From 6b7015b4ab1c24abcf37c6253fac1bc8679d0049 Mon Sep 17 00:00:00 2001 From: Chris Spitzenberger Date: Mon, 25 Apr 2022 14:08:50 -0500 Subject: [PATCH 01/10] Add basic support for lambda function url resource --- main.tf | 6 ++++++ variables.tf | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/main.tf b/main.tf index 57f9a041..03d69aab 100644 --- a/main.tf +++ b/main.tf @@ -285,3 +285,9 @@ resource "aws_lambda_event_source_mapping" "this" { } } } + +resource "aws_lambda_function_url" "this" { + count = local.create && var.create_lambda_function_url + function_name = aws_lambda_function.this.function_name + authorization_type = "NONE" +} diff --git a/variables.tf b/variables.tf index b1751877..f121851a 100644 --- a/variables.tf +++ b/variables.tf @@ -28,6 +28,12 @@ variable "create_role" { default = true } +variable "create_lambda_function_url" { + description = "Controls where the Lambda Function URL resource should be created" + type = bool + default = false +} + variable "putin_khuylo" { description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!" type = bool From 92a35347ae6abbd8c931ef4fb9a6816c55909cb6 Mon Sep 17 00:00:00 2001 From: Chris Spitzenberger Date: Mon, 25 Apr 2022 14:15:29 -0500 Subject: [PATCH 02/10] Update example & add output --- examples/simple/main.tf | 7 ++++--- outputs.tf | 5 +++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/examples/simple/main.tf b/examples/simple/main.tf index e64f2310..18835c18 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -36,9 +36,10 @@ module "lambda_function" { publish = true - function_name = "${random_pet.this.id}-lambda-simple" - handler = "index.lambda_handler" - runtime = "python3.8" + function_name = "${random_pet.this.id}-lambda-simple" + handler = "index.lambda_handler" + runtime = "python3.8" + create_lambda_function_url = true # attach_cloudwatch_logs_policy = false diff --git a/outputs.tf b/outputs.tf index 53b6b8a3..7d6567cc 100644 --- a/outputs.tf +++ b/outputs.tf @@ -44,6 +44,11 @@ output "lambda_function_source_code_size" { value = try(aws_lambda_function.this[0].source_code_size, "") } +output "lambda_function_url" { + description = "The URL of the Lambda Function" + value = try(aws_lambda_function_url.this[0].arn, "") +} + # Lambda Layer output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" From 6afe956aab12a24ca1c054139b8d461843da608b Mon Sep 17 00:00:00 2001 From: Chris Spitzenberger Date: Mon, 25 Apr 2022 14:46:01 -0500 Subject: [PATCH 03/10] Add authorization_type and cors support --- examples/complete/main.tf | 11 +++++++++++ examples/simple/main.tf | 1 - main.tf | 19 +++++++++++++++++-- outputs.tf | 7 ++++++- variables.tf | 19 +++++++++++++++++++ 5 files changed, 53 insertions(+), 4 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index d644fc5f..87ddf30a 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -66,6 +66,17 @@ module "lambda_function" { } } + create_lambda_function_url = true + authorization_type = "AWS_IAM" + cors = { + allow_credentials = true + allow_origins = ["*"] + allow_methods = ["*"] + allow_headers = ["date", "keep-alive"] + expose_headers = ["keep-alive", "date"] + max_age = 86400 + } + ###################### # Additional policies ###################### diff --git a/examples/simple/main.tf b/examples/simple/main.tf index 18835c18..695bea10 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -39,7 +39,6 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda-simple" handler = "index.lambda_handler" runtime = "python3.8" - create_lambda_function_url = true # attach_cloudwatch_logs_policy = false diff --git a/main.tf b/main.tf index 03d69aab..75adea93 100644 --- a/main.tf +++ b/main.tf @@ -287,7 +287,22 @@ resource "aws_lambda_event_source_mapping" "this" { } resource "aws_lambda_function_url" "this" { - count = local.create && var.create_lambda_function_url + count = local.create && var.create_lambda_function_url + function_name = aws_lambda_function.this.function_name - authorization_type = "NONE" + qualifier = aws_lambda_function.this.version + authorization_type = var.authorization_type + + dynamic "cors" { + for_each = var.cors == null ? [] : [true] + + content { + allow_credentials = lookup(var.cors, allow_credentials, true) + allow_origins = lookup(var.cors, allow_origins, ["*"]) + allow_methods = lookup(var.cors, allow_methods, ["*"]) + allow_headers = lookup(var.cors, allow_headers, ["date", "keep-alive"]) + expose_headers = lookup(var.cors, expose_headers, ["keep-alive", "date"]) + max_age = lookup(var.cors, expose_headers, 86400) + } + } } diff --git a/outputs.tf b/outputs.tf index 7d6567cc..37a33878 100644 --- a/outputs.tf +++ b/outputs.tf @@ -46,7 +46,12 @@ output "lambda_function_source_code_size" { output "lambda_function_url" { description = "The URL of the Lambda Function" - value = try(aws_lambda_function_url.this[0].arn, "") + value = try(aws_lambda_function_url.this[0].function_url, "") +} + +output "lambda_function_url_id" { + description = "The Lambda Function URL generated id" + value = try(aws_lambda_function_url.this[0].url_id, "") } # Lambda Layer diff --git a/variables.tf b/variables.tf index f121851a..93bfb735 100644 --- a/variables.tf +++ b/variables.tf @@ -211,6 +211,25 @@ variable "image_config_working_directory" { default = null } +variable "authorization_type" { + description = "The type of authentication that the function URL uses. Set to 'AWS_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint." + type = string + default = "NONE" +} + +variable "cors" { + description = "CORS settings to be used by the Lambda Function URL" + type = map(object({ + allow_credentials = bool + allow_origins = list(string) + allow_methods = list(string) + allow_headers = list(string) + expose_headers = list(string) + max_age = number + })) + default = {} +} + ######## # Layer ######## From bf9873a684beb36f7a1df6f10659bd64510448cc Mon Sep 17 00:00:00 2001 From: Chris Spitzenberger Date: Mon, 25 Apr 2022 15:55:02 -0500 Subject: [PATCH 04/10] fix reference to lambda function --- main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 75adea93..4b152b7b 100644 --- a/main.tf +++ b/main.tf @@ -289,8 +289,8 @@ resource "aws_lambda_event_source_mapping" "this" { resource "aws_lambda_function_url" "this" { count = local.create && var.create_lambda_function_url - function_name = aws_lambda_function.this.function_name - qualifier = aws_lambda_function.this.version + function_name = aws_lambda_function.this[0].function_name + qualifier = aws_lambda_function.this[0].version authorization_type = var.authorization_type dynamic "cors" { From 087db44b282bd5f13e733501cdb0821aaf857448 Mon Sep 17 00:00:00 2001 From: Chris Spitzenberger Date: Mon, 25 Apr 2022 15:56:42 -0500 Subject: [PATCH 05/10] fix count condition --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 4b152b7b..9dc9bbb1 100644 --- a/main.tf +++ b/main.tf @@ -287,7 +287,7 @@ resource "aws_lambda_event_source_mapping" "this" { } resource "aws_lambda_function_url" "this" { - count = local.create && var.create_lambda_function_url + count = local.create && var.create_lambda_function_url ? 1 : 0 function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version From b9f6d3e4cf499685e494d587d1e7bcd70485da22 Mon Sep 17 00:00:00 2001 From: Chris Spitzenberger Date: Mon, 25 Apr 2022 18:08:39 -0500 Subject: [PATCH 06/10] update docs, fix examples, fix cors input object type --- README.md | 6 ++++++ examples/simple/main.tf | 6 +++--- main.tf | 12 ++++++------ variables.tf | 13 ++++++++++--- 4 files changed, 25 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 86d97204..09a3b7ac 100644 --- a/README.md +++ b/README.md @@ -647,6 +647,7 @@ No modules. | [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | | [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | | [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | +| [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource | | [aws_lambda_layer_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_layer_version) | resource | | [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | | [aws_lambda_permission.unqualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | @@ -684,17 +685,20 @@ No modules. | [attach\_policy\_jsons](#input\_attach\_policy\_jsons) | Controls whether policy\_jsons should be added to IAM role for Lambda Function | `bool` | `false` | no | | [attach\_policy\_statements](#input\_attach\_policy\_statements) | Controls whether policy\_statements should be added to IAM role for Lambda Function | `bool` | `false` | no | | [attach\_tracing\_policy](#input\_attach\_tracing\_policy) | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [authorization\_type](#input\_authorization\_type) | The type of authentication that the function URL uses. Set to 'AWS\_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no | | [build\_in\_docker](#input\_build\_in\_docker) | Whether to build dependencies in Docker | `bool` | `false` | no | | [cloudwatch\_logs\_kms\_key\_id](#input\_cloudwatch\_logs\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | | [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | | [cloudwatch\_logs\_tags](#input\_cloudwatch\_logs\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | | [compatible\_architectures](#input\_compatible\_architectures) | A list of Architectures Lambda layer is compatible with. Currently x86\_64 and arm64 can be specified. | `list(string)` | `null` | no | | [compatible\_runtimes](#input\_compatible\_runtimes) | A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified. | `list(string)` | `[]` | no | +| [cors](#input\_cors) | CORS settings to be used by the Lambda Function URL | 
