module "lambda" {
source = "github.com/ministryofjustice/modernisation-platform-terraform-lambda-function"
application_name = local.application_name
tags = local.tags
description = "lambda description"
role_name = local.lambda_role_name
policy_json = data.aws_iam_policy_document.lambda_policy.json
function_name = local.lambda_function_name
create_role = true
reserved_concurrent_executions = 1
environment_variables = {
"key1" = "value1"
}
image_uri = local.ecr_image_uri
timeout = 600
tracing_mode = "Active"
allowed_triggers = {
AllowStopExecutionFromCloudWatch = {
principal = "events.amazonaws.com"
source_arn = aws_cloudwatch_event_rule.lambda_cloudwatch_schedule_morning.arn
}
AllowStartExecutionFromCloudWatch = {
principal = "events.amazonaws.com"
source_arn = aws_cloudwatch_event_rule.lambda_cloudwatch_schedule_evening.arn
}
}
}
If you're looking to raise an issue with this module, please create a new issue in the Modernisation Platform repository.
| Name | Version |
|---|---|
| terraform | >= 1.0.1 |
| aws | ~> 5.0 |
| Name | Version |
|---|---|
| aws | ~> 5.0 |
No modules.
| Name | Type |
|---|---|
| aws_iam_policy.policy_from_json | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy_attachment.policy_arns | resource |
| aws_iam_role_policy_attachment.policy_from_json | resource |
| aws_lambda_function.this | resource |
| aws_lambda_function_event_invoke_config.this | resource |
| aws_lambda_permission.allowed_triggers | resource |
| aws_iam_policy_document.assume_role | data source |
| aws_iam_policy_document.combined-assume-role-policy | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_trust_roles | ARN of other roles to be passed as principals for sts:AssumeRole | list(string) |
[] |
no |
| additional_trust_statements | Json attributes of additional iam policy documents to add to the trust policy | list(string) |
[] |
no |
| allowed_triggers | Map of allowed triggers to create Lambda permissions | map(any) |
{} |
no |
| application_name | Name of application | string |
n/a | yes |
| create_role | Controls whether IAM role for Lambda Function should be created | bool |
true |
no |
| description | Description of your Lambda Function (or Layer) | string |
"" |
no |
| environment_variables | A map that defines environment variables for the Lambda Function. | map(string) |
{} |
no |
| filename | The absolute path to an existing zip-file to use | string |
null |
no |
| function_name | A unique name for your Lambda Function | string |
"" |
no |
| handler | Lambda Function entrypoint in your code | string |
null |
no |
| image_uri | The ECR image URI containing the function's deployment package. | string |
null |
no |
| lambda_role | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | string |
"" |
no |
| memory_size | Amount of memory in MB your Lambda Function can use at runtime | number |
128 |
no |
| package_type | The Lambda deployment package type. Valid options: Image or Zip | string |
"Image" |
no |
| policy_arns | List of policy statements ARN to attach to Lambda Function role | list(string) |
[] |
no |
| policy_json | An policy document as JSON to attach to the Lambda Function role | string |
null |
no |
| policy_json_attached | A json policy document is being passed into the module | bool |
false |
no |
| policy_name | IAM policy name. It override the default value, which is the same as role_name | string |
null |
no |
| reserved_concurrent_executions | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | number |
-1 |
no |
| role_description | Description of IAM role to use for Lambda Function | string |
null |
no |
| role_name | Name of IAM role to use for Lambda Function | string |
null |
no |
| runtime | Lambda function runtime | string |
null |
no |
| sns_topic_on_failure | SNS topic arn for the lambda's destination on failure. | string |
"" |
no |
| sns_topic_on_success | SNS topic arn for the lambda's destination on success. | string |
"" |
no |
| source_code_hash | Hash value of the archive file. Calculated externally. Use to trigger updates when source file is changed. | string |
null |
no |
| tags | Common tags to be used by all resources | map(string) |
n/a | yes |
| timeout | The amount of time your Lambda Function has to run in seconds. | number |
3 |
no |
| tracing_mode | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | string |
null |
no |
| vpc_security_group_ids | List of security group ids when Lambda Function should run in the VPC. | list(string) |
null |
no |
| vpc_subnet_ids | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | list(string) |
null |
no |
| Name | Description |
|---|---|
| lambda_function_arn | The ARN of the Lambda Function |
| lambda_function_invoke_arn | The invoke ARN of the Lambda Function |
| lambda_function_name | The Name of the Lambda Function |
| vpc_security_group_ids | The VPC security groups the lambda function has been deployed into |
| vpc_subnet_ids | The vpc subnet(s) the Lambda function has been deployed into |