fix: layer-name variable, lambda-function iamrole policyName and modu…

…le example (#35)

.gitignore

@@ -121,7 +121,7 @@ Temporary Items
 *.7z
 *.jar
 *.rar
-*.zip
+# *.zip -- To use zip files for Lambda-Function and its Layers.
 *.gz
 *.tgz
 *.bzip

_example/complete-function/example.tf

@@ -11,41 +11,49 @@ locals {
 ## complete lambda Module Call.
 ##-----------------------------------------------------------------------------
 module "lambda" {
-  source                            = "../../"
-  name                              = local.name
-  environment                       = local.environment
-  create_layers                     = true
-  timeout                           = 60
+  source = "../../"
+
+  name        = local.name
+  environment = local.environment
+
   filename                          = "../../lambda_packages/index.zip" # -- The content of index.py should be present in zip format
   handler                           = "index.lambda_handler"
   runtime                           = "python3.8"
   compatible_architectures          = ["arm64"]
-  cloudwatch_logs_retention_in_days = 7
+  timeout                           = 60
   reserved_concurrent_executions    = 90
-  iam_actions = [
-    "logs:CreateLogStream",
-    "logs:CreateLogGroup",
-    "logs:PutLogEvents"
+  cloudwatch_logs_retention_in_days = 7
 
+  # -- ARNs of Triggers
+  source_arns = [""]
+
+  # -- Lambda-Function IAMRole permission 
+  iam_actions = [
+    "s3:PutObject",
+    "s3:ListBucket",
+    "s3:GetObject",
+    "s3:PutObjectAcl",
+    "ec2:CreateNetworkInterface",
+    "ec2:DescribeNetworkInterfaces",
+    "ec2:DeleteNetworkInterface",
+    "ec2:AssignPrivateIpAddresses",
+    "ec2:UnassignPrivateIpAddresses"
   ]
-  names = [
-    "python_layer"
-  ]
+
+  # -- Lambda Layer
+  create_layers   = true
+  layer_names     = ["python_layer"]
   layer_filenames = ["../../lambda_packages/layer.zip"] # -- The content of layer.py should be present in zip format
   compatible_runtimes = [
-    ["python3.8"]
+    ["python3.8", "python3.10"],
   ]
 
-  statement_ids = [
-    "AllowExecutionFromCloudWatch"
-  ]
-  actions = [
-    "lambda:InvokeFunction"
-  ]
-  principals = [
-    "events.amazonaws.com"
-  ]
-  source_arns = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/alarm-lambda-role"]
+  # -- Resource-based policy statements
+  statement_ids = ["AllowExecutionFromCloudWatch"]
+  actions       = ["lambda:InvokeFunction"]
+  principals    = ["events.amazonaws.com"]
+
+  # -- Environment Variables
   variables = {
     foo = "bar"
   }

_example/complete-function/outputs.tf

@@ -12,6 +12,11 @@ output "arn" {
   description = "The ID of the Hostzone."
 }
 
+output "invoke_arn" {
+  value       = module.lambda.invoke_arn
+  description = "Invoke ARN of lambda function."
+}
+
 output "tags" {
   value       = module.lambda.tags
   description = "A mapping of tags to assign to the resource."

main.tf

@@ -16,8 +16,8 @@ module "labels" {
 ## Lambda Layers allow you to reuse shared bits of code across multiple lambda functions.
 ##-----------------------------------------------------------------------------
 resource "aws_lambda_layer_version" "default" {
-  count                    = var.enable && var.create_layers ? length(var.names) : 0
-  layer_name               = element(var.names, count.index)
+  count                    = var.enable && var.create_layers ? length(var.layer_names) : 0
+  layer_name               = element(var.layer_names, count.index)
   description              = length(var.descriptions) > 0 ? element(var.descriptions, count.index) : ""
   license_info             = length(var.license_infos) > 0 ? element(var.license_infos, count.index) : ""
   filename                 = length(var.layer_filenames) > 0 ? element(var.layer_filenames, count.index) : null
@@ -159,9 +159,9 @@ resource "aws_iam_role" "default" {
 ##-----------------------------------------------------------------------------
 resource "aws_iam_policy" "default" {
   count       = var.enable && var.create_iam_role ? 1 : 0
-  name        = format("%s-logging", module.labels.id)
+  name        = format("%s-additional-permissions", module.labels.id)
   path        = var.aws_iam_policy_path
-  description = "IAM policy for logging from a lambda"
+  description = "Additional permission for ${module.labels.id} Lambda Function IAMRole."
   policy      = data.aws_iam_policy_document.default[0].json
 }
 
@@ -307,7 +307,7 @@ data "aws_iam_policy_document" "logs" {
 
 resource "aws_iam_policy" "logs" {
   count  = var.enable && var.create_iam_role && var.attach_cloudwatch_logs_policy ? 1 : 0
-  name   = format("%s-logs-iam-policy", module.labels.id)
+  name   = format("%s-cloudwatch-logging", module.labels.id)
   path   = var.policy_path
   policy = data.aws_iam_policy_document.logs[0].json
   tags   = module.labels.tags

variables.tf

@@ -93,8 +93,8 @@ variable "memory_size" {
 
 variable "timeout" {
   type        = number
-  default     = 3
-  description = "The amount of time your Lambda Function has to run in seconds. Defaults to 3."
+  default     = 10
+  description = "The amount of time in seconds your Lambda Function will run. Defaults to 3."
 }
 
 variable "runtime" {
@@ -151,7 +151,7 @@ variable "s3_object_versions" {
   description = "The object version containing the function's deployment package. Conflicts with filename."
 }
 
-variable "names" {
+variable "layer_names" {
   type        = list(any)
   default     = []
   description = "A unique name for your Lambda Layer."