Merge branch 'main' of https://github.com/aws-samples/serverless-patterns

julianwood · julianwood · commit 559d46577b44 · 2025-09-16T10:35:18.000+02:00
diff --git a/apigw-lambda-dynamodb-terraform/.gitignore b/apigw-lambda-dynamodb-terraform/.gitignore
@@ -0,0 +1 @@
+src.zip
diff --git a/apigw-lambda-dynamodb-terraform/main.tf b/apigw-lambda-dynamodb-terraform/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0.0"
+      version = "~> 5.0"
     }
     random = {
       source  = "hashicorp/random"
@@ -56,9 +56,13 @@ resource "aws_s3_bucket" "lambda_bucket" {
   force_destroy = true
 }
 
-resource "aws_s3_bucket_acl" "private_bucket" {
+resource "aws_s3_bucket_public_access_block" "private_bucket" {
   bucket = aws_s3_bucket.lambda_bucket.id
-  acl    = "private"
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
 }
 
 data "archive_file" "lambda_zip" {
@@ -85,7 +89,7 @@ resource "aws_lambda_function" "apigw_lambda_ddb" {
   s3_bucket = aws_s3_bucket.lambda_bucket.id
   s3_key    = aws_s3_object.this.key
 
-  runtime = "python3.8"
+  runtime = "python3.13"
   handler = "app.lambda_handler"
 
   source_code_hash = data.archive_file.lambda_zip.output_base64sha256
@@ -222,4 +226,4 @@ resource "aws_lambda_permission" "api_gw" {
   principal     = "apigateway.amazonaws.com"
 
