module "lambda_from_bucket" {
source = "<source_code>"
prefix = "oozou"
environment = "test"
name = "bakara"
is_edge = false # Defautl is `fault`, If you want to publish to the edge don't forget to override aws's provider to virgina
# Source code configuration. If is_upload_form_s3 is `true`
is_upload_form_s3 = true # Default is `true`
bucket_name = "oozou-test-loal-lambda-bucket-557291035693-48fexi"
file_name = "oozou-test-loal.zip"
# Lambda Env
runtime = "nodejs12.x"
handler = "index.handler" # Default `"index.handler"`
# Lambda Specification
timeout = 3 # Default is `3` seconds
memory_size = 128 # Default is `128` MB, the more mem size increase, the performance is better
reserved_concurrent_executions = -1
## Optional to connect Lambda to VPC
vpc_config = {
security_group_ids = ["sg-028f637312eea735e"]
subnet_ids_to_associate = ["subnet-0b853f8c85796d72d", "subnet-07c068b4b51262793", "subnet-0362f68c559ef7716"]
}
dead_letter_target_arn = "arn:aws:sns:ap-southeast-1:557291035693:demo" # To send failed processing to target, Default is `""`
# IAM
is_create_lambda_role = true # Default is `true`
lambda_role_arn = "" # If `is_create_lambda_role` is `false`
additional_lambda_role_policy_arns = ["arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess", ] # The policies that you want to attach to IAM Role created by only this module
# Resource policy
lambda_permission_configuration = {
lambda_on_my_account = {
pricipal = "apigateway.amazonaws.com"
source_arn = "arn:aws:execute-api:ap-southeast-1:557291035693:lk36vflbha/*/*/"
}
lambda_on_my_another_account_wrong = {
pricipal = "apigateway.amazonaws.com"
source_arn = "arn:aws:execute-api:ap-southeast-1:562563527952:q6pwa6wgr6/*/*/"
source_account = "557291035693" # Optional just to restrict the permission
}
lambda_on_my_another_account_correct = {
pricipal = "apigateway.amazonaws.com"
source_arn = "arn:aws:execute-api:ap-southeast-1:557291035693:wpj4t3scmb/*/*/"
}
}
# Logging
is_create_cloudwatch_log_group = true # Default is `true`
retention_in_days = 30 # Default is `30`
# Secret for lambda function
ssm_params = {}
tags = { "Workspace" = "xxx-yyy-zzz" }
}
module "lambda_from_local" {
source = "<source_code>"
prefix = "oozou"
environment = "test"
name = "local"
is_edge = false # Defautl is `fault`, If you want to publish to the edge don't forget to override aws's provider to virgina
# Source code configuration. If is_upload_form_s3 is `false`
is_upload_form_s3 = false # Default is `true`
source_code_dir = "./src"
file_globs = ["index.js"]
compressed_local_file_dir = "./outputs"
is_create_lambda_bucket = true # Default is `false`; plz use false, if not 1 lambda: 1 bucket
bucket_name = "" # If `is_create_lambda_bucket` is `false`; specified this, default is `""`
# Lambda Env
runtime = "nodejs12.x"
handler = "index.handler" # Default `"index.handler"`
# Lambda Specification
timeout = 3 # Default is `3` seconds
memory_size = 128 # Default is `128` MB, the more mem size increase, the performance is better
reserved_concurrent_executions = -1
## Optional to connect Lambda to VPC
vpc_config = {
security_group_ids = ["sg-028f637312eea735e"]
subnet_ids_to_associate = ["subnet-0b853f8c85796d72d", "subnet-07c068b4b51262793", "subnet-0362f68c559ef7716"]
}
dead_letter_target_arn = "arn:aws:sns:ap-southeast-1:557291035693:demo" # To send failed processing to target, Default is `""`
# IAM
is_create_lambda_role = true # Default is `true`
lambda_role_arn = "" # If `is_create_lambda_role` is `false`
additional_lambda_role_policy_arns = ["arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess", ] # The policies that you want to attach to IAM Role created by only this module
# Resource policy
lambda_permission_configuration = {
lambda_on_my_account = {
pricipal = "apigateway.amazonaws.com"
source_arn = "arn:aws:execute-api:ap-southeast-1:557291035693:lk36vflbha/*/*/"
}
lambda_on_my_another_account_wrong = {
pricipal = "apigateway.amazonaws.com"
source_arn = "arn:aws:execute-api:ap-southeast-1:562563527952:q6pwa6wgr6/*/*/"
source_account = "557291035693" # Optional just to restrict the permission
}
lambda_on_my_another_account_correct = {
pricipal = "apigateway.amazonaws.com"
source_arn = "arn:aws:execute-api:ap-southeast-1:557291035693:wpj4t3scmb/*/*/"
}
}
# Logging
is_create_cloudwatch_log_group = true # Default is `true`
retention_in_days = 30 # Default is `30`
# Secret for lambda function
ssm_params = {
"DATABASE_PASSWORD" = "abdhegcg2365daA"
"DATABASE_HOST" = "www.google.com"
}
tags = { "Workspace" = "pc" }
}| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| archive | 2.2.0 |
| aws | >= 4.00 |
| Name | Version |
|---|---|
| archive | 2.2.0 |
| aws | 4.13.0 |
| Name | Source | Version |
|---|---|---|
| s3 | git@github.com:oozou/terraform-aws-s3.git | v1.0.2 |
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.this | resource |
