Here, the Lambda module creates the IAM roles and policies by default, so that the user need not worry about them.
-
Create a
lambda_foo
module in your project Tf files (say infoo
folder) -
Add a proper labels module.
-
Invoke the module, assuming networking and packages are ready, something like so:
module "lambda_foo" {
source = "app.terraform.io/foo/lambda/aws"
label = "${module.labels.id}-foo"
tags = merge(module.labels.tags, { "Name" : "${module.labels.id}-foo" })
has_layers = false
runtime = "python3.10"
filename = "path/to/dist/payload.zip"
function_name = "my_module"
handler = "handler.handle"
vpc_configuration = {
security_group_ids = [
data.terraform_remote_state.networking.outputs.sg_all_subnets_id,
data.terraform_remote_state.networking.outputs.sg_all_this_public_id,
],
subnet_ids = data.terraform_remote_state.networking.outputs.private_subnets
}
env_vars = {
variables = {
"ENVIRONMENT" : "prod",
"VERSION" : var.package_version
}
}
}
No requirements.
Name | Version |
---|---|
aws | n/a |
No modules.
Name | Type |
---|---|
aws_cloudwatch_log_group.this | resource |
aws_iam_role.lambda | resource |
aws_iam_role_policy.allow_logging_cloudwatch | resource |
aws_lambda_function.container | resource |
aws_lambda_function.default | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
architectures | Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"] | list(string) |
[ |
no |
cloudwatch_logs_retention_days | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. |
number |
5 |
no |
dead_letter_config | The ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted. |
object({ |
null |
no |
enabled | Set to false if you want to disable the Lambda execution or creation. | bool |
true |
no |
env_vars | Map of environment variables to be used in the code | object({ |
null |
no |
filename | Full path to the zipped file of the src code | string |
"Path to the function's deployment package within the local filesystem. Conflicts with image_uri." |
no |
function_name | n/a | string |
"" |
no |
handler | The exported function name | string |
"handler" |
no |
iam_role_arn | User-provided IAM assume role ARN. Include iam_role_id variable as well._(If not provided, the Lambda module will create an iam role internally)_ |
string |
"" |
no |
iam_role_id | User-provided IAM assume role ID. Include iam_role_arn variable as well._(If not provided, the Lambda module will create an iam role internally)_ |
string |
"" |
no |
image_config | Container image configuration values that override the values in the container image Dockerfile. | object({ |
null |
no |
image_uri | ECR image URI containing the function's deployment package. Conflicts with filename . |
string |
"" |
no |
label | User-provided label used in the auto-generated names | string |
"" |
no |
layers | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | list(any) |
[] |
no |
memory_size | Memory size allocated to the Lambda function | number |
128 |
no |
reserved_concurrent_executions | Set value for reserved concurrent executions of the function. | number |
-1 |
no |
runtime | The runtime to use to run the code on | string |
"" |
no |
tags | Tags for this resource | map(any) |
{} |
no |
timeout | Default function execution timeout | number |
30 |
no |
tracing_config | Can be either PassThrough or Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with 'sampled=1'. If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision. |
object({ |
null |
no |
vpc_config | Map of vpc configuration where the Lambda is hosted. | object({ |
null |
no |
Name | Description |
---|---|
function_arn | n/a |
function_invoke_arn | n/a |
function_name | n/a |
function_qualified_arn | n/a |
function_size | n/a |
function_version | n/a |
iam_role_arn | n/a |
iam_role_id | n/a |
iam_role_name | n/a |