Custom Terraform AWS Lambda module, with flexible parameters
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
.pre-commit-config.yaml
README.md
iam.tf
main.tf
outputs.tf
variables.tf

README.md

Terraform module for Lambda function

Intro

Flexible AWS Lambda function module that creates:

  • AWS Lambda function (see next to configure optional parameters) with opinionated tagging;
  • Zipping of a given directory to push on changes into AWS;
  • IAM role for running lambda function and base IAM policy;
  • Cloudwatch group for storing Lambda logs

Optional:

  • launch (or not) the Lambda function inside a VPC, by providing it a list of subnet(s) and another list of security group(s).
  • provide it with a Dead Letter Queue (DLQ) configuration in order to handle failures, by providing either SNS or SQS ARN.
  • provide additional IAM policies to extend Lambda permissions

Usage

Example usage:

module "lambda" {
    source = "github.com/diogoaurelio/terraform-aws-lambda-module"
    version = "v0.0.2"
    
    aws_region     = "eu-west-1"
    aws_account_id = "012345678912"
    environment    = "dev"
    project        = "lambda"
    
    lambda_unique_function_name = "uniquelambda"
    runtime                     = "python3.6"
    handler                     = "handler"
    lambda_iam_role_name        = "uniquelambdarole"
    
    main_lambda_file  = "main"
    
    # These next paths is specific to the one used in blog post series: https://datacenternotes.com/2018/09/01/aws-server-less-data-pipelines-with-terraform-part-1/
    lambda_source_dir = "${path.cwd}/../../../etl/lambda/redshift/src"
    lambda_zip_file_location = "${path.cwd}/../../../etl/lambda/redshift/src/main.zip"
    
    lambda_env_vars          = "${local.lambda_env_vars}"
    
    additional_policy = "${data.aws_iam_policy_document.additional_lambda_policy.json}"
    attach_policy     = true
    
    # configure Lambda function inside a specific VPC
    security_group_ids = ["sg-012345678"]
    subnet_ids         = ["subnet-12345678"]
    
    # DLQ
    use_dead_letter_config_target_arn = true
    dead_letter_config_target_arn     = "${aws_sns_topic.lambda_sns_dql.arn}"
}

# Locals used to specify lambda ENVIRONMENT variables
locals {

  lambda_env_vars = {
    ENVIRONMENT = "${var.environment}"
    REGION      = "${var.aws_region}"
  }
}

# optional additional policy document
data "aws_iam_policy_document" "additional_lambda_policy" {
  statement {
    effect = "Allow"

    actions = [
      "s3:GetBucketLocation",
      "s3:ListAllMyBuckets",
    ]

    resources = [
      "*",
    ]
  }
}

## SNS topic for lambda failures - Dead Letter Queue (DLQ)
resource "aws_sns_topic" "lambda_sns_dql" {
  name = "lambda-dlq-sns-topic"
}

Authors/Contributors

See the list of contributors who participated in this project.