From 57233469e23c8902130c00fe5a2890ba114ff232 Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Thu, 2 Oct 2025 14:05:58 -0400 Subject: [PATCH 01/12] feat: INFR-4719 add image_uri to lifecycle ignore_changes --- main.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/main.tf b/main.tf index 4d6ab356..6fd0f005 100644 --- a/main.tf +++ b/main.tf @@ -143,6 +143,10 @@ resource "aws_lambda_function" "this" { var.function_tags ) + lifecycle { + ignore_changes = [image_uri] + } + depends_on = [ # null_resource.archive, # aws_s3_object.lambda_package, From 7a690b8ec1e35b5899cbab91c70222a9fa00775f Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 12:24:51 -0400 Subject: [PATCH 02/12] fix: INFR-4719 add module_variable_optional_attrs to backfill tf version --- versions.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/versions.tf b/versions.tf index 92cc6b76..33592aa6 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,6 @@ terraform { required_version = ">= 1.0" + experiments = [module_variable_optional_attrs] required_providers { aws = { From ac45fa7d53766cd42860984addfe9e4e3e6786d3 Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 12:40:05 -0400 Subject: [PATCH 03/12] fix: INFR-4719 add module_variable_optional_attrs to backfill tf version --- modules/alias/versions.tf | 1 + modules/deploy/versions.tf | 1 + modules/docker-build/versions.tf | 1 + wrappers/alias/versions.tf | 1 + wrappers/deploy/versions.tf | 1 + wrappers/docker-build/versions.tf | 1 + 6 files changed, 6 insertions(+) diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index dbc484ad..0f791657 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -1,5 +1,6 @@ terraform { required_version = ">= 1.0" + experiments = [module_variable_optional_attrs] required_providers { aws = { diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index 5a82f93b..00dc70d9 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -1,5 +1,6 @@ terraform { required_version = ">= 1.0" + experiments = [module_variable_optional_attrs] required_providers { aws = { diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index 93aadf1a..15ce25a7 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -1,5 +1,6 @@ terraform { required_version = ">= 1.0" + experiments = [module_variable_optional_attrs] required_providers { aws = { diff --git a/wrappers/alias/versions.tf b/wrappers/alias/versions.tf index dbc484ad..0f791657 100644 --- a/wrappers/alias/versions.tf +++ b/wrappers/alias/versions.tf @@ -1,5 +1,6 @@ terraform { required_version = ">= 1.0" + experiments = [module_variable_optional_attrs] required_providers { aws = { diff --git a/wrappers/deploy/versions.tf b/wrappers/deploy/versions.tf index 5a82f93b..00dc70d9 100644 --- a/wrappers/deploy/versions.tf +++ b/wrappers/deploy/versions.tf @@ -1,5 +1,6 @@ terraform { required_version = ">= 1.0" + experiments = [module_variable_optional_attrs] required_providers { aws = { diff --git a/wrappers/docker-build/versions.tf b/wrappers/docker-build/versions.tf index 93aadf1a..15ce25a7 100644 --- a/wrappers/docker-build/versions.tf +++ b/wrappers/docker-build/versions.tf @@ -1,5 +1,6 @@ terraform { required_version = ">= 1.0" + experiments = [module_variable_optional_attrs] required_providers { aws = { From 5ac812b21a74b3a2d28d4a238d1db07eb445df67 Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 12:51:11 -0400 Subject: [PATCH 04/12] fix: update tf version and remove experiments attr --- modules/alias/versions.tf | 3 +-- modules/deploy/versions.tf | 3 +-- modules/docker-build/versions.tf | 3 +-- versions.tf | 3 +-- wrappers/alias/versions.tf | 3 +-- wrappers/deploy/versions.tf | 3 +-- wrappers/docker-build/versions.tf | 4 +--- wrappers/versions.tf | 2 +- 8 files changed, 8 insertions(+), 16 deletions(-) diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index 0f791657..2ab1e86d 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -1,6 +1,5 @@ terraform { - required_version = ">= 1.0" - experiments = [module_variable_optional_attrs] + required_version = ">= 1.3" required_providers { aws = { diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index 00dc70d9..ce8278d8 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -1,6 +1,5 @@ terraform { - required_version = ">= 1.0" - experiments = [module_variable_optional_attrs] + required_version = ">= 1.3" required_providers { aws = { diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index 15ce25a7..1b75252e 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -1,6 +1,5 @@ terraform { - required_version = ">= 1.0" - experiments = [module_variable_optional_attrs] + required_version = ">= 1.3" required_providers { aws = { diff --git a/versions.tf b/versions.tf index 33592aa6..345b82da 100644 --- a/versions.tf +++ b/versions.tf @@ -1,6 +1,5 @@ terraform { - required_version = ">= 1.0" - experiments = [module_variable_optional_attrs] + required_version = ">= 1.3" required_providers { aws = { diff --git a/wrappers/alias/versions.tf b/wrappers/alias/versions.tf index 0f791657..2ab1e86d 100644 --- a/wrappers/alias/versions.tf +++ b/wrappers/alias/versions.tf @@ -1,6 +1,5 @@ terraform { - required_version = ">= 1.0" - experiments = [module_variable_optional_attrs] + required_version = ">= 1.3" required_providers { aws = { diff --git a/wrappers/deploy/versions.tf b/wrappers/deploy/versions.tf index 00dc70d9..ce8278d8 100644 --- a/wrappers/deploy/versions.tf +++ b/wrappers/deploy/versions.tf @@ -1,6 +1,5 @@ terraform { - required_version = ">= 1.0" - experiments = [module_variable_optional_attrs] + required_version = ">= 1.3" required_providers { aws = { diff --git a/wrappers/docker-build/versions.tf b/wrappers/docker-build/versions.tf index 15ce25a7..58f07068 100644 --- a/wrappers/docker-build/versions.tf +++ b/wrappers/docker-build/versions.tf @@ -1,7 +1,5 @@ terraform { - required_version = ">= 1.0" - experiments = [module_variable_optional_attrs] - + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" diff --git a/wrappers/versions.tf b/wrappers/versions.tf index 92cc6b76..345b82da 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { From 1557bf94c9e38842005cff3d68f4e148b03b1d0d Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 12:55:46 -0400 Subject: [PATCH 05/12] fix: skip examples/** for pre-commit validate --- .pre-commit-config.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2fb09edb..0c3f8df0 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -23,6 +23,7 @@ repos: - "--args=--only=terraform_standard_module_structure" - "--args=--only=terraform_workspace_remote" - id: terraform_validate + exclude: ^examples/ - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 hooks: From 1d1eb16dc9ad3363907938ba179789c0ed57b5ac Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 13:02:53 -0400 Subject: [PATCH 06/12] fix: pre-commit hooks requirements --- README.md | 356 +++++++++++++++++---------------- modules/alias/README.md | 104 +++++----- modules/deploy/README.md | 164 +++++++-------- modules/docker-build/README.md | 98 ++++----- 4 files changed, 364 insertions(+), 358 deletions(-) diff --git a/README.md b/README.md index 3cc6f87d..5c4e0d43 100644 --- a/README.md +++ b/README.md @@ -434,7 +434,7 @@ source_path = [ ] ``` -*Few notes:* +_Few notes:_ - If you specify a source path as a string that references a folder and the runtime begins with `python` or `nodejs`, the build process will automatically build python and nodejs dependencies if `requirements.txt` or `package.json` file will be found in the source folder. If you want to customize this behavior, please use the object notation as explained below. - All arguments except `path` are optional. @@ -560,29 +560,35 @@ module "lambda_function_existing_package_from_remote_url" { ``` ## How to use AWS SAM CLI to test Lambda Function? + [AWS SAM CLI](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-command-reference.html) is an open source tool that help the developers to initiate, build, test, and deploy serverless applications. SAM CLI tool [supports Terraform applications](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/what-is-terraform-support.html). SAM CLI provides two ways of testing: local testing and testing on-cloud (Accelerate). ### Local Testing + Using SAM CLI, you can invoke the lambda functions defined in the terraform application locally using the [sam local invoke](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-local-invoke.html) command, providing the function terraform address, or function name, and to set the `hook-name` to `terraform` to tell SAM CLI that the underlying project is a terraform application. You can execute the `sam local invoke` command from your terraform application root directory as following: + ``` sam local invoke --hook-name terraform module.hello_world_function.aws_lambda_function.this[0] ``` + You can also pass an event to your lambda function, or overwrite its environment variables. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-invoke.html) for more information. You can also invoke your lambda function in debugging mode, and step-through your lambda function source code locally in your preferred editor. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-debugging.html) for more information. ### Testing on-cloud (Accelerate) + You can use AWS SAM CLI to quickly test your application on your AWS development account. Using SAM Accelerate, you will be able to develop your lambda functions locally, and once you save your updates, SAM CLI will update your development account with the updated Lambda functions. So, you can test it on cloud, and if there is any bug, you can quickly update the code, and SAM CLI will take care of pushing it to the cloud. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/accelerate.html) for more information about SAM Accelerate. You can execute the `sam sync` command from your terraform application root directory as following: + ``` sam sync --hook-name terraform --watch ``` @@ -660,20 +666,20 @@ Q4: What does this error mean - `"We currently do not support adding policies fo - [1Mill/serverless-tf-examples](https://github.com/1Mill/serverless-tf-examples/tree/main/src) - + ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| Name | Version | +| ------------------------------------------------------------------------ | ------- | +| [terraform](#requirement_terraform) | >= 1.3 | +| [aws](#requirement_aws) | >= 5.79 | ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| Name | Version | +| ------------------------------------------------ | ------- | +| [aws](#provider_aws) | >= 5.79 | ## Modules @@ -681,174 +687,175 @@ No modules. ## Resources -| Name | Type | -|------|------| -| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | -| [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy_attachment.additional_many](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.additional_one](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | -| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | -| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | -| [aws_lambda_function_recursion_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_recursion_config) | resource | -| [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource | -| [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | -| [aws_lambda_permission.unqualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | -| [aws_lambda_provisioned_concurrency_config.current_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_provisioned_concurrency_config) | resource | -| [aws_arn.log_group_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | data source | -| [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy_document.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| Name | Type | +| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------- | +| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | +| [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy_attachment.additional_many](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.additional_one](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | +| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | +| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | +| [aws_lambda_function_recursion_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_recursion_config) | resource | +| [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource | +| [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_permission.unqualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_provisioned_concurrency_config.current_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_provisioned_concurrency_config) | resource | +| [aws_arn.log_group_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | data source | +| [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | +| [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | +| [aws_iam_policy_document.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [allowed\_triggers](#input\_allowed\_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | -| [architectures](#input\_architectures) | Instruction set architecture for your Lambda function. Valid values are ["x86\_64"] and ["arm64"]. | `list(string)` | `null` | no | -| [assume\_role\_policy\_statements](#input\_assume\_role\_policy\_statements) | Map of dynamic policy statements for assuming Lambda Function role (trust relationship) | `any` | `{}` | no | -| [attach\_async\_event\_policy](#input\_attach\_async\_event\_policy) | Controls whether async event policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach\_cloudwatch\_logs\_policy](#input\_attach\_cloudwatch\_logs\_policy) | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | `bool` | `true` | no | -| [attach\_create\_log\_group\_permission](#input\_attach\_create\_log\_group\_permission) | Controls whether to add the create log group permission to the CloudWatch logs policy | `bool` | `true` | no | -| [attach\_dead\_letter\_policy](#input\_attach\_dead\_letter\_policy) | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach\_network\_policy](#input\_attach\_network\_policy) | Controls whether VPC/network policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach\_policies](#input\_attach\_policies) | Controls whether list of policies should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach\_policy](#input\_attach\_policy) | Controls whether policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach\_policy\_json](#input\_attach\_policy\_json) | Controls whether policy\_json should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach\_policy\_jsons](#input\_attach\_policy\_jsons) | Controls whether policy\_jsons should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach\_policy\_statements](#input\_attach\_policy\_statements) | Controls whether policy\_statements should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach\_tracing\_policy](#input\_attach\_tracing\_policy) | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [authorization\_type](#input\_authorization\_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS\_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no | -| [cloudwatch\_logs\_kms\_key\_id](#input\_cloudwatch\_logs\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | -| [cloudwatch\_logs\_log\_group\_class](#input\_cloudwatch\_logs\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no | -| [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | -| [cloudwatch\_logs\_skip\_destroy](#input\_cloudwatch\_logs\_skip\_destroy) | Whether to keep the log group (and any logs it may contain) at destroy time. | `bool` | `false` | no | -| [cloudwatch\_logs\_tags](#input\_cloudwatch\_logs\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | -| [code\_signing\_config\_arn](#input\_code\_signing\_config\_arn) | Amazon Resource Name (ARN) for a Code Signing Configuration | `string` | `null` | no | -| [cors](#input\_cors) | CORS settings to be used by the Lambda Function URL | `any` | `{}` | no | -| [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | -| [create\_async\_event\_config](#input\_create\_async\_event\_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | -| [create\_current\_version\_allowed\_triggers](#input\_create\_current\_version\_allowed\_triggers) | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| [create\_current\_version\_async\_event\_config](#input\_create\_current\_version\_async\_event\_config) | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| [create\_function](#input\_create\_function) | Controls whether Lambda Function resource should be created | `bool` | `true` | no | -| [create\_lambda\_function\_url](#input\_create\_lambda\_function\_url) | Controls whether the Lambda Function URL resource should be created | `bool` | `false` | no | -| [create\_layer](#input\_create\_layer) | Controls whether Lambda Layer resource should be created | `bool` | `false` | no | -| [create\_role](#input\_create\_role) | Controls whether IAM role for Lambda Function should be created | `bool` | `true` | no | -| [create\_unqualified\_alias\_allowed\_triggers](#input\_create\_unqualified\_alias\_allowed\_triggers) | Whether to allow triggers on unqualified alias pointing to $LATEST version | `bool` | `true` | no | -| [create\_unqualified\_alias\_async\_event\_config](#input\_create\_unqualified\_alias\_async\_event\_config) | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | `bool` | `true` | no | -| [create\_unqualified\_alias\_lambda\_function\_url](#input\_create\_unqualified\_alias\_lambda\_function\_url) | Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL | `bool` | `true` | no | -| [dead\_letter\_target\_arn](#input\_dead\_letter\_target\_arn) | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | `string` | `null` | no | -| [description](#input\_description) | Description of your Lambda Function (or Layer) | `string` | `""` | no | -| [destination\_on\_failure](#input\_destination\_on\_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | -| [destination\_on\_success](#input\_destination\_on\_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | -| [environment\_variables](#input\_environment\_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no | -| [ephemeral\_storage\_size](#input\_ephemeral\_storage\_size) | Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | `number` | `512` | no | -| [event\_source\_mapping](#input\_event\_source\_mapping) | Map of event source mapping | `any` | `{}` | no | -| [file\_system\_arn](#input\_file\_system\_arn) | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | `string` | `null` | no | -| [file\_system\_local\_mount\_path](#input\_file\_system\_local\_mount\_path) | The path where the function can access the file system, starting with /mnt/. | `string` | `null` | no | -| [function\_name](#input\_function\_name) | A unique name for your Lambda Function | `string` | `""` | no | -| [function\_tags](#input\_function\_tags) | A map of tags to assign only to the lambda function | `map(string)` | `{}` | no | -| [handler](#input\_handler) | Lambda Function entrypoint in your code | `string` | `""` | no | -| [image\_config\_command](#input\_image\_config\_command) | The CMD for the docker image | `list(string)` | `[]` | no | -| [image\_config\_entry\_point](#input\_image\_config\_entry\_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | -| [image\_config\_working\_directory](#input\_image\_config\_working\_directory) | The working directory for the docker image | `string` | `null` | no | -| [image\_uri](#input\_image\_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no | -| [include\_default\_tag](#input\_include\_default\_tag) | Set to false to not include