object({
    allow_credentials = bool
    allow_origins     = list(string)
    allow_methods     = list(string)
    allow_headers     = list(string)
    expose_headers    = list(string)
    max_age           = number
  })
| 
{
  "allow_credentials": true,
  "allow_headers": [
    "date",
    "keep-alive"
  ],
  "allow_methods": [
    "*"
  ],
  "allow_origins": [
    "*"
  ],
  "expose_headers": [
    "keep-alive",
    "date"
  ],
  "max_age": 86400
}
| no | | [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | | [create\_async\_event\_config](#input\_create\_async\_event\_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | | [create\_current\_version\_allowed\_triggers](#input\_create\_current\_version\_allowed\_triggers) | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | | [create\_current\_version\_async\_event\_config](#input\_create\_current\_version\_async\_event\_config) | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | | [create\_function](#input\_create\_function) | Controls whether Lambda Function resource should be created | `bool` | `true` | no | +| [create\_lambda\_function\_url](#input\_create\_lambda\_function\_url) | Controls where the Lambda Function URL resource should be created | `bool` | `false` | no | | [create\_layer](#input\_create\_layer) | Controls whether Lambda Layer resource should be created | `bool` | `false` | no | | [create\_package](#input\_create\_package) | Controls whether Lambda package should be created | `bool` | `true` | no | | [create\_role](#input\_create\_role) | Controls whether IAM role for Lambda Function should be created | `bool` | `true` | no | @@ -790,6 +794,8 @@ No modules. | [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | | [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | | [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_url](#output\_lambda\_function\_url) | The URL of the Lambda Function | +| [lambda\_function\_url\_id](#output\_lambda\_function\_url\_id) | The Lambda Function URL generated id | | [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | | [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | | [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | diff --git a/examples/simple/main.tf b/examples/simple/main.tf index 695bea10..e64f2310 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -36,9 +36,9 @@ module "lambda_function" { publish = true - function_name = "${random_pet.this.id}-lambda-simple" - handler = "index.lambda_handler" - runtime = "python3.8" + function_name = "${random_pet.this.id}-lambda-simple" + handler = "index.lambda_handler" + runtime = "python3.8" # attach_cloudwatch_logs_policy = false diff --git a/main.tf b/main.tf index 9dc9bbb1..0d90ab6a 100644 --- a/main.tf +++ b/main.tf @@ -297,12 +297,12 @@ resource "aws_lambda_function_url" "this" { for_each = var.cors == null ? [] : [true] content { - allow_credentials = lookup(var.cors, allow_credentials, true) - allow_origins = lookup(var.cors, allow_origins, ["*"]) - allow_methods = lookup(var.cors, allow_methods, ["*"]) - allow_headers = lookup(var.cors, allow_headers, ["date", "keep-alive"]) - expose_headers = lookup(var.cors, expose_headers, ["keep-alive", "date"]) - max_age = lookup(var.cors, expose_headers, 86400) + allow_credentials = lookup(var.cors, allow_credentials) + allow_origins = lookup(var.cors, allow_origins) + allow_methods = lookup(var.cors, allow_methods) + allow_headers = lookup(var.cors, allow_headers) + expose_headers = lookup(var.cors, expose_headers) + max_age = lookup(var.cors, expose_headers) } } } diff --git a/variables.tf b/variables.tf index 93bfb735..a0d746b7 100644 --- a/variables.tf +++ b/variables.tf @@ -219,15 +219,22 @@ variable "authorization_type" { variable "cors" { description = "CORS settings to be used by the Lambda Function URL" - type = map(object({ + type = object({ allow_credentials = bool allow_origins = list(string) allow_methods = list(string) allow_headers = list(string) expose_headers = list(string) max_age = number - })) - default = {} + }) + default = { + allow_credentials = true + allow_origins = ["*"] + allow_methods = ["*"] + allow_headers = ["date", "keep-alive"] + expose_headers = ["keep-alive", "date"] + max_age = 86400 + } } ######## From 9c131ae4adbe022a61fb58f6e7fbb65b903c1cd2 Mon Sep 17 00:00:00 2001 From: Chris Spitzenberger Date: Tue, 26 Apr 2022 10:17:35 -0500 Subject: [PATCH 07/10] fix cors variable again (type any this time) --- README.md | 2 +- main.tf | 14 +++++++------- variables.tf | 18 ++---------------- 3 files changed, 10 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 09a3b7ac..13a3536a 100644 --- a/README.md +++ b/README.md @@ -692,7 +692,7 @@ No modules. | [cloudwatch\_logs\_tags](#input\_cloudwatch\_logs\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | | [compatible\_architectures](#input\_compatible\_architectures) | A list of Architectures Lambda layer is compatible with. Currently x86\_64 and arm64 can be specified. | `list(string)` | `null` | no | | [compatible\_runtimes](#input\_compatible\_runtimes) | A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified. | `list(string)` | `[]` | no | -| [cors](#input\_cors) | CORS settings to be used by the Lambda Function URL | 
