From 8900599570d73239ab7298d1c2aa304ce2192327 Mon Sep 17 00:00:00 2001 From: Anthony Castillo Date: Mon, 24 May 2021 09:19:08 -0400 Subject: [PATCH 01/55] add layers parameter to lambda module --- main.tf | 1 + modules/lambda/main.tf | 1 + modules/lambda/variables.tf | 6 ++++++ variables.tf | 6 ++++++ 4 files changed, 14 insertions(+) diff --git a/main.tf b/main.tf index e0f2330..fd8272d 100644 --- a/main.tf +++ b/main.tf @@ -12,6 +12,7 @@ module "lambda" { timeout = var.timeout tags = var.tags vpc_config = var.vpc_config + layers = var.layers } module "event-cloudwatch-scheduled-event" { diff --git a/modules/lambda/main.tf b/modules/lambda/main.tf index 05213c9..e02cf4e 100644 --- a/modules/lambda/main.tf +++ b/modules/lambda/main.tf @@ -17,6 +17,7 @@ resource "aws_lambda_function" "lambda" { source_code_hash = filebase64sha256(var.filename) tags = var.tags timeout = var.timeout + layers = var.layers dynamic "vpc_config" { for_each = length(var.vpc_config) < 1 ? [] : [var.vpc_config] diff --git a/modules/lambda/variables.tf b/modules/lambda/variables.tf index dfca659..8b397e5 100644 --- a/modules/lambda/variables.tf +++ b/modules/lambda/variables.tf @@ -67,3 +67,9 @@ variable "vpc_config" { default = {} } +variable "layers" { + description = "List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See [Lambda Layers](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html)" + type = list(string) + default = [] +} + diff --git a/variables.tf b/variables.tf index 16c8626..4a75816 100644 --- a/variables.tf +++ b/variables.tf @@ -93,3 +93,9 @@ variable "vpc_config" { type = map(list(string)) default = {} } + +variable "layers" { + description = "List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See [Lambda Layers](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html)" + type = list(string) + default = [] +} From 2703e995ec46719adec51b76f33fa1b1efb46932 Mon Sep 17 00:00:00 2001 From: Mike Date: Thu, 27 May 2021 14:38:40 -0400 Subject: [PATCH 02/55] add terraform ignore so lambda aren't recreated every apply taken from https://github.com/RedVentures/terraform-aws-lambda-function --- README.md | 1 + modules/lambda/main.tf | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/README.md b/README.md index 7f56f7d..879b9e2 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,7 @@ Furthermore this module supports: The module can be used for all [runtimes](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html) supported by AWS Lambda (defaults to `go1.x`). In general configure the Lambda function with all required variables and add an (optional) event source (see [variables.tf](https://github.com/spring-media/terraform-aws-lambda/blob/master/variables.tf) for all available options). +The function is configured to ignore any changes to the function code so that it can be updated as part of your deployment process. ``` provider "aws" { diff --git a/modules/lambda/main.tf b/modules/lambda/main.tf index e02cf4e..5262a23 100644 --- a/modules/lambda/main.tf +++ b/modules/lambda/main.tf @@ -26,6 +26,19 @@ resource "aws_lambda_function" "lambda" { subnet_ids = vpc_config.value.subnet_ids } } + + lifecycle { + ignore_changes = [ + filename, + s3_bucket, + s3_key, + s3_object_version, + source_code_hash, + version, + qualified_arn, + last_modified, + ] + } } data "aws_iam_policy_document" "assume_role_policy" { From d3bcb839b288cfd7dcef06b0ec7bec5b330c376f Mon Sep 17 00:00:00 2001 From: Jay Gentile Date: Thu, 24 Jun 2021 14:36:48 -0500 Subject: [PATCH 03/55] fix(sns) add lifecycle ignore to (unused by this submodule) redrive_policy - FP-914 --- modules/event/sns/main.tf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/event/sns/main.tf b/modules/event/sns/main.tf index c0a4e31..6554fd7 100644 --- a/modules/event/sns/main.tf +++ b/modules/event/sns/main.tf @@ -12,4 +12,11 @@ resource "aws_sns_topic_subscription" "subscription" { endpoint = var.endpoint protocol = "lambda" topic_arn = var.topic_arn + + # Note: redrive policy is safe to ignore here because it's unused. + # This only prevents subscriptions created _outside_ of module from + # having _their_ redrive policy overwritten by this module. + lifecycle { + ignore_changes = [redrive_policy] + } } From 9dedb812ceabb19a0a8a9b0e0b222681f3f8edea Mon Sep 17 00:00:00 2001 From: alexmkirk <43383029+alexmkirk@users.noreply.github.com> Date: Mon, 28 Jun 2021 11:03:27 -0400 Subject: [PATCH 04/55] Create CODEOWNERS Adding CODEOWNERS for required approvals --- .github/CODEOWNERS | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .github/CODEOWNERS diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..562ea4a --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,5 @@ +# These owners will be the default owners for everything in +# the repo. Unless a later match takes precedence, +# the owners listed below will be requested for +# review when someone opens a pull request. +* @platform-engineering From e0c696c9af466900bf0f508900b8f096d07c5a33 Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Thu, 17 Mar 2022 15:59:35 -0400 Subject: [PATCH 05/55] add RV vars, remove lambda resources --- main.tf | 31 +++++++++++++++++++++++++------ variables.tf | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 6 deletions(-) diff --git a/main.tf b/main.tf index fd8272d..6d51995 100644 --- a/main.tf +++ b/main.tf @@ -1,11 +1,12 @@ module "lambda" { - source = "./modules/lambda" + source = "app.terraform.io/Bankrate/lambda-function/aws" + version = "~> 3.0.0" # Only pull patch/fix releases description = var.description environment = var.environment filename = var.filename - function_name = var.function_name + #function_name = var.function_name handler = var.handler - memory_size = var.memory_size + #memory_size = var.memory_size publish = var.publish reserved_concurrent_executions = var.reserved_concurrent_executions runtime = var.runtime @@ -13,11 +14,26 @@ module "lambda" { tags = var.tags vpc_config = var.vpc_config layers = var.layers + + # additions from RV standard + name = var.function_name + project = var.project_name + service = var.service + owner = var.owner # || vertical + team_name = var.team_name + resource_allocation = var.resource_allocation + + # bonus points + #create_in_vpc = var.create_in_vpc + #create_default_sg = var.create_default_sg + #enable_newrelic = var.enable_newrelic + #security_groups = concat(var.security_groups, tolist(aws_security_group.lambda_egress.id)) } module "event-cloudwatch-scheduled-event" { source = "./modules/event/cloudwatch-scheduled-event" enable = lookup(var.event, "type", "") == "cloudwatch-scheduled-event" ? true : false + architecture = {} lambda_function_arn = module.lambda.arn schedule_expression = lookup(var.event, "schedule_expression", "") @@ -26,6 +42,7 @@ module "event-cloudwatch-scheduled-event" { module "event-dynamodb" { source = "./modules/event/dynamodb" enable = lookup(var.event, "type", "") == "dynamodb" ? true : false + architecture = {} function_name = module.lambda.function_name iam_role_name = module.lambda.role_name @@ -36,6 +53,7 @@ module "event-dynamodb" { module "event-sns" { source = "./modules/event/sns" enable = lookup(var.event, "type", "") == "sns" ? true : false + architecture = {} endpoint = module.lambda.arn function_name = module.lambda.function_name @@ -45,15 +63,16 @@ module "event-sns" { module "event-s3" { source = "./modules/event/s3" enable = lookup(var.event, "type", "") == "s3" ? true : false + architecture = {} lambda_function_arn = module.lambda.arn s3_bucket_arn = lookup(var.event, "s3_bucket_arn", "") s3_bucket_id = lookup(var.event, "s3_bucket_id", "") } -resource "aws_cloudwatch_log_group" "lambda" { +/* resource "aws_cloudwatch_log_group" "lambda" { name = "/aws/lambda/${module.lambda.function_name}" - retention_in_days = var.log_retention_in_days + retention_in_days = var.log_retention_in_days } resource "aws_lambda_permission" "cloudwatch_logs" { @@ -131,5 +150,5 @@ resource "aws_iam_role_policy_attachment" "kms_policy_attachment" { count = var.kms_key_arn != "" ? 1 : 0 role = module.lambda.role_name policy_arn = aws_iam_policy.kms_policy[count.index].arn -} +} */ diff --git a/variables.tf b/variables.tf index 4a75816..02986d0 100644 --- a/variables.tf +++ b/variables.tf @@ -1,3 +1,27 @@ + +## var scratchpad +## required banking vars (generally provided by workspace) +variable "app_name" { + type = string + description = "describe your variable" +} +variable "environment" { + type = string + description = "describe your variable" +} +## optional vars for RV modules should default but be exposed +variable "resource_allocation" { + type = string + description = "(optional) describe your variable" + default = "low" +} +variable "enable_newrelic" { + type = bool + description = "(optional) describe your variable" + default = false +} + + # --------------------------------------------------------------------------------------------------------------------- # REQUIRED PARAMETERS # You must provide a value for each of these parameters. @@ -15,6 +39,28 @@ variable "handler" { description = "The function entrypoint in your code." } +variable "project" { + description = "Name of the project this falls under." +} + +variable "service" { + description = "Name of the service this is used in." +} + +variable "owner" { + description = "Name of the owner or vertical this belongs to." +} + +variable "team_name" { + description = "Name of the team this belongs to." +} + +variable "resource_allocation" { + description = "Name of the project this falls under." + default = "low" +} + + # --------------------------------------------------------------------------------------------------------------------- # OPTIONAL PARAMETERS # These parameters have reasonable defaults. From d4fad4836fe21269bd8d8d362f4d9cec157baa10 Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Mon, 21 Mar 2022 15:08:03 -0400 Subject: [PATCH 06/55] Turned lambda module in root level main to a resource. Moved vars in. Removed references to SNS. Replaced modules for CW, DDB, S3 with RV Standard module sources --- README.md | 2 - main.tf | 124 +++++++++++++++++++++++++++++++++++++++++++++--------- 2 files changed, 103 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 879b9e2..29136cd 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,6 @@ The following [event sources](https://docs.aws.amazon.com/lambda/latest/dg/invok - [cloudwatch-scheduled-event](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-cloudwatch-scheduled-event): configures a [CloudWatch Event Rule](https://www.terraform.io/docs/providers/aws/r/cloudwatch_event_rule.html) to trigger the Lambda on a regular, scheduled basis - [dynamodb](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-dynamodb-event): configures an [Event Source Mapping](https://www.terraform.io/docs/providers/aws/r/lambda_event_source_mapping.html) to trigger the Lambda by DynamoDb events - [s3](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-s3-event): configures permission to trigger the Lambda by S3 -- [sns](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-sns-event): to trigger Lambda by [SNS Topic Subscription](https://www.terraform.io/docs/providers/aws/r/sns_topic_subscription.html) Furthermore this module supports: @@ -76,7 +75,6 @@ module "lambda" { - [example-with-cloudwatch-scheduled-event](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-cloudwatch-scheduled-event) - [example-with-dynamodb-event-source](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-dynamodb-event) - [example-with-s3-event](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-s3-event) -- [example-with-sns-event](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-sns-event) - [example-with-vpc](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-vpc) - [example-without-event](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-without-event) diff --git a/main.tf b/main.tf index 6d51995..20eb8d3 100644 --- a/main.tf +++ b/main.tf @@ -1,12 +1,9 @@ -module "lambda" { + resource "aws_lambda_function" "lambda" { source = "app.terraform.io/Bankrate/lambda-function/aws" version = "~> 3.0.0" # Only pull patch/fix releases description = var.description - environment = var.environment filename = var.filename - #function_name = var.function_name handler = var.handler - #memory_size = var.memory_size publish = var.publish reserved_concurrent_executions = var.reserved_concurrent_executions runtime = var.runtime @@ -15,6 +12,27 @@ module "lambda" { vpc_config = var.vpc_config layers = var.layers + # Additions from old lambda sub-module + dynamic "environment" { + for_each = length(var.environment) < 1 ? [] : [var.environment] + content { + variables = environment.value.variables + } + } + + function_name = var.function_name + memory_size = var.memory_size + role = aws_iam_role.lambda.arn + source_code_hash = filebase64sha256(var.filename) + + dynamic "vpc_config" { + for_each = length(var.vpc_config) < 1 ? [] : [var.vpc_config] + content { + security_group_ids = vpc_config.value.security_group_ids + subnet_ids = vpc_config.value.subnet_ids + } + } + # additions from RV standard name = var.function_name project = var.project_name @@ -30,6 +48,36 @@ module "lambda" { #security_groups = concat(var.security_groups, tolist(aws_security_group.lambda_egress.id)) } +data "aws_iam_policy_document" "assume_role_policy" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "Service" + identifiers = ["lambda.amazonaws.com"] + } + } +} + +resource "aws_iam_role" "lambda" { + name = var.function_name + assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json +} + +resource "aws_iam_role_policy_attachment" "cloudwatch_logs" { + role = aws_iam_role.lambda.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" +} + +resource "aws_iam_role_policy_attachment" "vpc_attachment" { + count = length(var.vpc_config) < 1 ? 0 : 1 + role = aws_iam_role.lambda.name + + // see https://docs.aws.amazon.com/lambda/latest/dg/vpc.html + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" +} + +/* module "event-cloudwatch-scheduled-event" { source = "./modules/event/cloudwatch-scheduled-event" enable = lookup(var.event, "type", "") == "cloudwatch-scheduled-event" ? true : false @@ -38,7 +86,42 @@ module "event-cloudwatch-scheduled-event" { lambda_function_arn = module.lambda.arn schedule_expression = lookup(var.event, "schedule_expression", "") } +*/ + +module "lambda_cloudwatch_trigger" { + #Github: https://github.com/RedVentures/terraform-aws-lambda-cloudwatch-trigger + source = "app.terraform.io/RVStandard/lambda-cloudwatch-trigger/aws" + version = "~> 4.0" + + lambda_function_arn = module.lambda.arn + schedule_expression = lookup(var.event, "schedule_expression", "") + environment = var.environment + project = var.project_name + owner = var.owner +} + +/* +module "event-s3" { + source = "./modules/event/s3" + enable = lookup(var.event, "type", "") == "s3" ? true : false + architecture = {} + lambda_function_arn = module.lambda.arn + s3_bucket_arn = lookup(var.event, "s3_bucket_arn", "") + s3_bucket_id = lookup(var.event, "s3_bucket_id", "") +} +*/ + +module "lambda_s3_trigger" { + #Github Link: https://github.com/RedVentures/terraform-aws-lambda-s3-trigger + source = "app.terraform.io/RVStandard/lambda-s3-trigger/aws" + version = "~> 1.0" + + bucket_name = lookup(var.event, "s3_bucket_id", "") + lambda_function_arn = module.lambda.arn +} + +/* module "event-dynamodb" { source = "./modules/event/dynamodb" enable = lookup(var.event, "type", "") == "dynamodb" ? true : false @@ -49,7 +132,20 @@ module "event-dynamodb" { stream_event_source_arn = lookup(var.event, "stream_event_source_arn", "") table_name = lookup(var.event, "table_name", "") } +*/ + +module "lambda_event_source" { + #Github: https://github.com/RedVentures/terraform-aws-lambda-event-source + source = "app.terraform.io/RVStandard/lambda-event-source/aws" + version = "~> 2.0" + + lambda_function_arn = module.lambda.arn + lambda_role_name = module.lambda.role_name + event_source_arn = lookup(var.event, "stream_event_source_arn", "") + event_source_type = "dynamodb" +} +/* module "event-sns" { source = "./modules/event/sns" enable = lookup(var.event, "type", "") == "sns" ? true : false @@ -59,18 +155,10 @@ module "event-sns" { function_name = module.lambda.function_name topic_arn = lookup(var.event, "topic_arn", "") } +*/ -module "event-s3" { - source = "./modules/event/s3" - enable = lookup(var.event, "type", "") == "s3" ? true : false - architecture = {} - lambda_function_arn = module.lambda.arn - s3_bucket_arn = lookup(var.event, "s3_bucket_arn", "") - s3_bucket_id = lookup(var.event, "s3_bucket_id", "") -} - -/* resource "aws_cloudwatch_log_group" "lambda" { +resource "aws_cloudwatch_log_group" "lambda" { name = "/aws/lambda/${module.lambda.function_name}" retention_in_days = var.log_retention_in_days } @@ -93,12 +181,6 @@ resource "aws_cloudwatch_log_subscription_filter" "cloudwatch_logs_to_es" { distribution = "ByLogStream" } -data "aws_region" "current" { -} - -data "aws_caller_identity" "current" { -} - data "aws_iam_policy_document" "ssm_policy_document" { count = length(var.ssm_parameter_names) @@ -150,5 +232,5 @@ resource "aws_iam_role_policy_attachment" "kms_policy_attachment" { count = var.kms_key_arn != "" ? 1 : 0 role = module.lambda.role_name policy_arn = aws_iam_policy.kms_policy[count.index].arn -} */ +} From 2f764f875a4571ca765eb4f8fdbed59c0c8f0d8c Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Thu, 24 Mar 2022 12:29:40 -0400 Subject: [PATCH 07/55] change lambda back to module. remove environtment and vpc_config instantiation. remove github links. change trigger module source to bankrate registry --- main.tf | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/main.tf b/main.tf index 20eb8d3..37558c9 100644 --- a/main.tf +++ b/main.tf @@ -1,4 +1,4 @@ - resource "aws_lambda_function" "lambda" { + module "lambda" { source = "app.terraform.io/Bankrate/lambda-function/aws" version = "~> 3.0.0" # Only pull patch/fix releases description = var.description @@ -12,7 +12,16 @@ vpc_config = var.vpc_config layers = var.layers + # additions from RV standard + name = var.function_name + project = var.project_name + service = var.service + owner = var.owner # || vertical + team_name = var.team_name + resource_allocation = var.resource_allocation + # Additions from old lambda sub-module + /* dynamic "environment" { for_each = length(var.environment) < 1 ? [] : [var.environment] content { @@ -32,14 +41,7 @@ subnet_ids = vpc_config.value.subnet_ids } } - - # additions from RV standard - name = var.function_name - project = var.project_name - service = var.service - owner = var.owner # || vertical - team_name = var.team_name - resource_allocation = var.resource_allocation + */ # bonus points #create_in_vpc = var.create_in_vpc @@ -89,8 +91,7 @@ module "event-cloudwatch-scheduled-event" { */ module "lambda_cloudwatch_trigger" { - #Github: https://github.com/RedVentures/terraform-aws-lambda-cloudwatch-trigger - source = "app.terraform.io/RVStandard/lambda-cloudwatch-trigger/aws" + source = "app.terraform.io/bankrate/lambda-cloudwatch-trigger/aws" version = "~> 4.0" lambda_function_arn = module.lambda.arn @@ -113,8 +114,7 @@ module "event-s3" { */ module "lambda_s3_trigger" { - #Github Link: https://github.com/RedVentures/terraform-aws-lambda-s3-trigger - source = "app.terraform.io/RVStandard/lambda-s3-trigger/aws" + source = "app.terraform.io/bankrate/lambda-s3-trigger/aws" version = "~> 1.0" bucket_name = lookup(var.event, "s3_bucket_id", "") @@ -135,8 +135,7 @@ module "event-dynamodb" { */ module "lambda_event_source" { - #Github: https://github.com/RedVentures/terraform-aws-lambda-event-source - source = "app.terraform.io/RVStandard/lambda-event-source/aws" + source = "app.terraform.io/bankrate/lambda-event-source/aws" version = "~> 2.0" lambda_function_arn = module.lambda.arn From e34099da07518b4adfebfc5eb8277a50aa540932 Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Fri, 1 Apr 2022 15:01:33 -0400 Subject: [PATCH 08/55] add architecture struct for triggers --- main.tf | 25 ++++++++++++++++--------- variables.tf | 17 +++++++++++++++++ 2 files changed, 33 insertions(+), 9 deletions(-) diff --git a/main.tf b/main.tf index 37558c9..3b46bef 100644 --- a/main.tf +++ b/main.tf @@ -92,13 +92,20 @@ module "event-cloudwatch-scheduled-event" { module "lambda_cloudwatch_trigger" { source = "app.terraform.io/bankrate/lambda-cloudwatch-trigger/aws" - version = "~> 4.0" + version = "~> 4.0.0" + + # Enablement + architecture = var.architecture + enable = { + enable = var.enable + lambda_function_arn = module.lambda.arn + schedule_expression = lookup(var.event, "schedule_expression", "") + environment = var.environment + project = var.project_name + owner = var.owner + } + - lambda_function_arn = module.lambda.arn - schedule_expression = lookup(var.event, "schedule_expression", "") - environment = var.environment - project = var.project_name - owner = var.owner } /* @@ -115,7 +122,7 @@ module "event-s3" { module "lambda_s3_trigger" { source = "app.terraform.io/bankrate/lambda-s3-trigger/aws" - version = "~> 1.0" + version = "~> 1.0.0" bucket_name = lookup(var.event, "s3_bucket_id", "") lambda_function_arn = module.lambda.arn @@ -134,9 +141,9 @@ module "event-dynamodb" { } */ -module "lambda_event_source" { +module "lambda_ddb_trigger" { source = "app.terraform.io/bankrate/lambda-event-source/aws" - version = "~> 2.0" + version = "~> 2.0.0" lambda_function_arn = module.lambda.arn lambda_role_name = module.lambda.role_name diff --git a/variables.tf b/variables.tf index 02986d0..9b453ab 100644 --- a/variables.tf +++ b/variables.tf @@ -21,6 +21,23 @@ variable "enable_newrelic" { default = false } +# +## Enablement and Architecture Toggles +### +variable architecture { + description = "Triggers are not required. Chose which trigger, if any, to use with lambda. If one is true, all others must be false." + type = object({ + cloudwatch_trigger = bool + s3_trigger = bool + ddb_trigger = bool + }) + + default = { + cloudwatch_trigger = false + s3_trigger = false + ddb_trigger = false + } +} # --------------------------------------------------------------------------------------------------------------------- # REQUIRED PARAMETERS From dc3ffd667df528c5a514581efdaab6c1cedaffd0 Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Fri, 1 Apr 2022 15:09:07 -0400 Subject: [PATCH 09/55] add enable lines to trigger modules --- main.tf | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/main.tf b/main.tf index 3b46bef..0ea8969 100644 --- a/main.tf +++ b/main.tf @@ -95,15 +95,12 @@ module "lambda_cloudwatch_trigger" { version = "~> 4.0.0" # Enablement - architecture = var.architecture - enable = { - enable = var.enable - lambda_function_arn = module.lambda.arn - schedule_expression = lookup(var.event, "schedule_expression", "") - environment = var.environment - project = var.project_name - owner = var.owner - } + enable = var.enable && var.architecture.cloudwatch_trigger + lambda_function_arn = module.lambda.arn + schedule_expression = lookup(var.event, "schedule_expression", "") + environment = var.environment + project = var.project_name + owner = var.owner } @@ -123,6 +120,7 @@ module "event-s3" { module "lambda_s3_trigger" { source = "app.terraform.io/bankrate/lambda-s3-trigger/aws" version = "~> 1.0.0" + enable = var.enable && var.architecture.s3_trigger bucket_name = lookup(var.event, "s3_bucket_id", "") lambda_function_arn = module.lambda.arn @@ -144,6 +142,8 @@ module "event-dynamodb" { module "lambda_ddb_trigger" { source = "app.terraform.io/bankrate/lambda-event-source/aws" version = "~> 2.0.0" + enable = var.enable && var.architecture.ddb_trigger + lambda_function_arn = module.lambda.arn lambda_role_name = module.lambda.role_name From a20574904ee33dbda2c5bdd525430bd7e88a7050 Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Tue, 5 Apr 2022 12:12:54 -0400 Subject: [PATCH 10/55] Applied comments from last commit. Cleaned up naming args, added enable logic in arch struct for eadch trigger. Cleaned up unused code --- main.tf | 103 +++++++-------------------------------------------- variables.tf | 45 ++++++++++++++-------- 2 files changed, 44 insertions(+), 104 deletions(-) diff --git a/main.tf b/main.tf index 0ea8969..7ced1e7 100644 --- a/main.tf +++ b/main.tf @@ -1,6 +1,7 @@ module "lambda" { source = "app.terraform.io/Bankrate/lambda-function/aws" version = "~> 3.0.0" # Only pull patch/fix releases + function_name = var.function_name description = var.description filename = var.filename handler = var.handler @@ -11,37 +12,7 @@ tags = var.tags vpc_config = var.vpc_config layers = var.layers - - # additions from RV standard - name = var.function_name - project = var.project_name - service = var.service - owner = var.owner # || vertical - team_name = var.team_name - resource_allocation = var.resource_allocation - - # Additions from old lambda sub-module - /* - dynamic "environment" { - for_each = length(var.environment) < 1 ? [] : [var.environment] - content { - variables = environment.value.variables - } - } - - function_name = var.function_name - memory_size = var.memory_size - role = aws_iam_role.lambda.arn - source_code_hash = filebase64sha256(var.filename) - - dynamic "vpc_config" { - for_each = length(var.vpc_config) < 1 ? [] : [var.vpc_config] - content { - security_group_ids = vpc_config.value.security_group_ids - subnet_ids = vpc_config.value.subnet_ids - } - } - */ + resource_allocation = var.resource_allocation # bonus points #create_in_vpc = var.create_in_vpc @@ -79,91 +50,45 @@ resource "aws_iam_role_policy_attachment" "vpc_attachment" { policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" } -/* -module "event-cloudwatch-scheduled-event" { - source = "./modules/event/cloudwatch-scheduled-event" - enable = lookup(var.event, "type", "") == "cloudwatch-scheduled-event" ? true : false - architecture = {} - - lambda_function_arn = module.lambda.arn - schedule_expression = lookup(var.event, "schedule_expression", "") -} -*/ - module "lambda_cloudwatch_trigger" { source = "app.terraform.io/bankrate/lambda-cloudwatch-trigger/aws" version = "~> 4.0.0" # Enablement - enable = var.enable && var.architecture.cloudwatch_trigger + enable = var.architecture.cloudwatch_trigger + lambda_function_arn = module.lambda.arn - schedule_expression = lookup(var.event, "schedule_expression", "") + schedule_expression = var.schedule_expression environment = var.environment project = var.project_name owner = var.owner - - -} - -/* -module "event-s3" { - source = "./modules/event/s3" - enable = lookup(var.event, "type", "") == "s3" ? true : false - architecture = {} - - lambda_function_arn = module.lambda.arn - s3_bucket_arn = lookup(var.event, "s3_bucket_arn", "") - s3_bucket_id = lookup(var.event, "s3_bucket_id", "") } -*/ module "lambda_s3_trigger" { source = "app.terraform.io/bankrate/lambda-s3-trigger/aws" version = "~> 1.0.0" - enable = var.enable && var.architecture.s3_trigger - - bucket_name = lookup(var.event, "s3_bucket_id", "") - lambda_function_arn = module.lambda.arn -} -/* -module "event-dynamodb" { - source = "./modules/event/dynamodb" - enable = lookup(var.event, "type", "") == "dynamodb" ? true : false - architecture = {} + # Enablement + enable = var.architecture.s3_trigger - function_name = module.lambda.function_name - iam_role_name = module.lambda.role_name - stream_event_source_arn = lookup(var.event, "stream_event_source_arn", "") - table_name = lookup(var.event, "table_name", "") + bucket_id = var.bucket_id + bucket_arn = var.bucket_arn + lambda_function_arn = module.lambda.arn } -*/ module "lambda_ddb_trigger" { source = "app.terraform.io/bankrate/lambda-event-source/aws" version = "~> 2.0.0" - enable = var.enable && var.architecture.ddb_trigger + # Enablement + enable = var.architecture.ddb_trigger lambda_function_arn = module.lambda.arn lambda_role_name = module.lambda.role_name - event_source_arn = lookup(var.event, "stream_event_source_arn", "") - event_source_type = "dynamodb" + event_source_arn = var.event_source_arn + table_name = var.table_name } -/* -module "event-sns" { - source = "./modules/event/sns" - enable = lookup(var.event, "type", "") == "sns" ? true : false - architecture = {} - - endpoint = module.lambda.arn - function_name = module.lambda.function_name - topic_arn = lookup(var.event, "topic_arn", "") -} -*/ - - resource "aws_cloudwatch_log_group" "lambda" { name = "/aws/lambda/${module.lambda.function_name}" retention_in_days = var.log_retention_in_days diff --git a/variables.tf b/variables.tf index 9b453ab..b130496 100644 --- a/variables.tf +++ b/variables.tf @@ -1,14 +1,3 @@ - -## var scratchpad -## required banking vars (generally provided by workspace) -variable "app_name" { - type = string - description = "describe your variable" -} -variable "environment" { - type = string - description = "describe your variable" -} ## optional vars for RV modules should default but be exposed variable "resource_allocation" { type = string @@ -27,12 +16,14 @@ variable "enable_newrelic" { variable architecture { description = "Triggers are not required. Chose which trigger, if any, to use with lambda. If one is true, all others must be false." type = object({ + no_trigger = bool cloudwatch_trigger = bool s3_trigger = bool ddb_trigger = bool }) default = { + no_trigger = true cloudwatch_trigger = false s3_trigger = false ddb_trigger = false @@ -94,10 +85,34 @@ variable "environment" { default = {} } -variable "event" { - description = "Event source configuration which triggers the Lambda function. Supported events: cloudwatch-scheduled-event, dynamodb, s3, sns" - type = map(string) - default = {} +variable "schedule_expression" { + description = "value" + type = string + default = "rate(1 minute)" +} + +variable "bucket_arn" { + description = "value" + type = string + default = "" +} + +variable "bucket_id" { + description = "value" + type = string + default = "" +} + +variable "event_source_arn" { + description = "value" + type = string + default = "" +} + +variable "table_name" { + description = "value" + type = string + default = "" } variable "kms_key_arn" { From 91099488a67d15ef971a2982be1375263c76c022 Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Wed, 27 Apr 2022 11:25:39 -0400 Subject: [PATCH 11/55] edited vars --- main.tf | 16 ++++++++-------- variables.tf | 9 +-------- 2 files changed, 9 insertions(+), 16 deletions(-) diff --git a/main.tf b/main.tf index 7ced1e7..07c4ec4 100644 --- a/main.tf +++ b/main.tf @@ -1,16 +1,16 @@ module "lambda" { - source = "app.terraform.io/Bankrate/lambda-function/aws" + source = "app.terraform.io/bankrate/lambda-function/aws" version = "~> 3.0.0" # Only pull patch/fix releases - function_name = var.function_name - description = var.description - filename = var.filename + #function_name = var.function_name + #description = var.description + #filename = var.filename handler = var.handler publish = var.publish reserved_concurrent_executions = var.reserved_concurrent_executions runtime = var.runtime timeout = var.timeout tags = var.tags - vpc_config = var.vpc_config + #vpc_config = var.vpc_config layers = var.layers resource_allocation = var.resource_allocation @@ -55,7 +55,7 @@ module "lambda_cloudwatch_trigger" { version = "~> 4.0.0" # Enablement - enable = var.architecture.cloudwatch_trigger + enable = var.enable && lookup(var.architecture, "cloudwatch_trigger", false) lambda_function_arn = module.lambda.arn schedule_expression = var.schedule_expression @@ -69,7 +69,7 @@ module "lambda_s3_trigger" { version = "~> 1.0.0" # Enablement - enable = var.architecture.s3_trigger + enable = var.enable && lookup(var.architecture, "s3_trigger", false) bucket_id = var.bucket_id bucket_arn = var.bucket_arn @@ -81,7 +81,7 @@ module "lambda_ddb_trigger" { version = "~> 2.0.0" # Enablement - enable = var.architecture.ddb_trigger + enable = var.enable && lookup(var.architecture, "ddb_trigger", false) lambda_function_arn = module.lambda.arn lambda_role_name = module.lambda.role_name diff --git a/variables.tf b/variables.tf index b130496..f275524 100644 --- a/variables.tf +++ b/variables.tf @@ -1,9 +1,4 @@ ## optional vars for RV modules should default but be exposed -variable "resource_allocation" { - type = string - description = "(optional) describe your variable" - default = "low" -} variable "enable_newrelic" { type = bool description = "(optional) describe your variable" @@ -14,16 +9,14 @@ variable "enable_newrelic" { ## Enablement and Architecture Toggles ### variable architecture { - description = "Triggers are not required. Chose which trigger, if any, to use with lambda. If one is true, all others must be false." + description = "Triggers are not required. Chose one trigger, if any, to use with lambda. If one is true, all others must be false." type = object({ - no_trigger = bool cloudwatch_trigger = bool s3_trigger = bool ddb_trigger = bool }) default = { - no_trigger = true cloudwatch_trigger = false s3_trigger = false ddb_trigger = false From b09d14a8f5ba56a4542efe0be330e566fd8e438d Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Wed, 27 Apr 2022 13:02:42 -0400 Subject: [PATCH 12/55] fixed many variables, succesfully ran tfplan in example-without-event dir --- .../.terraform.lock.hcl | 21 ++++++ .../example-without-event/.terraform.lock.hcl | 21 ++++++ examples/example-without-event/main.tf | 14 +++- main.tf | 44 +++++------ modules/lambda/README.md | 21 ------ modules/lambda/main.tf | 71 ------------------ modules/lambda/outputs.tf | 20 ----- modules/lambda/variables.tf | 75 ------------------- modules/lambda/versions.tf | 4 - outputs.tf | 4 +- variables.tf | 21 +++++- 11 files changed, 94 insertions(+), 222 deletions(-) create mode 100644 examples/example-with-cloudwatch-scheduled-event/.terraform.lock.hcl create mode 100644 examples/example-without-event/.terraform.lock.hcl delete mode 100644 modules/lambda/README.md delete mode 100644 modules/lambda/main.tf delete mode 100644 modules/lambda/outputs.tf delete mode 100644 modules/lambda/variables.tf delete mode 100644 modules/lambda/versions.tf diff --git a/examples/example-with-cloudwatch-scheduled-event/.terraform.lock.hcl b/examples/example-with-cloudwatch-scheduled-event/.terraform.lock.hcl new file mode 100644 index 0000000..33faa73 --- /dev/null +++ b/examples/example-with-cloudwatch-scheduled-event/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.11.0" + hashes = [ + "h1:CjsO4gz0OBv5KHDm/F2vFxK8dmYmjIo5WwL6X2HkHwQ=", + "zh:3e4634f4babcef402160ffb97f9f37e3e781313ceb7b7858fe4b7fc0e2e33e99", + "zh:3ff647aa88e71419480e3f51a4b40e3b0e2d66482bea97c0b4e75f37aa5ad1f1", + "zh:4680d16fbb85663034dc3677b402e9e78ab1d4040dd80603052817a96ec08911", + "zh:5190d03f43f7ad56dae0a7f0441a0f5b2590f42f6e07a724fe11dd50c42a12e4", + "zh:622426fcdbb927e7c198fe4b890a01a5aa312e462cd82ae1e302186eeac1d071", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:b0b766a835c79f8dd58b93d25df8f37749f33cca2297ac088d402d718baddd9c", + "zh:b293cf26a02992b2167ed3f63711dc01221c4a5e2984b6c7c0c04a6155ab0526", + "zh:ca8e1f5c58fc838edb5fe7528aec3f2fcbaeabf808add0f401aee5073b61f17f", + "zh:e0d2ad2767c0134841d52394d180f8f3315c238949c8d11be39a214630e8d50e", + "zh:ece0d11c35a8537b662287e00af4d27a27eb9558353b133674af90ec11c818d3", + "zh:f7e1cd07ae883d3be01942dc2b0d516b9736a74e6037287ab19f616725c8f7e8", + ] +} diff --git a/examples/example-without-event/.terraform.lock.hcl b/examples/example-without-event/.terraform.lock.hcl new file mode 100644 index 0000000..33faa73 --- /dev/null +++ b/examples/example-without-event/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.11.0" + hashes = [ + "h1:CjsO4gz0OBv5KHDm/F2vFxK8dmYmjIo5WwL6X2HkHwQ=", + "zh:3e4634f4babcef402160ffb97f9f37e3e781313ceb7b7858fe4b7fc0e2e33e99", + "zh:3ff647aa88e71419480e3f51a4b40e3b0e2d66482bea97c0b4e75f37aa5ad1f1", + "zh:4680d16fbb85663034dc3677b402e9e78ab1d4040dd80603052817a96ec08911", + "zh:5190d03f43f7ad56dae0a7f0441a0f5b2590f42f6e07a724fe11dd50c42a12e4", + "zh:622426fcdbb927e7c198fe4b890a01a5aa312e462cd82ae1e302186eeac1d071", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:b0b766a835c79f8dd58b93d25df8f37749f33cca2297ac088d402d718baddd9c", + "zh:b293cf26a02992b2167ed3f63711dc01221c4a5e2984b6c7c0c04a6155ab0526", + "zh:ca8e1f5c58fc838edb5fe7528aec3f2fcbaeabf808add0f401aee5073b61f17f", + "zh:e0d2ad2767c0134841d52394d180f8f3315c238949c8d11be39a214630e8d50e", + "zh:ece0d11c35a8537b662287e00af4d27a27eb9558353b133674af90ec11c818d3", + "zh:f7e1cd07ae883d3be01942dc2b0d516b9736a74e6037287ab19f616725c8f7e8", + ] +} diff --git a/examples/example-without-event/main.tf b/examples/example-without-event/main.tf index f266a79..551e166 100644 --- a/examples/example-without-event/main.tf +++ b/examples/example-without-event/main.tf @@ -1,7 +1,12 @@ provider "aws" { - region = "eu-west-1" + region = "us-east-1" + version = "4.11.0" } +data "aws_region" "current" {} +data "aws_caller_identity" "current"{} + + module "lambda" { source = "../../" description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" @@ -9,4 +14,9 @@ module "lambda" { function_name = "tf-example-go-basic" handler = "example-lambda-func" runtime = "go1.x" -} + service = "example" + project = "example" + environment = "qa" + team_name = "example" + owner = "example" +} diff --git a/main.tf b/main.tf index 07c4ec4..e9b5a54 100644 --- a/main.tf +++ b/main.tf @@ -1,24 +1,18 @@ - module "lambda" { +module "lambda" { source = "app.terraform.io/bankrate/lambda-function/aws" - version = "~> 3.0.0" # Only pull patch/fix releases - #function_name = var.function_name - #description = var.description - #filename = var.filename + version = "~> 4.0.0" handler = var.handler publish = var.publish reserved_concurrent_executions = var.reserved_concurrent_executions runtime = var.runtime timeout = var.timeout tags = var.tags - #vpc_config = var.vpc_config layers = var.layers resource_allocation = var.resource_allocation - - # bonus points - #create_in_vpc = var.create_in_vpc - #create_default_sg = var.create_default_sg - #enable_newrelic = var.enable_newrelic - #security_groups = concat(var.security_groups, tolist(aws_security_group.lambda_egress.id)) + vpc_tag = var.vpc_tag_key_override + name = "dummyvar" + team_name = "dummyvar" + environment = "dummyvar" } data "aws_iam_policy_document" "assume_role_policy" { @@ -32,6 +26,9 @@ data "aws_iam_policy_document" "assume_role_policy" { } } +data "aws_region" "current" {} +data "aws_caller_identity" "current" {} + resource "aws_iam_role" "lambda" { name = var.function_name assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json @@ -60,7 +57,7 @@ module "lambda_cloudwatch_trigger" { lambda_function_arn = module.lambda.arn schedule_expression = var.schedule_expression environment = var.environment - project = var.project_name + project = var.project owner = var.owner } @@ -71,12 +68,11 @@ module "lambda_s3_trigger" { # Enablement enable = var.enable && lookup(var.architecture, "s3_trigger", false) - bucket_id = var.bucket_id - bucket_arn = var.bucket_arn + bucket_name = var.bucket_id lambda_function_arn = module.lambda.arn } -module "lambda_ddb_trigger" { +/*module "lambda_ddb_trigger" { source = "app.terraform.io/bankrate/lambda-event-source/aws" version = "~> 2.0.0" @@ -88,9 +84,9 @@ module "lambda_ddb_trigger" { event_source_arn = var.event_source_arn table_name = var.table_name } - +*/ resource "aws_cloudwatch_log_group" "lambda" { - name = "/aws/lambda/${module.lambda.function_name}" + name = "/aws/lambda/${module.lambda.name}" retention_in_days = var.log_retention_in_days } @@ -129,14 +125,14 @@ data "aws_iam_policy_document" "ssm_policy_document" { resource "aws_iam_policy" "ssm_policy" { count = length(var.ssm_parameter_names) - name = "${module.lambda.function_name}-ssm-${count.index}" - description = "Provides minimum Parameter Store permissions for ${module.lambda.function_name}." + name = "${module.lambda.name}-ssm-${count.index}" + description = "Provides minimum Parameter Store permissions for ${module.lambda.name}." policy = data.aws_iam_policy_document.ssm_policy_document[count.index].json } resource "aws_iam_role_policy_attachment" "ssm_policy_attachment" { count = length(var.ssm_parameter_names) - role = module.lambda.role_name + role = module.lambda.iam_role_name policy_arn = aws_iam_policy.ssm_policy[count.index].arn } @@ -154,14 +150,14 @@ data "aws_iam_policy_document" "kms_policy_document" { resource "aws_iam_policy" "kms_policy" { count = var.kms_key_arn != "" ? 1 : 0 - name = "${module.lambda.function_name}-kms" - description = "Provides minimum KMS permissions for ${module.lambda.function_name}." + name = "${module.lambda.name}-kms" + description = "Provides minimum KMS permissions for ${module.lambda.name}." policy = data.aws_iam_policy_document.kms_policy_document.json } resource "aws_iam_role_policy_attachment" "kms_policy_attachment" { count = var.kms_key_arn != "" ? 1 : 0 - role = module.lambda.role_name + role = module.lambda.iam_role_name policy_arn = aws_iam_policy.kms_policy[count.index].arn } diff --git a/modules/lambda/README.md b/modules/lambda/README.md deleted file mode 100644 index 303135b..0000000 --- a/modules/lambda/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# Lambda Module - -Terraform module to create AWS [Lambda](https://www.terraform.io/docs/providers/aws/r/lambda_function.html) resources with IAM role configuration and VPC support. - -## How to use this module - -Configure the Lambda function with all required variables: - -``` -provider "aws" { - region = "eu-west-1" -} - -module "lambda" { - source = "spring-media/lambda/aws//modules/lambda" - filename = "my-package.zip" - function_name = "my-function" - handler = "my-handler" - runtime = "go1.x" -} -``` diff --git a/modules/lambda/main.tf b/modules/lambda/main.tf deleted file mode 100644 index 5262a23..0000000 --- a/modules/lambda/main.tf +++ /dev/null @@ -1,71 +0,0 @@ -resource "aws_lambda_function" "lambda" { - description = var.description - dynamic "environment" { - for_each = length(var.environment) < 1 ? [] : [var.environment] - content { - variables = environment.value.variables - } - } - filename = var.filename - function_name = var.function_name - handler = var.handler - memory_size = var.memory_size - publish = var.publish - reserved_concurrent_executions = var.reserved_concurrent_executions - role = aws_iam_role.lambda.arn - runtime = var.runtime - source_code_hash = filebase64sha256(var.filename) - tags = var.tags - timeout = var.timeout - layers = var.layers - - dynamic "vpc_config" { - for_each = length(var.vpc_config) < 1 ? [] : [var.vpc_config] - content { - security_group_ids = vpc_config.value.security_group_ids - subnet_ids = vpc_config.value.subnet_ids - } - } - - lifecycle { - ignore_changes = [ - filename, - s3_bucket, - s3_key, - s3_object_version, - source_code_hash, - version, - qualified_arn, - last_modified, - ] - } -} - -data "aws_iam_policy_document" "assume_role_policy" { - statement { - actions = ["sts:AssumeRole"] - - principals { - type = "Service" - identifiers = ["lambda.amazonaws.com"] - } - } -} - -resource "aws_iam_role" "lambda" { - name = var.function_name - assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json -} - -resource "aws_iam_role_policy_attachment" "cloudwatch_logs" { - role = aws_iam_role.lambda.name - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" -} - -resource "aws_iam_role_policy_attachment" "vpc_attachment" { - count = length(var.vpc_config) < 1 ? 0 : 1 - role = aws_iam_role.lambda.name - - // see https://docs.aws.amazon.com/lambda/latest/dg/vpc.html - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" -} diff --git a/modules/lambda/outputs.tf b/modules/lambda/outputs.tf deleted file mode 100644 index d27f64b..0000000 --- a/modules/lambda/outputs.tf +++ /dev/null @@ -1,20 +0,0 @@ -output "arn" { - description = "The Amazon Resource Name (ARN) identifying your Lambda Function." - value = aws_lambda_function.lambda.arn -} - -output "function_name" { - description = "The unique name of your Lambda Function." - value = aws_lambda_function.lambda.function_name -} - -output "invoke_arn" { - description = "The ARN to be used for invoking Lambda Function from API Gateway - to be used in aws_api_gateway_integration's uri" - value = aws_lambda_function.lambda.invoke_arn -} - -output "role_name" { - description = "The name of the IAM attached to the Lambda Function." - value = aws_iam_role.lambda.name -} - diff --git a/modules/lambda/variables.tf b/modules/lambda/variables.tf deleted file mode 100644 index 8b397e5..0000000 --- a/modules/lambda/variables.tf +++ /dev/null @@ -1,75 +0,0 @@ -# --------------------------------------------------------------------------------------------------------------------- -# REQUIRED PARAMETERS -# You must provide a value for each of these parameters. -# --------------------------------------------------------------------------------------------------------------------- - -variable "filename" { - description = "The path to the function's deployment package within the local filesystem." -} - -variable "function_name" { - description = "A unique name for your Lambda Function." -} - -variable "handler" { - description = "The function entrypoint in your code." -} - -variable "runtime" { - description = "The runtime environment for the Lambda function you are uploading." -} - -# --------------------------------------------------------------------------------------------------------------------- -# OPTIONAL PARAMETERS -# These parameters have reasonable defaults. -# --------------------------------------------------------------------------------------------------------------------- - -variable "description" { - description = "Description of what your Lambda Function does." - default = "" -} - -variable "environment" { - description = "Environment (e.g. env variables) configuration for the Lambda function enable you to dynamically pass settings to your function code and libraries" - type = map(map(string)) - default = {} -} - -variable "memory_size" { - description = "Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128." - default = 128 -} - -variable "publish" { - description = "Whether to publish creation/change as new Lambda Function Version. Defaults to false." - default = false -} - -variable "reserved_concurrent_executions" { - description = "The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1." - default = "-1" -} - -variable "tags" { - description = "A mapping of tags to assign to the Lambda function." - type = map(string) - default = {} -} - -variable "timeout" { - description = "The amount of time your Lambda Function has to run in seconds. Defaults to 3." - default = 3 -} - -variable "vpc_config" { - description = "Provide this to allow your function to access your VPC (if both 'subnet_ids' and 'security_group_ids' are empty then vpc_config is considered to be empty or unset, see https://docs.aws.amazon.com/lambda/latest/dg/vpc.html for details)." - type = map(list(string)) - default = {} -} - -variable "layers" { - description = "List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See [Lambda Layers](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html)" - type = list(string) - default = [] -} - diff --git a/modules/lambda/versions.tf b/modules/lambda/versions.tf deleted file mode 100644 index ac97c6a..0000000 --- a/modules/lambda/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} diff --git a/outputs.tf b/outputs.tf index 8eff1b9..e777b73 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,4 +1,5 @@ -output "arn" { + +/*output "arn" { description = "The Amazon Resource Name (ARN) identifying your Lambda Function." value = module.lambda.arn } @@ -18,3 +19,4 @@ output "role_name" { value = module.lambda.role_name } +*/ \ No newline at end of file diff --git a/variables.tf b/variables.tf index f275524..4a07ccf 100644 --- a/variables.tf +++ b/variables.tf @@ -8,6 +8,11 @@ variable "enable_newrelic" { # ## Enablement and Architecture Toggles ### +variable "enable" { + description = "is a trigger enables true or false" + type = bool + default = true +} variable architecture { description = "Triggers are not required. Chose one trigger, if any, to use with lambda. If one is true, all others must be false." type = object({ @@ -61,7 +66,11 @@ variable "resource_allocation" { default = "low" } - +variable "vpc_tag_key_override" { + description = "override of vpc tag" + type = string + default = "PrimaryVPC" +} # --------------------------------------------------------------------------------------------------------------------- # OPTIONAL PARAMETERS # These parameters have reasonable defaults. @@ -73,11 +82,15 @@ variable "description" { } variable "environment" { - description = "Environment (e.g. env variables) configuration for the Lambda function enable you to dynamically pass settings to your function code and libraries" - type = map(map(string)) - default = {} + description = "Environment for the resouces" + type = string } +variable "env_vars" { + description = "Environment variables in map(map(string))" + type = map(map(string)) + default = {} +} variable "schedule_expression" { description = "value" type = string From 20befb7492b13d4c13b0acc3de49b45a4a9f7aff Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Wed, 27 Apr 2022 14:45:28 -0400 Subject: [PATCH 13/55] fix example-with-cloudwatch --- .../main.tf | 28 +++++++++++-------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/examples/example-with-cloudwatch-scheduled-event/main.tf b/examples/example-with-cloudwatch-scheduled-event/main.tf index b15a220..2b0e2be 100644 --- a/examples/example-with-cloudwatch-scheduled-event/main.tf +++ b/examples/example-with-cloudwatch-scheduled-event/main.tf @@ -1,7 +1,12 @@ provider "aws" { - region = "eu-west-1" + region = "us-east-1" + version = "4.11.0" } +data "aws_region" "current" {} +data "aws_caller_identity" "current"{} + + module "lambda" { source = "../../" description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" @@ -9,19 +14,20 @@ module "lambda" { function_name = "tf-example-go-basic" handler = "example-lambda-func" runtime = "go1.x" - - event = { - type = "cloudwatch-scheduled-event" - schedule_expression = "rate(1 minute)" + service = "example" + project = "example" + environment = "qa" + team_name = "example" + owner = "example" + schedule_expression = "rate(1 minute)" + architecture = { + cloudwatch_trigger = true + s3_trigger = false + ddb_trigger = false } + tags = { key = "value" } - - environment = { - variables = { - key = "value" - } - } } From 2546f4cbfebc9b6365016a12c10d256730bc7b25 Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Wed, 27 Apr 2022 14:56:13 -0400 Subject: [PATCH 14/55] fixed example-with-s3 --- .../example-with-s3-event/.terraform.lock.hcl | 21 ++++++++++++ examples/example-with-s3-event/main.tf | 32 ++++++++++++------- 2 files changed, 41 insertions(+), 12 deletions(-) create mode 100644 examples/example-with-s3-event/.terraform.lock.hcl diff --git a/examples/example-with-s3-event/.terraform.lock.hcl b/examples/example-with-s3-event/.terraform.lock.hcl new file mode 100644 index 0000000..33faa73 --- /dev/null +++ b/examples/example-with-s3-event/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.11.0" + hashes = [ + "h1:CjsO4gz0OBv5KHDm/F2vFxK8dmYmjIo5WwL6X2HkHwQ=", + "zh:3e4634f4babcef402160ffb97f9f37e3e781313ceb7b7858fe4b7fc0e2e33e99", + "zh:3ff647aa88e71419480e3f51a4b40e3b0e2d66482bea97c0b4e75f37aa5ad1f1", + "zh:4680d16fbb85663034dc3677b402e9e78ab1d4040dd80603052817a96ec08911", + "zh:5190d03f43f7ad56dae0a7f0441a0f5b2590f42f6e07a724fe11dd50c42a12e4", + "zh:622426fcdbb927e7c198fe4b890a01a5aa312e462cd82ae1e302186eeac1d071", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:b0b766a835c79f8dd58b93d25df8f37749f33cca2297ac088d402d718baddd9c", + "zh:b293cf26a02992b2167ed3f63711dc01221c4a5e2984b6c7c0c04a6155ab0526", + "zh:ca8e1f5c58fc838edb5fe7528aec3f2fcbaeabf808add0f401aee5073b61f17f", + "zh:e0d2ad2767c0134841d52394d180f8f3315c238949c8d11be39a214630e8d50e", + "zh:ece0d11c35a8537b662287e00af4d27a27eb9558353b133674af90ec11c818d3", + "zh:f7e1cd07ae883d3be01942dc2b0d516b9736a74e6037287ab19f616725c8f7e8", + ] +} diff --git a/examples/example-with-s3-event/main.tf b/examples/example-with-s3-event/main.tf index fa48f91..0c7743e 100644 --- a/examples/example-with-s3-event/main.tf +++ b/examples/example-with-s3-event/main.tf @@ -1,7 +1,11 @@ provider "aws" { - region = "eu-west-1" + region = "us-east-1" + version = "4.11.0" } +data "aws_region" "current" {} +data "aws_caller_identity" "current"{} + resource "aws_s3_bucket_notification" "bucket_notification" { bucket = "bucketname" @@ -13,26 +17,30 @@ resource "aws_s3_bucket_notification" "bucket_notification" { module "lambda" { source = "../../" - description = "Example AWS Lambda using go with S3 trigger" + description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" filename = "${path.module}/test_function.zip" - function_name = "tf-example-go-s3" + function_name = "tf-example-go-basic" handler = "example-lambda-func" runtime = "go1.x" + service = "example" + project = "example" + environment = "qa" + team_name = "example" + owner = "example" - event = { - type = "s3" - s3_bucket_arn = "arn:aws:s3:::bucketname" - s3_bucket_id = "bucketname" + architecture = { + cloudwatch_trigger = false + s3_trigger = true + ddb_trigger = false } + bucket_arn = "arn:aws:s3:::bucketname" + bucket_id = "bucketname" tags = { key = "value" } - environment = { - variables = { - key = "value" - } - } + + } From 8014090a09f5508cc08a4c5006bb41d8fd1a3624 Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Wed, 27 Apr 2022 15:16:20 -0400 Subject: [PATCH 15/55] fixed example-with-dynamodb --- examples/example-with-s3-event/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/example-with-s3-event/main.tf b/examples/example-with-s3-event/main.tf index 0c7743e..a4736b0 100644 --- a/examples/example-with-s3-event/main.tf +++ b/examples/example-with-s3-event/main.tf @@ -17,7 +17,7 @@ resource "aws_s3_bucket_notification" "bucket_notification" { module "lambda" { source = "../../" - description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" + description = "Example AWS Lambda using go with s3 event trigger" filename = "${path.module}/test_function.zip" function_name = "tf-example-go-basic" handler = "example-lambda-func" From adc1a58ec2c097a1c15c56be063f462789cc5d5d Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Wed, 27 Apr 2022 15:18:43 -0400 Subject: [PATCH 16/55] missed commiting these file due to pathing --- .../main.tf | 4 +-- examples/example-with-dynamodb-event/main.tf | 36 +++++++++++-------- main.tf | 16 ++++----- outputs.tf | 4 +-- 4 files changed, 34 insertions(+), 26 deletions(-) diff --git a/examples/example-with-cloudwatch-scheduled-event/main.tf b/examples/example-with-cloudwatch-scheduled-event/main.tf index 2b0e2be..34b8204 100644 --- a/examples/example-with-cloudwatch-scheduled-event/main.tf +++ b/examples/example-with-cloudwatch-scheduled-event/main.tf @@ -19,13 +19,13 @@ module "lambda" { environment = "qa" team_name = "example" owner = "example" - schedule_expression = "rate(1 minute)" + architecture = { cloudwatch_trigger = true s3_trigger = false ddb_trigger = false } - + schedule_expression = "rate(1 minute)" tags = { key = "value" diff --git a/examples/example-with-dynamodb-event/main.tf b/examples/example-with-dynamodb-event/main.tf index bfc093c..ff147c2 100644 --- a/examples/example-with-dynamodb-event/main.tf +++ b/examples/example-with-dynamodb-event/main.tf @@ -1,25 +1,33 @@ provider "aws" { - region = "eu-west-1" + region = "us-east-1" + version = "4.11.0" } +data "aws_region" "current" {} +data "aws_caller_identity" "current"{} + module "lambda" { source = "../../" + description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" filename = "${path.module}/test_function.zip" - function_name = "my-function" - handler = "my-handler" + function_name = "tf-example-go-basic" + handler = "example-lambda-func" + runtime = "go1.x" + service = "example" + project = "example" + environment = var.workspace + team_name = "example" + owner = "example" - event = { - type = "dynamodb" - stream_event_source_arn = "arn:aws:dynamodb:eu-west-1:647379381847:table/some-table/stream/some-identifier" - table_name = "some-table" + architecture = { + cloudwatch_trigger = false + s3_trigger = false + ddb_trigger = true } - - # optionally configure Parameter Store access with decryption - ssm_parameter_names = ["some/config/root/*"] - kms_key_arn = "arn:aws:kms:eu-west-1:647379381847:key/f79f2b-04684-4ad9-f9de8a-79d72f" - - # optionally create a log subscription for streaming log events - logfilter_destination_arn = "arn:aws:lambda:eu-west-1:647379381847:function:cloudwatch_logs_to_es_production" + name = var.name + project_name = var.project + hash_key = "id" + stream_enabled = true tags = { key = "value" diff --git a/main.tf b/main.tf index e9b5a54..07ba53b 100644 --- a/main.tf +++ b/main.tf @@ -10,9 +10,9 @@ module "lambda" { layers = var.layers resource_allocation = var.resource_allocation vpc_tag = var.vpc_tag_key_override - name = "dummyvar" - team_name = "dummyvar" - environment = "dummyvar" + name = "" + team_name = "" + environment = "qa" } data "aws_iam_policy_document" "assume_role_policy" { @@ -72,19 +72,19 @@ module "lambda_s3_trigger" { lambda_function_arn = module.lambda.arn } -/*module "lambda_ddb_trigger" { +module "lambda_ddb_trigger" { source = "app.terraform.io/bankrate/lambda-event-source/aws" - version = "~> 2.0.0" + version = "2.3.0" # Enablement enable = var.enable && lookup(var.architecture, "ddb_trigger", false) lambda_function_arn = module.lambda.arn - lambda_role_name = module.lambda.role_name + lambda_role_name = module.lambda.iam_role_name event_source_arn = var.event_source_arn - table_name = var.table_name + event_source_type = "dynamodb" } -*/ + resource "aws_cloudwatch_log_group" "lambda" { name = "/aws/lambda/${module.lambda.name}" retention_in_days = var.log_retention_in_days diff --git a/outputs.tf b/outputs.tf index e777b73..db02629 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,9 +1,9 @@ -/*output "arn" { +output "arn" { description = "The Amazon Resource Name (ARN) identifying your Lambda Function." value = module.lambda.arn } - +/* output "function_name" { description = "The unique name of your Lambda Function." value = module.lambda.function_name From 15e2eb4fd4decc171a7b64c42ebd2b182648a802 Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Wed, 27 Apr 2022 15:57:57 -0400 Subject: [PATCH 17/55] fixed example-with-vpc --- examples/example-with-sns-event/README.md | 24 --------- examples/example-with-sns-event/main.tf | 28 ---------- .../example-with-sns-event/test_function.zip | 0 examples/example-with-sns-event/versions.tf | 4 -- examples/example-with-vpc/.terraform.lock.hcl | 21 ++++++++ examples/example-with-vpc/main.tf | 51 +++++++++++++------ main.tf | 15 ++---- variables.tf | 19 +++++-- 8 files changed, 75 insertions(+), 87 deletions(-) delete mode 100644 examples/example-with-sns-event/README.md delete mode 100644 examples/example-with-sns-event/main.tf delete mode 100644 examples/example-with-sns-event/test_function.zip delete mode 100644 examples/example-with-sns-event/versions.tf create mode 100644 examples/example-with-vpc/.terraform.lock.hcl diff --git a/examples/example-with-sns-event/README.md b/examples/example-with-sns-event/README.md deleted file mode 100644 index ffabcad..0000000 --- a/examples/example-with-sns-event/README.md +++ /dev/null @@ -1,24 +0,0 @@ -# Example with SNS event - -Creates an AWS Lambda function subscribed to a SNS topic. - -## requirements - -- [Terraform 0.12+](https://www.terraform.io/) -- authentication configuration for the [aws provider](https://www.terraform.io/docs/providers/aws/) - -## usage - -``` -terraform init -terraform plan -``` - -## bootstrap with func - -In case you are using [go](https://golang.org/) for developing your Lambda functions, you can also use [func](https://github.com/spring-media/func) to bootstrap your project and get started quickly: - -``` -$ func new example-with-sns -e sns -$ cd example-with-sns && make init package plan -``` diff --git a/examples/example-with-sns-event/main.tf b/examples/example-with-sns-event/main.tf deleted file mode 100644 index 748a002..0000000 --- a/examples/example-with-sns-event/main.tf +++ /dev/null @@ -1,28 +0,0 @@ -provider "aws" { - region = "eu-west-1" -} - -module "lambda" { - source = "../../" - description = "Example AWS Lambda using go with sns trigger" - filename = "${path.module}/test_function.zip" - function_name = "tf-example-go-sns" - handler = "example-lambda-func" - runtime = "go1.x" - - event = { - type = "sns" - topic_arn = "arn:aws:sns:eu-west-1:123456789123:test-topic" - } - - tags = { - key = "value" - } - - environment = { - variables = { - key = "value" - } - } -} - diff --git a/examples/example-with-sns-event/test_function.zip b/examples/example-with-sns-event/test_function.zip deleted file mode 100644 index e69de29..0000000 diff --git a/examples/example-with-sns-event/versions.tf b/examples/example-with-sns-event/versions.tf deleted file mode 100644 index ac97c6a..0000000 --- a/examples/example-with-sns-event/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} diff --git a/examples/example-with-vpc/.terraform.lock.hcl b/examples/example-with-vpc/.terraform.lock.hcl new file mode 100644 index 0000000..33faa73 --- /dev/null +++ b/examples/example-with-vpc/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.11.0" + hashes = [ + "h1:CjsO4gz0OBv5KHDm/F2vFxK8dmYmjIo5WwL6X2HkHwQ=", + "zh:3e4634f4babcef402160ffb97f9f37e3e781313ceb7b7858fe4b7fc0e2e33e99", + "zh:3ff647aa88e71419480e3f51a4b40e3b0e2d66482bea97c0b4e75f37aa5ad1f1", + "zh:4680d16fbb85663034dc3677b402e9e78ab1d4040dd80603052817a96ec08911", + "zh:5190d03f43f7ad56dae0a7f0441a0f5b2590f42f6e07a724fe11dd50c42a12e4", + "zh:622426fcdbb927e7c198fe4b890a01a5aa312e462cd82ae1e302186eeac1d071", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:b0b766a835c79f8dd58b93d25df8f37749f33cca2297ac088d402d718baddd9c", + "zh:b293cf26a02992b2167ed3f63711dc01221c4a5e2984b6c7c0c04a6155ab0526", + "zh:ca8e1f5c58fc838edb5fe7528aec3f2fcbaeabf808add0f401aee5073b61f17f", + "zh:e0d2ad2767c0134841d52394d180f8f3315c238949c8d11be39a214630e8d50e", + "zh:ece0d11c35a8537b662287e00af4d27a27eb9558353b133674af90ec11c818d3", + "zh:f7e1cd07ae883d3be01942dc2b0d516b9736a74e6037287ab19f616725c8f7e8", + ] +} diff --git a/examples/example-with-vpc/main.tf b/examples/example-with-vpc/main.tf index 4302a31..52ea2c2 100644 --- a/examples/example-with-vpc/main.tf +++ b/examples/example-with-vpc/main.tf @@ -1,33 +1,52 @@ provider "aws" { - region = "eu-west-1" + region = "us-east-1" + version = "4.11.0" +} + +data "aws_region" "current" {} +data "aws_caller_identity" "current"{} + +resource "aws_security_group" "lambda_egress" { + name = "lambda-egress-qa" + description = "Allow egress from Lambda functions" + vpc_id = "PrimaryVPC" +} + +resource "aws_security_group_rule" "lambda_egress" { + type = "egress" + from_port = 0 + to_port = 0 + protocol = "-1" + + security_group_id = aws_security_group.lambda_egress.id + cidr_blocks = ["0.0.0.0/0"] } module "lambda" { source = "../../" description = "Example AWS Lambda inside a VPC using go with cloudwatch scheduled event trigger" filename = "${path.module}/test_function.zip" - function_name = "tf-example-go-basic-vpc" + function_name = "tf-example-go-basic" handler = "example-lambda-func" runtime = "go1.x" + service = "example" + project = "example" + environment = "qa" + team_name = "example" + owner = "example" - vpc_config = { - subnet_ids = ["subnet-123456", "subnet-123457"] - security_group_ids = ["sg-123456"] - } - - event = { - type = "cloudwatch-scheduled-event" - schedule_expression = "rate(1 minute)" + architecture = { + cloudwatch_trigger = true + s3_trigger = false + ddb_trigger = false } + schedule_expression = "rate(1 minute)" + create_in_vpc = true + create_default_sg = false + security_groups = [aws_security_group.lambda_egress.id] tags = { key = "value" } - - environment = { - variables = { - key = "value" - } - } } diff --git a/main.tf b/main.tf index 07ba53b..bcbb4fa 100644 --- a/main.tf +++ b/main.tf @@ -10,9 +10,10 @@ module "lambda" { layers = var.layers resource_allocation = var.resource_allocation vpc_tag = var.vpc_tag_key_override - name = "" - team_name = "" - environment = "qa" + name = var.function_name + team_name = var.team_name + environment = var.environment + } data "aws_iam_policy_document" "assume_role_policy" { @@ -39,14 +40,6 @@ resource "aws_iam_role_policy_attachment" "cloudwatch_logs" { policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" } -resource "aws_iam_role_policy_attachment" "vpc_attachment" { - count = length(var.vpc_config) < 1 ? 