/terraform-aws-lambda-auto-package

A terraform module to define a lambda function which source files are automatically built and packaged for lambda deployment.

Primary LanguageHCLMIT LicenseMIT

terraform-aws-lambda-auto-package

Github Actions Releases

Terraform Module Registry

A terraform module to define a lambda function which source files are automatically built and packaged for lambda deployment.

Features

Create a lambda function with the following supports.

  • Automatically archive the specified source directory into one zip file for Lambda deployment.
  • Invoke a build command before making an archive if specified. This allows installing additional dependencies, for example from requirements.txt, package.json etc.
  • Create an IAM role to publish lambda execution logs to CloudWatch Logs.

Usage

module "lambda" {
  source  = "nozaq/lambda-auto-package/aws"

  source_dir  = "${path.module}/source"
  output_path = "${path.module}/source.zip"

  build_triggers = {
    requirements = "${base64sha256(file("${path.module}/source/requirements.txt"))}"
    execute      = "${base64sha256(file("${path.module}/pip.sh"))}"
  }
  build_command = "${path.module}/pip.sh ${path.module}/source"

  iam_role_name_prefix = "example-lambda-role"

  function_name = "example-lambda"
  handler       = "main.handler"
  runtime       = "python3.7"

  environment = {
    variables = {
      EXAMPLE_VAR = "foobar"
    }
  }
}

Check examples for non-python examples.

Requirements

Name Version
terraform >= 0.15.0
archive >= 2.2.0
aws >= 3.50.0
null >= 3.1.0

Providers

Name Version
archive >= 2.2.0
aws >= 3.50.0
null >= 3.1.0

Inputs

Name Description Type Required
function_name A unique name for your Lambda Function. string yes
handler The function entrypoint in your code. string yes
output_path A path to which the source directory is archived before uploading to AWS. string yes
runtime The identifier of the function's runtime. string yes
source_dir A path to the directory which contains source files. string yes
allowed_services A list of AWS Services that are allowed to access this lambda. list(string) no
build_command This is the build command to execute. It can be provided as a relative path to the current working directory or as an absolute path. It is evaluated in a shell, and can use environment variables or Terraform variables. string no
build_triggers A map of values which should cause the build command to re-run. Values are meant to be interpolated references to variables or attributes of other resources. map(string) no
dead_letter_config Nested block to configure the function's dead letter queue.
object({
target_arn = string
})
no
description Description of what your Lambda Function does. string no
environment A map that defines environment variables for the Lambda function.
object({
variables = map(string)
})
no
exclude_files A list of directories or folders to ignore, e.g.
exclude_files = ["test", "src/**/*.ts"]
list(string) no
iam_role_name_prefix The prefix string for the name of IAM role for the lambda function. string no
kms_key_id The ARN of the KMS Key to use when encrypting log data. string no
lambda_kms_key_arn The ARN of the KMS Key to use when encrypting environment variables. Ignored unless environment is specified. string no
layers List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. list(string) no
memory_size Amount of memory in MB your Lambda Function can use at runtime. number no
permissions_boundary ARN of the policy that is used to set the permissions boundary for the role. string no
policy_arns A list of IAM policy ARNs attached to the lambda function. list(string) no
publish Whether to publish creation/change as new Lambda Function Version. bool no
reserved_concurrent_executions The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. number no
retention_in_days Specifies the number of days you want to retain log events in the specified log group. number no
tags A mapping of tags to assign to resources. map(string) no
timeout The maximum number of seconds the lambda function to run until timeout. number no
tracing_config Can be either PassThrough or Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.
object({
mode = string
})
no
vpc_config Provide this to allow your function to access your VPC.
object({
security_group_ids = list(string)
subnet_ids = list(string)
})
no

Outputs

Name Description
iam_role The IAM Role which the lambda function is attached.
lambda_function The lambda function.