the default tag in the tags map. | `bool` | `true` | no | -| [invoke\_mode](#input\_invoke\_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE\_STREAM. | `string` | `null` | no | -| [ipv6\_allowed\_for\_dual\_stack](#input\_ipv6\_allowed\_for\_dual\_stack) | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets | `bool` | `null` | no | -| [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | -| [lambda\_at\_edge](#input\_lambda\_at\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | -| [lambda\_at\_edge\_logs\_all\_regions](#input\_lambda\_at\_edge\_logs\_all\_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no | -| [lambda\_role](#input\_lambda\_role) | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | -| [layers](#input\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `null` | no | -| [logging\_application\_log\_level](#input\_logging\_application\_log\_level) | The application log level of the Lambda Function. Valid values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", or "FATAL". | `string` | `"INFO"` | no | -| [logging\_log\_format](#input\_logging\_log\_format) | The log format of the Lambda Function. Valid values are "JSON" or "Text". | `string` | `"Text"` | no | -| [logging\_log\_group](#input\_logging\_log\_group) | The CloudWatch log group to send logs to. | `string` | `null` | no | -| [logging\_system\_log\_level](#input\_logging\_system\_log\_level) | The system log level of the Lambda Function. Valid values are "DEBUG", "INFO", or "WARN". | `string` | `"INFO"` | no | -| [maximum\_event\_age\_in\_seconds](#input\_maximum\_event\_age\_in\_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | -| [maximum\_retry\_attempts](#input\_maximum\_retry\_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | -| [memory\_size](#input\_memory\_size) | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | `number` | `128` | no | -| [number\_of\_policies](#input\_number\_of\_policies) | Number of policies to attach to IAM role for Lambda Function | `number` | `0` | no | -| [number\_of\_policy\_jsons](#input\_number\_of\_policy\_jsons) | Number of policies JSON to attach to IAM role for Lambda Function | `number` | `0` | no | -| [package\_type](#input\_package\_type) | The Lambda deployment package type. Valid options: Zip or Image | `string` | `"Zip"` | no | -| [policies](#input\_policies) | List of policy statements ARN to attach to Lambda Function role | `list(string)` | `[]` | no | -| [policy](#input\_policy) | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no | -| [policy\_json](#input\_policy\_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | -| [policy\_jsons](#input\_policy\_jsons) | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no | -| [policy\_name](#input\_policy\_name) | IAM policy name. It override the default value, which is the same as role\_name | `string` | `null` | no | -| [policy\_path](#input\_policy\_path) | Path of policies to that should be added to IAM role for Lambda Function | `string` | `null` | no | -| [policy\_statements](#input\_policy\_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | -| [provisioned\_concurrent\_executions](#input\_provisioned\_concurrent\_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | -| [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | -| [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | -| [recursive\_loop](#input\_recursive\_loop) | Lambda function recursion configuration. Valid values are Allow or Terminate. | `string` | `null` | no | -| [replace\_security\_groups\_on\_destroy](#input\_replace\_security\_groups\_on\_destroy) | (Optional) When true, all security groups defined in vpc\_security\_group\_ids will be replaced with the default security group after the function is destroyed. Set the replacement\_security\_group\_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no | -| [replacement\_security\_group\_ids](#input\_replacement\_security\_group\_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace\_security\_groups\_on\_destroy must be set to true to use this attribute. | `list(string)` | `null` | no | -| [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | -| [role\_description](#input\_role\_description) | Description of IAM role to use for Lambda Function | `string` | `null` | no | -| [role\_force\_detach\_policies](#input\_role\_force\_detach\_policies) | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no | -| [role\_maximum\_session\_duration](#input\_role\_maximum\_session\_duration) | Maximum session duration, in seconds, for the IAM role | `number` | `3600` | no | -| [role\_name](#input\_role\_name) | Name of IAM role to use for Lambda Function | `string` | `null` | no | -| [role\_path](#input\_role\_path) | Path of IAM role to use for Lambda Function | `string` | `null` | no | -| [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | `string` | `null` | no | -| [role\_tags](#input\_role\_tags) | A map of tags to assign to IAM role | `map(string)` | `{}` | no | -| [runtime](#input\_runtime) | Lambda Function runtime | `string` | `""` | no | -| [skip\_destroy](#input\_skip\_destroy) | Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. Useful for Lambda@Edge functions attached to CloudFront distributions. | `bool` | `null` | no | -| [snap\_start](#input\_snap\_start) | (Optional) Snap start settings for low-latency startups | `bool` | `false` | no | -| [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | -| [timeout](#input\_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no | -| [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting Lambda Function resources | `map(string)` | `{}` | no | -| [tracing\_mode](#input\_tracing\_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no | -| [trusted\_entities](#input\_trusted\_entities) | List of additional trusted entities for assuming Lambda Function role (trust relationship) | `any` | `[]` | no | -| [use\_existing\_cloudwatch\_log\_group](#input\_use\_existing\_cloudwatch\_log\_group) | Whether to use an existing CloudWatch log group or create new | `bool` | `false` | no | -| [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no | -| [vpc\_subnet\_ids](#input\_vpc\_subnet\_ids) | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | `list(string)` | `null` | no | +| Name | Description | Type | Default | Required | +| --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------- | -------- | :------: | +| [allowed_triggers](#input_allowed_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | +| [architectures](#input_architectures) | Instruction set architecture for your Lambda function. Valid values are ["x86\_64"] and ["arm64"]. | `list(string)` | `null` | no | +| [assume_role_policy_statements](#input_assume_role_policy_statements) | Map of dynamic policy statements for assuming Lambda Function role (trust relationship) | `any` | `{}` | no | +| [attach_async_event_policy](#input_attach_async_event_policy) | Controls whether async event policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach_cloudwatch_logs_policy](#input_attach_cloudwatch_logs_policy) | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | `bool` | `true` | no | +| [attach_create_log_group_permission](#input_attach_create_log_group_permission) | Controls whether to add the create log group permission to the CloudWatch logs policy | `bool` | `true` | no | +| [attach_dead_letter_policy](#input_attach_dead_letter_policy) | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach_network_policy](#input_attach_network_policy) | Controls whether VPC/network policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach_policies](#input_attach_policies) | Controls whether list of policies should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach_policy](#input_attach_policy) | Controls whether policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach_policy_json](#input_attach_policy_json) | Controls whether policy_json should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach_policy_jsons](#input_attach_policy_jsons) | Controls whether policy_jsons should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach_policy_statements](#input_attach_policy_statements) | Controls whether policy_statements should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach_tracing_policy](#input_attach_tracing_policy) | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [authorization_type](#input_authorization_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no | +| [cloudwatch_logs_kms_key_id](#input_cloudwatch_logs_kms_key_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | +| [cloudwatch_logs_log_group_class](#input_cloudwatch_logs_log_group_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no | +| [cloudwatch_logs_retention_in_days](#input_cloudwatch_logs_retention_in_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | +| [cloudwatch_logs_skip_destroy](#input_cloudwatch_logs_skip_destroy) | Whether to keep the log group (and any logs it may contain) at destroy time. | `bool` | `false` | no | +| [cloudwatch_logs_tags](#input_cloudwatch_logs_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | +| [code_signing_config_arn](#input_code_signing_config_arn) | Amazon Resource Name (ARN) for a Code Signing Configuration | `string` | `null` | no | +| [cors](#input_cors) | CORS settings to be used by the Lambda Function URL | `any` | `{}` | no | +| [create](#input_create) | Controls whether resources should be created | `bool` | `true` | no | +| [create_async_event_config](#input_create_async_event_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | +| [create_current_version_allowed_triggers](#input_create_current_version_allowed_triggers) | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [create_current_version_async_event_config](#input_create_current_version_async_event_config) | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [create_function](#input_create_function) | Controls whether Lambda Function resource should be created | `bool` | `true` | no | +| [create_lambda_function_url](#input_create_lambda_function_url) | Controls whether the Lambda Function URL resource should be created | `bool` | `false` | no | +| [create_layer](#input_create_layer) | Controls whether Lambda Layer resource should be created | `bool` | `false` | no | +| [create_role](#input_create_role) | Controls whether IAM role for Lambda Function should be created | `bool` | `true` | no | +| [create_unqualified_alias_allowed_triggers](#input_create_unqualified_alias_allowed_triggers) | Whether to allow triggers on unqualified alias pointing to $LATEST version | `bool` | `true` | no | +| [create_unqualified_alias_async_event_config](#input_create_unqualified_alias_async_event_config) | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | `bool` | `true` | no | +| [create_unqualified_alias_lambda_function_url](#input_create_unqualified_alias_lambda_function_url) | Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL | `bool` | `true` | no | +| [dead_letter_target_arn](#input_dead_letter_target_arn) | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | `string` | `null` | no | +| [description](#input_description) | Description of your Lambda Function (or Layer) | `string` | `""` | no | +| [destination_on_failure](#input_destination_on_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | +| [destination_on_success](#input_destination_on_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | +| [environment_variables](#input_environment_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no | +| [ephemeral_storage_size](#input_ephemeral_storage_size) | Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | `number` | `512` | no | +| [event_source_mapping](#input_event_source_mapping) | Map of event source mapping | `any` | `{}` | no | +| [file_system_arn](#input_file_system_arn) | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | `string` | `null` | no | +| [file_system_local_mount_path](#input_file_system_local_mount_path) | The path where the function can access the file system, starting with /mnt/. | `string` | `null` | no | +| [function_name](#input_function_name) | A unique name for your Lambda Function | `string` | `""` | no | +| [function_tags](#input_function_tags) | A map of tags to assign only to the lambda function | `map(string)` | `{}` | no | +| [handler](#input_handler) | Lambda Function entrypoint in your code | `string` | `""` | no | +| [image_config_command](#input_image_config_command) | The CMD for the docker image | `list(string)` | `[]` | no | +| [image_config_entry_point](#input_image_config_entry_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | +| [image_config_working_directory](#input_image_config_working_directory) | The working directory for the docker image | `string` | `null` | no | +| [image_uri](#input_image_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no | +| [include_default_tag](#input_include_default_tag) | Set to false to not include the default tag in the tags map. | `bool` | `true` | no | +| [invoke_mode](#input_invoke_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE_STREAM. | `string` | `null` | no | +| [ipv6_allowed_for_dual_stack](#input_ipv6_allowed_for_dual_stack) | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets | `bool` | `null` | no | +| [kms_key_arn](#input_kms_key_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | +| [lambda_at_edge](#input_lambda_at_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | +| [lambda_at_edge_logs_all_regions](#input_lambda_at_edge_logs_all_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no | +| [lambda_role](#input_lambda_role) | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | +| [layers](#input_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `null` | no | +| [logging_application_log_level](#input_logging_application_log_level) | The application log level of the Lambda Function. Valid values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", or "FATAL". | `string` | `"INFO"` | no | +| [logging_log_format](#input_logging_log_format) | The log format of the Lambda Function. Valid values are "JSON" or "Text". | `string` | `"Text"` | no | +| [logging_log_group](#input_logging_log_group) | The CloudWatch log group to send logs to. | `string` | `null` | no | +| [logging_system_log_level](#input_logging_system_log_level) | The system log level of the Lambda Function. Valid values are "DEBUG", "INFO", or "WARN". | `string` | `"INFO"` | no | +| [maximum_event_age_in_seconds](#input_maximum_event_age_in_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | +| [maximum_retry_attempts](#input_maximum_retry_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | +| [memory_size](#input_memory_size) | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | `number` | `128` | no | +| [number_of_policies](#input_number_of_policies) | Number of policies to attach to IAM role for Lambda Function | `number` | `0` | no | +| [number_of_policy_jsons](#input_number_of_policy_jsons) | Number of policies JSON to attach to IAM role for Lambda Function | `number` | `0` | no | +| [package_type](#input_package_type) | The Lambda deployment package type. Valid options: Zip or Image | `string` | `"Zip"` | no | +| [policies](#input_policies) | List of policy statements ARN to attach to Lambda Function role | `list(string)` | `[]` | no | +| [policy](#input_policy) | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no | +| [policy_json](#input_policy_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | +| [policy_jsons](#input_policy_jsons) | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no | +| [policy_name](#input_policy_name) | IAM policy name. It override the default value, which is the same as role_name | `string` | `null` | no | +| [policy_path](#input_policy_path) | Path of policies to that should be added to IAM role for Lambda Function | `string` | `null` | no | +| [policy_statements](#input_policy_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | +| [provisioned_concurrent_executions](#input_provisioned_concurrent_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | +| [publish](#input_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | +| [putin_khuylo](#input_putin_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | +| [recursive_loop](#input_recursive_loop) | Lambda function recursion configuration. Valid values are Allow or Terminate. | `string` | `null` | no | +| [replace_security_groups_on_destroy](#input_replace_security_groups_on_destroy) | (Optional) When true, all security groups defined in vpc_security_group_ids will be replaced with the default security group after the function is destroyed. Set the replacement_security_group_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no | +| [replacement_security_group_ids](#input_replacement_security_group_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace_security_groups_on_destroy must be set to true to use this attribute. | `list(string)` | `null` | no | +| [reserved_concurrent_executions](#input_reserved_concurrent_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | +| [role_description](#input_role_description) | Description of IAM role to use for Lambda Function | `string` | `null` | no | +| [role_force_detach_policies](#input_role_force_detach_policies) | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no | +| [role_maximum_session_duration](#input_role_maximum_session_duration) | Maximum session duration, in seconds, for the IAM role | `number` | `3600` | no | +| [role_name](#input_role_name) | Name of IAM role to use for Lambda Function | `string` | `null` | no | +| [role_path](#input_role_path) | Path of IAM role to use for Lambda Function | `string` | `null` | no | +| [role_permissions_boundary](#input_role_permissions_boundary) | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | `string` | `null` | no | +| [role_tags](#input_role_tags) | A map of tags to assign to IAM role | `map(string)` | `{}` | no | +| [runtime](#input_runtime) | Lambda Function runtime | `string` | `""` | no | +| [skip_destroy](#input_skip_destroy) | Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. Useful for Lambda@Edge functions attached to CloudFront distributions. | `bool` | `null` | no | +| [snap_start](#input_snap_start) | (Optional) Snap start settings for low-latency startups | `bool` | `false` | no | +| [tags](#input_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | +| [timeout](#input_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no | +| [timeouts](#input_timeouts) | Define maximum timeout for creating, updating, and deleting Lambda Function resources | `map(string)` | `{}` | no | +| [tracing_mode](#input_tracing_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no | +| [trusted_entities](#input_trusted_entities) | List of additional trusted entities for assuming Lambda Function role (trust relationship) | `any` | `[]` | no | +| [use_existing_cloudwatch_log_group](#input_use_existing_cloudwatch_log_group) | Whether to use an existing CloudWatch log group or create new | `bool` | `false` | no | +| [vpc_security_group_ids](#input_vpc_security_group_ids) | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no | +| [vpc_subnet_ids](#input_vpc_subnet_ids) | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | `list(string)` | `null` | no | ## Outputs -| Name | Description | -|------|-------------| -| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | -| [lambda\_cloudwatch\_log\_group\_name](#output\_lambda\_cloudwatch\_log\_group\_name) | The name of the Cloudwatch Log Group | -| [lambda\_event\_source\_mapping\_arn](#output\_lambda\_event\_source\_mapping\_arn) | The