Creates an AWS Lambda Function.
module "lambda_function" {
source = "dod-iac/lambda-function/aws"
execution_role_name = format(
"app-%s-func-lambda-execution-role-%s",
var.application,
var.environment
)
function_name = format(
"app-%s-func-%s-%s",
var.application,
var.environment,
data.aws_region.current.name
)
function_description = "Function description."
filename = format("../../lambda/%s-func.zip", var.application)
handler = "index.handler"
runtime = "nodejs12.x"
environment_variables = var.environment_variables
tags = {
Application = var.application
Environment = var.environment
Automation = "Terraform"
}
}Use the optional execution_role_policy_document variable to override the IAM policy document for the IAM role.
Use the optional cloudwatch_schedule_expression variable to schedule execution of the Lambda using CloudWatch Events.
Use the optional kms_key_arn variable to encrypt the environment variables with a custom KMS key. Use the dod-iac/lambda-kms-key/aws module to create a KMS key.
Use the optional security_group_ids and subnet_ids variables to run the function within a VPC.
Run all terratest tests using the terratest script. If using aws-vault, you could use aws-vault exec $AWS_PROFILE -- terratest. The AWS_DEFAULT_REGION environment variable is required by the tests. Use TT_SKIP_DESTROY=1 to not destroy the infrastructure created during the tests. Use TT_VERBOSE=1 to log all tests as they are run. Use TT_TIMEOUT to set the timeout for the tests, with the value being in the Go format, e.g., 15m. Use TT_TEST_NAME to run a specific test by name.
Terraform 0.12. Pin module version to ~> 1.0.1 . Submit pull-requests to master branch.
Terraform 0.11 is not supported.
This project constitutes a work of the United States Government and is not subject to domestic copyright protection under 17 USC § 105. However, because the project utilizes code licensed from contributors and other third parties, it therefore is licensed under the MIT License. See LICENSE file for more information.
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| aws | ~> 3.0 |
| Name | Version |
|---|---|
| aws | ~> 3.0 |
No modules.
| Name | Type |
|---|---|
| aws_cloudwatch_event_rule.main | resource |
| aws_cloudwatch_event_target.main | resource |
| aws_iam_policy.execution_role | resource |
| aws_iam_role.execution_role | resource |
| aws_iam_role_policy_attachment.execution_role | resource |
| aws_lambda_event_source_mapping.main | resource |
| aws_lambda_function.main | resource |
| aws_lambda_permission.main | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.execution_role | data source |
| aws_partition.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cloudwatch_rule_description | The description of the CloudWatch Events rule used to schedule the execution of the Lambda. | string |
"" |
no |
| cloudwatch_rule_name | The name of the CloudWatch Events rule used to schedule the execution of the Lambda. Defaults to the name of the Lambda function. | string |
"" |
no |
| cloudwatch_schedule_expression | The cron or rate expression for the CloudWatch Events rule that triggers the execution of the Lambda. If blank, then no execution is scheduled. | string |
"" |
no |
| cloudwatch_target_id | The id of the CloudWatch Events target. Defaults to the name of the Lambda function. | string |
"" |
no |
| environment_variables | A map that defines environment variables for the Lambda function. | map(string) |
{} |
no |
| event_sources | A list of event sources | list(object({ |
[] |
no |
| execution_role_name | n/a | string |
n/a | yes |
| execution_role_policy_document | The contents of the IAM policy attached to the IAM Execution role used by the Lambda. If not defined, then creates the policy with permissions to log to CloudWatch Logs. | string |
"" |
no |
| execution_role_policy_name | The name of the IAM policy attached to the IAM Execution role used by the Lambda. If not defined, then uses the value of "execution_role_name". | string |
"" |
no |
| filename | The path to the function's deployment package within the local filesystem. If defined, the s3_-prefixed options cannot be used. | string |
n/a | yes |
| function_description | Description of what your Lambda Function does. | string |
"" |
no |
| function_name | A unique name for your Lambda Function. | string |
n/a | yes |
| handler | The function entrypoint in your code. | string |
n/a | yes |
| kms_key_arn | The ARN of the KMS key used to encrypt environment variables. | string |
"" |
no |
| layers | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | list(string) |
[] |
no |
| memory_size | Amount of memory in MB your Lambda Function can use at runtime. | number |
128 |
no |
| runtime | The identifier of the function's runtime. | string |
n/a | yes |
| security_group_ids | List of security group IDs associated with the Lambda function. | list(string) |
[] |
no |
| subnet_ids | List of subnet IDs associated with the Lambda function. | list(string) |
[] |
no |
| tags | A mapping of tags to assign to the Lambda Function. | map(string) |
{ |
no |
| timeout | The amount of time your Lambda Function has to run in seconds. | number |
3 |
no |
| Name | Description |
|---|---|
| lambda_execution_role_arn | The Amazon Resource Name (ARN) identifying the IAM Role used to execute this Lambda. |
| lambda_function_arn | The Amazon Resource Name (ARN) identifying your Lambda Function. |
| lambda_function_name | A unique name for your Lambda Function. |
| lambda_function_qualified_arn | The Amazon Resource Name (ARN) identifying your Lambda Function Version. |
| lambda_invoke_arn | The ARN to be used for invoking Lambda Function from API Gateway - to be used in aws_api_gateway_integration's uri. |