fix: wrapped image uri around object to avoid unkown amount of resource creation issue of Terraform

Kilian · Kilian · commit f0d938afe33a · 2024-03-06T14:35:36.000+01:00
diff --git a/README.md b/README.md
@@ -21,17 +21,17 @@ This module provides a Lambda function which logs to CloudWatch. If no image URI
 
 ## Inputs
 
-| Name          | Description                                                               | Type           | Default | Required |
-| ------------- | ------------------------------------------------------------------------- | -------------- | ------- | :------: |
-| identifier    | Unique identifier to differentiate global resources.                      | `string`       | n/a     |   yes    |
-| policies      | List of IAM policy ARNs for the Lambda's IAM role.                        | `list(string)` | []      |    no    |
-| vpc_config    | Object to define the subnets and security groups for the Lambda function. | `object`       | null    |    no    |
-| log           | A flag for make the Lambda function submit logs to CloudWatch.            | `bool`         | false   |    no    |
-| image_uri     | URI of the image which will be pulled by the Lambda function to execute.  | `string`       | ""      |    no    |
-| memory_size   | Amount of memory in MB the Lambda function can use at runtime.            | `number`       | 128     |    no    |
-| timeout       | Amount of time the Lambda function has to run in seconds.                 | `number`       | 3       |    no    |
-| env_variables | A map of environment variables for the Lambda function at runtime.        | `map(string)`  | {}      |    no    |
-| tags          | A map of tags to add to all resources.                                    | `map(string)`  | {}      |    no    |
+| Name          | Description                                                                 | Type           | Default | Required |
+| ------------- | --------------------------------------------------------------------------- | -------------- | ------- | :------: |
+| identifier    | Unique identifier to differentiate global resources.                        | `string`       | n/a     |   yes    |
+| policies      | List of IAM policy ARNs for the Lambda's IAM role.                          | `list(string)` | []      |    no    |
+| vpc_config    | Object to define the subnets and security groups for the Lambda function.   | `object`       | null    |    no    |
+| log           | A flag for make the Lambda function submit logs to CloudWatch.              | `bool`         | false   |    no    |
+| image         | Object of the image which will be pulled by the Lambda function to execute. | `object`       | null    |    no    |
+| memory_size   | Amount of memory in MB the Lambda function can use at runtime.              | `number`       | 128     |    no    |
+| timeout       | Amount of time the Lambda function has to run in seconds.                   | `number`       | 3       |    no    |
+| env_variables | A map of environment variables for the Lambda function at runtime.          | `map(string)`  | {}      |    no    |
+| tags          | A map of tags to add to all resources.                                      | `map(string)`  | {}      |    no    |
 
 ### `vpc_config`
 
@@ -40,6 +40,12 @@ This module provides a Lambda function which logs to CloudWatch. If no image URI
 | subnets         | List of subnet IDs in which the Lambda function will run in. | `list(string)` | n/a     |   yes    |
 | security_groups | List of security group IDs the Lambda function will hold.    | `list(string)` | n/a     |   yes    |
 
+### `image`
+
+| Name | Description       | Type     | Default | Required |
+| ---- | ----------------- | -------- | ------- | :------: |
+| uri  | URI to the image. | `string` | n/a     |   yes    |
+
 ## Outputs
 
 | Name | Description                     |
@@ -57,8 +63,10 @@ module "function" {
     "arn:aws:iam::aws:policy/aws-service-role/AccessAnalyzerServiceRolePolicy",
     "arn:aws:iam::aws:policy/AdministratorAccess-Amplify"
   ]
-  log         = true
-  image_uri   = "test.registry:latest"
+  log = true
+  image = {
+    uri = "test.registry:latest"
+  }
   memory_size = 128
   timeout     = 3
   env_variables = {
diff --git a/main.tf b/main.tf
@@ -89,7 +89,7 @@ resource "aws_iam_role_policy_attachment" "log" {
 ################################
 
 resource "aws_ecr_repository" "main" {
-  count                = length(var.image_uri) > 0 ? 1 : 0
+  count                = var.image == null ? 1 : 0
   name                 = "${var.identifier}-lambda"
   image_tag_mutability = "MUTABLE"
   force_delete         = true
@@ -105,7 +105,7 @@ resource "aws_lambda_function" "main" {
   function_name = var.identifier
   package_type  = "Image"
   role          = aws_iam_role.main.arn
-  image_uri     = length(var.image_uri) > 0 ? "${aws_ecr_repository.main[0].repository_url}:latest" : var.image_uri
+  image_uri     = var.image == null ? "${aws_ecr_repository.main[0].repository_url}:latest" : try(var.image["uri"], null)
   memory_size   = var.memory_size
   timeout       = var.timeout
 
diff --git a/variables.tf b/variables.tf
@@ -36,10 +36,12 @@ variable "log" {
   default     = false
 }
 
-variable "image_uri" {
-  description = "URI of the image which will be pulled by the Lambda function to execute."
-  type        = string
-  default     = ""
+variable "image" {
+  description = "Object of the image which will be pulled by the Lambda function to execute."
+  type = object({
+    uri = string
+  })
+  default = null
 }
 
 variable "memory_size" {
