AWS Lambda function with automated IAM policy generation, encryption, log group and alerting.
Install Node.js and npm first!
npm i @cfn-modules/lambda-function
The lambda source code must be in the folder
lambda-src.
If you pass in a module dependency (e.g.
DependencyModule1), the environment variableDEPENDENCY1_ARNinside the Lambda function will contain the ARN of the dependency.
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
Function:
Type: 'AWS::CloudFormation::Stack'
Properties:
Parameters:
AlertingModule: !GetAtt 'Alerting.Outputs.StackName' # optional
KmsKeyModule: !GetAtt 'Key.Outputs.StackName' # optional
VpcModule: !GetAtt 'Vpc.Outputs.StackName' # optional
DeadLetterQueueModule: !GetAtt 'Queue.Outputs.StackName' # optional
FunctionName: '' #optional
Description: '' # optional
Handler: 'example.handler' # required (file must be in the `lambda-src` folder)
MemorySize: '128' # optional
ReservedConcurrentExecutions: '-1' # optional
Runtime: 'nodejs16.x' # required
Timeout: '3' # optional
TracingConfigMode: PassThrough # optional
LogGroupRetentionInDays: '14' # optional
DependencyModule1: !GetAtt 'Queue.Outputs.StackName' # optional
DependencyModule2: !GetAtt 'Table.Outputs.StackName' # optional
DependencyModule3: '' # optional
EnvironmentVariable1: '' # optional
EnvironmentVariable2: '' # optional
EnvironmentVariable3: '' # optional
EnvironmentVariable4: '' # optional
EnvironmentVariable5: '' # optional
ManagedPolicyArns: '' # optional
LayerArns: '' # optional
ClientSgModule1: '' # optional
ClientSgModule2: '' # optional
ClientSgModule3: '' # optional
TemplateURL: './node_modules/@cfn-modules/lambda-function/module.yml'
| Name | Description | Default | Required? | Allowed values |
|---|---|---|---|---|
| AlertingModule | Stack name of alerting module | no | ||
| KmsKeyModule | Stack name of kms-key module | no | ||
| VpcModule | Stack name of vpc module | no | ||
| DeadLetterQueueModule | Stack name of sqs-queue module where Lambda sends events to after the maximum number of retries was reached | no | ||
| FunctionName | An optional but recommended name for the function and log group. | no | ||
| Description | description of the function | no | ||
| Handler | The name of the function (within your source code) that Lambda calls to start running your code (file must be in the `lambda-src` folder) | yes | ||
| MemorySize | The amount of memory, in MB, that is allocated to your Lambda function | no | [128-10240] | |
| ReservedConcurrentExecutions | The maximum of concurrent executions you want reserved for the function (-1 means no maximum) | -1 | no | [-1, 0-N] |
| Runtime | The runtime environment for the Lambda function that you are uploading | no | See Runtime doc | |
| Timeout | The function execution time at which Lambda should terminate the function | 3 | no | [1-900] |
| TracingConfigMode | If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision. | PassThrough | no | [Active, PassThrough] |
| LogGroupRetentionInDays | The number of days log events are kept in CloudWatch Logs | 14 | no | [1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653] |
| DependencyModule1 | Stack name of module implementing LambdaDependency to generate IAM Policy. Environment variable `DEPENDENCY1_ARN` will contain the ARN of the dependency. | no | ||
| DependencyModule2 | Stack name of module implementing LambdaDependency to generate IAM Policy. Environment variable `DEPENDENCY2_ARN` will contain the ARN of the dependency. | no | ||
| DependencyModule3 | Stack name of module implementing LambdaDependency to generate IAM Policy. Environment variable `DEPENDENCY2_ARN` will contain the ARN of the dependency. | no | ||
| EnvironmentVariable1 | Optional value of environment variable `VARIABLE1` | no | ||
| EnvironmentVariable2 | Optional value of environment variable `VARIABLE2` | no | ||
| EnvironmentVariable3 | Optional value of environment variable `VARIABLE3` | no | ||
| EnvironmentVariable4 | Optional value of environment variable `VARIABLE4` | no | ||
| EnvironmentVariable5 | Optional value of environment variable `VARIABLE5` | no | ||
| ManagedPolicyArns | Comma-delimited list of IAM managed policy ARNs to attach to the task's IAM role | no | ||
| LayerArns | Comma-delimited list of Layer ARNs to attach to the function | no | ||
| ClientSgModule1 | Stack name of client-sg module to mark traffic from Lambda function (requires VpcModule parameter) | no | ||
| ClientSgModule2 | Stack name of client-sg module to mark traffic from Lambda function (requires VpcModule parameter) | no | ||
| ClientSgModule3 | Stack name of client-sg module to mark traffic from Lambda function (requires VpcModule parameter) | no |
- The
lambda-layermodule is no longer supported. Replace theLayerModuleparameter with a comma-delimited list of Layer ARNs to attach to the functionLayerArns. Define the Lambda layer in your own template.