambda_permission.version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | -| [aws_lambda_alias.existing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | +| Name | Type | +| --------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| [aws_lambda_alias.no_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | +| [aws_lambda_alias.with_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | +| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | +| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | +| [aws_lambda_permission.qualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_permission.version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_alias.existing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [allowed\_triggers](#input\_allowed\_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | -| [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | -| [create\_async\_event\_config](#input\_create\_async\_event\_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | -| [create\_qualified\_alias\_allowed\_triggers](#input\_create\_qualified\_alias\_allowed\_triggers) | Whether to allow triggers on qualified alias | `bool` | `true` | no | -| [create\_qualified\_alias\_async\_event\_config](#input\_create\_qualified\_alias\_async\_event\_config) | Whether to allow async event configuration on qualified alias | `bool` | `true` | no | -| [create\_version\_allowed\_triggers](#input\_create\_version\_allowed\_triggers) | Whether to allow triggers on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| [create\_version\_async\_event\_config](#input\_create\_version\_async\_event\_config) | Whether to allow async event configuration on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| [description](#input\_description) | Description of the alias. | `string` | `""` | no | -| [destination\_on\_failure](#input\_destination\_on\_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | -| [destination\_on\_success](#input\_destination\_on\_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | -| [event\_source\_mapping](#input\_event\_source\_mapping) | Map of event source mapping | `any` | `{}` | no | -| [function\_name](#input\_function\_name) | The function ARN of the Lambda function for which you want to create an alias. | `string` | `""` | no | -| [function\_version](#input\_function\_version) | Lambda function version for which you are creating the alias. Pattern: ($LATEST\|[0-9]+). | `string` | `""` | no | -| [maximum\_event\_age\_in\_seconds](#input\_maximum\_event\_age\_in\_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | -| [maximum\_retry\_attempts](#input\_maximum\_retry\_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | -| [name](#input\_name) | Name for the alias you are creating. | `string` | `""` | no | -| [refresh\_alias](#input\_refresh\_alias) | Whether to refresh function version used in the alias. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `true` | no | -| [routing\_additional\_version\_weights](#input\_routing\_additional\_version\_weights) | A map that defines the proportion of events that should be sent to different versions of a lambda function. | `map(number)` | `{}` | no | -| [use\_existing\_alias](#input\_use\_existing\_alias) | Whether to manage existing alias instead of creating a new one. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `false` | no | +| Name | Description | Type | Default | Required | +| ------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ------- | :------: | +| [allowed_triggers](#input_allowed_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | +| [create](#input_create) | Controls whether resources should be created | `bool` | `true` | no | +| [create_async_event_config](#input_create_async_event_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | +| [create_qualified_alias_allowed_triggers](#input_create_qualified_alias_allowed_triggers) | Whether to allow triggers on qualified alias | `bool` | `true` | no | +| [create_qualified_alias_async_event_config](#input_create_qualified_alias_async_event_config) | Whether to allow async event configuration on qualified alias | `bool` | `true` | no | +| [create_version_allowed_triggers](#input_create_version_allowed_triggers) | Whether to allow triggers on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [create_version_async_event_config](#input_create_version_async_event_config) | Whether to allow async event configuration on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [description](#input_description) | Description of the alias. | `string` | `""` | no | +| [destination_on_failure](#input_destination_on_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | +| [destination_on_success](#input_destination_on_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | +| [event_source_mapping](#input_event_source_mapping) | Map of event source mapping | `any` | `{}` | no | +| [function_name](#input_function_name) | The function ARN of the Lambda function for which you want to create an alias. | `string` | `""` | no | +| [function_version](#input_function_version) | Lambda function version for which you are creating the alias. Pattern: ($LATEST\|[0-9]+). | `string` | `""` | no | +| [maximum_event_age_in_seconds](#input_maximum_event_age_in_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | +| [maximum_retry_attempts](#input_maximum_retry_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | +| [name](#input_name) | Name for the alias you are creating. | `string` | `""` | no | +| [refresh_alias](#input_refresh_alias) | Whether to refresh function version used in the alias. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `true` | no | +| [routing_additional_version_weights](#input_routing_additional_version_weights) | A map that defines the proportion of events that should be sent to different versions of a lambda function. | `map(number)` | `{}` | no | +| [use_existing_alias](#input_use_existing_alias) | Whether to manage existing alias instead of creating a new one. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `false` | no | ## Outputs -| Name | Description | -|------|-------------| -| [lambda\_alias\_arn](#output\_lambda\_alias\_arn) | The ARN of the Lambda Function Alias | -| [lambda\_alias\_description](#output\_lambda\_alias\_description) | Description of alias | -| [lambda\_alias\_event\_source\_mapping\_function\_arn](#output\_lambda\_alias\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | -| [lambda\_alias\_event\_source\_mapping\_state](#output\_lambda\_alias\_event\_source\_mapping\_state) | The state of the event source mapping | -| [lambda\_alias\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_alias\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | -| [lambda\_alias\_event\_source\_mapping\_uuid](#output\_lambda\_alias\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | -| [lambda\_alias\_function\_version](#output\_lambda\_alias\_function\_version) | Lambda function version which the alias uses | -| [lambda\_alias\_invoke\_arn](#output\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | -| [lambda\_alias\_name](#output\_lambda\_alias\_name) | The name of the Lambda Function Alias | +| Name | Description | +| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------- | +| [lambda_alias_arn](#output_lambda_alias_arn) | The ARN of the Lambda Function Alias | +| [lambda_alias_description](#output_lambda_alias_description) | Description of alias | +| [lambda_alias_event_source_mapping_function_arn](#output_lambda_alias_event_source_mapping_function_arn) | The the ARN of the Lambda function the event source mapping is sending events to | +| [lambda_alias_event_source_mapping_state](#output_lambda_alias_event_source_mapping_state) | The state of the event source mapping | +| [lambda_alias_event_source_mapping_state_transition_reason](#output_lambda_alias_event_source_mapping_state_transition_reason) | The reason the event source mapping is in its current state | +| [lambda_alias_event_source_mapping_uuid](#output_lambda_alias_event_source_mapping_uuid) | The UUID of the created event source mapping | +| [lambda_alias_function_version](#output_lambda_alias_function_version) | Lambda function version which the alias uses | +| [lambda_alias_invoke_arn](#output_lambda_alias_invoke_arn) | The ARN to be used for invoking Lambda Function from API Gateway | +| [lambda_alias_name](#output_lambda_alias_name) | The name of the Lambda Function Alias | + ## Authors @@ -185,7 +184,6 @@ Module managed by [Anton Babenko](https://github.com/antonbabenko). Check out [s Please reach out to [Betajob](https://www.betajob.com/) if you are looking for commercial support for your Terraform, AWS, or serverless project. - ## License Apache 2 Licensed. See LICENSE for full details. diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 6da1f6e8..9ffd07ce 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -1,17 +1,17 @@ # Lambda Function Deployment via AWS CodeDeploy -Terraform module, which creates Lambda alias as well as AWS CodeDeploy resources required to deploy. +Terraform module, which creates Lambda alias as well as AWS CodeDeploy resources required to deploy. This Terraform module is the part of [serverless.tf framework](https://github.com/antonbabenko/serverless.tf), which aims to simplify all operations when working with the serverless in Terraform. This module can create AWS CodeDeploy application and deployment group, if necessary. If you have several functions, you probably want to create those resources externally, and then set `use_existing_deployment_group = true`. During deployment this module does the following: + 1. Create JSON object with required AppSpec configuration. Optionally, you can store deploy script for debug purposes by setting `save_deploy_script = true`. 1. Run [`aws deploy create-deployment` command](https://docs.aws.amazon.com/cli/latest/reference/deploy/create-deployment.html) if `create_deployment = true` and `run_deployment = true` was set. 1. After deployment is created, it can wait for the completion if `wait_deployment_completion = true`. Be aware, that Terraform will lock the execution and it can fail if it runs for a long period of time. Set this flag for fast deployments (eg, `deployment_config_name = "CodeDeployDefault.LambdaAllAtOnce"`). - ## Usage ### Complete example of Lambda Function deployment via AWS CodeDeploy @@ -92,26 +92,26 @@ module "lambda" { ## Examples -* [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Creates Lambda Function, Alias, and all resources required to create deployments using AWS CodeDeploy. - +- [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Creates Lambda Function, Alias, and all resources required to create deployments using AWS CodeDeploy. + ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 3.35 | -| [local](#requirement\_local) | >= 1.0 | -| [null](#requirement\_null) | >= 2.0 | +| Name | Version | +| ------------------------------------------------------------------------ | ------- | +| [terraform](#requirement_terraform) | >= 1.3 | +| [aws](#requirement_aws) | >= 3.35 | +| [local](#requirement_local) | >= 1.3 | +| [null](#requirement_null) | >= 2.0 | ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 3.35 | -| [local](#provider\_local) | >= 1.0 | -| [null](#provider\_null) | >= 2.0 | +| Name | Version | +| ------------------------------------------------------ | ------- | +| [aws](#provider_aws) | >= 3.35 | +| [local](#provider_local) | >= 1.3 | +| [null](#provider_null) | >= 2.0 | ## Modules @@ -119,78 +119,79 @@ No modules. ## Resources -| Name | Type | -|------|------| -| [aws_codedeploy_app.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_app) | resource | -| [aws_codedeploy_deployment_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_deployment_group) | resource | -| [aws_iam_policy.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [local_file.deploy_script](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | -| [null_resource.deploy](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | -| [aws_lambda_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | -| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_function) | data source | +| Name | Type | +| --------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| [aws_codedeploy_app.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_app) | resource | +| [aws_codedeploy_deployment_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_deployment_group) | resource | +| [aws_iam_policy.