event source mapping ARN | -| [lambda\_event\_source\_mapping\_function\_arn](#output\_lambda\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | -| [lambda\_event\_source\_mapping\_state](#output\_lambda\_event\_source\_mapping\_state) | The state of the event source mapping | -| [lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | -| [lambda\_event\_source\_mapping\_uuid](#output\_lambda\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | -| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | -| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | -| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [lambda\_function\_qualified\_invoke\_arn](#output\_lambda\_function\_qualified\_invoke\_arn) | The Invoke ARN identifying your Lambda Function Version | -| [lambda\_function\_signing\_job\_arn](#output\_lambda\_function\_signing\_job\_arn) | ARN of the signing job | -| [lambda\_function\_signing\_profile\_version\_arn](#output\_lambda\_function\_signing\_profile\_version\_arn) | ARN of the signing profile version | -| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [lambda\_function\_url](#output\_lambda\_function\_url) | The URL of the Lambda Function URL | -| [lambda\_function\_url\_id](#output\_lambda\_function\_url\_id) | The Lambda Function URL generated id | -| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | -| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | -| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | -| [lambda\_role\_unique\_id](#output\_lambda\_role\_unique\_id) | The unique id of the IAM role created for the Lambda Function | +| Name | Description | +| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | +| [lambda_cloudwatch_log_group_arn](#output_lambda_cloudwatch_log_group_arn) | The ARN of the Cloudwatch Log Group | +| [lambda_cloudwatch_log_group_name](#output_lambda_cloudwatch_log_group_name) | The name of the Cloudwatch Log Group | +| [lambda_event_source_mapping_arn](#output_lambda_event_source_mapping_arn) | The event source mapping ARN | +| [lambda_event_source_mapping_function_arn](#output_lambda_event_source_mapping_function_arn) | The the ARN of the Lambda function the event source mapping is sending events to | +| [lambda_event_source_mapping_state](#output_lambda_event_source_mapping_state) | The state of the event source mapping | +| [lambda_event_source_mapping_state_transition_reason](#output_lambda_event_source_mapping_state_transition_reason) | The reason the event source mapping is in its current state | +| [lambda_event_source_mapping_uuid](#output_lambda_event_source_mapping_uuid) | The UUID of the created event source mapping | +| [lambda_function_arn](#output_lambda_function_arn) | The ARN of the Lambda Function | +| [lambda_function_arn_static](#output_lambda_function_arn_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | +| [lambda_function_invoke_arn](#output_lambda_function_invoke_arn) | The Invoke ARN of the Lambda Function | +| [lambda_function_kms_key_arn](#output_lambda_function_kms_key_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda_function_last_modified](#output_lambda_function_last_modified) | The date Lambda Function resource was last modified | +| [lambda_function_name](#output_lambda_function_name) | The name of the Lambda Function | +| [lambda_function_qualified_arn](#output_lambda_function_qualified_arn) | The ARN identifying your Lambda Function Version | +| [lambda_function_qualified_invoke_arn](#output_lambda_function_qualified_invoke_arn) | The Invoke ARN identifying your Lambda Function Version | +| [lambda_function_signing_job_arn](#output_lambda_function_signing_job_arn) | ARN of the signing job | +| [lambda_function_signing_profile_version_arn](#output_lambda_function_signing_profile_version_arn) | ARN of the signing profile version | +| [lambda_function_source_code_hash](#output_lambda_function_source_code_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda_function_source_code_size](#output_lambda_function_source_code_size) | The size in bytes of the function .zip file | +| [lambda_function_url](#output_lambda_function_url) | The URL of the Lambda Function URL | +| [lambda_function_url_id](#output_lambda_function_url_id) | The Lambda Function URL generated id | +| [lambda_function_version](#output_lambda_function_version) | Latest published version of Lambda Function | +| [lambda_role_arn](#output_lambda_role_arn) | The ARN of the IAM role created for the Lambda Function | +| [lambda_role_name](#output_lambda_role_name) | The name of the IAM role created for the Lambda Function | +| [lambda_role_unique_id](#output_lambda_role_unique_id) | The unique id of the IAM role created for the Lambda Function | + ## Development @@ -870,6 +877,7 @@ tox -e py ``` You can also pass additional positional arguments to pytest which is used to run test, e.g. to make it verbose: + ``` tox -e py -- -vvv ``` @@ -886,6 +894,6 @@ Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraf ## Additional information for users from Russia and Belarus -* Russia has [illegally annexed Crimea in 2014](https://en.wikipedia.org/wiki/Annexation_of_Crimea_by_the_Russian_Federation) and [brought the war in Donbas](https://en.wikipedia.org/wiki/War_in_Donbas) followed by [full-scale invasion of Ukraine in 2022](https://en.wikipedia.org/wiki/2022_Russian_invasion_of_Ukraine). -* Russia has brought sorrow and devastations to millions of Ukrainians, killed hundreds of innocent people, damaged thousands of buildings, and forced several million people to flee. -* [Putin khuylo!](https://en.wikipedia.org/wiki/Putin_khuylo!) +- Russia has [illegally annexed Crimea in 2014](https://en.wikipedia.org/wiki/Annexation_of_Crimea_by_the_Russian_Federation) and [brought the war in Donbas](https://en.wikipedia.org/wiki/War_in_Donbas) followed by [full-scale invasion of Ukraine in 2022](https://en.wikipedia.org/wiki/2022_Russian_invasion_of_Ukraine). +- Russia has brought sorrow and devastations to millions of Ukrainians, killed hundreds of innocent people, damaged thousands of buildings, and forced several million people to flee. +- [Putin khuylo!](https://en.wikipedia.org/wiki/Putin_khuylo!) diff --git a/modules/alias/README.md b/modules/alias/README.md index 4d1871d3..c11d0692 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -6,7 +6,6 @@ Lambda Alias is required to do complex Lambda deployments, eg. using external to This Terraform module is the part of [serverless.tf framework](https://github.com/antonbabenko/serverless.tf), which aims to simplify all operations when working with the serverless in Terraform. - ## Usage ### Lambda Function and statically configured alias with the version of Lambda Function @@ -83,7 +82,6 @@ module "alias_existing" { } ``` - ## Conditional creation Sometimes you need to have a way to create resources conditionally but Terraform does not allow usage of `count` inside `module` block, so the solution is to specify `create` arguments. @@ -107,22 +105,22 @@ module "lambda" { ## Examples -* [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create Lambda function and aliases in various combinations with all supported features. - +- [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create Lambda function and aliases in various combinations with all supported features. + ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.9 | +| Name | Version | +| ------------------------------------------------------------------------ | ------- | +| [terraform](#requirement_terraform) | >= 1.3 | +| [aws](#requirement_aws) | >= 4.9 | ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 4.9 | +| Name | Version | +| ------------------------------------------------ | ------- | +| [aws](#provider_aws) | >= 4.9 | ## Modules @@ -130,53 +128,54 @@ No modules. ## Resources -| Name | Type | -|------|------| -| [aws_lambda_alias.no_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | -| [aws_lambda_alias.with_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | -| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | -| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | -| [aws_lambda_permission.qualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | -| [aws_lambda_permission.version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | -| [aws_lambda_alias.existing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | +| Name | Type | +| --------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| [aws_lambda_alias.no_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | +| [aws_lambda_alias.with_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | +| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | +| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | +| [aws_lambda_permission.qualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_permission.version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_alias.existing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [allowed\_triggers](#input\_allowed\_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | -| [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | -| [create\_async\_event\_config](#input\_create\_async\_event\_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | -| [create\_qualified\_alias\_allowed\_triggers](#input\_create\_qualified\_alias\_allowed\_triggers) | Whether to allow triggers on qualified alias | `bool` | `true` | no | -| [create\_qualified\_alias\_async\_event\_config](#input\_create\_qualified\_alias\_async\_event\_config) | Whether to allow async event configuration on qualified alias | `bool` | `true` | no | -| [create\_version\_allowed\_triggers](#input\_create\_version\_allowed\_triggers) | Whether to allow triggers on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| [create\_version\_async\_event\_config](#input\_create\_version\_async\_event\_config) | Whether to allow async event configuration on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| [description](#input\_description) | Description of the alias. | `string` | `""` | no | -| [destination\_on\_failure](#input\_destination\_on\_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | -| [destination\_on\_success](#input\_destination\_on\_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | -| [event\_source\_mapping](#input\_event\_source\_mapping) | Map of event source mapping | `any` | `{}` | no | -| [function\_name](#input\_function\_name) | The function ARN of the Lambda function for which you want to create an alias. | `string` | `""` | no | -| [function\_version](#input\_function\_version) | Lambda function version for which you are creating the alias. Pattern: ($LATEST\|[0-9]+). | `string` | `""` | no | -| [maximum\_event\_age\_in\_seconds](#input\_maximum\_event\_age\_in\_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | -| [maximum\_retry\_attempts](#input\_maximum\_retry\_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | -| [name](#input\_name) | Name for the alias you are creating. | `string` | `""` | no | -| [refresh\_alias](#input\_refresh\_alias) | Whether to refresh function version used in the alias. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `true` | no | -| [routing\_additional\_version\_weights](#input\_routing\_additional\_version\_weights) | A map that defines the proportion of events that should be sent to different versions of a lambda function. | `map(number)` | `{}` | no | -| [use\_existing\_alias](#input\_use\_existing\_alias) | Whether to manage existing alias instead of creating a new one. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `false` | no | +| Name | Description | Type | Default | Required | +| ------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ------- | :------: | +| [allowed_triggers](#input_allowed_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | +| [create](#input_create) | Controls whether resources should be created | `bool` | `true` | no | +| [create_async_event_config](#input_create_async_event_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | +| [create_qualified_alias_allowed_triggers](#input_create_qualified_alias_allowed_triggers) | Whether to allow triggers on qualified alias | `bool` | `true` | no | +| [create_qualified_alias_async_event_config](#input_create_qualified_alias_async_event_config) | Whether to allow async event configuration on qualified alias | `bool` | `true` | no | +| [create_version_allowed_triggers](#input_create_version_allowed_triggers) | Whether to allow triggers on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [create_version_async_event_config](#input_create_version_async_event_config) | Whether to allow async event configuration on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [description](#input_description) | Description of the alias. | `string` | `""` | no | +| [destination_on_failure](#input_destination_on_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | +| [destination_on_success](#input_destination_on_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | +| [event_source_mapping](#input_event_source_mapping) | Map of event source mapping | `any` | `{}` | no | +| [function_name](#input_function_name) | The function ARN of the Lambda function for which you want to create an alias. | `string` | `""` | no | +| [function_version](#input_function_version) | Lambda function version for which you are creating the alias. Pattern: ($LATEST\|[0-9]+). | `string` | `""` | no | +| [maximum_event_age_in_seconds](#input_maximum_event_age_in_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | +| [maximum_retry_attempts](#input_maximum_retry_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | +| [name](#input_name) | Name for the alias you are creating. | `string` | `""` | no | +| [refresh_alias](#input_refresh_alias) | Whether to refresh function version used in the alias. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `true` | no | +| [routing_additional_version_weights](#input_routing_additional_version_weights) | A map that defines the proportion of events that should be sent to different versions of a lambda function. | `map(number)` | `{}` | no | +| [use_existing_alias](#input_use_existing_alias) | Whether to manage existing alias instead of creating a new one. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `false` | no | ## Outputs -| Name | Description | -|------|-------------| -| [lambda\_alias\_arn](#output\_lambda\_alias\_arn) | The ARN of the Lambda Function Alias | -| [lambda\_alias\_description](#output\_lambda\_alias\_description) | Description of alias | -| [lambda\_alias\_event\_source\_mapping\_function\_arn](#output\_lambda\_alias\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | -| [lambda\_alias\_event\_source\_mapping\_state](#output\_lambda\_alias\_event\_source\_mapping\_state) | The state of the event source mapping | -| [lambda\_alias\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_alias\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | -| [lambda\_alias\_event\_source\_mapping\_uuid](#output\_lambda\_alias\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | -| [lambda\_alias\_function\_version](#output\_lambda\_alias\_function\_version) | Lambda function version which the alias uses | -| [lambda\_alias\_invoke\_arn](#output\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | -| [lambda\_alias\_name](#output\_lambda\_alias\_name) | The name of the Lambda Function Alias | +| Name | Description | +| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------- | +| [lambda_alias_arn](#output_lambda_alias_arn) | The ARN of the Lambda Function Alias | +| [lambda_alias_description](#output_lambda_alias_description) | Description of alias | +| [lambda_alias_event_source_mapping_function_arn](#output_lambda_alias_event_source_mapping_function_arn) | The the ARN of the Lambda function the event source mapping is sending events to | +| [lambda_alias_event_source_mapping_state](#output_lambda_alias_event_source_mapping_state) | The state of the event source mapping | +| [lambda_alias_event_source_mapping_state_transition_reason](#output_lambda_alias_event_source_mapping_state_transition_reason) | The reason the event source mapping is in its current state | +| [lambda_alias_event_source_mapping_uuid](#output_lambda_alias_event_source_mapping_uuid) | The UUID of the created event source mapping | +| [lambda_alias_function_version](#output_lambda_alias_function_version) | Lambda function version which the alias uses | +| [lambda_alias_invoke_arn](#output_lambda_alias_invoke_arn) | The ARN to be used for invoking Lambda Function from API Gateway | +| [lambda_alias_name](#output_lambda_alias_name) | The name of the Lambda Function Alias | + ## Authors @@ -185,7 +184,6 @@ Module managed by [Anton Babenko](https://github.com/antonbabenko). Check out [s Please reach out to [Betajob](https://www.betajob.com/) if you are looking for commercial support for your Terraform, AWS, or serverless project. - ## License Apache 2 Licensed. See LICENSE for full details. diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 6da1f6e8..9ffd07ce 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -1,17 +1,17 @@ # Lambda Function Deployment via AWS CodeDeploy -Terraform module, which creates Lambda alias as well as AWS CodeDeploy resources required to deploy. +Terraform module, which creates Lambda alias as well as AWS CodeDeploy resources required to deploy. This Terraform module is the part of [serverless.tf framework](https://github.com/antonbabenko/serverless.tf), which aims to simplify all operations when working with the serverless in Terraform. This module can create AWS CodeDeploy application and deployment group, if necessary. If you have several functions, you probably want to create those resources externally, and then set `use_existing_deployment_group = true`. During deployment this module does the following: + 1. Create JSON object with required AppSpec configuration. Optionally, you can store deploy script for debug purposes by setting `save_deploy_script = true`. 1. Run [`aws deploy create-deployment` command](https://docs.aws.amazon.com/cli/latest/reference/deploy/create-deployment.html) if `create_deployment = true` and `run_deployment = true` was set. 1. After deployment is created, it can wait for the completion if `wait_deployment_completion = true`. Be aware, that Terraform will lock the execution and it can fail if it runs for a long period of time. Set this flag for fast deployments (eg, `deployment_config_name = "CodeDeployDefault.LambdaAllAtOnce"`). - ## Usage ### Complete example of Lambda Function deployment via AWS CodeDeploy @@ -92,26 +92,26 @@ module "lambda" { ## Examples -* [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Creates Lambda Function, Alias, and all resources required to create deployments using AWS CodeDeploy. - +- [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Creates Lambda Function, Alias, and all resources required to create deployments using AWS CodeDeploy. + ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 3.35 | -| [local](#requirement\_local) | >= 1.0 | -| [null](#requirement\_null) | >= 2.0 | +| Name | Version | +| ------------------------------------------------------------------------ | ------- | +| [terraform](#requirement_terraform) | >= 1.3 | +| [aws](#requirement_aws) | >= 3.35 | +| [local](#requirement_local) | >= 1.3 | +| [null](#requirement_null) | >= 2.0 | ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 3.35 | -| [local](#provider\_local) | >= 1.0 | -| [null](#provider\_null) | >= 2.0 | +| Name | Version | +| ------------------------------------------------------ | ------- | +| [aws](#provider_aws) | >= 3.35 | +| [local](#provider_local) | >= 1.3 | +| [null](#provider_null) | >= 2.0 | ## Modules @@ -119,78 +119,79 @@ No modules. ## Resources -| Name | Type | -|------|------| -| [aws_codedeploy_app.