From 23375149b45b89b1921da6dd7f5608502b8b3cdf Mon Sep 17 00:00:00 2001 From: Dan Webb Date: Sun, 17 May 2020 07:34:54 +0100 Subject: [PATCH] IAM Additional Services (#10) * Add/archive ignore (#1) * Adds exclude_files option to archive The undocumented excludes option to acrhive file is extremely helpful when you have test code included in the same directory as the lambda https://github.com/hashicorp/terraform-provider-archive/pull/55 * Fix default values for archive ignore * Adds the ability to trigger the lambda from additional sources such as API Gateway Co-authored-by: nozaq --- README.md | 53 ++++++++++++++++++++++++++-------------------------- main.tf | 28 ++++++++++++--------------- variables.tf | 6 ++++++ 3 files changed, 45 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index 360c292..aeb4479 100644 --- a/README.md +++ b/README.md @@ -60,32 +60,33 @@ No requirements. ## Inputs -| Name | Description | Type | Default | Required | -| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ------------------------------------------ | :------: | -| build\_command | This is the build command to execute. It can be provided as a relative path to the current working directory or as an absolute path. It is evaluated in a shell, and can use environment variables or Terraform variables. | `string` | `""` | no | -| build\_triggers | A map of values which should cause the build command to re-run. Values are meant to be interpolated references to variables or attributes of other resources. | `list(string)` | `[]` | no | -| dead\_letter\_config | Nested block to configure the function's dead letter queue. |
object({
target_arn = string
})
| `null` | no | -| description | Description of what your Lambda Function does. | `string` | `""` | no | -| environment | A map that defines environment variables for the Lambda function. |
object({
variables = map(string)
})
| `null` | no | -| exclude\_files | A list of directories or folders to ignore, e.g.
exclude\_files = ["test", "src/\*\*/\*.ts"] | `list(string)` | n/a | yes | -| function\_name | A unique name for your Lambda Function. | `string` | n/a | yes | -| handler | The function entrypoint in your code. | `string` | n/a | yes | -| iam\_role\_name\_prefix | The prefix string for the name of IAM role for the lambda function. | `string` | `""` | no | -| kms\_key\_arn | The ARN for the KMS encryption key. | `string` | `null` | no | -| kms\_key\_id | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | -| layers | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `[]` | no | -| memory\_size | Amount of memory in MB your Lambda Function can use at runtime. | `number` | `128` | no | -| output\_path | A path to which the source directory is archived before uploading to AWS. | `string` | n/a | yes | -| policy\_arns | A list of IAM policy ARNs attached to the lambda function. | `list(string)` | `[]` | no | -| publish | Whether to publish creation/change as new Lambda Function Version. | `string` | `false` | no | -| reserved\_concurrent\_executions | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. | `string` | `-1` | no | -| retention\_in\_days | Specifies the number of days you want to retain log events in the specified log group. | `number` | `null` | no | -| runtime | The identifier of the function's runtime. | `string` | n/a | yes | -| source\_dir | A path to the directory which contains source files. | `string` | n/a | yes | -| tags | A mapping of tags to assign to resources. | `map` |
{
"Terraform": "true"
}
| no | -| timeout | The maximum number of seconds the lambda function to run until timeout. | `number` | `3` | no | -| tracing\_config | Can be either PassThrough or Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision. |
object({
mode = string
})
| `null` | no | -| vpc\_config | Provide this to allow your function to access your VPC. | `any` | `null` | no | +| Name | Description | Type | Default | Required | +| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | --------------------------------------------- | :------: | +| allowed\_services | A list of AWS Services that are allowed to access this lambda. | `list(string)` |
[
"lambda.amazonaws.com"
]
| no | +| build\_command | This is the build command to execute. It can be provided as a relative path to the current working directory or as an absolute path. It is evaluated in a shell, and can use environment variables or Terraform variables. | `string` | `""` | no | +| build\_triggers | A map of values which should cause the build command to re-run. Values are meant to be interpolated references to variables or attributes of other resources. | `list` | `[]` | no | +| dead\_letter\_config | Nested block to configure the function's dead letter queue. |
object({
target_arn = string
})
| `null` | no | +| description | Description of what your Lambda Function does. | `string` | `""` | no | +| environment | A map that defines environment variables for the Lambda function. |
object({
variables = map(string)
})
| `null` | no | +| exclude\_files | A list of directories or folders to ignore, e.g.
exclude\_files = ["test", "src/\*\*/\*.ts"] | `list(string)` | `[]` | no | +| function\_name | A unique name for your Lambda Function. | `string` | n/a | yes | +| handler | The function entrypoint in your code. | `string` | n/a | yes | +| iam\_role\_name\_prefix | The prefix string for the name of IAM role for the lambda function. | `string` | `""` | no | +| kms\_key\_arn | The ARN for the KMS encryption key. | `string` | `null` | no | +| kms\_key\_id | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | +| layers | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `[]` | no | +| memory\_size | Amount of memory in MB your Lambda Function can use at runtime. | `number` | `128` | no | +| output\_path | A path to which the source directory is archived before uploading to AWS. | `string` | n/a | yes | +| policy\_arns | A list of IAM policy ARNs attached to the lambda function. | `list(string)` | `[]` | no | +| publish | Whether to publish creation/change as new Lambda Function Version. | `string` | `false` | no | +| reserved\_concurrent\_executions | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. | `string` | `-1` | no | +| retention\_in\_days | Specifies the number of days you want to retain log events in the specified log group. | `number` | `null` | no | +| runtime | The identifier of the function's runtime. | `string` | n/a | yes | +| source\_dir | A path to the directory which contains source files. | `string` | n/a | yes | +| tags | A mapping of tags to assign to resources. | `map` |
{
"Terraform": "true"
}
| no | +| timeout | The maximum number of seconds the lambda function to run until timeout. | `number` | `3` | no | +| tracing\_config | Can be either PassThrough or Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision. |
object({
mode = string
})
| `null` | no | +| vpc\_config | Provide this to allow your function to access your VPC. | `any` | `null` | no | ## Outputs diff --git a/main.tf b/main.tf index 2b34210..7cd6d2b 100644 --- a/main.tf +++ b/main.tf @@ -2,24 +2,20 @@ # IAM role for Lambda function #--------------------------------------------------------------------------------------------------- resource "aws_iam_role" "this" { - name_prefix = var.iam_role_name_prefix - - assume_role_policy = <