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [local_file.deploy_script](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | +| [null_resource.deploy](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | +| [aws_lambda_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | +| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_function) | data source | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [after\_allow\_traffic\_hook\_arn](#input\_after\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute after allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| [alarm\_enabled](#input\_alarm\_enabled) | Indicates whether the alarm configuration is enabled. This option is useful when you want to temporarily deactivate alarm monitoring for a deployment group without having to add the same alarms again later. | `bool` | `false` | no | -| [alarm\_ignore\_poll\_alarm\_failure](#input\_alarm\_ignore\_poll\_alarm\_failure) | Indicates whether a deployment should continue if information about the current state of alarms cannot be retrieved from CloudWatch. | `bool` | `false` | no | -| [alarms](#input\_alarms) | A list of alarms configured for the deployment group. A maximum of 10 alarms can be added to a deployment group. | `list(string)` | `[]` | no | -| [alias\_name](#input\_alias\_name) | Name for the alias | `string` | `""` | no | -| [app\_name](#input\_app\_name) | Name of AWS CodeDeploy application | `string` | `""` | no | -| [attach\_hooks\_policy](#input\_attach\_hooks\_policy) | Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined. | `bool` | `true` | no | -| [attach\_triggers\_policy](#input\_attach\_triggers\_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | -| [auto\_rollback\_enabled](#input\_auto\_rollback\_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | -| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | -| [aws\_cli\_command](#input\_aws\_cli\_command) | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | -| [before\_allow\_traffic\_hook\_arn](#input\_before\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | -| [codedeploy\_role\_name](#input\_codedeploy\_role\_name) | IAM role name to create or use by CodeDeploy | `string` | `""` | no | -| [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | -| [create\_app](#input\_create\_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | -| [create\_codedeploy\_role](#input\_create\_codedeploy\_role) | Whether to create new AWS CodeDeploy IAM role | `bool` | `true` | no | -| [create\_deployment](#input\_create\_deployment) | Create the AWS resources and script for CodeDeploy | `bool` | `false` | no | -| [create\_deployment\_group](#input\_create\_deployment\_group) | Whether to create new AWS CodeDeploy Deployment Group | `bool` | `false` | no | -| [current\_version](#input\_current\_version) | Current version of Lambda function version to deploy (can't be $LATEST) | `string` | `""` | no | -| [deployment\_config\_name](#input\_deployment\_config\_name) | Name of deployment config to use | `string` | `"CodeDeployDefault.LambdaAllAtOnce"` | no | -| [deployment\_group\_name](#input\_deployment\_group\_name) | Name of deployment group to use | `string` | `""` | no | -| [description](#input\_description) | Description to use for the deployment | `string` | `""` | no | -| [force\_deploy](#input\_force\_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | -| [function\_name](#input\_function\_name) | The name of the Lambda function to deploy | `string` | `""` | no | -| [get\_deployment\_sleep\_timer](#input\_get\_deployment\_sleep\_timer) | Adds additional sleep time to get-deployment command to avoid the service throttling | `number` | `5` | no | -| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | -| [run\_deployment](#input\_run\_deployment) | Run AWS CLI command to start the deployment | `bool` | `false` | no | -| [save\_deploy\_script](#input\_save\_deploy\_script) | Save deploy script locally | `bool` | `false` | no | -| [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | -| [target\_version](#input\_target\_version) | Target version of Lambda function version to deploy | `string` | `""` | no | -| [triggers](#input\_triggers) | Map of triggers which will be notified when event happens. Valid options for event types are DeploymentStart, DeploymentSuccess, DeploymentFailure, DeploymentStop, DeploymentRollback, DeploymentReady (Applies only to replacement instances in a blue/green deployment), InstanceStart, InstanceSuccess, InstanceFailure, InstanceReady. Note that not all are applicable for Lambda deployments. | `map(any)` | `{}` | no | -| [use\_existing\_app](#input\_use\_existing\_app) | Whether to use existing AWS CodeDeploy app | `bool` | `false` | no | -| [use\_existing\_deployment\_group](#input\_use\_existing\_deployment\_group) | Whether to use existing AWS CodeDeploy Deployment Group | `bool` | `false` | no | -| [wait\_deployment\_completion](#input\_wait\_deployment\_completion) | Wait until deployment completes. It can take a lot of time and your terraform process may lock execution for long time. | `bool` | `false` | no | +| Name | Description | Type | Default | Required | +| ------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | -------------------------------------------------- | :------: | +| [after_allow_traffic_hook_arn](#input_after_allow_traffic_hook_arn) | ARN of Lambda function to execute after allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | +| [alarm_enabled](#input_alarm_enabled) | Indicates whether the alarm configuration is enabled. This option is useful when you want to temporarily deactivate alarm monitoring for a deployment group without having to add the same alarms again later. | `bool` | `false` | no | +| [alarm_ignore_poll_alarm_failure](#input_alarm_ignore_poll_alarm_failure) | Indicates whether a deployment should continue if information about the current state of alarms cannot be retrieved from CloudWatch. | `bool` | `false` | no | +| [alarms](#input_alarms) | A list of alarms configured for the deployment group. A maximum of 10 alarms can be added to a deployment group. | `list(string)` | `[]` | no | +| [alias_name](#input_alias_name) | Name for the alias | `string` | `""` | no | +| [app_name](#input_app_name) | Name of AWS CodeDeploy application | `string` | `""` | no | +| [attach_hooks_policy](#input_attach_hooks_policy) | Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined. | `bool` | `true` | no | +| [attach_triggers_policy](#input_attach_triggers_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | +| [auto_rollback_enabled](#input_auto_rollback_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | +| [auto_rollback_events](#input_auto_rollback_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT_FAILURE and DEPLOYMENT_STOP_ON_ALARM. | `list(string)` | 
[
 "DEPLOYMENT_STOP_ON_ALARM"
]
| no | +| [aws_cli_command](#input_aws_cli_command) | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | +| [before_allow_traffic_hook_arn](#input_before_allow_traffic_hook_arn) | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | +| [codedeploy_principals](#input_codedeploy_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
 "codedeploy.amazonaws.com"
]
| no | +| [codedeploy_role_name](#input_codedeploy_role_name) | IAM role name to create or use by CodeDeploy | `string` | `""` | no | +| [create](#input_create) | Controls whether resources should be created | `bool` | `true` | no | +| [create_app](#input_create_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | +| [create_codedeploy_role](#input_create_codedeploy_role) | Whether to create new AWS CodeDeploy IAM role | `bool` | `true` | no | +| [create_deployment](#input_create_deployment) | Create the AWS resources and script for CodeDeploy | `bool` | `false` | no | +| [create_deployment_group](#input_create_deployment_group) | Whether to create new AWS CodeDeploy Deployment Group | `bool` | `false` | no | +| [current_version](#input_current_version) | Current version of Lambda function version to deploy (can't be $LATEST) | `string` | `""` | no | +| [deployment_config_name](#input_deployment_config_name) | Name of deployment config to use | `string` | `"CodeDeployDefault.LambdaAllAtOnce"` | no | +| [deployment_group_name](#input_deployment_group_name) | Name of deployment group to use | `string` | `""` | no | +| [description](#input_description) | Description to use for the deployment | `string` | `""` | no | +| [force_deploy](#input_force_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | +| [function_name](#input_function_name) | The name of the Lambda function to deploy | `string` | `""` | no | +| [get_deployment_sleep_timer](#input_get_deployment_sleep_timer) | Adds additional sleep time to get-deployment command to avoid the service throttling | `number` | `5` | no | +| [interpreter](#input_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
 "/bin/bash",
 "-c"
]
| no | +| [run_deployment](#input_run_deployment) | Run AWS CLI command to start the deployment | `bool` | `false` | no | +| [save_deploy_script](#input_save_deploy_script) | Save deploy script locally | `bool` | `false` | no | +| [tags](#input_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | +| [target_version](#input_target_version) | Target version of Lambda function version to deploy | `string` | `""` | no | +| [triggers](#input_triggers) | Map of triggers which will be notified when event happens. Valid options for event types are DeploymentStart, DeploymentSuccess, DeploymentFailure, DeploymentStop, DeploymentRollback, DeploymentReady (Applies only to replacement instances in a blue/green deployment), InstanceStart, InstanceSuccess, InstanceFailure, InstanceReady. Note that not all are applicable for Lambda deployments. | `map(any)` | `{}` | no | +| [use_existing_app](#input_use_existing_app) | Whether to use existing AWS CodeDeploy app | `bool` | `false` | no | +| [use_existing_deployment_group](#input_use_existing_deployment_group) | Whether to use existing AWS CodeDeploy Deployment Group | `bool` | `false` | no | +| [wait_deployment_completion](#input_wait_deployment_completion) | Wait until deployment completes. It can take a lot of time and your terraform process may lock execution for long time. | `bool` | `false` | no | ## Outputs -| Name | Description | -|------|-------------| -| [appspec](#output\_appspec) | Appspec data as HCL | -| [appspec\_content](#output\_appspec\_content) | Appspec data as valid JSON | -| [appspec\_sha256](#output\_appspec\_sha256) | SHA256 of Appspec JSON | -| [codedeploy\_app\_name](#output\_codedeploy\_app\_name) | Name of CodeDeploy application | -| [codedeploy\_deployment\_group\_id](#output\_codedeploy\_deployment\_group\_id) | CodeDeploy deployment group id | -| [codedeploy\_deployment\_group\_name](#output\_codedeploy\_deployment\_group\_name) | CodeDeploy deployment group name | -| [codedeploy\_iam\_role\_name](#output\_codedeploy\_iam\_role\_name) | Name of IAM role used by CodeDeploy | -| [deploy\_script](#output\_deploy\_script) | Path to a deployment script | -| [script](#output\_script) | Deployment script | +| Name | Description | +| ----------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | +| [appspec](#output_appspec) | Appspec data as HCL | +| [appspec_content](#output_appspec_content) | Appspec data as valid JSON | +| [appspec_sha256](#output_appspec_sha256) | SHA256 of Appspec JSON | +| [codedeploy_app_name](#output_codedeploy_app_name) | Name of CodeDeploy application | +| [codedeploy_deployment_group_id](#output_codedeploy_deployment_group_id) | CodeDeploy deployment group id | +| [codedeploy_deployment_group_name](#output_codedeploy_deployment_group_name) | CodeDeploy deployment group name | +| [codedeploy_iam_role_name](#output_codedeploy_iam_role_name) | Name of IAM role used by CodeDeploy | +| [deploy_script](#output_deploy_script) | Path to a deployment script | +| [script](#output_script) | Deployment script | + ## Authors @@ -199,7 +200,6 @@ Module managed by [Anton Babenko](https://github.com/antonbabenko). Check out [s Please reach out to [Betajob](https://www.betajob.com/) if you are looking for commercial support for your Terraform, AWS, or serverless project. - ## License Apache 2 Licensed. See LICENSE for full details. diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 0bfb506c..1d31985c 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -49,26 +49,26 @@ module "docker_image" { ## Examples -* [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Creates Docker Image, ECR resository and deploys it Lambda Function. - +- [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Creates Docker Image, ECR resository and deploys it Lambda Function. + ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.22 | -| [docker](#requirement\_docker) | >= 3.0 | -| [null](#requirement\_null) | >= 2.0 | +| Name | Version | +| ------------------------------------------------------------------------ | ------- | +| [terraform](#requirement_terraform) | >= 1.3 | +| [aws](#requirement_aws) | >= 4.22 | +| [docker](#requirement_docker) | >= 3.0 | +| [null](#requirement_null) | >= 2.0 | ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 4.22 | -| [docker](#provider\_docker) | >= 3.0 | -| [null](#provider\_null) | >= 2.0 | +| Name | Version | +| --------------------------------------------------------- | ------- | +| [aws](#provider_aws) | >= 4.22 | +| [docker](#provider_docker) | >= 3.0 | +| [null](#provider_null) | >= 2.0 | ## Modules @@ -76,47 +76,48 @@ No modules. ## Resources -| Name | Type | -|------|------| -| [aws_ecr_lifecycle_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource | -| [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource | -| [docker_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/image) | resource | -| [docker_registry_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/registry_image) | resource | -| [null_resource.sam_metadata_docker_registry_image](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| Name | Type | +| ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| [aws_ecr_lifecycle_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource | +| [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource | +| [docker_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/image) | resource | +| [docker_registry_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/registry_image) | resource | +| [null_resource.sam_metadata_docker_registry_image](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [build\_args](#input\_build\_args) | A map of Docker build arguments. | `map(string)` | `{}` | no | -| [cache\_from](#input\_cache\_from) | List of images to consider as cache sources when building the image. | `list(string)` | `[]` | no | -| [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | -| [create\_sam\_metadata](#input\_create\_sam\_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no | -| [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | -| [ecr\_address](#input\_ecr\_address) | Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false` | `string` | `null` | no | -| [ecr\_force\_delete](#input\_ecr\_force\_delete) | If true, will delete the repository even if it contains images. | `bool` | `true` | no | -| [ecr\_repo](#input\_ecr\_repo) | Name of ECR repository to use or to create | `string` | `null` | no | -| [ecr\_repo\_lifecycle\_policy](#input\_ecr\_repo\_lifecycle\_policy) | A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images. | `string` | `null` | no | -| [ecr\_repo\_tags](#input\_ecr\_repo\_tags) | A map of tags to assign to ECR repository | `map(string)` | `{}` | no | -| [force\_remove](#input\_force\_remove) | Whether to remove image forcibly when the resource is destroyed. | `bool` | `false` | no | -| [image\_tag](#input\_image\_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | -| [image\_tag\_mutability](#input\_image\_tag\_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | -| [keep\_locally](#input\_keep\_locally) | Whether to delete the Docker image locally on destroy operation. | `bool` | `false` | no | -| [keep\_remotely](#input\_keep\_remotely) | Whether to keep Docker image in the remote registry on destroy operation. | `bool` | `false` | no | -| [platform](#input\_platform) | The target architecture platform to build the image for. | `string` | `null` | no | -| [scan\_on\_push](#input\_scan\_on\_push) | Indicates whether images are scanned after being pushed to the repository | `bool` | `false` | no | -| [source\_path](#input\_source\_path) | Path to folder containing application code | `string` | `null` | no | -| [triggers](#input\_triggers) | A map of arbitrary strings that, when changed, will force the docker\_image resource to be replaced. This can be used to rebuild an image when contents of source code folders change | `map(string)` | `{}` | no | -| [use\_image\_tag](#input\_use\_image\_tag) | Controls whether to use image tag in ECR repository URI or not. Disable this to deploy latest image using ID (sha256:...) | `bool` | `true` | no | +| Name | Description | Type | Default | Required | +| ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------- | -------------- | :------: | +| [build_args](#input_build_args) | A map of Docker build arguments. | `map(string)` | `{}` | no | +| [cache_from](#input_cache_from) | List of images to consider as cache sources when building the image. | `list(string)` | `[]` | no | +| [create_ecr_repo](#input_create_ecr_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | +| [create_sam_metadata](#input_create_sam_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no | +| [docker_file_path](#input_docker_file_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | +| [ecr_address](#input_ecr_address) | Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false` | `string` | `null` | no | +| [ecr_force_delete](#input_ecr_force_delete) | If true, will delete the repository even if it contains images. | `bool` | `true` | no | +| [ecr_repo](#input_ecr_repo) | Name of ECR repository to use or to create | `string` | `null` | no | +| [ecr_repo_lifecycle_policy](#input_ecr_repo_lifecycle_policy) | A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images. | `string` | `null` | no | +| [ecr_repo_tags](#input_ecr_repo_tags) | A map of tags to assign to ECR repository | `map(string)` | `{}` | no | +| [force_remove](#input_force_remove) | Whether to remove image forcibly when the resource is destroyed. | `bool` | `false` | no | +| [image_tag](#input_image_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | +| [image_tag_mutability](#input_image_tag_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | +| [keep_locally](#input_keep_locally) | Whether to delete the Docker image locally on destroy operation. | `bool` | `false` | no | +| [keep_remotely](#input_keep_remotely) | Whether to keep Docker image in the remote registry on destroy operation. | `bool` | `false` | no | +| [platform](#input_platform) | The target architecture platform to build the image for. | `string` | `null` | no | +| [scan_on_push](#input_scan_on_push) | Indicates whether images are scanned after being pushed to the repository | `bool` | `false` | no | +| [source_path](#input_source_path) | Path to folder containing application code | `string` | `null` | no | +| [triggers](#input_triggers) | A map of arbitrary strings that, when changed, will force the docker_image resource to be replaced. This can be used to rebuild an image when contents of source code folders change | `map(string)` | `{}` | no | +| [use_image_tag](#input_use_image_tag) | Controls whether to use image tag in ECR repository URI or not. Disable this to deploy latest image using ID (sha256:...) | `bool` | `true` | no | ## Outputs -| Name | Description | -|------|-------------| -| [image\_id](#output\_image\_id) | The ID of the Docker image | -| [image\_uri](#output\_image\_uri) | The ECR image URI for deploying lambda | +| Name | Description | +| -------------------------------------------------------------- | -------------------------------------- | +| [image_id](#output_image_id) | The ID of the Docker image | +| [image_uri](#output_image_uri) | The ECR image URI for deploying lambda | + ## Authors @@ -125,7 +126,6 @@ Module managed by [Anton Babenko](https://github.com/antonbabenko). Check out [s Please reach out to [Betajob](https://www.betajob.com/) if you are looking for commercial support for your Terraform, AWS, or serverless project. - ## License Apache 2 Licensed. See LICENSE for full details. From d1470b715bbc1bcf6b414f8cfac082fb0deef91c Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 13:10:55 -0400 Subject: [PATCH 09/15] fix: upgrade pre-commit hooks version in actions --- .github/workflows/pre-commit.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index a19ff831..06f8c6dc 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,8 +7,8 @@ on: - master env: - TERRAFORM_DOCS_VERSION: v0.19.0 - TFLINT_VERSION: v0.53.0 + TERRAFORM_DOCS_VERSION: v0.20.0 + TFLINT_VERSION: v0.59.1 jobs: collectInputs: @@ -22,7 +22,7 @@ jobs: - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.9.0 + uses: clowdhaus/terraform-composite-actions/directories@v1.13.0 preCommitMinVersions: name: Min TF pre-commit @@ -45,14 +45,14 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.1 + uses: clowdhaus/terraform-min-max@v2.1.0 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.13.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -61,7 +61,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.13.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -88,10 +88,10 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.1 + uses: clowdhaus/terraform-min-max@v2.1.0 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.13.0 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} From e7b26da6a0df9d8bea228a16da91c8f149cad92a Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 13:48:28 -0400 Subject: [PATCH 10/15] chore: re-run for pre-commit hooks --- README.md | 340 ++++++++++++++++----------------- modules/alias/README.md | 98 +++++----- modules/deploy/README.md | 156 ++++++++------- modules/docker-build/README.md | 94 +++++---- 4 files changed, 340 insertions(+), 348 deletions(-) diff --git a/README.md b/README.md index 5c4e0d43..80742506 100644 --- a/README.md +++ b/README.md @@ -667,19 +667,18 @@ Q4: What does this error mean - `"We currently do not support adding policies fo - [1Mill/serverless-tf-examples](https://github.com/1Mill/serverless-tf-examples/tree/main/src) - ## Requirements -| Name | Version | -| ------------------------------------------------------------------------ | ------- | -| [terraform](#requirement_terraform) | >= 1.3 | -| [aws](#requirement_aws) | >= 5.79 | +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3 | +| [aws](#requirement\_aws) | >= 5.79 | ## Providers -| Name | Version | -| ------------------------------------------------ | ------- | -| [aws](#provider_aws) | >= 5.79 | +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 5.79 | ## Modules @@ -687,175 +686,174 @@ No modules. ## Resources -| Name | Type | -| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------- | -| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | -| [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy_attachment.additional_many](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.additional_one](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | -| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | -| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | -| [aws_lambda_function_recursion_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_recursion_config) | resource | -| [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource | -| [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | -| [aws_lambda_permission.unqualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | -| [aws_lambda_provisioned_concurrency_config.current_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_provisioned_concurrency_config) | resource | -| [aws_arn.log_group_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | data source | -| [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy_document.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| Name | Type | +|------|------| +| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | +| [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy_attachment.additional_many](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.additional_one](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | +| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | +| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | +| [aws_lambda_function_recursion_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_recursion_config) | resource | +| [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource | +| [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_permission.unqualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_provisioned_concurrency_config.current_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_provisioned_concurrency_config) | resource | +| [aws_arn.log_group_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | data source | +| [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | +| [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | +| [aws_iam_policy_document.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs -| Name | Description | Type | Default | Required | -| --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------- | -------- | :------: | -| [allowed_triggers](#input_allowed_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | -| [architectures](#input_architectures) | Instruction set architecture for your Lambda function. Valid values are ["x86\_64"] and ["arm64"]. | `list(string)` | `null` | no | -| [assume_role_policy_statements](#input_assume_role_policy_statements) | Map of dynamic policy statements for assuming Lambda Function role (trust relationship) | `any` | `{}` | no | -| [attach_async_event_policy](#input_attach_async_event_policy) | Controls whether async event policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach_cloudwatch_logs_policy](#input_attach_cloudwatch_logs_policy) | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | `bool` | `true` | no | -| [attach_create_log_group_permission](#input_attach_create_log_group_permission) | Controls whether to add the create log group permission to the CloudWatch logs policy | `bool` | `true` | no | -| [attach_dead_letter_policy](#input_attach_dead_letter_policy) | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach_network_policy](#input_attach_network_policy) | Controls whether VPC/network policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach_policies](#input_attach_policies) | Controls whether list of policies should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach_policy](#input_attach_policy) | Controls whether policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach_policy_json](#input_attach_policy_json) | Controls whether policy_json should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach_policy_jsons](#input_attach_policy_jsons) | Controls whether policy_jsons should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach_policy_statements](#input_attach_policy_statements) | Controls whether policy_statements should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach_tracing_policy](#input_attach_tracing_policy) | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [authorization_type](#input_authorization_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no | -| [cloudwatch_logs_kms_key_id](#input_cloudwatch_logs_kms_key_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | -| [cloudwatch_logs_log_group_class](#input_cloudwatch_logs_log_group_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no | -| [cloudwatch_logs_retention_in_days](#input_cloudwatch_logs_retention_in_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | -| [cloudwatch_logs_skip_destroy](#input_cloudwatch_logs_skip_destroy) | Whether to keep the log group (and any logs it may contain) at destroy time. | `bool` | `false` | no | -| [cloudwatch_logs_tags](#input_cloudwatch_logs_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | -| [code_signing_config_arn](#input_code_signing_config_arn) | Amazon Resource Name (ARN) for a Code Signing Configuration | `string` | `null` | no | -| [cors](#input_cors) | CORS settings to be used by the Lambda Function URL | `any` | `{}` | no | -| [create](#input_create) | Controls whether resources should be created | `bool` | `true` | no | -| [create_async_event_config](#input_create_async_event_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | -| [create_current_version_allowed_triggers](#input_create_current_version_allowed_triggers) | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| [create_current_version_async_event_config](#input_create_current_version_async_event_config) | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| [create_function](#input_create_function) | Controls whether Lambda Function resource should be created | `bool` | `true` | no | -| [create_lambda_function_url](#input_create_lambda_function_url) | Controls whether the Lambda Function URL resource should be created | `bool` | `false` | no | -| [create_layer](#input_create_layer) | Controls whether Lambda Layer resource should be created | `bool` | `false` | no | -| [create_role](#input_create_role) | Controls whether IAM role for Lambda Function should be created | `bool` | `true` | no | -| [create_unqualified_alias_allowed_triggers](#input_create_unqualified_alias_allowed_triggers) | Whether to allow triggers on unqualified alias pointing to $LATEST version | `bool` | `true` | no | -| [create_unqualified_alias_async_event_config](#input_create_unqualified_alias_async_event_config) | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | `bool` | `true` | no | -| [create_unqualified_alias_lambda_function_url](#input_create_unqualified_alias_lambda_function_url) | Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL | `bool` | `true` | no | -| [dead_letter_target_arn](#input_dead_letter_target_arn) | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | `string` | `null` | no | -| [description](#input_description) | Description of your Lambda Function (or Layer) | `string` | `""` | no | -| [destination_on_failure](#input_destination_on_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | -| [destination_on_success](#input_destination_on_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | -| [environment_variables](#input_environment_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no | -| [ephemeral_storage_size](#input_ephemeral_storage_size) | Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | `number` | `512` | no | -| [event_source_mapping](#input_event_source_mapping) | Map of event source mapping | `any` | `{}` | no | -| [file_system_arn](#input_file_system_arn) | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | `string` | `null` | no | -| [file_system_local_mount_path](#input_file_system_local_mount_path) | The path where the function can access the file system, starting with /mnt/. | `string` | `null` | no | -| [function_name](#input_function_name) | A unique name for your Lambda Function | `string` | `""` | no | -| [function_tags](#input_function_tags) | A map of tags to assign only to the lambda function | `map(string)` | `{}` | no | -| [handler](#input_handler) | Lambda Function entrypoint in your code | `string` | `""` | no | -| [image_config_command](#input_image_config_command) | The CMD for the docker image | `list(string)` | `[]` | no | -| [image_config_entry_point](#input_image_config_entry_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | -| [image_config_working_directory](#input_image_config_working_directory) | The working directory for the docker image | `string` | `null` | no | -| [image_uri](#input_image_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no | -| [include_default_tag](#input_include_default_tag) | Set to false to not include the default tag in the tags map. | `bool` | `true` | no | -| [invoke_mode](#input_invoke_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE_STREAM. | `string` | `null` | no | -| [ipv6_allowed_for_dual_stack](#input_ipv6_allowed_for_dual_stack) | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets | `bool` | `null` | no | -| [kms_key_arn](#input_kms_key_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | -| [lambda_at_edge](#input_lambda_at_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | -| [lambda_at_edge_logs_all_regions](#input_lambda_at_edge_logs_all_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no | -| [lambda_role](#input_lambda_role) | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | -| [layers](#input_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `null` | no | -| [logging_application_log_level](#input_logging_application_log_level) | The application log level of the Lambda Function. Valid values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", or "FATAL". | `string` | `"INFO"` | no | -| [logging_log_format](#input_logging_log_format) | The log format of the Lambda Function. Valid values are "JSON" or "Text". | `string` | `"Text"` | no | -| [logging_log_group](#input_logging_log_group) | The CloudWatch log group to send logs to. | `string` | `null` | no | -| [logging_system_log_level](#input_logging_system_log_level) | The system log level of the Lambda Function. Valid values are "DEBUG", "INFO", or "WARN". | `string` | `"INFO"` | no | -| [maximum_event_age_in_seconds](#input_maximum_event_age_in_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | -| [maximum_retry_attempts](#input_maximum_retry_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | -| [memory_size](#input_memory_size) | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | `number` | `128` | no | -| [number_of_policies](#input_number_of_policies) | Number of policies to attach to IAM role for Lambda Function | `number` | `0` | no | -| [number_of_policy_jsons](#input_number_of_policy_jsons) | Number of policies JSON to attach to IAM role for Lambda Function | `number` | `0` | no | -| [package_type](#input_package_type) | The Lambda deployment package type. Valid options: Zip or Image | `string` | `"Zip"` | no | -| [policies](#input_policies) | List of policy statements ARN to attach to Lambda Function role | `list(string)` | `[]` | no | -| [policy](#input_policy) | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no | -| [policy_json](#input_policy_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | -| [policy_jsons](#input_policy_jsons) | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no | -| [policy_name](#input_policy_name) | IAM policy name. It override the default value, which is the same as role_name | `string` | `null` | no | -| [policy_path](#input_policy_path) | Path of policies to that should be added to IAM role for Lambda Function | `string` | `null` | no | -| [policy_statements](#input_policy_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | -| [provisioned_concurrent_executions](#input_provisioned_concurrent_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | -| [publish](#input_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | -| [putin_khuylo](#input_putin_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | -| [recursive_loop](#input_recursive_loop) | Lambda function recursion configuration. Valid values are Allow or Terminate. | `string` | `null` | no | -| [replace_security_groups_on_destroy](#input_replace_security_groups_on_destroy) | (Optional) When true, all security groups defined in vpc_security_group_ids will be replaced with the default security group after the function is destroyed. Set the replacement_security_group_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no | -| [replacement_security_group_ids](#input_replacement_security_group_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace_security_groups_on_destroy must be set to true to use this attribute. | `list(string)` | `null` | no | -| [reserved_concurrent_executions](#input_reserved_concurrent_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | -| [role_description](#input_role_description) | Description of IAM role to use for Lambda Function | `string` | `null` | no | -| [role_force_detach_policies](#input_role_force_detach_policies) | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no | -| [role_maximum_session_duration](#input_role_maximum_session_duration) | Maximum session duration, in seconds, for the IAM role | `number` | `3600` | no | -| [role_name](#input_role_name) | Name of IAM role to use for Lambda Function | `string` | `null` | no | -| [role_path](#input_role_path) | Path of IAM role to use for Lambda Function | `string` | `null` | no | -| [role_permissions_boundary](#input_role_permissions_boundary) | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | `string` | `null` | no | -| [role_tags](#input_role_tags) | A map of tags to assign to IAM role | `map(string)` | `{}` | no | -| [runtime](#input_runtime) | Lambda Function runtime | `string` | `""` | no | -| [skip_destroy](#input_skip_destroy) | Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. Useful for Lambda@Edge functions attached to CloudFront distributions. | `bool` | `null` | no | -| [snap_start](#input_snap_start) | (Optional) Snap start settings for low-latency startups | `bool` | `false` | no | -| [tags](#input_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | -| [timeout](#input_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no | -| [timeouts](#input_timeouts) | Define maximum timeout for creating, updating, and deleting Lambda Function resources | `map(string)` | `{}` | no | -| [tracing_mode](#input_tracing_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no | -| [trusted_entities](#input_trusted_entities) | List of additional trusted entities for assuming Lambda Function role (trust relationship) | `any` | `[]` | no | -| [use_existing_cloudwatch_log_group](#input_use_existing_cloudwatch_log_group) | Whether to use an existing CloudWatch log group or create new | `bool` | `false` | no | -| [vpc_security_group_ids](#input_vpc_security_group_ids) | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no | -| [vpc_subnet_ids](#input_vpc_subnet_ids) | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | `list(string)` | `null` | no | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [allowed\_triggers](#input\_allowed\_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | +| [architectures](#input\_architectures) | Instruction set architecture for your Lambda function. Valid values are ["x86\_64"] and ["arm64"]. | `list(string)` | `null` | no | +| [assume\_role\_policy\_statements](#input\_assume\_role\_policy\_statements) | Map of dynamic policy statements for assuming Lambda Function role (trust relationship) | `any` | `{}` | no | +| [attach\_async\_event\_policy](#input\_attach\_async\_event\_policy) | Controls whether async event policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_cloudwatch\_logs\_policy](#input\_attach\_cloudwatch\_logs\_policy) | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | `bool` | `true` | no | +| [attach\_create\_log\_group\_permission](#input\_attach\_create\_log\_group\_permission) | Controls whether to add the create log group permission to the CloudWatch logs policy | `bool` | `true` | no | +| [attach\_dead\_letter\_policy](#input\_attach\_dead\_letter\_policy) | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_network\_policy](#input\_attach\_network\_policy) | Controls whether VPC/network policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_policies](#input\_attach\_policies) | Controls whether list of policies should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_policy](#input\_attach\_policy) | Controls whether policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_policy\_json](#input\_attach\_policy\_json) | Controls whether policy\_json should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_policy\_jsons](#input\_attach\_policy\_jsons) | Controls whether policy\_jsons should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_policy\_statements](#input\_attach\_policy\_statements) | Controls whether policy\_statements should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_tracing\_policy](#input\_attach\_tracing\_policy) | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [authorization\_type](#input\_authorization\_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS\_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no | +| [cloudwatch\_logs\_kms\_key\_id](#input\_cloudwatch\_logs\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | +| [cloudwatch\_logs\_log\_group\_class](#input\_cloudwatch\_logs\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no | +| [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | +| [cloudwatch\_logs\_skip\_destroy](#input\_cloudwatch\_logs\_skip\_destroy) | Whether to keep the log group (and any logs it may contain) at destroy time. | `bool` | `false` | no | +| [cloudwatch\_logs\_tags](#input\_cloudwatch\_logs\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | +| [code\_signing\_config\_arn](#input\_code\_signing\_config\_arn) | Amazon Resource Name (ARN) for a Code Signing Configuration | `string` | `null` | no | +| [cors](#input\_cors) | CORS settings to be used by the Lambda Function URL | `any` | `{}` | no | +| [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | +| [create\_async\_event\_config](#input\_create\_async\_event\_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | +| [create\_current\_version\_allowed\_triggers](#input\_create\_current\_version\_allowed\_triggers) | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [create\_current\_version\_async\_event\_config](#input\_create\_current\_version\_async\_event\_config) | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [create\_function](#input\_create\_function) | Controls whether Lambda Function resource should be created | `bool` | `true` | no | +| [create\_lambda\_function\_url](#input\_create\_lambda\_function\_url) | Controls whether the Lambda Function URL resource should be created | `bool` | `false` | no | +| [create\_layer](#input\_create\_layer) | Controls whether Lambda Layer resource should be created | `bool` | `false` | no | +| [create\_role](#input\_create\_role) | Controls whether IAM role for Lambda Function