Contact Us | Stratusphere FinOps | StratusGrid Home | Blog

terraform-aws-lambda-pipeline

GitHub: StratusGrid/terraform-aws-lambda-pipeline

Example

module "terraform-aws-lambda-pipeline" {
  source  = "stratusgrid/terraform-aws-lambda-pipeline"
}

StratusGrid Standards we assume

• All resource names and name tags shall use _ and not -s
• The old naming standard for common files such as inputs, outputs, providers, etc was to prefix them with a -, this is no longer true as it's not POSIX compliant. Our pre-commit hooks will fail with this old standard.
• StratusGrid generally follows the TerraForm standards outlined here

Repo Knowledge

Repository for Module for AWS Lambda CICD

Documentation

This repo is self documenting via Terraform Docs, please see the note at the bottom.

LICENSE

This is the standard Apache 2.0 License as defined here.

outputs.tf

The StratusGrid standard for Terraform Outputs.

README.md

It's this file! I'm always updated via TF Docs!

tags.tf

The StratusGrid standard for provider/module level tagging. This file contains logic to always merge the repo URL.

variables.tf

All variables related to this repo for all facets. One day this should be broken up into each file, maybe maybe not.

versions.tf

This file contains the required providers and their versions. Providers need to be specified otherwise provider overrides can not be done.

Documentation of Misc Config Files

This section is supposed to outline what the misc configuration files do and what is there purpose

.config/.terraform-docs.yml

This file auto generates your README.md file.

.github/workflows/pre-commit.yml

This file contains the instructions for Github workflows, in specific this file run pre-commit and will allow the PR to pass or fail. This is a safety check and extras for if pre-commit isn't run locally.

examples/*

The files in here are used by .config/terraform-docs.yml for generating the README.md. All files must end in .tfnot so Terraform validate doesn't trip on them since they're purely example files.

.gitignore

This is your gitignore, and contains a slew of default standards.

Requirements

Name	Version
terraform	~> 1.1
aws	>= 4.9

Resources

Name	Type
aws_cloudwatch_log_group.lambda	resource
aws_codebuild_project.lambda_codebuild	resource
aws_codebuild_project.lambda_codedeploy	resource
aws_codedeploy_app.lambda_deployment	resource
aws_codedeploy_deployment_group.lambda_deployment	resource
aws_codepipeline.lambda_codepipeline	resource
aws_iam_role.lambda	resource
aws_iam_role.lambda_codebuild	resource
aws_iam_role.lambda_codedeploy	resource
aws_iam_role.lambda_codepipeline	resource
aws_iam_role_policy.lambda_codebuild	resource
aws_iam_role_policy.lambda_codepipeline	resource
aws_iam_role_policy_attachment.awscodedeployroleforlambda	resource
aws_iam_role_policy_attachment.lambda	resource
aws_kms_key.this	resource
aws_lambda_function.this	resource

Inputs

Name	Description	Type	Default	Required
approval_deploy_enabled	Enable approval for deployment step	bool	true	no
artifact_store_bucket_name	Name of the bucket that stores artifacts	string	n/a	yes
codestar_connection_arn	Github ARN Connection	string	n/a	yes
description	Description of what your Lambda Function does.	string	n/a	yes
detect_changes	Controls if the codepipeline execution is started automatically when you make a new commit on the repository.	bool	true	no
environment_variables	List of key values for lambda environment variables	map(string)	null	no
github_branch_name	Name of the source github branch	string	n/a	yes
github_repo_name	The name of the GitHub repository	string	n/a	yes
input_tags	Map of tags to apply to resources	map(string)	{ "Developer": "Stratusgrid", "Provisioner": "Terraform" }	no
lambda_filename	Unique name for your Lambda Function	string	n/a	yes
lambda_handler	Function entrypoint in your code.	string	n/a	yes
lambda_memory_size	The manifest lambdas configured memory size	number	n/a	yes
lambda_runtime	Identifier of the function's runtime.	string	"python3.8"	no
layers	List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.	list(string)	[]	no
name	Name of all of the module's resources	string	n/a	yes
policy_configs_map	Map of objects to add policies to the iam role	map(object({ name = string, arn = string, enabled = bool }))	{ "policy_S3_full": { "arn": "arn:aws:iam::aws:policy/AmazonS3FullAccess", "enabled": true, "name": "s3Fullaccess" }, "policy_lambda_execute": { "arn": "arn:aws:iam::aws:policy/AWSLambdaExecute", "enabled": true, "name": "lambdaExecute" }, "policy_secrets_read": { "arn": "arn:aws:iam::aws:policy/SecretsManagerReadWrite", "enabled": true, "name": "secretmanageReadWrite" }, "policy_sqs_full": { "arn": "arn:aws:iam::aws:policy/AmazonSQSFullAccess", "enabled": true, "name": "sqsFullAccess" }, "policy_ssm_readonly": { "arn": "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess", "enabled": true, "name": "ssmReaOnly" }, "policy_xray_full": { "arn": "arn:aws:iam::aws:policy/AWSXrayFullAccess", "enabled": true, "name": "xrayFullAccess" } }	no

Outputs

Name	Description
lambda_function_arn	lambda ARN
lambda_function_name	lambda name

---

Note, manual changes to the README will be overwritten when the documentation is updated. To update the documentation, run terraform-docs -c .config/.terraform-docs.yml