Creates a lambda function with associated role and policies, which will log to Cloudwatch Logs.
Creates the following resources:
- Lambda function
- IAM role with policy to allow logging to Cloudwatch Logs
- Cloudwatch Logs group
module "my_lambda_function" {
source = "trussworks/lambda/aws"
name = "my_app"
job_identifier = "instance_alpha"
runtime = "go1.x"
role_policy_arns_count = 1
role_policy_arns = [aws_iam_policy.my_app_lambda_policy.arn]
s3_bucket = "my_s3_bucket"
s3_key = "my_app/1.0/my_app.zip"
subnet_ids = ["subnet-0123456789abcdef0"]
security_group_ids = ["sg-0123456789abcdef0"]
source_types = ["events"]
source_arns = [aws_cloudwatch_event_rule.trigger.arn]
env_vars = {
VARNAME = "value"
}
tags = {
"Service" = "big_app"
}
}| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 3.0 |
| Name | Version |
|---|---|
| aws | >= 3.0 |
| null | n/a |
No modules.
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.main | resource |
| aws_iam_role.main | resource |
| aws_iam_role_policy.main | resource |
| aws_iam_role_policy_attachment.user_policy_attach | resource |
| aws_lambda_function.main_from_gh | resource |
| aws_lambda_function.main_from_s3 | resource |
| aws_lambda_permission.allow_source_gh | resource |
| aws_lambda_permission.allow_source_s3 | resource |
| null_resource.get_github_release_artifact | resource |
| null_resource.verify_policy_list_count | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.assume_role | data source |
| aws_iam_policy_document.logs_policy_doc | data source |
| aws_partition.current | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cloudwatch_encryption_key_arn | The arn of the encryption key to be used for the cloudwatch logs | string |
"" |
no |
| cloudwatch_logs_retention_days | Number of days to retain logs in Cloudwatch Logs | string |
30 |
no |
| env_vars | Map of environment variables for Lambda function | map(any) |
{} |
no |
| ephemeral_storage | Size in MB of Lambda function ephemeral storage allocation | string |
512 |
no |
| github_filename | Name of the file to get when building url to pull. | string |
"deployment.zip" |
no |
| github_project | The unique Github project to pull from. Currently, this must be public. Eg. 'trussworks/aws-iam-sleuth' | string |
"" |
no |
| github_release | The release tag to download. | string |
"" |
no |
| handler | The entrypoint function for the lambda function. | string |
"main.Main" |
no |
| job_identifier | Identifier for specific instance of Lambda function | string |
n/a | yes |
| memory_size | Size in MB of Lambda function memory allocation | string |
128 |
no |
| name | Lambda function name | string |
n/a | yes |
| publish | Whether to publish creation/change as new Lambda Function Version. | bool |
false |
no |
| role_policy_arns | List of policy ARNs to attach to Lambda role | list(any) |
n/a | yes |
| role_policy_arns_count | Count of policy ARNs to attach to Lambda role | string |
n/a | yes |
| runtime | Lambda runtime type | string |
n/a | yes |
| s3_bucket | Name of s3 bucket used for Lambda build | string |
"" |
no |
| s3_key | Key for s3 object for Lambda function code | string |
"" |
no |
| security_group_ids | List of security group IDs for Lambda VPC config (leave empty if no VPC) | list(any) |
[] |
no |
| source_arns | List of arns for Lambda triggers; order must match source_types | list(any) |
[] |
no |
| source_types | List of sources for Lambda triggers; order must match source_arns | list(any) |
[] |
no |
| subnet_ids | List of subnet IDs for Lambda VPC config (leave empty if no VPC) | list(any) |
[] |
no |
| tags | Map of tags for Lambda function | map(any) |
{} |
no |
| timeout | Timeout in seconds for Lambda function timeout | string |
60 |
no |
| validation_sha | SHA to validate the file. | string |
"" |
no |
| Name | Description |
|---|---|
| function_name | Name of the AWS Lambda function |
| invoke_arn | ARN used to invoke Lambda function from API Gateway |
| lambda_arn | ARN for the Lambda function |