should be created | `bool` | `true` | no | +| [create\_unqualified\_alias\_allowed\_triggers](#input\_create\_unqualified\_alias\_allowed\_triggers) | Whether to allow triggers on unqualified alias pointing to $LATEST version | `bool` | `true` | no | +| [create\_unqualified\_alias\_async\_event\_config](#input\_create\_unqualified\_alias\_async\_event\_config) | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | `bool` | `true` | no | +| [create\_unqualified\_alias\_lambda\_function\_url](#input\_create\_unqualified\_alias\_lambda\_function\_url) | Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL | `bool` | `true` | no | +| [dead\_letter\_target\_arn](#input\_dead\_letter\_target\_arn) | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | `string` | `null` | no | +| [description](#input\_description) | Description of your Lambda Function (or Layer) | `string` | `""` | no | +| [destination\_on\_failure](#input\_destination\_on\_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | +| [destination\_on\_success](#input\_destination\_on\_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | +| [environment\_variables](#input\_environment\_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no | +| [ephemeral\_storage\_size](#input\_ephemeral\_storage\_size) | Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | `number` | `512` | no | +| [event\_source\_mapping](#input\_event\_source\_mapping) | Map of event source mapping | `any` | `{}` | no | +| [file\_system\_arn](#input\_file\_system\_arn) | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | `string` | `null` | no | +| [file\_system\_local\_mount\_path](#input\_file\_system\_local\_mount\_path) | The path where the function can access the file system, starting with /mnt/. | `string` | `null` | no | +| [function\_name](#input\_function\_name) | A unique name for your Lambda Function | `string` | `""` | no | +| [function\_tags](#input\_function\_tags) | A map of tags to assign only to the lambda function | `map(string)` | `{}` | no | +| [handler](#input\_handler) | Lambda Function entrypoint in your code | `string` | `""` | no | +| [image\_config\_command](#input\_image\_config\_command) | The CMD for the docker image | `list(string)` | `[]` | no | +| [image\_config\_entry\_point](#input\_image\_config\_entry\_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | +| [image\_config\_working\_directory](#input\_image\_config\_working\_directory) | The working directory for the docker image | `string` | `null` | no | +| [image\_uri](#input\_image\_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no | +| [include\_default\_tag](#input\_include\_default\_tag) | Set to false to not include the default tag in the tags map. | `bool` | `true` | no | +| [invoke\_mode](#input\_invoke\_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE\_STREAM. | `string` | `null` | no | +| [ipv6\_allowed\_for\_dual\_stack](#input\_ipv6\_allowed\_for\_dual\_stack) | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets | `bool` | `null` | no | +| [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | +| [lambda\_at\_edge](#input\_lambda\_at\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | +| [lambda\_at\_edge\_logs\_all\_regions](#input\_lambda\_at\_edge\_logs\_all\_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no | +| [lambda\_role](#input\_lambda\_role) | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | +| [layers](#input\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `null` | no | +| [logging\_application\_log\_level](#input\_logging\_application\_log\_level) | The application log level of the Lambda Function. Valid values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", or "FATAL". | `string` | `"INFO"` | no | +| [logging\_log\_format](#input\_logging\_log\_format) | The log format of the Lambda Function. Valid values are "JSON" or "Text". | `string` | `"Text"` | no | +| [logging\_log\_group](#input\_logging\_log\_group) | The CloudWatch log group to send logs to. | `string` | `null` | no | +| [logging\_system\_log\_level](#input\_logging\_system\_log\_level) | The system log level of the Lambda Function. Valid values are "DEBUG", "INFO", or "WARN". | `string` | `"INFO"` | no | +| [maximum\_event\_age\_in\_seconds](#input\_maximum\_event\_age\_in\_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | +| [maximum\_retry\_attempts](#input\_maximum\_retry\_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | +| [memory\_size](#input\_memory\_size) | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | `number` | `128` | no | +| [number\_of\_policies](#input\_number\_of\_policies) | Number of policies to attach to IAM role for Lambda Function | `number` | `0` | no | +| [number\_of\_policy\_jsons](#input\_number\_of\_policy\_jsons) | Number of policies JSON to attach to IAM role for Lambda Function | `number` | `0` | no | +| [package\_type](#input\_package\_type) | The Lambda deployment package type. Valid options: Zip or Image | `string` | `"Zip"` | no | +| [policies](#input\_policies) | List of policy statements ARN to attach to Lambda Function role | `list(string)` | `[]` | no | +| [policy](#input\_policy) | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no | +| [policy\_json](#input\_policy\_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | +| [policy\_jsons](#input\_policy\_jsons) | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no | +| [policy\_name](#input\_policy\_name) | IAM policy name. It override the default value, which is the same as role\_name | `string` | `null` | no | +| [policy\_path](#input\_policy\_path) | Path of policies to that should be added to IAM role for Lambda Function | `string` | `null` | no | +| [policy\_statements](#input\_policy\_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | +| [provisioned\_concurrent\_executions](#input\_provisioned\_concurrent\_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | +| [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | +| [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | +| [recursive\_loop](#input\_recursive\_loop) | Lambda function recursion configuration. Valid values are Allow or Terminate. | `string` | `null` | no | +| [replace\_security\_groups\_on\_destroy](#input\_replace\_security\_groups\_on\_destroy) | (Optional) When true, all security groups defined in vpc\_security\_group\_ids will be replaced with the default security group after the function is destroyed. Set the replacement\_security\_group\_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no | +| [replacement\_security\_group\_ids](#input\_replacement\_security\_group\_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace\_security\_groups\_on\_destroy must be set to true to use this attribute. | `list(string)` | `null` | no | +| [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | +| [role\_description](#input\_role\_description) | Description of IAM role to use for Lambda Function | `string` | `null` | no | +| [role\_force\_detach\_policies](#input\_role\_force\_detach\_policies) | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no | +| [role\_maximum\_session\_duration](#input\_role\_maximum\_session\_duration) | Maximum session duration, in seconds, for the IAM role | `number` | `3600` | no | +| [role\_name](#input\_role\_name) | Name of IAM role to use for Lambda Function | `string` | `null` | no | +| [role\_path](#input\_role\_path) | Path of IAM role to use for Lambda Function | `string` | `null` | no | +| [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | `string` | `null` | no | +| [role\_tags](#input\_role\_tags) | A map of tags to assign to IAM role | `map(string)` | `{}` | no | +| [runtime](#input\_runtime) | Lambda Function runtime | `string` | `""` | no | +| [skip\_destroy](#input\_skip\_destroy) | Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. Useful for Lambda@Edge functions attached to CloudFront distributions. | `bool` | `null` | no | +| [snap\_start](#input\_snap\_start) | (Optional) Snap start settings for low-latency startups | `bool` | `false` | no | +| [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | +| [timeout](#input\_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no | +| [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting Lambda Function resources | `map(string)` | `{}` | no | +| [tracing\_mode](#input\_tracing\_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no | +| [trusted\_entities](#input\_trusted\_entities) | List of additional trusted entities for assuming Lambda Function role (trust relationship) | `any` | `[]` | no | +| [use\_existing\_cloudwatch\_log\_group](#input\_use\_existing\_cloudwatch\_log\_group) | Whether to use an existing CloudWatch log group or create new | `bool` | `false` | no | +| [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no | +| [vpc\_subnet\_ids](#input\_vpc\_subnet\_ids) | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | `list(string)` | `null` | no | ## Outputs -| Name | Description | -| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | -| [lambda_cloudwatch_log_group_arn](#output_lambda_cloudwatch_log_group_arn) | The ARN of the Cloudwatch Log Group | -| [lambda_cloudwatch_log_group_name](#output_lambda_cloudwatch_log_group_name) | The name of the Cloudwatch Log Group | -| [lambda_event_source_mapping_arn](#output_lambda_event_source_mapping_arn) | The event source mapping ARN | -| [lambda_event_source_mapping_function_arn](#output_lambda_event_source_mapping_function_arn) | The the ARN of the Lambda function the event source mapping is sending events to | -| [lambda_event_source_mapping_state](#output_lambda_event_source_mapping_state) | The state of the event source mapping | -| [lambda_event_source_mapping_state_transition_reason](#output_lambda_event_source_mapping_state_transition_reason) | The reason the event source mapping is in its current state | -| [lambda_event_source_mapping_uuid](#output_lambda_event_source_mapping_uuid) | The UUID of the created event source mapping | -| [lambda_function_arn](#output_lambda_function_arn) | The ARN of the Lambda Function | -| [lambda_function_arn_static](#output_lambda_function_arn_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | -| [lambda_function_invoke_arn](#output_lambda_function_invoke_arn) | The Invoke ARN of the Lambda Function | -| [lambda_function_kms_key_arn](#output_lambda_function_kms_key_arn) | The ARN for the KMS encryption key of Lambda Function | -| [lambda_function_last_modified](#output_lambda_function_last_modified) | The date Lambda Function resource was last modified | -| [lambda_function_name](#output_lambda_function_name) | The name of the Lambda Function | -| [lambda_function_qualified_arn](#output_lambda_function_qualified_arn) | The ARN identifying your Lambda Function Version | -| [lambda_function_qualified_invoke_arn](#output_lambda_function_qualified_invoke_arn) | The Invoke ARN identifying your Lambda Function Version | -| [lambda_function_signing_job_arn](#output_lambda_function_signing_job_arn) | ARN of the signing job | -| [lambda_function_signing_profile_version_arn](#output_lambda_function_signing_profile_version_arn) | ARN of the signing profile version | -| [lambda_function_source_code_hash](#output_lambda_function_source_code_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [lambda_function_source_code_size](#output_lambda_function_source_code_size) | The size in bytes of the function .zip file | -| [lambda_function_url](#output_lambda_function_url) | The URL of the Lambda Function URL | -| [lambda_function_url_id](#output_lambda_function_url_id) | The Lambda Function URL generated id | -| [lambda_function_version](#output_lambda_function_version) | Latest published version of Lambda Function | -| [lambda_role_arn](#output_lambda_role_arn) | The ARN of the IAM role created for the Lambda Function | -| [lambda_role_name](#output_lambda_role_name) | The name of the IAM role created for the Lambda Function | -| [lambda_role_unique_id](#output_lambda_role_unique_id) | The unique id of the IAM role created for the Lambda Function | - +| Name | Description | +|------|-------------| +| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_cloudwatch\_log\_group\_name](#output\_lambda\_cloudwatch\_log\_group\_name) | The name of the Cloudwatch Log Group | +| [lambda\_event\_source\_mapping\_arn](#output\_lambda\_event\_source\_mapping\_arn) | The event source mapping ARN | +| [lambda\_event\_source\_mapping\_function\_arn](#output\_lambda\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | +| [lambda\_event\_source\_mapping\_state](#output\_lambda\_event\_source\_mapping\_state) | The state of the event source mapping | +| [lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | +| [lambda\_event\_source\_mapping\_uuid](#output\_lambda\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | +| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_qualified\_invoke\_arn](#output\_lambda\_function\_qualified\_invoke\_arn) | The Invoke ARN identifying your Lambda Function Version | +| [lambda\_function\_signing\_job\_arn](#output\_lambda\_function\_signing\_job\_arn) | ARN of the signing job | +| [lambda\_function\_signing\_profile\_version\_arn](#output\_lambda\_function\_signing\_profile\_version\_arn) | ARN of the signing profile version | +| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_url](#output\_lambda\_function\_url) | The URL of the Lambda Function URL | +| [lambda\_function\_url\_id](#output\_lambda\_function\_url\_id) | The Lambda Function URL generated id | +| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | +| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | +| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | +| [lambda\_role\_unique\_id](#output\_lambda\_role\_unique\_id) | The