This module creates a set of AWS Lambda resources including the packaging of function code.
- AWS Lambda function
- AWS Lambda IAM role
- (optional) SSM IAM policy to allow the function access to a specified set of SSM parameters
- (optional) KMS IAM policy to allow the function access to the KMS key used for decryption
- (optional) VPC attachment IAM policy to allow the function access to VPC resources
- (optional) Adds X-Ray write only policy if tracing is enabled
| Name | Version |
|---|---|
| archive | n/a |
| aws | n/a |
| Name | Source | Version |
|---|---|---|
| labels | cloudposse/label/null | 0.25.0 |
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.this | resource |
| aws_iam_policy.kms_policy | resource |
| aws_iam_policy.ssm_policy | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy_attachment.aws_xray_write_only_access | resource |
| aws_iam_role_policy_attachment.cloudwatch_logs_upload_permission | resource |
| aws_iam_role_policy_attachment.kms_policy_attachment | resource |
| aws_iam_role_policy_attachment.ssm_policy_attachment | resource |
| aws_iam_role_policy_attachment.vpc_attachment | resource |
| aws_kms_key.kms_key | resource |
| aws_lambda_function.this | resource |
| archive_file.this | data source |
| aws_caller_identity.this | data source |
| aws_iam_policy_document.assume_role_policy | data source |
| aws_iam_policy_document.kms_policy_document | data source |
| aws_iam_policy_document.ssm_policy_document | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| architectures | Instruction set architecture for your Lambda function. | list(string) |
[ |
no |
| assume_role_policy_principles | Principles which can assume the lambdas role. | list(string) |
[ |
no |
| aws_region | AWS Region | string |
n/a | yes |
| cloudwatch_kms_key_arn | The ARN of the KMS Key to use when encrypting log data | string |
null |
no |
| cloudwatch_retention_in_days | The number of days you want to retain log events in lambda's log group | number |
14 |
no |
| description | A description of the lambda function. | any |
n/a | yes |
| disable_label_function_name_prefix | Indicates if prefixing of the lambda function name should be disabled. Defaults to false | bool |
false |
no |
| enable_cloudwatch_logs | Enable cloudwatch logs | bool |
true |
no |
| enable_tracing | Enable tracing of requests. If tracing is enabled, tracing mode needs to be specified. | bool |
false |
no |
| environment_variables | Environment variables | map(string) |
{} |
no |
| function_name | A unique name for the lambda function. | string |
n/a | yes |
| handler | The function entrypoint. | string |
n/a | yes |
| include_region | If set to true the current providers region will be appended to any global AWS resources such as IAM roles | bool |
false |
no |
| kms_key_arn | KMS key used for decryption | string |
"" |
no |
| lambda_code_dir | A directory containing the code that needs to be packaged. | string |
"src" |
no |
| layers | Expected Layers to attach to the lambda | list(string) |
[] |
no |
| memory_size | Amount of memory in MB your Lambda Function can use at runtime | string |
"128" |
no |
| name | n/a | string |
"function" |
no |
| namespace | n/a | string |
n/a | yes |
| publish_lambda | Whether to publish creation/change as new Lambda Function Version. | bool |
false |
no |
| reserved_concurrent_executions | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. | number |
-1 |
no |
| runtime | The runtime environment for the Lambda function. Valid Values: nodejs10.x | nodejs12.x | java8 | java11 | python2.7 | python3.6 | python3.7 | python3.8 | dotnetcore2.1 | dotnetcore3.1 | go1.x | ruby2.5 | ruby2.7 | provided | string |
n/a | yes |
| ssm_parameter_names | Names of SSM parameters that lambda will be able to access | list(string) |
[] |
no |
| stage | n/a | string |
n/a | yes |
| tags | n/a | map(string) |
n/a | yes |
| timeout | timeout | any |
n/a | yes |
| tracing_mode | Required if tracing is enabled. Possible values: PassThrough or Active. See https://www.terraform.io/docs/providers/aws/r/lambda_function.html#mode | string |
null |
no |
| vpc_security_group_ids | Allows the function to access VPC (if both 'subnet_ids' and 'security_group_ids' are empty then vpc_config is considered to be empty or unset, see https://docs.aws.amazon.com/lambda/latest/dg/vpc.html for details). | list(string) |
[] |
no |
| vpc_subnet_ids | Allows the function to access VPC subnets (if both 'subnet_ids' and 'security_group_ids' are empty then vpc_config is considered to be empty or unset, see https://docs.aws.amazon.com/lambda/latest/dg/vpc.html for details). | list(string) |
[] |
no |
| Name | Description |
|---|---|
| cloudwatch_log_group_arn | The ARN of the cloudwatch log group |
| lambda_arn | The ARN of the lambda function |
| lambda_invoke_arn | The invoke ARN of the lambda function |
| lambda_kms_key_arn | The ARN for the KMS encryption key of lambda function |
| lambda_last_modified | The date lambda function resource was last modified |
| lambda_name | The name of the lambda function |
| lambda_qualified_arn | The ARN identifying lambda function version |
| lambda_role_arn | The ARN of the IAM role created for the lambda function |
| lambda_role_name | The Name of the IAM role created for the lambda function |
| lambda_source_code_hash | Base64-encoded representation of raw SHA-256 sum of the zip file |
| lambda_source_code_size | The size in bytes of the function .zip file |
| lambda_version | Latest published version of lambda function |