object({
    allow_credentials = bool
    allow_origins     = list(string)
    allow_methods     = list(string)
    allow_headers     = list(string)
    expose_headers    = list(string)
    max_age           = number
  })
| 
{
  "allow_credentials": true,
  "allow_headers": [
    "date",
    "keep-alive"
  ],
  "allow_methods": [
    "*"
  ],
  "allow_origins": [
    "*"
  ],
  "expose_headers": [
    "keep-alive",
    "date"
  ],
  "max_age": 86400
}
| no | +| [cors](#input\_cors) | CORS settings to be used by the Lambda Function URL | `any` | `{}` | no | | [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | | [create\_async\_event\_config](#input\_create\_async\_event\_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | | [create\_current\_version\_allowed\_triggers](#input\_create\_current\_version\_allowed\_triggers) | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | diff --git a/main.tf b/main.tf index 0d90ab6a..676ed452 100644 --- a/main.tf +++ b/main.tf @@ -294,15 +294,15 @@ resource "aws_lambda_function_url" "this" { authorization_type = var.authorization_type dynamic "cors" { - for_each = var.cors == null ? [] : [true] + for_each = length(keys(var.cors)) == 0 ? [] : [var.cors] content { - allow_credentials = lookup(var.cors, allow_credentials) - allow_origins = lookup(var.cors, allow_origins) - allow_methods = lookup(var.cors, allow_methods) - allow_headers = lookup(var.cors, allow_headers) - expose_headers = lookup(var.cors, expose_headers) - max_age = lookup(var.cors, expose_headers) + allow_credentials = try(cors.value.allow_credentials, null) + allow_headers = try(cors.value.allow_headers, null) + allow_methods = try(cors.value.allow_methods, null) + allow_origins = try(cors.value.allow_origins, null) + expose_headers = try(cors.value.expose_headers, null) + max_age = try(cors.value.max_age, null) } } } diff --git a/variables.tf b/variables.tf index a0d746b7..04965149 100644 --- a/variables.tf +++ b/variables.tf @@ -219,22 +219,8 @@ variable "authorization_type" { variable "cors" { description = "CORS settings to be used by the Lambda Function URL" - type = object({ - allow_credentials = bool - allow_origins = list(string) - allow_methods = list(string) - allow_headers = list(string) - expose_headers = list(string) - max_age = number - }) - default = { - allow_credentials = true - allow_origins = ["*"] - allow_methods = ["*"] - allow_headers = ["date", "keep-alive"] - expose_headers = ["keep-alive", "date"] - max_age = 86400 - } + type = any + default = {} } ######## From f832284beb96bb98664c661f4063f3754cd0a36c Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 27 Apr 2022 09:35:12 +0200 Subject: [PATCH 08/10] Apply suggestions from code review --- main.tf | 2 +- variables.tf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 676ed452..fa07ce1d 100644 --- a/main.tf +++ b/main.tf @@ -287,7 +287,7 @@ resource "aws_lambda_event_source_mapping" "this" { } resource "aws_lambda_function_url" "this" { - count = local.create && var.create_lambda_function_url ? 1 : 0 + count = local.create && var.create_function && !var.create_layer && var.create_lambda_function_url ? 1 : 0 function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version diff --git a/variables.tf b/variables.tf index 04965149..1e254962 100644 --- a/variables.tf +++ b/variables.tf @@ -29,7 +29,7 @@ variable "create_role" { } variable "create_lambda_function_url" { - description = "Controls where the Lambda Function URL resource should be created" + description = "Controls whether the Lambda Function URL resource should be created" type = bool default = false } @@ -212,7 +212,7 @@ variable "image_config_working_directory" { } variable "authorization_type" { - description = "The type of authentication that the function URL uses. Set to 'AWS_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint." + description = "The type of authentication that the Lambda Function URL uses. Set to 'AWS_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint." type = string default = "NONE" } From c874f7a9fd7d3ae90132c5fc75bbb50b7c5e46fc Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 27 Apr 2022 10:39:07 +0200 Subject: [PATCH 09/10] Fixed code and example --- .pre-commit-config.yaml | 4 ++-- README.md | 7 ++++--- examples/complete/README.md | 2 ++ examples/complete/main.tf | 3 +++ examples/complete/outputs.tf | 11 +++++++++++ main.tf | 6 ++++-- outputs.tf | 3 ++- variables.tf | 10 ++++++++++ 8 files changed, 38 insertions(+), 8 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 093121e0..be3cc7aa 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.62.3 + rev: v1.69.0 hooks: - id: terraform_fmt - id: terraform_validate @@ -23,7 +23,7 @@ repos: - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.1.0 + rev: v4.2.