terraform-aws-lambda-auto-package
December 8, 2022 ยท View on GitHub
A terraform module to define a lambda function which source files are automatically built and packaged for lambda deployment.
Features
Create a lambda function with the following supports.
- Automatically archive the specified source directory into one zip file for Lambda deployment.
- Invoke a build command before making an archive if specified. This allows installing additional dependencies, for example from requirements.txt, package.json etc.
- Create an IAM role to publish lambda execution logs to CloudWatch Logs.
Usage
module "lambda" {
source = "nozaq/lambda-auto-package/aws"
source_dir = "${path.module}/source"
output_path = "${path.module}/source.zip"
build_triggers = {
requirements = "${base64sha256(file("${path.module}/source/requirements.txt"))}"
execute = "${base64sha256(file("${path.module}/pip.sh"))}"
}
build_command = "${path.module}/pip.sh ${path.module}/source"
iam_role_name_prefix = "example-lambda-role"
function_name = "example-lambda"
handler = "main.handler"
runtime = "python3.7"
environment = {
variables = {
EXAMPLE_VAR = "foobar"
}
}
}
Check examples for non-python examples.
Requirements
| Name | Version |
|---|---|
| terraform | >= 0.15.0 |
| archive | >= 2.2.0 |
| aws | >= 3.50.0 |
| null | >= 3.1.0 |
Providers
| Name | Version |
|---|---|
| archive | >= 2.2.0 |
| aws | >= 3.50.0 |
| null | >= 3.1.0 |
Inputs
| Name | Description | Type | Required |
|---|---|---|---|
| function_name | A unique name for your Lambda Function. | string | yes |
| handler | The function entrypoint in your code. | string | yes |
| output_path | A path to which the source directory is archived before uploading to AWS. | string | yes |
| runtime | The identifier of the function's runtime. | string | yes |
| source_dir | A path to the directory which contains source files. | string | yes |
| allowed_services | A list of AWS Services that are allowed to access this lambda. | list(string) | no |
| build_command | This is the build command to execute. It can be provided as a relative path to the current working directory or as an absolute path. It is evaluated in a shell, and can use environment variables or Terraform variables. | string | no |
| build_triggers | A map of values which should cause the build command to re-run. Values are meant to be interpolated references to variables or attributes of other resources. | map(string) | no |
| dead_letter_config | Nested block to configure the function's dead letter queue. | object({ | no |
| description | Description of what your Lambda Function does. | string | no |
| environment | A map that defines environment variables for the Lambda function. | object({ | no |
| exclude_files | A list of directories or folders to ignore, e.g. exclude_files = ["test", "src/**/*.ts"] | list(string) | no |
| iam_role_name_prefix | The prefix string for the name of IAM role for the lambda function. | string | no |
| kms_key_id | The ARN of the KMS Key to use when encrypting log data. | string | no |
| lambda_kms_key_arn | The ARN of the KMS Key to use when encrypting environment variables. Ignored unless environment is specified. | string | no |
| layers | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | list(string) | no |
| memory_size | Amount of memory in MB your Lambda Function can use at runtime. | number | no |
| permissions_boundary | ARN of the policy that is used to set the permissions boundary for the role. | string | no |
| policy_arns | A list of IAM policy ARNs attached to the lambda function. | list(string) | no |
| publish | Whether to publish creation/change as new Lambda Function Version. | bool | no |
| reserved_concurrent_executions | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. | number | no |
| retention_in_days | Specifies the number of days you want to retain log events in the specified log group. | number | no |
| tags | A mapping of tags to assign to resources. | map(string) | no |
| timeout | The maximum number of seconds the lambda function to run until timeout. | number | no |
| tracing_config | Can be either PassThrough or Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision. | object({ | no |
| vpc_config | Provide this to allow your function to access your VPC. | object({ | no |
Outputs
| Name | Description |
|---|---|
| iam_role | The IAM Role which the lambda function is attached. |
| lambda_function | The lambda function. |