unique id of the IAM role created for the Lambda Function | ## Development diff --git a/modules/alias/README.md b/modules/alias/README.md index c11d0692..ab63643c 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -108,19 +108,18 @@ module "lambda" { - [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create Lambda function and aliases in various combinations with all supported features. - ## Requirements -| Name | Version | -| ------------------------------------------------------------------------ | ------- | -| [terraform](#requirement_terraform) | >= 1.3 | -| [aws](#requirement_aws) | >= 4.9 | +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3 | +| [aws](#requirement\_aws) | >= 4.9 | ## Providers -| Name | Version | -| ------------------------------------------------ | ------- | -| [aws](#provider_aws) | >= 4.9 | +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 4.9 | ## Modules @@ -128,54 +127,53 @@ No modules. ## Resources -| Name | Type | -| --------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | -| [aws_lambda_alias.no_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | -| [aws_lambda_alias.with_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | -| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | -| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | -| [aws_lambda_permission.qualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | -| [aws_lambda_permission.version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | -| [aws_lambda_alias.existing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | +| Name | Type | +|------|------| +| [aws_lambda_alias.no_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | +| [aws_lambda_alias.with_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | +| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | +| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | +| [aws_lambda_permission.qualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_permission.version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_alias.existing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | ## Inputs -| Name | Description | Type | Default | Required | -| ------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ------- | :------: | -| [allowed_triggers](#input_allowed_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | -| [create](#input_create) | Controls whether resources should be created | `bool` | `true` | no | -| [create_async_event_config](#input_create_async_event_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | -| [create_qualified_alias_allowed_triggers](#input_create_qualified_alias_allowed_triggers) | Whether to allow triggers on qualified alias | `bool` | `true` | no | -| [create_qualified_alias_async_event_config](#input_create_qualified_alias_async_event_config) | Whether to allow async event configuration on qualified alias | `bool` | `true` | no | -| [create_version_allowed_triggers](#input_create_version_allowed_triggers) | Whether to allow triggers on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| [create_version_async_event_config](#input_create_version_async_event_config) | Whether to allow async event configuration on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| [description](#input_description) | Description of the alias. | `string` | `""` | no | -| [destination_on_failure](#input_destination_on_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | -| [destination_on_success](#input_destination_on_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | -| [event_source_mapping](#input_event_source_mapping) | Map of event source mapping | `any` | `{}` | no | -| [function_name](#input_function_name) | The function ARN of the Lambda function for which you want to create an alias. | `string` | `""` | no | -| [function_version](#input_function_version) | Lambda function version for which you are creating the alias. Pattern: ($LATEST\|[0-9]+). | `string` | `""` | no | -| [maximum_event_age_in_seconds](#input_maximum_event_age_in_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | -| [maximum_retry_attempts](#input_maximum_retry_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | -| [name](#input_name) | Name for the alias you are creating. | `string` | `""` | no | -| [refresh_alias](#input_refresh_alias) | Whether to refresh function version used in the alias. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `true` | no | -| [routing_additional_version_weights](#input_routing_additional_version_weights) | A map that defines the proportion of events that should be sent to different versions of a lambda function. | `map(number)` | `{}` | no | -| [use_existing_alias](#input_use_existing_alias) | Whether to manage existing alias instead of creating a new one. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `false` | no | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [allowed\_triggers](#input\_allowed\_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | +| [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | +| [create\_async\_event\_config](#input\_create\_async\_event\_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | +| [create\_qualified\_alias\_allowed\_triggers](#input\_create\_qualified\_alias\_allowed\_triggers) | Whether to allow triggers on qualified alias | `bool` | `true` | no | +| [create\_qualified\_alias\_async\_event\_config](#input\_create\_qualified\_alias\_async\_event\_config) | Whether to allow async event configuration on qualified alias | `bool` | `true` | no | +| [create\_version\_allowed\_triggers](#input\_create\_version\_allowed\_triggers) | Whether to allow triggers on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [create\_version\_async\_event\_config](#input\_create\_version\_async\_event\_config) | Whether to allow async event configuration on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [description](#input\_description) | Description of the alias. | `string` | `""` | no | +| [destination\_on\_failure](#input\_destination\_on\_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | +| [destination\_on\_success](#input\_destination\_on\_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | +| [event\_source\_mapping](#input\_event\_source\_mapping) | Map of event source mapping | `any` | `{}` | no | +| [function\_name](#input\_function\_name) | The function ARN of the Lambda function for which you want to create an alias. | `string` | `""` | no | +| [function\_version](#input\_function\_version) | Lambda function version for which you are creating the alias. Pattern: ($LATEST\|[0-9]+). | `string` | `""` | no | +| [maximum\_event\_age\_in\_seconds](#input\_maximum\_event\_age\_in\_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | +| [maximum\_retry\_attempts](#input\_maximum\_retry\_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | +| [name](#input\_name) | Name for the alias you are creating. | `string` | `""` | no | +| [refresh\_alias](#input\_refresh\_alias) | Whether to refresh function version used in the alias. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `true` | no | +| [routing\_additional\_version\_weights](#input\_routing\_additional\_version\_weights) | A map that defines the proportion of events that should be sent to different versions of a lambda function. | `map(number)` | `{}` | no | +| [use\_existing\_alias](#input\_use\_existing\_alias) | Whether to manage existing alias instead of creating a new one. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `false` | no | ## Outputs -| Name | Description | -| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------- | -| [lambda_alias_arn](#output_lambda_alias_arn) | The ARN of the Lambda Function Alias | -| [lambda_alias_description](#output_lambda_alias_description) | Description of alias | -| [lambda_alias_event_source_mapping_function_arn](#output_lambda_alias_event_source_mapping_function_arn) | The the ARN of the Lambda function the event source mapping is sending events to | -| [lambda_alias_event_source_mapping_state](#output_lambda_alias_event_source_mapping_state) | The state of the event source mapping | -| [lambda_alias_event_source_mapping_state_transition_reason](#output_lambda_alias_event_source_mapping_state_transition_reason) | The reason the event source mapping is in its current state | -| [lambda_alias_event_source_mapping_uuid](#output_lambda_alias_event_source_mapping_uuid) | The UUID of the created event source mapping | -| [lambda_alias_function_version](#output_lambda_alias_function_version) | Lambda function version which the alias uses | -| [lambda_alias_invoke_arn](#output_lambda_alias_invoke_arn) | The ARN to be used for invoking Lambda Function from API Gateway | -| [lambda_alias_name](#output_lambda_alias_name) | The name of the Lambda Function Alias | - +| Name | Description | +|------|-------------| +| [lambda\_alias\_arn](#output\_lambda\_alias\_arn) | The ARN of the Lambda Function Alias | +| [lambda\_alias\_description](#output\_lambda\_alias\_description) | Description of alias | +| [lambda\_alias\_event\_source\_mapping\_function\_arn](#output\_lambda\_alias\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | +| [lambda\_alias\_event\_source\_mapping\_state](#output\_lambda\_alias\_event\_source\_mapping\_state) | The state of the event source mapping | +| [lambda\_alias\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_alias\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | +| [lambda\_alias\_event\_source\_mapping\_uuid](#output\_lambda\_alias\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | +| [lambda\_alias\_function\_version](#output\_lambda\_alias\_function\_version) | Lambda function version which the alias uses | +| [lambda\_alias\_invoke\_arn](#output\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | +| [lambda\_alias\_name](#output\_lambda\_alias\_name) | The name of the Lambda Function Alias | ## Authors diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 9ffd07ce..b143cc3d 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -95,23 +95,22 @@ module "lambda" { - [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Creates Lambda Function, Alias, and all resources required to create deployments using AWS CodeDeploy. - ## Requirements -| Name | Version | -| ------------------------------------------------------------------------ | ------- | -| [terraform](#requirement_terraform) | >= 1.3 | -| [aws](#requirement_aws) | >= 3.35 | -| [local](#requirement_local) | >= 1.3 | -| [null](#requirement_null) | >= 2.0 | +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3 | +| [aws](#requirement\_aws) | >= 3.35 | +| [local](#requirement\_local) | >= 1.0 | +| [null](#requirement\_null) | >= 2.0 | ## Providers -| Name | Version | -| ------------------------------------------------------ | ------- | -| [aws](#provider_aws) | >= 3.35 | -| [local](#provider_local) | >= 1.3 | -| [null](#provider_null) | >= 2.0 | +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 3.35 | +| [local](#provider\_local) | >= 1.0 | +| [null](#provider\_null) | >= 2.0 | ## Modules @@ -119,79 +118,78 @@ No modules. ## Resources -| Name | Type | -| --------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | -| [aws_codedeploy_app.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_app) | resource | -| [aws_codedeploy_deployment_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_deployment_group) | resource | -| [aws_iam_policy.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [local_file.deploy_script](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | -| [null_resource.deploy](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | -| [aws_lambda_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | -| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_function) | data source | +| Name | Type | +|------|------| +| [aws_codedeploy_app.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_app) | resource | +| [aws_codedeploy_deployment_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_deployment_group) | resource | +| [aws_iam_policy.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [local_file.deploy_script](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | +| [null_resource.deploy](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | +| [aws_lambda_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | +| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_function) | data source | ## Inputs -| Name | Description | Type | Default | Required | -| ------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | -------------------------------------------------- | :------: | -| [after_allow_traffic_hook_arn](#input_after_allow_traffic_hook_arn) | ARN of Lambda function to execute after allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| [alarm_enabled](#input_alarm_enabled) | Indicates whether the alarm configuration is enabled. This option is useful when you want to temporarily deactivate alarm monitoring for a deployment group without having to add the same alarms again later. | `bool` | `false` | no | -| [alarm_ignore_poll_alarm_failure](#input_alarm_ignore_poll_alarm_failure) | Indicates whether a deployment should continue if information about the current state of alarms cannot be retrieved from CloudWatch. | `bool` | `false` | no | -| [alarms](#input_alarms) | A list of alarms configured for the deployment group. A maximum of 10 alarms can be added to a deployment group. | `list(string)` | `[]` | no | -| [alias_name](#input_alias_name) | Name for the alias | `string` | `""` | no | -| [app_name](#input_app_name) | Name of AWS CodeDeploy application | `string` | `""` | no | -| [attach_hooks_policy](#input_attach_hooks_policy) | Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined. | `bool` | `true` | no | -| [attach_triggers_policy](#input_attach_triggers_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | -| [auto_rollback_enabled](#input_auto_rollback_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | -| [auto_rollback_events](#input_auto_rollback_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT_FAILURE and DEPLOYMENT_STOP_ON_ALARM. | `list(string)` | 
