From ef231d37819731114b3e6a15112111df87623960 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 20 Jul 2020 13:14:50 +0300 Subject: [PATCH 001/385] feat: Upgraded Terraform version supported --- versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.tf b/versions.tf index c1b26983..9e300535 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 0.12.6" + required_version = ">= 0.12.6, < 0.14" required_providers { aws = "~> 2.46" From 47917cec498fb443166dbfb2fa3498de1d5e73ea Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 20 Jul 2020 13:15:14 +0300 Subject: [PATCH 002/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a70bccbd..46e919e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.17.0] - 2020-07-20 + +- feat: Upgraded Terraform version supported + + ## [v1.16.0] - 2020-06-26 @@ -148,7 +154,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.16.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.17.0...HEAD +[v1.17.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.16.0...v1.17.0 [v1.16.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.15.0...v1.16.0 [v1.15.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.14.0...v1.15.0 [v1.14.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.13.0...v1.14.0 From 827574c735cbbd124796c3474753e91f06dcf4d1 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 13 Aug 2020 11:35:27 +0200 Subject: [PATCH 003/385] feat: Bump version of AWS provider to support v3 --- README.md | 6 +++--- versions.tf | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 60432fce..90a7d7c1 100644 --- a/README.md +++ b/README.md @@ -554,14 +554,14 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| terraform | ~> 0.12.6 | -| aws | ~> 2.46 | +| terraform | >= 0.12.6, < 0.14 | +| aws | >= 2.46, < 4.0 | ## Providers | Name | Version | |------|---------| -| aws | ~> 2.46 | +| aws | >= 2.46, < 4.0 | | external | n/a | | local | n/a | | null | n/a | diff --git a/versions.tf b/versions.tf index 9e300535..23936b19 100644 --- a/versions.tf +++ b/versions.tf @@ -2,6 +2,6 @@ terraform { required_version = ">= 0.12.6, < 0.14" required_providers { - aws = "~> 2.46" + aws = ">= 2.46, < 4.0" } } From b77b6ccd2b2bcefa5ea314f14484c760a2509f1e Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 13 Aug 2020 11:37:47 +0200 Subject: [PATCH 004/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 46e919e5..5655c61a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.18.0] - 2020-08-13 + +- feat: Bump version of AWS provider to support v3 + + ## [v1.17.0] - 2020-07-20 @@ -154,7 +160,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.17.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.18.0...HEAD +[v1.18.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.17.0...v1.18.0 [v1.17.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.16.0...v1.17.0 [v1.16.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.15.0...v1.16.0 [v1.15.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.14.0...v1.15.0 From 05c5306e02efac5241a3012b953ceb8008b40d77 Mon Sep 17 00:00:00 2001 From: Niranjan Rajendran Date: Fri, 14 Aug 2020 15:56:52 +0530 Subject: [PATCH 005/385] feat: Add support for EFS File System Config (#46) --- README.md | 5 +- examples/with-efs/README.md | 57 +++++++++++++++++++++ examples/with-efs/main.tf | 85 +++++++++++++++++++++++++++++++ examples/with-efs/outputs.tf | 99 ++++++++++++++++++++++++++++++++++++ main.tf | 8 +++ variables.tf | 12 +++++ versions.tf | 2 +- 7 files changed, 266 insertions(+), 2 deletions(-) create mode 100644 examples/with-efs/README.md create mode 100644 examples/with-efs/main.tf create mode 100644 examples/with-efs/outputs.tf diff --git a/README.md b/README.md index 90a7d7c1..5b9bce38 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ This Terraform module is the part of [serverless.tf framework](https://github.co - [x] Lambda@Edge - [x] Conditional creation for many types of resources. - [x] Control execution of nearly any step in the process - build, package, store package, deploy, update. -- [x] Control nearly all aspects of Lambda resources (provisioned concurrency, VPC, dead-letter notification, tracing, async events, IAM role, IAM policies, and more). +- [x] Control nearly all aspects of Lambda resources (provisioned concurrency, VPC, EFS, dead-letter notification, tracing, async events, IAM role, IAM policies, and more). - [x] Support integration with other `serverless.tf` modules like [HTTP API Gateway](https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2) (see [examples there](https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2/tree/master/examples/complete-http)). @@ -547,6 +547,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo * [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Complete end-to-end build/update/deploy process using AWS CodeDeploy. * [Async Invocations](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/async) - Create Lambda Function with async event configuration (with SQS and SNS integration). * [With VPC](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-vpc) - Create Lambda Function with VPC. +* [With EFS](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-efs) - Create Lambda Function with Elastic File System attached (Terraform 0.13+ is recommended). @@ -606,6 +607,8 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | docker\_pip\_cache | Whether to mount a shared pip cache folder into docker environment or not | `any` | `null` | no | | docker\_with\_ssh\_agent | Whether to pass SSH\_AUTH\_SOCK into docker environment or not | `bool` | `false` | no | | environment\_variables | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no | +| file\_system\_arn | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | `string` | `null` | no | +| file\_system\_local\_mount\_path | The path where the function can access the file system, starting with /mnt/. | `string` | `null` | no | | function\_name | A unique name for your Lambda Function | `string` | `""` | no | | handler | Lambda Function entrypoint in your code | `string` | `""` | no | | hash\_extra | The string to add into hashing function. Useful when building same source path for different functions. | `string` | `""` | no | diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md new file mode 100644 index 00000000..2533afb3 --- /dev/null +++ b/examples/with-efs/README.md @@ -0,0 +1,57 @@ +# AWS Lambda with EFS example + +Configuration in this directory creates AWS Lambda Function deployed with Elastic File System (EFS) attached. + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| aws | n/a | +| random | n/a | + +## Inputs + +No input. + +## Outputs + +| Name | Description | +|------|-------------| +| lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group | +| lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | +| lambda\_role\_name | The name of the IAM role created for the Lambda Function | +| local\_filename | The filename of zip archive deployed (if deployment was from local) | +| s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) | +| this\_lambda\_function\_arn | The ARN of the Lambda Function | +| this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | +| this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | +| this\_lambda\_function\_last\_modified | The date Lambda Function resource was last modified | +| this\_lambda\_function\_name | The name of the Lambda Function | +| this\_lambda\_function\_qualified\_arn | The ARN identifying your Lambda Function Version | +| this\_lambda\_function\_source\_code\_hash | Base64-encoded representation of raw SHA-256 sum of the zip file | +| this\_lambda\_function\_source\_code\_size | The size in bytes of the function .zip file | +| this\_lambda\_function\_version | Latest published version of Lambda Function | +| this\_lambda\_layer\_arn | The ARN of the Lambda Layer with version | +| this\_lambda\_layer\_created\_date | The date Lambda Layer resource was created | +| this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | +| this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | +| this\_lambda\_layer\_version | The Lambda Layer version | + + diff --git a/examples/with-efs/main.tf b/examples/with-efs/main.tf new file mode 100644 index 00000000..98d3a89a --- /dev/null +++ b/examples/with-efs/main.tf @@ -0,0 +1,85 @@ +provider "aws" { + region = "eu-west-1" + + # Make it faster by skipping something + skip_get_ec2_platforms = true + skip_metadata_api_check = true + skip_region_validation = true + skip_credentials_validation = true + skip_requesting_account_id = true +} + +resource "random_pet" "this" { + length = 2 +} + +module "lambda_function_with_efs" { + source = "../../" + + function_name = "${random_pet.this.id}-lambda-in-vpc" + description = "My awesome lambda function" + handler = "index.lambda_handler" + runtime = "python3.8" + + source_path = "${path.module}/../fixtures/python3.8-app1" + + vpc_subnet_ids = module.vpc.intra_subnets + vpc_security_group_ids = [module.vpc.default_security_group_id] + attach_network_policy = true + + ###################### + # Elastic File System + ###################### + + file_system_arn = aws_efs_access_point.lambda.arn + file_system_local_mount_path = "/mnt/shared-storage" + + # Explicitly declare dependency on EFS mount target. + # When creating or updating Lambda functions, mount target must be in 'available' lifecycle state. + # Note: depends_on on modules became available in Terraform 0.13 + depends_on = [aws_efs_mount_target.alpha] +} + +###### +# VPC +###### + +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + + name = random_pet.this.id + cidr = "10.10.0.0/16" + + azs = ["eu-west-1a"] + intra_subnets = ["10.10.101.0/24"] +} + +###### +# EFS +###### + +resource "aws_efs_file_system" "shared" {} + +resource "aws_efs_mount_target" "alpha" { + file_system_id = aws_efs_file_system.shared.id + subnet_id = module.vpc.intra_subnets[0] + security_groups = [module.vpc.default_security_group_id] +} + +resource "aws_efs_access_point" "lambda" { + file_system_id = aws_efs_file_system.shared.id + + posix_user { + gid = 1000 + uid = 1000 + } + + root_directory { + path = "/lambda" + creation_info { + owner_gid = 1000 + owner_uid = 1000 + permissions = "0777" + } + } +} diff --git a/examples/with-efs/outputs.tf b/examples/with-efs/outputs.tf new file mode 100644 index 00000000..6417f50d --- /dev/null +++ b/examples/with-efs/outputs.tf @@ -0,0 +1,99 @@ +# Lambda Function +output "this_lambda_function_arn" { + description = "The ARN of the Lambda Function" + value = module.lambda_function_with_efs.this_lambda_function_arn +} + +output "this_lambda_function_invoke_arn" { + description = "The Invoke ARN of the