AWS Lambda Function Terraform Module¶
terraform-aws-arc-lambda-function¶
Overview¶
The ARC Terraform module provides a comprehensive and unified solution for deploying AWS Lambda functions on AWS. This versatile module supports multiple deployment methods including local source code, S3-based deployments, and container images, allowing you to choose the deployment approach that best fits your application requirements and operational needs.
Prerequisites¶
Before using this module, ensure you have the following:
- AWS credentials configured.
- Terraform installed.
- A working knowledge of Terraform.
Getting Started¶
- Define the Module
Initially, it's essential to define a Terraform module, which is organized as a distinct directory encompassing Terraform configuration files. Within this module directory, input variables and output values must be defined in the variables.tf and outputs.tf files, respectively. The following illustrates an example directory structure:
- Define Input Variables
Inside the variables.tf
or in *.tfvars
file, you should define values for the variables that the module requires.
- Use the Module in Your Main Configuration In your main Terraform configuration file (e.g., main.tf), you can use the module. Specify the source of the module, and version, For Example
- Output Values
Inside the outputs.tf
file of the module, you can define output values that can be referenced in the main configuration. For example:
- .tfvars
Inside the .tfvars
file of the module, you can provide desired values that can be referenced in the main configuration.
First Time Usage¶
uncomment the backend block in main.tf
terraform init
should be fine
Create a dev
workspace
Plan Terraform
Apply Terraform
Production Setup¶
Create a prod
workspace
Plan Terraform
Apply Terraform
Requirements¶
Name | Version |
---|---|
terraform | >= 1.3.0 |
archive | >= 2.0 |
aws | >= 5.0 |
null | ~> 3.2 |
Providers¶
Name | Version |
---|---|
aws | 6.8.0 |
null | 3.2.4 |
Modules¶
No modules.
Resources¶
Name | Type |
---|---|
aws_cloudwatch_log_group.lambda | resource |
aws_iam_role.lambda | resource |
aws_iam_role_policy.lambda_execution | resource |
aws_lambda_alias.this | resource |
aws_lambda_function.this | resource |
aws_lambda_function_url.this | resource |
aws_lambda_permission.this | resource |
aws_lambda_provisioned_concurrency_config.this | resource |
aws_sqs_queue.dlq | resource |
null_resource.validate_deployment_package | resource |
null_resource.validate_package_compatibility | resource |
aws_caller_identity.current | data source |
aws_iam_policy_document.lambda_assume_role | data source |
aws_iam_policy_document.lambda_execution | data source |
aws_region.current | data source |
Inputs¶
Name | Description | Type | Default | Required |
---|---|---|---|---|
alias_description | Description of the alias | string |
"Lambda function alias" |
no |
alias_function_version | Lambda function version for which you are creating the alias | string |
null |
no |
alias_name | Name for the alias | string |
"live" |
no |
alias_routing_config | The Lambda alias routing configuration | object({ |
null |
no |
architectures | Instruction set architecture for your Lambda function | list(string) |
[ |
no |
attach_policy_statements | Whether to attach additional policy statements to the Lambda role | bool |
false |
no |
code_signing_config_arn | ARN of code signing config | string |
null |
no |
create_alias | Whether to create an alias for the Lambda function | bool |
false |
no |
create_dlq | Whether to create a dead letter queue (SQS) for the Lambda function | bool |
false |
no |
create_function_url | Whether to create a Lambda function URL | bool |
false |
no |
create_log_group | Whether to create a CloudWatch log group for the Lambda function | bool |
true |
no |
create_role | Whether to create an IAM role for the Lambda function | bool |
true |
no |
dead_letter_config | Dead letter queue configuration | object({ |
null |
no |
description | Description of what your Lambda Function does | string |
"Lambda function created by Terraform" |
no |
dlq_message_retention_seconds | The number of seconds Amazon SQS retains a message in the DLQ | number |
1209600 |
no |
dlq_name | Name of the dead letter queue (if create_dlq is true) | string |
null |
no |
environment_variables | Map of environment variables that are accessible from the function code during execution | map(string) |
{} |
no |
ephemeral_storage | Ephemeral storage size in MB (512-10240) | number |
512 |
no |
file_system_config | File system configuration for the Lambda function | object({ |
null |
no |
filename | Path to the function's deployment package within the local filesystem | string |
null |
no |
function_name | Name of the Lambda function | string |
n/a | yes |
function_tags | A map of tags to assign specifically to the Lambda function | map(string) |
{} |
no |
function_url_config | Lambda function URL configuration | object({ |
{ |
no |
handler | Function entrypoint in your code | string |
"index.handler" |
no |
image_config | Configuration for Lambda when using container images | object({ |
null |
no |
image_uri | ECR image URI containing the function's deployment package | string |
null |
no |
kms_key_arn | Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that's used to encrypt your function's environment variables | string |
null |
no |
lambda_insights_enabled | Whether to enable Lambda Insights for the function | bool |
false |
no |
lambda_insights_version | Version of the Lambda Insights layer | string |
"1" |
no |