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_app) | resource | -| [aws_codedeploy_deployment_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_deployment_group) | resource | -| [aws_iam_policy.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [local_file.deploy_script](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | -| [null_resource.deploy](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | -| [aws_lambda_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | -| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_function) | data source | +| Name | Type | +| --------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| [aws_codedeploy_app.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_app) | resource | +| [aws_codedeploy_deployment_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_deployment_group) | resource | +| [aws_iam_policy.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [local_file.deploy_script](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | +| [null_resource.deploy](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | +| [aws_lambda_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | +| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_function) | data source | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [after\_allow\_traffic\_hook\_arn](#input\_after\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute after allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| [alarm\_enabled](#input\_alarm\_enabled) | Indicates whether the alarm configuration is enabled. This option is useful when you want to temporarily deactivate alarm monitoring for a deployment group without having to add the same alarms again later. | `bool` | `false` | no | -| [alarm\_ignore\_poll\_alarm\_failure](#input\_alarm\_ignore\_poll\_alarm\_failure) | Indicates whether a deployment should continue if information about the current state of alarms cannot be retrieved from CloudWatch. | `bool` | `false` | no | -| [alarms](#input\_alarms) | A list of alarms configured for the deployment group. A maximum of 10 alarms can be added to a deployment group. | `list(string)` | `[]` | no | -| [alias\_name](#input\_alias\_name) | Name for the alias | `string` | `""` | no | -| [app\_name](#input\_app\_name) | Name of AWS CodeDeploy application | `string` | `""` | no | -| [attach\_hooks\_policy](#input\_attach\_hooks\_policy) | Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined. | `bool` | `true` | no | -| [attach\_triggers\_policy](#input\_attach\_triggers\_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | -| [auto\_rollback\_enabled](#input\_auto\_rollback\_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | -| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | -| [aws\_cli\_command](#input\_aws\_cli\_command) | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | -| [before\_allow\_traffic\_hook\_arn](#input\_before\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | -| [codedeploy\_role\_name](#input\_codedeploy\_role\_name) | IAM role name to create or use by CodeDeploy | `string` | `""` | no | -| [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | -| [create\_app](#input\_create\_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | -| [create\_codedeploy\_role](#input\_create\_codedeploy\_role) | Whether to create new AWS CodeDeploy IAM role | `bool` | `true` | no | -| [create\_deployment](#input\_create\_deployment) | Create the AWS resources and script for CodeDeploy | `bool` | `false` | no | -| [create\_deployment\_group](#input\_create\_deployment\_group) | Whether to create new AWS CodeDeploy Deployment Group | `bool` | `false` | no | -| [current\_version](#input\_current\_version) | Current version of Lambda function version to deploy (can't be $LATEST) | `string` | `""` | no | -| [deployment\_config\_name](#input\_deployment\_config\_name) | Name of deployment config to use | `string` | `"CodeDeployDefault.LambdaAllAtOnce"` | no | -| [deployment\_group\_name](#input\_deployment\_group\_name) | Name of deployment group to use | `string` | `""` | no | -| [description](#input\_description) | Description to use for the deployment | `string` | `""` | no | -| [force\_deploy](#input\_force\_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | -| [function\_name](#input\_function\_name) | The name of the Lambda function to deploy | `string` | `""` | no | -| [get\_deployment\_sleep\_timer](#input\_get\_deployment\_sleep\_timer) | Adds additional sleep time to get-deployment command to avoid the service throttling | `number` | `5` | no | -| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | -| [run\_deployment](#input\_run\_deployment) | Run AWS CLI command to start the deployment | `bool` | `false` | no | -| [save\_deploy\_script](#input\_save\_deploy\_script) | Save deploy script locally | `bool` | `false` | no | -| [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | -| [target\_version](#input\_target\_version) | Target version of Lambda function version to deploy | `string` | `""` | no | -| [triggers](#input\_triggers) | Map of triggers which will be notified when event happens. Valid options for event types are DeploymentStart, DeploymentSuccess, DeploymentFailure, DeploymentStop, DeploymentRollback, DeploymentReady (Applies only to replacement instances in a blue/green deployment), InstanceStart, InstanceSuccess, InstanceFailure, InstanceReady. Note that not all are applicable for Lambda deployments. | `map(any)` | `{}` | no | -| [use\_existing\_app](#input\_use\_existing\_app) | Whether to use existing AWS CodeDeploy app | `bool` | `false` | no | -| [use\_existing\_deployment\_group](#input\_use\_existing\_deployment\_group) | Whether to use existing AWS CodeDeploy Deployment Group | `bool` | `false` | no | -| [wait\_deployment\_completion](#input\_wait\_deployment\_completion) | Wait until deployment completes. It can take a lot of time and your terraform process may lock execution for long time. | `bool` | `false` | no | +| Name | Description | Type | Default | Required | +| ------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | -------------------------------------------------- | :------: | +| [after_allow_traffic_hook_arn](#input_after_allow_traffic_hook_arn) | ARN of Lambda function to execute after allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | +| [alarm_enabled](#input_alarm_enabled) | Indicates whether the alarm configuration is enabled. This option is useful when you want to temporarily deactivate alarm monitoring for a deployment group without having to add the same alarms again later. | `bool` | `false` | no | +| [alarm_ignore_poll_alarm_failure](#input_alarm_ignore_poll_alarm_failure) | Indicates whether a deployment should continue if information about the current state of alarms cannot be retrieved from CloudWatch. | `bool` | `false` | no | +| [alarms](#input_alarms) | A list of alarms configured for the deployment group. A maximum of 10 alarms can be added to a deployment group. | `list(string)` | `[]` | no | +| [alias_name](#input_alias_name) | Name for the alias | `string` | `""` | no | +| [app_name](#input_app_name) | Name of AWS CodeDeploy application | `string` | `""` | no | +| [attach_hooks_policy](#input_attach_hooks_policy) | Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined. | `bool` | `true` | no | +| [attach_triggers_policy](#input_attach_triggers_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | +| [auto_rollback_enabled](#input_auto_rollback_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | +| [auto_rollback_events](#input_auto_rollback_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT_FAILURE and DEPLOYMENT_STOP_ON_ALARM. | `list(string)` | 
[
 "DEPLOYMENT_STOP_ON_ALARM"
]
| no | +| [aws_cli_command](#input_aws_cli_command) | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | +| [before_allow_traffic_hook_arn](#input_before_allow_traffic_hook_arn) | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | +| [codedeploy_principals](#input_codedeploy_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
 "codedeploy.amazonaws.com"
]
| no | +| [codedeploy_role_name](#input_codedeploy_role_name) | IAM role name to create or use by CodeDeploy | `string` | `""` | no | +| [create](#input_create) | Controls whether resources should be created | `bool` | `true` | no | +| [create_app](#input_create_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | +| [create_codedeploy_role](#input_create_codedeploy_role) | Whether to create new AWS CodeDeploy IAM role | `bool` | `true` | no | +| [create_deployment](#input_create_deployment) | Create the AWS resources and script for CodeDeploy | `bool` | `false` | no | +| [create_deployment_group](#input_create_deployment_group) | Whether to create new AWS CodeDeploy Deployment Group | `bool` | `false` | no | +| [current_version](#input_current_version) | Current version of Lambda function version to deploy (can't be $LATEST) | `string` | `""` | no | +| [deployment_config_name](#input_deployment_config_name) | Name of deployment config to use | `string` | `"CodeDeployDefault.LambdaAllAtOnce"` | no | +| [deployment_group_name](#input_deployment_group_name) | Name of deployment group to use | `string` | `""` | no | +| [description](#input_description) | Description to use for the deployment | `string` | `""` | no | +| [force_deploy](#input_force_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | +| [function_name](#input_function_name) | The name of the Lambda function to deploy | `string` | `""` | no | +| [get_deployment_sleep_timer](#input_get_deployment_sleep_timer) | Adds additional sleep time to get-deployment command to avoid the service throttling | `number` | `5` | no | +| [interpreter](#input_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
 "/bin/bash",
 "-c"
]
| no | +| [run_deployment](#input_run_deployment) | Run AWS CLI command to start the deployment | `bool` | `false` | no | +| [save_deploy_script](#input_save_deploy_script) | Save deploy script locally | `bool` | `false` | no | +| [tags](#input_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | +| [target_version](#input_target_version) | Target version of Lambda function version to deploy | `string` | `""` | no | +| [triggers](#input_triggers) | Map of triggers which will be notified when event happens. Valid options for event types are DeploymentStart, DeploymentSuccess, DeploymentFailure, DeploymentStop, DeploymentRollback, DeploymentReady (Applies only to replacement instances in a blue/green deployment), InstanceStart, InstanceSuccess, InstanceFailure, InstanceReady. Note that not all are applicable for Lambda deployments. | `map(any)` | `{}` | no | +| [use_existing_app](#input_use_existing_app) | Whether to use existing AWS CodeDeploy app | `bool` | `false` | no | +| [use_existing_deployment_group](#input_use_existing_deployment_group) | Whether to use existing AWS CodeDeploy Deployment Group | `bool` | `false` | no | +| [wait_deployment_completion](#input_wait_deployment_completion) | Wait until deployment completes. It can take a lot of time and your terraform process may lock execution for long time. | `bool` | `false` | no | ## Outputs -| Name | Description | -|------|-------------| -| [appspec](#output\_appspec) | Appspec data as HCL | -| [appspec\_content](#output\_appspec\_content) | Appspec data as valid JSON | -| [appspec\_sha256](#output\_appspec\_sha256) | SHA256 of Appspec JSON | -| [codedeploy\_app\_name](#output\_codedeploy\_app\_name) | Name of CodeDeploy application | -| [codedeploy\_deployment\_group\_id](#output\_codedeploy\_deployment\_group\_id) | CodeDeploy deployment group id | -| [codedeploy\_deployment\_group\_name](#output\_codedeploy\_deployment\_group\_name) | CodeDeploy deployment group name | -| [codedeploy\_iam\_role\_name](#output\_codedeploy\_iam\_role\_name) | Name of IAM role used by CodeDeploy | -| [deploy\_script](#output\_deploy\_script) | Path to a deployment script | -| [script](#output\_script) | Deployment script | +| Name | Description | +| ----------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | +| [appspec](#output_appspec) | Appspec data as HCL | +| [appspec_content](#output_appspec_content) | Appspec data as valid JSON | +| [appspec_sha256](#output_appspec_sha256) | SHA256 of Appspec JSON | +| [codedeploy_app_name](#output_codedeploy_app_name) | Name of CodeDeploy application | +| [codedeploy_deployment_group_id](#output_codedeploy_deployment_group_id) | CodeDeploy deployment group id | +| [codedeploy_deployment_group_name](#output_codedeploy_deployment_group_name) | CodeDeploy deployment group name | +| [codedeploy_iam_role_name](#output_codedeploy_iam_role_name) | Name of IAM role used by CodeDeploy | +| [deploy_script](#output_deploy_script) | Path to a deployment script | +| [script](#output_script) | Deployment script | + ## Authors @@ -199,7 +200,6 @@ Module managed by [Anton Babenko](https://github.com/antonbabenko). Check out [s Please reach out to [Betajob](https://www.betajob.com/) if you are looking for commercial support for your Terraform, AWS, or serverless project. - ## License Apache 2 Licensed. See LICENSE for full details. diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 0bfb506c..1d31985c 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -49,26 +49,26 @@ module "docker_image" { ## Examples -* [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Creates Docker Image, ECR resository and deploys it Lambda Function. - +- [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Creates Docker Image, ECR resository and deploys it Lambda Function. + ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.22 | -| [docker](#requirement\_docker) | >= 3.0 | -| [null](#requirement\_null) | >= 2.0 | +| Name | Version | +| ------------------------------------------------------------------------ | ------- | +| [terraform](#requirement_terraform) | >= 1.3 | +| [aws](#requirement_aws) | >= 4.22 | +| [docker](#requirement_docker) | >= 3.0 | +| [null](#requirement_null) | >= 2.0 | ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 4.22 | -| [docker](#provider\_docker) | >= 3.0 | -| [null](#provider\_null) | >= 2.0 | +| Name | Version | +| --------------------------------------------------------- | ------- | +| [aws](#provider_aws) | >= 4.22 | +| [docker](#provider_docker) | >= 3.0 | +| [null](#provider_null) | >= 2.0 | ## Modules @@ -76,47 +76,48 @@ No modules. ## Resources -| Name | Type | -|------|------| -| [aws_ecr_lifecycle_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource | -| [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource | -| [docker_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/image) | resource | -| [docker_registry_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/registry_image) | resource | -| [null_resource.sam_metadata_docker_registry_image](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| Name | Type | +| ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| [aws_ecr_lifecycle_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource | +| [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource | +| [docker_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/image) | resource | +| [docker_registry_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/registry_image) | resource | +| [null_resource.sam_metadata_docker_registry_image](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [build\_args](#input\_build\_args) | A map of Docker build arguments. | `map(string)` | `{}` | no | -| [cache\_from](#input\_cache\_from) | List of images to consider as cache sources when building the image. | `list(string)` | `[]` | no | -| [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | -| [create\_sam\_metadata](#input\_create\_sam\_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no | -| [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | -| [ecr\_address](#input\_ecr\_address) | Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false` | `string` | `null` | no | -| [ecr\_force\_delete](#input\_ecr\_force\_delete) | If true, will delete the repository even if it contains images. | `bool` | `true` | no | -| [ecr\_repo](#input\_ecr\_repo) | Name of ECR repository to use or to create | `string` | `null` | no | -| [ecr\_repo\_lifecycle\_policy](#input\_ecr\_repo\_lifecycle\_policy) | A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images. | `string` | `null` | no | -| [ecr\_repo\_tags](#input\_ecr\_repo\_tags) | A map of tags to assign to ECR repository | `map(string)` | `{}` | no | -| [force\_remove](#input\_force\_remove) | Whether to remove image forcibly when the resource is destroyed. | `bool` | `false` | no | -| [image\_tag](#input\_image\_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | -| [image\_tag\_mutability](#input\_image\_tag\_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | -| [keep\_locally](#input\_keep\_locally) | Whether to delete the Docker image locally on destroy operation. | `bool` | `false` | no | -| [keep\_remotely](#input\_keep\_remotely) | Whether to keep Docker image in the remote registry on destroy operation. | `bool` | `false` | no | -| [platform](#input\_platform) | The target architecture platform to build the image for. | `string` | `null` | no | -| [scan\_on\_push](#input\_scan\_on\_push) | Indicates whether images are scanned after being pushed to the repository | `bool` | `false` | no | -| [source\_path](#input\_source\_path) | Path to folder containing application code | `string` | `null` | no | -| [triggers](#input\_triggers) | A map of arbitrary strings that, when changed, will force the docker\_image resource to be replaced. This can be used to rebuild an image when contents of source code folders change | `map(string)` | `{}` | no | -| [use\_image\_tag](#input\_use\_image\_tag) | Controls whether to use image tag in ECR repository URI or not. Disable this to deploy latest image using ID (sha256:...) | `bool` | `true` | no | +| Name | Description | Type | Default | Required | +| ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------- | -------------- | :------: | +| [build_args](#input_build_args) | A map of Docker build arguments. | `map(string)` | `{}` | no | +| [cache_from](#input_cache_from) | List of images to consider as cache sources when building the image. | `list(string)` | `[]` | no | +| [create_ecr_repo](#input_create_ecr_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | +| [create_sam_metadata](#input_create_sam_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no | +| [docker_file_path](#input_docker_file_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | +| [ecr_address](#input_ecr_address) | Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false` | `string` | `null` | no | +| [ecr_force_delete](#input_ecr_force_delete) | If true, will delete the repository even if it contains images. | `bool` | `true` | no | +| [ecr_repo](#input_ecr_repo) | Name of ECR repository to use or to create | `string` | `null` | no | +| [ecr_repo_lifecycle_policy](#input_ecr_repo_lifecycle_policy) | A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images. | `string` | `null` | no | +| [ecr_repo_tags](#input_ecr_repo_tags) | A map of tags to assign to ECR repository | `map(string)` | `{}` | no | +| [force_remove](#input_force_remove) | Whether to remove image forcibly when the resource is destroyed. | `bool` | `false` | no | +| [image_tag](#input_image_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | +| [image_tag_mutability](#input_image_tag_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | +| [keep_locally](#input_keep_locally) | Whether to delete the Docker image locally on destroy operation. | `bool` | `false` | no | +| [keep_remotely](#input_keep_remotely) | Whether to keep Docker image in the remote registry on destroy operation. | `bool` | `false` | no | +| [platform](#input_platform) | The target architecture platform to build the image for. | `string` | `null` | no | +| [scan_on_push](#input_scan_on_push) | Indicates whether images are scanned after being pushed to the repository | `bool` | `false` | no | +| [source_path](#input_source_path) | Path to folder containing application code | `string` | `null` | no | +| [triggers](#input_triggers) | A map of arbitrary strings that, when changed, will force the docker_image resource to be replaced. This can be used to rebuild an image when contents of source code folders change | `map(string)` | `{}` | no | +| [use_image_tag](#input_use_image_tag) | Controls whether to use image tag in ECR repository URI or not. Disable this to deploy latest image using ID (sha256:...) | `bool` | `true` | no | ## Outputs -| Name | Description | -|------|-------------| -| [image\_id](#output\_image\_id) | The ID of the Docker image | -| [image\_uri](#output\_image\_uri) | The ECR image URI for deploying lambda | +| Name | Description | +| -------------------------------------------------------------- | -------------------------------------- | +| [image_id](#output_image_id) | The ID of the Docker image | +| [image_uri](#output_image_uri) | The ECR image URI for deploying lambda | + ## Authors @@ -125,7 +126,6 @@ Module managed by [Anton Babenko](https://github.com/antonbabenko). Check out [s Please reach out to [Betajob](https://www.betajob.com/) if you are looking for commercial support for your Terraform, AWS, or serverless project. - ## License Apache 2 Licensed. See LICENSE for full details. From d1470b715bbc1bcf6b414f8cfac082fb0deef91c Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 13:10:55 -0400 Subject: [PATCH 07/12] fix: upgrade pre-commit hooks version in actions --- .github/workflows/pre-commit.