A Terraform module for creating a aws lambda function. Creates a function, aws_iam_role (optional), and trigger (optional).
module "lambda" {
source = "git@bitbucket.org:trulioo/terraform-module-aws-lambda-function.git?ref=0.0.1"
function_name = "my-function"
handler = "MyProject::Project.MyFunction::FunctionHandler""
filename = "./function_source/function.zip"
runtime = "dotnetcore2.1"
environment = "dev"
environment_variables = {
environment_variable_1 = "my-function-1"
environment_variable_2 = "my-function-2"
}
}
| Name | Version |
|---|---|
| aws | 2.47.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aws_lambda_event_source_mapping_event_source_arn | n/a | string |
n/a | yes |
| create_role_name_prefix | (Optional, Forces new resource) Creates a unique name for the newly created role beginning with the specified prefix. Conflicts with name. | string |
n/a | yes |
| create_role_path | (Optional) The path to the newly created role. | string |
n/a | yes |
| dead_letter_config_target_arn | (Optional) ARN of a target SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted. | string |
n/a | yes |
| description | The description of the lambda function. | string |
n/a | yes |
| environment | n/a | string |
n/a | yes |
| filename | The path to the deployment package. Tf s3_bucket is defined this is the path relative from the root of the bucket. If s3_bucket is not defined this the path on the local file system. | string |
n/a | yes |
| function_name | The name of the lambda function. | string |
n/a | yes |
| handler | The executable file name value. For example, 'myHandler' would call the main function in the package “main” of the myHandler executable program.. | string |
n/a | yes |
| kms_key_arn | (Optional) Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and Terraform will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration. | string |
n/a | yes |
| lambda_permission_event_source_token | (Optional) The Event Source Token to validate. Used with Alexa Skills. | string |
n/a | yes |
| lambda_permission_qualifier | (Optional) Query parameter to specify function version or alias name. The permission will then apply to the specific qualified ARN. e.g. arn:aws:lambda:aws-region:acct-id:function:function-name:2 | string |
n/a | yes |
| lambda_permission_source_account | (Optional) This parameter is used for S3 and SES. The AWS account ID (without a hyphen) of the source owner. | string |
n/a | yes |
| lambda_permission_source_arn | (Optional) When granting Amazon S3 or CloudWatch Events permission to invoke your function, you should specify this field with the Amazon Resource Name (ARN) for the S3 Bucket or CloudWatch Events Rule as its value. This ensures that only events generated from the specified bucket or rule can invoke the function. API Gateway ARNs have a unique structure described here. | string |
n/a | yes |
| lambda_permission_statement_id | (Optional) A unique statement identifier. By default generated by Terraform. | string |
n/a | yes |
| layers | (Optional) List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers | list(string) |
n/a | yes |
| s3_bucket | (Optional) The S3 bucket location containing the function's deployment package. This bucket must reside in the same AWS region where you are creating the Lambda function. | string |
n/a | yes |
| s3_object_version | (Optional) The object version containing the function's deployment package. If set s3_bucket if required. | string |
n/a | yes |
| source_code_hash | (Optional) Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key. The usual way to set this is filebase64sha256('file.zip') (Terraform 0.11.12 and later) or base64sha256(file('file.zip')) (Terraform 0.11.11 and earlier), where 'file.zip' is the local filename of the lambda function source archive. | string |
n/a | yes |
| create_lambda_permission | If true, grants resources permission to invoke lambda function. See lambda_permission variables. | bool |
false |
no |
| create_max_session_duration | The maximum session duration (in seconds) that you want to set for the newly created role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. | number |
3600 |
no |
| create_role_assume_role_policy_file | (Optional) Path to JSON policy to assign to newly created role. Mandatory if no role is supplied. | string |
"templates/default_assume_role_policy.tpl" |
no |
| create_role_assume_role_policy_source | Whether to load from 'create_role_assume_role_policy_string' or 'create_role_assume_role_policy_file' Acceptable values are 'file', 'string', or 'none' (if not creating a role). | string |
"file" |
no |
| create_role_assume_role_policy_string | (Optional) Full JSON policy to assign to newly created role. Mandatory if no role is supplied. | string |
"" |
no |
| create_role_description | Description of the newly created role. | string |
"" |
no |
| create_role_force_detach_policies | (Optional) Specifies to force detaching any policies the newly created role has before destroying it. Defaults to false. | bool |
false |
no |
| create_role_permission_policy_file | (Optional) Path to JSON permission policy to assign to newly created role. Mandatory if no role is supplied. | string |
"templates/default_iam_policy.tpl" |
no |
| create_role_permission_policy_source | Whether to load from 'create_role_permission_policy_string' or 'create_role_permission_policy_file' Acceptable values are 'file', 'string', or 'none' (if not creating a role). | string |
"file" |
no |
| create_role_permission_policy_string | (Optional) Full JSON permission policy to assign to newly created role. Mandatory if no role is supplied. | string |
"" |
no |
| create_role_permissions_boundary | (Optional) The ARN of the policy that is used to set the permissions boundary for the newly created role. | string |
"" |
no |
| create_role_tags | (Optional) Key-value mapping of tags for the newly created role. | map(string) |
{} |
no |
| environment_variables | (Optional) A map that defines environment variables for the Lambda function. | map(string) |
{} |
no |
| lambda_permission_action | (Required if assigning a resource policy) The AWS Lambda action you want to allow in this statement. (e.g. lambda:InvokeFunction) | string |
"lambda:InvokeFunction" |
no |
| lambda_permission_principal | (Required if assigning a resource policy) The principal who is getting this permission. e.g. s3.amazonaws.com, an AWS account ID, or any valid AWS service principal such as events.amazonaws.com or sns.amazonaws.com. | string |
"apigateway.amazonaws.com" |
no |
| lambda_permission_statement_id_prefix | (Optional) A statement identifier prefix. Terraform will generate a unique suffix. Conflicts with statement_id. | string |
"AllowInvoke" |
no |
| memory_size | (Optional) Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits | number |
256 |
no |
| publish | (Optional) Whether to publish creation/change as new Lambda Function Version. Defaults to false. | bool |
true |
no |
| reserved_concurrent_executions | (Optional) The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency | number |
-1 |
no |
| role | The ARN of a role that defines the permissions of your function. | string |
"" |
no |
| runtime | The runtime of the lambda function. Options can be found here: https://docs.aws.amazon.com/sdkfornet/v3/apidocs/index.html?page=Lambda/TLambdaRuntime.html&tocid=Amazon_Lambda_Runtime | string |
"nodejs12.x" |
no |
| tags | (Optional) A mapping of tags to assign to the object. | map(string) |
{} |
no |
| timeout | (Optional) The amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits | number |
30 |
no |
| tracing_config_mode | (Optional) Can be either PassThrough or Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with 'sampled=1'. If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision. | string |
"" |
no |
| vpc_config_security_group_ids | (Required if running Lambda in VPC) A list of security group IDs associated with the Lambda function. | list(string) |
[] |
no |
| vpc_config_subnet_ids | (Required if running Lambda in VPC) A list of subnet IDs associated with the Lambda function. | list(string) |
[] |
no |
| Name | Description |
|---|---|
| lambda | The lambda function. |