0 : 1 - role = aws_iam_role.lambda.name - - // see https://docs.aws.amazon.com/lambda/latest/dg/vpc.html - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" -} - module "lambda_cloudwatch_trigger" { source = "app.terraform.io/bankrate/lambda-cloudwatch-trigger/aws" version = "~> 4.0.0" diff --git a/variables.tf b/variables.tf index 4a07ccf..7101615 100644 --- a/variables.tf +++ b/variables.tf @@ -172,10 +172,21 @@ variable "timeout" { default = 3 } -variable "vpc_config" { - description = "Provide this to allow your function to access your VPC (if both 'subnet_ids' and 'security_group_ids' are empty then vpc_config is considered to be empty or unset, see https://docs.aws.amazon.com/lambda/latest/dg/vpc.html for details)." - type = map(list(string)) - default = {} +variable "create_in_vpc" { + description = "By default this is set to true. If you don't want to create the lambda in a VPC then this should be set to false" + type = bool + default = true +} + +variable "create_default_sg" { + description = "By default creates a security group that's unique to your lambda, meaning that every lambda you create with this module will use its own set of ENIs" + type = bool + default = false +} +variable "security_groups" { + description = "security groups" + type = list(string) + default = [] } variable "layers" { From 584624dec03b58dd7bdbd5976d87e5e7b941a70b Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Mon, 2 May 2022 13:29:59 -0400 Subject: [PATCH 18/55] removed modules/ subdir. reduced usage of function_name variable to just name --- .terraform.lock.hcl | 21 ++++++++++ main.tf | 4 +- .../event/cloudwatch-scheduled-event/main.tf | 20 --------- .../cloudwatch-scheduled-event/variables.tf | 14 ------- .../cloudwatch-scheduled-event/versions.tf | 4 -- modules/event/dynamodb/main.tf | 41 ------------------- modules/event/dynamodb/variables.tf | 31 -------------- modules/event/dynamodb/versions.tf | 4 -- modules/event/s3/main.tf | 8 ---- modules/event/s3/variables.tf | 27 ------------ modules/event/s3/versions.tf | 4 -- modules/event/sns/main.tf | 22 ---------- modules/event/sns/variables.tf | 18 -------- modules/event/sns/versions.tf | 4 -- 14 files changed, 23 insertions(+), 199 deletions(-) create mode 100644 .terraform.lock.hcl delete mode 100644 modules/event/cloudwatch-scheduled-event/main.tf delete mode 100644 modules/event/cloudwatch-scheduled-event/variables.tf delete mode 100644 modules/event/cloudwatch-scheduled-event/versions.tf delete mode 100644 modules/event/dynamodb/main.tf delete mode 100644 modules/event/dynamodb/variables.tf delete mode 100644 modules/event/dynamodb/versions.tf delete mode 100644 modules/event/s3/main.tf delete mode 100644 modules/event/s3/variables.tf delete mode 100644 modules/event/s3/versions.tf delete mode 100644 modules/event/sns/main.tf delete mode 100644 modules/event/sns/variables.tf delete mode 100644 modules/event/sns/versions.tf diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl new file mode 100644 index 0000000..1489342 --- /dev/null +++ b/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.12.1" + hashes = [ + "h1:o9VATFhsl7QFfQQ6M0zL5VIZlq+8xHooKGpv/11DK9w=", + "zh:2b432dc3bf7e0987bf9dcad5d397c384890d12fcd95827bc4581ca2955fc623a", + "zh:2f79a448a4e5ad24a706ab634078d0ef159be3278eb24988b7d2185173f5dd8f", + "zh:5d70074c10cefb30d4104af54f912e58ffa1b6871277b0a5324c8f13000f5009", + "zh:63623743fb15d54787a96c9761b97a935ff396672e625730cb7a5c1971acf4b6", + "zh:8263f376e6db684667c10e28df8d8d188e02fd09ad58e1ad7075e363c389e24c", + "zh:8b5aa9fd1ddf1de0ab7d462891123405e5af04d7e4d1e4b03381634b3cae4884", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:d00b2d0b374ab92e934eb597668c5f3e415c4cf8335e6a52ab99949b8fcf57dd", + "zh:d0e037725aced6cacc2e0a1903b31083c64f8765fb1263e4f8f891745266b7fb", + "zh:e6e244123bc1df109db90bef0af2a875a0b3afb268f21c3e5bc34753657102ad", + "zh:ec6901ab8b99ae3df50340e9aa86ed3bac1369f5e1403c0362edd9944640fa22", + "zh:f6a4d0ce3bd3d4b81163c4ae75b66e50c10b935c60a63d7fb96df285c0eeca40", + ] +} diff --git a/main.tf b/main.tf index bcbb4fa..c579ec7 100644 --- a/main.tf +++ b/main.tf @@ -10,7 +10,7 @@ module "lambda" { layers = var.layers resource_allocation = var.resource_allocation vpc_tag = var.vpc_tag_key_override - name = var.function_name + name = var.name team_name = var.team_name environment = var.environment @@ -31,7 +31,7 @@ data "aws_region" "current" {} data "aws_caller_identity" "current" {} resource "aws_iam_role" "lambda" { - name = var.function_name + name = var.name assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json } diff --git a/modules/event/cloudwatch-scheduled-event/main.tf b/modules/event/cloudwatch-scheduled-event/main.tf deleted file mode 100644 index 14f260a..0000000 --- a/modules/event/cloudwatch-scheduled-event/main.tf +++ /dev/null @@ -1,20 +0,0 @@ -resource "aws_lambda_permission" "cloudwatch" { - count = var.enable ? 1 : 0 - statement_id = "AllowExecutionFromCloudWatch" - action = "lambda:InvokeFunction" - function_name = var.lambda_function_arn - principal = "events.amazonaws.com" - source_arn = aws_cloudwatch_event_rule.lambda[count.index].arn -} - -resource "aws_cloudwatch_event_rule" "lambda" { - count = var.enable ? 1 : 0 - schedule_expression = var.schedule_expression -} - -resource "aws_cloudwatch_event_target" "lambda" { - count = var.enable ? 1 : 0 - rule = aws_cloudwatch_event_rule.lambda[count.index].name - arn = var.lambda_function_arn -} - diff --git a/modules/event/cloudwatch-scheduled-event/variables.tf b/modules/event/cloudwatch-scheduled-event/variables.tf deleted file mode 100644 index 73b962e..0000000 --- a/modules/event/cloudwatch-scheduled-event/variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -variable "enable" { - description = "Conditionally enables this module (and all it's ressources)." - type = bool - default = false -} - -variable "lambda_function_arn" { - description = "The Amazon Resource Name (ARN) identifying the Lambda Function trigger by CloudWatch" -} - -variable "schedule_expression" { - description = "Scheduling expression for triggering the Lambda Function using CloudWatch events. For example, cron(0 20 * * ? *) or rate(5 minutes)." -} - diff --git a/modules/event/cloudwatch-scheduled-event/versions.tf b/modules/event/cloudwatch-scheduled-event/versions.tf deleted file mode 100644 index ac97c6a..0000000 --- a/modules/event/cloudwatch-scheduled-event/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} diff --git a/modules/event/dynamodb/main.tf b/modules/event/dynamodb/main.tf deleted file mode 100644 index 0077b1c..0000000 --- a/modules/event/dynamodb/main.tf +++ /dev/null @@ -1,41 +0,0 @@ -data "aws_region" "current" { -} - -data "aws_caller_identity" "current" { -} - -resource "aws_lambda_event_source_mapping" "stream_source" { - count = var.enable ? 1 : 0 - event_source_arn = var.stream_event_source_arn - function_name = var.function_name - starting_position = var.stream_starting_position -} - -data "aws_iam_policy_document" "stream_policy_document" { - statement { - actions = [ - "dynamodb:DescribeStream", - "dynamodb:GetShardIterator", - "dynamodb:GetRecords", - "dynamodb:ListStreams", - ] - - resources = [ - "arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/${var.table_name}/stream/*", - ] - } -} - -resource "aws_iam_policy" "stream_policy" { - count = var.enable ? 1 : 0 - name = "${var.function_name}-stream-consumer" - description = "Provides minimum DynamoDb stream processing permissions for ${var.function_name}." - policy = data.aws_iam_policy_document.stream_policy_document.json -} - -resource "aws_iam_role_policy_attachment" "stream_policy_attachment" { - count = var.enable ? 1 : 0 - role = var.iam_role_name - policy_arn = aws_iam_policy.stream_policy[count.index].arn -} - diff --git a/modules/event/dynamodb/variables.tf b/modules/event/dynamodb/variables.tf deleted file mode 100644 index d8fac6d..0000000 --- a/modules/event/dynamodb/variables.tf +++ /dev/null @@ -1,31 +0,0 @@ -variable "enable" { - description = "Conditionally enables this module (and all it's ressources)." - type = bool - default = false -} - -variable "iam_role_name" { - description = "The name of the IAM role to attach stream policy configuration." - default = "" -} - -variable "function_name" { - description = "The name or the ARN of the Lambda function that will be subscribing to events. " - default = "" -} - -variable "stream_event_source_arn" { - description = "Event source ARN of a DynamoDB stream." - default = "" -} - -variable "stream_starting_position" { - description = "The position in the stream where AWS Lambda should start reading. Must be one of either TRIM_HORIZON or LATEST. Defaults to TRIM_HORIZON." - default = "TRIM_HORIZON" -} - -variable "table_name" { - description = "The name of the DynamoDb table providing the stream." - default = "" -} - diff --git a/modules/event/dynamodb/versions.tf b/modules/event/dynamodb/versions.tf deleted file mode 100644 index ac97c6a..0000000 --- a/modules/event/dynamodb/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} diff --git a/modules/event/s3/main.tf b/modules/event/s3/main.tf deleted file mode 100644 index 8ee0176..0000000 --- a/modules/event/s3/main.tf +++ /dev/null @@ -1,8 +0,0 @@ -resource "aws_lambda_permission" "allow_bucket" { - count = var.enable ? 1 : 0 - action = "lambda:InvokeFunction" - function_name = var.lambda_function_arn - principal = "s3.amazonaws.com" - statement_id = "AllowExecutionFromS3Bucket" - source_arn = var.s3_bucket_arn -} diff --git a/modules/event/s3/variables.tf b/modules/event/s3/variables.tf deleted file mode 100644 index b5ed117..0000000 --- a/modules/event/s3/variables.tf +++ /dev/null @@ -1,27 +0,0 @@ -# --------------------------------------------------------------------------------------------------------------------- -# REQUIRED PARAMETERS -# You must provide a value for each of these parameters. -# --------------------------------------------------------------------------------------------------------------------- - -variable "lambda_function_arn" { - description = "The Amazon Resource Name (ARN) identifying the Lambda Function triggered by S3" -} - -variable "s3_bucket_arn" { - description = "The ARN of the bucket." -} - -variable "s3_bucket_id" { - description = "The name of the bucket." -} - -# --------------------------------------------------------------------------------------------------------------------- -# OPTIONAL PARAMETERS -# These parameters have reasonable defaults. -# --------------------------------------------------------------------------------------------------------------------- - -variable "enable" { - description = "Conditionally enables this module (and all it's ressources)." - type = bool - default = false -} diff --git a/modules/event/s3/versions.tf b/modules/event/s3/versions.tf deleted file mode 100644 index ac97c6a..0000000 --- a/modules/event/s3/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} diff --git a/modules/event/sns/main.tf b/modules/event/sns/main.tf deleted file mode 100644 index 6554fd7..0000000 --- a/modules/event/sns/main.tf +++ /dev/null @@ -1,22 +0,0 @@ -resource "aws_lambda_permission" "sns" { - count = var.enable ? 1 : 0 - action = "lambda:InvokeFunction" - function_name = var.function_name - principal = "sns.amazonaws.com" - statement_id = "AllowSubscriptionToSNS" - source_arn = var.topic_arn -} - -resource "aws_sns_topic_subscription" "subscription" { - count = var.enable ? 1 : 0 - endpoint = var.endpoint - protocol = "lambda" - topic_arn = var.topic_arn - - # Note: redrive policy is safe to ignore here because it's unused. - # This only prevents subscriptions created _outside_ of module from - # having _their_ redrive policy overwritten by this module. - lifecycle { - ignore_changes = [redrive_policy] - } -} diff --git a/modules/event/sns/variables.tf b/modules/event/sns/variables.tf deleted file mode 100644 index 8702771..0000000 --- a/modules/event/sns/variables.tf +++ /dev/null @@ -1,18 +0,0 @@ -variable "enable" { - description = "Conditionally enables this module (and all it's ressources)." - type = bool - default = false -} - -variable "endpoint" { - description = "The endpoint to send data to (ARN of the Lambda function)" -} - -variable "function_name" { - description = "Name of the Lambda function whose resource policy should be allowed to subscribe to SNS topics." -} - -variable "topic_arn" { - description = "The ARN of the SNS topic to subscribe to" -} - diff --git a/modules/event/sns/versions.tf b/modules/event/sns/versions.tf deleted file mode 100644 index ac97c6a..0000000 --- a/modules/event/sns/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} From 750e73a1299d8b5c22d469dfaf4088232661bea0 Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Mon, 2 May 2022 13:31:33 -0400 Subject: [PATCH 19/55] missed variables.tf in last commit --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 7101615..4e545f1 100644 --- a/variables.tf +++ b/variables.tf @@ -37,7 +37,7 @@ variable "filename" { description = "The path to the function's deployment package within the local filesystem." } -variable "function_name" { +variable "name" { description = "A unique name for your Lambda Function." } From 5ef05cd434fa6f25b34eb218028ecd581747b6ff Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Tue, 3 May 2022 11:04:16 -0400 Subject: [PATCH 20/55] tf-doc generated README --- README.md | 181 ++++++++++++++++++++++++++---------------------------- 1 file changed, 86 insertions(+), 95 deletions(-) diff --git a/README.md b/README.md index 29136cd..a94cda9 100644 --- a/README.md +++ b/README.md @@ -1,95 +1,86 @@ -# AWS Lambda Terraform module - -![](https://github.com/spring-media/terraform-aws-lambda/workflows/Terraform%20CI/badge.svg) [![Terraform Module Registry](https://img.shields.io/badge/Terraform%20Module%20Registry-4.3.0-blue.svg)](https://registry.terraform.io/modules/spring-media/lambda/aws/4.3.0) ![Terraform Version](https://img.shields.io/badge/Terraform-0.12.13-green.svg) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) - -Terraform module to create AWS [Lambda](https://www.terraform.io/docs/providers/aws/r/lambda_function.html) resources with configurable event sources, IAM configuration (following the [principal of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege)), VPC as well as SSM/KMS and log streaming support. - -The following [event sources](https://docs.aws.amazon.com/lambda/latest/dg/invoking-lambda-function.html) are supported (see [examples](#examples)): - -- [cloudwatch-scheduled-event](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-cloudwatch-scheduled-event): configures a [CloudWatch Event Rule](https://www.terraform.io/docs/providers/aws/r/cloudwatch_event_rule.html) to trigger the Lambda on a regular, scheduled basis -- [dynamodb](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-dynamodb-event): configures an [Event Source Mapping](https://www.terraform.io/docs/providers/aws/r/lambda_event_source_mapping.html) to trigger the Lambda by DynamoDb events -- [s3](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-s3-event): configures permission to trigger the Lambda by S3 - -Furthermore this module supports: - -- reading configuration and secrets from [AWS Systems Manager Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.html) including decryption of [SecureString](https://docs.aws.amazon.com/kms/latest/developerguide/services-parameter-store.html) parameters -- [CloudWatch](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html) Log group configuration including retention time and [subscription filters](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html) e.g. to stream logs via Lambda to Elasticsearch - -## Terraform version compatibility - -| module | terraform | branch | -| :----: | :-------: | :-------------: | -| 4.x.x | 0.12.x | master | -| 3.x.x | 0.11.x | terraform_0.11x | - -## How do I use this module? - -The module can be used for all [runtimes](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html) supported by AWS Lambda (defaults to `go1.x`). - -In general configure the Lambda function with all required variables and add an (optional) event source (see [variables.tf](https://github.com/spring-media/terraform-aws-lambda/blob/master/variables.tf) for all available options). -The function is configured to ignore any changes to the function code so that it can be updated as part of your deployment process. - -``` -provider "aws" { - region = "eu-west-1" -} - -module "lambda" { - source = "spring-media/lambda/aws" - version = "4.3.0" - filename = "my-package.zip" - function_name = "my-function" - handler = "my-handler" - runtime = "go1.x" - - // configurable event trigger, see examples - event = { - type = "cloudwatch-scheduled-event" - schedule_expression = "rate(1 minute)" - } - - // optionally set environment configuration - environment = { - variables { - loglevel = "INFO" - } - } - - // optionally enable VPC access - vpc_config = { - security_group_ids = ["sg-1"] - subnet_ids = ["subnet-1", "subnet-2"] - } - - # optionally configure Parameter Store access with decryption - ssm_parameter_names = ["some/config/root/*"] - kms_key_arn = "arn:aws:kms:eu-west-1:647379381847:key/f79f2b-04684-4ad9-f9de8a-79d72f" - - # optionally create a log subscription for streaming log events from CloudWatch to ElasticSearch - logfilter_destination_arn = "arn:aws:lambda:eu-west-1:647379381847:function:cloudwatch_logs_to_es_production" -} -``` - -### Examples - -- [example-with-cloudwatch-scheduled-event](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-cloudwatch-scheduled-event) -- [example-with-dynamodb-event-source](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-dynamodb-event) -- [example-with-s3-event](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-s3-event) -- [example-with-vpc](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-with-vpc) -- [example-without-event](https://github.com/spring-media/terraform-aws-lambda/tree/master/examples/example-without-event) - -### bootstrap with func - -In case you are using [go](https://golang.org/) for developing your Lambda functions, you can also use [func](https://github.com/spring-media/func) to bootstrap your project and get started quickly. - -## How do I contribute to this module? - -Contributions are very welcome! Check out the [Contribution Guidelines](https://github.com/spring-media/terraform-aws-lambda/blob/master/CONTRIBUTING.md) for instructions. - -## How is this module versioned? - -This Module follows the principles of [Semantic Versioning](http://semver.org/). You can find each new release in the [releases page](../../releases). - -During initial development, the major version will be 0 (e.g., `0.x.y`), which indicates the code does not yet have a -stable API. Once we hit `1.0.0`, we will make every effort to maintain a backwards compatible API and use the MAJOR, -MINOR, and PATCH versions on each release to indicate any incompatibilities. + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.12 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | 4.12.1 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [lambda](#module\_lambda) | app.terraform.io/bankrate/lambda-function/aws | ~> 4.0.0 | +| [lambda\_cloudwatch\_trigger](#module\_lambda\_cloudwatch\_trigger) | app.terraform.io/bankrate/lambda-cloudwatch-trigger/aws | ~> 4.0.0 | +| [lambda\_ddb\_trigger](#module\_lambda\_ddb\_trigger) | app.terraform.io/bankrate/lambda-event-source/aws | 2.3.0 | +| [lambda\_s3\_trigger](#module\_lambda\_s3\_trigger) | app.terraform.io/bankrate/lambda-s3-trigger/aws | ~> 1.0.0 | + +## Resources + +| Name | Type | +|------|------| +| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | +| [aws_cloudwatch_log_subscription_filter.cloudwatch_logs_to_es](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_subscription_filter) | resource | +| [aws_iam_policy.kms_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.ssm_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.cloudwatch_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.kms_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.ssm_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_lambda_permission.cloudwatch_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.kms_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.ssm_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [architecture](#input\_architecture) | Triggers are not required. Chose one trigger, if any, to use with lambda. If one is true, all others must be false. | 
object({
    cloudwatch_trigger             = bool
    s3_trigger                     = bool
    ddb_trigger                    = bool
  })
| 
{
  "cloudwatch_trigger": false,
  "ddb_trigger": false,
  "s3_trigger": false
}
| no | +| [bucket\_arn](#input\_bucket\_arn) | value | `string` | `""` | no | +| [bucket\_id](#input\_bucket\_id) | value | `string` | `""` | no | +| [create\_default\_sg](#input\_create\_default\_sg) | By default creates a security group that's unique to your lambda, meaning that every lambda you create with this module will use its own set of ENIs | `bool` | `false` | no | +| [create\_in\_vpc](#input\_create\_in\_vpc) | By default this is set to true. If you don't want to create the lambda in a VPC then this should be set to false | `bool` | `true` | no | +| [description](#input\_description) | Description of what your Lambda Function does. | `string` | `""` | no | +| [enable](#input\_enable) | is a trigger enables true or false | `bool` | `true` | no | +| [enable\_newrelic](#input\_enable\_newrelic) | (optional) describe your variable | `bool` | `false` | no | +| [env\_vars](#input\_env\_vars) | Environment variables in map(map(string)) | `map(map(string))` | `{}` | no | +| [environment](#input\_environment) | Environment for the resouces | `string` | n/a | yes | +| [event\_source\_arn](#input\_event\_source\_arn) | value | `string` | `""` | no | +| [filename](#input\_filename) | The path to the function's deployment package within the local filesystem. | `any` | n/a | yes | +| [handler](#input\_handler) | The function entrypoint in your code. | `any` | n/a | yes | +| [kms\_key\_arn](#input\_kms\_key\_arn) | The Amazon Resource Name (ARN) of the KMS key to decrypt AWS Systems Manager parameters. | `string` | `""` | no | +| [layers](#input\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See [Lambda Layers](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html) | `list(string)` | `[]` | no | +| [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Defaults to 14. | `number` | `14` | no | +| [logfilter\_destination\_arn](#input\_logfilter\_destination\_arn) | The ARN of the destination to deliver matching log events to. Kinesis stream or Lambda function ARN. | `string` | `""` | no | +| [memory\_size](#input\_memory\_size) | Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. | `number` | `128` | no | +| [name](#input\_name) | A unique name for your Lambda Function. | `any` | n/a | yes | +| [owner](#input\_owner) | Name of the owner or vertical this belongs to. | `any` | n/a | yes | +| [project](#input\_project) | Name of the project this falls under. | `any` | n/a | yes | +| [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. Defaults to true. | `bool` | `true` | no | +| [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `string` | `"-1"` | no | +| [resource\_allocation](#input\_resource\_allocation) | Name of the project this falls under. | `string` | `"low"` | no | +| [runtime](#input\_runtime) | The runtime environment for the Lambda function you are uploading. Defaults to go1.x | `string` | `"go1.x"` | no | +| [schedule\_expression](#input\_schedule\_expression) | value | `string` | `"rate(1 minute)"` | no | +| [security\_groups](#input\_security\_groups) | security groups | `list(string)` | `[]` | no | +| [service](#input\_service) | Name of the service this is used in. | `any` | n/a | yes | +| [ssm\_parameter\_names](#input\_ssm\_parameter\_names) | List of AWS Systems Manager Parameter Store parameters this Lambda will have access to. In order to decrypt secure parameters, a kms\_key\_arn needs to be provided as well. | `list` | `[]` | no | +| [table\_name](#input\_table\_name) | value | `string` | `""` | no | +| [tags](#input\_tags) | A mapping of tags to assign to the Lambda function. | `map(string)` | `{}` | no | +| [team\_name](#input\_team\_name) | Name of the team this belongs to. | `any` | n/a | yes | +| [timeout](#input\_timeout) | The amount of time your Lambda Function has to run in seconds. Defaults to 3. | `number` | `3` | no | +| [vpc\_tag\_key\_override](#input\_vpc\_tag\_key\_override) | override of vpc tag | `string` | `"PrimaryVPC"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [arn](#output\_arn) | The Amazon Resource Name (ARN) identifying your Lambda Function. | + \ No newline at end of file From e5d2d1b44d2a789e0195c8f587fe4221b92ec7d2 Mon Sep 17 00:00:00 2001 From: Halima Sani Date: Thu, 14 Jul 2022 15:04:18 -0500 Subject: [PATCH 21/55] added function url resource to module --- examples/example-with-functionurl/README.md | 17 ++++++++++++++ examples/example-with-functionurl/main.tf | 23 +++++++++++++++++++ examples/example-with-functionurl/versions.tf | 4 ++++ main.tf | 6 +++++ variables.tf | 11 +++++++++ 5 files changed, 61 insertions(+) create mode 100644 examples/example-with-functionurl/README.md create mode 100644 examples/example-with-functionurl/main.tf create mode 100644 examples/example-with-functionurl/versions.tf diff --git a/examples/example-with-functionurl/README.md b/examples/example-with-functionurl/README.md new file mode 100644 index 0000000..6edee9a --- /dev/null +++ b/examples/example-with-functionurl/README.md @@ -0,0 +1,17 @@ +# Example with function url + +Creates an AWS Lambda function with function url to invoke your lambda + +## requirements + +- [Terraform 0.12+](https://www.terraform.io/) +- authentication configuration for the [aws provider](https://www.terraform.io/docs/providers/aws/) + +## usage + +To generate and show the execution plan run + +``` +terraform init +terraform plan +``` diff --git a/examples/example-with-functionurl/main.tf b/examples/example-with-functionurl/main.tf new file mode 100644 index 0000000..3f3fc4a --- /dev/null +++ b/examples/example-with-functionurl/main.tf @@ -0,0 +1,23 @@ +provider "aws" { + region = "us-east-1" + version = "4.11.0" +} + +data "aws_region" "current" {} +data "aws_caller_identity" "current"{} + + +module "lambda" { + source = "../../" + description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" + filename = "${path.module}/test_function.zip" + name = "tf-example-go-basic" + handler = "example-lambda-func" + runtime = "go1.x" + service = "example" + project = "example" + environment = "qa" + team_name = "example" + owner = "example" + enable_functionurl = true +} \ No newline at end of file diff --git a/examples/example-with-functionurl/versions.tf b/examples/example-with-functionurl/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/examples/example-with-functionurl/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/main.tf b/main.tf index c579ec7..945ae37 100644 --- a/main.tf +++ b/main.tf @@ -154,3 +154,9 @@ resource "aws_iam_role_policy_attachment" "kms_policy_attachment" { policy_arn = aws_iam_policy.kms_policy[count.index].arn } +resource "aws_lambda_function_url" "lambda_url" { + count = var.enable_functionurl ? 1 : 0 + function_name = module.lambda.arn + qualifier = var.qualifier + authorization_type = "AWS_IAM" +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index 4e545f1..c8d85f1 100644 --- a/variables.tf +++ b/variables.tf @@ -27,6 +27,17 @@ variable architecture { ddb_trigger = false } } +variable "qualifier" { + type = string + description = "Alias name or $LATEST" + default = "$LATEST" +} + +variable "enable_functionurl" { + type = bool + description = "trigger to create lambda function url" + default = false +} # --------------------------------------------------------------------------------------------------------------------- # REQUIRED PARAMETERS From a5590d3b406ffd21189d9212c0174874b12ce055 Mon Sep 17 00:00:00 2001 From: Halima Sani Date: Fri, 15 Jul 2022 11:37:48 -0500 Subject: [PATCH 22/55] reformat main.tf --- examples/example-with-functionurl/main.tf | 26 +++++++++++------------ 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/examples/example-with-functionurl/main.tf b/examples/example-with-functionurl/main.tf index 3f3fc4a..a8dd49f 100644 --- a/examples/example-with-functionurl/main.tf +++ b/examples/example-with-functionurl/main.tf @@ -1,23 +1,23 @@ provider "aws" { - region = "us-east-1" + region = "us-east-1" version = "4.11.0" } data "aws_region" "current" {} -data "aws_caller_identity" "current"{} +data "aws_caller_identity" "current" {} module "lambda" { - source = "../../" - description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" - filename = "${path.module}/test_function.zip" - name = "tf-example-go-basic" - handler = "example-lambda-func" - runtime = "go1.x" - service = "example" - project = "example" - environment = "qa" - team_name = "example" - owner = "example" + source = "../../" + description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" + filename = "${path.module}/test_function.zip" + name = "tf-example-go-basic" + handler = "example-lambda-func" + runtime = "go1.x" + service = "example" + project = "example" + environment = "qa" + team_name = "example" + owner = "example" enable_functionurl = true } \ No newline at end of file From 72e81dd5b6ef132f08c7c0aae6e6426cb61e07fa Mon Sep 17 00:00:00 2001 From: Halima Sani Date: Fri, 15 Jul 2022 11:40:39 -0500 Subject: [PATCH 23/55] reformat variables.tf --- main.tf | 16 ++++++------ variables.tf | 70 ++++++++++++++++++++++++++-------------------------- 2 files changed, 43 insertions(+), 43 deletions(-) diff --git a/main.tf b/main.tf index 945ae37..aa21ebf 100644 --- a/main.tf +++ b/main.tf @@ -43,9 +43,9 @@ resource "aws_iam_role_policy_attachment" "cloudwatch_logs" { module "lambda_cloudwatch_trigger" { source = "app.terraform.io/bankrate/lambda-cloudwatch-trigger/aws" version = "~> 4.0.0" - + # Enablement - enable = var.enable && lookup(var.architecture, "cloudwatch_trigger", false) + enable = var.enable && lookup(var.architecture, "cloudwatch_trigger", false) lambda_function_arn = module.lambda.arn schedule_expression = var.schedule_expression @@ -55,13 +55,13 @@ module "lambda_cloudwatch_trigger" { } module "lambda_s3_trigger" { - source = "app.terraform.io/bankrate/lambda-s3-trigger/aws" + source = "app.terraform.io/bankrate/lambda-s3-trigger/aws" version = "~> 1.0.0" # Enablement - enable = var.enable && lookup(var.architecture, "s3_trigger", false) + enable = var.enable && lookup(var.architecture, "s3_trigger", false) - bucket_name = var.bucket_id + bucket_name = var.bucket_id lambda_function_arn = module.lambda.arn } @@ -70,7 +70,7 @@ module "lambda_ddb_trigger" { version = "2.3.0" # Enablement - enable = var.enable && lookup(var.architecture, "ddb_trigger", false) + enable = var.enable && lookup(var.architecture, "ddb_trigger", false) lambda_function_arn = module.lambda.arn lambda_role_name = module.lambda.iam_role_name @@ -80,7 +80,7 @@ module "lambda_ddb_trigger" { resource "aws_cloudwatch_log_group" "lambda" { name = "/aws/lambda/${module.lambda.name}" - retention_in_days = var.log_retention_in_days + retention_in_days = var.log_retention_in_days } resource "aws_lambda_permission" "cloudwatch_logs" { @@ -152,7 +152,7 @@ resource "aws_iam_role_policy_attachment" "kms_policy_attachment" { count = var.kms_key_arn != "" ? 