[
 "DEPLOYMENT_STOP_ON_ALARM"
]
| no | -| [aws_cli_command](#input_aws_cli_command) | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | -| [before_allow_traffic_hook_arn](#input_before_allow_traffic_hook_arn) | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| [codedeploy_principals](#input_codedeploy_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
 "codedeploy.amazonaws.com"
]
| no | -| [codedeploy_role_name](#input_codedeploy_role_name) | IAM role name to create or use by CodeDeploy | `string` | `""` | no | -| [create](#input_create) | Controls whether resources should be created | `bool` | `true` | no | -| [create_app](#input_create_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | -| [create_codedeploy_role](#input_create_codedeploy_role) | Whether to create new AWS CodeDeploy IAM role | `bool` | `true` | no | -| [create_deployment](#input_create_deployment) | Create the AWS resources and script for CodeDeploy | `bool` | `false` | no | -| [create_deployment_group](#input_create_deployment_group) | Whether to create new AWS CodeDeploy Deployment Group | `bool` | `false` | no | -| [current_version](#input_current_version) | Current version of Lambda function version to deploy (can't be $LATEST) | `string` | `""` | no | -| [deployment_config_name](#input_deployment_config_name) | Name of deployment config to use | `string` | `"CodeDeployDefault.LambdaAllAtOnce"` | no | -| [deployment_group_name](#input_deployment_group_name) | Name of deployment group to use | `string` | `""` | no | -| [description](#input_description) | Description to use for the deployment | `string` | `""` | no | -| [force_deploy](#input_force_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | -| [function_name](#input_function_name) | The name of the Lambda function to deploy | `string` | `""` | no | -| [get_deployment_sleep_timer](#input_get_deployment_sleep_timer) | Adds additional sleep time to get-deployment command to avoid the service throttling | `number` | `5` | no | -| [interpreter](#input_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
 "/bin/bash",
 "-c"
]
| no | -| [run_deployment](#input_run_deployment) | Run AWS CLI command to start the deployment | `bool` | `false` | no | -| [save_deploy_script](#input_save_deploy_script) | Save deploy script locally | `bool` | `false` | no | -| [tags](#input_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | -| [target_version](#input_target_version) | Target version of Lambda function version to deploy | `string` | `""` | no | -| [triggers](#input_triggers) | Map of triggers which will be notified when event happens. Valid options for event types are DeploymentStart, DeploymentSuccess, DeploymentFailure, DeploymentStop, DeploymentRollback, DeploymentReady (Applies only to replacement instances in a blue/green deployment), InstanceStart, InstanceSuccess, InstanceFailure, InstanceReady. Note that not all are applicable for Lambda deployments. | `map(any)` | `{}` | no | -| [use_existing_app](#input_use_existing_app) | Whether to use existing AWS CodeDeploy app | `bool` | `false` | no | -| [use_existing_deployment_group](#input_use_existing_deployment_group) | Whether to use existing AWS CodeDeploy Deployment Group | `bool` | `false` | no | -| [wait_deployment_completion](#input_wait_deployment_completion) | Wait until deployment completes. It can take a lot of time and your terraform process may lock execution for long time. | `bool` | `false` | no | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [after\_allow\_traffic\_hook\_arn](#input\_after\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute after allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | +| [alarm\_enabled](#input\_alarm\_enabled) | Indicates whether the alarm configuration is enabled. This option is useful when you want to temporarily deactivate alarm monitoring for a deployment group without having to add the same alarms again later. | `bool` | `false` | no | +| [alarm\_ignore\_poll\_alarm\_failure](#input\_alarm\_ignore\_poll\_alarm\_failure) | Indicates whether a deployment should continue if information about the current state of alarms cannot be retrieved from CloudWatch. | `bool` | `false` | no | +| [alarms](#input\_alarms) | A list of alarms configured for the deployment group. A maximum of 10 alarms can be added to a deployment group. | `list(string)` | `[]` | no | +| [alias\_name](#input\_alias\_name) | Name for the alias | `string` | `""` | no | +| [app\_name](#input\_app\_name) | Name of AWS CodeDeploy application | `string` | `""` | no | +| [attach\_hooks\_policy](#input\_attach\_hooks\_policy) | Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined. | `bool` | `true` | no | +| [attach\_triggers\_policy](#input\_attach\_triggers\_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | +| [auto\_rollback\_enabled](#input\_auto\_rollback\_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | +| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | +| [aws\_cli\_command](#input\_aws\_cli\_command) | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | +| [before\_allow\_traffic\_hook\_arn](#input\_before\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | +| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | +| [codedeploy\_role\_name](#input\_codedeploy\_role\_name) | IAM role name to create or use by CodeDeploy | `string` | `""` | no | +| [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | +| [create\_app](#input\_create\_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | +| [create\_codedeploy\_role](#input\_create\_codedeploy\_role) | Whether to create new AWS CodeDeploy IAM role | `bool` | `true` | no | +| [create\_deployment](#input\_create\_deployment) | Create the AWS resources and script for CodeDeploy | `bool` | `false` | no | +| [create\_deployment\_group](#input\_create\_deployment\_group) | Whether to create new AWS CodeDeploy Deployment Group | `bool` | `false` | no | +| [current\_version](#input\_current\_version) | Current version of Lambda function version to deploy (can't be $LATEST) | `string` | `""` | no | +| [deployment\_config\_name](#input\_deployment\_config\_name) | Name of deployment config to use | `string` | `"CodeDeployDefault.LambdaAllAtOnce"` | no | +| [deployment\_group\_name](#input\_deployment\_group\_name) | Name of deployment group to use | `string` | `""` | no | +| [description](#input\_description) | Description to use for the deployment | `string` | `""` | no | +| [force\_deploy](#input\_force\_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | +| [function\_name](#input\_function\_name) | The name of the Lambda function to deploy | `string` | `""` | no | +| [get\_deployment\_sleep\_timer](#input\_get\_deployment\_sleep\_timer) | Adds additional sleep time to get-deployment command to avoid the service throttling | `number` | `5` | no | +| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | +| [run\_deployment](#input\_run\_deployment) | Run AWS CLI command to start the deployment | `bool` | `false` | no | +| [save\_deploy\_script](#input\_save\_deploy\_script) | Save deploy script locally | `bool` | `false` | no | +| [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | +| [target\_version](#input\_target\_version) | Target version of Lambda function version to deploy | `string` | `""` | no | +| [triggers](#input\_triggers) | Map of triggers which will be notified when event happens. Valid options for event types are DeploymentStart, DeploymentSuccess, DeploymentFailure, DeploymentStop, DeploymentRollback, DeploymentReady (Applies only to replacement instances in a blue/green deployment), InstanceStart, InstanceSuccess, InstanceFailure, InstanceReady. Note that not all are applicable for Lambda deployments. | `map(any)` | `{}` | no | +| [use\_existing\_app](#input\_use\_existing\_app) | Whether to use existing AWS CodeDeploy app | `bool` | `false` | no | +| [use\_existing\_deployment\_group](#input\_use\_existing\_deployment\_group) | Whether to use existing AWS CodeDeploy Deployment Group | `bool` | `false` | no | +| [wait\_deployment\_completion](#input\_wait\_deployment\_completion) | Wait until deployment completes. It can take a lot of time and your terraform process may lock execution for long time. | `bool` | `false` | no | ## Outputs -| Name | Description | -| ----------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -| [appspec](#output_appspec) | Appspec data as HCL | -| [appspec_content](#output_appspec_content) | Appspec data as valid JSON | -| [appspec_sha256](#output_appspec_sha256) | SHA256 of Appspec JSON | -| [codedeploy_app_name](#output_codedeploy_app_name) | Name of CodeDeploy application | -| [codedeploy_deployment_group_id](#output_codedeploy_deployment_group_id) | CodeDeploy deployment group id | -| [codedeploy_deployment_group_name](#output_codedeploy_deployment_group_name) | CodeDeploy deployment group name | -| [codedeploy_iam_role_name](#output_codedeploy_iam_role_name) | Name of IAM role used by CodeDeploy | -| [deploy_script](#output_deploy_script) | Path to a deployment script | -| [script](#output_script) | Deployment script | - +| Name | Description | +|------|-------------| +| [appspec](#output\_appspec) | Appspec data as HCL | +| [appspec\_content](#output\_appspec\_content) | Appspec data as valid JSON | +| [appspec\_sha256](#output\_appspec\_sha256) | SHA256 of Appspec JSON | +| [codedeploy\_app\_name](#output\_codedeploy\_app\_name) | Name of CodeDeploy application | +| [codedeploy\_deployment\_group\_id](#output\_codedeploy\_deployment\_group\_id) | CodeDeploy deployment group id | +| [codedeploy\_deployment\_group\_name](#output\_codedeploy\_deployment\_group\_name) | CodeDeploy deployment group name | +| [codedeploy\_iam\_role\_name](#output\_codedeploy\_iam\_role\_name) | Name of IAM role used by CodeDeploy | +| [deploy\_script](#output\_deploy\_script) | Path to a deployment script | +| [script](#output\_script) | Deployment script | ## Authors diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 1d31985c..7ca52312 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -52,23 +52,22 @@ module "docker_image" { - [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Creates Docker Image, ECR resository and deploys it Lambda Function. - ## Requirements -| Name | Version | -| ------------------------------------------------------------------------ | ------- | -| [terraform](#requirement_terraform) | >= 1.3 | -| [aws](#requirement_aws) | >= 4.22 | -| [docker](#requirement_docker) | >= 3.0 | -| [null](#requirement_null) | >= 2.0 | +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3 | +| [aws](#requirement\_aws) | >= 4.22 | +| [docker](#requirement\_docker) | >= 3.0 | +| [null](#requirement\_null) | >= 2.0 | ## Providers -| Name | Version | -| --------------------------------------------------------- | ------- | -| [aws](#provider_aws) | >= 4.22 | -| [docker](#provider_docker) | >= 3.0 | -| [null](#provider_null) | >= 2.0 | +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 4.22 | +| [docker](#provider\_docker) | >= 3.0 | +| [null](#provider\_null) | >= 2.0 | ## Modules @@ -76,48 +75,47 @@ No modules. ## Resources -| Name | Type | -| ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | -| [aws_ecr_lifecycle_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource | -| [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource | -| [docker_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/image) | resource | -| [docker_registry_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/registry_image) | resource | -| [null_resource.sam_metadata_docker_registry_image](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| Name | Type | +|------|------| +| [aws_ecr_lifecycle_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource | +| [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource | +| [docker_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/image) | resource | +| [docker_registry_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/registry_image) | resource | +| [null_resource.sam_metadata_docker_registry_image](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs -| Name | Description | Type | Default | Required | -| ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------- | -------------- | :------: | -| [build_args](#input_build_args) | A map of Docker build arguments. | `map(string)` | `{}` | no | -| [cache_from](#input_cache_from) | List of images to consider as cache sources when building the image. | `list(string)` | `[]` | no | -| [create_ecr_repo](#input_create_ecr_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | -| [create_sam_metadata](#input_create_sam_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no | -| [docker_file_path](#input_docker_file_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | -| [ecr_address](#input_ecr_address) | Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false` | `string` | `null` | no | -| [ecr_force_delete](#input_ecr_force_delete) | If true, will delete the repository even if it contains images. | `bool` | `true` | no | -| [ecr_repo](#input_ecr_repo) | Name of ECR repository to use or to create | `string` | `null` | no | -| [ecr_repo_lifecycle_policy](#input_ecr_repo_lifecycle_policy) | A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images. | `string` | `null` | no | -| [ecr_repo_tags](#input_ecr_repo_tags) | A map of