Creates a Lambda function from an appropriate container image (from AWS ECR), with an associated Log Group and IAM Role.
Other supporting resources, such as event sources for the Lambda function, must be integrated separately with the Lambda function through the module outputs.
Example:
module "example" {
source = "github.com/andreswebs/terraform-aws-lambda-container"
lambda_image_uri = var.lambda_image_uri
lambda_name_prefix = "example-lambda"
lambda_description = "Does things"
## adjust as needed
lambda_memory_size = 2048 ## --> default 128
lambda_timeout = 600 ## --> default 3
lambda_reserved_concurrency = 1 ## --> default -1
lambda_role_managed_policies = [
var.policy_arn_my_lambda_permissions
]
lambda_env_vars = {
EXAMPLE_VAR = "ok"
}
}
Name | Description | Type | Default | Required |
---|---|---|---|---|
create_lambda | Create the lambda function? | bool |
true |
no |
efs_access_point_arn | (Optional) ARN of EFS access point | string |
null |
no |
efs_local_mount_path | (Optional) Local mount path of the EFS filesystem. Must start with /mnt/ |
string |
"" |
no |
enable_lambda_insights | (Optional) Enable AWS CloudWatch Lambda Insights? | bool |
true |
no |
enable_xray | (Optional) Enable AWS X-Ray tracing? | bool |
true |
no |
lambda_description | (Optional) Description of the Lambda function | string |
"" |
no |
lambda_env_vars | Environment variables for the Lambda function | map(string) |
null |
no |
lambda_image_uri | Image URI for the Lambda function | string |
n/a | yes |
lambda_kms_key_arn | (Optional) ARN of an AWS KMS key used to encrypt environment variables | string |
null |
no |
lambda_log_retention_in_days | Lambda log retention period in days | number |
14 |
no |
lambda_memory_size | Amount of memory in MB assigned to the Lambda function | number |
128 |
no |
lambda_name_prefix | A prefix for the Lambda name, will be prepended to a random ID if use_id is set to true |
string |
"function" |
no |
lambda_reserved_concurrency | Amount of reserved concurrent executions for the lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations | number |
-1 |
no |
lambda_role_managed_policies | IAM managed policies to attach to the Lambda execution role | list(string) |
[] |
no |
lambda_security_group_ids | (Optional) List of security groups to use | list(string) |
[] |
no |
lambda_subnet_ids | (Optional) List of subnets to use | list(string) |
[] |
no |
lambda_timeout | Amount of time the Lambda Function has to run in seconds | number |
3 |
no |
local_id | (Optional) An identifier string to be appended to resource names. A random string will be generated if this is not provided and use_id is set to true | string |
null |
no |
use_id | Use an identifier string as a suffix when naming resources? | bool |
true |
no |
use_kms_key | Use a KMS key to encrypt Lambda environment variables? | bool |
false |
no |
No modules.
Name | Description |
---|---|
function | The AWS Lambda resource |
image_uri | Lambda image URI |
local_id | Identifier string used as a suffix to name generated resources |
log_group | The AWS CloudWatch log group resource |
role | The AWS Lambda IAM Role resource |
Name | Version |
---|---|
aws | ~> 4.50 |
random | ~> 3.5 |
Name | Version |
---|---|
terraform | ~> 1.3 |
aws | ~> 4.50 |
random | ~> 3.5 |
Name | Type |
---|---|
aws_cloudwatch_log_group.this | resource |
aws_iam_role.lambda_exec | resource |
aws_iam_role_policy.kms_permissions | resource |
aws_iam_role_policy.lambda_permissions | resource |
aws_iam_role_policy_attachment.lambda_insights | resource |
aws_iam_role_policy_attachment.this | resource |
aws_iam_role_policy_attachment.xray_permissions | resource |
aws_lambda_function.this | resource |
random_id.id | resource |
aws_caller_identity.current | data source |
aws_iam_policy_document.kms_permissions | data source |
aws_iam_policy_document.lambda_exec | data source |
aws_iam_policy_document.lambda_permissions | data source |
aws_partition.current | data source |
aws_region.current | data source |
Andre Silva - @andreswebs
This project is licensed under the Unlicense.