Skip to content

Commit

Permalink
feat: fixed hardcoded value by defined in variable file (#27)
Browse files Browse the repository at this point in the history
* feat: fixed hardcoded value by defined in variable file

* feat: fixed all the lambda functions

* feat: verified tfchecks

---------

Co-authored-by: Anmol Nagpal <anmol@clouddrove.com>
  • Loading branch information
Kasarpooja and anmolnagpal authored Nov 20, 2023
1 parent 74ab1db commit 2c5df5e
Show file tree
Hide file tree
Showing 6 changed files with 62 additions and 28 deletions.
2 changes: 1 addition & 1 deletion _example/basic-function/example.tf
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ module "lambda" {
source = "../../"
name = local.name
environment = local.environment
filename = "../../lambda_packages/existing_package.zip"
filename = "../../lambda_packages/index.zip"
handler = "index.lambda_handler"
runtime = "python3.7"
variables = {
Expand Down
4 changes: 2 additions & 2 deletions _example/complete-function/example.tf
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ module "lambda" {
environment = local.environment
create_layers = true
timeout = 60
filename = "../../lambda_packages/existing_package.zip"
filename = "../../lambda_packages/index.zip"
handler = "index.lambda_handler"
runtime = "python3.8"
compatible_architectures = ["arm64"]
Expand All @@ -31,7 +31,7 @@ module "lambda" {
names = [
"python_layer"
]
layer_filenames = ["../../lambda_packages/guardduty_enabler.zip"]
layer_filenames = ["../../lambda_packages/layer.zip"]
compatible_runtimes = [
["python3.8"]
]
Expand Down
14 changes: 14 additions & 0 deletions lambda_packages/layer.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
import os
import json

def lambda_handler(event, context):
json_region = os.environ['AWS_REGION']
return {
"statusCode": 200,
"headers": {
"Content-Type": "application/json"
},
"body": json.dumps({
"Region ": json_region
})
}
33 changes: 9 additions & 24 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -149,33 +149,18 @@ resource "aws_lambda_permission" "default" {
## Terraform module to create Iam role resource on AWS for lambda.
##-----------------------------------------------------------------------------
resource "aws_iam_role" "default" {
count = var.enable && var.create_iam_role ? 1 : 0
name = format("%s-role", module.labels.id)

assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
count = var.enable && var.create_iam_role ? 1 : 0
name = format("%s-testrole", module.labels.id)
assume_role_policy = var.assume_role_policy
}

##-----------------------------------------------------------------------------
## Terraform module to create Iam policy resource on AWS for lambda.
##-----------------------------------------------------------------------------
resource "aws_iam_policy" "default" {
count = var.enable && var.create_iam_role ? 1 : 0
name = format("%s-logging", module.labels.id)
path = "/"
name = format("%s-testlogging", module.labels.id)
path = var.aws_iam_policy_path
description = "IAM policy for logging from a lambda"
policy = data.aws_iam_policy_document.default[0].json
}
Expand Down Expand Up @@ -213,13 +198,13 @@ resource "aws_kms_key" "kms" {

resource "aws_kms_alias" "kms-alias" {
count = var.enable && var.enable_kms ? 1 : 0
name = format("alias/%s-lambda-keys", module.labels.id)
name = format("alias/%s-testlambda-keys", module.labels.id)
target_key_id = aws_kms_key.kms[0].key_id
}

resource "aws_kms_alias" "kms-alias-cloudwatch" {
count = var.enable && var.enable_kms && !var.existing_cloudwatch_log_group ? 1 : 0
name = format("alias/%s-lambda-cloudwatch-keys", module.labels.id)
name = format("alias/%s-testlambda-cloudwatch-keys", module.labels.id)
target_key_id = aws_kms_key.kms[1].key_id
}

Expand Down Expand Up @@ -301,7 +286,7 @@ data "aws_cloudwatch_log_group" "lambda" {

resource "aws_cloudwatch_log_group" "lambda" {
count = var.enable && !var.existing_cloudwatch_log_group ? 1 : 0
name = "/aws/lambda/${module.labels.id}"
name = "/aws/testlambda/${module.labels.id}"
retention_in_days = var.cloudwatch_logs_retention_in_days
kms_key_id = var.enable_kms ? aws_kms_key.kms[1].arn : var.cloudwatch_logs_kms_key_arn
tags = module.labels.tags
Expand All @@ -322,7 +307,7 @@ data "aws_iam_policy_document" "logs" {

resource "aws_iam_policy" "logs" {
count = var.enable && var.create_iam_role && var.attach_cloudwatch_logs_policy ? 1 : 0
name = "aws_lambda-logs"
name = var.aws_iam_policy_logs_name
path = var.policy_path
policy = data.aws_iam_policy_document.logs[0].json
tags = module.labels.tags
Expand Down
5 changes: 5 additions & 0 deletions outputs.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
# Module : Lambda
# Description : Terraform Lambda function module outputs.
output "name" {
value = module.labels.name
description = "The name can identifying your Lambda Function."
}

output "arn" {
value = join("", aws_lambda_function.default[*].arn)
description = "The Amazon Resource Name (ARN) identifying your Lambda Function."
Expand Down
32 changes: 31 additions & 1 deletion variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -412,4 +412,34 @@ variable "policy_path" {
type = string
default = null
description = "Path of policies to that should be added to IAM role for Lambda Function"
}
}

variable "assume_role_policy" {
type = string
description = "assume role policy document in JSON format"
default = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
variable "aws_iam_policy_logs_name" {
type = string
default = "aws_testlambda-logs"
description = "IAM policy name mentioned here"
}
variable "aws_iam_policy_path" {
type = string
default = "/"
description = "IAM policy path default value"
}

0 comments on commit 2c5df5e

Please sign in to comment.