feat: add aws lambda

aws/lambda/.tflint.hcl

@@ -0,0 +1,10 @@
+plugin "terraform" {
+  enabled = true
+  preset  = "recommended"
+}
+
+plugin "aws" {
+  enabled = true
+  version = "0.30.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}

aws/lambda/README.md

@@ -0,0 +1,59 @@
+# lambda module
+
+A skeleton to start your own modules.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.30.0, < 5.0.0 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | ~> 0.9.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.30.0, < 5.0.0 |
+| <a name="provider_time"></a> [time](#provider\_time) | ~> 0.9.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_lambda_function.function](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
+| [time_static.last_update](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_code_signing_config_arn"></a> [code\_signing\_config\_arn](#input\_code\_signing\_config\_arn) | The ARN of the code signing configuration | `string` | `null` | no |
+| <a name="input_customer"></a> [customer](#input\_customer) | Customer for the current deployment | `string` | `""` | no |
+| <a name="input_dead_letter_config"></a> [dead\_letter\_config](#input\_dead\_letter\_config) | List of dead letter configuration blocks | <pre>object({<br>    target_arn = string<br>  })</pre> | `null` | no |
+| <a name="input_env_vars"></a> [env\_vars](#input\_env\_vars) | A map that defines environment variables for the Lambda function | `map(string)` | `{}` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | Environment for the current deployment | `string` | `""` | no |
+| <a name="input_filename"></a> [filename](#input\_filename) | The path to the function's deployment package within the local filesystem | `string` | `""` | no |
+| <a name="input_handler"></a> [handler](#input\_handler) | The function within your code that Lambda calls to begin execution | `string` | `"lambda_function.lambda_handler"` | no |
+| <a name="input_iam_role_arn"></a> [iam\_role\_arn](#input\_iam\_role\_arn) | The ARN of the IAM role that the Lambda function assumes when it executes your function to access any other AWS resources | `string` | n/a | yes |
+| <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the AWS Key Management Service (KMS) key that's used to encrypt your function's environment variables | `string` | `null` | no |
+| <a name="input_lambda_description"></a> [lambda\_description](#input\_lambda\_description) | Description of the Lambda function | `string` | `""` | no |
+| <a name="input_layers"></a> [layers](#input\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda function | `list(string)` | `[]` | no |
+| <a name="input_memory_size"></a> [memory\_size](#input\_memory\_size) | The amount of memory, in MB, that is allocated to your Lambda function | `number` | `128` | no |
+| <a name="input_name"></a> [name](#input\_name) | The name of the template resource | `string` | `"my-template"` | no |
+| <a name="input_reserved_concurrent_executions"></a> [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The number of simultaneous executions to reserve for the function | `number` | `1000` | no |
+| <a name="input_runtime"></a> [runtime](#input\_runtime) | The runtime environment for the Lambda function | `string` | `"python3.8"` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Default tags to add to resources | `map(any)` | `{}` | no |
+| <a name="input_timeout"></a> [timeout](#input\_timeout) | The amount of time that Lambda allows a function to run before stopping it | `number` | `3` | no |
+| <a name="input_tracing_config_mode"></a> [tracing\_config\_mode](#input\_tracing\_config\_mode) | The tracing mode for the function | `string` | `"PassThrough"` | no |
+| <a name="input_vpc_config"></a> [vpc\_config](#input\_vpc\_config) | List of VPC configuration blocks | <pre>object({<br>    security_group_ids = list(string)<br>    subnet_ids         = list(string)<br>  })</pre> | `null` | no |
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

aws/lambda/lambda.tf

@@ -0,0 +1,42 @@
+resource "aws_lambda_function" "function" {
+
+  code_signing_config_arn        = var.code_signing_config_arn
+  description                    = var.lambda_description
+  filename                       = var.filename
+  function_name                  = var.name
+  handler                        = var.handler
+  kms_key_arn                    = var.kms_key_arn
+  layers                         = var.layers
+  memory_size                    = var.memory_size
+  reserved_concurrent_executions = var.reserved_concurrent_executions
+  role                           = var.iam_role_arn
+  runtime                        = var.runtime
+  source_code_hash               = base64sha256(file(var.filename))
+  timeout                        = var.timeout
+
+  dynamic "vpc_config" {
+    for_each = var.vpc_config
+    content {
+      security_group_ids = vpc_config.value.security_group_ids
+      subnet_ids         = vpc_config.value.subnet_ids
+    }
+  }
+
+  environment {
+    variables = var.env_vars
+  }
+
+  tracing_config {
+    #tfsec:ignore:aws-lambda-enable-tracing
+    mode = var.tracing_config_mode
+  }
+
+  dynamic "dead_letter_config" {
+    for_each = var.dead_letter_config
+    content {
+      target_arn = dead_letter_config.value.target_arn
+    }
+  }
+
+  tags = local.interpolated_tags
+}