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index a19ff831..06f8c6dc 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,8 +7,8 @@ on: - master env: - TERRAFORM_DOCS_VERSION: v0.19.0 - TFLINT_VERSION: v0.53.0 + TERRAFORM_DOCS_VERSION: v0.20.0 + TFLINT_VERSION: v0.59.1 jobs: collectInputs: @@ -22,7 +22,7 @@ jobs: - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.9.0 + uses: clowdhaus/terraform-composite-actions/directories@v1.13.0 preCommitMinVersions: name: Min TF pre-commit @@ -45,14 +45,14 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.1 + uses: clowdhaus/terraform-min-max@v2.1.0 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.13.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -61,7 +61,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.13.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -88,10 +88,10 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.1 + uses: clowdhaus/terraform-min-max@v2.1.0 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.13.0 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} From e7b26da6a0df9d8bea228a16da91c8f149cad92a Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 13:48:28 -0400 Subject: [PATCH 08/12] chore: re-run for pre-commit hooks --- README.md | 340 ++++++++++++++++----------------- modules/alias/README.md | 98 +++++----- modules/deploy/README.md | 156 ++++++++------- modules/docker-build/README.md | 94 +++++---- 4 files changed, 340 insertions(+), 348 deletions(-) diff --git a/README.md b/README.md index 5c4e0d43..80742506 100644 --- a/README.md +++ b/README.md @@ -667,19 +667,18 @@ Q4: What does this error mean - `"We currently do not support adding policies fo - [1Mill/serverless-tf-examples](https://github.com/1Mill/serverless-tf-examples/tree/main/src) - ## Requirements -| Name | Version | -| ------------------------------------------------------------------------ | ------- | -| [terraform](#requirement_terraform) | >= 1.3 | -| [aws](#requirement_aws) | >= 5.79 | +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3 | +| [aws](#requirement\_aws) | >= 5.79 | ## Providers -| Name | Version | -| ------------------------------------------------ | ------- | -| [aws](#provider_aws) | >= 5.79 | +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 5.79 | ## Modules @@ -687,175 +686,174 @@ No modules. ## Resources -| Name | Type | -| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------- | -| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | -| [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_iam_role_policy_attachment.additional_many](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.additional_one](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | -| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | -| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | -| [aws_lambda_function_recursion_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_recursion_config) | resource | -| [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource | -| [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | -| [aws_lambda_permission.unqualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | -| [aws_lambda_provisioned_concurrency_config.current_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_provisioned_concurrency_config) | resource | -| [aws_arn.log_group_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | data source | -| [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy_document.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| Name | Type | +|------|------| +| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | +| [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy_attachment.additional_many](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.additional_one](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | +| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | +| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | +| [aws_lambda_function_recursion_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_recursion_config) | resource | +| [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource | +| [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_permission.unqualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_provisioned_concurrency_config.current_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_provisioned_concurrency_config) | resource | +| [aws_arn.log_group_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | data source | +| [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | +| [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | +| [aws_iam_policy_document.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs -| Name | Description | Type | Default | Required | -| --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------- | -------- | :------: | -| [allowed_triggers](#input_allowed_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | -| [architectures](#input_architectures) | Instruction set architecture for your Lambda function. Valid values are ["x86\_64"] and ["arm64"]. | `list(string)` | `null` | no | -| [assume_role_policy_statements](#input_assume_role_policy_statements) | Map of dynamic policy statements for assuming Lambda Function role (trust relationship) | `any` | `{}` | no | -| [attach_async_event_policy](#input_attach_async_event_policy) | Controls whether async event policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach_cloudwatch_logs_policy](#input_attach_cloudwatch_logs_policy) | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | `bool` | `true` | no | -| [attach_create_log_group_permission](#input_attach_create_log_group_permission) | Controls whether to add the create log group permission to the CloudWatch logs policy | `bool` | `true` | no | -| [attach_dead_letter_policy](#input_attach_dead_letter_policy) | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach_network_policy](#input_attach_network_policy) | Controls whether VPC/network policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach_policies](#input_attach_policies) | Controls whether list of policies should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach_policy](#input_attach_policy) | Controls whether policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach_policy_json](#input_attach_policy_json) | Controls whether policy_json should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach_policy_jsons](#input_attach_policy_jsons) | Controls whether policy_jsons should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach_policy_statements](#input_attach_policy_statements) | Controls whether policy_statements should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [attach_tracing_policy](#input_attach_tracing_policy) | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| [authorization_type](#input_authorization_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no | -| [cloudwatch_logs_kms_key_id](#input_cloudwatch_logs_kms_key_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | -| [cloudwatch_logs_log_group_class](#input_cloudwatch_logs_log_group_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no | -| [cloudwatch_logs_retention_in_days](#input_cloudwatch_logs_retention_in_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | -| [cloudwatch_logs_skip_destroy](#input_cloudwatch_logs_skip_destroy) | Whether to keep the log group (and any logs it may contain) at destroy time. | `bool` | `false` | no | -| [cloudwatch_logs_tags](#input_cloudwatch_logs_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | -| [code_signing_config_arn](#input_code_signing_config_arn) | Amazon Resource Name (ARN) for a Code Signing Configuration | `string` | `null` | no | -| [cors](#input_cors) | CORS settings to be used by the Lambda Function URL | `any` | `{}` | no | -| [create](#input_create) | Controls whether resources should be created | `bool` | `true` | no | -| [create_async_event_config](#input_create_async_event_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | -| [create_current_version_allowed_triggers](#input_create_current_version_allowed_triggers) | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| [create_current_version_async_event_config](#input_create_current_version_async_event_config) | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| [create_function](#input_create_function) | Controls whether Lambda Function resource should be created | `bool` | `true` | no | -| [create_lambda_function_url](#input_create_lambda_function_url) | Controls whether the Lambda Function URL resource should be created | `bool` | `false` | no | -| [create_layer](#input_create_layer) | Controls whether Lambda Layer resource should be created | `bool` | `false` | no | -| [create_role](#input_create_role) | Controls whether IAM role for Lambda Function should be created | `bool` | `true` | no | -| [create_unqualified_alias_allowed_triggers](#input_create_unqualified_alias_allowed_triggers) | Whether to allow triggers on unqualified alias pointing to $LATEST version | `bool` | `true` | no | -| [create_unqualified_alias_async_event_config](#input_create_unqualified_alias_async_event_config) | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | `bool` | `true` | no | -| [create_unqualified_alias_lambda_function_url](#input_create_unqualified_alias_lambda_function_url) | Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL | `bool` | `true` | no | -| [dead_letter_target_arn](#input_dead_letter_target_arn) | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | `string` | `null` | no | -| [description](#input_description) | Description of your Lambda Function (or Layer) | `string` | `""` | no | -| [destination_on_failure](#input_destination_on_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | -| [destination_on_success](#input_destination_on_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | -| [environment_variables](#input_environment_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no | -| [ephemeral_storage_size](#input_ephemeral_storage_size) | Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | `number` | `512` | no | -| [event_source_mapping](#input_event_source_mapping) | Map of event source mapping | `any` | `{}` | no | -| [file_system_arn](#input_file_system_arn) | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | `string` | `null` | no | -| [file_system_local_mount_path](#input_file_system_local_mount_path) | The path where the function can access the file system, starting with /mnt/. | `string` | `null` | no | -| [function_name](#input_function_name) | A unique name for your Lambda Function | `string` | `""` | no | -| [function_tags](#input_function_tags) | A map of tags to assign only to the lambda function | `map(string)` | `{}` | no | -| [handler](#input_handler) | Lambda Function entrypoint in your code | `string` | `""` | no | -| [image_config_command](#input_image_config_command) | The CMD for the docker image | `list(string)` | `[]` | no | -| [image_config_entry_point](#input_image_config_entry_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | -| [image_config_working_directory](#input_image_config_working_directory) | The working directory for the docker image | `string` | `null` | no | -| [image_uri](#input_image_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no | -| [include_default_tag](#input_include_default_tag) | Set to false to not include the default tag in the tags map. | `bool` | `true` | no | -| [invoke_mode](#input_invoke_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE_STREAM. | `string` | `null` | no | -| [ipv6_allowed_for_dual_stack](#input_ipv6_allowed_for_dual_stack) | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets | `bool` | `null` | no | -| [kms_key_arn](#input_kms_key_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | -| [lambda_at_edge](#input_lambda_at_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | -| [lambda_at_edge_logs_all_regions](#input_lambda_at_edge_logs_all_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no | -| [lambda_role](#input_lambda_role) | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | -| [layers](#input_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `null` | no | -| [logging_application_log_level](#input_logging_application_log_level) | The application log level of the Lambda Function. Valid values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", or "FATAL". | `string` | `"INFO"` | no | -| [logging_log_format](#input_logging_log_format) | The log format of the Lambda Function. Valid values are "JSON" or "Text". | `string` | `"Text"` | no | -| [logging_log_group](#input_logging_log_group) | The CloudWatch log group to send logs to. | `string` | `null` | no | -| [logging_system_log_level](#input_logging_system_log_level) | The system log level of the Lambda Function. Valid values are "DEBUG", "INFO", or "WARN". | `string` | `"INFO"` | no | -| [maximum_event_age_in_seconds](#input_maximum_event_age_in_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | -| [maximum_retry_attempts](#input_maximum_retry_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | -| [memory_size](#input_memory_size) | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | `number` | `128` | no | -| [number_of_policies](#input_number_of_policies) | Number of policies to attach to IAM role for Lambda Function | `number` | `0` | no | -| [number_of_policy_jsons](#input_number_of_policy_jsons) | Number of policies JSON to attach to IAM role for Lambda Function | `number` | `0` | no | -| [package_type](#input_package_type) | The Lambda deployment package type. Valid options: Zip or Image | `string` | `"Zip"` | no | -| [policies](#input_policies) | List of policy statements ARN to attach to Lambda Function role | `list(string)` | `[]` | no | -| [policy](#input_policy) | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no | -| [policy_json](#input_policy_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | -| [policy_jsons](#input_policy_jsons) | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no | -| [policy_name](#input_policy_name) | IAM policy name. It override the default value, which is the same as role_name | `string` | `null` | no | -| [policy_path](#input_policy_path) | Path of policies to that should be added to IAM role for Lambda Function | `string` | `null` | no | -| [policy_statements](#input_policy_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | -| [provisioned_concurrent_executions](#input_provisioned_concurrent_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | -| [publish](#input_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | -| [putin_khuylo](#input_putin_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | -| [recursive_loop](#input_recursive_loop) | Lambda function recursion configuration. Valid values are Allow or Terminate. | `string` | `null` | no | -| [replace_security_groups_on_destroy](#input_replace_security_groups_on_destroy) | (Optional) When true, all security groups defined in vpc_security_group_ids will be replaced with the default security group after the function is destroyed. Set the replacement_security_group_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no | -| [replacement_security_group_ids](#input_replacement_security_group_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace_security_groups_on_destroy must be set to true to use this attribute. | `list(string)` | `null` | no | -| [reserved_concurrent_executions](#input_reserved_concurrent_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | -| [role_description](#input_role_description) | Description of IAM role to use for Lambda Function | `string` | `null` | no | -| [role_force_detach_policies](#input_role_force_detach_policies) | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no | -| [role_maximum_session_duration](#input_role_maximum_session_duration) | Maximum session duration, in seconds, for the IAM role | `number` | `3600` | no | -| [role_name](#input_role_name) | Name of IAM role to use for Lambda Function | `string` | `null` | no | -| [role_path](#input_role_path) | Path of IAM role to use for Lambda Function | `string` | `null` | no | -| [role_permissions_boundary](#input_role_permissions_boundary) | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | `string` | `null` | no | -| [role_tags](#input_role_tags) | A map of tags to assign to IAM role | `map(string)` | `{}` | no | -| [runtime](#input_runtime) | Lambda Function runtime | `string` | `""` | no | -| [skip_destroy](#input_skip_destroy) | Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. Useful for Lambda@Edge functions attached to CloudFront distributions. | `bool` | `null` | no | -| [snap_start](#input_snap_start) | (Optional) Snap start settings for low-latency startups | `bool` | `false` | no | -| [tags](#input_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | -| [timeout](#input_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no | -| [timeouts](#input_timeouts) | Define maximum timeout for creating, updating, and deleting Lambda Function resources | `map(string)` | `{}` | no | -| [tracing_mode](#input_tracing_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no | -| [trusted_entities](#input_trusted_entities) | List of additional trusted entities for assuming Lambda Function role (trust relationship) | `any` | `[]` | no | -| [use_existing_cloudwatch_log_group](#input_use_existing_cloudwatch_log_group) | Whether to use an existing CloudWatch log group or create new | `bool` | `false` | no | -| [vpc_security_group_ids](#input_vpc_security_group_ids) | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no | -| [vpc_subnet_ids](#input_vpc_subnet_ids) | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | `list(string)` | `null` | no | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [allowed\_triggers](#input\_allowed\_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | +| [architectures](#input\_architectures) | Instruction set architecture for your Lambda function. Valid values are ["x86\_64"] and ["arm64"]. | `list(string)` | `null` | no | +| [assume\_role\_policy\_statements](#input\_assume\_role\_policy\_statements) | Map of dynamic policy statements for assuming Lambda Function role (trust relationship) | `any` | `{}` | no | +| [attach\_async\_event\_policy](#input\_attach\_async\_event\_policy) | Controls whether async event policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_cloudwatch\_logs\_policy](#input\_attach\_cloudwatch\_logs\_policy) | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | `bool` | `true` | no | +| [attach\_create\_log\_group\_permission](#input\_attach\_create\_log\_group\_permission) | Controls whether to add the create log group permission to the CloudWatch logs policy | `bool` | `true` | no | +| [attach\_dead\_letter\_policy](#input\_attach\_dead\_letter\_policy) | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_network\_policy](#input\_attach\_network\_policy) | Controls whether VPC/network policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_policies](#input\_attach\_policies) | Controls whether list of policies should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_policy](#input\_attach\_policy) | Controls whether policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_policy\_json](#input\_attach\_policy\_json) | Controls whether policy\_json should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_policy\_jsons](#input\_attach\_policy\_jsons) | Controls whether policy\_jsons should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_policy\_statements](#input\_attach\_policy\_statements) | Controls whether policy\_statements should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_tracing\_policy](#input\_attach\_tracing\_policy) | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [authorization\_type](#input\_authorization\_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS\_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no | +| [cloudwatch\_logs\_kms\_key\_id](#input\_cloudwatch\_logs\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | +| [cloudwatch\_logs\_log\_group\_class](#input\_cloudwatch\_logs\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no | +| [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | +| [cloudwatch\_logs\_skip\_destroy](#input\_cloudwatch\_logs\_skip\_destroy) | Whether to keep the log group (and any logs it may contain) at destroy time. | `bool` | `false` | no | +| [cloudwatch\_logs\_tags](#input\_cloudwatch\_logs\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | +| [code\_signing\_config\_arn](#input\_code\_signing\_config\_arn) | Amazon Resource Name (ARN) for a Code Signing Configuration | `string` | `null` | no | +| [cors](#input\_cors) | CORS settings to be used by the Lambda Function URL | `any` | `{}` | no | +| [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | +| [create\_async\_event\_config](#input\_create\_async\_event\_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | +| [create\_current\_version\_allowed\_triggers](#input\_create\_current\_version\_allowed\_triggers) | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [create\_current\_version\_async\_event\_config](#input\_create\_current\_version\_async\_event\_config) | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [create\_function](#input\_create\_function) | Controls whether Lambda Function resource should be created | `bool` | `true` | no | +| [create\_lambda\_function\_url](#input\_create\_lambda\_function\_url) | Controls whether the Lambda Function URL resource should be created | `bool` | `false` | no | +| [create\_layer](#input\_create\_layer) | Controls whether Lambda Layer resource should be created | `bool` | `false` | no | +| [create\_role](#input\_create\_role) | Controls whether IAM role for Lambda Function should be created | `bool` | `true` | no | +| [create\_unqualified\_alias\_allowed\_triggers](#input\_create\_unqualified\_alias\_allowed\_triggers) | Whether to allow triggers on unqualified alias pointing to $LATEST version | `bool` | `true` | no | +| [create\_unqualified\_alias\_async\_event\_config](#input\_create\_unqualified\_alias\_async\_event\_config) | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | `bool` | `true` | no | +| [create\_unqualified\_alias\_lambda\_function\_url](#input\_create\_unqualified\_alias\_lambda\_function\_url) | Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL | `bool` | `true` | no | +| [dead\_letter\_target\_arn](#input\_dead\_letter\_target\_arn) | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | `string` | `null` | no | +| [description](#input\_description) | Description of your Lambda Function (or Layer) | `string` | `""` | no | +| [destination\_on\_failure](#input\_destination\_on\_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | +| [destination\_on\_success](#input\_destination\_on\_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | +| [environment\_variables](#input\_environment\_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no | +| [ephemeral\_storage\_size](#input\_ephemeral\_storage\_size) | Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | `number` | `512` | no | +| [event\_source\_mapping](#input\_event\_source\_mapping) | Map of event source mapping | `any` | `{}` | no | +| [file\_system\_arn](#input\_file\_system\_arn) | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | `string` | `null` | no | +| [file\_system\_local\_mount\_path](#input\_file\_system\_local\_mount\_path) | The path where the function can access the file system, starting with /mnt/. | `string` | `null` | no | +| [function\_name](#input\_function\_name) | A unique name for your Lambda Function | `string` | `""` | no | +| [function\_tags](#input\_function\_tags) | A map of tags to assign only to the lambda function | `map(string)` | `{}` | no | +| [handler](#input\_handler) | Lambda Function entrypoint in your code | `string` | `""` | no | +| [image\_config\_command](#input\_image\_config\_command) | The CMD for the docker image | `list(string)` | `[]` | no | +| [image\_config\_entry\_point](#input\_image\_config\_entry\_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | +| [image\_config\_working\_directory](#input\_image\_config\_working\_directory) | The working directory for the docker image | `string` | `null` | no | +| [image\_uri](#input\_image\_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no | +| [include\_default\_tag](#input\_include\_default\_tag) | Set to false to not include the default tag in the tags map. | `bool` | `true` | no | +| [invoke\_mode](#input\_invoke\_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE\_STREAM. | `string` | `null` | no | +| [ipv6\_allowed\_for\_dual\_stack](#input\_ipv6\_allowed\_for\_dual\_stack) | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets | `bool` | `null` | no | +| [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | +| [lambda\_at\_edge](#input\_lambda\_at\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | +| [lambda\_at\_edge\_logs\_all\_regions](#input\_lambda\_at\_edge\_logs\_all\_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no | +| [lambda\_role](#input\_lambda\_role) | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | +| [layers](#input\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `null` | no | +| [logging\_application\_log\_level](#input\_logging\_application\_log\_level) | The application log level of the Lambda Function. Valid values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", or "FATAL". | `string` | `"INFO"` | no | +| [logging\_log\_format](#input\_logging\_log\_format) | The log format of the Lambda Function. Valid values are "JSON" or "Text". | `string` | `"Text"` | no | +| [logging\_log\_group](#input\_logging\_log\_group) | The CloudWatch log group to send logs to. | `string` | `null` | no | +| [logging\_system\_log\_level](#input\_logging\_system\_log\_level) | The system log level of the Lambda Function. Valid values are "DEBUG", "INFO", or "WARN". | `string` | `"INFO"` | no | +| [maximum\_event\_age\_in\_seconds](#input\_maximum\_event\_age\_in\_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | +| [maximum\_retry\_attempts](#input\_maximum\_retry\_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | +| [memory\_size](#input\_memory\_size) | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | `number` | `128` | no | +| [number\_of\_policies](#input\_number\_of\_policies) | Number of policies to attach to IAM role for Lambda Function | `number` | `0` | no | +| [number\_of\_policy\_jsons](#input\_number\_of\_policy\_jsons) | Number of policies JSON to attach to IAM role for Lambda Function | `number` | `0` | no | +| [package\_type](#input\_package\_type) | The Lambda deployment package type. Valid options: Zip or Image | `string` | `"Zip"` | no | +| [policies](#input\_policies) | List of policy statements ARN to attach to Lambda Function role | `list(string)` | `[]` | no | +| [policy](#input\_policy) | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no | +| [policy\_json](#input\_policy\_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | +| [policy\_jsons](#input\_policy\_jsons) | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no | +| [policy\_name](#input\_policy\_name) | IAM policy name. It override the default value, which is the same as role\_name | `string` | `null` | no | +| [policy\_path](#input\_policy\_path) | Path of policies to that should be added to IAM role for Lambda Function | `string` | `null` | no | +| [policy\_statements](#input\_policy\_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | +| [provisioned\_concurrent\_executions](#input\_provisioned\_concurrent\_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | +| [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | +| [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | +| [recursive\_loop](#input\_recursive\_loop) | Lambda function recursion configuration. Valid values are Allow or Terminate. | `string` | `null` | no | +| [replace\_security\_groups\_on\_destroy](#input\_replace\_security\_groups\_on\_destroy) | (Optional) When true, all security groups defined in vpc\_security\_group\_ids will be replaced with the default security group after the function is destroyed. Set the replacement\_security\_group\_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no | +| [replacement\_security\_group\_ids](#input\_replacement\_security\_group\_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace\_security\_groups\_on\_destroy must be set to true to use this attribute. | `list(string)` | `null` | no | +| [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | +| [role\_description](#input\_role\_description) | Description of IAM role to use for Lambda Function | `string` | `null` | no | +| [role\_force\_detach\_policies](#input\_role\_force\_detach\_policies) | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no | +| [role\_maximum\_session\_duration](#input\_role\_maximum\_session\_duration) | Maximum session duration, in seconds, for the IAM role | `number` | `3600` | no | +| [role\_name](#input\_role\_name) | Name of IAM role to use for Lambda Function | `string` | `null` | no | +| [role\_path](#input\_role\_path) | Path of IAM role to use for Lambda Function | `string` | `null` | no | +| [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | `string` | `null` | no | +| [role\_tags](#input\_role\_tags) | A map of tags to assign to IAM role | `map(string)` | `{}` | no | +| [runtime](#input\_runtime) | Lambda Function runtime | `string` | `""` | no | +| [skip\_destroy](#input\_skip\_destroy) | Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. Useful for Lambda@Edge functions attached to CloudFront distributions. | `bool` | `null` | no | +| [snap\_start](#input\_snap\_start) | (Optional) Snap start settings for low-latency startups | `bool` | `false` | no | +| [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | +| [timeout](#input\_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no | +| [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting Lambda Function resources | `map(string)` | `{}` | no | +| [tracing\_mode](#input\_tracing\_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no | +| [trusted\_entities](#input\_trusted\_entities) | List of additional trusted entities for assuming Lambda Function role (trust relationship) | `any` | `[]` | no | +| [use\_existing\_cloudwatch\_log\_group](#input\_use\_existing\_cloudwatch\_log\_group) | Whether to use an existing CloudWatch log group or create new | `bool` | `false` | no | +| [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no | +| [vpc\_subnet\_ids](#input\_vpc\_subnet\_ids) | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | `list(string)` | `null` | no | ## Outputs -| Name | Description | -| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | -| [lambda_cloudwatch_log_group_arn](#output_lambda_cloudwatch_log_group_arn) | The ARN of the Cloudwatch Log Group | -| [lambda_cloudwatch_log_group_name](#output_lambda_cloudwatch_log_group_name) | The name of the Cloudwatch Log Group | -| [lambda_event_source_mapping_arn](#output_lambda_event_source_mapping_arn) | The event source mapping ARN | -| [lambda_event_source_mapping_function_arn](#output_lambda_event_source_mapping_function_arn) | The the ARN of the Lambda function the event source mapping is sending events to | -| [lambda_event_source_mapping_state](#output_lambda_event_source_mapping_state) | The state of the event source mapping | -| [lambda_event_source_mapping_state_transition_reason](#output_lambda_event_source_mapping_state_transition_reason) | The reason the event source mapping is in its current state | -| [lambda_event_source_mapping_uuid](#output_lambda_event_source_mapping_uuid) | The UUID of the created event source mapping | -| [lambda_function_arn](#output_lambda_function_arn) | The ARN of the Lambda Function | -| [lambda_function_arn_static](#output_lambda_function_arn_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | -| [lambda_function_invoke_arn](#output_lambda_function_invoke_arn) | The Invoke ARN of the Lambda Function | -| [lambda_function_kms_key_arn](#output_lambda_function_kms_key_arn) | The ARN for the KMS encryption key of Lambda Function | -| [lambda_function_last_modified](#output_lambda_function_last_modified) | The date Lambda Function resource was last modified | -| [lambda_function_name](#output_lambda_function_name) | The name of the Lambda Function | -| [lambda_function_qualified_arn](#output_lambda_function_qualified_arn) | The ARN identifying your Lambda Function Version | -| [lambda_function_qualified_invoke_arn](#output_lambda_function_qualified_invoke_arn) | The Invoke ARN identifying your Lambda Function Version | -| [lambda_function_signing_job_arn](#output_lambda_function_signing_job_arn) | ARN of the signing job | -| [lambda_function_signing_profile_version_arn](#output_lambda_function_signing_profile_version_arn) | ARN of the signing profile version | -| [lambda_function_source_code_hash](#output_lambda_function_source_code_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [lambda_function_source_code_size](#output_lambda_function_source_code_size) | The size in bytes of the function .zip file | -| [lambda_function_url](#output_lambda_function_url) | The URL of the Lambda Function URL | -| [lambda_function_url_id](#output_lambda_function_url_id) | The Lambda Function URL generated id | -| [lambda_function_version](#output_lambda_function_version) | Latest published version of Lambda Function | -| [lambda_role_arn](#output_lambda_role_arn) | The ARN of the IAM role created for the Lambda Function | -| [lambda_role_name](#output_lambda_role_name) | The name of the IAM role created for the Lambda Function | -| [lambda_role_unique_id](#output_lambda_role_unique_id) | The unique id of the IAM role created for the Lambda Function | - +| Name | Description | +|------|-------------| +| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_cloudwatch\_log\_group\_name](#output\_lambda\_cloudwatch\_log\_group\_name) | The name of the Cloudwatch Log Group | +| [lambda\_event\_source\_mapping\_arn](#output\_lambda\_event\_source\_mapping\_arn) | The event source mapping ARN | +| [lambda\_event\_source\_mapping\_function\_arn](#output\_lambda\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | +| [lambda\_event\_source\_mapping\_state](#output\_lambda\_event\_source\_mapping\_state) | The state of the event source mapping | +| [lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | +| [lambda\_event\_source\_mapping\_uuid](#output\_lambda\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | +| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_qualified\_invoke\_arn](#output\_lambda\_function\_qualified\_invoke\_arn) | The Invoke ARN identifying your Lambda Function Version | +| [lambda\_function\_signing\_job\_arn](#output\_lambda\_function\_signing\_job\_arn) | ARN of the signing job | +| [lambda\_function\_signing\_profile\_version\_arn](#output\_lambda\_function\_signing\_profile\_version\_arn) | ARN of the signing profile version | +| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_url](#output\_lambda\_function\_url) | The URL of the Lambda Function URL | +| [lambda\_function\_url\_id](#output\_lambda\_function\_url\_id) | The Lambda Function URL generated id | +| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | +| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | +| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | +| [lambda\_role\_unique\_id](#output\_lambda\_role\_unique\_id) | The unique id of the IAM role created for the Lambda Function | ## Development diff --git a/modules/alias/README.md b/modules/alias/README.md index c11d0692..ab63643c 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -108,19 +108,18 @@ module "lambda" { - [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create Lambda function and aliases in various combinations with all supported features. - ## Requirements -| Name | Version | -| ------------------------------------------------------------------------ | ------- | -| [terraform](#requirement_terraform) | >= 1.3 | -| [aws](#requirement_aws) | >= 4.9 | +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3 | +| [aws](#requirement\_aws) | >= 4.9 | ## Providers -| Name | Version | -| ------------------------------------------------ | ------- | -| [aws](#provider_aws) | >= 4.9 | +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 4.9 | ## Modules @@ -128,54 +127,53 @@ No modules. ## Resources -| Name | Type | -| --------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | -| [aws_lambda_alias.no_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | -| [aws_lambda_alias.with_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | -| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | -| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | -| [aws_lambda_permission.qualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | -| [aws_lambda_permission.version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | -| [aws_lambda_alias.existing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | +| Name | Type | +|------|------| +| [aws_lambda_alias.no_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | +| [aws_lambda_alias.with_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | +| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | +| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | +| [aws_lambda_permission.qualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_permission.version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_alias.existing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | ## Inputs -| Name | Description | Type | Default | Required | -| ------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ------- | :------: | -| [allowed_triggers](#input_allowed_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | -| [create](#input_create) | Controls whether resources should be created | `bool` | `true` | no | -| [create_async_event_config](#input_create_async_event_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | -| [create_qualified_alias_allowed_triggers](#input_create_qualified_alias_allowed_triggers) | Whether to allow triggers on qualified alias | `bool` | `true` | no | -| [create_qualified_alias_async_event_config](#input_create_qualified_alias_async_event_config) | Whether to allow async event configuration on qualified alias | `bool` | `true` | no | -| [create_version_allowed_triggers](#input_create_version_allowed_triggers) | Whether to allow triggers on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| [create_version_async_event_config](#input_create_version_async_event_config) | Whether to allow async event configuration on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| [description](#input_description) | Description of the alias. | `string` | `""` | no | -| [destination_on_failure](#input_destination_on_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | -| [destination_on_success](#input_destination_on_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | -| [event_source_mapping](#input_event_source_mapping) | Map of event source mapping | `any` | `{}` | no | -| [function_name](#input_function_name) | The function ARN of the Lambda function for which you want to create an alias. | `string` | `""` | no | -| [function_version](#input_function_version) | Lambda function version for which you are creating the alias. Pattern: ($LATEST\|[0-9]+). | `string` | `""` | no | -| [maximum_event_age_in_seconds](#input_maximum_event_age_in_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | -| [maximum_retry_attempts](#input_maximum_retry_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | -| [name](#input_name) | Name for the alias you are creating. | `string` | `""` | no | -| [refresh_alias](#input_refresh_alias) | Whether to refresh function version used in the alias. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `true` | no | -| [routing_additional_version_weights](#input_routing_additional_version_weights) | A map that defines the proportion of events that should be sent to different versions of a lambda function. | `map(number)` | `{}` | no | -| [use_existing_alias](#input_use_existing_alias) | Whether to manage existing alias instead of creating a new one. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `false` | no | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [allowed\_triggers](#input\_allowed\_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | +| [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | +| [create\_async\_event\_config](#input\_create\_async\_event\_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | +| [create\_qualified\_alias\_allowed\_triggers](#input\_create\_qualified\_alias\_allowed\_triggers) | Whether to allow triggers on qualified alias | `bool` | `true` | no | +| [create\_qualified\_alias\_async\_event\_config](#input\_create\_qualified\_alias\_async\_event\_config) | Whether to allow async event configuration on qualified alias | `bool` | `true` | no | +| [create\_version\_allowed\_triggers](#input\_create\_version\_allowed\_triggers) | Whether to allow triggers on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [create\_version\_async\_event\_config](#input\_create\_version\_async\_event\_config) | Whether to allow async event configuration on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [description](#input\_description) | Description of the alias. | `string` | `""` | no | +| [destination\_on\_failure](#input\_destination\_on\_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | +| [destination\_on\_success](#input\_destination\_on\_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | +| [event\_source\_mapping](#input\_event\_source\_mapping) | Map of event source mapping | `any` | `{}` | no | +| [function\_name](#input\_function\_name) | The function ARN of the Lambda function for which you want to create an alias. | `string` | `""` | no | +| [function\_version](#input\_function\_version) | Lambda function version for which you are creating the alias. Pattern: ($LATEST\|[0-9]+). | `string` | `""` | no | +| [maximum\_event\_age\_in\_seconds](#input\_maximum\_event\_age\_in\_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | +| [maximum\_retry\_attempts](#input\_maximum\_retry\_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | +| [name](#input\_name) | Name for the alias you are creating. | `string` | `""` | no | +| [refresh\_alias](#input\_refresh\_alias) | Whether to refresh function version used in the alias. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `true` | no | +| [routing\_additional\_version\_weights](#input\_routing\_additional\_version\_weights) | A map that defines the proportion of events that should be sent to different versions of a lambda function. | `map(number)` | `{}` | no | +| [use\_existing\_alias](#input\_use\_existing\_alias) | Whether to manage existing alias instead of creating a new one. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `false` | no | ## Outputs -| Name | Description | -| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------- | -| [lambda_alias_arn](#output_lambda_alias_arn) | The ARN of the Lambda Function Alias | -| [lambda_alias_description](#output_lambda_alias_description) | Description of alias | -| [lambda_alias_event_source_mapping_function_arn](#output_lambda_alias_event_source_mapping_function_arn) | The the ARN of the Lambda function the event source mapping is sending events to | -| [lambda_alias_event_source_mapping_state](#output_lambda_alias_event_source_mapping_state) | The state of the event source mapping | -| [lambda_alias_event_source_mapping_state_transition_reason](#output_lambda_alias_event_source_mapping_state_transition_reason) | The reason the event source mapping is in its current state | -| [lambda_alias_event_source_mapping_uuid](#output_lambda_alias_event_source_mapping_uuid) | The UUID of the created event source mapping | -| [lambda_alias_function_version](#output_lambda_alias_function_version) | Lambda function version which the alias uses | -| [lambda_alias_invoke_arn](#output_lambda_alias_invoke_arn) | The ARN to be used for invoking Lambda Function from API Gateway | -| [lambda_alias_name](#output_lambda_alias_name) | The name of the Lambda Function Alias | - +| Name | Description | +|------|-------------| +| [lambda\_alias\_arn](#output\_lambda\_alias\_arn) | The ARN of the Lambda Function Alias | +| [lambda\_alias\_description](#output\_lambda\_alias\_description) | Description of alias | +| [lambda\_alias\_event\_source\_mapping\_function\_arn](#output\_lambda\_alias\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | +| [lambda\_alias\_event\_source\_mapping\_state](#output\_lambda\_alias\_event\_source\_mapping\_state) | The state of the event source mapping | +| [lambda\_alias\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_alias\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | +| [lambda\_alias\_event\_source\_mapping\_uuid](#output\_lambda\_alias\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | +| [lambda\_alias\_function\_version](#output\_lambda\_alias\_function\_version) | Lambda function version which the alias uses | +| [lambda\_alias\_invoke\_arn](#output\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | +| [lambda\_alias\_name](#output\_lambda\_alias\_name) | The name of the Lambda Function Alias | ## Authors diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 9ffd07ce..b143cc3d 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -95,23 +95,22 @@ module "lambda" { - [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Creates Lambda Function, Alias, and all resources required to create deployments using AWS CodeDeploy. - ## Requirements -| Name | Version | -| ------------------------------------------------------------------------ | ------- | -| [terraform](#requirement_terraform) | >= 1.3 | -| [aws](#requirement_aws) | >= 3.35 | -| [local](#requirement_local) | >= 1.3 | -| [null](#requirement_null) | >= 2.0 | +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3 | +| [aws](#requirement\_aws) | >= 3.35 | +| [local](#requirement\_local) | >= 1.0 | +| [null](#requirement\_null) | >= 2.0 | ## Providers -| Name | Version | -| ------------------------------------------------------ | ------- | -| [aws](#provider_aws) | >= 3.35 | -| [local](#provider_local) | >= 1.3 | -| [null](#provider_null) | >= 2.0 | +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 3.35 | +| [local](#provider\_local) | >= 1.0 | +| [null](#provider\_null) | >= 2.0 | ## Modules @@ -119,79 +118,78 @@ No modules. ## Resources -| Name | Type | -| --------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | -| [aws_codedeploy_app.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_app) | resource | -| [aws_codedeploy_deployment_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_deployment_group) | resource | -| [aws_iam_policy.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [local_file.deploy_script](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | -| [null_resource.deploy](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | -| [aws_lambda_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | -| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_function) | data source | +| Name | Type | +|------|------| +| [aws_codedeploy_app.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_app) | resource | +| [aws_codedeploy_deployment_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_deployment_group) | resource | +| [aws_iam_policy.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [local_file.deploy_script](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | +| [null_resource.deploy](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | +| [aws_lambda_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | +| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_function) | data source | ## Inputs -| Name | Description | Type | Default | Required | -| ------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | -------------------------------------------------- | :------: | -| [after_allow_traffic_hook_arn](#input_after_allow_traffic_hook_arn) | ARN of Lambda function to execute after allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| [alarm_enabled](#input_alarm_enabled) | Indicates whether the alarm configuration is enabled. This option is useful when you want to temporarily deactivate alarm monitoring for a deployment group without having to add the same alarms again later. | `bool` | `false` | no | -| [alarm_ignore_poll_alarm_failure](#input_alarm_ignore_poll_alarm_failure) | Indicates whether a deployment should continue if information about the current state of alarms cannot be retrieved from CloudWatch. | `bool` | `false` | no | -| [alarms](#input_alarms) | A list of alarms configured for the deployment group. A maximum of 10 alarms can be added to a deployment group. | `list(string)` | `[]` | no | -| [alias_name](#input_alias_name) | Name for the alias | `string` | `""` | no | -| [app_name](#input_app_name) | Name of AWS CodeDeploy application | `string` | `""` | no | -| [attach_hooks_policy](#input_attach_hooks_policy) | Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined. | `bool` | `true` | no | -| [attach_triggers_policy](#input_attach_triggers_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | -| [auto_rollback_enabled](#input_auto_rollback_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | -| [auto_rollback_events](#input_auto_rollback_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT_FAILURE and DEPLOYMENT_STOP_ON_ALARM. | `list(string)` | 
[
 "DEPLOYMENT_STOP_ON_ALARM"
]
| no | -| [aws_cli_command](#input_aws_cli_command) | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | -| [before_allow_traffic_hook_arn](#input_before_allow_traffic_hook_arn) | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| [codedeploy_principals](#input_codedeploy_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
 "codedeploy.amazonaws.com"
]
| no | -| [codedeploy_role_name](#input_codedeploy_role_name) | IAM role name to create or use by CodeDeploy | `string` | `""` | no | -| [create](#input_create) | Controls whether resources should be created | `bool` | `true` | no | -| [create_app](#input_create_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | -| [create_codedeploy_role](#input_create_codedeploy_role) | Whether to create new AWS CodeDeploy IAM role | `bool` | `true` | no | -| [create_deployment](#input_create_deployment) | Create the AWS resources and script for CodeDeploy | `bool` | `false` | no | -| [create_deployment_group](#input_create_deployment_group) | Whether to create new AWS CodeDeploy Deployment Group | `bool` | `false` | no | -| [current_version](#input_current_version) | Current version of Lambda function version to deploy (can't be $LATEST) | `string` | `""` | no | -| [deployment_config_name](#input_deployment_config_name) | Name of deployment config to use | `string` | `"CodeDeployDefault.LambdaAllAtOnce"` | no | -| [deployment_group_name](#input_deployment_group_name) | Name of deployment group to use | `string` | `""` | no | -| [description](#input_description) | Description to use for the deployment | `string` | `""` | no | -| [force_deploy](#input_force_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | -| [function_name](#input_function_name) | The name of the Lambda function to deploy | `string` | `""` | no | -| [get_deployment_sleep_timer](#input_get_deployment_sleep_timer) | Adds additional sleep time to get-deployment command to avoid the service throttling | `number` | `5` | no | -| [interpreter](#input_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
 "/bin/bash",
 "-c"
]
| no | -| [run_deployment](#input_run_deployment) | Run AWS CLI command to start the deployment | `bool` | `false` | no | -| [save_deploy_script](#input_save_deploy_script) | Save deploy script locally | `bool` | `false` | no | -| [tags](#input_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | -| [target_version](#input_target_version) | Target version of Lambda function version to deploy | `string` | `""` | no | -| [triggers](#input_triggers) | Map of triggers which will be notified when event happens. Valid options for event types are DeploymentStart, DeploymentSuccess, DeploymentFailure, DeploymentStop, DeploymentRollback, DeploymentReady (Applies only to replacement instances in a blue/green deployment), InstanceStart, InstanceSuccess, InstanceFailure, InstanceReady. Note that not all are applicable for Lambda deployments. | `map(any)` | `{}` | no | -| [use_existing_app](#input_use_existing_app) | Whether to use existing AWS CodeDeploy app | `bool` | `false` | no | -| [use_existing_deployment_group](#input_use_existing_deployment_group) | Whether to use existing AWS CodeDeploy Deployment Group | `bool` | `false` | no | -| [wait_deployment_completion](#input_wait_deployment_completion) | Wait until deployment completes. It can take a lot of time and your terraform process may lock execution for long time. | `bool` | `false` | no | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [after\_allow\_traffic\_hook\_arn](#input\_after\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute after allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | +| [alarm\_enabled](#input\_alarm\_enabled) | Indicates whether the alarm configuration is enabled. This option is useful when you want to temporarily deactivate alarm monitoring for a deployment group without having to add the same alarms again later. | `bool` | `false` | no | +| [alarm\_ignore\_poll\_alarm\_failure](#input\_alarm\_ignore\_poll\_alarm\_failure) | Indicates whether a deployment should continue if information about the current state of alarms cannot be retrieved from CloudWatch. | `bool` | `false` | no | +| [alarms](#input\_alarms) | A list of alarms configured for the deployment group. A maximum of 10 alarms can be added to a deployment group. | `list(string)` | `[]` | no | +| [alias\_name](#input\_alias\_name) | Name for the alias | `string` | `""` | no | +| [app\_name](#input\_app\_name) | Name of AWS CodeDeploy application | `string` | `""` | no | +| [attach\_hooks\_policy](#input\_attach\_hooks\_policy) | Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined. | `bool` | `true` | no | +| [attach\_triggers\_policy](#input\_attach\_triggers\_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | +| [auto\_rollback\_enabled](#input\_auto\_rollback\_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | +| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | +| [aws\_cli\_command](#input\_aws\_cli\_command) | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | +| [before\_allow\_traffic\_hook\_arn](#input\_before\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | +| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | +| [codedeploy\_role\_name](#input\_codedeploy\_role\_name) | IAM role name to create or use by CodeDeploy | `string` | `""` | no | +| [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | +| [create\_app](#input\_create\_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | +| [create\_codedeploy\_role](#input\_create\_codedeploy\_role) | Whether to create new AWS CodeDeploy IAM role | `bool` | `true` | no | +| [create\_deployment](#input\_create\_deployment) | Create the AWS resources and script for CodeDeploy | `bool` | `false` | no | +| [create\_deployment\_group](#input\_create\_deployment\_group) | Whether to create new AWS CodeDeploy Deployment Group | `bool` | `false` | no | +| [current\_version](#input\_current\_version) | Current version of Lambda function version to deploy (can't be $LATEST) | `string` | `""` | no | +| [deployment\_config\_name](#input\_deployment\_config\_name) | Name of deployment config to use | `string` | `"CodeDeployDefault.LambdaAllAtOnce"` | no | +| [deployment\_group\_name](#input\_deployment\_group\_name) | Name of deployment group to use | `string` | `""` | no | +| [description](#input\_description) | Description to use for the deployment | `string` | `""` | no | +| [force\_deploy](#input\_force\_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | +| [function\_name](#input\_function\_name) | The name of the Lambda function to deploy | `string` | `""` | no | +| [get\_deployment\_sleep\_timer](#input\_get\_deployment\_sleep\_timer) | Adds additional sleep time to get-deployment command to avoid the service throttling | `number` | `5` | no | +| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | +| [run\_deployment](#input\_run\_deployment) | Run AWS CLI command to start the deployment | `bool` | `false` | no | +| [save\_deploy\_script](#input\_save\_deploy\_script) | Save