A Terraform module to create AWS Lambda ressources.
MIT License
Published by moritzzimmer about 2 years ago
aws_s3_bucket_acl
resource by @moritzzimmer in https://github.com/moritzzimmer/terraform-aws-lambda/pull/62
Full Changelog: https://github.com/moritzzimmer/terraform-aws-lambda/compare/v6.3.0...v6.4.0
Published by moritzzimmer over 2 years ago
Full Changelog: https://github.com/moritzzimmer/terraform-aws-lambda/compare/v6.2.0...v6.3.0
Published by moritzzimmer over 2 years ago
Full Changelog: https://github.com/moritzzimmer/terraform-aws-lambda/compare/v6.1.1...v6.2.0
Published by moritzzimmer over 2 years ago
Full Changelog: https://github.com/moritzzimmer/terraform-aws-lambda/compare/v6.1.0...v6.1.1
Published by moritzzimmer almost 3 years ago
Full Changelog: https://github.com/moritzzimmer/terraform-aws-lambda/compare/v6.0.1...v6.1.0
Published by moritzzimmer about 3 years ago
In this major version release, deprecated terraform sub-modules and workarounds for aws provider versions < 2 have been removed.
Note: Terraform will destroy and then create a replacement of some of the resources when applying this version to existing 5.x
stacks, especially the Lambda function and it's IAM role.
In case of Error: error creating IAM Role (my-function-eu-west-1): EntityAlreadyExists: Role with name my-function-eu-west-1 already exists.
errors (old role hasn't been fully deleted inside AWS), please apply the changes again.
The possibility to declare CloudWatch logs subscription filters has been enhanced to support:
cloudwatch_log_subscription_filters = {
lambda_1 = {
//see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_subscription_filter for available arguments
destination_arn = module.destination_1.arn // required
}
lambda_2 = {
destination_arn = module.destination_2.arn // required
}
}
see example
In addition, the variable name to configure the retention time has been aliged to cloudwatch_logs_retention_in_days
.
Hardcoded partition identifiers in ARNs have been refactored to support creating Lambda functions in AWS GovCloud (#50)
log_retention_in_days
has been renamed to cloudwatch_logs_retention_in_days
logfilter_destination_arn
has been replaced by cloudwatch_log_subscription_filters
(see above)event
variable has been removed, use specific cloudwatch_event_rules
, event_source_mappings
or sns_subscriptions
instead. Note: there is no replacement for the deprecated s3
sub-modulessm_parameter_names
variable has been removed, use ssm
insteadFull Changelog: https://github.com/moritzzimmer/terraform-aws-lambda/compare/v5.17.0...v6.0.0
Published by moritzzimmer about 3 years ago
Added support for AWS Graviton2 architecture.
Example:
module "lambda" {
source = "moritzzimmer/lambda/aws"
architectures = ["arm64"]
description = "powered by AWS Graviton2"
filename = module.source.output_path
function_name = "arm64"
handler = "index.handler"
runtime = "nodejs14.x"
source_code_hash = module.source.output_base64sha256
}
Full Changelog: https://github.com/moritzzimmer/terraform-aws-lambda/compare/v5.16.0...v5.17.0
Published by moritzzimmer about 3 years ago
Enhanced the deployment
module to support continuous deployment of Lambda functions packaged on S3.
Example:
locals {
environment = "production"
function_name = "example-with-s3-codepipeline"
s3_key = "package/lambda.zip"
}
resource "aws_lambda_alias" "this" {
function_name = module.lambda.function_name
function_version = module.lambda.version
name = local.environment
lifecycle {
ignore_changes = [function_version]
}
}
module "deployment" {
source = "moritzzimmer/lambda/aws//modules/deployment"
alias_name = aws_lambda_alias.this.name
function_name = local.function_name
s3_bucket = aws_s3_bucket_object.source.bucket
s3_key = local.s3_key
}
module "lambda" {
source = "moritzzimmer/lambda/aws"
function_name = local.function_name
handler = "index.handler"
ignore_external_function_updates = true
publish = true
runtime = "nodejs14.x"
s3_bucket = aws_s3_bucket_object.source.bucket
s3_key = local.s3_key
s3_object_version = aws_s3_bucket_object.source.version_id
}
resource "aws_s3_bucket" "source" {
acl = "private"
bucket = "source-bucket"
force_destroy = true
versioning {
enabled = true
}
}
resource "aws_s3_bucket_public_access_block" "source" {
bucket = aws_s3_bucket.source.id
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}
see see example for details
Error: Error creating S3 bucket: BucketAlreadyOwnedByYou: Your previous request to create the named bucket succeeded and you already own it.
