Skip to content

Commit

Permalink
feat: Adding variable principal_org_id to resource aws_lambda_permiss…
Browse files Browse the repository at this point in the history
…ion (#448)

Co-authored-by: Tomasz Charewicz <[email protected]>
  • Loading branch information
antonbabenko and tcharewicz authored Apr 18, 2023
1 parent ed2ea1d commit 31d75e7
Show file tree
Hide file tree
Showing 10 changed files with 36 additions and 3 deletions.
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -293,6 +293,10 @@ module "lambda_function" {
# ...omitted for brevity
allowed_triggers = {
Config = {
principal = "config.amazonaws.com"
principal_org_id = "o-abcdefghij"
}
APIGatewayAny = {
service = "apigateway"
source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*"
Expand Down
2 changes: 2 additions & 0 deletions examples/alias/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ Note that this example may create resources which cost money. Run `terraform des

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.19 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |

## Modules
Expand All @@ -44,6 +45,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Type |
|------|------|
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
| [aws_organizations_organization.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source |

## Inputs

Expand Down
10 changes: 10 additions & 0 deletions examples/alias/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ provider "aws" {
skip_requesting_account_id = true
}

data "aws_organizations_organization" "this" {}

resource "random_pet" "this" {
length = 2
}
Expand Down Expand Up @@ -78,6 +80,10 @@ module "alias_no_refresh" {
}

allowed_triggers = {
Config = {
principal = "config.amazonaws.com"
principal_org_id = data.aws_organizations_organization.this.id
}
AnotherAPIGatewayAny = { # keys should be unique
service = "apigateway"
source_arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse/*/*/*"
Expand Down Expand Up @@ -117,6 +123,10 @@ module "alias_existing" {
}

allowed_triggers = {
Config = {
principal = "config.amazonaws.com"
principal_org_id = data.aws_organizations_organization.this.id
}
ThirdAPIGatewayAny = {
service = "apigateway"
source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*"
Expand Down
1 change: 1 addition & 0 deletions examples/complete/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ Note that this example may create resources which cost money. Run `terraform des
| [aws_sqs_queue.dlq](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_organizations_organization.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source |

## Inputs

Expand Down
6 changes: 6 additions & 0 deletions examples/complete/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ provider "aws" {

data "aws_caller_identity" "current" {}

data "aws_organizations_organization" "this" {}

####################################################
# Lambda Function (building locally, storing on S3,
# set allowed triggers, set policies)
Expand Down Expand Up @@ -51,6 +53,10 @@ module "lambda_function" {
dead_letter_target_arn = aws_sqs_queue.dlq.arn

allowed_triggers = {
Config = {
principal = "config.amazonaws.com"
principal_org_id = data.aws_organizations_organization.this.id
}
APIGatewayAny = {
service = "apigateway"
source_arn = "arn:aws:execute-api:eu-west-1:${data.aws_caller_identity.current.account_id}:aqnku8akd0/*/*/*"
Expand Down
6 changes: 6 additions & 0 deletions examples/event-source-mapping/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ provider "aws" {

data "aws_availability_zones" "available" {}

data "aws_organizations_organization" "this" {}

locals {
vpc_cidr = "10.0.0.0/16"
azs = slice(data.aws_availability_zones.available.names, 0, 3)
Expand Down Expand Up @@ -117,6 +119,10 @@ module "lambda_function" {
}

allowed_triggers = {
config = {
principal = "config.amazonaws.com"
principal_org_id = data.aws_organizations_organization.this.id
}
sqs = {
principal = "sqs.amazonaws.com"
source_arn = aws_sqs_queue.this.arn
Expand Down
2 changes: 2 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,7 @@ resource "aws_lambda_permission" "current_version_triggers" {
statement_id = try(each.value.statement_id, each.key)
action = try(each.value.action, "lambda:InvokeFunction")
principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, "")))
principal_org_id = try(each.value.principal_org_id, null)
source_arn = try(each.value.source_arn, null)
source_account = try(each.value.source_account, null)
event_source_token = try(each.value.event_source_token, null)
Expand All @@ -256,6 +257,7 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" {
statement_id = try(each.value.statement_id, each.key)
action = try(each.value.action, "lambda:InvokeFunction")
principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, "")))
principal_org_id = try(each.value.principal_org_id, null)
source_arn = try(each.value.source_arn, null)
source_account = try(each.value.source_account, null)
event_source_token = try(each.value.event_source_token, null)
Expand Down
4 changes: 2 additions & 2 deletions modules/alias/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -116,13 +116,13 @@ module "lambda" {
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.35 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.9 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.35 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.9 |

## Modules

Expand Down
2 changes: 2 additions & 0 deletions modules/alias/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ resource "aws_lambda_permission" "version_triggers" {
statement_id = try(each.value.statement_id, each.key)
action = try(each.value.action, "lambda:InvokeFunction")
principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, "")))
principal_org_id = try(each.value.principal_org_id, null)
source_arn = try(each.value.source_arn, null)
source_account = try(each.value.source_account, null)
event_source_token = try(each.value.event_source_token, null)
Expand All @@ -105,6 +106,7 @@ resource "aws_lambda_permission" "qualified_alias_triggers" {
statement_id = try(each.value.statement_id, each.key)
action = try(each.value.action, "lambda:InvokeFunction")
principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, "")))
principal_org_id = try(each.value.principal_org_id, null)
source_arn = try(each.value.source_arn, null)
source_account = try(each.value.source_account, null)
event_source_token = try(each.value.event_source_token, null)
Expand Down
2 changes: 1 addition & 1 deletion modules/alias/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.35"
version = ">= 4.9"
}
}
}

0 comments on commit 31d75e7

Please sign in to comment.