Terraform module which sets up a Lambda to forward event data towards Observe.
Terraform 0.12 and newer. Submit pull-requests to main
branch.
module "observe_lambda" {
source = "github.com/observeinc/terraform-aws-lambda"
name = "observe-lambda"
observe_customer = "<id>"
observe_token = "<token>"
}
This module will create a Lambda. If no role ARN is provided, a new role will be created.
Additionally, this repository provides submodules to interact with the lambda function set up by this module:
- Upload S3 objects using S3 bucket notifications
- Subscribe CloudWatch Logs to Observe Lambda
- Collect API snapshots
This repository contains examples of how to solve for concrete usecases:
- S3 archive to Lambda
- Cloudtrail to Lambda via S3
- Configuring Lambda in private VPC
- Collecting S3 Access Logs
Name | Version |
---|---|
terraform | >= 0.13.0 |
aws | >= 2.68 |
Name | Version |
---|---|
aws | >= 2.68 |
No modules.
Name | Type |
---|---|
aws_cloudwatch_log_group.group | resource |
aws_iam_policy.lambda_logging | resource |
aws_iam_policy.vpc_access | resource |
aws_iam_role.lambda | resource |
aws_iam_role_policy_attachment.lambda_logs | resource |
aws_iam_role_policy_attachment.vpc_access | resource |
aws_lambda_function.this | resource |
aws_region.current | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
dead_letter_queue_destination | Send failed events/function executions to a dead letter queue arn sns or sqs | string |
null |
no |
description | Lambda description | string |
"Lambda function to forward events towards Observe" |
no |
iam_name_prefix | Prefix used for all created IAM roles and policies | string |
"observe-lambda-" |
no |
kms_key_arn | The ARN of the AWS Key Management Service (AWS KMS) key that's used to encrypt your function's environment variables. If it's not provided, AWS Lambda uses a default service key. |
string |
"" |
no |
lambda_envvars | Environment variables | map(any) |
{} |
no |
lambda_iam_role_arn | ARN of IAM role to use for Lambda | string |
"" |
no |
lambda_s3_custom_rules | List of rules to evaluate how to upload a given S3 object to Observe | list(object({ |
[] |
no |
lambda_version | Version of lambda binary to use | string |
"latest" |
no |
memory_size | The amount of memory that your function has access to. Increasing the function's memory also increases its CPU allocation. The default value is 128 MB. The value must be a multiple of 64 MB. |
number |
128 |
no |
name | Name of Lambda resource | string |
n/a | yes |
observe_customer | Observe Customer ID | string |
n/a | yes |
observe_domain | Observe domain | string |
"observeinc.com" |
no |
observe_token | Observe Token | string |
n/a | yes |
reserved_concurrent_executions | The number of simultaneous executions to reserve for the function. | number |
100 |
no |
retention_in_days | Retention in days of cloudwatch log group | number |
14 |
no |
s3_bucket | S3 Bucket hosting lambda binary. If provided, overrides regional bucket map | string |
"" |
no |
s3_key | S3 object key for lambda binary. If provided, overrides s3_key_prefix | string |
"" |
no |
s3_key_prefix | S3 key containing lambda binaries | string |
"lambda/observer" |
no |
s3_object_version | S3 object version for lambda binary | string |
"" |
no |
s3_regional_buckets | Map of AWS regions to lambda hosting S3 buckets | map(any) |
{} |
no |
tags | A map of tags to add to all resources | map(string) |
{} |
no |
timeout | The amount of time that Lambda allows a function to run before stopping it. The maximum allowed value is 900 seconds. |
number |
60 |
no |
vpc_config | VPC Config | object({ |
null |
no |
Name | Description |
---|---|
lambda_function | Observe Lambda function |
Apache 2 Licensed. See LICENSE for full details.