errors. In this case run terraform apply
again.update-function-code
API call directly. The intermediate step with a wait function is not necessary anymorepython 3.9
in CodeBuildThanks @thisismana for collaborating on this feature
Full Changelog: https://github.com/moritzzimmer/terraform-aws-lambda/compare/v5.14.0...v5.15.0
Published by moritzzimmer about 3 years ago
Added support to configure a SNS or SQS destination for discarded batches in event source mappings (supported for DynamoDb and Kinesis.
Required IAM permissions with minimum priviledges to send SQS messages or publish to a SNS topic will be a added automatically by the module.
Example:
module "lambda" {
source = "moritzzimmer/lambda/aws"
description = "Example usage for an AWS Lambda with a DynamoDb event source mapping"
filename = data.archive_file.dynamodb_handler.output_path
function_name = "example-with-dynamodb-event-source-mapping"
handler = "index.handler"
runtime = "nodejs14.x"
source_code_hash = data.archive_file.dynamodb_handler.output_base64sha256
event_source_mappings = {
table_1 = {
event_source_arn = aws_dynamodb_table.table_1.stream_arn
maximum_retry_attempts = 3
// optionally configure a SNS or SQS destination for discarded batches, required IAM
// permissions will be added automatically by this module,
// see https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html
destination_arn_on_failure = aws_sqs_queue.errors.arn
}
}
resource "aws_sqs_queue" "errors" {
name = "${module.lambda.function_name}-processing-errors"
}
Full Changelog: https://github.com/moritzzimmer/terraform-aws-lambda/compare/v5.13.0...v5.14.0
Published by moritzzimmer over 3 years ago
Amazon CloudWatch Lambda Insights can now be enabled for your zip
and image
deployment packages:
module "lambda" {
// see above
cloudwatch_lambda_insights_enabled = true
}
Please check the list of supported runtimes!
This module will add the required IAM permissions to the function role automatically for both package types.
In case of a zip
deployment package, this module will also add the appropriate extension layer
to your function (use cloudwatch_lambda_insights_extension_version
to set the version of this layer).
For image
deployment packages, the Lambda Insights extension needs to be added to the container image:
FROM public.ecr.aws/serverless/extensions/lambda-insights:12 AS lambda-insights
FROM public.ecr.aws/lambda/nodejs:12
COPY --from=lambda-insights /opt /opt
COPY app.js /var/task/
The possibilities to declare CloudWatch Event Rules inline have been enhanced with this release.
Using the new variable cloudwatch_event_rules
you can now:
module "lambda" {
// see above
cloudwatch_event_rules = {
scheduled = {
schedule_expression = "rate(1 minute)"
// optionally overwrite arguments like 'description'
// from https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule
description = "Triggered by CloudTrail"
// optionally overwrite `cloudwatch_event_target_arn` in case an alias should be used for the event rule
cloudwatch_event_target_arn = aws_lambda_alias.example.arn
}
pattern = {
event_pattern = <<PATTERN
{
"detail-type": [
"AWS Console Sign In via CloudTrail"
]
}
PATTERN
}
}
}
see example for details
Using the event
variable to configure the cloudwatch-event
terraform sub-module is deprecated and will be removed in the next major release. You should be able to migrate to the new variable without downtime.
Full Changelog: https://github.com/moritzzimmer/terraform-aws-lambda/compare/v5.11.0...v5.12.0
Published by moritzzimmer over 3 years ago
This module now supports creating Lambda@Edge ready versions of your Node.js or Python functions. Required trust relationship and publishing of function versions will be configured automatically (see AWS docs for details).
