Home

Awesome

Modernisation Platform Lambda Function Terraform Module

Standards Icon Format Code Icon Scorecards IconSCA Icon Terraform SCA Icon

Usage


module "lambda" {
  source                         = "github.com/ministryofjustice/modernisation-platform-terraform-lambda-function"
  application_name               = local.application_name
  tags                           = local.tags
  description                    = "lambda description"
  role_name                      = local.lambda_role_name
  policy_json                    = data.aws_iam_policy_document.lambda_policy.json
  function_name                  = local.lambda_function_name
  create_role                    = true
  reserved_concurrent_executions = 1
  environment_variables = {
    "key1" = "value1"
  }
  image_uri    = local.ecr_image_uri
  timeout      = 600
  tracing_mode = "Active"

  allowed_triggers = {
    AllowStopExecutionFromCloudWatch = {
      principal  = "events.amazonaws.com"
      source_arn = aws_cloudwatch_event_rule.lambda_cloudwatch_schedule_morning.arn
    }
    AllowStartExecutionFromCloudWatch = {
      principal  = "events.amazonaws.com"
      source_arn = aws_cloudwatch_event_rule.lambda_cloudwatch_schedule_evening.arn
    }
  }

}

Looking for issues?

If you're looking to raise an issue with this module, please create a new issue in the Modernisation Platform repository.

<!-- BEGIN_TF_DOCS -->

Requirements

NameVersion
<a name="requirement_terraform"></a> terraform>= 1.0.1
<a name="requirement_aws"></a> aws~> 5.0

Providers

NameVersion
<a name="provider_aws"></a> aws~> 5.0

Modules

No modules.

Resources

NameType
aws_iam_policy.policy_from_jsonresource
aws_iam_role.thisresource
aws_iam_role_policy_attachment.policy_arnsresource
aws_iam_role_policy_attachment.policy_from_jsonresource
aws_lambda_function.thisresource
aws_lambda_function_event_invoke_config.thisresource
aws_lambda_permission.allowed_triggersresource
aws_iam_policy_document.assume_roledata source
aws_iam_policy_document.combined-assume-role-policydata source

Inputs

NameDescriptionTypeDefaultRequired
<a name="input_additional_trust_roles"></a> additional_trust_rolesARN of other roles to be passed as principals for sts:AssumeRolelist(string)[]no
<a name="input_additional_trust_statements"></a> additional_trust_statementsJson attributes of additional iam policy documents to add to the trust policylist(string)[]no
<a name="input_allowed_triggers"></a> allowed_triggersMap of allowed triggers to create Lambda permissionsmap(any){}no
<a name="input_application_name"></a> application_nameName of applicationstringn/ayes
<a name="input_create_role"></a> create_roleControls whether IAM role for Lambda Function should be createdbooltrueno
<a name="input_description"></a> descriptionDescription of your Lambda Function (or Layer)string""no
<a name="input_environment_variables"></a> environment_variablesA map that defines environment variables for the Lambda Function.map(string){}no
<a name="input_filename"></a> filenameThe absolute path to an existing zip-file to usestringnullno
<a name="input_function_name"></a> function_nameA unique name for your Lambda Functionstring""no
<a name="input_handler"></a> handlerLambda Function entrypoint in your codestringnullno
<a name="input_image_uri"></a> image_uriThe ECR image URI containing the function's deployment package.stringnullno
<a name="input_lambda_role"></a> lambda_roleIAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details.string""no
<a name="input_memory_size"></a> memory_sizeAmount of memory in MB your Lambda Function can use at runtimenumber128no
<a name="input_package_type"></a> package_typeThe Lambda deployment package type. Valid options: Image or Zipstring"Image"no
<a name="input_policy_arns"></a> policy_arnsList of policy statements ARN to attach to Lambda Function rolelist(string)[]no
<a name="input_policy_json"></a> policy_jsonAn policy document as JSON to attach to the Lambda Function rolestringnullno
<a name="input_policy_json_attached"></a> policy_json_attachedA json policy document is being passed into the moduleboolfalseno
<a name="input_policy_name"></a> policy_nameIAM policy name. It override the default value, which is the same as role_namestringnullno
<a name="input_reserved_concurrent_executions"></a> reserved_concurrent_executionsThe amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1.number-1no
<a name="input_role_description"></a> role_descriptionDescription of IAM role to use for Lambda Functionstringnullno
<a name="input_role_name"></a> role_nameName of IAM role to use for Lambda Functionstringnullno
<a name="input_runtime"></a> runtimeLambda function runtimestringnullno
<a name="input_sns_topic_on_failure"></a> sns_topic_on_failureSNS topic arn for the lambda's destination on failure.string""no
<a name="input_sns_topic_on_success"></a> sns_topic_on_successSNS topic arn for the lambda's destination on success.string""no
<a name="input_source_code_hash"></a> source_code_hashHash value of the archive file. Calculated externally. Use to trigger updates when source file is changed.stringnullno
<a name="input_tags"></a> tagsCommon tags to be used by all resourcesmap(string)n/ayes
<a name="input_timeout"></a> timeoutThe amount of time your Lambda Function has to run in seconds.number3no
<a name="input_tracing_mode"></a> tracing_modeTracing mode of the Lambda Function. Valid value can be either PassThrough or Active.stringnullno
<a name="input_vpc_security_group_ids"></a> vpc_security_group_idsList of security group ids when Lambda Function should run in the VPC.list(string)nullno
<a name="input_vpc_subnet_ids"></a> vpc_subnet_idsList of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets.list(string)nullno

Outputs

NameDescription
<a name="output_lambda_function_arn"></a> lambda_function_arnThe ARN of the Lambda Function
<a name="output_lambda_function_invoke_arn"></a> lambda_function_invoke_arnThe invoke ARN of the Lambda Function
<a name="output_lambda_function_name"></a> lambda_function_nameThe Name of the Lambda Function
<a name="output_vpc_security_group_ids"></a> vpc_security_group_idsThe VPC security groups the lambda function has been deployed into
<a name="output_vpc_subnet_ids"></a> vpc_subnet_idsThe vpc subnet(s) the Lambda function has been deployed into
<!-- END_TF_DOCS -->