terraform-aws-lambda-container

Creates a Lambda function from an appropriate container image (from AWS ECR), with an associated Log Group and IAM Role.

Other supporting resources, such as event sources for the Lambda function, must be integrated separately with the Lambda function through the module outputs.

Usage

Example:

module "example" {
  source             = "github.com/andreswebs/terraform-aws-lambda-container"
  lambda_image_uri   = var.lambda_image_uri
  lambda_name_prefix = "example-lambda"
  lambda_description = "Does things"

  ## adjust as needed
  lambda_memory_size          = 2048 ## --> default 128
  lambda_timeout              = 600  ## --> default 3
  lambda_reserved_concurrency = 1    ## --> default -1

  lambda_role_managed_policies = [
    var.policy_arn_my_lambda_permissions
  ]

  lambda_env_vars = {
    EXAMPLE_VAR = "ok"
  }

}

Inputs

Name	Description	Type	Default	Required
create_lambda	Create the lambda function?	bool	true	no
efs_access_point_arn	(Optional) ARN of EFS access point	string	null	no
efs_local_mount_path	(Optional) Local mount path of the EFS filesystem. Must start with /mnt/	string	""	no
enable_lambda_insights	(Optional) Enable AWS CloudWatch Lambda Insights?	bool	true	no
enable_xray	(Optional) Enable AWS X-Ray tracing?	bool	true	no
lambda_description	(Optional) Description of the Lambda function	string	""	no
lambda_env_vars	Environment variables for the Lambda function	map(string)	null	no
lambda_image_uri	Image URI for the Lambda function	string	n/a	yes
lambda_kms_key_arn	(Optional) ARN of an AWS KMS key used to encrypt environment variables	string	null	no
lambda_log_retention_in_days	Lambda log retention period in days	number	14	no
lambda_memory_size	Amount of memory in MB assigned to the Lambda function	number	128	no
lambda_name_prefix	A prefix for the Lambda name, will be prepended to a random ID if use_id is set to true	string	"function"	no
lambda_reserved_concurrency	Amount of reserved concurrent executions for the lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations	number	-1	no
lambda_role_managed_policies	IAM managed policies to attach to the Lambda execution role	list(string)	[]	no
lambda_security_group_ids	(Optional) List of security groups to use	list(string)	[]	no
lambda_subnet_ids	(Optional) List of subnets to use	list(string)	[]	no
lambda_timeout	Amount of time the Lambda Function has to run in seconds	number	3	no
local_id	(Optional) An identifier string to be appended to resource names. A random string will be generated if this is not provided and use_id is set to true	string	null	no
use_id	Use an identifier string as a suffix when naming resources?	bool	true	no
use_kms_key	Use a KMS key to encrypt Lambda environment variables?	bool	false	no

Modules

No modules.

Outputs

Name	Description
function	The AWS Lambda resource
image_uri	Lambda image URI
local_id	Identifier string used as a suffix to name generated resources
log_group	The AWS CloudWatch log group resource
role	The AWS Lambda IAM Role resource

Providers

Name	Version
aws	~> 4.50
random	~> 3.5

Requirements

Name	Version
terraform	~> 1.3
aws	~> 4.50
random	~> 3.5

Resources

Name	Type
aws_cloudwatch_log_group.this	resource
aws_iam_role.lambda_exec	resource
aws_iam_role_policy.kms_permissions	resource
aws_iam_role_policy.lambda_permissions	resource
aws_iam_role_policy_attachment.lambda_insights	resource
aws_iam_role_policy_attachment.this	resource
aws_iam_role_policy_attachment.xray_permissions	resource
aws_lambda_function.this	resource
random_id.id	resource
aws_caller_identity.current	data source
aws_iam_policy_document.kms_permissions	data source
aws_iam_policy_document.lambda_exec	data source
aws_iam_policy_document.lambda_permissions	data source
aws_partition.current	data source
aws_region.current	data source

Authors

Andre Silva - @andreswebs

License

This project is licensed under the Unlicense.