From a4c4a7ae611b3d25042eb9f2359614dd76d1d1ad Mon Sep 17 00:00:00 2001
From: Stefan Freitag <stefan.freitag@udo.edu>
Date: Tue, 20 Aug 2024 20:00:41 +0200
Subject: [PATCH] feat: allow to pass lambda insights layer arn

---
 main.tf      | 25 ++++++++++++++++---------
 variables.tf |  6 ++++++
 2 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/main.tf b/main.tf
index 641e984..90bbdc7 100644
--- a/main.tf
+++ b/main.tf
@@ -92,7 +92,12 @@ EOF
   tags               = var.tags
 }
 
-# IAM role attachment
+resource "aws_iam_role_policy_attachment" "fsx_health_lambda_insights" {
+  count      = var.lambda_insights_layers_arn == null ? 0 : 1
+  role       = aws_iam_role.fsx_health_lambda_role.name
+  policy_arn = "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy"
+}
+
 resource "aws_iam_role_policy_attachment" "fsx_health_permissions" {
   role       = aws_iam_role.fsx_health_lambda_role.name
   policy_arn = aws_iam_policy.fsx_health_lambda_role_policy.arn
@@ -103,14 +108,16 @@ resource "aws_iam_role_policy_attachment" "fsx_health_permissions" {
 
 # Lambda function
 resource "aws_lambda_function" "fsx_health_lambda" {
-  filename                       = data.archive_file.status_checker_code.output_path
-  function_name                  = "fsx-health-lambda-function-${random_id.id.hex}"
-  description                    = "Monitor the FSx lifecycle status"
-  role                           = aws_iam_role.fsx_health_lambda_role.arn
-  handler                        = "index.lambda_handler"
-  runtime                        = "python3.12"
-  memory_size                    = var.memory_size
-  timeout                        = var.timeout
+  filename      = data.archive_file.status_checker_code.output_path
+  function_name = "fsx-health-lambda-function-${random_id.id.hex}"
+  description   = "Monitor the FSx lifecycle status"
+  role          = aws_iam_role.fsx_health_lambda_role.arn
+  handler       = "index.lambda_handler"
+  runtime       = "python3.12"
+  memory_size   = var.memory_size
+  timeout       = var.timeout
+  layers        = var.lambda_insights_layers_arn == null ? [] : [var.lambda_insights_layers_arn]
+
   reserved_concurrent_executions = 1
   tracing_config {
     mode = "Active"
diff --git a/variables.tf b/variables.tf
index 6d2c220..4e1fa06 100644
--- a/variables.tf
+++ b/variables.tf
@@ -62,6 +62,12 @@ variable "ignore_states" {
   }
 }
 
+variable "lambda_insights_layers_arn" {
+  description = "The ARN of the Lambda Insights layer. Default is `null`."
+  type        = string
+  default     = null
+}
+
 variable "log_retion_period_in_days" {
   type        = number
   default     = 365