Lambda Function" + value = module.lambda_function_with_efs.this_lambda_function_invoke_arn +} + +output "this_lambda_function_name" { + description = "The name of the Lambda Function" + value = module.lambda_function_with_efs.this_lambda_function_name +} + +output "this_lambda_function_qualified_arn" { + description = "The ARN identifying your Lambda Function Version" + value = module.lambda_function_with_efs.this_lambda_function_qualified_arn +} + +output "this_lambda_function_version" { + description = "Latest published version of Lambda Function" + value = module.lambda_function_with_efs.this_lambda_function_version +} + +output "this_lambda_function_last_modified" { + description = "The date Lambda Function resource was last modified" + value = module.lambda_function_with_efs.this_lambda_function_last_modified +} + +output "this_lambda_function_kms_key_arn" { + description = "The ARN for the KMS encryption key of Lambda Function" + value = module.lambda_function_with_efs.this_lambda_function_kms_key_arn +} + +output "this_lambda_function_source_code_hash" { + description = "Base64-encoded representation of raw SHA-256 sum of the zip file" + value = module.lambda_function_with_efs.this_lambda_function_source_code_hash +} + +output "this_lambda_function_source_code_size" { + description = "The size in bytes of the function .zip file" + value = module.lambda_function_with_efs.this_lambda_function_source_code_size +} + +# Lambda Layer +output "this_lambda_layer_arn" { + description = "The ARN of the Lambda Layer with version" + value = module.lambda_function_with_efs.this_lambda_layer_arn +} + +output "this_lambda_layer_layer_arn" { + description = "The ARN of the Lambda Layer without version" + value = module.lambda_function_with_efs.this_lambda_layer_layer_arn +} + +output "this_lambda_layer_created_date" { + description = "The date Lambda Layer resource was created" + value = module.lambda_function_with_efs.this_lambda_layer_created_date +} + +output "this_lambda_layer_source_code_size" { + description = "The size in bytes of the Lambda Layer .zip file" + value = module.lambda_function_with_efs.this_lambda_layer_source_code_size +} + +output "this_lambda_layer_version" { + description = "The Lambda Layer version" + value = module.lambda_function_with_efs.this_lambda_layer_version +} + +# IAM Role +output "lambda_role_arn" { + description = "The ARN of the IAM role created for the Lambda Function" + value = module.lambda_function_with_efs.lambda_role_arn +} + +output "lambda_role_name" { + description = "The name of the IAM role created for the Lambda Function" + value = module.lambda_function_with_efs.lambda_role_name +} + +# CloudWatch Log Group +output "lambda_cloudwatch_log_group_arn" { + description = "The ARN of the Cloudwatch Log Group" + value = module.lambda_function_with_efs.lambda_cloudwatch_log_group_arn +} + +# Deployment package +output "local_filename" { + description = "The filename of zip archive deployed (if deployment was from local)" + value = module.lambda_function_with_efs.local_filename +} + +output "s3_object" { + description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" + value = module.lambda_function_with_efs.s3_object +} diff --git a/main.tf b/main.tf index dc7429e1..e74d8e8c 100644 --- a/main.tf +++ b/main.tf @@ -62,6 +62,14 @@ resource "aws_lambda_function" "this" { } } + dynamic "file_system_config" { + for_each = var.file_system_arn != null && var.file_system_local_mount_path != null ? [true] : [] + content { + local_mount_path = var.file_system_local_mount_path + arn = var.file_system_arn + } + } + tags = var.tags depends_on = [null_resource.archive, aws_s3_bucket_object.lambda_package] diff --git a/variables.tf b/variables.tf index 852b89ea..1cb42613 100644 --- a/variables.tf +++ b/variables.tf @@ -413,6 +413,18 @@ variable "policy_statements" { default = {} } +variable "file_system_arn" { + description = "The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system." + type = string + default = null +} + +variable "file_system_local_mount_path" { + description = "The path where the function can access the file system, starting with /mnt/." + type = string + default = null +} + ########################## # Build artifact settings ########################## diff --git a/versions.tf b/versions.tf index 23936b19..5ada0a8e 100644 --- a/versions.tf +++ b/versions.tf @@ -2,6 +2,6 @@ terraform { required_version = ">= 0.12.6, < 0.14" required_providers { - aws = ">= 2.46, < 4.0" + aws = ">= 2.67, < 4.0" } } From a66227742fd767d4faaee845b4b2dd7ed3dc6979 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 14 Aug 2020 12:27:17 +0200 Subject: [PATCH 006/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5655c61a..23e48079 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.19.0] - 2020-08-14 + +- feat: Add support for EFS File System Config ([#46](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/46)) + + ## [v1.18.0] - 2020-08-13 @@ -160,7 +166,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.18.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.19.0...HEAD +[v1.19.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.18.0...v1.19.0 [v1.18.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.17.0...v1.18.0 [v1.17.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.16.0...v1.17.0 [v1.16.