This module implements Lambda functionality in AWS with all known best practices with regards to logging and security.
Run pre-commit install to install any guardrails implemented using pre-commit.
See pre-commit installation on how to install pre-commit.
See the examples of some basic scenarios.
The artifact hash is ignored when ECR is used for compatibility with CI/CD setups.
The local setup (uploading of .zip) should be replaced by a dedicated S3 bucket because this method is an improvement in every aspect over local uploads.
| Name | Version |
|---|---|
| archive | n/a |
| aws | >=4.21.0 |
| Name | Source | Version |
|---|---|---|
| default_exec_role | git@github.com:wearetechnative/terraform-aws-iam-role | 9a975f62956b6c4f2593c169d06d1cfe8aad36be |
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.cloudwatch_logs | resource |
| aws_iam_policy.cloudwatch_logs | resource |
| aws_iam_policy.sqs_dlq | resource |
| aws_iam_policy.vpc | resource |
| aws_iam_role_policy_attachment.cloudwatch_logs | resource |
| aws_iam_role_policy_attachment.sqs_dlq | resource |
| aws_iam_role_policy_attachment.vpc | resource |
| aws_lambda_function.this | resource |
| aws_lambda_function_event_invoke_config.this | resource |
| archive_file.lambda_source | data source |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.cloudwatch_logs | data source |
| aws_iam_policy_document.sqs_dlq | data source |
| aws_iam_policy_document.vpc | data source |
| aws_partition.current | data source |
| aws_region.current | data source |
| aws_security_group.vpc | data source |
| aws_subnet.vpc | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| architecture | Architecture for Lambda function can be either x86_64 or arm64. Defaults to x86_64. |
string |
"x86_64" |
no |
| environment_variables | Key value map of environment variables. | map(string) |
{} |
no |
| handler | Entrypoint in the application. Defaults to index.handler. |
string |
"index.handler" |
no |
| kms_key_arn | KMS key to use for encrypting RDS instances. | string |
n/a | yes |
| memory_size | Lambda memory size. Defaults to 128. | number |
128 |
no |
| name | Prefix name for DynamoDB. Must be unique within the region. | string |
n/a | yes |
| role_arn | Exec role for Lambda function. | string |
null |
no |
| role_arn_provided | Workaround TerraForm limitation. Set to true if var.role_arn is set, otherwise false. | bool |
false |
no |
| runtime | Lambda runtime which must be set when var.source_type is s3 or local. | string |
null |
no |
| security_group_ids | Security group IDs if VPC connectivity is required. Requires var.subnet_ids to be set too. | list(string) |
[] |
no |
| source_directory_location | ECR location URL, S3 bucket or directory path depending on the value of var.source_type. | string |
n/a | yes |
| source_file_name | ECR tag, S3 key or null (local) depending on the value of var.source_type. | string |
n/a | yes |
| source_type | Is set to either ecr, s3 or local. Currently only supports ecr and local. | string |
"ecr" |
no |
| sqs_dlq_arn | Dead Letter Queue for on_failure delivery of invocations | string |
n/a | yes |
| subnet_ids | Subnet IDs if VPC connectivity is required. Requires var.security_group_ids to be set too. | list(string) |
[] |
no |
| timeout | Lambda timeout. Defaults to 3 seconds. | number |
3 |
no |
| Name | Description |
|---|---|
| lambda_function_arn | n/a |
| lambda_function_name | n/a |