Example:
provider "aws" {
region = "eu-west-1"
}
module "lambda" {
source = "moritzzimmer/lambda/aws"
description = "Example usage for an AWS Lambda without an event trigger."
filename = module.source.output_path
function_name = "example-without-event"
handler = "handler"
lambda_at_edge = true
runtime = "nodejs12.x"
source_code_hash = module.source.output_base64sha256
}
Full Changelog: https://github.com/moritzzimmer/terraform-aws-lambda/compare/v5.9.1...v5.10.0
Published by moritzzimmer over 3 years ago
Controlled, blue/green deployments of Lambda functions with (automatic) rolebacks and traffic shifting can be implemented using Lambda aliases and AWS CodeDeploy.
This release provides a new optional module to create AWS resources and permissions for creating and starting such CodeDeploy deployments as part of AWS CodePipelines.
Highlights:
see here for a real world example
The deployment is an optional add-on. In case you enhance existing Lambda functions using ignore_external_function_updates
your function will be recreated using the new lambda_external_lifecycle
resource with
a lifecycle block:
lifecycle {
ignore_changes = [
image_uri, last_modified, qualified_arn, version
]
}
Thanks @thisismana for collaborating on this feature
Full Changelog: https://github.com/moritzzimmer/terraform-aws-lambda/compare/v5.8.0...v5.9.0
Published by moritzzimmer almost 4 years ago
Possibilities to configure SNS subscriptions and event source mappings for Dynamodb, Kinesis and SQS have been enhanced with this release.
A new variable event_source_mappings
has been introduced. The new configuration supports:
batch_size
module "lambda" {
event_source_mappings = {
queue_1 = {
event_source_arn = aws_sqs_queue.queue_1.arn
}
queue_2 = {
event_source_arn = aws_sqs_queue.queue_2.arn
}
}
}
see examples for further details.
A new variable sns_subscriptions
has been introduced. The new configuration supports:
module "lambda" {
sns_subscriptions = {
topic_1 = {
topic_arn = aws_sns_topic.topic_1.arn
}
topic_2 = {
topic_arn = aws_sns_topic.topic_2.arn
}
}
}
see example for further details.
Using the event
variable to configure sns
, dynamodb
, kinesis
and sqs
terraform sub-modules is deprecated and will be removed in the next major release. Users should be able to migrate to the new variables without downtime.
Thanks @machadovilaca for providing the new sns subscriptions implementation!
nodejs12.x
handlers for real world testingFull Changelog: https://github.com/moritzzimmer/terraform-aws-lambda/compare/v5.7.0...v5.8.0
Published by moritzzimmer almost 4 years ago
3.19
Full Changelog: https://github.com/moritzzimmer/terraform-aws-lambda/compare/v5.6.0...v5.7.0
Published by moritzzimmer almost 4 years ago
Added support to configure tracing with x-ray including IAM permissions.
Full Changelog: https://github.com/moritzzimmer/terraform-aws-lambda/compare/v5.5.2...v5.6.0
Published by moritzzimmer about 4 years ago
Introducing a new configuration object ssm
to specify SSM parameter names. The IAM role will be enhanced with read permissions to those parameters.
In addition the variable kms_key_arn
will (also) be set in the aws_lambda_function
as described in https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#kms_key_arn.
(for spring-media users, this fixes spring-media/terraform-aws-lambda#61 and spring-media/terraform-aws-lambda#59)
Deprecations:
ssm_parameter_names
variable is deprecated and scheduled for deletion in the next major release of this modulekms_key_arn
to create an IAM role attachment to allow kms:Decrypt
for custom keys is deprecated and will be removed in the next major release of this modulePublished by moritzzimmer about 4 years ago
Added support for Lambda layers:
locals {
artifact = "${path.module}/../build/distributions/java-sqs-lambda.zip"
libraries = "${path.module}/../build/distributions/libraries.zip"
}
data "aws_sqs_queue" "primary" {
name = "cms-updates-primary"
}
resource "aws_lambda_layer_version" "libraries" {
filename = local.libraries
layer_name = "libraries"
compatible_runtimes = ["java11"]
}
module "lambda" {
source = "moritzzimmer/lambda/aws"
version = "5.3.0"
description = "Java lambda with SQS trigger and lambda layers"
filename = local.artifact
function_name = "java-sqs-example"
handler = "example.Handler"
layers = [aws_lambda_layer_version.libraries.arn]
memory_size = 1024
log_retention_in_days = 1
runtime = "java11"
source_code_hash = filebase64sha256(local.artifact)
event = {
type = "sqs"
event_source_arn = data.aws_sqs_queue.primary.arn
}
}