diff --git a/README.md b/README.md index e6a8a6a..719899b 100644 --- a/README.md +++ b/README.md @@ -171,6 +171,7 @@ Here are some examples of how you can use this module in your inventory structur | filename | The path to the function's deployment package within the local filesystem. If defined, The s3_-prefixed options cannot be used. | string | `` | no | | filenames | The path to the function's deployment package within the local filesystem. If defined, The s3_-prefixed options cannot be used. | list | `` | no | | handler | The function entrypoint in your code. | string | - | yes | +| iam_actions | The actions for Iam Role Policy. | list | `` | no | | kms_key_arn | The ARN for the KMS encryption key. | string | `` | no | | label_order | Label order, e.g. `name`,`application`. | list | `` | no | | layers | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | string | `` | no | diff --git a/_example/basic-function/example.tf b/_example/basic-function/example.tf index 31cad32..825fecb 100644 --- a/_example/basic-function/example.tf +++ b/_example/basic-function/example.tf @@ -3,7 +3,7 @@ provider "aws" { } module "lambda" { - source = "git::https://github.com/clouddrove/terraform-aws-lambda.git?ref=tags/0.12.0" + source = "./../../" name = "lambda" application = "clouddrove" @@ -11,9 +11,18 @@ module "lambda" { label_order = ["environment", "name", "application"] enabled = true - filename = "./../../../lambda_function_payload" - handler = "index.handler" - runtime = "nodejs8.10" + filename = "./../../../lambda_packages" + handler = "index.lambda_handler" + runtime = "python3.7" + iam_actions = [ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:PutLogEvents", + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:DescribeSecurityGroups", + ] variables = { foo = "bar" } diff --git a/main.tf b/main.tf index dca6384..b49ce4a 100644 --- a/main.tf +++ b/main.tf @@ -39,32 +39,19 @@ EOF # Module : Iam policy # Description : Terraform module to create Iam policy resource on AWS for lambda. resource "aws_iam_policy" "default" { - name = "lambda_logging" - path = "/" + name = "lambda_logging" + path = "/" description = "IAM policy for logging from a lambda" - policy = < 0 ? length(var.filenames) : 0 - type = "zip" - source_dir = element(var.filenames, count.index)["input"] - output_path = element(var.filenames, count.index)["output"] + count = length(var.filenames) > 0 ? length(var.filenames) : 0 + type = "zip" + source_dir = element(var.filenames, count.index)["input"] + output_path = element(var.filenames, count.index)["output"] } # Module : Lambda layers @@ -101,10 +88,10 @@ resource "aws_lambda_layer_version" "default" { # Module : Archive file # Description : Terraform module to zip a directory. data "archive_file" "default" { - count = var.filename != null ? 1 : 0 - type = "zip" - source_dir = var.filename - output_path = "lambda.zip" + count = var.filename != null ? 1 : 0 + type = "zip" + source_dir = var.filename + output_path = "lambda.zip" } # Module : Lambda function @@ -134,14 +121,14 @@ resource "aws_lambda_function" "default" { security_group_ids = var.security_group_ids } environment { - variables = var.variables + variables = var.variables } lifecycle { - # Ignore tags added by kubernetes - ignore_changes = [ - "source_code_hash", - "last_modified" - ] + # Ignore tags added by kubernetes + ignore_changes = [ + "source_code_hash", + "last_modified" + ] } depends_on = ["aws_iam_role_policy_attachment.default"] } diff --git a/variables.tf b/variables.tf index f947140..f61ccd2 100644 --- a/variables.tf +++ b/variables.tf @@ -181,6 +181,12 @@ variable "event_source_tokens" { description = "The Event Source Token to validate. Used with Alexa Skills." } +variable "iam_actions" { + type = list + default = [] + description = "The actions for Iam Role Policy." +} + variable "actions" { type = list default = []