   source_arn = "${aws_apigatewayv2_api.http_lambda.execution_arn}/*/*"
-}
+}
diff --git a/dynamodb-streams-lambda-terraform/.gitignore b/dynamodb-streams-lambda-terraform/.gitignore
@@ -0,0 +1 @@
+lambda.zip
diff --git a/dynamodb-streams-lambda-terraform/README.md b/dynamodb-streams-lambda-terraform/README.md
@@ -61,7 +61,7 @@ After deployment, add an item to the DynamoDB table. Go to the CloudWatch Logs f
     ```bash
     terraform show
     ```
-    ```
+
 ----
 Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 
diff --git a/dynamodb-streams-lambda-terraform/main.tf b/dynamodb-streams-lambda-terraform/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.27"
+      version = "~> 5.0"
     }
   }
 
@@ -40,7 +40,7 @@ resource "aws_lambda_function" "lambda_dynamodb_stream_handler" {
   source_code_hash = data.archive_file.lambda_zip_file.output_base64sha256
   handler          = "index.handler"
   role             = aws_iam_role.iam_for_lambda.arn
-  runtime          = "nodejs16.x"
+  runtime          = "nodejs22.x"
 }
 
 data "archive_file" "lambda_zip_file" {
diff --git a/dynamodb-streams-lambda-terraform/src/index.js b/dynamodb-streams-lambda-terraform/src/index.js
diff --git a/eventbridge-sns-lambda-terraform/.gitignore b/eventbridge-sns-lambda-terraform/.gitignore
@@ -0,0 +1 @@
+lambda.zip
diff --git a/eventbridge-sns-lambda-terraform/main.tf b/eventbridge-sns-lambda-terraform/main.tf
@@ -6,7 +6,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.27"
+      version = "~> 5.0"
     }
   }
 
@@ -103,15 +103,11 @@ resource "aws_lambda_function" "lambda_function" {
   source_code_hash = data.archive_file.lambda_zip_file.output_base64sha256
   handler          = "app.handler"
   role             = aws_iam_role.lambda_iam_role.arn
-  runtime          = "nodejs16.x"
+  runtime          = "nodejs22.x"
 }
 
-
 resource "aws_iam_role" "lambda_iam_role" {
-  name_prefix         = "LambdaSNSRole-"
-  managed_policy_arns = [
-    data.aws_iam_policy.lambda_basic_execution_role_policy.arn
-  ]
+  name_prefix = "LambdaSNSRole-"
 
   assume_role_policy = <<EOF
 {
@@ -130,6 +126,11 @@ resource "aws_iam_role" "lambda_iam_role" {
 EOF
 }
 
+resource "aws_iam_role_policy_attachment" "lambda_basic_execution" {
+  role       = aws_iam_role.lambda_iam_role.name
+  policy_arn = data.aws_iam_policy.lambda_basic_execution_role_policy.arn
+}
+
 resource "aws_lambda_permission" "with_sns" {
   statement_id  = "AllowExecutionFromSNS"
   action        = "lambda:InvokeFunction"
@@ -138,10 +139,6 @@ resource "aws_lambda_permission" "with_sns" {
   source_arn    = aws_sns_topic.MySNSTopic.arn
 }
 
-
-
-
-
 //---------------------------------------------------------
 // Output
 //---------------------------------------------------------
@@ -160,4 +157,4 @@ output "SNS-Topic-ARN" {
 output "Lambda-function" {
   value       = aws_lambda_function.lambda_function.arn
   description = "TopicSubscriberFunction function name"
-}
+}
diff --git a/eventbridge-sns-lambda-terraform/src/app.js b/eventbridge-sns-lambda-terraform/src/app.js
@@ -2,11 +2,7 @@
  *  SPDX-License-Identifier: MIT-0
  */
 
-const AWS = require('aws-sdk')
-AWS.config.region = process.env.AWS_REGION 
-const sns = new AWS.SNS({apiVersion: '2012-11-05'})
-
 // The Lambda handler
 exports.handler = async (event) => {
   console.log("Hello World !")
-}
+}
diff --git a/lambda-function-url-terraform/.gitignore b/lambda-function-url-terraform/.gitignore
@@ -0,0 +1 @@
+lambda.zip
diff --git a/lambda-function-url-terraform/main.tf b/lambda-function-url-terraform/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.21"
+      version = "~> 5.0"
     }
   }
 
@@ -20,7 +20,7 @@ resource "aws_lambda_function" "lambda_function" {
   source_code_hash = data.archive_file.lambda_zip_file.output_base64sha256
   handler          = "app.handler"
   role             = aws_iam_role.lambda_iam_role.arn
-  runtime          = "nodejs16.x"
+  runtime          = "nodejs22.x"
 }
 
 data "archive_file" "lambda_zip_file" {
@@ -35,7 +35,6 @@ data "aws_iam_policy" "lambda_basic_execution_role_policy" {
 
 resource "aws_iam_role" "lambda_iam_role" {
   name_prefix = "LambdaFunctionRole-"
-  managed_policy_arns = [data.aws_iam_policy.lambda_basic_execution_role_policy.arn]
 
   assume_role_policy = <<EOF
 {
@@ -54,6 +53,11 @@ resource "aws_iam_role" "lambda_iam_role" {
 EOF
 }
 
+resource "aws_iam_role_policy_attachment" "lambda_basic_execution" {
+  role       = aws_iam_role.lambda_iam_role.name
+  policy_arn = data.aws_iam_policy.lambda_basic_execution_role_policy.arn
+}
+
 resource "aws_lambda_function_url" "function_url" {
   function_name      = aws_lambda_function.lambda_function.function_name
   authorization_type = "AWS_IAM"
@@ -71,4 +75,4 @@ output "FunctionARN" {
 output "FunctionUrlEndpoint" {
   value       = aws_lambda_function_url.function_url.function_url
   description = "Lambda function url"
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@ terraform {`
`2`	`2`	`required_providers {`
`3`	`3`	`aws = {`
`4`	`4`	`source = "hashicorp/aws"`
`5`		`- version = "~> 3.27"`
	`5`	`+ version = "~> 5.0"`
`6`	`6`	`}`
`7`	`7`	`}`
`8`	`8`
`@@ -40,7 +40,7 @@ resource "aws_lambda_function" "lambda_dynamodb_stream_handler" {`
`40`	`40`	`source_code_hash = data.archive_file.lambda_zip_file.output_base64sha256`
`41`	`41`	`handler = "index.handler"`
`42`	`42`	`role = aws_iam_role.iam_for_lambda.arn`
`43`		`- runtime = "nodejs16.x"`
	`43`	`+ runtime = "nodejs22.x"`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`data "archive_file" "lambda_zip_file" {`