deploy script locally | `bool` | `false` | no | +| [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | +| [target\_version](#input\_target\_version) | Target version of Lambda function version to deploy | `string` | `""` | no | +| [triggers](#input\_triggers) | Map of triggers which will be notified when event happens. Valid options for event types are DeploymentStart, DeploymentSuccess, DeploymentFailure, DeploymentStop, DeploymentRollback, DeploymentReady (Applies only to replacement instances in a blue/green deployment), InstanceStart, InstanceSuccess, InstanceFailure, InstanceReady. Note that not all are applicable for Lambda deployments. | `map(any)` | `{}` | no | +| [use\_existing\_app](#input\_use\_existing\_app) | Whether to use existing AWS CodeDeploy app | `bool` | `false` | no | +| [use\_existing\_deployment\_group](#input\_use\_existing\_deployment\_group) | Whether to use existing AWS CodeDeploy Deployment Group | `bool` | `false` | no | +| [wait\_deployment\_completion](#input\_wait\_deployment\_completion) | Wait until deployment completes. It can take a lot of time and your terraform process may lock execution for long time. | `bool` | `false` | no | ## Outputs -| Name | Description | -| ----------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -| [appspec](#output_appspec) | Appspec data as HCL | -| [appspec_content](#output_appspec_content) | Appspec data as valid JSON | -| [appspec_sha256](#output_appspec_sha256) | SHA256 of Appspec JSON | -| [codedeploy_app_name](#output_codedeploy_app_name) | Name of CodeDeploy application | -| [codedeploy_deployment_group_id](#output_codedeploy_deployment_group_id) | CodeDeploy deployment group id | -| [codedeploy_deployment_group_name](#output_codedeploy_deployment_group_name) | CodeDeploy deployment group name | -| [codedeploy_iam_role_name](#output_codedeploy_iam_role_name) | Name of IAM role used by CodeDeploy | -| [deploy_script](#output_deploy_script) | Path to a deployment script | -| [script](#output_script) | Deployment script | - +| Name | Description | +|------|-------------| +| [appspec](#output\_appspec) | Appspec data as HCL | +| [appspec\_content](#output\_appspec\_content) | Appspec data as valid JSON | +| [appspec\_sha256](#output\_appspec\_sha256) | SHA256 of Appspec JSON | +| [codedeploy\_app\_name](#output\_codedeploy\_app\_name) | Name of CodeDeploy application | +| [codedeploy\_deployment\_group\_id](#output\_codedeploy\_deployment\_group\_id) | CodeDeploy deployment group id | +| [codedeploy\_deployment\_group\_name](#output\_codedeploy\_deployment\_group\_name) | CodeDeploy deployment group name | +| [codedeploy\_iam\_role\_name](#output\_codedeploy\_iam\_role\_name) | Name of IAM role used by CodeDeploy | +| [deploy\_script](#output\_deploy\_script) | Path to a deployment script | +| [script](#output\_script) | Deployment script | ## Authors diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 1d31985c..7ca52312 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -52,23 +52,22 @@ module "docker_image" { - [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Creates Docker Image, ECR resository and deploys it Lambda Function. - ## Requirements -| Name | Version | -| ------------------------------------------------------------------------ | ------- | -| [terraform](#requirement_terraform) | >= 1.3 | -| [aws](#requirement_aws) | >= 4.22 | -| [docker](#requirement_docker) | >= 3.0 | -| [null](#requirement_null) | >= 2.0 | +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3 | +| [aws](#requirement\_aws) | >= 4.22 | +| [docker](#requirement\_docker) | >= 3.0 | +| [null](#requirement\_null) | >= 2.0 | ## Providers -| Name | Version | -| --------------------------------------------------------- | ------- | -| [aws](#provider_aws) | >= 4.22 | -| [docker](#provider_docker) | >= 3.0 | -| [null](#provider_null) | >= 2.0 | +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 4.22 | +| [docker](#provider\_docker) | >= 3.0 | +| [null](#provider\_null) | >= 2.0 | ## Modules @@ -76,48 +75,47 @@ No modules. ## Resources -| Name | Type | -| ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | -| [aws_ecr_lifecycle_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource | -| [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource | -| [docker_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/image) | resource | -| [docker_registry_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/registry_image) | resource | -| [null_resource.sam_metadata_docker_registry_image](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| Name | Type | +|------|------| +| [aws_ecr_lifecycle_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource | +| [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource | +| [docker_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/image) | resource | +| [docker_registry_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/registry_image) | resource | +| [null_resource.sam_metadata_docker_registry_image](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs -| Name | Description | Type | Default | Required | -| ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------- | -------------- | :------: | -| [build_args](#input_build_args) | A map of Docker build arguments. | `map(string)` | `{}` | no | -| [cache_from](#input_cache_from) | List of images to consider as cache sources when building the image. | `list(string)` | `[]` | no | -| [create_ecr_repo](#input_create_ecr_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | -| [create_sam_metadata](#input_create_sam_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no | -| [docker_file_path](#input_docker_file_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | -| [ecr_address](#input_ecr_address) | Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false` | `string` | `null` | no | -| [ecr_force_delete](#input_ecr_force_delete) | If true, will delete the repository even if it contains images. | `bool` | `true` | no | -| [ecr_repo](#input_ecr_repo) | Name of ECR repository to use or to create | `string` | `null` | no | -| [ecr_repo_lifecycle_policy](#input_ecr_repo_lifecycle_policy) | A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images. | `string` | `null` | no | -| [ecr_repo_tags](#input_ecr_repo_tags) | A map of tags to assign to ECR repository | `map(string)` | `{}` | no | -| [force_remove](#input_force_remove) | Whether to remove image forcibly when the resource is destroyed. | `bool` | `false` | no | -| [image_tag](#input_image_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | -| [image_tag_mutability](#input_image_tag_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | -| [keep_locally](#input_keep_locally) | Whether to delete the Docker image locally on destroy operation. | `bool` | `false` | no | -| [keep_remotely](#input_keep_remotely) | Whether to keep Docker image in the remote registry on destroy operation. | `bool` | `false` | no | -| [platform](#input_platform) | The target architecture platform to build the image for. | `string` | `null` | no | -| [scan_on_push](#input_scan_on_push) | Indicates whether images are scanned after being pushed to the repository | `bool` | `false` | no | -| [source_path](#input_source_path) | Path to folder containing application code | `string` | `null` | no | -| [triggers](#input_triggers) | A map of arbitrary strings that, when changed, will force the docker_image resource to be replaced. This can be used to rebuild an image when contents of source code folders change | `map(string)` | `{}` | no | -| [use_image_tag](#input_use_image_tag) | Controls whether to use image tag in ECR repository URI or not. Disable this to deploy latest image using ID (sha256:...) | `bool` | `true` | no | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [build\_args](#input\_build\_args) | A map of Docker build arguments. | `map(string)` | `{}` | no | +| [cache\_from](#input\_cache\_from) | List of images to consider as cache sources when building the image. | `list(string)` | `[]` | no | +| [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | +| [create\_sam\_metadata](#input\_create\_sam\_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no | +| [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | +| [ecr\_address](#input\_ecr\_address) | Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false` | `string` | `null` | no | +| [ecr\_force\_delete](#input\_ecr\_force\_delete) | If true, will delete the repository even if it contains images. | `bool` | `true` | no | +| [ecr\_repo](#input\_ecr\_repo) | Name of ECR repository to use or to create | `string` | `null` | no | +| [ecr\_repo\_lifecycle\_policy](#input\_ecr\_repo\_lifecycle\_policy) | A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images. | `string` | `null` | no | +| [ecr\_repo\_tags](#input\_ecr\_repo\_tags) | A map of tags to assign to ECR repository | `map(string)` | `{}` | no | +| [force\_remove](#input\_force\_remove) | Whether to remove image forcibly when the resource is destroyed. | `bool` | `false` | no | +| [image\_tag](#input\_image\_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | +| [image\_tag\_mutability](#input\_image\_tag\_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | +| [keep\_locally](#input\_keep\_locally) | Whether to delete the Docker image locally on destroy operation. | `bool` | `false` | no | +| [keep\_remotely](#input\_keep\_remotely) | Whether to keep Docker image in the remote registry on destroy operation. | `bool` | `false` | no | +| [platform](#input\_platform) | The target architecture platform to build the image for. | `string` | `null` | no | +| [scan\_on\_push](#input\_scan\_on\_push) | Indicates whether images are scanned after being pushed to the repository | `bool` | `false` | no | +| [source\_path](#input\_source\_path) | Path to folder containing application code | `string` | `null` | no | +| [triggers](#input\_triggers) | A map of arbitrary strings that, when changed, will force the docker\_image resource to be replaced. This can be used to rebuild an image when contents of source code folders change | `map(string)` | `{}` | no | +| [use\_image\_tag](#input\_use\_image\_tag) | Controls whether to use image tag in ECR repository URI or not. Disable this to deploy latest image using ID (sha256:...) | `bool` | `true` | no | ## Outputs -| Name | Description | -| -------------------------------------------------------------- | -------------------------------------- | -| [image_id](#output_image_id) | The ID of the Docker image | -| [image_uri](#output_image_uri) | The ECR image URI for deploying lambda | - +| Name | Description | +|------|-------------| +| [image\_id](#output\_image\_id) | The ID of the Docker image | +| [image\_uri](#output\_image\_uri) | The ECR image URI for deploying lambda | ## Authors From 95bfd7faf9c03514662ba46aa5dfbe509d6bc8fd Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 15:21:08 -0400 Subject: [PATCH 09/12] chore: re-run for pre-commit hooks/ --- .pre-commit-config.yaml | 2 +- wrappers/docker-build/versions.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0c3f8df0..71c75fc1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -23,7 +23,7 @@ repos: - "--args=--only=terraform_standard_module_structure" - "--args=--only=terraform_workspace_remote" - id: terraform_validate - exclude: ^examples/ + exclude: ^(examples/|wrappers/.*)$ - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 hooks: diff --git a/wrappers/docker-build/versions.tf b/wrappers/docker-build/versions.tf index 58f07068..1b75252e 100644 --- a/wrappers/docker-build/versions.tf +++ b/wrappers/docker-build/versions.tf @@ -1,5 +1,6 @@ terraform { required_version = ">= 1.3" + required_providers { aws = { source = "hashicorp/aws" From 312f5873f645ad32f3571f14d7b524f3f2b14c32 Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Fri, 3 Oct 2025 15:54:04 -0400 Subject: [PATCH 10/12] chore: re-run for pre-commit hooks --- .pre-commit-config.yaml | 4 +++- examples/alias/README.md | 12 +++++++----- examples/async/README.md | 2 +- examples/async/versions.tf | 2 +- examples/build-package/README.md | 2 +- examples/build-package/versions.tf | 2 +- examples/code-signing/README.md | 2 +- examples/code-signing/versions.tf | 2 +- examples/complete/README.md | 3 +-- examples/complete/versions.tf | 2 +- examples/container-image/README.md | 2 +- examples/container-image/versions.tf | 2 +- examples/deploy/README.md | 2 +- examples/deploy/versions.tf | 2 +- examples/event-source-mapping/README.md | 2 +- examples/event-source-mapping/versions.tf | 2 +- examples/multiple-regions/README.md | 3 +-- examples/multiple-regions/versions.tf | 2 +- examples/simple-cicd/README.md | 2 +- examples/simple-cicd/versions.tf | 2 +- examples/simple/README.md | 2 +- examples/simple/versions.tf | 2 +- examples/triggers/README.md | 3 +-- examples/triggers/versions.tf | 2 +- examples/with-efs/README.md | 3 +-- examples/with-efs/versions.tf | 2 +- examples/with-vpc-s3-endpoint/README.md | 2 +- examples/with-vpc-s3-endpoint/versions.tf | 2 +- examples/with-vpc/README.md | 2 +- examples/with-vpc/versions.tf | 2 +- 30 files changed, 38 insertions(+), 38 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 71c75fc1..7505d124 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -23,7 +23,9 @@ repos: - "--args=--only=terraform_standard_module_structure" - "--args=--only=terraform_workspace_remote" - id: terraform_validate - exclude: ^(examples/|wrappers/.*)$ + exclude: | + ^examples/.*| + ^wrappers/.* - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 hooks: diff --git a/examples/alias/README.md b/examples/alias/README.md index 90a74ad6..fa02dafa 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -15,13 +15,14 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | -| [random](#requirement\_random) | >= 2.0 | +| Name | Version | +| ------------------------------------------------------------------------ | ------- | +| [terraform](#requirement_terraform) | >= 1.3 | +| [aws](#requirement_aws) | >= 5.79 | +| [random](#requirement_random) | >= 2.0 | ## Providers @@ -42,4 +43,5 @@ No inputs. ## Outputs No outputs. + diff --git a/examples/async/README.md b/examples/async/README.md index 1ba10577..35ba2ae0 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/async/versions.tf b/examples/async/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/build-package/README.md b/examples/build-package/README.md index f32d518a..5068123e 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/code-signing/README.md b/examples/code-signing/README.md index fe3f51f4..ec8c0543 100644 --- a/examples/code-signing/README.md +++ b/examples/code-signing/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/code-signing/versions.tf b/examples/code-signing/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/code-signing/versions.tf +++ b/examples/code-signing/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/complete/README.md b/examples/complete/README.md index 9acd1826..341bf073 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -2,7 +2,6 @@ Configuration in this directory creates AWS Lambda Function, Layers, Alias, and so on with the large variety of supported features showing this module in action. - ## Usage To run this example you need to execute: @@ -20,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 77294b52..8659061a 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [docker](#requirement\_docker) | >= 3.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index 5b04c7cd..d2d52e82 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/deploy/README.md b/examples/deploy/README.md index d59bf7e4..2578ddaa 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md index 680831d9..e74fee87 100644 --- a/examples/event-source-mapping/README.md +++ b/examples/event-source-mapping/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index f712da63..a6a9cd34 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -2,7 +2,6 @@ Configuration in this directory creates AWS Lambda Functions in several regions with non-conflicting IAM roles and policies. - ## Usage To run this example you need to execute: @@ -20,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/simple-cicd/README.md b/examples/simple-cicd/README.md index 46c5d19a..e75febb1 100644 --- a/examples/simple-cicd/README.md +++ b/examples/simple-cicd/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/simple-cicd/versions.tf b/examples/simple-cicd/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/simple-cicd/versions.tf +++ b/examples/simple-cicd/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/simple/README.md b/examples/simple/README.md index c70d3be0..319c629c 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/triggers/README.md b/examples/triggers/README.md index 48021c95..4848c267 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -2,7 +2,6 @@ Configuration in this directory creates AWS Lambda Function with some triggers (eg. CloudWatch Events). - ## Usage To run this example you need to execute: @@ -20,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/triggers/versions.tf b/examples/triggers/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/triggers/versions.tf +++ b/examples/triggers/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index c9e1c675..9b9f351a 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -2,7 +2,6 @@ Configuration in this directory creates AWS Lambda Function deployed with Elastic File System (EFS) attached. - ## Usage To run this example you need to execute: @@ -20,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index 773c418d..2a1dc3a3 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 3.4 | diff --git a/examples/with-vpc-s3-endpoint/versions.tf b/examples/with-vpc-s3-endpoint/versions.tf index 7a4d860b..d5e4be7f 100644 --- a/examples/with-vpc-s3-endpoint/versions.tf +++ b/examples/with-vpc-s3-endpoint/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index cc1724bd..246bc9f3 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { From f3a8c2475edc6bfe126f90530a2d83a9d909a969 Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Mon, 6 Oct 2025 10:58:11 -0400 Subject: [PATCH 11/12] fix: adjusted pre-commit config --- .pre-commit-config.yaml | 11 +++++++++-- examples/alias/versions.tf | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7505d124..f979625f 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -5,6 +5,11 @@ repos: - id: terraform_fmt - id: terraform_wrapper_module_for_each - id: terraform_docs + exclude: | + (?x)^( + examples/.*| + wrappers/.* + )$ args: - "--args=--lockfile=false" - id: terraform_tflint @@ -24,8 +29,10 @@ repos: - "--args=--only=terraform_workspace_remote" - id: terraform_validate exclude: | - ^examples/.*| - ^wrappers/.* + (?x)^( + examples/.*| + wrappers/.* + )$ - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 hooks: diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index 5cf868aa..683b643c 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { From 4b142ef71da3f668196cf1d86e6f33ff783f0417 Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Mon, 6 Oct 2025 11:32:24 -0400 Subject: [PATCH 12/12] test: test pre-commit on wrappers --- .pre-commit-config.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f979625f..53061c42 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -7,8 +7,7 @@ repos: - id: terraform_docs exclude: | (?x)^( - examples/.*| - wrappers/.* + examples/.* )$ args: - "--args=--lockfile=false" @@ -30,8 +29,7 @@ repos: - id: terraform_validate exclude: | (?x)^( - examples/.*| - wrappers/.* + examples/.* )$ - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0