lambda_permissions | Map of Lambda permissions to create | map(object({ |
{} |
no |
log_group_kms_key_id | The ARN of the KMS Key to use when encrypting log data | string |
null |
no |
log_group_name | Name of the CloudWatch log group | string |
null |
no |
log_retention_in_days | Specifies the number of days you want to retain log events in the specified log group | number |
14 |
no |
logging_config | Logging configuration for Lambda function | object({ |
null |
no |
memory_size | Amount of memory in MB your Lambda Function can use at runtime | number |
128 |
no |
package_type | Lambda deployment package type (Zip or Image) | string |
"Zip" |
no |
policy_statements | Map of policy statements to attach to the Lambda role | map(object({ |
{} |
no |
provisioned_concurrency_config | Provisioned concurrency configuration | object({ |
null |
no |
publish | Whether to publish creation/change as new Lambda Function Version | bool |
false |
no |
replace_security_groups_on_destroy | Whether to force replacement of security groups on destroy | bool |
false |
no |
replacement_security_group_ids | List of replacement security group IDs to use | list(string) |
[] |
no |
reserved_concurrent_executions | Amount of reserved concurrent executions for this lambda function | number |
-1 |
no |
role | IAM role ARN attached to the Lambda Function. If not provided, a role will be created | string |
null |
no |
role_name | Name of the IAM role to create (if create_role is true) | string |
null |
no |
role_path | Path of the IAM role | string |
"/" |
no |
role_permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the role | string |
null |
no |
runtime | Runtime for the Lambda function (e.g., python3.9, nodejs18.x, java11, etc.) | string |
"python3.9" |
no |
s3_bucket | S3 bucket location containing the function's deployment package | string |
null |
no |
s3_key | S3 key of an object containing the function's deployment package | string |
null |
no |
s3_object_version | Object version containing the function's deployment package | string |
null |
no |
snap_start | SnapStart configuration for Lambda function | object({ |
null |
no |
source_code_hash | Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key | string |
null |
no |
tags | A map of tags to assign to the resource | map(string) |
{} |
no |
timeout | Amount of time your Lambda Function has to run in seconds | number |
3 |
no |
tracing_config | Tracing configuration for Lambda function | object({ |
null |
no |
vpc_config | VPC configuration for the Lambda function | object({ |
null |
no |
Outputs¶
Name | Description |
---|---|
lambda_alias_arn | The Amazon Resource Name (ARN) identifying the Lambda function alias |
lambda_alias_description | Description of the Lambda function alias |
lambda_alias_function_version | Lambda function version which the alias uses |
lambda_alias_invoke_arn | The ARN to be used for invoking Lambda Function alias from API Gateway |
lambda_alias_name | The name of the Lambda function alias |
lambda_cloudwatch_log_group_arn | The Amazon Resource Name (ARN) specifying the log group |
lambda_cloudwatch_log_group_name | The name of the CloudWatch Log Group |
lambda_dead_letter_queue_arn | The ARN of the SQS queue used as dead letter queue |
lambda_dead_letter_queue_name | The name of the SQS queue used as dead letter queue |
lambda_dead_letter_queue_url | The URL of the SQS queue used as dead letter queue |
lambda_function_arn | The Amazon Resource Name (ARN) identifying your Lambda Function |
lambda_function_environment_variables | The Lambda function environment variables |
lambda_function_invoke_arn | The ARN to be used for invoking Lambda Function from API Gateway |
lambda_function_kms_key_arn | The ARN of the KMS Key used to encrypt your Lambda Function's environment variables |
lambda_function_last_modified | The date this resource was last modified |
lambda_function_name | The name of the Lambda Function |
lambda_function_qualified_arn | The Amazon Resource Name (ARN) identifying your Lambda Function Version |
lambda_function_signing_job_arn | ARN of the signing job |
lambda_function_signing_profile_version_arn | ARN of the signing profile version |
lambda_function_source_code_hash | Base64-encoded representation of raw SHA-256 sum of the zip file |
lambda_function_source_code_size | The size in bytes of the function .zip file |
lambda_function_tags | The Lambda function tags |
lambda_function_url | The HTTP URL endpoint for the Lambda function |
lambda_function_url_id | The generated ID for the endpoint |
lambda_function_version | Latest published version of your Lambda Function |
lambda_function_vpc_config | The Lambda function VPC configuration |
lambda_provisioned_concurrency_config_id | The ID of the provisioned concurrency configuration |
lambda_role_arn | The Amazon Resource Name (ARN) specifying the Lambda IAM role |
lambda_role_name | The name of the Lambda IAM role |
lambda_role_unique_id | The stable and unique string identifying the Lambda IAM role |
Versioning¶
This project uses a .version
file at the root of the repo which the pipeline reads from and does a git tag.
When you intend to commit to main
, you will need to increment this version. Once the project is merged,
the pipeline will kick off and tag the latest git commit.
Development¶
Prerequisites¶
Configurations¶
- Configure pre-commit hooks
Versioning¶
while Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch
For Example
Tests¶
- Tests are available in
test
directory - Configure the dependencies
- Now execute the test
Authors¶
This project is authored by: - SourceFuse ARC Team