1 : 0 role = module.lambda.iam_role_name policy_arn = aws_iam_policy.kms_policy[count.index].arn -} +} resource "aws_lambda_function_url" "lambda_url" { count = var.enable_functionurl ? 1 : 0 diff --git a/variables.tf b/variables.tf index c8d85f1..b74bf70 100644 --- a/variables.tf +++ b/variables.tf @@ -1,8 +1,8 @@ ## optional vars for RV modules should default but be exposed variable "enable_newrelic" { - type = bool + type = bool description = "(optional) describe your variable" - default = false + default = false } # @@ -10,33 +10,33 @@ variable "enable_newrelic" { ### variable "enable" { description = "is a trigger enables true or false" - type = bool - default = true + type = bool + default = true } variable architecture { description = "Triggers are not required. Chose one trigger, if any, to use with lambda. If one is true, all others must be false." type = object({ - cloudwatch_trigger = bool - s3_trigger = bool - ddb_trigger = bool + cloudwatch_trigger = bool + s3_trigger = bool + ddb_trigger = bool }) default = { - cloudwatch_trigger = false - s3_trigger = false - ddb_trigger = false + cloudwatch_trigger = false + s3_trigger = false + ddb_trigger = false } } variable "qualifier" { - type = string + type = string description = "Alias name or $LATEST" - default = "$LATEST" + default = "$LATEST" } variable "enable_functionurl" { - type = bool + type = bool description = "trigger to create lambda function url" - default = false + default = false } # --------------------------------------------------------------------------------------------------------------------- @@ -74,13 +74,13 @@ variable "team_name" { variable "resource_allocation" { description = "Name of the project this falls under." - default = "low" + default = "low" } variable "vpc_tag_key_override" { description = "override of vpc tag" - type = string - default = "PrimaryVPC" + type = string + default = "PrimaryVPC" } # --------------------------------------------------------------------------------------------------------------------- # OPTIONAL PARAMETERS @@ -99,37 +99,37 @@ variable "environment" { variable "env_vars" { description = "Environment variables in map(map(string))" - type = map(map(string)) - default = {} + type = map(map(string)) + default = {} } variable "schedule_expression" { description = "value" - type = string - default = "rate(1 minute)" + type = string + default = "rate(1 minute)" } variable "bucket_arn" { description = "value" - type = string - default = "" + type = string + default = "" } variable "bucket_id" { description = "value" - type = string - default = "" + type = string + default = "" } variable "event_source_arn" { description = "value" - type = string - default = "" + type = string + default = "" } variable "table_name" { description = "value" - type = string - default = "" + type = string + default = "" } variable "kms_key_arn" { @@ -185,19 +185,19 @@ variable "timeout" { variable "create_in_vpc" { description = "By default this is set to true. If you don't want to create the lambda in a VPC then this should be set to false" - type = bool - default = true + type = bool + default = true } variable "create_default_sg" { description = "By default creates a security group that's unique to your lambda, meaning that every lambda you create with this module will use its own set of ENIs" - type = bool - default = false + type = bool + default = false } variable "security_groups" { description = "security groups" - type = list(string) - default = [] + type = list(string) + default = [] } variable "layers" { From d436f7d563d0c3b2f221c249f817f8a52bed9ea0 Mon Sep 17 00:00:00 2001 From: Halima Sani Date: Fri, 15 Jul 2022 12:03:24 -0500 Subject: [PATCH 24/55] added output lambda function url output --- outputs.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/outputs.tf b/outputs.tf index db02629..8c8c095 100644 --- a/outputs.tf +++ b/outputs.tf @@ -3,6 +3,10 @@ output "arn" { description = "The Amazon Resource Name (ARN) identifying your Lambda Function." value = module.lambda.arn } +output "aws_lambda_function_url" { + description = "The unique url to invoke your lambda function" + value = var.enable_functionurl ? aws_lambda_function_url.lambda_url[0].function_url : "" +} /* output "function_name" { description = "The unique name of your Lambda Function." From abc8205dd86cb0809419fd52f44a4fce6a2c0f49 Mon Sep 17 00:00:00 2001 From: Halima-RV <95394078+Halima-RV@users.noreply.github.com> Date: Fri, 15 Jul 2022 15:03:08 -0500 Subject: [PATCH 25/55] Update main.tf Co-authored-by: Luke <60436618+lbrimeyer@users.noreply.github.com> --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index aa21ebf..78b5a3c 100644 --- a/main.tf +++ b/main.tf @@ -155,7 +155,7 @@ resource "aws_iam_role_policy_attachment" "kms_policy_attachment" { } resource "aws_lambda_function_url" "lambda_url" { - count = var.enable_functionurl ? 1 : 0 + count = var.enable && lookup(var.architecture, "function_url", false) ? 1 : 0 function_name = module.lambda.arn qualifier = var.qualifier authorization_type = "AWS_IAM" From 180429cb26fcd1d851304e5e53cd30560082bbe9 Mon Sep 17 00:00:00 2001 From: Halima Sani Date: Fri, 15 Jul 2022 15:09:30 -0500 Subject: [PATCH 26/55] update enable architecture logic --- examples/example-with-functionurl/main.tf | 32 ++++++++++++++--------- main.tf | 2 +- outputs.tf | 2 +- variables.tf | 12 +++++---- 4 files changed, 28 insertions(+), 20 deletions(-) diff --git a/examples/example-with-functionurl/main.tf b/examples/example-with-functionurl/main.tf index a8dd49f..a991f1b 100644 --- a/examples/example-with-functionurl/main.tf +++ b/examples/example-with-functionurl/main.tf @@ -8,16 +8,22 @@ data "aws_caller_identity" "current" {} module "lambda" { - source = "../../" - description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" - filename = "${path.module}/test_function.zip" - name = "tf-example-go-basic" - handler = "example-lambda-func" - runtime = "go1.x" - service = "example" - project = "example" - environment = "qa" - team_name = "example" - owner = "example" - enable_functionurl = true -} \ No newline at end of file + source = "../../" + description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" + filename = "${path.module}/test_function.zip" + name = "tf-example-go-basic" + handler = "example-lambda-func" + runtime = "go1.x" + service = "example" + project = "example" + environment = "qa" + team_name = "example" + owner = "example" + + architecture = { + cloudwatch_trigger = false + s3_trigger = false + ddb_trigger = false + function_url = true + } +} diff --git a/main.tf b/main.tf index aa21ebf..78b5a3c 100644 --- a/main.tf +++ b/main.tf @@ -155,7 +155,7 @@ resource "aws_iam_role_policy_attachment" "kms_policy_attachment" { } resource "aws_lambda_function_url" "lambda_url" { - count = var.enable_functionurl ? 1 : 0 + count = var.enable && lookup(var.architecture, "function_url", false) ? 1 : 0 function_name = module.lambda.arn qualifier = var.qualifier authorization_type = "AWS_IAM" diff --git a/outputs.tf b/outputs.tf index 8c8c095..1c34609 100644 --- a/outputs.tf +++ b/outputs.tf @@ -5,7 +5,7 @@ output "arn" { } output "aws_lambda_function_url" { description = "The unique url to invoke your lambda function" - value = var.enable_functionurl ? aws_lambda_function_url.lambda_url[0].function_url : "" + value = var.enable && lookup(var.architecture, "function_url", false) ? aws_lambda_function_url.lambda_url[0].function_url : null } /* output "function_name" { diff --git a/variables.tf b/variables.tf index b74bf70..93a0dfa 100644 --- a/variables.tf +++ b/variables.tf @@ -19,12 +19,14 @@ variable architecture { cloudwatch_trigger = bool s3_trigger = bool ddb_trigger = bool + function_url = bool }) default = { cloudwatch_trigger = false s3_trigger = false ddb_trigger = false + function_url = false } } variable "qualifier" { @@ -33,11 +35,11 @@ variable "qualifier" { default = "$LATEST" } -variable "enable_functionurl" { - type = bool - description = "trigger to create lambda function url" - default = false -} +# variable "enable_functionurl" { +# type = bool +# description = "trigger to create lambda function url" +# default = false +# } # --------------------------------------------------------------------------------------------------------------------- # REQUIRED PARAMETERS From a054b82508ab2c646c6a06cfd7ff21646a12e1ee Mon Sep 17 00:00:00 2001 From: Halima Sani Date: Fri, 15 Jul 2022 16:03:01 -0500 Subject: [PATCH 27/55] fixed all example config to run --- .../main.tf | 33 ++++++++-------- examples/example-with-dynamodb-event/main.tf | 37 ++++++++---------- examples/example-with-s3-event/main.tf | 33 ++++++++-------- examples/example-with-vpc/main.tf | 39 ++++++++++--------- variables.tf | 10 +---- 5 files changed, 73 insertions(+), 79 deletions(-) diff --git a/examples/example-with-cloudwatch-scheduled-event/main.tf b/examples/example-with-cloudwatch-scheduled-event/main.tf index 34b8204..0223ae8 100644 --- a/examples/example-with-cloudwatch-scheduled-event/main.tf +++ b/examples/example-with-cloudwatch-scheduled-event/main.tf @@ -1,29 +1,30 @@ provider "aws" { - region = "us-east-1" + region = "us-east-1" version = "4.11.0" } data "aws_region" "current" {} -data "aws_caller_identity" "current"{} +data "aws_caller_identity" "current" {} module "lambda" { - source = "../../" - description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" - filename = "${path.module}/test_function.zip" - function_name = "tf-example-go-basic" - handler = "example-lambda-func" - runtime = "go1.x" - service = "example" - project = "example" - environment = "qa" - team_name = "example" - owner = "example" + source = "../../" + description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" + filename = "${path.module}/test_function.zip" + name = "tf-example-go-basic" + handler = "example-lambda-func" + runtime = "go1.x" + service = "example" + project = "example" + environment = "qa" + team_name = "example" + owner = "example" architecture = { - cloudwatch_trigger = true - s3_trigger = false - ddb_trigger = false + cloudwatch_trigger = true + s3_trigger = false + ddb_trigger = false + function_url = false } schedule_expression = "rate(1 minute)" diff --git a/examples/example-with-dynamodb-event/main.tf b/examples/example-with-dynamodb-event/main.tf index ff147c2..d35d8e7 100644 --- a/examples/example-with-dynamodb-event/main.tf +++ b/examples/example-with-dynamodb-event/main.tf @@ -1,33 +1,30 @@ provider "aws" { - region = "us-east-1" + region = "us-east-1" version = "4.11.0" } data "aws_region" "current" {} -data "aws_caller_identity" "current"{} +data "aws_caller_identity" "current" {} module "lambda" { - source = "../../" - description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" - filename = "${path.module}/test_function.zip" - function_name = "tf-example-go-basic" - handler = "example-lambda-func" - runtime = "go1.x" - service = "example" - project = "example" - environment = var.workspace - team_name = "example" - owner = "example" + source = "../../" + description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" + filename = "${path.module}/test_function.zip" + name = "tf-example-go-basic" + handler = "example-lambda-func" + runtime = "go1.x" + service = "example" + project = "example" + environment = "qa" + team_name = "example" + owner = "example" architecture = { - cloudwatch_trigger = false - s3_trigger = false - ddb_trigger = true + cloudwatch_trigger = false + s3_trigger = false + ddb_trigger = true + function_url = false } - name = var.name - project_name = var.project - hash_key = "id" - stream_enabled = true tags = { key = "value" diff --git a/examples/example-with-s3-event/main.tf b/examples/example-with-s3-event/main.tf index a4736b0..33161cb 100644 --- a/examples/example-with-s3-event/main.tf +++ b/examples/example-with-s3-event/main.tf @@ -1,10 +1,10 @@ provider "aws" { - region = "us-east-1" + region = "us-east-1" version = "4.11.0" } data "aws_region" "current" {} -data "aws_caller_identity" "current"{} +data "aws_caller_identity" "current" {} resource "aws_s3_bucket_notification" "bucket_notification" { bucket = "bucketname" @@ -16,22 +16,23 @@ resource "aws_s3_bucket_notification" "bucket_notification" { } module "lambda" { - source = "../../" - description = "Example AWS Lambda using go with s3 event trigger" - filename = "${path.module}/test_function.zip" - function_name = "tf-example-go-basic" - handler = "example-lambda-func" - runtime = "go1.x" - service = "example" - project = "example" - environment = "qa" - team_name = "example" - owner = "example" + source = "../../" + description = "Example AWS Lambda using go with s3 event trigger" + filename = "${path.module}/test_function.zip" + name = "tf-example-go-basic" + handler = "example-lambda-func" + runtime = "go1.x" + service = "example" + project = "example" + environment = "qa" + team_name = "example" + owner = "example" architecture = { - cloudwatch_trigger = false - s3_trigger = true - ddb_trigger = false + cloudwatch_trigger = false + s3_trigger = true + ddb_trigger = false + function_url = false } bucket_arn = "arn:aws:s3:::bucketname" bucket_id = "bucketname" diff --git a/examples/example-with-vpc/main.tf b/examples/example-with-vpc/main.tf index 52ea2c2..9c4d9f2 100644 --- a/examples/example-with-vpc/main.tf +++ b/examples/example-with-vpc/main.tf @@ -1,10 +1,10 @@ provider "aws" { - region = "us-east-1" + region = "us-east-1" version = "4.11.0" } data "aws_region" "current" {} -data "aws_caller_identity" "current"{} +data "aws_caller_identity" "current" {} resource "aws_security_group" "lambda_egress" { name = "lambda-egress-qa" @@ -23,27 +23,28 @@ resource "aws_security_group_rule" "lambda_egress" { } module "lambda" { - source = "../../" - description = "Example AWS Lambda inside a VPC using go with cloudwatch scheduled event trigger" - filename = "${path.module}/test_function.zip" - function_name = "tf-example-go-basic" - handler = "example-lambda-func" - runtime = "go1.x" - service = "example" - project = "example" - environment = "qa" - team_name = "example" - owner = "example" + source = "../../" + description = "Example AWS Lambda inside a VPC using go with cloudwatch scheduled event trigger" + filename = "${path.module}/test_function.zip" + name = "tf-example-go-basic" + handler = "example-lambda-func" + runtime = "go1.x" + service = "example" + project = "example" + environment = "qa" + team_name = "example" + owner = "example" architecture = { - cloudwatch_trigger = true - s3_trigger = false - ddb_trigger = false + cloudwatch_trigger = true + s3_trigger = false + ddb_trigger = false + function_url = false } schedule_expression = "rate(1 minute)" - create_in_vpc = true - create_default_sg = false - security_groups = [aws_security_group.lambda_egress.id] + create_in_vpc = true + create_default_sg = false + security_groups = [aws_security_group.lambda_egress.id] tags = { key = "value" diff --git a/variables.tf b/variables.tf index 93a0dfa..fa6d057 100644 --- a/variables.tf +++ b/variables.tf @@ -19,14 +19,14 @@ variable architecture { cloudwatch_trigger = bool s3_trigger = bool ddb_trigger = bool - function_url = bool + function_url = bool }) default = { cloudwatch_trigger = false s3_trigger = false ddb_trigger = false - function_url = false + function_url = false } } variable "qualifier" { @@ -35,12 +35,6 @@ variable "qualifier" { default = "$LATEST" } -# variable "enable_functionurl" { -# type = bool -# description = "trigger to create lambda function url" -# default = false -# } - # --------------------------------------------------------------------------------------------------------------------- # REQUIRED PARAMETERS # You must provide a value for each of these parameters. From 6eef35adb94e18f232479a63b5381fd111bd958b Mon Sep 17 00:00:00 2001 From: Halima Sani Date: Fri, 22 Jul 2022 15:35:21 -0500 Subject: [PATCH 28/55] deleted qualifier from lambda url resource --- main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/main.tf b/main.tf index 78b5a3c..7274038 100644 --- a/main.tf +++ b/main.tf @@ -157,6 +157,5 @@ resource "aws_iam_role_policy_attachment" "kms_policy_attachment" { resource "aws_lambda_function_url" "lambda_url" { count = var.enable && lookup(var.architecture, "function_url", false) ? 1 : 0 function_name = module.lambda.arn - qualifier = var.qualifier authorization_type = "AWS_IAM" } \ No newline at end of file From 22f00344e042fd3be9a67fbea936c7228ab298fa Mon Sep 17 00:00:00 2001 From: Halima Sani Date: Fri, 22 Jul 2022 15:36:23 -0500 Subject: [PATCH 29/55] deleted qualifier variable --- variables.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/variables.tf b/variables.tf index fa6d057..a3fba56 100644 --- a/variables.tf +++ b/variables.tf @@ -29,11 +29,6 @@ variable architecture { function_url = false } } -variable "qualifier" { - type = string - description = "Alias name or $LATEST" - default = "$LATEST" -} # --------------------------------------------------------------------------------------------------------------------- # REQUIRED PARAMETERS From 7e619efdb9bfb2b426bc246cfb1219ad5d12c594 Mon Sep 17 00:00:00 2001 From: Halima Sani Date: Mon, 25 Jul 2022 18:55:30 -0500 Subject: [PATCH 30/55] changed function url auth type to a variable --- examples/example-with-functionurl/main.tf | 2 +- main.tf | 2 +- variables.tf | 6 ++++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/examples/example-with-functionurl/main.tf b/examples/example-with-functionurl/main.tf index a991f1b..5ddf358 100644 --- a/examples/example-with-functionurl/main.tf +++ b/examples/example-with-functionurl/main.tf @@ -9,7 +9,7 @@ data "aws_caller_identity" "current" {} module "lambda" { source = "../../" - description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" + description = "Example AWS Lambda using go with functionurl" filename = "${path.module}/test_function.zip" name = "tf-example-go-basic" handler = "example-lambda-func" diff --git a/main.tf b/main.tf index 7274038..e77860b 100644 --- a/main.tf +++ b/main.tf @@ -157,5 +157,5 @@ resource "aws_iam_role_policy_attachment" "kms_policy_attachment" { resource "aws_lambda_function_url" "lambda_url" { count = var.enable && lookup(var.architecture, "function_url", false) ? 1 : 0 function_name = module.lambda.arn - authorization_type = "AWS_IAM" + authorization_type = var.authorization_type } \ No newline at end of file diff --git a/variables.tf b/variables.tf index a3fba56..a021fe4 100644 --- a/variables.tf +++ b/variables.tf @@ -196,3 +196,9 @@ variable "layers" { type = list(string) default = [] } + +variable "authorization_type" { + description = "The type of authentication that the function URL uses. Defaults to AWS_IAM which restricts access to authenticated users. Use NONE to allow public unauthenticated users invoke your lambda" + type = string + default = "AWS_IAM" +} \ No newline at end of file From 88ae5613b611b61aba81e15a0462e2b5e2e2af53 Mon Sep 17 00:00:00 2001 From: Halima-RV <95394078+Halima-RV@users.noreply.github.com> Date: Tue, 26 Jul 2022 14:21:50 -0500 Subject: [PATCH 31/55] Update variables.tf Co-authored-by: Luke <60436618+lbrimeyer@users.noreply.github.com> --- variables.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/variables.tf b/variables.tf index a021fe4..8a5365a 100644 --- a/variables.tf +++ b/variables.tf @@ -201,4 +201,9 @@ variable "authorization_type" { description = "The type of authentication that the function URL uses. Defaults to AWS_IAM which restricts access to authenticated users. Use NONE to allow public unauthenticated users invoke your lambda" type = string default = "AWS_IAM" + + validation { + condition = contains(["AWS_IAM", "NONE"], var.authorization_type) + error_message = "Authorization type must be either `AWS_IAM` || `NONE`" + } } \ No newline at end of file From 986478d2e799918adf5798442667947afeac4440 Mon Sep 17 00:00:00 2001 From: Halima Sani Date: Mon, 1 Aug 2022 15:30:43 -0500 Subject: [PATCH 32/55] fixed validation statement --- variables.tf | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/variables.tf b/variables.tf index 4e545f1..9a6ef8a 100644 --- a/variables.tf +++ b/variables.tf @@ -194,3 +194,14 @@ variable "layers" { type = list(string) default = [] } + +variable "authorization_type" { + description = "The type of authentication that the function URL uses. Defaults to AWS_IAM which restricts access to authenticated users. Use NONE to allow public unauthenticated users invoke your lambda" + type = string + default = "AWS_IAM" + + validation { + condition = contains(["AWS_IAM", "NONE"], var.authorization_type) + error_message = "Authorization type must be either `AWS_IAM` || `NONE`." + } +} \ No newline at end of file From cdf772a8479ba18be0740dbea247bb92dab88344 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Candrew-rv=E2=80=9D?= Date: Tue, 2 Aug 2022 14:15:07 -0500 Subject: [PATCH 33/55] Update:Changes merged with master --- main.tf | 8 ++++---- variables.tf | 15 +++++++++++++++ 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/main.tf b/main.tf index e77860b..2841a9a 100644 --- a/main.tf +++ b/main.tf @@ -65,17 +65,17 @@ module "lambda_s3_trigger" { lambda_function_arn = module.lambda.arn } -module "lambda_ddb_trigger" { - source = "app.terraform.io/bankrate/lambda-event-source/aws" +module "lambda_event_source" { + source = "app.terraform.io/RVStandard/lambda-event-source/aws" version = "2.3.0" # Enablement - enable = var.enable && lookup(var.architecture, "ddb_trigger", false) + enable = var.enable && (lookup(var.architecture, "ddb_trigger", false) || lookup(var.architecture, "sqs_trigger", false) || lookup(var.architecture, "kinesis_trigger", false)) lambda_function_arn = module.lambda.arn lambda_role_name = module.lambda.iam_role_name event_source_arn = var.event_source_arn - event_source_type = "dynamodb" + event_source_type = var.event_trigger_type } resource "aws_cloudwatch_log_group" "lambda" { diff --git a/variables.tf b/variables.tf index 8386969..ca82b4d 100644 --- a/variables.tf +++ b/variables.tf @@ -20,6 +20,8 @@ variable architecture { s3_trigger = bool ddb_trigger = bool function_url = bool + sqs_trigger = bool + kinesis_trigger = bool }) default = { @@ -27,6 +29,19 @@ variable architecture { s3_trigger = false ddb_trigger = false function_url = false + sqs_trigger = false + kinesis_trigger = false + } +} + +variable "event_trigger_type" { + default = null + description = "" + type = string + + validation { + condition = contains(["dynamodb", "sqs", "kinesis"], var.event_trigger_type) + error_message = "Must be a dynamodb, sqs and or a kinesis event" } } From 6a4464a32b51b4730da7886671f9fb90dd1c40cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Candrew-rv=E2=80=9D?= Date: Tue, 26 Jul 2022 09:29:51 -0500 Subject: [PATCH 34/55] Update:Event Source --- main.tf | 2 +- variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 2841a9a..a7b379a 100644 --- a/main.tf +++ b/main.tf @@ -67,7 +67,7 @@ module "lambda_s3_trigger" { module "lambda_event_source" { source = "app.terraform.io/RVStandard/lambda-event-source/aws" - version = "2.3.0" + version = "~> 2.0" # Enablement enable = var.enable && (lookup(var.architecture, "ddb_trigger", false) || lookup(var.architecture, "sqs_trigger", false) || lookup(var.architecture, "kinesis_trigger", false)) diff --git a/variables.tf b/variables.tf index ca82b4d..01b649b 100644 --- a/variables.tf +++ b/variables.tf @@ -41,7 +41,7 @@ variable "event_trigger_type" { validation { condition = contains(["dynamodb", "sqs", "kinesis"], var.event_trigger_type) - error_message = "Must be a dynamodb, sqs and or a kinesis event" + error_message = "Must be a dynamodb, sqs and or a kinesis event." } } From 161ec94beed547ed62d20589e8339d250b4bb297 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Candrew-rv=E2=80=9D?= Date: Tue, 26 Jul 2022 15:11:25 -0500 Subject: [PATCH 35/55] Update:Examples --- examples/example-with-kinesis-event/README.md | 24 +++++++++++++ examples/example-with-kinesis-event/main.tf | 36 +++++++++++++++++++ .../test_function.zip | 0 .../example-with-kinesis-event/versions.tf | 4 +++ 4 files changed, 64 insertions(+) create mode 100644 examples/example-with-kinesis-event/README.md create mode 100644 examples/example-with-kinesis-event/main.tf create mode 100644 examples/example-with-kinesis-event/test_function.zip create mode 100644 examples/example-with-kinesis-event/versions.tf diff --git a/examples/example-with-kinesis-event/README.md b/examples/example-with-kinesis-event/README.md new file mode 100644 index 0000000..aa457ad --- /dev/null +++ b/examples/example-with-kinesis-event/README.md @@ -0,0 +1,24 @@ +# Example with Kinesis event + +Creates an AWS Lambda function triggered by a Kinesis [event](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html). + +## requirements + +- [Terraform 0.12+](https://www.terraform.io/) +- authentication configuration for the [aws provider](https://www.terraform.io/docs/providers/aws/) + +## usage + +``` +$ terraform init +$ terraform plan +``` + +## bootstrap with func + +In case you are using [go](https://golang.org/) for developing your Lambda functions, you can also use [func](https://github.com/spring-media/func) to bootstrap your project and get started quickly: + +``` +$ func new example-with-kinesis -e kinesis +$ cd example-with-kinesis && make init package plan +``` diff --git a/examples/example-with-kinesis-event/main.tf b/examples/example-with-kinesis-event/main.tf new file mode 100644 index 0000000..4f757fa --- /dev/null +++ b/examples/example-with-kinesis-event/main.tf @@ -0,0 +1,36 @@ +provider "aws" { + region = "us-east-1" + version = "4.11.0" +} + +data "aws_region" "current" {} +data "aws_caller_identity" "current"{} + +module "lambda" { + source = "../../" + description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" + filename = "${path.module}/test_function.zip" + function_name = "tf-example-go-basic" + handler = "example-lambda-func" + runtime = "go1.x" + service = "example" + project = "example" + environment = var.workspace + team_name = "example" + owner = "example" + + architecture = { + cloudwatch_trigger = false + s3_trigger = false + ddb_trigger = false + sqs_trigger = false + kinesis_trigger = true + } + name = var.name + project_name = var.project + + tags = { + key = "value" + } +} + diff --git a/examples/example-with-kinesis-event/test_function.zip b/examples/example-with-kinesis-event/test_function.zip new file mode 100644 index 0000000..e69de29 diff --git a/examples/example-with-kinesis-event/versions.tf b/examples/example-with-kinesis-event/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/examples/example-with-kinesis-event/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} From 3d82bd7535ec718a7ee04fee16ba028d41c5a988 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Candrew-rv=E2=80=9D?= Date: Tue, 26 Jul 2022 15:24:45 -0500 Subject: [PATCH 36/55] Update:Examples_2 --- .../README.md | 0 .../main.tf | 0 .../test_function.zip | 0 .../versions.tf | 0 examples/example-with-sqs-event/README.md | 24 +++++++++++++ examples/example-with-sqs-event/main.tf | 36 +++++++++++++++++++ .../example-with-sqs-event/test_function.zip | 0 examples/example-with-sqs-event/versions.tf | 4 +++ 8 files changed, 64 insertions(+) rename examples/{example-with-dynamodb-event => example-with-dynamo-event}/README.md (100%) rename examples/{example-with-dynamodb-event => example-with-dynamo-event}/main.tf (100%) rename examples/{example-with-dynamodb-event => example-with-dynamo-event}/test_function.zip (100%) rename examples/{example-with-dynamodb-event => example-with-dynamo-event}/versions.tf (100%) create mode 100644 examples/example-with-sqs-event/README.md create mode 100644 examples/example-with-sqs-event/main.tf create mode 100644 examples/example-with-sqs-event/test_function.zip create mode 100644 examples/example-with-sqs-event/versions.tf diff --git a/examples/example-with-dynamodb-event/README.md b/examples/example-with-dynamo-event/README.md similarity index 100% rename from examples/example-with-dynamodb-event/README.md rename to examples/example-with-dynamo-event/README.md diff --git a/examples/example-with-dynamodb-event/main.tf b/examples/example-with-dynamo-event/main.tf similarity index 100% rename from examples/example-with-dynamodb-event/main.tf rename to examples/example-with-dynamo-event/main.tf diff --git a/examples/example-with-dynamodb-event/test_function.zip b/examples/example-with-dynamo-event/test_function.zip similarity index 100% rename from examples/example-with-dynamodb-event/test_function.zip rename to examples/example-with-dynamo-event/test_function.zip diff --git a/examples/example-with-dynamodb-event/versions.tf b/examples/example-with-dynamo-event/versions.tf similarity index 100% rename from examples/example-with-dynamodb-event/versions.tf rename to examples/example-with-dynamo-event/versions.tf diff --git a/examples/example-with-sqs-event/README.md b/examples/example-with-sqs-event/README.md new file mode 100644 index 0000000..e8a8ed7 --- /dev/null +++ b/examples/example-with-sqs-event/README.md @@ -0,0 +1,24 @@ +# Example with SQS event + +Creates an AWS Lambda function triggered by a SQS [event](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html). + +## requirements + +- [Terraform 0.12+](https://www.terraform.io/) +- authentication configuration for the [aws provider](https://www.terraform.io/docs/providers/aws/) + +## usage + +``` +$ terraform init +$ terraform plan +``` + +## bootstrap with func + +In case you are using [go](https://golang.org/) for developing your Lambda functions, you can also use [func](https://github.com/spring-media/func) to bootstrap your project and get started quickly: + +``` +$ func new example-with-sqs -e sqs +$ cd example-with-sqs && make init package plan +``` diff --git a/examples/example-with-sqs-event/main.tf b/examples/example-with-sqs-event/main.tf new file mode 100644 index 0000000..31c0400 --- /dev/null +++ b/examples/example-with-sqs-event/main.tf @@ -0,0 +1,36 @@ +provider "aws" { + region = "us-east-1" + version = "4.11.0" +} + +data "aws_region" "current" {} +data "aws_caller_identity" "current"{} + +module "lambda" { + source = "../../" + description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" + filename = "${path.module}/test_function.zip" + function_name = "tf-example-go-basic" + handler = "example-lambda-func" + runtime = "go1.x" + service = "example" + project = "example" + environment = var.workspace + team_name = "example" + owner = "example" + + architecture = { + cloudwatch_trigger = false + s3_trigger = false + ddb_trigger = false + sqs_trigger = true + kinesis_trigger = false + } + name = var.name + project_name = var.project + + tags = { + key = "value" + } +} + diff --git a/examples/example-with-sqs-event/test_function.zip b/examples/example-with-sqs-event/test_function.zip new file mode 100644 index 0000000..e69de29 diff --git a/examples/example-with-sqs-event/versions.tf b/examples/example-with-sqs-event/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/examples/example-with-sqs-event/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} From 68d0b00809feaecc9af7053700c68d285fbffb12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Candrew-rv=E2=80=9D?