This Terraform module creates and uploads an AWS Lambda function and hides the ugly parts from you.
- Only appears in the Terraform plan when there are legitimate changes.
- Creates a standard IAM role and policy for CloudWatch Logs.
- You can add additional policies if required.
- Zips up a source file or directory.
- Installs dependencies from
requirements.txtfor Python functions.- It only does this when necessary, not every time.
- Python
- Linux/Unix
module "lambda" {
source = "github.com/claranet/terraform-aws-lambda"
function_name = "deployment-deploy-status"
description = "Deployment deploy status task"
handler = "main.lambda_handler"
runtime = "python3.6"
timeout = 300
// Specify a file or directory for the source code.
source_path = "${path.module}/lambda.py"
// Attach a policy.
policy = {
json = data.aws_iam_policy_document.lambda.json
}
// Add a dead letter queue.
dead_letter_config {
target_arn = aws_sqs_queue.dlq.arn
}
// Add environment variables.
environment = {
variables = {
SLACK_URL = var.slack_url
}
}
// Deploy into a VPC.
attach_vpc_config = true
vpc_config = {
subnet_ids = [aws_subnet.test.id]
security_group_ids = [aws_security_group.test.id]
}
}Inputs for this module are the same as the aws_lambda_function resource with the following additional arguments:
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| source_path | The absolute path to a local file or directory containing your Lambda source code | string | yes | |
| build_script | The path to the script which will compile a zip of the lambda function | string | "build.py" |
no |
| cloudwatch_logs | Set this to false to disable logging your Lambda output to CloudWatch Logs | bool | true | no |
| policy | An additional policy to attach to the Lambda function role | object({json=string}) | no | |
| trusted_entities | Additional trusted entities for the Lambda function. The lambda.amazonaws.com (and edgelambda.amazonaws.com if lambda_at_edge is true) is always set | list(string) |
no |
The following arguments from the aws_lambda_function resource are not supported:
- filename (use source_path instead)
- role (one is automatically created)
- s3_bucket
- s3_key
- s3_object_version
- source_code_hash (changes are handled automatically)
| Name | Description |
|---|---|
| function_arn | The ARN of the Lambda function |
| function_invoke_arn | The Invoke ARN of the Lambda function |
| function_name | The name of the Lambda function |
| role_arn | The ARN of the IAM role created for the Lambda function |
| role_name | The name of the IAM role created for the Lambda function |