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/README.md b/README.md index 13a3536a..3fcfe050 100644 --- a/README.md +++ b/README.md @@ -685,7 +685,7 @@ No modules. | [attach\_policy\_jsons](#input\_attach\_policy\_jsons) | Controls whether policy\_jsons should be added to IAM role for Lambda Function | `bool` | `false` | no | | [attach\_policy\_statements](#input\_attach\_policy\_statements) | Controls whether policy\_statements should be added to IAM role for Lambda Function | `bool` | `false` | no | | [attach\_tracing\_policy](#input\_attach\_tracing\_policy) | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [authorization\_type](#input\_authorization\_type) | The type of authentication that the function URL uses. Set to 'AWS\_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no | +| [authorization\_type](#input\_authorization\_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS\_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no | | [build\_in\_docker](#input\_build\_in\_docker) | Whether to build dependencies in Docker | `bool` | `false` | no | | [cloudwatch\_logs\_kms\_key\_id](#input\_cloudwatch\_logs\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | | [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | @@ -698,12 +698,13 @@ No modules. | [create\_current\_version\_allowed\_triggers](#input\_create\_current\_version\_allowed\_triggers) | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | | [create\_current\_version\_async\_event\_config](#input\_create\_current\_version\_async\_event\_config) | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | | [create\_function](#input\_create\_function) | Controls whether Lambda Function resource should be created | `bool` | `true` | no | -| [create\_lambda\_function\_url](#input\_create\_lambda\_function\_url) | Controls where the Lambda Function URL resource should be created | `bool` | `false` | no | +| [create\_lambda\_function\_url](#input\_create\_lambda\_function\_url) | Controls whether the Lambda Function URL resource should be created | `bool` | `false` | no | | [create\_layer](#input\_create\_layer) | Controls whether Lambda Layer resource should be created | `bool` | `false` | no | | [create\_package](#input\_create\_package) | Controls whether Lambda package should be created | `bool` | `true` | no | | [create\_role](#input\_create\_role) | Controls whether IAM role for Lambda Function should be created | `bool` | `true` | no | | [create\_unqualified\_alias\_allowed\_triggers](#input\_create\_unqualified\_alias\_allowed\_triggers) | Whether to allow triggers on unqualified alias pointing to $LATEST version | `bool` | `true` | no | | [create\_unqualified\_alias\_async\_event\_config](#input\_create\_unqualified\_alias\_async\_event\_config) | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | `bool` | `true` | no | +| [create\_unqualified\_alias\_lambda\_function\_url](#input\_create\_unqualified\_alias\_lambda\_function\_url) | Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL | `bool` | `true` | no | | [dead\_letter\_target\_arn](#input\_dead\_letter\_target\_arn) | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | `string` | `null` | no | | [description](#input\_description) | Description of your Lambda Function (or Layer) | `string` | `""` | no | | [destination\_on\_failure](#input\_destination\_on\_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | @@ -794,7 +795,7 @@ No modules. | [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | | [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | | [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [lambda\_function\_url](#output\_lambda\_function\_url) | The URL of the Lambda Function | +| [lambda\_function\_url](#output\_lambda\_function\_url) | The URL of the Lambda Function URL | | [lambda\_function\_url\_id](#output\_lambda\_function\_url\_id) | The Lambda Function URL generated id | | [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | | [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | diff --git a/examples/complete/README.md b/examples/complete/README.md index d0231c02..47f6e48a 