aws/lambda/main.tf

@@ -0,0 +1,15 @@
+locals {
+  # tflint-ignore: terraform_unused_declarations
+  interpolated_tags = merge({
+    "Name"           = var.name,
+    "Customer"       = var.customer,
+    "Environment"    = var.environment,
+    "ManagedBy"      = "Terraform",
+    "LastModifiedAt" = time_static.last_update.rfc3339,
+    },
+    var.tags
+  )
+}
+
+resource "time_static" "last_update" {
+}

_template/versions.tf → aws/lambda/providers.tf

@@ -5,5 +5,9 @@ terraform {
       source  = "hashicorp/time",
       version = "~> 0.9.1"
     }
+    aws = {
+      source  = "hashicorp/aws",
+      version = ">= 4.30.0, < 5.0.0"
+    }
   }
 }

aws/lambda/variables.tf

@@ -0,0 +1,119 @@
+variable "name" {
+  description = "The name of the template resource"
+  type        = string
+  default     = "my-template"
+}
+
+variable "customer" {
+  description = "Customer for the current deployment"
+  type        = string
+  default     = ""
+}
+
+variable "environment" {
+  description = "Environment for the current deployment"
+  type        = string
+  default     = ""
+}
+
+variable "tags" {
+  description = "Default tags to add to resources"
+  type        = map(any)
+  default     = {}
+}
+
+# module specific variables
+
+variable "lambda_description" {
+  description = "Description of the Lambda function"
+  type        = string
+  default     = ""
+}
+
+variable "filename" {
+  description = "The path to the function's deployment package within the local filesystem"
+  type        = string
+  default     = ""
+}
+
+variable "iam_role_arn" {
+  description = "The ARN of the IAM role that the Lambda function assumes when it executes your function to access any other AWS resources"
+  type        = string
+}
+
+variable "handler" {
+  description = "The function within your code that Lambda calls to begin execution"
+  type        = string
+  default     = "lambda_function.lambda_handler"
+}
+
+variable "runtime" {
+  description = "The runtime environment for the Lambda function"
+  type        = string
+  default     = "python3.8"
+}
+
+variable "memory_size" {
+  description = "The amount of memory, in MB, that is allocated to your Lambda function"
+  type        = number
+  default     = 128
+}
+
+variable "timeout" {
+  description = "The amount of time that Lambda allows a function to run before stopping it"
+  type        = number
+  default     = 3
+}
+
+variable "reserved_concurrent_executions" {
+  description = "The number of simultaneous executions to reserve for the function"
+  type        = number
+  default     = 1000
+}
+
+variable "layers" {
+  description = "List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda function"
+  type        = list(string)
+  default     = []
+}
+
+variable "vpc_config" {
+  description = "List of VPC configuration blocks"
+  type = object({
+    security_group_ids = list(string)
+    subnet_ids         = list(string)
+  })
+  default = null
+}
+
+variable "env_vars" {
+  description = "A map that defines environment variables for the Lambda function"
+  type        = map(string)
+  default     = {}
+}
+
+variable "tracing_config_mode" {
+  description = "The tracing mode for the function"
+  type        = string
+  default     = "PassThrough"
+}
+
+variable "kms_key_arn" {
+  description = "The ARN of the AWS Key Management Service (KMS) key that's used to encrypt your function's environment variables"
+  type        = string
+  default     = null
+}
+
+variable "dead_letter_config" {
+  description = "List of dead letter configuration blocks"
+  type = object({
+    target_arn = string
+  })
+  default = null
+}
+
+variable "code_signing_config_arn" {
+  description = "The ARN of the code signing configuration"
+  type        = string
+  default     = null
+}