| aws_iam_policy.ssm_policy | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy.logs_role_policy | resource |
| aws_iam_role_policy_attachment.ssm_policy_attachment | resource |
| aws_iam_role_policy_attachment.this | resource |
| aws_lambda_function.this | resource |
| aws_lambda_permission.allow_serivce | resource |
| aws_s3_object.this | resource |
| aws_ssm_parameter.params | resource |
| archive_file.zip_file | data source |
| aws_iam_policy_document.assume_role_policy_doc | data source |
| aws_iam_policy_document.lambda_access_vpc | data source |
| aws_iam_policy_document.lambda_logs_policy_doc | data source |
| aws_iam_policy_document.lambda_policy | data source |
| aws_iam_policy_document.secret_access_policy_doc | data source |
| aws_s3_object.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_lambda_role_policy_arns | List of policies ARNs to attach to the lambda | list(string) |
[] |
no |
| bucket_name | Name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified. | string |
"" |
no |
| compressed_local_file_dir | A path to the directory to store plan time generated local files | string |
"" |
no |
| config_file_name | The name of the file var.plaintext_params will be written to as json | string |
"config.json" |
no |
| dead_letter_target_arn | Dead letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. | string |
null |
no |
| environment | Environment Variable used as a prefix | string |
n/a | yes |
| file_globs | list of files or globs that you want included from the source_code_dir | list(string) |
[] |
no |
| file_name | The compressed file name used to upload to lambda use when is_upload_form_s3 is true | string |
"" |
no |
| handler | Function entrypoint in your code. | string |
"index.handler" |
no |
| is_create_cloudwatch_log_group | Whether to create cloudwatch log group or not | bool |
true |
no |
| is_create_lambda_bucket | Whether to create lambda bucket or not | bool |
false |
no |
| is_create_lambda_role | Whether to create lamda role or not | bool |
true |
no |
| is_edge | Whether lambda is lambda@Edge or not | bool |
false |
no |
| is_upload_form_s3 | Whether to upload the source code from s3 or not | bool |
true |
no |
| lambda_permission_configuration | principal - (Required) The principal who is getting this permission e.g., s3.amazonaws.com, an AWS account ID, or any valid AWS service principal such as events.amazonaws.com or sns.amazonaws.com. source_arn - (Optional) When the principal is an AWS service, the ARN of the specific resource within that service to grant permission to. Without this, any resource from source_account - (Optional) This parameter is used for S3 and SES. The AWS account ID (without a hyphen) of the source owner. |
any |
{} |
no |
| lambda_role_arn | The arn of role that already created by something to asso with lambda | string |
"" |
no |
| memory_size | (Optional) Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. | number |
128 |
no |
| name | Name of the ECS cluster to create | string |
n/a | yes |
| plaintext_params | Lambda@Edge does not support env vars, so it is a common pattern to exchange Env vars for values read from a config file. ! PLAINTEXT const config = JSON.parse(readFileSync('./config.json')) |
map(string) |
{} |
no |
| prefix | The prefix name of customer to be displayed in AWS console and resource | string |
n/a | yes |
| reserved_concurrent_executions | (Optional) Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency | number |
-1 |
no |
| retention_in_days | Retention day for cloudwatch log group | number |
30 |
no |
| runtime | The runtime of the lambda function | string |
n/a | yes |
| source_code_dir | An absolute path to the directory containing the code to upload to lambda | string |
"" |
no |
| ssm_params | Lambda@Edge does not support env vars, so it is a common pattern to exchange Env vars for SSM params. ! SECRET you would have lookups in SSM, like: const someEnvValue = await ssmClient.getParameter({ Name: 'SOME_SSM_PARAM_NAME', WithDecryption: true }) |
map(string) |
{} |
no |
| tags | Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys | map(any) |
{} |
no |
| timeout | (Optional) Amount of time your Lambda Function has to run in seconds. Defaults to 3. | number |
3 |
no |
| vpc_config | For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can only access resources and the internet through that VPC. See VPC Settings. security_group_ids - (Required) List of security group IDs associated with the Lambda function. subnet_ids_to_associate - (Required) List of subnet IDs associated with the Lambda function. |
object({ |
{ |
no |
| Name | Description |
|---|---|
| arn | Amazon Resource Name (ARN) identifying your Lambda Function. |
| execution_role_arn | Role arn of lambda |
| function_arn | function arn |
| function_name | Name of AWS Lambda function |