This Terraform module creates and uploads an AWS Lambda function and hides the ugly parts from you.
- Only appears in the Terraform plan when there are legitimate changes.
- Creates a standard IAM role and policy for CloudWatch Logs.
- You can add additional policies if required.
- Zips up a source file or directory.
- Installs dependencies from
requirements.txtfor Python functions.- It only does this when necessary, not every time.
- Python 2.7 or higher
- Linux/Unix/Windows
module "lambda" {
source = "github.com/claranet/terraform-aws-lambda"
function_name = "deployment-deploy-status"
description = "Deployment deploy status task"
handler = "main.lambda_handler"
runtime = "python3.6"
timeout = 300
// Specify a file or directory for the source code.
source_path = "${path.module}/lambda.py"
// Attach a policy.
attach_policy = true
policy = "${data.aws_iam_policy_document.lambda.json}"
// Add a dead letter queue.
attach_dead_letter_config = true
dead_letter_config {
target_arn = "${var.dead_letter_queue_arn}"
}
// Add environment variables.
environment {
variables {
SLACK_URL = "${var.slack_url}"
}
}
// Deploy into a VPC.
attach_vpc_config = true
vpc_config {
subnet_ids = ["${aws_subnet.test.id}"]
security_group_ids = ["${aws_security_group.test.id}"]
}
// Trigger from a Cloudwatch Events rule.
attach_cloudwatch_rule_config = true
cloudwatch_rule_config {
name = "scheduled-run"
enabled = true // set this to false if you want to have the trigger declared but disabled
description = "Run my lambda every day at 8pm"
schedule_expression = "cron(0 20 * * ? *)"
input = "{\"key\": \"value\"}"
}
}IAM and Lambda function names need to be globally unique within your account.
If you will be deploying this template to multiple regions, you must make the
function name unique per region, for example by setting
function_name = "deployment-deploy-status-${data.aws_region.current.name}"
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| attach_cloudwatch_rule_config | Set this to true if using the cloudwatch_rule_config variable | string | false |
no |
| attach_dead_letter_config | Set this to true if using the dead_letter_config variable | string | "false" |
no |
| attach_policy | Set this to true if using the policy variable | string | "false" |
no |
| attach_vpc_config | Set this to true if using the vpc_config variable | string | "false" |
no |
| build_command | The command that creates the Lambda package zip file | string | "python build.py '$filename' '$runtime' '$source'" |
no |
| build_paths | The files or directories used by the build command, to trigger new Lambda package builds whenever build scripts change | list | <list> |
no |
| cloudwatch_rule_config | Cloudwatch Rule for the Lambda function | map | <map> |
no |
| dead_letter_config | Dead letter configuration for the Lambda function | map | <map> |
no |
| description | Description of what your Lambda function does | string | "Managed by Terraform" |
no |
| enable_cloudwatch_logs | Set this to false to disable logging your Lambda output to CloudWatch Logs | string | "true" |
no |
| environment | Environment configuration for the Lambda function | map | <map> |
no |
| function_name | A unique name for your Lambda function (and related IAM resources) | string | n/a | yes |
| handler | The function entrypoint in your code | string | n/a | yes |
| lambda_at_edge | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | string | "false" |
no |
| memory_size | Amount of memory in MB your Lambda function can use at runtime | string | "128" |
no |
| policy | An addional policy to attach to the Lambda function | string | "" |
no |
| publish | Whether to publish creation/change as new Lambda Function Version | string | "false" |
no |
| reserved_concurrent_executions | The amount of reserved concurrent executions for this Lambda function | string | "0" |
no |
| runtime | The runtime environment for the Lambda function | string | n/a | yes |
| s3_bucket | The S3 bucket location containing the function's deployment package. Required when source_from_s3 = true. This bucket must reside in the same AWS region where you are creating the Lambda function. |
string | - | no |
| s3_key | The S3 key of an object containing the function's deployment package. Required when source_from_s3 = true |
string | - | no |
| source_from_s3 | Set this to true if fetching the Lambda source code from S3. | string | false |
no |
| source_path | The source file or directory containing your Lambda source code. Ignored when source_from_s3 = true |
string | `` | no |
| tags | A mapping of tags | map | <map> |
no |
| timeout | The amount of time your Lambda function had to run in seconds | string | "10" |
no |
| vpc_config | VPC configuration for the Lambda function | map | <map> |
no |
| Name | Description |
|---|---|
| cloudwatch_rule_arn | The ARN of the Cloudwatch rule |
| function_arn | The ARN of the Lambda function |
| function_name | The name of the Lambda function |
| function_qualified_arn | The qualified ARN of the Lambda function |
| role_arn | The ARN of the IAM role created for the Lambda function |
| role_name | The name of the IAM role created for the Lambda function |