spring-media / terraform-aws-lambda Goto Github PK
View Code? Open in Web Editor NEWA Terraform module to create AWS Lambda ressources.
Home Page: https://registry.terraform.io/modules/spring-media/lambda/aws
License: MIT License
A Terraform module to create AWS Lambda ressources.
Home Page: https://registry.terraform.io/modules/spring-media/lambda/aws
License: MIT License
Further development of this module will be continued in moritzzimmer/terraform-aws-lambda.
Users of spring-media/lambda/aws
should migrate to this module as a drop-in replacement for all provisions up to release/tag 5.2.1
to benefit from new features and bugfixes.
module "lambda" {
source = "moritzzimmer/lambda/aws"
version = "5.2.1"
filename = "my-package.zip"
function_name = "my-function"
handler = "my-handler"
runtime = "go1.x"
source_code_hash = filebase64sha256("${path.module}/my-package.zip")
}
Lambda functions can be triggered from CloudWatch either by event_pattern
or schedule_expression
, see https://www.terraform.io/docs/providers/aws/r/cloudwatch_event_rule.html.
Currently only the latter is supported in this module. Idea: deprecate the current cloudwatch-scheduled-event
sub-module in favor of a cloudwatch
sub-module supporting both.
Currently this module configures the following policy for ssm_parameter_names
:
data "aws_iam_policy_document" "ssm_policy_document" {
count = length(var.ssm_parameter_names)
statement {
actions = [
"ssm:GetParameters",
"ssm:GetParametersByPath",
]
resources = [
"arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter/${element(var.ssm_parameter_names, count.index)}",
]
}
}
This datasource should also permit ssm:GetParameter
.
The publish
variable defaults to true
in the main module, https://github.com/spring-media/terraform-aws-lambda/blob/master/variables.tf#L60. However in the submodule, it defaults false
, https://github.com/spring-media/terraform-aws-lambda/blob/master/modules/lambda/variables.tf#L43.
The docs indicate the default is false, https://www.terraform.io/docs/providers/aws/r/lambda_function.html#publish. Was there an intentional reason to set to true
?
Hello,
Thanks for this useful component.
I would like to request an example of https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-sqs-event involving the creation of the required SQS queue instead of hard-coding the ARN on it.
There are different possibilities and recommendations how to manage and access secrets (e.g. database passwords) inside Lambda functions (see e.g here and here).
Currently this module supports reading (optionally encrypted) parameters from AWS Systems Manager Parameter Store
at runtime by creating IAM policies allowing access to and decryption of parameters by setting ssm_parameter_names
and kms_key_arn
. This is the recommended way for Lambda functions if the Parameter Store API limits are no concern in case of horizontal scaling.
Unfortunately kms_key_arn
conflicts with the parameter specified in the Terraform Lambda ressource to specify a key that is used to encrypt environment variables.
Proposal:
ssm { parameters: [], kms_key_arn: ""}
) to configure IAM policies for runtime SSM access (with custom key)kms_key_arn
to it's default meaning an pass it down to lambda submoduleAWS Secrets Manager
in case consumers need more permissions that CloudWatch Logs (e.g. Parameter Store, KMS, ...)
We should be giving the lambda executing role name a distinct name (e.g prefix it with tf) in order to avoid confusion:
role = "${module.lambda.function_name}"
Every time i run my terraform the lambda module thinks it needs recreation. This is the output I get when running a plan:
resource "aws_lambda_function" "lambda" {
...
...
~ last_modified = "2020-07-07T14:23:45.641+0000" -> (known after apply)
layers = []
memory_size = 128
...
...
Is there a way I can avoid this? last_modified
is the only attribute that needs changing. It would be good if we could pass some variable so the resource can have a lifecycle (or it could be just added to the resource):
lifecycle {
ignore_changes = [
last_modified
]
}
Many thanks.
Allow for a new role or additional permissions be added to the role
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.