= Date: Tue, 2 Aug 2022 16:21:24 -0500 Subject: [PATCH 37/55] Update:Updated examples --- examples/example-with-functionurl/main.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/examples/example-with-functionurl/main.tf b/examples/example-with-functionurl/main.tf index 5ddf358..7a85de4 100644 --- a/examples/example-with-functionurl/main.tf +++ b/examples/example-with-functionurl/main.tf @@ -25,5 +25,7 @@ module "lambda" { s3_trigger = false ddb_trigger = false function_url = true + kinesis_trigger = false + sqs_trigger = false } } From 62a75eb00d1e2af3ed30361f41bf9d9ac7c3aec0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Candrew-rv=E2=80=9D?= Date: Tue, 2 Aug 2022 16:21:52 -0500 Subject: [PATCH 38/55] Update:Updated Examples --- examples/example-with-cloudwatch-scheduled-event/main.tf | 2 ++ examples/example-with-dynamo-event/main.tf | 2 ++ examples/example-with-kinesis-event/main.tf | 7 +++---- examples/example-with-s3-event/main.tf | 2 ++ examples/example-with-sqs-event/main.tf | 8 ++++---- examples/example-with-vpc/main.tf | 3 +++ examples/example-without-event/main.tf | 2 +- variables.tf | 2 +- 8 files changed, 18 insertions(+), 10 deletions(-) diff --git a/examples/example-with-cloudwatch-scheduled-event/main.tf b/examples/example-with-cloudwatch-scheduled-event/main.tf index 0223ae8..8ca9b1c 100644 --- a/examples/example-with-cloudwatch-scheduled-event/main.tf +++ b/examples/example-with-cloudwatch-scheduled-event/main.tf @@ -25,6 +25,8 @@ module "lambda" { s3_trigger = false ddb_trigger = false function_url = false + kinesis_trigger = false + sqs_trigger = false } schedule_expression = "rate(1 minute)" diff --git a/examples/example-with-dynamo-event/main.tf b/examples/example-with-dynamo-event/main.tf index d35d8e7..0741e63 100644 --- a/examples/example-with-dynamo-event/main.tf +++ b/examples/example-with-dynamo-event/main.tf @@ -24,6 +24,8 @@ module "lambda" { s3_trigger = false ddb_trigger = true function_url = false + kinesis_trigger = false + sqs_trigger = false } tags = { diff --git a/examples/example-with-kinesis-event/main.tf b/examples/example-with-kinesis-event/main.tf index 4f757fa..1cd2d84 100644 --- a/examples/example-with-kinesis-event/main.tf +++ b/examples/example-with-kinesis-event/main.tf @@ -10,12 +10,12 @@ module "lambda" { source = "../../" description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" filename = "${path.module}/test_function.zip" - function_name = "tf-example-go-basic" + name = "tf-example-go-basic" handler = "example-lambda-func" runtime = "go1.x" service = "example" project = "example" - environment = var.workspace + environment = "qa" team_name = "example" owner = "example" @@ -25,9 +25,8 @@ module "lambda" { ddb_trigger = false sqs_trigger = false kinesis_trigger = true + function_url = false } - name = var.name - project_name = var.project tags = { key = "value" diff --git a/examples/example-with-s3-event/main.tf b/examples/example-with-s3-event/main.tf index 33161cb..a6b143a 100644 --- a/examples/example-with-s3-event/main.tf +++ b/examples/example-with-s3-event/main.tf @@ -33,6 +33,8 @@ module "lambda" { s3_trigger = true ddb_trigger = false function_url = false + kinesis_trigger = false + sqs_trigger = false } bucket_arn = "arn:aws:s3:::bucketname" bucket_id = "bucketname" diff --git a/examples/example-with-sqs-event/main.tf b/examples/example-with-sqs-event/main.tf index 31c0400..165f7f7 100644 --- a/examples/example-with-sqs-event/main.tf +++ b/examples/example-with-sqs-event/main.tf @@ -10,12 +10,12 @@ module "lambda" { source = "../../" description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" filename = "${path.module}/test_function.zip" - function_name = "tf-example-go-basic" + name = "tf-example-go-basic" handler = "example-lambda-func" runtime = "go1.x" service = "example" project = "example" - environment = var.workspace + environment = "qa" team_name = "example" owner = "example" @@ -25,9 +25,9 @@ module "lambda" { ddb_trigger = false sqs_trigger = true kinesis_trigger = false + function_url = false } - name = var.name - project_name = var.project + tags = { key = "value" diff --git a/examples/example-with-vpc/main.tf b/examples/example-with-vpc/main.tf index 9c4d9f2..a417c74 100644 --- a/examples/example-with-vpc/main.tf +++ b/examples/example-with-vpc/main.tf @@ -40,7 +40,10 @@ module "lambda" { s3_trigger = false ddb_trigger = false function_url = false + kinesis_trigger = false + sqs_trigger = false } + schedule_expression = "rate(1 minute)" create_in_vpc = true create_default_sg = false diff --git a/examples/example-without-event/main.tf b/examples/example-without-event/main.tf index 551e166..e8a479b 100644 --- a/examples/example-without-event/main.tf +++ b/examples/example-without-event/main.tf @@ -11,7 +11,7 @@ module "lambda" { source = "../../" description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" filename = "${path.module}/test_function.zip" - function_name = "tf-example-go-basic" + name = "tf-example-go-basic" handler = "example-lambda-func" runtime = "go1.x" service = "example" diff --git a/variables.tf b/variables.tf index 01b649b..1b2fd0c 100644 --- a/variables.tf +++ b/variables.tf @@ -35,7 +35,7 @@ variable architecture { } variable "event_trigger_type" { - default = null + default = "dynamodb" description = "" type = string From e5bcbd944766a9b9d8d2b38129d6429956d35c59 Mon Sep 17 00:00:00 2001 From: Halima Sani Date: Mon, 26 Sep 2022 12:50:20 -0500 Subject: [PATCH 39/55] updated terraform and aws version pins --- versions.tf | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/versions.tf b/versions.tf index ac97c6a..efc72f7 100644 --- a/versions.tf +++ b/versions.tf @@ -1,4 +1,9 @@ - terraform { - required_version = ">= 0.12" + required_version = ">= 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = ">=4.0" + } + } } From 57cf3cc2b2669a411c3f07620a6a51f02e57a3b2 Mon Sep 17 00:00:00 2001 From: Halima Sani Date: Mon, 26 Sep 2022 12:52:15 -0500 Subject: [PATCH 40/55] updated lambda_event_source to pull from bankrate --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index a7b379a..99c7918 100644 --- a/main.tf +++ b/main.tf @@ -66,7 +66,7 @@ module "lambda_s3_trigger" { } module "lambda_event_source" { - source = "app.terraform.io/RVStandard/lambda-event-source/aws" + source = "app.terraform.io/bankrate/lambda-event-source/aws" version = "~> 2.0" # Enablement From 0011066f5e2bb121c3ac6bf56e41e094e392c284 Mon Sep 17 00:00:00 2001 From: Halima Sani Date: Mon, 26 Sep 2022 12:53:12 -0500 Subject: [PATCH 41/55] updated gitignore with DS_store --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 0acb32f..5258b41 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ terraform.tfstate terraform.tfstate.backup -bin/ \ No newline at end of file +bin/ +*.DS_Store \ No newline at end of file From 4142f0294ce91b90f559be2898f1204aef7d3f92 Mon Sep 17 00:00:00 2001 From: Halima Sani Date: Mon, 26 Sep 2022 13:06:54 -0500 Subject: [PATCH 42/55] updated terraform version pin for example configs --- examples/example-with-cloudwatch-scheduled-event/versions.tf | 2 +- examples/example-with-dynamo-event/versions.tf | 2 +- examples/example-with-functionurl/versions.tf | 2 +- examples/example-with-kinesis-event/versions.tf | 2 +- examples/example-with-s3-event/versions.tf | 2 +- examples/example-with-sqs-event/versions.tf | 2 +- examples/example-with-vpc/versions.tf | 2 +- examples/example-without-event/versions.tf | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/examples/example-with-cloudwatch-scheduled-event/versions.tf b/examples/example-with-cloudwatch-scheduled-event/versions.tf index ac97c6a..0d15f94 100644 --- a/examples/example-with-cloudwatch-scheduled-event/versions.tf +++ b/examples/example-with-cloudwatch-scheduled-event/versions.tf @@ -1,4 +1,4 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 1.0" } diff --git a/examples/example-with-dynamo-event/versions.tf b/examples/example-with-dynamo-event/versions.tf index ac97c6a..0d15f94 100644 --- a/examples/example-with-dynamo-event/versions.tf +++ b/examples/example-with-dynamo-event/versions.tf @@ -1,4 +1,4 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 1.0" } diff --git a/examples/example-with-functionurl/versions.tf b/examples/example-with-functionurl/versions.tf index ac97c6a..0d15f94 100644 --- a/examples/example-with-functionurl/versions.tf +++ b/examples/example-with-functionurl/versions.tf @@ -1,4 +1,4 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 1.0" } diff --git a/examples/example-with-kinesis-event/versions.tf b/examples/example-with-kinesis-event/versions.tf index ac97c6a..0d15f94 100644 --- a/examples/example-with-kinesis-event/versions.tf +++ b/examples/example-with-kinesis-event/versions.tf @@ -1,4 +1,4 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 1.0" } diff --git a/examples/example-with-s3-event/versions.tf b/examples/example-with-s3-event/versions.tf index ac97c6a..0d15f94 100644 --- a/examples/example-with-s3-event/versions.tf +++ b/examples/example-with-s3-event/versions.tf @@ -1,4 +1,4 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 1.0" } diff --git a/examples/example-with-sqs-event/versions.tf b/examples/example-with-sqs-event/versions.tf index ac97c6a..0d15f94 100644 --- a/examples/example-with-sqs-event/versions.tf +++ b/examples/example-with-sqs-event/versions.tf @@ -1,4 +1,4 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 1.0" } diff --git a/examples/example-with-vpc/versions.tf b/examples/example-with-vpc/versions.tf index ac97c6a..0d15f94 100644 --- a/examples/example-with-vpc/versions.tf +++ b/examples/example-with-vpc/versions.tf @@ -1,4 +1,4 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 1.0" } diff --git a/examples/example-without-event/versions.tf b/examples/example-without-event/versions.tf index ac97c6a..0d15f94 100644 --- a/examples/example-without-event/versions.tf +++ b/examples/example-without-event/versions.tf @@ -1,4 +1,4 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 1.0" } From 4b1b5615eb27b98f926073e3025602331a4a982e Mon Sep 17 00:00:00 2001 From: Halima Sani Date: Mon, 26 Sep 2022 13:07:44 -0500 Subject: [PATCH 43/55] fixed CODEOWNERS --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 562ea4a..2bf6254 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -2,4 +2,4 @@ # the repo. Unless a later match takes precedence, # the owners listed below will be requested for # review when someone opens a pull request. -* @platform-engineering +* @bankrate/platform-engineering From 00d6a17dbecd28ba8b529ad3979267f331f71a5b Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Wed, 28 Sep 2022 12:30:17 -0400 Subject: [PATCH 44/55] make filename an optional variable. updated examples to remove the filename variable --- .../main.tf | 1 - .../test_function.zip | 0 .../.terraform.lock.hcl | 22 + examples/example-with-dynamo-event/main.tf | 3 +- .../test_function.zip | 0 .../.terraform.lock.hcl | 22 + examples/example-with-functionurl/main.tf | 1 - .../.terraform.lock.hcl | 22 + examples/example-with-kinesis-event/main.tf | 1 - examples/example-with-s3-event/graph.svg | 3828 +++++++++++++++++ examples/example-with-s3-event/main.tf | 1 - .../example-with-s3-event/test_function.zip | 0 .../.terraform.lock.hcl | 22 + examples/example-with-sqs-event/main.tf | 1 - .../example-with-sqs-event/test_function.zip | 0 examples/example-with-vpc/.terraform.lock.hcl | 3 +- examples/example-with-vpc/main.tf | 1 - examples/example-with-vpc/test_function.zip | 0 examples/example-without-event/main.tf | 1 - .../example-without-event/test_function.zip | 0 variables.tf | 10 +- 21 files changed, 3925 insertions(+), 14 deletions(-) delete mode 100644 examples/example-with-cloudwatch-scheduled-event/test_function.zip create mode 100644 examples/example-with-dynamo-event/.terraform.lock.hcl delete mode 100644 examples/example-with-dynamo-event/test_function.zip create mode 100644 examples/example-with-functionurl/.terraform.lock.hcl create mode 100644 examples/example-with-kinesis-event/.terraform.lock.hcl create mode 100644 examples/example-with-s3-event/graph.svg delete mode 100644 examples/example-with-s3-event/test_function.zip create mode 100644 examples/example-with-sqs-event/.terraform.lock.hcl delete mode 100644 examples/example-with-sqs-event/test_function.zip delete mode 100644 examples/example-with-vpc/test_function.zip delete mode 100644 examples/example-without-event/test_function.zip diff --git a/examples/example-with-cloudwatch-scheduled-event/main.tf b/examples/example-with-cloudwatch-scheduled-event/main.tf index 8ca9b1c..7e12ab1 100644 --- a/examples/example-with-cloudwatch-scheduled-event/main.tf +++ b/examples/example-with-cloudwatch-scheduled-event/main.tf @@ -10,7 +10,6 @@ data "aws_caller_identity" "current" {} module "lambda" { source = "../../" description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" - filename = "${path.module}/test_function.zip" name = "tf-example-go-basic" handler = "example-lambda-func" runtime = "go1.x" diff --git a/examples/example-with-cloudwatch-scheduled-event/test_function.zip b/examples/example-with-cloudwatch-scheduled-event/test_function.zip deleted file mode 100644 index e69de29..0000000 diff --git a/examples/example-with-dynamo-event/.terraform.lock.hcl b/examples/example-with-dynamo-event/.terraform.lock.hcl new file mode 100644 index 0000000..d899613 --- /dev/null +++ b/examples/example-with-dynamo-event/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.11.0" + constraints = ">= 4.0.0, 4.11.0" + hashes = [ + "h1:CjsO4gz0OBv5KHDm/F2vFxK8dmYmjIo5WwL6X2HkHwQ=", + "zh:3e4634f4babcef402160ffb97f9f37e3e781313ceb7b7858fe4b7fc0e2e33e99", + "zh:3ff647aa88e71419480e3f51a4b40e3b0e2d66482bea97c0b4e75f37aa5ad1f1", + "zh:4680d16fbb85663034dc3677b402e9e78ab1d4040dd80603052817a96ec08911", + "zh:5190d03f43f7ad56dae0a7f0441a0f5b2590f42f6e07a724fe11dd50c42a12e4", + "zh:622426fcdbb927e7c198fe4b890a01a5aa312e462cd82ae1e302186eeac1d071", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:b0b766a835c79f8dd58b93d25df8f37749f33cca2297ac088d402d718baddd9c", + "zh:b293cf26a02992b2167ed3f63711dc01221c4a5e2984b6c7c0c04a6155ab0526", + "zh:ca8e1f5c58fc838edb5fe7528aec3f2fcbaeabf808add0f401aee5073b61f17f", + "zh:e0d2ad2767c0134841d52394d180f8f3315c238949c8d11be39a214630e8d50e", + "zh:ece0d11c35a8537b662287e00af4d27a27eb9558353b133674af90ec11c818d3", + "zh:f7e1cd07ae883d3be01942dc2b0d516b9736a74e6037287ab19f616725c8f7e8", + ] +} diff --git a/examples/example-with-dynamo-event/main.tf b/examples/example-with-dynamo-event/main.tf index 0741e63..ed15e9b 100644 --- a/examples/example-with-dynamo-event/main.tf +++ b/examples/example-with-dynamo-event/main.tf @@ -8,8 +8,7 @@ data "aws_caller_identity" "current" {} module "lambda" { source = "../../" - description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" - filename = "${path.module}/test_function.zip" + description = "Example AWS Lambda using go with dynamodb event trigger" name = "tf-example-go-basic" handler = "example-lambda-func" runtime = "go1.x" diff --git a/examples/example-with-dynamo-event/test_function.zip b/examples/example-with-dynamo-event/test_function.zip deleted file mode 100644 index e69de29..0000000 diff --git a/examples/example-with-functionurl/.terraform.lock.hcl b/examples/example-with-functionurl/.terraform.lock.hcl new file mode 100644 index 0000000..d899613 --- /dev/null +++ b/examples/example-with-functionurl/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.11.0" + constraints = ">= 4.0.0, 4.11.0" + hashes = [ + "h1:CjsO4gz0OBv5KHDm/F2vFxK8dmYmjIo5WwL6X2HkHwQ=", + "zh:3e4634f4babcef402160ffb97f9f37e3e781313ceb7b7858fe4b7fc0e2e33e99", + "zh:3ff647aa88e71419480e3f51a4b40e3b0e2d66482bea97c0b4e75f37aa5ad1f1", + "zh:4680d16fbb85663034dc3677b402e9e78ab1d4040dd80603052817a96ec08911", + "zh:5190d03f43f7ad56dae0a7f0441a0f5b2590f42f6e07a724fe11dd50c42a12e4", + "zh:622426fcdbb927e7c198fe4b890a01a5aa312e462cd82ae1e302186eeac1d071", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:b0b766a835c79f8dd58b93d25df8f37749f33cca2297ac088d402d718baddd9c", + "zh:b293cf26a02992b2167ed3f63711dc01221c4a5e2984b6c7c0c04a6155ab0526", + "zh:ca8e1f5c58fc838edb5fe7528aec3f2fcbaeabf808add0f401aee5073b61f17f", + "zh:e0d2ad2767c0134841d52394d180f8f3315c238949c8d11be39a214630e8d50e", + "zh:ece0d11c35a8537b662287e00af4d27a27eb9558353b133674af90ec11c818d3", + "zh:f7e1cd07ae883d3be01942dc2b0d516b9736a74e6037287ab19f616725c8f7e8", + ] +} diff --git a/examples/example-with-functionurl/main.tf b/examples/example-with-functionurl/main.tf index 7a85de4..ede92f0 100644 --- a/examples/example-with-functionurl/main.tf +++ b/examples/example-with-functionurl/main.tf @@ -10,7 +10,6 @@ data "aws_caller_identity" "current" {} module "lambda" { source = "../../" description = "Example AWS Lambda using go with functionurl" - filename = "${path.module}/test_function.zip" name = "tf-example-go-basic" handler = "example-lambda-func" runtime = "go1.x" diff --git a/examples/example-with-kinesis-event/.terraform.lock.hcl b/examples/example-with-kinesis-event/.terraform.lock.hcl new file mode 100644 index 0000000..d899613 --- /dev/null +++ b/examples/example-with-kinesis-event/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.11.0" + constraints = ">= 4.0.0, 4.11.0" + hashes = [ + "h1:CjsO4gz0OBv5KHDm/F2vFxK8dmYmjIo5WwL6X2HkHwQ=", + "zh:3e4634f4babcef402160ffb97f9f37e3e781313ceb7b7858fe4b7fc0e2e33e99", + "zh:3ff647aa88e71419480e3f51a4b40e3b0e2d66482bea97c0b4e75f37aa5ad1f1", + "zh:4680d16fbb85663034dc3677b402e9e78ab1d4040dd80603052817a96ec08911", + "zh:5190d03f43f7ad56dae0a7f0441a0f5b2590f42f6e07a724fe11dd50c42a12e4", + "zh:622426fcdbb927e7c198fe4b890a01a5aa312e462cd82ae1e302186eeac1d071", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:b0b766a835c79f8dd58b93d25df8f37749f33cca2297ac088d402d718baddd9c", + "zh:b293cf26a02992b2167ed3f63711dc01221c4a5e2984b6c7c0c04a6155ab0526", + "zh:ca8e1f5c58fc838edb5fe7528aec3f2fcbaeabf808add0f401aee5073b61f17f", + "zh:e0d2ad2767c0134841d52394d180f8f3315c238949c8d11be39a214630e8d50e", + "zh:ece0d11c35a8537b662287e00af4d27a27eb9558353b133674af90ec11c818d3", + "zh:f7e1cd07ae883d3be01942dc2b0d516b9736a74e6037287ab19f616725c8f7e8", + ] +} diff --git a/examples/example-with-kinesis-event/main.tf b/examples/example-with-kinesis-event/main.tf index 1cd2d84..7846693 100644 --- a/examples/example-with-kinesis-event/main.tf +++ b/examples/example-with-kinesis-event/main.tf @@ -9,7 +9,6 @@ data "aws_caller_identity" "current"{} module "lambda" { source = "../../" description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" - filename = "${path.module}/test_function.zip" name = "tf-example-go-basic" handler = "example-lambda-func" runtime = "go1.x" diff --git a/examples/example-with-s3-event/graph.svg b/examples/example-with-s3-event/graph.svg new file mode 100644 index 0000000..9dd8cf8 --- /dev/null +++ b/examples/example-with-s3-event/graph.svg @@ -0,0 +1,3828 @@ + + + + + + + + + +[root] aws_s3_bucket_notification.bucket_notification (expand) + +aws_s3_bucket_notification.bucket_notification + + + +[root] module.lambda.output.arn (expand) + +[root] module.lambda.output.arn (expand) + + + +[root] aws_s3_bucket_notification.bucket_notification (expand)->[root] module.lambda.output.arn (expand) + + + + + +[root] data.aws_caller_identity.current (expand) + +data.aws_caller_identity.current + + + +[root] provider["registry.terraform.io/hashicorp/aws"] + +provider["registry.terraform.io/hashicorp/aws"] + + + +[root] data.aws_caller_identity.current (expand)->[root] provider["registry.terraform.io/hashicorp/aws"] + + + + + +[root] data.aws_region.current (expand) + +data.aws_region.current + + + +[root] data.aws_region.current (expand)->[root] provider["registry.terraform.io/hashicorp/aws"] + + + + + +[root] module.lambda.aws_cloudwatch_log_group.lambda (expand) + +module.lambda.aws_cloudwatch_log_group.lambda + + + +[root] module.lambda.module.lambda.output.name (expand) + +[root] module.lambda.module.lambda.output.name (expand) + + + +[root] module.lambda.aws_cloudwatch_log_group.lambda (expand)->[root] module.lambda.module.lambda.output.name (expand) + + + + + +[root] module.lambda.var.log_retention_in_days (expand) + +[root] module.lambda.var.log_retention_in_days (expand) + + + +[root] module.lambda.aws_cloudwatch_log_group.lambda (expand)->[root] module.lambda.var.log_retention_in_days (expand) + + + + + +[root] module.lambda.aws_cloudwatch_log_subscription_filter.cloudwatch_logs_to_es (expand) + +module.lambda.aws_cloudwatch_log_subscription_filter.cloudwatch_logs_to_es + + + +[root] module.lambda.aws_lambda_permission.cloudwatch_logs (expand) + +module.lambda.aws_lambda_permission.cloudwatch_logs + + + +[root] module.lambda.aws_cloudwatch_log_subscription_filter.cloudwatch_logs_to_es (expand)->[root] module.lambda.aws_lambda_permission.cloudwatch_logs (expand) + + + + + +[root] module.lambda.aws_iam_policy.kms_policy (expand) + +module.lambda.aws_iam_policy.kms_policy + + + +[root] module.lambda.data.aws_iam_policy_document.kms_policy_document (expand) + +module.lambda.data.aws_iam_policy_document.kms_policy_document + + + +[root] module.lambda.aws_iam_policy.kms_policy (expand)->[root] module.lambda.data.aws_iam_policy_document.kms_policy_document (expand) + + + + + +[root] module.lambda.aws_iam_policy.kms_policy (expand)->[root] module.lambda.module.lambda.output.name (expand) + + + + + +[root] module.lambda.aws_iam_policy.ssm_policy (expand) + +module.lambda.aws_iam_policy.ssm_policy + + + +[root] module.lambda.data.aws_iam_policy_document.ssm_policy_document (expand) + +module.lambda.data.aws_iam_policy_document.ssm_policy_document + + + +[root] module.lambda.aws_iam_policy.ssm_policy (expand)->[root] module.lambda.data.aws_iam_policy_document.ssm_policy_document (expand) + + + + + +[root] module.lambda.aws_iam_policy.ssm_policy (expand)->[root] module.lambda.module.lambda.output.name (expand) + + + + + +[root] module.lambda.aws_iam_role.lambda (expand) + +module.lambda.aws_iam_role.lambda + + + +[root] module.lambda.data.aws_iam_policy_document.assume_role_policy (expand) + +module.lambda.data.aws_iam_policy_document.assume_role_policy + + + +[root] module.lambda.aws_iam_role.lambda (expand)->[root] module.lambda.data.aws_iam_policy_document.assume_role_policy (expand) + + + + + +[root] module.lambda.var.name (expand) + +[root] module.lambda.var.name (expand) + + + +[root] module.lambda.aws_iam_role.lambda (expand)->[root] module.lambda.var.name (expand) + + + + + +[root] module.lambda.aws_iam_role_policy_attachment.cloudwatch_logs (expand) + +module.lambda.aws_iam_role_policy_attachment.cloudwatch_logs + + + +[root] module.lambda.aws_iam_role_policy_attachment.cloudwatch_logs (expand)->[root] module.lambda.aws_iam_role.lambda (expand) + + + + + +[root] module.lambda.aws_iam_role_policy_attachment.kms_policy_attachment (expand) + +module.lambda.aws_iam_role_policy_attachment.kms_policy_attachment + + + +[root] module.lambda.aws_iam_role_policy_attachment.kms_policy_attachment (expand)->[root] module.lambda.aws_iam_policy.kms_policy (expand) + + + + + +[root] module.lambda.module.lambda.output.iam_role_name (expand) + +[root] module.lambda.module.lambda.output.iam_role_name (expand) + + + +[root] module.lambda.aws_iam_role_policy_attachment.kms_policy_attachment (expand)->[root] module.lambda.module.lambda.output.iam_role_name (expand) + + + + + +[root] module.lambda.aws_iam_role_policy_attachment.ssm_policy_attachment (expand) + +module.lambda.aws_iam_role_policy_attachment.ssm_policy_attachment + + + +[root] module.lambda.aws_iam_role_policy_attachment.ssm_policy_attachment (expand)->[root] module.lambda.aws_iam_policy.ssm_policy (expand) + + + + + +[root] module.lambda.aws_iam_role_policy_attachment.ssm_policy_attachment (expand)->[root] module.lambda.module.lambda.output.iam_role_name (expand) + + + + + +[root] module.lambda.aws_lambda_function_url.lambda_url (expand) + +module.lambda.aws_lambda_function_url.lambda_url + + + +[root] module.lambda.module.lambda.output.arn (expand) + +[root] module.lambda.module.lambda.output.arn (expand) + + + +[root] module.lambda.aws_lambda_function_url.lambda_url (expand)->[root] module.lambda.module.lambda.output.arn (expand) + + + + + +[root] module.lambda.var.architecture (expand) + +[root] module.lambda.var.architecture (expand) + + + +[root] module.lambda.aws_lambda_function_url.lambda_url (expand)->[root] module.lambda.var.architecture (expand) + + + + + +[root] module.lambda.var.authorization_type (expand) + +[root] module.lambda.var.authorization_type (expand) + + + +[root] module.lambda.aws_lambda_function_url.lambda_url (expand)->[root] module.lambda.var.authorization_type (expand) + + + + + +[root] module.lambda.var.enable (expand) + +[root] module.lambda.var.enable (expand) + + + +[root] module.lambda.aws_lambda_function_url.lambda_url (expand)->[root] module.lambda.var.enable (expand) + + + + + +[root] module.lambda.aws_lambda_permission.cloudwatch_logs (expand)->[root] module.lambda.aws_cloudwatch_log_group.lambda (expand) + + + + + +[root] module.lambda.data.aws_region.current (expand) + +module.lambda.data.aws_region.current + + + +[root] module.lambda.aws_lambda_permission.cloudwatch_logs (expand)->[root] module.lambda.data.aws_region.current (expand) + + + + + +[root] module.lambda.var.logfilter_destination_arn (expand) + +[root] module.lambda.var.logfilter_destination_arn (expand) + + + +[root] module.lambda.aws_lambda_permission.cloudwatch_logs (expand)->[root] module.lambda.var.logfilter_destination_arn (expand) + + + + + +[root] module.lambda.data.aws_caller_identity.current (expand) + +module.lambda.data.aws_caller_identity.current + + + +[root] module.lambda.data.aws_caller_identity.current (expand)->[root] provider["registry.terraform.io/hashicorp/aws"] + + + + + +[root] module.lambda (expand) + +[root] module.lambda (expand) + + + +[root] module.lambda.data.aws_caller_identity.current (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.data.aws_iam_policy_document.assume_role_policy (expand)->[root] provider["registry.terraform.io/hashicorp/aws"] + + + + + +[root] module.lambda.data.aws_iam_policy_document.assume_role_policy (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.data.aws_iam_policy_document.kms_policy_document (expand)->[root] provider["registry.terraform.io/hashicorp/aws"] + + + + + +[root] module.lambda.var.kms_key_arn (expand) + +[root] module.lambda.var.kms_key_arn (expand) + + + +[root] module.lambda.data.aws_iam_policy_document.kms_policy_document (expand)->[root] module.lambda.var.kms_key_arn (expand) + + + + + +[root] module.lambda.data.aws_iam_policy_document.ssm_policy_document (expand)->[root] module.lambda.data.aws_caller_identity.current (expand) + + + + + +[root] module.lambda.data.aws_iam_policy_document.ssm_policy_document (expand)->[root] module.lambda.data.aws_region.current (expand) + + + + + +[root] module.lambda.var.ssm_parameter_names (expand) + +[root] module.lambda.var.ssm_parameter_names (expand) + + + +[root] module.lambda.data.aws_iam_policy_document.ssm_policy_document (expand)->[root] module.lambda.var.ssm_parameter_names (expand) + + + + + +[root] module.lambda.data.aws_region.current (expand)->[root] provider["registry.terraform.io/hashicorp/aws"] + + + + + +[root] module.lambda.data.aws_region.current (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.aws_cloudwatch_log_group.logs (expand) + +module.lambda.module.lambda.aws_cloudwatch_log_group.logs + + + +[root] module.lambda.module.lambda.local.function_name (expand) + +[root] module.lambda.module.lambda.local.function_name (expand) + + + +[root] module.lambda.module.lambda.aws_cloudwatch_log_group.logs (expand)->[root] module.lambda.module.lambda.local.function_name (expand) + + + + + +[root] module.lambda.module.lambda.var.log_retention (expand) + +[root] module.lambda.module.lambda.var.log_retention (expand) + + + +[root] module.lambda.module.lambda.aws_cloudwatch_log_group.logs (expand)->[root] module.lambda.module.lambda.var.log_retention (expand) + + + + + +[root] module.lambda.module.lambda.aws_iam_role.lambda (expand) + +module.lambda.module.lambda.aws_iam_role.lambda + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_assumerole (expand) + +module.lambda.module.lambda.data.aws_iam_policy_document.lambda_assumerole + + + +[root] module.lambda.module.lambda.aws_iam_role.lambda (expand)->[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_assumerole (expand) + + + + + +[root] module.lambda.module.lambda.data.aws_region.current (expand) + +module.lambda.module.lambda.data.aws_region.current + + + +[root] module.lambda.module.lambda.aws_iam_role.lambda (expand)->[root] module.lambda.module.lambda.data.aws_region.current (expand) + + + + + +[root] module.lambda.module.lambda.var.environment (expand) + +[root] module.lambda.module.lambda.var.environment (expand) + + + +[root] module.lambda.module.lambda.aws_iam_role.lambda (expand)->[root] module.lambda.module.lambda.var.environment (expand) + + + + + +[root] module.lambda.module.lambda.var.name (expand) + +[root] module.lambda.module.lambda.var.name (expand) + + + +[root] module.lambda.module.lambda.aws_iam_role.lambda (expand)->[root] module.lambda.module.lambda.var.name (expand) + + + + + +[root] module.lambda.module.lambda.var.tags (expand) + +[root] module.lambda.module.lambda.var.tags (expand) + + + +[root] module.lambda.module.lambda.aws_iam_role.lambda (expand)->[root] module.lambda.module.lambda.var.tags (expand) + + + + + +[root] module.lambda.module.lambda.aws_iam_role_policy.lambda_deadletter (expand) + +module.lambda.module.lambda.aws_iam_role_policy.lambda_deadletter + + + +[root] module.lambda.module.lambda.aws_iam_role_policy.lambda_deadletter (expand)->[root] module.lambda.module.lambda.aws_iam_role.lambda (expand) + + + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_deadletter (expand) + +module.lambda.module.lambda.data.aws_iam_policy_document.lambda_deadletter + + + +[root] module.lambda.module.lambda.aws_iam_role_policy.lambda_deadletter (expand)->[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_deadletter (expand) + + + + + +[root] module.lambda.module.lambda.aws_iam_role_policy.lambda_newrelic (expand) + +module.lambda.module.lambda.aws_iam_role_policy.lambda_newrelic + + + +[root] module.lambda.module.lambda.aws_iam_role_policy.lambda_newrelic (expand)->[root] module.lambda.module.lambda.aws_iam_role.lambda (expand) + + + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_newrelic (expand) + +module.lambda.module.lambda.data.aws_iam_policy_document.lambda_newrelic + + + +[root] module.lambda.module.lambda.aws_iam_role_policy.lambda_newrelic (expand)->[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_newrelic (expand) + + + + + +[root] module.lambda.module.lambda.aws_iam_role_policy.lambda_paramstore (expand) + +module.lambda.module.lambda.aws_iam_role_policy.lambda_paramstore + + + +[root] module.lambda.module.lambda.aws_iam_role_policy.lambda_paramstore (expand)->[root] module.lambda.module.lambda.aws_iam_role.lambda (expand) + + + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_paramstore (expand) + +module.lambda.module.lambda.data.aws_iam_policy_document.lambda_paramstore + + + +[root] module.lambda.module.lambda.aws_iam_role_policy.lambda_paramstore (expand)->[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_paramstore (expand) + + + + + +[root] module.lambda.module.lambda.aws_iam_role_policy_attachment.lambda (expand) + +module.lambda.module.lambda.aws_iam_role_policy_attachment.lambda + + + +[root] module.lambda.module.lambda.aws_iam_role_policy_attachment.lambda (expand)->[root] module.lambda.module.lambda.aws_iam_role.lambda (expand) + + + + + +[root] module.lambda.module.lambda.local.lambda_policy (expand) + +[root] module.lambda.module.lambda.local.lambda_policy (expand) + + + +[root] module.lambda.module.lambda.aws_iam_role_policy_attachment.lambda (expand)->[root] module.lambda.module.lambda.local.lambda_policy (expand) + + + + + +[root] module.lambda.module.lambda.aws_iam_role_policy_attachment.xray_write_policy (expand) + +module.lambda.module.lambda.aws_iam_role_policy_attachment.xray_write_policy + + + +[root] module.lambda.module.lambda.aws_iam_role_policy_attachment.xray_write_policy (expand)->[root] module.lambda.module.lambda.aws_iam_role.lambda (expand) + + + + + +[root] module.lambda.module.lambda.local.xray_write_policy (expand) + +[root] module.lambda.module.lambda.local.xray_write_policy (expand) + + + +[root] module.lambda.module.lambda.aws_iam_role_policy_attachment.xray_write_policy (expand)->[root] module.lambda.module.lambda.local.xray_write_policy (expand) + + + + + +[root] module.lambda.module.lambda.var.tracing_config (expand) + +[root] module.lambda.module.lambda.var.tracing_config (expand) + + + +[root] module.lambda.module.lambda.aws_iam_role_policy_attachment.xray_write_policy (expand)->[root] module.lambda.module.lambda.var.tracing_config (expand) + + + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand) + +module.lambda.module.lambda.aws_lambda_function.function + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.aws_iam_role.lambda (expand) + + + + + +[root] module.lambda.module.lambda.aws_security_group.lambda (expand) + +module.lambda.module.lambda.aws_security_group.lambda + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.aws_security_group.lambda (expand) + + + + + +[root] module.lambda.module.lambda.data.aws_subnet_ids.app_subnets (expand) + +module.lambda.module.lambda.data.aws_subnet_ids.app_subnets + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.data.aws_subnet_ids.app_subnets (expand) + + + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.var.tracing_config (expand) + + + + + +[root] module.lambda.module.lambda.local.default_env_vars (expand) + +[root] module.lambda.module.lambda.local.default_env_vars (expand) + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.local.default_env_vars (expand) + + + + + +[root] module.lambda.module.lambda.local.layers (expand) + +[root] module.lambda.module.lambda.local.layers (expand) + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.local.layers (expand) + + + + + +[root] module.lambda.module.lambda.local.memory_size (expand) + +[root] module.lambda.module.lambda.local.memory_size (expand) + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.local.memory_size (expand) + + + + + +[root] module.lambda.module.lambda.local.newrelic_env_vars (expand) + +[root] module.lambda.module.lambda.local.newrelic_env_vars (expand) + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.local.newrelic_env_vars (expand) + + + + + +[root] module.lambda.module.lambda.var.dlq_arn (expand) + +[root] module.lambda.module.lambda.var.dlq_arn (expand) + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.var.dlq_arn (expand) + + + + + +[root] module.lambda.module.lambda.var.efs_arn (expand) + +[root] module.lambda.module.lambda.var.efs_arn (expand) + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.var.efs_arn (expand) + + + + + +[root] module.lambda.module.lambda.var.efs_mount_path (expand) + +[root] module.lambda.module.lambda.var.efs_mount_path (expand) + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.var.efs_mount_path (expand) + + + + + +[root] module.lambda.module.lambda.var.env_vars (expand) + +[root] module.lambda.module.lambda.var.env_vars (expand) + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.var.env_vars (expand) + + + + + +[root] module.lambda.module.lambda.var.handler (expand) + +[root] module.lambda.module.lambda.var.handler (expand) + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.var.handler (expand) + + + + + +[root] module.lambda.module.lambda.var.literal_name (expand) + +[root] module.lambda.module.lambda.var.literal_name (expand) + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.var.literal_name (expand) + + + + + +[root] module.lambda.module.lambda.var.publish (expand) + +[root] module.lambda.module.lambda.var.publish (expand) + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.var.publish (expand) + + + + + +[root] module.lambda.module.lambda.var.reserved_concurrent_executions (expand) + +[root] module.lambda.module.lambda.var.reserved_concurrent_executions (expand) + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.var.reserved_concurrent_executions (expand) + + + + + +[root] module.lambda.module.lambda.var.security_groups (expand) + +[root] module.lambda.module.lambda.var.security_groups (expand) + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.var.security_groups (expand) + + + + + +[root] module.lambda.module.lambda.var.timeout (expand) + +[root] module.lambda.module.lambda.var.timeout (expand) + + + +[root] module.lambda.module.lambda.aws_lambda_function.function (expand)->[root] module.lambda.module.lambda.var.timeout (expand) + + + + + +[root] module.lambda.module.lambda.data.aws_vpc.main (expand) + +module.lambda.module.lambda.data.aws_vpc.main + + + +[root] module.lambda.module.lambda.aws_security_group.lambda (expand)->[root] module.lambda.module.lambda.data.aws_vpc.main (expand) + + + + + +[root] module.lambda.module.lambda.aws_security_group.lambda (expand)->[root] module.lambda.module.lambda.var.tags (expand) + + + + + +[root] module.lambda.module.lambda.local.name (expand) + +[root] module.lambda.module.lambda.local.name (expand) + + + +[root] module.lambda.module.lambda.aws_security_group.lambda (expand)->[root] module.lambda.module.lambda.local.name (expand) + + + + + +[root] module.lambda.module.lambda.var.create_default_sg (expand) + +[root] module.lambda.module.lambda.var.create_default_sg (expand) + + + +[root] module.lambda.module.lambda.aws_security_group.lambda (expand)->[root] module.lambda.module.lambda.var.create_default_sg (expand) + + + + + +[root] module.lambda.module.lambda.aws_security_group_rule.egress (expand) + +module.lambda.module.lambda.aws_security_group_rule.egress + + + +[root] module.lambda.module.lambda.aws_security_group_rule.egress (expand)->[root] module.lambda.module.lambda.aws_security_group.lambda (expand) + + + + + +[root] module.lambda.module.lambda.data.aws_caller_identity.current (expand) + +module.lambda.module.lambda.data.aws_caller_identity.current + + + +[root] module.lambda.module.lambda.data.aws_caller_identity.current (expand)->[root] provider["registry.terraform.io/hashicorp/aws"] + + + + + +[root] module.lambda.module.lambda (expand) + +[root] module.lambda.module.lambda (expand) + + + +[root] module.lambda.module.lambda.data.aws_caller_identity.current (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_assumerole (expand)->[root] provider["registry.terraform.io/hashicorp/aws"] + + + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_assumerole (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_deadletter (expand)->[root] provider["registry.terraform.io/hashicorp/aws"] + + + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_deadletter (expand)->[root] module.lambda.module.lambda.var.dlq_arn (expand) + + + + + +[root] module.lambda.module.lambda.local.dlq_action (expand) + +[root] module.lambda.module.lambda.local.dlq_action (expand) + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_deadletter (expand)->[root] module.lambda.module.lambda.local.dlq_action (expand) + + + + + +[root] module.lambda.module.lambda.local.use_deadletter (expand) + +[root] module.lambda.module.lambda.local.use_deadletter (expand) + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_deadletter (expand)->[root] module.lambda.module.lambda.local.use_deadletter (expand) + + + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_newrelic (expand)->[root] module.lambda.module.lambda.data.aws_caller_identity.current (expand) + + + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_newrelic (expand)->[root] module.lambda.module.lambda.data.aws_region.current (expand) + + + + + +[root] module.lambda.module.lambda.local.enable_newrelic (expand) + +[root] module.lambda.module.lambda.local.enable_newrelic (expand) + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_newrelic (expand)->[root] module.lambda.module.lambda.local.enable_newrelic (expand) + + + + + +[root] module.lambda.module.lambda.var.newrelic_license_secret_name (expand) + +[root] module.lambda.module.lambda.var.newrelic_license_secret_name (expand) + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_newrelic (expand)->[root] module.lambda.module.lambda.var.newrelic_license_secret_name (expand) + + + + + +[root] module.lambda.module.lambda.data.aws_kms_key.chamber (expand) + +module.lambda.module.lambda.data.aws_kms_key.chamber + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_paramstore (expand)->[root] module.lambda.module.lambda.data.aws_kms_key.chamber (expand) + + + + + +[root] module.lambda.module.lambda.local.paramstore_resources (expand) + +[root] module.lambda.module.lambda.local.paramstore_resources (expand) + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_paramstore (expand)->[root] module.lambda.module.lambda.local.paramstore_resources (expand) + + + + + +[root] module.lambda.module.lambda.var.paramstore_resources (expand) + +[root] module.lambda.module.lambda.var.paramstore_resources (expand) + + + +[root] module.lambda.module.lambda.data.aws_iam_policy_document.lambda_paramstore (expand)->[root] module.lambda.module.lambda.var.paramstore_resources (expand) + + + + + +[root] module.lambda.module.lambda.data.aws_kms_key.chamber (expand)->[root] provider["registry.terraform.io/hashicorp/aws"] + + + + + +[root] module.lambda.module.lambda.var.parameter_store_alias (expand) + +[root] module.lambda.module.lambda.var.parameter_store_alias (expand) + + + +[root] module.lambda.module.lambda.data.aws_kms_key.chamber (expand)->[root] module.lambda.module.lambda.var.parameter_store_alias (expand) + + + + + +[root] module.lambda.module.lambda.data.aws_region.current (expand)->[root] provider["registry.terraform.io/hashicorp/aws"] + + + + + +[root] module.lambda.module.lambda.data.aws_region.current (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.data.aws_subnet_ids.app_subnets (expand)->[root] module.lambda.module.lambda.data.aws_vpc.main (expand) + + + + + +[root] module.lambda.module.lambda.data.aws_vpc.main (expand)->[root] provider["registry.terraform.io/hashicorp/aws"] + + + + + +[root] module.lambda.module.lambda.var.create_in_vpc (expand) + +[root] module.lambda.module.lambda.var.create_in_vpc (expand) + + + +[root] module.lambda.module.lambda.data.aws_vpc.main (expand)->[root] module.lambda.module.lambda.var.create_in_vpc (expand) + + + + + +[root] module.lambda.module.lambda.var.vpc_tag (expand) + +[root] module.lambda.module.lambda.var.vpc_tag (expand) + + + +[root] module.lambda.module.lambda.data.aws_vpc.main (expand)->[root] module.lambda.module.lambda.var.vpc_tag (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.aws_cloudwatch_event_rule.rule (expand) + +module.lambda.module.lambda_cloudwatch_trigger.aws_cloudwatch_event_rule.rule + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.default_tags (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.default_tags (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.aws_cloudwatch_event_rule.rule (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.local.default_tags (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.rule_enabled (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.rule_enabled (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.aws_cloudwatch_event_rule.rule (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.rule_enabled (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.schedule_expression (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.schedule_expression (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.aws_cloudwatch_event_rule.rule (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.schedule_expression (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.tags (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.tags (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.aws_cloudwatch_event_rule.rule (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.tags (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.aws_cloudwatch_event_target.target (expand) + +module.lambda.module.lambda_cloudwatch_trigger.aws_cloudwatch_event_target.target + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.aws_cloudwatch_event_target.target (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.aws_cloudwatch_event_rule.rule (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.input (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.input (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.aws_cloudwatch_event_target.target (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.input (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.aws_lambda_permission.permission (expand) + +module.lambda.module.lambda_cloudwatch_trigger.aws_lambda_permission.permission + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.aws_lambda_permission.permission (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.aws_cloudwatch_event_rule.rule (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.data.aws_arn.lambda (expand) + +module.lambda.module.lambda_cloudwatch_trigger.data.aws_arn.lambda + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.enable (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.enable (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.data.aws_arn.lambda (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.enable (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.lambda_function_arn (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.lambda_function_arn (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.data.aws_arn.lambda (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.lambda_function_arn (expand) + + + + + +[root] module.lambda.module.lambda_event_source.aws_iam_role_policy.dynamodb (expand) + +module.lambda.module.lambda_event_source.aws_iam_role_policy.dynamodb + + + +[root] module.lambda.module.lambda_event_source.data.aws_iam_policy_document.dynamodb (expand) + +module.lambda.module.lambda_event_source.data.aws_iam_policy_document.dynamodb + + + +[root] module.lambda.module.lambda_event_source.aws_iam_role_policy.dynamodb (expand)->[root] module.lambda.module.lambda_event_source.data.aws_iam_policy_document.dynamodb (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.lambda_role_name (expand) + +[root] module.lambda.module.lambda_event_source.var.lambda_role_name (expand) + + + +[root] module.lambda.module.lambda_event_source.aws_iam_role_policy.dynamodb (expand)->[root] module.lambda.module.lambda_event_source.var.lambda_role_name (expand) + + + + + +[root] module.lambda.module.lambda_event_source.aws_iam_role_policy.kinesis (expand) + +module.lambda.module.lambda_event_source.aws_iam_role_policy.kinesis + + + +[root] module.lambda.module.lambda_event_source.data.aws_iam_policy_document.kinesis (expand) + +module.lambda.module.lambda_event_source.data.aws_iam_policy_document.kinesis + + + +[root] module.lambda.module.lambda_event_source.aws_iam_role_policy.kinesis (expand)->[root] module.lambda.module.lambda_event_source.data.aws_iam_policy_document.kinesis (expand) + + + + + +[root] module.lambda.module.lambda_event_source.aws_iam_role_policy.kinesis (expand)->[root] module.lambda.module.lambda_event_source.var.lambda_role_name (expand) + + + + + +[root] module.lambda.module.lambda_event_source.aws_iam_role_policy.sqs (expand) + +module.lambda.module.lambda_event_source.aws_iam_role_policy.sqs + + + +[root] module.lambda.module.lambda_event_source.data.aws_iam_policy_document.sqs (expand) + +module.lambda.module.lambda_event_source.data.aws_iam_policy_document.sqs + + + +[root] module.lambda.module.lambda_event_source.aws_iam_role_policy.sqs (expand)->[root] module.lambda.module.lambda_event_source.data.aws_iam_policy_document.sqs (expand) + + + + + +[root] module.lambda.module.lambda_event_source.aws_iam_role_policy.sqs (expand)->[root] module.lambda.module.lambda_event_source.var.lambda_role_name (expand) + + + + + +[root] module.lambda.module.lambda_event_source.aws_lambda_event_source_mapping.event (expand) + +module.lambda.module.lambda_event_source.aws_lambda_event_source_mapping.event + + + +[root] module.lambda.module.lambda_event_source.local.event_type (expand) + +[root] module.lambda.module.lambda_event_source.local.event_type (expand) + + + +[root] module.lambda.module.lambda_event_source.aws_lambda_event_source_mapping.event (expand)->[root] module.lambda.module.lambda_event_source.local.event_type (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.batch_size (expand) + +[root] module.lambda.module.lambda_event_source.var.batch_size (expand) + + + +[root] module.lambda.module.lambda_event_source.aws_lambda_event_source_mapping.event (expand)->[root] module.lambda.module.lambda_event_source.var.batch_size (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.batch_window (expand) + +[root] module.lambda.module.lambda_event_source.var.batch_window (expand) + + + +[root] module.lambda.module.lambda_event_source.aws_lambda_event_source_mapping.event (expand)->[root] module.lambda.module.lambda_event_source.var.batch_window (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.enable (expand) + +[root] module.lambda.module.lambda_event_source.var.enable (expand) + + + +[root] module.lambda.module.lambda_event_source.aws_lambda_event_source_mapping.event (expand)->[root] module.lambda.module.lambda_event_source.var.enable (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.event_source_arn (expand) + +[root] module.lambda.module.lambda_event_source.var.event_source_arn (expand) + + + +[root] module.lambda.module.lambda_event_source.aws_lambda_event_source_mapping.event (expand)->[root] module.lambda.module.lambda_event_source.var.event_source_arn (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.lambda_function_arn (expand) + +[root] module.lambda.module.lambda_event_source.var.lambda_function_arn (expand) + + + +[root] module.lambda.module.lambda_event_source.aws_lambda_event_source_mapping.event (expand)->[root] module.lambda.module.lambda_event_source.var.lambda_function_arn (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.on_failure_destination_arn (expand) + +[root] module.lambda.module.lambda_event_source.var.on_failure_destination_arn (expand) + + + +[root] module.lambda.module.lambda_event_source.aws_lambda_event_source_mapping.event (expand)->[root] module.lambda.module.lambda_event_source.var.on_failure_destination_arn (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.starting_position (expand) + +[root] module.lambda.module.lambda_event_source.var.starting_position (expand) + + + +[root] module.lambda.module.lambda_event_source.aws_lambda_event_source_mapping.event (expand)->[root] module.lambda.module.lambda_event_source.var.starting_position (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.starting_position_timestamp (expand) + +[root] module.lambda.module.lambda_event_source.var.starting_position_timestamp (expand) + + + +[root] module.lambda.module.lambda_event_source.aws_lambda_event_source_mapping.event (expand)->[root] module.lambda.module.lambda_event_source.var.starting_position_timestamp (expand) + + + + + +[root] module.lambda.module.lambda_event_source.data.aws_iam_policy_document.dynamodb (expand)->[root] provider["registry.terraform.io/hashicorp/aws"] + + + + + +[root] module.lambda.module.lambda_event_source.data.aws_iam_policy_document.dynamodb (expand)->[root] module.lambda.module.lambda_event_source.var.event_source_arn (expand) + + + + + +[root] module.lambda.module.lambda_event_source.local.is_dynamodb (expand) + +[root] module.lambda.module.lambda_event_source.local.is_dynamodb (expand) + + + +[root] module.lambda.module.lambda_event_source.data.aws_iam_policy_document.dynamodb (expand)->[root] module.lambda.module.lambda_event_source.local.is_dynamodb (expand) + + + + + +[root] module.lambda.module.lambda_event_source.data.aws_iam_policy_document.kinesis (expand)->[root] provider["registry.terraform.io/hashicorp/aws"] + + + + + +[root] module.lambda.module.lambda_event_source.data.aws_iam_policy_document.kinesis (expand)->[root] module.lambda.module.lambda_event_source.var.event_source_arn (expand) + + + + + +[root] module.lambda.module.lambda_event_source.local.is_kinesis (expand) + +[root] module.lambda.module.lambda_event_source.local.is_kinesis (expand) + + + +[root] module.lambda.module.lambda_event_source.data.aws_iam_policy_document.kinesis (expand)->[root] module.lambda.module.lambda_event_source.local.is_kinesis (expand) + + + + + +[root] module.lambda.module.lambda_event_source.data.aws_iam_policy_document.sqs (expand)->[root] provider["registry.terraform.io/hashicorp/aws"] + + + + + +[root] module.lambda.module.lambda_event_source.data.aws_iam_policy_document.sqs (expand)->[root] module.lambda.module.lambda_event_source.var.event_source_arn (expand) + + + + + +[root] module.lambda.module.lambda_event_source.local.is_sqs (expand) + +[root] module.lambda.module.lambda_event_source.local.is_sqs (expand) + + + +[root] module.lambda.module.lambda_event_source.data.aws_iam_policy_document.sqs (expand)->[root] module.lambda.module.lambda_event_source.local.is_sqs (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.aws_lambda_permission.permission (expand) + +module.lambda.module.lambda_s3_trigger.aws_lambda_permission.permission + + + +[root] module.lambda.module.lambda_s3_trigger.local.bucket_arn (expand) + +[root] module.lambda.module.lambda_s3_trigger.local.bucket_arn (expand) + + + +[root] module.lambda.module.lambda_s3_trigger.aws_lambda_permission.permission (expand)->[root] module.lambda.module.lambda_s3_trigger.local.bucket_arn (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.var.enable (expand) + +[root] module.lambda.module.lambda_s3_trigger.var.enable (expand) + + + +[root] module.lambda.module.lambda_s3_trigger.aws_lambda_permission.permission (expand)->[root] module.lambda.module.lambda_s3_trigger.var.enable (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.var.lambda_function_arn (expand) + +[root] module.lambda.module.lambda_s3_trigger.var.lambda_function_arn (expand) + + + +[root] module.lambda.module.lambda_s3_trigger.aws_lambda_permission.permission (expand)->[root] module.lambda.module.lambda_s3_trigger.var.lambda_function_arn (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.aws_s3_bucket_notification.notification (expand) + +module.lambda.module.lambda_s3_trigger.aws_s3_bucket_notification.notification + + + +[root] module.lambda.module.lambda_s3_trigger.aws_s3_bucket_notification.notification (expand)->[root] module.lambda.module.lambda_s3_trigger.var.enable (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.aws_s3_bucket_notification.notification (expand)->[root] module.lambda.module.lambda_s3_trigger.var.lambda_function_arn (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.var.bucket_name (expand) + +[root] module.lambda.module.lambda_s3_trigger.var.bucket_name (expand) + + + +[root] module.lambda.module.lambda_s3_trigger.aws_s3_bucket_notification.notification (expand)->[root] module.lambda.module.lambda_s3_trigger.var.bucket_name (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.var.events (expand) + +[root] module.lambda.module.lambda_s3_trigger.var.events (expand) + + + +[root] module.lambda.module.lambda_s3_trigger.aws_s3_bucket_notification.notification (expand)->[root] module.lambda.module.lambda_s3_trigger.var.events (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.var.filter_prefix (expand) + +[root] module.lambda.module.lambda_s3_trigger.var.filter_prefix (expand) + + + +[root] module.lambda.module.lambda_s3_trigger.aws_s3_bucket_notification.notification (expand)->[root] module.lambda.module.lambda_s3_trigger.var.filter_prefix (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.var.filter_suffix (expand) + +[root] module.lambda.module.lambda_s3_trigger.var.filter_suffix (expand) + + + +[root] module.lambda.module.lambda_s3_trigger.aws_s3_bucket_notification.notification (expand)->[root] module.lambda.module.lambda_s3_trigger.var.filter_suffix (expand) + + + + + +[root] module.lambda.output.arn (expand)->[root] module.lambda.module.lambda.output.arn (expand) + + + + + +[root] meta.count-boundary (EachMode fixup) + +[root] meta.count-boundary (EachMode fixup) + + + +[root] meta.count-boundary (EachMode fixup)->[root] aws_s3_bucket_notification.bucket_notification (expand) + + + + + +[root] meta.count-boundary (EachMode fixup)->[root] data.aws_caller_identity.current (expand) + + + + + +[root] meta.count-boundary (EachMode fixup)->[root] data.aws_region.current (expand) + + + + + +[root] module.lambda (close) + +[root] module.lambda (close) + + + +[root] meta.count-boundary (EachMode fixup)->[root] module.lambda (close) + + + + + +[root] module.lambda (close)->[root] module.lambda.aws_cloudwatch_log_subscription_filter.cloudwatch_logs_to_es (expand) + + + + + +[root] module.lambda (close)->[root] module.lambda.aws_iam_role_policy_attachment.cloudwatch_logs (expand) + + + + + +[root] module.lambda (close)->[root] module.lambda.aws_iam_role_policy_attachment.kms_policy_attachment (expand) + + + + + +[root] module.lambda (close)->[root] module.lambda.aws_iam_role_policy_attachment.ssm_policy_attachment (expand) + + + + + +[root] module.lambda (close)->[root] module.lambda.output.arn (expand) + + + + + +[root] module.lambda.module.lambda (close) + +[root] module.lambda.module.lambda (close) + + + +[root] module.lambda (close)->[root] module.lambda.module.lambda (close) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger (close) + +[root] module.lambda.module.lambda_cloudwatch_trigger (close) + + + +[root] module.lambda (close)->[root] module.lambda.module.lambda_cloudwatch_trigger (close) + + + + + +[root] module.lambda.module.lambda_event_source (close) + +[root] module.lambda.module.lambda_event_source (close) + + + +[root] module.lambda (close)->[root] module.lambda.module.lambda_event_source (close) + + + + + +[root] module.lambda.module.lambda_s3_trigger (close) + +[root] module.lambda.module.lambda_s3_trigger (close) + + + +[root] module.lambda (close)->[root] module.lambda.module.lambda_s3_trigger (close) + + + + + +[root] module.lambda.output.aws_lambda_function_url (expand) + +[root] module.lambda.output.aws_lambda_function_url (expand) + + + +[root] module.lambda (close)->[root] module.lambda.output.aws_lambda_function_url (expand) + + + + + +[root] module.lambda.var.bucket_arn (expand) + +[root] module.lambda.var.bucket_arn (expand) + + + +[root] module.lambda (close)->[root] module.lambda.var.bucket_arn (expand) + + + + + +[root] module.lambda.var.create_default_sg (expand) + +[root] module.lambda.var.create_default_sg (expand) + + + +[root] module.lambda (close)->[root] module.lambda.var.create_default_sg (expand) + + + + + +[root] module.lambda.var.create_in_vpc (expand) + +[root] module.lambda.var.create_in_vpc (expand) + + + +[root] module.lambda (close)->[root] module.lambda.var.create_in_vpc (expand) + + + + + +[root] module.lambda.var.description (expand) + +[root] module.lambda.var.description (expand) + + + +[root] module.lambda (close)->[root] module.lambda.var.description (expand) + + + + + +[root] module.lambda.var.enable_newrelic (expand) + +[root] module.lambda.var.enable_newrelic (expand) + + + +[root] module.lambda (close)->[root] module.lambda.var.enable_newrelic (expand) + + + + + +[root] module.lambda.var.env_vars (expand) + +[root] module.lambda.var.env_vars (expand) + + + +[root] module.lambda (close)->[root] module.lambda.var.env_vars (expand) + + + + + +[root] module.lambda.var.filename (expand) + +[root] module.lambda.var.filename (expand) + + + +[root] module.lambda (close)->[root] module.lambda.var.filename (expand) + + + + + +[root] module.lambda.var.memory_size (expand) + +[root] module.lambda.var.memory_size (expand) + + + +[root] module.lambda (close)->[root] module.lambda.var.memory_size (expand) + + + + + +[root] module.lambda.var.security_groups (expand) + +[root] module.lambda.var.security_groups (expand) + + + +[root] module.lambda (close)->[root] module.lambda.var.security_groups (expand) + + + + + +[root] module.lambda.var.service (expand) + +[root] module.lambda.var.service (expand) + + + +[root] module.lambda (close)->[root] module.lambda.var.service (expand) + + + + + +[root] module.lambda.var.table_name (expand) + +[root] module.lambda.var.table_name (expand) + + + +[root] module.lambda (close)->[root] module.lambda.var.table_name (expand) + + + + + +[root] module.lambda.module.lambda (close)->[root] module.lambda.module.lambda.aws_iam_role_policy.lambda_deadletter (expand) + + + + + +[root] module.lambda.module.lambda (close)->[root] module.lambda.module.lambda.aws_iam_role_policy.lambda_newrelic (expand) + + + + + +[root] module.lambda.module.lambda (close)->[root] module.lambda.module.lambda.aws_iam_role_policy.lambda_paramstore (expand) + + + + + +[root] module.lambda.module.lambda (close)->[root] module.lambda.module.lambda.aws_iam_role_policy_attachment.lambda (expand) + + + + + +[root] module.lambda.module.lambda (close)->[root] module.lambda.module.lambda.aws_iam_role_policy_attachment.xray_write_policy (expand) + + + + + +[root] module.lambda.module.lambda (close)->[root] module.lambda.module.lambda.aws_security_group_rule.egress (expand) + + + + + +[root] module.lambda.module.lambda (close)->[root] module.lambda.module.lambda.output.name (expand) + + + + + +[root] module.lambda.module.lambda (close)->[root] module.lambda.module.lambda.output.iam_role_name (expand) + + + + + +[root] module.lambda.module.lambda (close)->[root] module.lambda.module.lambda.output.arn (expand) + + + + + +[root] module.lambda.module.lambda.local.vpc_tag_key (expand) + +[root] module.lambda.module.lambda.local.vpc_tag_key (expand) + + + +[root] module.lambda.module.lambda (close)->[root] module.lambda.module.lambda.local.vpc_tag_key (expand) + + + + + +[root] module.lambda.module.lambda.output.iam_role_arn (expand) + +[root] module.lambda.module.lambda.output.iam_role_arn (expand) + + + +[root] module.lambda.module.lambda (close)->[root] module.lambda.module.lambda.output.iam_role_arn (expand) + + + + + +[root] module.lambda.module.lambda.output.invoke_arn (expand) + +[root] module.lambda.module.lambda.output.invoke_arn (expand) + + + +[root] module.lambda.module.lambda (close)->[root] module.lambda.module.lambda.output.invoke_arn (expand) + + + + + +[root] module.lambda.module.lambda.output.log_group_name (expand) + +[root] module.lambda.module.lambda.output.log_group_name (expand) + + + +[root] module.lambda.module.lambda (close)->[root] module.lambda.module.lambda.output.log_group_name (expand) + + + + + +[root] module.lambda.module.lambda.output.qualified_arn (expand) + +[root] module.lambda.module.lambda.output.qualified_arn (expand) + + + +[root] module.lambda.module.lambda (close)->[root] module.lambda.module.lambda.output.qualified_arn (expand) + + + + + +[root] module.lambda.module.lambda.output.security_group_id (expand) + +[root] module.lambda.module.lambda.output.security_group_id (expand) + + + +[root] module.lambda.module.lambda (close)->[root] module.lambda.module.lambda.output.security_group_id (expand) + + + + + +[root] module.lambda.module.lambda.output.version (expand) + +[root] module.lambda.module.lambda.output.version (expand) + + + +[root] module.lambda.module.lambda (close)->[root] module.lambda.module.lambda.output.version (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger (close)->[root] module.lambda.module.lambda_cloudwatch_trigger.aws_cloudwatch_event_target.target (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger (close)->[root] module.lambda.module.lambda_cloudwatch_trigger.aws_lambda_permission.permission (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.output.rule_arn (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.output.rule_arn (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger (close)->[root] module.lambda.module.lambda_cloudwatch_trigger.output.rule_arn (expand) + + + + + +[root] module.lambda.module.lambda_event_source (close)->[root] module.lambda.module.lambda_event_source.aws_iam_role_policy.dynamodb (expand) + + + + + +[root] module.lambda.module.lambda_event_source (close)->[root] module.lambda.module.lambda_event_source.aws_iam_role_policy.kinesis (expand) + + + + + +[root] module.lambda.module.lambda_event_source (close)->[root] module.lambda.module.lambda_event_source.aws_iam_role_policy.sqs (expand) + + + + + +[root] module.lambda.module.lambda_event_source (close)->[root] module.lambda.module.lambda_event_source.aws_lambda_event_source_mapping.event (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger (close)->[root] module.lambda.module.lambda_s3_trigger.aws_lambda_permission.permission (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger (close)->[root] module.lambda.module.lambda_s3_trigger.aws_s3_bucket_notification.notification (expand) + + + + + +[root] module.lambda.output.aws_lambda_function_url (expand)->[root] module.lambda.aws_lambda_function_url.lambda_url (expand) + + + + + +[root] module.lambda.var.bucket_arn (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.create_default_sg (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.create_in_vpc (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.description (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.enable_newrelic (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.env_vars (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.filename (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.memory_size (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.security_groups (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.service (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.table_name (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.output.name (expand)->[root] module.lambda.module.lambda.local.function_name (expand) + + + + + +[root] module.lambda.var.log_retention_in_days (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.name (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.output.iam_role_name (expand)->[root] module.lambda.module.lambda.aws_iam_role.lambda (expand) + + + + + +[root] module.lambda.module.lambda.local.arn (expand) + +[root] module.lambda.module.lambda.local.arn (expand) + + + +[root] module.lambda.module.lambda.output.arn (expand)->[root] module.lambda.module.lambda.local.arn (expand) + + + + + +[root] module.lambda.var.architecture (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.authorization_type (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.enable (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.logfilter_destination_arn (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.kms_key_arn (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.ssm_parameter_names (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.local.vpc_tag_key (expand)->[root] module.lambda.module.lambda.var.vpc_tag (expand) + + + + + +[root] module.lambda.module.lambda.output.iam_role_arn (expand)->[root] module.lambda.module.lambda.aws_iam_role.lambda (expand) + + + + + +[root] module.lambda.module.lambda.output.invoke_arn (expand)->[root] module.lambda.module.lambda.aws_lambda_function.function (expand) + + + + + +[root] module.lambda.module.lambda.output.log_group_name (expand)->[root] module.lambda.module.lambda.aws_cloudwatch_log_group.logs (expand) + + + + + +[root] module.lambda.module.lambda.local.qualified_arn (expand) + +[root] module.lambda.module.lambda.local.qualified_arn (expand) + + + +[root] module.lambda.module.lambda.output.qualified_arn (expand)->[root] module.lambda.module.lambda.local.qualified_arn (expand) + + + + + +[root] module.lambda.module.lambda.output.security_group_id (expand)->[root] module.lambda.module.lambda.aws_security_group.lambda (expand) + + + + + +[root] module.lambda.module.lambda.local.version (expand) + +[root] module.lambda.module.lambda.local.version (expand) + + + +[root] module.lambda.module.lambda.output.version (expand)->[root] module.lambda.module.lambda.local.version (expand) + + + + + +[root] module.lambda.module.lambda (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.local.function_name (expand)->[root] module.lambda.module.lambda.aws_lambda_function.function (expand) + + + + + +[root] module.lambda.module.lambda.var.log_retention (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.environment (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.var.environment (expand) + +[root] module.lambda.var.environment (expand) + + + +[root] module.lambda.module.lambda.var.environment (expand)->[root] module.lambda.var.environment (expand) + + + + + +[root] module.lambda.module.lambda.var.name (expand)->[root] module.lambda.var.name (expand) + + + + + +[root] module.lambda.module.lambda.var.name (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.tags (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.var.tags (expand) + +[root] module.lambda.var.tags (expand) + + + +[root] module.lambda.module.lambda.var.tags (expand)->[root] module.lambda.var.tags (expand) + + + + + +[root] module.lambda.module.lambda.local.lambda_policy (expand)->[root] module.lambda.module.lambda.var.create_in_vpc (expand) + + + + + +[root] module.lambda.module.lambda.local.lambda_basic_policy (expand) + +[root] module.lambda.module.lambda.local.lambda_basic_policy (expand) + + + +[root] module.lambda.module.lambda.local.lambda_policy (expand)->[root] module.lambda.module.lambda.local.lambda_basic_policy (expand) + + + + + +[root] module.lambda.module.lambda.local.lambda_vpc_policy (expand) + +[root] module.lambda.module.lambda.local.lambda_vpc_policy (expand) + + + +[root] module.lambda.module.lambda.local.lambda_policy (expand)->[root] module.lambda.module.lambda.local.lambda_vpc_policy (expand) + + + + + +[root] module.lambda.module.lambda.local.xray_write_policy (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.tracing_config (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.local.default_env_vars (expand)->[root] module.lambda.module.lambda.var.environment (expand) + + + + + +[root] module.lambda.module.lambda.var.enable_newrelic (expand) + +[root] module.lambda.module.lambda.var.enable_newrelic (expand) + + + +[root] module.lambda.module.lambda.local.layers (expand)->[root] module.lambda.module.lambda.var.enable_newrelic (expand) + + + + + +[root] module.lambda.module.lambda.local.newrelic_layer_arn (expand) + +[root] module.lambda.module.lambda.local.newrelic_layer_arn (expand) + + + +[root] module.lambda.module.lambda.local.layers (expand)->[root] module.lambda.module.lambda.local.newrelic_layer_arn (expand) + + + + + +[root] module.lambda.module.lambda.var.layers (expand) + +[root] module.lambda.module.lambda.var.layers (expand) + + + +[root] module.lambda.module.lambda.local.layers (expand)->[root] module.lambda.module.lambda.var.layers (expand) + + + + + +[root] module.lambda.module.lambda.var.memory (expand) + +[root] module.lambda.module.lambda.var.memory (expand) + + + +[root] module.lambda.module.lambda.local.memory_size (expand)->[root] module.lambda.module.lambda.var.memory (expand) + + + + + +[root] module.lambda.module.lambda.var.resource_allocation (expand) + +[root] module.lambda.module.lambda.var.resource_allocation (expand) + + + +[root] module.lambda.module.lambda.local.memory_size (expand)->[root] module.lambda.module.lambda.var.resource_allocation (expand) + + + + + +[root] module.lambda.module.lambda.local.newrelic_env_vars (expand)->[root] module.lambda.module.lambda.var.newrelic_license_secret_name (expand) + + + + + +[root] module.lambda.module.lambda.local.newrelic_env_vars (expand)->[root] module.lambda.module.lambda.var.enable_newrelic (expand) + + + + + +[root] module.lambda.module.lambda.var.newrelic_account_id (expand) + +[root] module.lambda.module.lambda.var.newrelic_account_id (expand) + + + +[root] module.lambda.module.lambda.local.newrelic_env_vars (expand)->[root] module.lambda.module.lambda.var.newrelic_account_id (expand) + + + + + +[root] module.lambda.module.lambda.var.newrelic_log_level (expand) + +[root] module.lambda.module.lambda.var.newrelic_log_level (expand) + + + +[root] module.lambda.module.lambda.local.newrelic_env_vars (expand)->[root] module.lambda.module.lambda.var.newrelic_log_level (expand) + + + + + +[root] module.lambda.module.lambda.var.newrelic_send_function_logs (expand) + +[root] module.lambda.module.lambda.var.newrelic_send_function_logs (expand) + + + +[root] module.lambda.module.lambda.local.newrelic_env_vars (expand)->[root] module.lambda.module.lambda.var.newrelic_send_function_logs (expand) + + + + + +[root] module.lambda.module.lambda.var.dlq_arn (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.efs_arn (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.efs_mount_path (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.env_vars (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.handler (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.var.handler (expand) + +[root] module.lambda.var.handler (expand) + + + +[root] module.lambda.module.lambda.var.handler (expand)->[root] module.lambda.var.handler (expand) + + + + + +[root] module.lambda.module.lambda.var.literal_name (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.publish (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.var.publish (expand) + +[root] module.lambda.var.publish (expand) + + + +[root] module.lambda.module.lambda.var.publish (expand)->[root] module.lambda.var.publish (expand) + + + + + +[root] module.lambda.module.lambda.var.reserved_concurrent_executions (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.var.reserved_concurrent_executions (expand) + +[root] module.lambda.var.reserved_concurrent_executions (expand) + + + +[root] module.lambda.module.lambda.var.reserved_concurrent_executions (expand)->[root] module.lambda.var.reserved_concurrent_executions (expand) + + + + + +[root] module.lambda.module.lambda.var.security_groups (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.timeout (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.var.timeout (expand) + +[root] module.lambda.var.timeout (expand) + + + +[root] module.lambda.module.lambda.var.timeout (expand)->[root] module.lambda.var.timeout (expand) + + + + + +[root] module.lambda.module.lambda.local.name (expand)->[root] module.lambda.module.lambda.var.environment (expand) + + + + + +[root] module.lambda.module.lambda.local.name (expand)->[root] module.lambda.module.lambda.var.name (expand) + + + + + +[root] module.lambda.module.lambda.var.create_default_sg (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.dlq_type (expand) + +[root] module.lambda.module.lambda.var.dlq_type (expand) + + + +[root] module.lambda.module.lambda.local.dlq_action (expand)->[root] module.lambda.module.lambda.var.dlq_type (expand) + + + + + +[root] module.lambda.module.lambda.local.use_deadletter (expand)->[root] module.lambda.module.lambda.var.dlq_type (expand) + + + + + +[root] module.lambda.module.lambda.local.enable_newrelic (expand)->[root] module.lambda.module.lambda.var.enable_newrelic (expand) + + + + + +[root] module.lambda.module.lambda.var.newrelic_license_secret_name (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.local.paramstore_resources (expand)->[root] module.lambda.module.lambda.data.aws_caller_identity.current (expand) + + + + + +[root] module.lambda.module.lambda.local.paramstore_resources (expand)->[root] module.lambda.module.lambda.data.aws_region.current (expand) + + + + + +[root] module.lambda.module.lambda.local.paramstore_resources (expand)->[root] module.lambda.module.lambda.var.environment (expand) + + + + + +[root] module.lambda.module.lambda.local.paramstore_resources (expand)->[root] module.lambda.module.lambda.var.name (expand) + + + + + +[root] module.lambda.module.lambda.var.team_name (expand) + +[root] module.lambda.module.lambda.var.team_name (expand) + + + +[root] module.lambda.module.lambda.local.paramstore_resources (expand)->[root] module.lambda.module.lambda.var.team_name (expand) + + + + + +[root] module.lambda.module.lambda.var.paramstore_resources (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.parameter_store_alias (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.create_in_vpc (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.vpc_tag (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.var.vpc_tag_key_override (expand) + +[root] module.lambda.var.vpc_tag_key_override (expand) + + + +[root] module.lambda.module.lambda.var.vpc_tag (expand)->[root] module.lambda.var.vpc_tag_key_override (expand) + + + + + +[root] module.lambda.module.lambda.local.arn (expand)->[root] module.lambda.module.lambda.aws_lambda_function.function (expand) + + + + + +[root] module.lambda.module.lambda.local.default_newrelic_layer_arn (expand) + +[root] module.lambda.module.lambda.local.default_newrelic_layer_arn (expand) + + + +[root] module.lambda.module.lambda.local.default_newrelic_layer_arn (expand)->[root] module.lambda.module.lambda.data.aws_region.current (expand) + + + + + +[root] module.lambda.module.lambda.var.dlq_type (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.enable_newrelic (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.local.lambda_basic_policy (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.local.lambda_vpc_policy (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.local.newrelic_layer_arn (expand)->[root] module.lambda.module.lambda.local.default_newrelic_layer_arn (expand) + + + + + +[root] module.lambda.module.lambda.local.newrelic_extension_version (expand) + +[root] module.lambda.module.lambda.local.newrelic_extension_version (expand) + + + +[root] module.lambda.module.lambda.local.newrelic_layer_arn (expand)->[root] module.lambda.module.lambda.local.newrelic_extension_version (expand) + + + + + +[root] module.lambda.module.lambda.local.newrelic_layer_arns (expand) + +[root] module.lambda.module.lambda.local.newrelic_layer_arns (expand) + + + +[root] module.lambda.module.lambda.local.newrelic_layer_arn (expand)->[root] module.lambda.module.lambda.local.newrelic_layer_arns (expand) + + + + + +[root] module.lambda.module.lambda.var.layers (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.var.layers (expand) + +[root] module.lambda.var.layers (expand) + + + +[root] module.lambda.module.lambda.var.layers (expand)->[root] module.lambda.var.layers (expand) + + + + + +[root] module.lambda.module.lambda.var.memory (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.resource_allocation (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.var.resource_allocation (expand) + +[root] module.lambda.var.resource_allocation (expand) + + + +[root] module.lambda.module.lambda.var.resource_allocation (expand)->[root] module.lambda.var.resource_allocation (expand) + + + + + +[root] module.lambda.module.lambda.var.newrelic_account_id (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.newrelic_log_level (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.newrelic_send_function_logs (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.local.newrelic_extension_versions (expand) + +[root] module.lambda.module.lambda.local.newrelic_extension_versions (expand) + + + +[root] module.lambda.module.lambda.local.newrelic_extension_version (expand)->[root] module.lambda.module.lambda.local.newrelic_extension_versions (expand) + + + + + +[root] module.lambda.module.lambda.var.newrelic_extension_version (expand) + +[root] module.lambda.module.lambda.var.newrelic_extension_version (expand) + + + +[root] module.lambda.module.lambda.local.newrelic_extension_version (expand)->[root] module.lambda.module.lambda.var.newrelic_extension_version (expand) + + + + + +[root] module.lambda.module.lambda.var.runtime (expand) + +[root] module.lambda.module.lambda.var.runtime (expand) + + + +[root] module.lambda.module.lambda.local.newrelic_extension_version (expand)->[root] module.lambda.module.lambda.var.runtime (expand) + + + + + +[root] module.lambda.module.lambda.local.newrelic_extension_versions (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.newrelic_extension_version (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.module.lambda.var.runtime (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.var.runtime (expand) + +[root] module.lambda.var.runtime (expand) + + + +[root] module.lambda.module.lambda.var.runtime (expand)->[root] module.lambda.var.runtime (expand) + + + + + +[root] module.lambda.module.lambda.local.newrelic_layer_arns (expand)->[root] module.lambda.module.lambda.data.aws_region.current (expand) + + + + + +[root] module.lambda.module.lambda.var.team_name (expand)->[root] module.lambda.module.lambda (expand) + + + + + +[root] module.lambda.var.team_name (expand) + +[root] module.lambda.var.team_name (expand) + + + +[root] module.lambda.module.lambda.var.team_name (expand)->[root] module.lambda.var.team_name (expand) + + + + + +[root] module.lambda.module.lambda.local.qualified_arn (expand)->[root] module.lambda.module.lambda.aws_lambda_function.function (expand) + + + + + +[root] module.lambda.module.lambda.local.version (expand)->[root] module.lambda.module.lambda.aws_lambda_function.function (expand) + + + + + +[root] module.lambda.var.environment (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.handler (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.layers (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.publish (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.reserved_concurrent_executions (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.resource_allocation (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.runtime (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.tags (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.team_name (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.timeout (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.vpc_tag_key_override (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.output.rule_arn (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.aws_cloudwatch_event_rule.rule (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.name (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.name (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.default_tags (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.local.name (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.asset_tag (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.asset_tag (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.default_tags (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.asset_tag (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.backup (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.backup (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.default_tags (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.backup (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.classification (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.classification (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.default_tags (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.classification (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.environment (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.environment (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.default_tags (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.environment (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.expiration (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.expiration (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.default_tags (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.expiration (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.owner (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.owner (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.default_tags (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.owner (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.partner (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.partner (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.default_tags (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.partner (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.project (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.project (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.default_tags (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.project (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.provisioner (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.provisioner (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.default_tags (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.provisioner (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.service (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.service (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.default_tags (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.service (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.version_tag (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.version_tag (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.default_tags (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.version_tag (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.rule_enabled (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.schedule_expression (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.var.schedule_expression (expand) + +[root] module.lambda.var.schedule_expression (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.schedule_expression (expand)->[root] module.lambda.var.schedule_expression (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.tags (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.input (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.enable (expand)->[root] module.lambda.var.architecture (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.enable (expand)->[root] module.lambda.var.enable (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.enable (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.lambda_function_arn (expand)->[root] module.lambda.module.lambda.output.arn (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.lambda_function_arn (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.lambda_name (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.lambda_name (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.name (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.local.lambda_name (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.rule_name (expand) + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.rule_name (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.name (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.var.rule_name (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.asset_tag (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.backup (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.classification (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.environment (expand)->[root] module.lambda.var.environment (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.environment (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.expiration (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.owner (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.var.owner (expand) + +[root] module.lambda.var.owner (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.owner (expand)->[root] module.lambda.var.owner (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.partner (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.project (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.var.project (expand) + +[root] module.lambda.var.project (expand) + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.project (expand)->[root] module.lambda.var.project (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.provisioner (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.service (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.version_tag (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.local.lambda_name (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger.data.aws_arn.lambda (expand) + + + + + +[root] module.lambda.module.lambda_cloudwatch_trigger.var.rule_name (expand)->[root] module.lambda.module.lambda_cloudwatch_trigger (expand) + + + + + +[root] module.lambda.var.owner (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.project (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.schedule_expression (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.module.lambda_event_source (expand) + +[root] module.lambda.module.lambda_event_source (expand) + + + +[root] module.lambda.module.lambda_event_source (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.lambda_role_name (expand)->[root] module.lambda.module.lambda.output.iam_role_name (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.lambda_role_name (expand)->[root] module.lambda.module.lambda_event_source (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.event_source_type (expand) + +[root] module.lambda.module.lambda_event_source.var.event_source_type (expand) + + + +[root] module.lambda.module.lambda_event_source.local.event_type (expand)->[root] module.lambda.module.lambda_event_source.var.event_source_type (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.batch_size (expand)->[root] module.lambda.module.lambda_event_source (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.batch_window (expand)->[root] module.lambda.module.lambda_event_source (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.enable (expand)->[root] module.lambda.var.architecture (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.enable (expand)->[root] module.lambda.var.enable (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.enable (expand)->[root] module.lambda.module.lambda_event_source (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.event_source_arn (expand)->[root] module.lambda.module.lambda_event_source (expand) + + + + + +[root] module.lambda.var.event_source_arn (expand) + +[root] module.lambda.var.event_source_arn (expand) + + + +[root] module.lambda.module.lambda_event_source.var.event_source_arn (expand)->[root] module.lambda.var.event_source_arn (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.lambda_function_arn (expand)->[root] module.lambda.module.lambda.output.arn (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.lambda_function_arn (expand)->[root] module.lambda.module.lambda_event_source (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.on_failure_destination_arn (expand)->[root] module.lambda.module.lambda_event_source (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.starting_position (expand)->[root] module.lambda.module.lambda_event_source (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.starting_position_timestamp (expand)->[root] module.lambda.module.lambda_event_source (expand) + + + + + +[root] module.lambda.module.lambda_event_source.local.is_dynamodb (expand)->[root] module.lambda.module.lambda_event_source.local.event_type (expand) + + + + + +[root] module.lambda.module.lambda_event_source.local.is_dynamodb (expand)->[root] module.lambda.module.lambda_event_source.var.enable (expand) + + + + + +[root] module.lambda.module.lambda_event_source.local.is_kinesis (expand)->[root] module.lambda.module.lambda_event_source.local.event_type (expand) + + + + + +[root] module.lambda.module.lambda_event_source.local.is_kinesis (expand)->[root] module.lambda.module.lambda_event_source.var.enable (expand) + + + + + +[root] module.lambda.module.lambda_event_source.local.is_sqs (expand)->[root] module.lambda.module.lambda_event_source.local.event_type (expand) + + + + + +[root] module.lambda.module.lambda_event_source.local.is_sqs (expand)->[root] module.lambda.module.lambda_event_source.var.enable (expand) + + + + + +[root] module.lambda.module.lambda_event_source.var.event_source_type (expand)->[root] module.lambda.module.lambda_event_source (expand) + + + + + +[root] module.lambda.var.event_trigger_type (expand) + +[root] module.lambda.var.event_trigger_type (expand) + + + +[root] module.lambda.module.lambda_event_source.var.event_source_type (expand)->[root] module.lambda.var.event_trigger_type (expand) + + + + + +[root] module.lambda.var.event_source_arn (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.var.event_trigger_type (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger (expand) + +[root] module.lambda.module.lambda_s3_trigger (expand) + + + +[root] module.lambda.module.lambda_s3_trigger (expand)->[root] module.lambda (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.local.bucket_arn (expand)->[root] module.lambda.module.lambda_s3_trigger.var.bucket_name (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.var.enable (expand)->[root] module.lambda.var.architecture (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.var.enable (expand)->[root] module.lambda.var.enable (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.var.enable (expand)->[root] module.lambda.module.lambda_s3_trigger (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.var.lambda_function_arn (expand)->[root] module.lambda.module.lambda.output.arn (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.var.lambda_function_arn (expand)->[root] module.lambda.module.lambda_s3_trigger (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.var.bucket_name (expand)->[root] module.lambda.module.lambda_s3_trigger (expand) + + + + + +[root] module.lambda.var.bucket_id (expand) + +[root] module.lambda.var.bucket_id (expand) + + + +[root] module.lambda.module.lambda_s3_trigger.var.bucket_name (expand)->[root] module.lambda.var.bucket_id (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.var.events (expand)->[root] module.lambda.module.lambda_s3_trigger (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.var.filter_prefix (expand)->[root] module.lambda.module.lambda_s3_trigger (expand) + + + + + +[root] module.lambda.module.lambda_s3_trigger.var.filter_suffix (expand)->[root] module.lambda.module.lambda_s3_trigger (expand) + + + + + +[root] module.lambda.var.bucket_id (expand)->[root] module.lambda (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close) + +[root] provider["registry.terraform.io/hashicorp/aws"] (close) + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] aws_s3_bucket_notification.bucket_notification (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] data.aws_caller_identity.current (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] data.aws_region.current (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.aws_cloudwatch_log_subscription_filter.cloudwatch_logs_to_es (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.aws_iam_role_policy_attachment.cloudwatch_logs (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.aws_iam_role_policy_attachment.kms_policy_attachment (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.aws_iam_role_policy_attachment.ssm_policy_attachment (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.aws_lambda_function_url.lambda_url (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.module.lambda.aws_cloudwatch_log_group.logs (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.module.lambda.aws_iam_role_policy.lambda_deadletter (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.module.lambda.aws_iam_role_policy.lambda_newrelic (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.module.lambda.aws_iam_role_policy.lambda_paramstore (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.module.lambda.aws_iam_role_policy_attachment.lambda (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.module.lambda.aws_iam_role_policy_attachment.xray_write_policy (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.module.lambda.aws_security_group_rule.egress (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.module.lambda_cloudwatch_trigger.aws_cloudwatch_event_target.target (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.module.lambda_cloudwatch_trigger.aws_lambda_permission.permission (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.module.lambda_event_source.aws_iam_role_policy.dynamodb (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.module.lambda_event_source.aws_iam_role_policy.kinesis (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.module.lambda_event_source.aws_iam_role_policy.sqs (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.module.lambda_event_source.aws_lambda_event_source_mapping.event (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.module.lambda_s3_trigger.aws_lambda_permission.permission (expand) + + + + + +[root] provider["registry.terraform.io/hashicorp/aws"] (close)->[root] module.lambda.module.lambda_s3_trigger.aws_s3_bucket_notification.notification (expand) + + + + + +[root] root + +[root] root + + + +[root] root->[root] meta.count-boundary (EachMode fixup) + + + + + +[root] root->[root] provider["registry.terraform.io/hashicorp/aws"] (close) + + + + + diff --git a/examples/example-with-s3-event/main.tf b/examples/example-with-s3-event/main.tf index a6b143a..db7be44 100644 --- a/examples/example-with-s3-event/main.tf +++ b/examples/example-with-s3-event/main.tf @@ -18,7 +18,6 @@ resource "aws_s3_bucket_notification" "bucket_notification" { module "lambda" { source = "../../" description = "Example AWS Lambda using go with s3 event trigger" - filename = "${path.module}/test_function.zip" name = "tf-example-go-basic" handler = "example-lambda-func" runtime = "go1.x" diff --git a/examples/example-with-s3-event/test_function.zip b/examples/example-with-s3-event/test_function.zip deleted file mode 100644 index e69de29..0000000 diff --git a/examples/example-with-sqs-event/.terraform.lock.hcl b/examples/example-with-sqs-event/.terraform.lock.hcl new file mode 100644 index 0000000..d899613 --- /dev/null +++ b/examples/example-with-sqs-event/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.11.0" + constraints = ">= 4.0.0, 4.11.0" + hashes = [ + "h1:CjsO4gz0OBv5KHDm/F2vFxK8dmYmjIo5WwL6X2HkHwQ=", + "zh:3e4634f4babcef402160ffb97f9f37e3e781313ceb7b7858fe4b7fc0e2e33e99", + "zh:3ff647aa88e71419480e3f51a4b40e3b0e2d66482bea97c0b4e75f37aa5ad1f1", + "zh:4680d16fbb85663034dc3677b402e9e78ab1d4040dd80603052817a96ec08911", + "zh:5190d03f43f7ad56dae0a7f0441a0f5b2590f42f6e07a724fe11dd50c42a12e4", + "zh:622426fcdbb927e7c198fe4b890a01a5aa312e462cd82ae1e302186eeac1d071", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:b0b766a835c79f8dd58b93d25df8f37749f33cca2297ac088d402d718baddd9c", + "zh:b293cf26a02992b2167ed3f63711dc01221c4a5e2984b6c7c0c04a6155ab0526", + "zh:ca8e1f5c58fc838edb5fe7528aec3f2fcbaeabf808add0f401aee5073b61f17f", + "zh:e0d2ad2767c0134841d52394d180f8f3315c238949c8d11be39a214630e8d50e", + "zh:ece0d11c35a8537b662287e00af4d27a27eb9558353b133674af90ec11c818d3", + "zh:f7e1cd07ae883d3be01942dc2b0d516b9736a74e6037287ab19f616725c8f7e8", + ] +} diff --git a/examples/example-with-sqs-event/main.tf b/examples/example-with-sqs-event/main.tf index 165f7f7..cfa0ce3 100644 --- a/examples/example-with-sqs-event/main.tf +++ b/examples/example-with-sqs-event/main.tf @@ -9,7 +9,6 @@ data "aws_caller_identity" "current"{} module "lambda" { source = "../../" description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" - filename = "${path.module}/test_function.zip" name = "tf-example-go-basic" handler = "example-lambda-func" runtime = "go1.x" diff --git a/examples/example-with-sqs-event/test_function.zip b/examples/example-with-sqs-event/test_function.zip deleted file mode 100644 index e69de29..0000000 diff --git a/examples/example-with-vpc/.terraform.lock.hcl b/examples/example-with-vpc/.terraform.lock.hcl index 33faa73..d899613 100644 --- a/examples/example-with-vpc/.terraform.lock.hcl +++ b/examples/example-with-vpc/.terraform.lock.hcl @@ -2,7 +2,8 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "4.11.0" + version = "4.11.0" + constraints = ">= 4.0.0, 4.11.0" hashes = [ "h1:CjsO4gz0OBv5KHDm/F2vFxK8dmYmjIo5WwL6X2HkHwQ=", "zh:3e4634f4babcef402160ffb97f9f37e3e781313ceb7b7858fe4b7fc0e2e33e99", diff --git a/examples/example-with-vpc/main.tf b/examples/example-with-vpc/main.tf index a417c74..5855d62 100644 --- a/examples/example-with-vpc/main.tf +++ b/examples/example-with-vpc/main.tf @@ -25,7 +25,6 @@ resource "aws_security_group_rule" "lambda_egress" { module "lambda" { source = "../../" description = "Example AWS Lambda inside a VPC using go with cloudwatch scheduled event trigger" - filename = "${path.module}/test_function.zip" name = "tf-example-go-basic" handler = "example-lambda-func" runtime = "go1.x" diff --git a/examples/example-with-vpc/test_function.zip b/examples/example-with-vpc/test_function.zip deleted file mode 100644 index e69de29..0000000 diff --git a/examples/example-without-event/main.tf b/examples/example-without-event/main.tf index e8a479b..c71fa0e 100644 --- a/examples/example-without-event/main.tf +++ b/examples/example-without-event/main.tf @@ -10,7 +10,6 @@ data "aws_caller_identity" "current"{} module "lambda" { source = "../../" description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" - filename = "${path.module}/test_function.zip" name = "tf-example-go-basic" handler = "example-lambda-func" runtime = "go1.x" diff --git a/examples/example-without-event/test_function.zip b/examples/example-without-event/test_function.zip deleted file mode 100644 index e69de29..0000000 diff --git a/variables.tf b/variables.tf index 1b2fd0c..fd43214 100644 --- a/variables.tf +++ b/variables.tf @@ -13,6 +13,7 @@ variable "enable" { type = bool default = true } + variable architecture { description = "Triggers are not required. Chose one trigger, if any, to use with lambda. If one is true, all others must be false." type = object({ @@ -50,10 +51,6 @@ variable "event_trigger_type" { # You must provide a value for each of these parameters. # --------------------------------------------------------------------------------------------------------------------- -variable "filename" { - description = "The path to the function's deployment package within the local filesystem." -} - variable "name" { description = "A unique name for your Lambda Function." } @@ -93,6 +90,11 @@ variable "vpc_tag_key_override" { # These parameters have reasonable defaults. # --------------------------------------------------------------------------------------------------------------------- +variable "filename" { + description = "The path to the function's deployment package within the local filesystem." + default = "" +} + variable "description" { description = "Description of what your Lambda Function does." default = "" From d03d80f266418285cffba1b4d490ecfacb52e70f Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Fri, 7 Oct 2022 13:22:07 -0400 Subject: [PATCH 45/55] Clarify why the need for an empty string default in filename variable. --- README.md | 2 +- examples/example-with-cloudwatch-scheduled-event/main.tf | 1 + main.tf | 1 - variables.tf | 4 ++-- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index a94cda9..aa77c13 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ | [env\_vars](#input\_env\_vars) | Environment variables in map(map(string)) | `map(map(string))` | `{}` | no | | [environment](#input\_environment) | Environment for the resouces | `string` | n/a | yes | | [event\_source\_arn](#input\_event\_source\_arn) | value | `string` | `""` | no | -| [filename](#input\_filename) | The path to the function's deployment package within the local filesystem. | `any` | n/a | yes | +| [filename](#input\_filename) | The path to the function's deployment package within the local filesystem. Default is an empty string to satisfy the underlying interface. | `any` | `""` | no | | [handler](#input\_handler) | The function entrypoint in your code. | `any` | n/a | yes | | [kms\_key\_arn](#input\_kms\_key\_arn) | The Amazon Resource Name (ARN) of the KMS key to decrypt AWS Systems Manager parameters. | `string` | `""` | no | | [layers](#input\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See [Lambda Layers](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html) | `list(string)` | `[]` | no | diff --git a/examples/example-with-cloudwatch-scheduled-event/main.tf b/examples/example-with-cloudwatch-scheduled-event/main.tf index 7e12ab1..c17c300 100644 --- a/examples/example-with-cloudwatch-scheduled-event/main.tf +++ b/examples/example-with-cloudwatch-scheduled-event/main.tf @@ -12,6 +12,7 @@ module "lambda" { description = "Example AWS Lambda using go with cloudwatch scheduled event trigger" name = "tf-example-go-basic" handler = "example-lambda-func" + filename = "" runtime = "go1.x" service = "example" project = "example" diff --git a/main.tf b/main.tf index 99c7918..d1ef9b7 100644 --- a/main.tf +++ b/main.tf @@ -13,7 +13,6 @@ module "lambda" { name = var.name team_name = var.team_name environment = var.environment - } data "aws_iam_policy_document" "assume_role_policy" { diff --git a/variables.tf b/variables.tf index fd43214..501ffc7 100644 --- a/variables.tf +++ b/variables.tf @@ -91,8 +91,8 @@ variable "vpc_tag_key_override" { # --------------------------------------------------------------------------------------------------------------------- variable "filename" { - description = "The path to the function's deployment package within the local filesystem." - default = "" + description = "The path to the function's deployment package within the local filesystem. Empty string (psuedo-null) is here to satisfy the underlying interface." + default = "" } variable "description" { From 167fb625e2a3f3bc43f4c7b86df10649742f9efc Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Wed, 19 Oct 2022 14:05:13 -0400 Subject: [PATCH 46/55] change tf version constraint in tests --- .github/workflows/workflow.yaml | 6 +++--- .terraform.tfstate.lock.info | 1 + outputs.tf | 8 +++----- 3 files changed, 7 insertions(+), 8 deletions(-) create mode 100644 .terraform.tfstate.lock.info diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 1fa45ad..1ff6dbb 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -17,19 +17,19 @@ jobs: uses: actions/checkout@v1 - name: Run a Terraform init - uses: docker://hashicorp/terraform:0.12.13 + uses: docker://hashicorp/terraform:1.0.3 with: entrypoint: terraform args: init - name: Run a Terraform fmt - uses: docker://hashicorp/terraform:0.12.13 + uses: docker://hashicorp/terraform:1.0.3 with: entrypoint: terraform args: fmt -check=true - name: Run a Terraform validate - uses: docker://hashicorp/terraform:0.12.13 + uses: docker://hashicorp/terraform:1.0.3 env: AWS_REGION: eu-west-1 with: diff --git a/.terraform.tfstate.lock.info b/.terraform.tfstate.lock.info new file mode 100644 index 0000000..34ffb6a --- /dev/null +++ b/.terraform.tfstate.lock.info @@ -0,0 +1 @@ +{"ID":"2e62e323-2757-03f3-00b9-7821e2e1337b","Operation":"OperationTypeInvalid","Info":"","Who":"edolsen@TL9F224T6G","Version":"1.0.3","Created":"2022-10-10T18:48:56.006498Z","Path":"terraform.tfstate"} \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index 1c34609..d2533a8 100644 --- a/outputs.tf +++ b/outputs.tf @@ -17,10 +17,8 @@ output "invoke_arn" { description = "The ARN to be used for invoking Lambda Function from API Gateway - to be used in aws_api_gateway_integration's uri" value = module.lambda.invoke_arn } - +*/ output "role_name" { description = "The name of the IAM role attached to the Lambda Function." - value = module.lambda.role_name -} - -*/ \ No newline at end of file + value = aws_iam_role.lambda.name +} \ No newline at end of file From 783f265fe314b027e2464797206843f4a3498abd Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Wed, 19 Oct 2022 14:16:39 -0400 Subject: [PATCH 47/55] remove .terraform files --- .terraform.lock.hcl | 21 --------------------- .terraform.tfstate.lock.info | 1 - 2 files changed, 22 deletions(-) delete mode 100644 .terraform.lock.hcl delete mode 100644 .terraform.tfstate.lock.info diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl deleted file mode 100644 index 1489342..0000000 --- a/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "4.12.1" - hashes = [ - "h1:o9VATFhsl7QFfQQ6M0zL5VIZlq+8xHooKGpv/11DK9w=", - "zh:2b432dc3bf7e0987bf9dcad5d397c384890d12fcd95827bc4581ca2955fc623a", - "zh:2f79a448a4e5ad24a706ab634078d0ef159be3278eb24988b7d2185173f5dd8f", - "zh:5d70074c10cefb30d4104af54f912e58ffa1b6871277b0a5324c8f13000f5009", - "zh:63623743fb15d54787a96c9761b97a935ff396672e625730cb7a5c1971acf4b6", - "zh:8263f376e6db684667c10e28df8d8d188e02fd09ad58e1ad7075e363c389e24c", - "zh:8b5aa9fd1ddf1de0ab7d462891123405e5af04d7e4d1e4b03381634b3cae4884", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:d00b2d0b374ab92e934eb597668c5f3e415c4cf8335e6a52ab99949b8fcf57dd", - "zh:d0e037725aced6cacc2e0a1903b31083c64f8765fb1263e4f8f891745266b7fb", - "zh:e6e244123bc1df109db90bef0af2a875a0b3afb268f21c3e5bc34753657102ad", - "zh:ec6901ab8b99ae3df50340e9aa86ed3bac1369f5e1403c0362edd9944640fa22", - "zh:f6a4d0ce3bd3d4b81163c4ae75b66e50c10b935c60a63d7fb96df285c0eeca40", - ] -} diff --git a/.terraform.tfstate.lock.info b/.terraform.tfstate.lock.info deleted file mode 100644 index 34ffb6a..0000000 --- a/.terraform.tfstate.lock.info +++ /dev/null @@ -1 +0,0 @@ -{"ID":"2e62e323-2757-03f3-00b9-7821e2e1337b","Operation":"OperationTypeInvalid","Info":"","Who":"edolsen@TL9F224T6G","Version":"1.0.3","Created":"2022-10-10T18:48:56.006498Z","Path":"terraform.tfstate"} \ No newline at end of file From 112deda7089a22fca9ca1a0d8ea9e3fb6859154d Mon Sep 17 00:00:00 2001 From: Edward Olsen Date: Wed, 19 Oct 2022 14:18:00 -0400 Subject: [PATCH 48/55] revert workflow version pin --- .github/workflows/workflow.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 1ff6dbb..1fa45ad 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -17,19 +17,19 @@ jobs: uses: actions/checkout@v1 - name: Run a Terraform init - uses: docker://hashicorp/terraform:1.0.3 + uses: docker://hashicorp/terraform:0.12.13 with: entrypoint: terraform args: init - name: Run a Terraform fmt - uses: docker://hashicorp/terraform:1.0.3 + uses: docker://hashicorp/terraform:0.12.13 with: entrypoint: terraform args: fmt -check=true - name: Run a Terraform validate - uses: docker://hashicorp/terraform:1.0.3 + uses: docker://hashicorp/terraform:0.12.13 env: AWS_REGION: eu-west-1 with: From c6c6cf0dd1d11b29b51479dc6d2327657e2dc90d Mon Sep 17 00:00:00 2001 From: Jay Gentile Date: Fri, 21 Oct 2022 12:53:27 -0500 Subject: [PATCH 49/55] fix(ci): first stab circle config --- .circleci/config.yml | 93 +++++++++++++++++++++++++++++++++ .github/workflows/workflow.yaml | 37 ------------- 2 files changed, 93 insertions(+), 37 deletions(-) create mode 100644 .circleci/config.yml delete mode 100644 .github/workflows/workflow.yaml diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..e26efb8 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,93 @@ +orbs: + terraform-orb: bankrate/terraform@1.2.0 + +version: 2.1 + +workflows: + pipeline: + jobs: + - terraform-orb/fmt: + name: tf-fmt + infrastructure_dir: "." + terraform_version: 1.0.3 + + - terraform-orb/init: + name: example-with-cloudwatch-scheduled-event + checkout: true + save-workspace: true + infrastructure_dir: "./examples/example-with-cloudwatch-scheduled-event" + terraform_version: 1.0.3 + context: qa-terraform-modules-alternate-provider-testing + requires: + - tf-fmt + + - terraform-orb/init: + name: example-with-dynamo-event + checkout: true + save-workspace: true + infrastructure_dir: "./examples/example-with-dynamo-event" + terraform_version: 1.0.3 + context: qa-terraform-modules-alternate-provider-testing + requires: + - tf-fmt + + - terraform-orb/init: + name: example-with-functionurl + checkout: true + save-workspace: true + infrastructure_dir: "./examples/example-with-functionurl" + terraform_version: 1.0.3 + context: qa-terraform-modules-alternate-provider-testing + requires: + - tf-fmt + + - terraform-orb/init: + name: example-with-kinesis-event + checkout: true + save-workspace: true + infrastructure_dir: "./examples/example-with-kinesis-event" + terraform_version: 1.0.3 + context: qa-terraform-modules-alternate-provider-testing + requires: + - tf-fmt + + - terraform-orb/init: + name: example-with-s3-event + checkout: true + save-workspace: true + infrastructure_dir: "./examples/example-with-s3-event" + terraform_version: 1.0.3 + context: qa-terraform-modules-alternate-provider-testing + requires: + - tf-fmt + + - terraform-orb/init: + name: example-with-sqs-event + checkout: true + save-workspace: true + infrastructure_dir: "./examples/example-with-sqs-event" + terraform_version: 1.0.3 + context: qa-terraform-modules-alternate-provider-testing + requires: + - tf-fmt + + - terraform-orb/init: + name: example-with-vpc + checkout: true + save-workspace: true + infrastructure_dir: "./examples/example-with-vpc" + terraform_version: 1.0.3 + context: qa-terraform-modules-alternate-provider-testing + requires: + - tf-fmt + + - terraform-orb/plan: + name: example-without-event + environment: qa + infrastructure_dir: "./examples/example-without-event" + terraform_version: 1.0.3 + attach-workspace: true + save-workspace: false + context: qa-terraform-modules-alternate-provider-testing + requires: + - tf-fmt \ No newline at end of file diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml deleted file mode 100644 index 1fa45ad..0000000 --- a/.github/workflows/workflow.yaml +++ /dev/null @@ -1,37 +0,0 @@ -name: Terraform CI - -on: - pull_request: - branches: - - master - push: - branches: - - master - -jobs: - validate: - name: Validate - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v1 - - - name: Run a Terraform init - uses: docker://hashicorp/terraform:0.12.13 - with: - entrypoint: terraform - args: init - - - name: Run a Terraform fmt - uses: docker://hashicorp/terraform:0.12.13 - with: - entrypoint: terraform - args: fmt -check=true - - - name: Run a Terraform validate - uses: docker://hashicorp/terraform:0.12.13 - env: - AWS_REGION: eu-west-1 - with: - entrypoint: terraform - args: validate From 018b2a294a10df21b56809afe8644a328337ca1d Mon Sep 17 00:00:00 2001 From: Jay Gentile Date: Fri, 21 Oct 2022 12:59:33 -0500 Subject: [PATCH 50/55] fix(ci): remove fmt, pull back to inits only --- .circleci/config.yml | 45 ++++++++++++++++---------------------------- 1 file changed, 16 insertions(+), 29 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index e26efb8..2de574a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -6,11 +6,6 @@ version: 2.1 workflows: pipeline: jobs: - - terraform-orb/fmt: - name: tf-fmt - infrastructure_dir: "." - terraform_version: 1.0.3 - - terraform-orb/init: name: example-with-cloudwatch-scheduled-event checkout: true @@ -18,8 +13,7 @@ workflows: infrastructure_dir: "./examples/example-with-cloudwatch-scheduled-event" terraform_version: 1.0.3 context: qa-terraform-modules-alternate-provider-testing - requires: - - tf-fmt + - terraform-orb/init: name: example-with-dynamo-event @@ -28,8 +22,7 @@ workflows: infrastructure_dir: "./examples/example-with-dynamo-event" terraform_version: 1.0.3 context: qa-terraform-modules-alternate-provider-testing - requires: - - tf-fmt + - terraform-orb/init: name: example-with-functionurl @@ -38,8 +31,7 @@ workflows: infrastructure_dir: "./examples/example-with-functionurl" terraform_version: 1.0.3 context: qa-terraform-modules-alternate-provider-testing - requires: - - tf-fmt + - terraform-orb/init: name: example-with-kinesis-event @@ -48,8 +40,7 @@ workflows: infrastructure_dir: "./examples/example-with-kinesis-event" terraform_version: 1.0.3 context: qa-terraform-modules-alternate-provider-testing - requires: - - tf-fmt + - terraform-orb/init: name: example-with-s3-event @@ -58,8 +49,7 @@ workflows: infrastructure_dir: "./examples/example-with-s3-event" terraform_version: 1.0.3 context: qa-terraform-modules-alternate-provider-testing - requires: - - tf-fmt + - terraform-orb/init: name: example-with-sqs-event @@ -68,8 +58,7 @@ workflows: infrastructure_dir: "./examples/example-with-sqs-event" terraform_version: 1.0.3 context: qa-terraform-modules-alternate-provider-testing - requires: - - tf-fmt + - terraform-orb/init: name: example-with-vpc @@ -78,16 +67,14 @@ workflows: infrastructure_dir: "./examples/example-with-vpc" terraform_version: 1.0.3 context: qa-terraform-modules-alternate-provider-testing - requires: - - tf-fmt - - terraform-orb/plan: - name: example-without-event - environment: qa - infrastructure_dir: "./examples/example-without-event" - terraform_version: 1.0.3 - attach-workspace: true - save-workspace: false - context: qa-terraform-modules-alternate-provider-testing - requires: - - tf-fmt \ No newline at end of file + # - terraform-orb/plan: + # name: example-without-event + # environment: qa + # infrastructure_dir: "./examples/example-without-event" + # terraform_version: 1.0.3 + # attach-workspace: true + # save-workspace: false + # context: qa-terraform-modules-alternate-provider-testing + # requires: + # - tf-fmt \ No newline at end of file From 9c1d14b0e2beebaadc7a8f3b64a36e53a93ebc24 Mon Sep 17 00:00:00 2001 From: Jay Gentile Date: Fri, 21 Oct 2022 13:01:59 -0500 Subject: [PATCH 51/55] fix(ci): add one plan --- .circleci/config.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2de574a..3baa5d9 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -7,12 +7,22 @@ workflows: pipeline: jobs: - terraform-orb/init: - name: example-with-cloudwatch-scheduled-event + name: example-with-cloudwatch-scheduled-event-init checkout: true save-workspace: true infrastructure_dir: "./examples/example-with-cloudwatch-scheduled-event" terraform_version: 1.0.3 context: qa-terraform-modules-alternate-provider-testing + - terraform-orb/plan: + name: example-with-cloudwatch-scheduled-event-plan + environment: qa + infrastructure_dir: "./examples/example-with-cloudwatch-scheduled-event" + terraform_version: 1.0.3 + attach-workspace: true + save-workspace: false + context: qa-terraform-modules-alternate-provider-testing + requires: + - example-with-cloudwatch-scheduled-event-init - terraform-orb/init: From 888eb0ee1d4e514f3ac547b430292a249f4fcf29 Mon Sep 17 00:00:00 2001 From: Jay Gentile Date: Fri, 21 Oct 2022 13:08:18 -0500 Subject: [PATCH 52/55] fix(ci): add all plans to fix whatever errors out --- .circleci/config.yml | 83 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 66 insertions(+), 17 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 3baa5d9..0e9cff3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -26,65 +26,114 @@ workflows: - terraform-orb/init: - name: example-with-dynamo-event + name: example-with-dynamo-event-init checkout: true save-workspace: true infrastructure_dir: "./examples/example-with-dynamo-event" terraform_version: 1.0.3 context: qa-terraform-modules-alternate-provider-testing + - terraform-orb/plan: + name: example-with-dynamo-event-plan + environment: qa + infrastructure_dir: "./examples/example-with-dynamo-event" + terraform_version: 1.0.3 + attach-workspace: true + save-workspace: false + context: qa-terraform-modules-alternate-provider-testing + requires: + - example-with-dynamo-event-init - terraform-orb/init: - name: example-with-functionurl + name: example-with-functionurl-init checkout: true save-workspace: true infrastructure_dir: "./examples/example-with-functionurl" terraform_version: 1.0.3 context: qa-terraform-modules-alternate-provider-testing + - terraform-orb/plan: + name: example-with-functionurl-plan + environment: qa + infrastructure_dir: "./examples/example-with-functionurl" + terraform_version: 1.0.3 + attach-workspace: true + save-workspace: false + context: qa-terraform-modules-alternate-provider-testing + requires: + - example-with-functionurl-init - terraform-orb/init: - name: example-with-kinesis-event + name: example-with-kinesis-event-init checkout: true save-workspace: true infrastructure_dir: "./examples/example-with-kinesis-event" terraform_version: 1.0.3 context: qa-terraform-modules-alternate-provider-testing + - terraform-orb/plan: + name: example-with-kinesis-event-plan + environment: qa + infrastructure_dir: "./examples/example-with-kinesis-event" + terraform_version: 1.0.3 + attach-workspace: true + save-workspace: false + context: qa-terraform-modules-alternate-provider-testing + requires: + - example-with-kinesis-event-init - terraform-orb/init: - name: example-with-s3-event + name: example-with-s3-event-init checkout: true save-workspace: true infrastructure_dir: "./examples/example-with-s3-event" terraform_version: 1.0.3 context: qa-terraform-modules-alternate-provider-testing + - terraform-orb/plan: + name: example-with-s3-event-plan + environment: qa + infrastructure_dir: "./examples/example-with-s3-event" + terraform_version: 1.0.3 + attach-workspace: true + save-workspace: false + context: qa-terraform-modules-alternate-provider-testing + requires: + - example-with-s3-event-init - terraform-orb/init: - name: example-with-sqs-event + name: example-with-sqs-event-init checkout: true save-workspace: true infrastructure_dir: "./examples/example-with-sqs-event" terraform_version: 1.0.3 context: qa-terraform-modules-alternate-provider-testing + - terraform-orb/plan: + name: example-with-sqs-event-plan + environment: qa + infrastructure_dir: "./examples/example-with-sqs-event" + terraform_version: 1.0.3 + attach-workspace: true + save-workspace: false + context: qa-terraform-modules-alternate-provider-testing + requires: + - example-with-sqs-event-init - terraform-orb/init: - name: example-with-vpc + name: example-with-vpc-init checkout: true save-workspace: true infrastructure_dir: "./examples/example-with-vpc" terraform_version: 1.0.3 context: qa-terraform-modules-alternate-provider-testing - - # - terraform-orb/plan: - # name: example-without-event - # environment: qa - # infrastructure_dir: "./examples/example-without-event" - # terraform_version: 1.0.3 - # attach-workspace: true - # save-workspace: false - # context: qa-terraform-modules-alternate-provider-testing - # requires: - # - tf-fmt \ No newline at end of file + - terraform-orb/plan: + name: example-with-sqs-event-plan + environment: qa + infrastructure_dir: "./examples/example-with-vpc" + terraform_version: 1.0.3 + attach-workspace: true + save-workspace: false + context: qa-terraform-modules-alternate-provider-testing + requires: + - example-with-vpc-init \ No newline at end of file From d1018494b3e854471589b09c2097846dbebc7dc2 Mon Sep 17 00:00:00 2001 From: Jay Gentile Date: Fri, 21 Oct 2022 13:30:10 -0500 Subject: [PATCH 53/55] fix(ci): add 8th example test --- .circleci/config.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 0e9cff3..0a4504b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -136,4 +136,23 @@ workflows: save-workspace: false context: qa-terraform-modules-alternate-provider-testing requires: - - example-with-vpc-init \ No newline at end of file + - example-with-vpc-init + + + - terraform-orb/init: + name: example-without-event-init + checkout: true + save-workspace: true + infrastructure_dir: "./examples/example-without-event" + terraform_version: 1.0.3 + context: qa-terraform-modules-alternate-provider-testing + - terraform-orb/plan: + name: example-without-event-plan + environment: qa + infrastructure_dir: "./examples/example-without-event" + terraform_version: 1.0.3 + attach-workspace: true + save-workspace: false + context: qa-terraform-modules-alternate-provider-testing + requires: + - example-without-event-init \ No newline at end of file From 36d0cfb94776b6e0ab6dabff3d0360aa0355457a Mon Sep 17 00:00:00 2001 From: andrew-rv <90066856+andrew-rv@users.noreply.github.com> Date: Thu, 23 Feb 2023 11:03:34 -0600 Subject: [PATCH 54/55] Update config.yml --- .circleci/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 0a4504b..7570935 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -12,7 +12,7 @@ workflows: save-workspace: true infrastructure_dir: "./examples/example-with-cloudwatch-scheduled-event" terraform_version: 1.0.3 - context: qa-terraform-modules-alternate-provider-testing + context: qa-environment - terraform-orb/plan: name: example-with-cloudwatch-scheduled-event-plan environment: qa @@ -20,7 +20,7 @@ workflows: terraform_version: 1.0.3 attach-workspace: true save-workspace: false - context: qa-terraform-modules-alternate-provider-testing + context: qa-environment requires: - example-with-cloudwatch-scheduled-event-init @@ -155,4 +155,4 @@ workflows: save-workspace: false context: qa-terraform-modules-alternate-provider-testing requires: - - example-without-event-init \ No newline at end of file + - example-without-event-init From 7626e0443551d0d3fc5edb52971db266e75afcb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Candrew-rv=E2=80=9D?= Date: Thu, 23 Feb 2023 11:15:37 -0600 Subject: [PATCH 55/55] Test3 --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 501ffc7..33d1afd 100644 --- a/variables.tf +++ b/variables.tf @@ -1,4 +1,4 @@ -## optional vars for RV modules should default but be exposed +## optional vars for RV modules should default but be exposed variable "enable_newrelic" { type = bool description = "(optional) describe your variable"