github.com/pbs/terraform-aws-lambda-module?ref=1.4.0More information can be found on these install methods and more in the documentation here.
This module creates a Lambda function with a basic IAM role with SSM parameter authentication configured, along with logging.
By default, the Lambda function that is created also has integration with X-Ray and Lambda Insights enabled.
Integrate this module like so:
module "role" {
source = "github.com/pbs/terraform-aws-lambda-module?ref=1.4.0"
handler = "main"
filename = "../artifacts/handler.zip"
runtime = "go1.x"
# Tagging Parameters
organization = var.organization
environment = var.environment
product = var.product
repo = var.repo
# Optional Parameters
}If this repo is added as a subtree, then the version of the module should be close to the version shown here:
1.4.0
Note, however that subtrees can be altered as desired within repositories.
Further documentation on usage can be found here.
Below is automatically generated documentation on this Terraform module using terraform-docs
| Name | Version |
|---|---|
| terraform | >= 1.3.2 |
| aws | >= 5.30.0 |
| Name | Version |
|---|---|
| aws | 5.24.0 |
| Name | Source | Version |
|---|---|---|
| default_role | github.com/pbs/terraform-aws-iam-role-module | 0.2.1 |
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.log_group | resource |
| aws_lambda_function.lambda | resource |
| aws_security_group.sg | resource |
| aws_security_group_rule.egress | resource |
| aws_caller_identity.current | data source |
| aws_default_tags.common_tags | data source |
| aws_iam_policy_document.default_policy_document | data source |
| aws_region.current | data source |
| aws_subnets.private_subnets | data source |
| aws_vpc.vpc | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| environment | Environment (sharedtools, dev, staging, qa, prod) | string |
n/a | yes |
| organization | Organization using this module. Used to prefix tags so that they are easily identified as being from your organization | string |
n/a | yes |
| product | Tag used to group resources according to product | string |
n/a | yes |
| repo | Tag used to point to the repo using this module | string |
n/a | yes |
| add_app_config_extension_layer | Add the AWS-AppConfig-Lambda-Extension layer to the Lambda function. Ignored if layers is not null or if image_uri is defined. |
bool |
true |
no |
| add_ssm_extension_layer | Add the AWS-Parameters-and-Secrets-Lambda-Extension layer to the Lambda function. Ignored if layers is not null or if image_uri is defined. |
bool |
true |
no |
| add_vpc_config | Add VPC configuration to the Lambda function | bool |
false |
no |
| allow_app_config_access | Allow AppConfig access from the Lambda function. Ignored if policy_json or role_arn are set. |
bool |
true |
no |
| app_config_extension_account_number | Account number for the AWS-AppConfig-Extension layer | string |
"027255383542" |
no |
| app_config_extension_version | Lambda layer version for the AWS-AppConfig-Extension layer | number |
null |
no |
| architectures | Architectures to target for the Lambda function | list(string) |
[ |
no |
| description | Description for this lambda function | string |
null |
no |
| environment_vars | Map of environment variables for the Lambda. If null, defaults to setting an SSM_PATH based on the environment and name of the function. Set to {} if you would like for there to be no environment variables present. This is important if you are creating a Lambda@Edge. | map(any) |
null |
no |
| ephemeral_storage_size | Size of the ephemeral storage in MB. Ignored if runtime is not supported. | number |
512 |
no |
| file_system_config | File system configuration for the Lambda function | map(any) |
null |
no |
| filename | Filename for the artifact to use for the Lambda | string |
null |
no |
| handler | Handler for the lambda function | string |
null |
no |
| image_uri | URI of the container image to use for the Lambda | string |
null |
no |
| lambda_insights_extension_account_number | Account number for the LambdaInsightsExtension layer | string |
"580247275435" |
no |
| lambda_insights_extension_version | Lambda layer version for the LambdaInsightsExtension layer | number |
null |
no |
| layers | Lambda layers to apply to function. If null, a Lambda Layer extension is added by default. | list(string) |
null |
no |
| log_group_class | Log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS | string |
"STANDARD" |
no |
| log_retention_in_days | Number of days to retain CloudWatch Log entries | number |
7 |
no |
| memory_size | Amount of memory in MB your Lambda Function can use at runtime | number |
128 |
no |
| name | Name of the Lambda function | string |
null |
no |
| package_type | Package type for the Lambda function. Valid values are Zip and Image. | string |
"Zip" |
no |
| parameters_and_secrets_extension_account_number | Account number for the AWS-Parameters-and-Secrets-Lambda-Extension layer | string |
"177933569100" |
no |
| parameters_and_secrets_extension_version | Lambda layer version for the AWS-Parameters-and-Secrets-Lambda-Extension layer | number |
null |
no |
| permissions_boundary_arn | ARN of the permissions boundary to use on the role created for this lambda | string |
null |
no |
| policy_json | Policy JSON. If null, default policy granting access to SSM and cloudwatch logs is used | string |
null |
no |
| publish | Whether to publish creation/change as new Lambda Function Version | bool |
true |
no |
| role_arn | ARN of the role to be used for this Lambda | string |
null |
no |
| runtime | Runtime for the lambda function | string |
null |
no |
| security_group_id | Security group ID. If null, one will be created. | string |
null |
no |
| ssm_path | SSM path to use for environment variables. If null, defaults to /${var.environment}/${local.name} | string |
null |
no |
| subnets | Subnets to use for the Lambda function. Ignored if add_vpc_config is false. If null, one will be looked up based on environment tag. | list(string) |
null |
no |
| tags | Extra tags | map(string) |
{} |
no |
| timeout | Timeout in seconds of the Lambda | number |
3 |
no |
| tracing_config_mode | Tracing config mode for X-Ray integration on Lambda | string |
"Active" |
no |
| use_prefix | Use prefix for resources instead of explicitly defining whole name where possible | bool |
true |
no |
| vpc_id | VPC ID. If null, one will be looked up based on environment tag. | string |
null |
no |
| Name | Description |
|---|---|
| arn | ARN of the lambda function |
| invoke_arn | Invocation ARN of the lambda function |
| name | Name of the lambda function |
| qualified_arn | Qualified ARN of the lambda function |
| sg | Security group of the lambda function if there is one |