tags to assign to ECR repository | `map(string)` | `{}` | no | -| [force_remove](#input_force_remove) | Whether to remove image forcibly when the resource is destroyed. | `bool` | `false` | no | -| [image_tag](#input_image_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | -| [image_tag_mutability](#input_image_tag_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | -| [keep_locally](#input_keep_locally) | Whether to delete the Docker image locally on destroy operation. | `bool` | `false` | no | -| [keep_remotely](#input_keep_remotely) | Whether to keep Docker image in the remote registry on destroy operation. | `bool` | `false` | no | -| [platform](#input_platform) | The target architecture platform to build the image for. | `string` | `null` | no | -| [scan_on_push](#input_scan_on_push) | Indicates whether images are scanned after being pushed to the repository | `bool` | `false` | no | -| [source_path](#input_source_path) | Path to folder containing application code | `string` | `null` | no | -| [triggers](#input_triggers) | A map of arbitrary strings that, when changed, will force the docker_image resource to be replaced. This can be used to rebuild an image when contents of source code folders change | `map(string)` | `{}` | no | -| [use_image_tag](#input_use_image_tag) | Controls whether to use image tag in ECR repository URI or not. Disable this to deploy latest image using ID (sha256:...) | `bool` | `true` | no | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [build\_args](#input\_build\_args) | A map of Docker build arguments. | `map(string)` | `{}` | no | +| [cache\_from](#input\_cache\_from) | List of images to consider as cache sources when building the image. | `list(string)` | `[]` | no | +| [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | +| [create\_sam\_metadata](#input\_create\_sam\_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no | +| [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | +| [ecr\_address](#input\_ecr\_address) | Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false` | `string` | `null` | no | +| [ecr\_force\_delete](#input\_ecr\_force\_delete) | If true, will delete the repository even if it contains images. | `bool` | `true` | no | +| [ecr\_repo](#input\_ecr\_repo) | Name of ECR repository to use or to create | `string` | `null` | no | +| [ecr\_repo\_lifecycle\_policy](#input\_ecr\_repo\_lifecycle\_policy) | A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images. | `string` | `null` | no | +| [ecr\_repo\_tags](#input\_ecr\_repo\_tags) | A map of tags to assign to ECR repository | `map(string)` | `{}` | no | +| [force\_remove](#input\_force\_remove) | Whether to remove image forcibly when the resource is destroyed. | `bool` | `false` | no | +| [image\_tag](#input\_image\_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | +| [image\_tag\_mutability](#input\_image\_tag\_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | +| [keep\_locally](#input\_keep\_locally) | Whether to delete the Docker image locally on destroy operation. | `bool` | `false` | no | +| [keep\_remotely](#input\_keep\_remotely) | Whether to keep Docker image in the remote registry on destroy operation. | `bool` | `false` | no | +| [platform](#input\_platform) | The target architecture platform to build the image for. | `string` | `null` | no | +| [scan\_on\_push](#input\_scan\_on\_push) | Indicates whether images are scanned after being pushed to the repository | `bool` | `false` | no | +| [source\_path](#input\_source\_path) | Path to folder containing application code | `string` | `null` | no | +| [triggers](#input\_triggers) | A map of arbitrary strings that, when changed, will force the docker\_image resource to be replaced. This can be used to rebuild an image when contents of source code folders change | `map(string)` | `{}` | no | +| [use\_image\_tag](#input\_use\_image\_tag) | Controls whether to use image tag in ECR repository URI or not. Disable this to deploy latest image using ID (sha256:...) | `bool` | `true` | no | ## Outputs -| Name | Description | -| -------------------------------------------------------------- | -------------------------------------- | -| [image_id](#output_image_id) | The ID of the Docker image | -| [image_uri](#output_image_uri) | The ECR image URI for deploying lambda | - +| Name | Description | +|------|-------------| +| [image\_id](#output\_image\_id) | The ID of the Docker image | +| [image\_uri](#output\_image\_uri) | The ECR image URI for deploying lambda | ## Authors From 95bfd7faf9c03514662ba46aa5dfbe509d6bc8fd Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 15:21:08 -0400 Subject: [PATCH 11/15] chore: re-run for pre-commit hooks/ --- .pre-commit-config.yaml | 2 +- wrappers/docker-build/versions.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0c3f8df0..71c75fc1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -23,7 +23,7 @@ repos: - "--args=--only=terraform_standard_module_structure" - "--args=--only=terraform_workspace_remote" - id: terraform_validate - exclude: ^examples/ + exclude: ^(examples/|wrappers/.*)$ - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 hooks: diff --git a/wrappers/docker-build/versions.tf b/wrappers/docker-build/versions.tf index 58f07068..1b75252e 100644 --- a/wrappers/docker-build/versions.tf +++ b/wrappers/docker-build/versions.tf @@ -1,5 +1,6 @@ terraform { required_version = ">= 1.3" + required_providers { aws = { source = "hashicorp/aws" From 312f5873f645ad32f3571f14d7b524f3f2b14c32 Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 15:54:04 -0400 Subject: [PATCH 12/15] chore: re-run for pre-commit hooks --- .pre-commit-config.yaml | 4 +++- examples/alias/README.md | 12 +++++++----- examples/async/README.md | 2 +- examples/async/versions.tf | 2 +- examples/build-package/README.md | 2 +- examples/build-package/versions.tf | 2 +- examples/code-signing/README.md | 2 +- examples/code-signing/versions.tf | 2 +- examples/complete/README.md | 3 +-- examples/complete/versions.tf | 2 +- examples/container-image/README.md | 2 +- examples/container-image/versions.tf | 2 +- examples/deploy/README.md | 2 +- examples/deploy/versions.tf | 2 +- examples/event-source-mapping/README.md | 2 +- examples/event-source-mapping/versions.tf | 2 +- examples/multiple-regions/README.md | 3 +-- examples/multiple-regions/versions.tf | 2 +- examples/simple-cicd/README.md | 2 +- examples/simple-cicd/versions.tf | 2 +- examples/simple/README.md | 2 +- examples/simple/versions.tf | 2 +- examples/triggers/README.md | 3 +-- examples/triggers/versions.tf | 2 +- examples/with-efs/README.md | 3 +-- examples/with-efs/versions.tf | 2 +- examples/with-vpc-s3-endpoint/README.md | 2 +- examples/with-vpc-s3-endpoint/versions.tf | 2 +- examples/with-vpc/README.md | 2 +- examples/with-vpc/versions.tf | 2 +- 30 files changed, 38 insertions(+), 38 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 71c75fc1..7505d124 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -23,7 +23,9 @@ repos: - "--args=--only=terraform_standard_module_structure" - "--args=--only=terraform_workspace_remote" - id: terraform_validate - exclude: ^(examples/|wrappers/.*)$ + exclude: | + ^examples/.*| + ^wrappers/.* - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 hooks: diff --git a/examples/alias/README.md b/examples/alias/README.md index 90a74ad6..fa02dafa 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -15,13 +15,14 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | -| [random](#requirement\_random) | >= 2.0 | +| Name | Version | +| ------------------------------------------------------------------------ | ------- | +| [terraform](#requirement_terraform) | >= 1.3 | +| [aws](#requirement_aws) | >= 5.79 | +| [random](#requirement_random) | >= 2.0 | ## Providers @@ -42,4 +43,5 @@ No inputs. ## Outputs No outputs. + diff --git a/examples/async/README.md b/examples/async/README.md index 1ba10577..35ba2ae0 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/async/versions.tf b/examples/async/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/build-package/README.md b/examples/build-package/README.md index f32d518a..5068123e 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/code-signing/README.md b/examples/code-signing/README.md index fe3f51f4..ec8c0543 100644 --- a/examples/code-signing/README.md +++ b/examples/code-signing/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/code-signing/versions.tf b/examples/code-signing/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/code-signing/versions.tf +++ b/examples/code-signing/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/complete/README.md b/examples/complete/README.md index 9acd1826..341bf073 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -2,7 +2,6 @@ Configuration in this directory creates AWS Lambda Function, Layers, Alias, and so on with the large variety of supported features showing this module in action. - ## Usage To run this example you need to execute: @@ -20,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 77294b52..8659061a 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [docker](#requirement\_docker) | >= 3.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index 5b04c7cd..d2d52e82 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/deploy/README.md b/examples/deploy/README.md index d59bf7e4..2578ddaa 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md index 680831d9..e74fee87 100644 --- a/examples/event-source-mapping/README.md +++ b/examples/event-source-mapping/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index f712da63..a6a9cd34 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -2,7 +2,6 @@ Configuration in this directory creates AWS Lambda Functions in several regions with non-conflicting IAM roles and policies. - ## Usage To run this example you need to execute: @@ -20,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/simple-cicd/README.md b/examples/simple-cicd/README.md index 46c5d19a..e75febb1 100644 --- a/examples/simple-cicd/README.md +++ b/examples/simple-cicd/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/simple-cicd/versions.tf b/examples/simple-cicd/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/simple-cicd/versions.tf +++ b/examples/simple-cicd/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/simple/README.md b/examples/simple/README.md index c70d3be0..319c629c 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/triggers/README.md b/examples/triggers/README.md index 48021c95..4848c267 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -2,7 +2,6 @@ Configuration in this directory creates AWS Lambda Function with some triggers (eg. CloudWatch Events). - ## Usage To run this example you need to execute: @@ -20,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/triggers/versions.tf b/examples/triggers/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/triggers/versions.tf +++ b/examples/triggers/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index c9e1c675..9b9f351a 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -2,7 +2,6 @@ Configuration in this directory creates AWS Lambda Function deployed with Elastic File System (EFS) attached. - ## Usage To run this example you need to execute: @@ -20,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index 773c418d..2a1dc3a3 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 3.4 | diff --git a/examples/with-vpc-s3-endpoint/versions.tf b/examples/with-vpc-s3-endpoint/versions.tf index 7a4d860b..d5e4be7f 100644 --- a/examples/with-vpc-s3-endpoint/versions.tf +++ b/examples/with-vpc-s3-endpoint/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index cc1724bd..246bc9f3 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { From f3a8c2475edc6bfe126f90530a2d83a9d909a969 Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Mon, 6 Oct 2025 10:58:11 -0400 Subject: [PATCH 13/15] fix: adjusted pre-commit config --- .pre-commit-config.yaml | 11 +++++++++-- examples/alias/versions.tf | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7505d124..f979625f 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -5,6 +5,11 @@ repos: - id: terraform_fmt - id: terraform_wrapper_module_for_each - id: terraform_docs + exclude: | + (?x)^( + examples/.*| + wrappers/.* + )$ args: - "--args=--lockfile=false" - id: terraform_tflint @@ -24,8 +29,10 @@ repos: - "--args=--only=terraform_workspace_remote" - id: terraform_validate exclude: | - ^examples/.*| - ^wrappers/.* + (?x)^( + examples/.*| + wrappers/.* + )$ - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 hooks: diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { From 4b142ef71da3f668196cf1d86e6f33ff783f0417 Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Mon, 6 Oct 2025 11:32:24 -0400 Subject: [PATCH 14/15] test: test pre-commit on wrappers --- .pre-commit-config.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f979625f..53061c42 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -7,8 +7,7 @@ repos: - id: terraform_docs exclude: | (?x)^( - examples/.*| - wrappers/.* + examples/.* )$ args: - "--args=--lockfile=false" @@ -30,8 +29,7 @@ repos: - id: terraform_validate exclude: | (?x)^( - examples/.*| - wrappers/.* + examples/.* )$ - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 From 5104c95bbe74fc4b21d890cb470030edd49d3e25 Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Tue, 4 Nov 2025 15:11:50 -0500 Subject: [PATCH 15/15] chore: re-run for pre-commit hooks --- main.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/main.tf b/main.tf index 6fd0f005..4d6ab356 100644 --- a/main.tf +++ b/main.tf @@ -143,10 +143,6 @@ resource "aws_lambda_function" "this" { var.function_tags ) - lifecycle { - ignore_changes = [image_uri] - } - depends_on = [ # null_resource.archive, # aws_s3_object.lambda_package,