Creates a lambda function with associated role and policies, which will log to Cloudwatch Logs.

Creates the following resources:

• Lambda function
• IAM role with policy to allow logging to Cloudwatch Logs - with the anticipation that these logs are declared as an individual resource

Usage

module "my_lambda_function" {
  source                 = "transcom/lambda/aws"
  name                   = "my_app"
  job_identifier         = "instance_alpha"
  runtime                = "go1.x"
  role_policy_arns_count = 1
  role_policy_arns       = [aws_iam_policy.my_app_lambda_policy.arn]
  s3_bucket              = "my_s3_bucket"
  s3_key                 = "my_app/1.0/my_app.zip"

  subnet_ids             = ["subnet-0123456789abcdef0"]
  security_group_ids     = ["sg-0123456789abcdef0"]

  source_types           = ["events"]
  source_arns            = [aws_cloudwatch_event_rule.trigger.arn]

  env_vars = {
    VARNAME = "value"
  }

  tags = {
    "Service" = "big_app"
  }

}

# Remember to define the CloudWatch log group separately
resource "aws_cloudwatch_log_group" "my_lambda_logs" {
  ...
}

Requirements

Name	Version
terraform	>= 1.0
aws	>= 3.0

Providers

Name	Version
aws	>= 3.0
null	n/a

Modules

No modules.

Resources

Name	Type
aws_cloudwatch_log_group.main	resource
aws_iam_role.main	resource
aws_iam_role_policy.main	resource
aws_iam_role_policy_attachment.user_policy_attach	resource
aws_lambda_function.main_from_gh	resource
aws_lambda_function.main_from_s3	resource
aws_lambda_permission.allow_source_gh	resource
aws_lambda_permission.allow_source_s3	resource
null_resource.get_github_release_artifact	resource
null_resource.verify_policy_list_count	resource
aws_caller_identity.current	data source
aws_iam_policy_document.assume_role	data source
aws_iam_policy_document.logs_policy_doc	data source
aws_partition.current	data source
aws_region.current	data source

Inputs

Name	Description	Type	Default	Required
cloudwatch_encryption_key_arn	The arn of the encryption key to be used for the cloudwatch logs	string	""	no
cloudwatch_logs_retention_days	Number of days to retain logs in Cloudwatch Logs	string	30	no
env_vars	Map of environment variables for Lambda function	map(any)	{}	no
ephemeral_storage	Size in MB of Lambda function ephemeral storage allocation	string	512	no
github_filename	Name of the file to get when building url to pull.	string	"deployment.zip"	no
github_project	The unique Github project to pull from. Currently, this must be public. Eg. 'transcom/aws-iam-sleuth'	string	""	no
github_release	The release tag to download.	string	""	no
handler	The entrypoint function for the lambda function.	string	"main.Main"	no
job_identifier	Identifier for specific instance of Lambda function	string	n/a	yes
memory_size	Size in MB of Lambda function memory allocation	string	128	no
name	Lambda function name	string	n/a	yes
publish	Whether to publish creation/change as new Lambda Function Version.	bool	false	no
role_policy_arns	List of policy ARNs to attach to Lambda role	list(any)	n/a	yes
role_policy_arns_count	Count of policy ARNs to attach to Lambda role	string	n/a	yes
runtime	Lambda runtime type	string	n/a	yes
s3_bucket	Name of s3 bucket used for Lambda build	string	""	no
s3_key	Key for s3 object for Lambda function code	string	""	no
security_group_ids	List of security group IDs for Lambda VPC config (leave empty if no VPC)	list(any)	[]	no
source_arns	List of arns for Lambda triggers; order must match source_types	list(any)	[]	no
source_types	List of sources for Lambda triggers; order must match source_arns	list(any)	[]	no
subnet_ids	List of subnet IDs for Lambda VPC config (leave empty if no VPC)	list(any)	[]	no
tags	Map of tags for Lambda function	map(any)	{}	no
timeout	Timeout in seconds for Lambda function timeout	string	60	no
validation_sha	SHA to validate the file.	string	""	no

Outputs

Name	Description
function_name	Name of the AWS Lambda function
invoke_arn	ARN used to invoke Lambda function from API Gateway
lambda_arn	ARN for the Lambda function