Deploys the following resources:
- An IAM Managed policy
- An IAM Role
- A CloudWatch log group
- A Lambda function (URL optional)
This uses the HashiCorp experimental test feature.
No requirements.
| Name | Version |
|---|---|
| archive | 2.4.0 |
| aws | 5.26.0 |
No modules.
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.main | resource |
| aws_iam_policy.main | resource |
| aws_iam_policy.policy | resource |
| aws_iam_role.main | resource |
| aws_iam_role_policy_attachment.main | resource |
| aws_lambda_function.main | resource |
| aws_lambda_function_url.main | resource |
| archive_file.lambda_zip | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| add_url | Allow invoking the Lambda function via HTTPS. See https://aws.amazon.com/blogs/aws/announcing-aws-lambda-function-urls-built-in-https-endpoints-for-single-function-microservices/ | bool |
false |
no |
| additional_policies | A map of policies, where the key is the name of the policy and the value is a path to a JSON IAM policy file. This file will be parsed as a template and deployed as a managed policy, then attached to the Lambda execution IAM role. See additional_policies_template_vars for how to add your own variable to be filled in during template processing. |
map(object({})) |
null |
no |
| additional_policies_template_vars | Template variables to use for additional manages policies files to attach to the Lambda execution IAM role. These will be merged with variable that contain the Lambda ARN. |
map(object({})) |
{} |
no |
| architecture | Instruction set architecture for your Lambda function. Valid values are x86_64 or arm64. | string |
"x86_64" |
no |
| aws_account | AWS account id. | number |
n/a | yes |
| aws_region | AWS region to deploy the function. | string |
n/a | yes |
| description | Function description. | string |
null |
no |
| environment_vars | Key value pairs to add to Lambda function as environment variables. | map(string) |
null |
no |
| handler | Name of the function that serves as the entrypoint in your code (or the name of the executable for binaries). | string |
n/a | yes |
| iac_source | URL where the code lives. | string |
n/a | yes |
| invoke_mode | Determines how the Lambda function responds to an invocation. Valid values are BUFFERED and RESPONSE_STREAM. | string |
"BUFFERED" |
no |
| log_retention_in_days | Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0 they never expire. | number |
14 |
no |
| name | Lambda function name. | string |
n/a | yes |
| policy_path | Path to a IAM policy. Careful, you may want to use additional_policies, as this will replace the policy you get for free that grants permission to create logs in CloudWatch. Should you replace this make sure your function still has permission to log to its CloudWatch log group. | string |
null |
no |
| reserved_concurrent_executions | Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits. | string |
-1 |
no |
| role_arn | ARN for the function to assume, this will be used instad of making a new role. | string |
null |
no |
| runtime | Identifier of the function's runtime. See https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime | string |
n/a | yes |
| source_file | a file to zip up for your Lambda. Works well apps that build to a single binary. | string |
null |
no |
| source_zip | Supply your own zip for he Lambda. | string |
null |
no |
| url_alias | n/a | string |
null |
no |
| url_authorization_type | Valid values are NONE and AWS_IAM. | string |
"AWS_IAM" |
no |
| url_cors_allowed_headers | HTTP headers allowed for CORS request. | list(string) |
[ |
no |
| url_cors_allowed_methods | List of HTTP methods allowed for CORS request. | list(string) |
[ |
no |
| url_cors_allowed_origins | List of any CORS origins (domain, scheme, or port) other than its own from which a browser should permit loading resources | list(string) |
[ |
no |
| url_cors_headers_to_expose | List of HTTP headers to expose in CORS response. | list(string) |
[ |
no |
| url_cors_max_age | The maximum amount of time, in seconds, that web browsers can cache results of a preflight request. The maximum value is 86400. | number |
0 |
no |
| Name | Description |
|---|---|
| function_arn | n/a |
| function_memory_size | n/a |
| function_url | n/a |
| iam_policy_arn | n/a |
| iam_role_arn | n/a |
| iam_role_name | n/a |
| log_group_arn | n/a |