sudoblark.terraform.module.aws.lambda

Terraform module to create N number of lambdas from ZIPs or URIs. - repo managed by sudoblark.terraform.github

Developer documentation

The below documentation is intended to assist a developer with interacting with the Terraform module in order to add, remove or update functionality.

Pre-requisites

• terraform_docs

brew install terraform_docs

• tfenv

git clone https://github.com/tfutils/tfenv.git ~/.tfenv
echo 'export PATH="$HOME/.tfenv/bin:$PATH"' >> ~/.bash_profile

• Virtual environment with pre-commit installed

python3 -m venv venv
source venv/bin/activate
pip install pre-commit

Pre-commit hooks

This repository utilises pre-commit in order to ensure a base level of quality on every commit. The hooks may be installed as follows:

source venv/bin/activate
pip install pre-commit
pre-commit install
pre-commit run --all-files

Module documentation

The below documentation is intended to assist users in utilising the module, the main thing to note is the data structure section which outlines the interface by which users are expected to interact with the module itself, and the examples section which has examples of how to utilise the module.

Requirements

Name	Version
terraform	~> 1.5.0
aws	>= 5.61.0

Providers

Name	Version
aws	5.70.0

Modules

Name	Source	Version
lambdas	./modules/lambda	n/a

Resources

Name	Type
aws_caller_identity.current_account	data source
aws_iam_policy_document.attached_policies	data source
aws_region.current_region	data source

Inputs

Name	Description	Type	Default	Required
application_name	Name of the application utilising resource.	string	n/a	yes
environment	Which environment this is being instantiated in.	string	n/a	yes
raw_lambdas	Data structure --------------- A list of dictionaries, where each dictionary has the following attributes: REQUIRED --------- - name : The friendly name of for the lambda - description : A human-friendly description of the lambda - iam_policy_statements : A list of dictionaries where each dictionary is an IAM statement defining lambda permissions -- Each dictionary in this list must define the following attributes: --- sid: Friendly name for the policy, no spaces or special characters allowed --- actions: A list of IAM actions the lambda is allowed to perform --- resources: Which resource(s) the lambda may perform the above actions against --- conditions : An OPTIONAL list of dictionaries, which each defines: ---- test : Test condition for limiting the action ---- variable : Value to test ---- values : A list of strings, denoting what to test for MUTUALLY_EXCLUSIVE --------- There are a few flavours of lambdas supported, but they are mutually exclusive. You can have both in the same collection, but you can't have both for the same lambda. i.e. you can have one dictionary for ZIP and one for containers, but not ZIP and container information in the same lambda For ZIP based lambdas, the following arguments are needed: - source_folder : Folder where the zipped lambda lives under src/lambda.zip - handler : file.function reference for the lambda handler, i.e. its entrypoint For container based lambdas, the following arguments are needed: - image_uri : URI of the image to utilise - image_tag : Version of image to use, defaults to "latest" OPTIONAL --------- - environment_variables : A dictionary of env vars to mount for the lambda at runtime, defaults to an empty dictionary - runtime : Runtime version to utilise for lambda, defaults to python3.9 - timeout : Timeout (in seconds) for the lambda, defaults to 900 - memory : MBs of memory lambda should be allocated, defaults to 512 - security_group_ids : IDs of security groups the lambda should utilise - lambda_subnet_ids : Private IPs which the lambda may utilise for runtime - storage : MBs of storage lambda should be allocated, defaults to 512 - common_lambda_layers : ARNs of lambda layers to include. - destination_on_failure: ARN of resource to notify when an invocation fails.	list( object({ source_folder = optional(string, null), image_uri = optional(string, null), image_tag = optional(string, "latest"), name = string, description = string, handler = optional(string, null), security_group_ids = optional(list(string)), lambda_subnet_ids = optional(list(string)), common_lambda_layers = optional(list(string), []), iam_policy_statements = list( object({ sid = string, actions = list(string), resources = list(string), conditions = optional(list( object({ test : string, variable : string, values = list(string) }) ), []) }) ), environment_variables = optional(map(string), {}), runtime = optional(string, "python3.9"), timeout = optional(string, "900"), memory = optional(string, "512"), storage = optional(string, "512") destination_on_failure = optional(string, null) }) )	n/a	yes

Outputs

No outputs.

Data structure

Data structure
---------------
A list of dictionaries, where each dictionary has the following attributes:

REQUIRED
---------
- name                  : The friendly name of for the lambda
- description           : A human-friendly description of the lambda
- iam_policy_statements : A list of dictionaries where each dictionary is an IAM statement defining lambda permissions
-- Each dictionary in this list must define the following attributes:
--- sid: Friendly name for the policy, no spaces or special characters allowed
--- actions: A list of IAM actions the lambda is allowed to perform
--- resources: Which resource(s) the lambda may perform the above actions against
--- conditions    : An OPTIONAL list of dictionaries, which each defines:
---- test         : Test condition for limiting the action
---- variable     : Value to test
---- values       : A list of strings, denoting what to test for

MUTUALLY_EXCLUSIVE
---------
There are a few flavours of lambdas supported, but they are mutually exclusive.
You can have both in the same collection, but you can't have both for the same lambda.
i.e. you can have one dictionary for ZIP and one for containers, but not ZIP and container
information in the same lambda

For ZIP based lambdas, the following arguments are needed:
- source_folder         : Folder where the zipped lambda lives under src/lambda.zip
- handler               : file.function reference for the lambda handler, i.e. its entrypoint

For container based lambdas, the following arguments are needed:
- image_uri             : URI of the image to utilise
- image_tag             : Version of image to use, defaults to "latest"

OPTIONAL
---------
- environment_variables : A dictionary of env vars to mount for the lambda at runtime, defaults to an empty dictionary
- runtime               : Runtime version to utilise for lambda, defaults to python3.9
- timeout               : Timeout (in seconds) for the lambda, defaults to 900
- memory                : MBs of memory lambda should be allocated, defaults to 512
- security_group_ids    : IDs of security groups the lambda should utilise
- lambda_subnet_ids     : Private IPs which the lambda may utilise for runtime
- storage               : MBs of storage lambda should be allocated, defaults to 512
- common_lambda_layers  : ARNs of lambda layers to include.
- destination_on_failure: ARN of resource to notify when an invocation fails.

Examples

See examples folder for an example setup.