/terraform-aws-lambda

Terraform module to create AWS Lambda

Primary LanguageHCL

Lambda module files

Usage

Here, the Lambda module creates the IAM roles and policies by default, so that the user need not worry about them.

  1. Create a lambda_foo module in your project Tf files (say in foo folder)

  2. Add a proper labels module.

  3. Invoke the module, assuming networking and packages are ready, something like so:

   module "lambda_foo" {
     source             = "app.terraform.io/foo/lambda/aws"
     label              = "${module.labels.id}-foo"
     tags               = merge(module.labels.tags, { "Name" : "${module.labels.id}-foo" })
     has_layers         = false
     runtime            = "python3.10"
     filename           = "path/to/dist/payload.zip"
     function_name      = "my_module"
     handler            = "handler.handle"

     vpc_configuration = {
       security_group_ids = [
         data.terraform_remote_state.networking.outputs.sg_all_subnets_id,
         data.terraform_remote_state.networking.outputs.sg_all_this_public_id,
       ],
       subnet_ids = data.terraform_remote_state.networking.outputs.private_subnets
     }

     env_vars = {
       variables = {
         "ENVIRONMENT" : "prod",
         "VERSION" : var.package_version
       }
     }
  }

Requirements

No requirements.

Providers

Name Version
aws n/a

Modules

No modules.

Resources

Name Type
aws_cloudwatch_log_group.this resource
aws_iam_role.lambda resource
aws_iam_role_policy.allow_logging_cloudwatch resource
aws_lambda_function.container resource
aws_lambda_function.default resource

Inputs

Name Description Type Default Required
architectures Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"] list(string) 
[
  "x86_64"
]
 no
cloudwatch_logs_retention_days Specifies the number of days you want to retain log events in the specified log group.
Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653.		 number 5 no
dead_letter_config The ARN of an SNS topic or SQS queue to notify when an invocation fails.
If this option is used, the function's IAM role must be granted suitable access to write to
the target object, which means allowing either the sns:Publish or sqs:SendMessage action on
this ARN, depending on which service is targeted.		 
object({
    target_arn = string
  })
 null no
enabled Set to false if you want to disable the Lambda execution or creation. bool true no
env_vars Map of environment variables to be used in the code 
object({
    variables = map(string)
  })
 null no
filename Full path to the zipped file of the src code string "Path to the function's deployment package within the local filesystem. Conflicts with image_uri." no
function_name n/a string "" no
handler The exported function name string "handler" no
iam_role_arn User-provided IAM assume role ARN. Include iam_role_id variable as well.
_(If not provided, the Lambda module will create an iam role internally)_		 string "" no
iam_role_id User-provided IAM assume role ID. Include iam_role_arn variable as well.
_(If not provided, the Lambda module will create an iam role internally)_		 string "" no
image_config Container image configuration values that override the values in the container image Dockerfile. 
object({
    command           = string
    entry_point       = string
    working_directory = string
  })
 null no
image_uri ECR image URI containing the function's deployment package. Conflicts with filename. string "" no
label User-provided label used in the auto-generated names string "" no
layers List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. list(any) [] no
memory_size Memory size allocated to the Lambda function number 128 no
reserved_concurrent_executions Set value for reserved concurrent executions of the function. number -1 no
runtime The runtime to use to run the code on string "" no
tags Tags for this resource map(any) {} no
timeout Default function execution timeout number 30 no
tracing_config Can be either PassThrough or Active. If PassThrough, Lambda will only trace
the request from an upstream service if it contains a tracing header with 'sampled=1'.
If Active, Lambda will respect any tracing header it receives from an upstream service.
If no tracing header is received, Lambda will call X-Ray for a tracing decision.		 
object({
    mode = string
  })
 null no
vpc_config Map of vpc configuration where the Lambda is hosted. 
object({
    security_group_ids = list(string)
    subnet_ids         = list(string)
  })
 null no

Outputs

Name Description
function_arn n/a
function_invoke_arn n/a
function_name n/a
function_qualified_arn n/a
function_size n/a
function_version n/a
iam_role_arn n/a
iam_role_id n/a
iam_role_name n/a