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -73,6 +73,8 @@ No inputs. | [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | | [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | | [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_url](#output\_lambda\_function\_url) | The URL of the Lambda Function URL | +| [lambda\_function\_url\_id](#output\_lambda\_function\_url\_id) | The Lambda Function URL generated id | | [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | | [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | | [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 87ddf30a..0d33d36c 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -66,6 +66,9 @@ module "lambda_function" { } } + ###################### + # Lambda Function URL + ###################### create_lambda_function_url = true authorization_type = "AWS_IAM" cors = { diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 83dbee63..91107b40 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -44,6 +44,17 @@ output "lambda_function_source_code_size" { value = module.lambda_function.lambda_function_source_code_size } +# Lambda Function URL +output "lambda_function_url" { + description = "The URL of the Lambda Function URL" + value = module.lambda_function.lambda_function_url +} + +output "lambda_function_url_id" { + description = "The Lambda Function URL generated id" + value = module.lambda_function.lambda_function_url_id +} + # Lambda Layer output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" diff --git a/main.tf b/main.tf index fa07ce1d..3c9e4c4e 100644 --- a/main.tf +++ b/main.tf @@ -289,8 +289,10 @@ resource "aws_lambda_event_source_mapping" "this" { resource "aws_lambda_function_url" "this" { count = local.create && var.create_function && !var.create_layer && var.create_lambda_function_url ? 1 : 0 - function_name = aws_lambda_function.this[0].function_name - qualifier = aws_lambda_function.this[0].version + function_name = aws_lambda_function.this[0].function_name + + # Error: error creating Lambda Function URL: ValidationException + qualifier = var.create_unqualified_alias_lambda_function_url ? null : aws_lambda_function.this[0].version authorization_type = var.authorization_type dynamic "cors" { diff --git a/outputs.tf b/outputs.tf index 37a33878..f07a3450 100644 --- a/outputs.tf +++ b/outputs.tf @@ -44,8 +44,9 @@ output "lambda_function_source_code_size" { value = try(aws_lambda_function.this[0].source_code_size, "") } +# Lambda Function URL output "lambda_function_url" { - description = "The URL of the Lambda Function" + description = "The URL of the Lambda Function URL" value = try(aws_lambda_function_url.this[0].function_url, "") } diff --git a/variables.tf b/variables.tf index 1e254962..55f9f61d 100644 --- a/variables.tf +++ b/variables.tf @@ -211,6 +211,16 @@ variable "image_config_working_directory" { default = null } +############### +# Function URL +############### + +variable "create_unqualified_alias_lambda_function_url" { + description = "Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL" + type = bool + default = true +} + variable "authorization_type" { description = "The type of authentication that the Lambda Function URL uses. Set to 'AWS_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint." type = string From cb12fd3ab33acec1c290d0f2b77dd78427cf5c70 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 27 Apr 2022 10:49:47 +0200 Subject: [PATCH 10/10] Fixed minimum required version for Lambda Function URL resource --- README.md | 4 ++-- examples/complete/README.md | 4 ++-- examples/complete/versions.tf | 2 +- versions.tf | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 3fcfe050..6f47a04f 100644 --- a/README.md +++ b/README.md @@ -602,7 +602,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 4.8 | +| [aws](#requirement\_aws) | >= 4.9 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -611,7 +611,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.8 | +| [aws](#provider\_aws) | >= 4.9 | | [external](#provider\_external) | >= 1.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | diff --git a/examples/complete/README.md b/examples/complete/README.md index 47f6e48a..1ed48636 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 4.8 | +| [aws](#requirement\_aws) | >= 4.9 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.8 | +| [aws](#provider\_aws) | >= 4.9 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index b19bca77..629d346a 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.8" + version = ">= 4.9" } random = { source = "hashicorp/random" diff --git a/versions.tf b/versions.tf index 74f13846..094732c8 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.8" + version = ">= 4.9" } external = { source = "hashicorp/external"