module "lambda" {
source = "../"
prefix = "sbth"
environment = "dev"
name = "sigv4-request-to-s3"
# File to read from
source_code_dir = "./src"
file_globs = ["index.js"]
# File to saved to
local_file_dir = "./outputs"
# S3 to upload source code to
is_create_lambda_bucket = true # Default is `false`; plz use false, if not 1 lambda: 1 bucket
bucket_name = "arn:aws:s3:::nanan" # If `is_create_lambda_bucket` is `false`; specified this, default is `""`
# Lambda Config
runtime = "nodejs12.x"
handler = "index.handler" # Default `"index.handler"`
# IAM
is_create_lambda_role = true # Default is `true`
lambda_role_arn = "" # If `is_create_lambda_role` is `false`
additional_lambda_role_policy_arns = ["arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"] # The policies that you want to attach to IAM Role created by only this module
# Logging
is_create_cloudwatch_log_group = true # Default is `true`
retention_in_days = 30 # Default is `30`
# Secret for lambda function
ssm_params = {
"DATABASE_PASSWORD" = "abdhegcg2365daA"
"DATABASE_HOST" = "www.google.com"
}
tags = { "Workspace" = "pc" }
}
| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| archive | 2.2.0 |
| aws | >= 4.00 |
| Name | Version |
|---|---|
| archive | 2.2.0 |
| aws | 4.13.0 |
| Name | Source | Version |
|---|---|---|
| s3 | git@github.com:oozou/terraform-aws-s3.git | v1.0.2 |
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.this | resource |
| aws_iam_policy.ssm_policy | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy.logs_role_policy | resource |
| aws_iam_role_policy_attachment.ssm_policy_attachment | resource |
| aws_iam_role_policy_attachment.this | resource |
| aws_lambda_function.this | resource |
| aws_s3_object.this | resource |
| aws_ssm_parameter.params | resource |
| archive_file.zip_file | data source |
| aws_iam_policy_document.assume_role_policy_doc | data source |
| aws_iam_policy_document.lambda_logs_policy_doc | data source |
| aws_iam_policy_document.secret_access_policy_doc | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_lambda_role_policy_arns | List of policies ARNs to attach to the lambda | list(string) |
[] |
no |
| bucket_name | Name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified. | string |
"" |
no |
| config_file_name | The name of the file var.plaintext_params will be written to as json | string |
"config.json" |
no |
| environment | Environment Variable used as a prefix | string |
n/a | yes |
| file_globs | list of files or globs that you want included from the source_code_dir | list(string) |
n/a | yes |
| handler | Function entrypoint in your code. | string |
"index.handler" |
no |
| is_create_cloudwatch_log_group | Whether to create cloudwatch log group or not | bool |
true |
no |
| is_create_lambda_bucket | Whether to create lambda bucket or not | bool |
false |
no |
| local_file_dir | A path to the directory to store plan time generated local files | string |
n/a | yes |
| name | Name of the ECS cluster to create | string |
n/a | yes |
| plaintext_params | Lambda@Edge does not support env vars, so it is a common pattern to exchange Env vars for values read from a config file. So instead of using env vars like: const someEnvValue = process.env.SOME_ENVyou would have lookups from a config file: const config = JSON.parse(readFileSync('./config.json'))Compared to var.ssm_params, you should use this variable when you have non-secret things that you want very quick accessto during the execution of your lambda function. |
map(string) |
{} |
no |
| prefix | The prefix name of customer to be displayed in AWS console and resource | string |
n/a | yes |
| retention_in_days | Retention day for cloudwatch log group | number |
30 |
no |
| runtime | The runtime of the lambda function | string |
n/a | yes |
| source_code_dir | An absolute path to the directory containing the code to upload to lambda | string |
n/a | yes |
| ssm_params | Lambda@Edge does not support env vars, so it is a common pattern to exchange Env vars for SSM params. So instead of using env vars like: const someEnvValue = process.env.SOME_ENVyou would have lookups in SSM, like: const someEnvValue = await ssmClient.getParameter({ Name: 'SOME_SSM_PARAM_NAME', WithDecryption: true })These params should have names that are unique within an AWS account, so it is a good idea to use a common prefix in front of the param names, such as: params = {Compared to var.plaintext_params, you should use this variable when you have secret data that you don't want written in plaintext in a filein your lambda .zip file. These params will need to be fetched via a Promise at runtime, so there may be small performance delays. |
map(string) |
{} |
no |
| tags | Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys | map(any) |
{} |
no |
| Name | Description |
|---|---|
| arn | Amazon Resource Name (ARN) identifying your Lambda Function. |
| execution_role_arn | n/a |
| execution_role_name | n/a |
| function_arn | n/a |
| function_name | Name of AWS Lambda function |