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.15.0...v1.16.0 From 7c674a3b74e0ff5df0878006c9370e9c307fd15d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Augoff?= Date: Wed, 19 Aug 2020 12:56:40 +0200 Subject: [PATCH 007/385] fix: Fix policy attachments for managed policies (#45) --- iam.tf | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/iam.tf b/iam.tf index 539bc9c2..a1d231ae 100644 --- a/iam.tf +++ b/iam.tf @@ -223,11 +223,10 @@ resource "aws_iam_policy_attachment" "additional_json" { # ARN of additional policy ########################### -resource "aws_iam_policy_attachment" "additional_one" { +resource "aws_iam_role_policy_attachment" "additional_one" { count = local.create_role && var.attach_policy ? 1 : 0 - name = var.function_name - roles = [aws_iam_role.lambda[0].name] + role = aws_iam_role.lambda[0].name policy_arn = var.policy } @@ -235,11 +234,10 @@ resource "aws_iam_policy_attachment" "additional_one" { # List of ARNs of additional policies ###################################### -resource "aws_iam_policy_attachment" "additional_many" { +resource "aws_iam_role_policy_attachment" "additional_many" { count = local.create_role && var.attach_policies ? var.number_of_policies : 0 - name = var.function_name - roles = [aws_iam_role.lambda[0].name] + role = aws_iam_role.lambda[0].name policy_arn = var.policies[count.index] } From c3671888633008edac8f96070d3f5a14da45937d Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 19 Aug 2020 12:57:00 +0200 Subject: [PATCH 008/385] Updated CHANGELOG --- CHANGELOG.md | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 23e48079..21ba4a49 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,54 @@ All notable changes to this project will be documented in this file. + +## [v1.20.0] - 2020-08-19 + +- fix: Fix policy attachments for managed policies ([#45](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/45)) +- feat: Add support for EFS File System Config ([#46](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/46)) +- feat: Bump version of AWS provider to support v3 +- feat: Upgraded Terraform version supported +- docs: Updated FAQ with info about "We currently do not support adding policies for " +- fix: Adds region wildcard to log group arn when lambda[@edge](https://github.com/edge) ([#35](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/35)) +- fix: Fixed issue with zip renaming on Windows platform ([#32](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/32)) +- feat: docker image building for installing pip requirements independently from OS ([#31](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/31)) +- fix: Fixed patterns applying ([#30](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/30)) +- fix: Fixed DUMP_ENV logging level ([#28](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/28)) +- fix: Fixed IAM policy attachment with multiple functions ([#26](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/26)) +- feat: Added support for variety of options for source_path, closes [#12](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/12) ([#25](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/25)) +- Updated examples and readme +- Added more samples to examples/simple/main.tf +- package.py - Log directories with ending / +- package.py - Log skipped items + made uniform some messages +- package.py - Added support for comments in patterns +- package.py - Renamed: logger -> log +- feat: Added ZipContentFilter class to apply patterns filtering +- package.py - Fixed and improved logging +- package.py - Added BuildPlanManager initial implementation +- package.py - Fixed building in docker +- package.py - Implemented ZipFileStream.write_file +- feat: In-place zip archiving +- package.py - Removed dir changing on zip archive generation +- package.py - Simplified emit_dir_files func +- package.py - Fixed timestamp appling +- package.py - Added hidden hash command to calculate Lambda's content hash +- package.py - Finished ZipFileStream.write_dirs implementation +- package.py - Moved borrowed ZipInfo.from_file to a ZipWriteStream class +- package.py - Added initial ZipFileStream skel +- package.py - Move out inner functions from *_command functions +- feat: Added pid to the prepare stage log records +- feat: Added AWS CodeDeploy group name to outputs +- fix: Create AWS CodeDeploy resources conditionally +- fix: Do not create AWS Cloudwatch log group for Lambda Layers +- feat: Add Cloudwatch Logs resources (or use existing) ([#24](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/24)) + + + +## [v1.6.1] - 2020-08-14 + +- fix: Added support for AWS provider v3 used by notify-slack module with Terraform 0.12 + + ## [v1.19.0] - 2020-08-14 @@ -166,7 +214,9 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.19.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.20.0...HEAD +[v1.20.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.6.1...v1.20.0 +[v1.6.1]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.19.0...v1.6.1 [v1.19.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.18.0...v1.19.0 [v1.18.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.17.0...v1.18.0 [v1.17.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.16.0...v1.17.0 From 4fd3c097ca88ef885b4a6678a9f44ab462f26960 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 19 Aug 2020 13:08:48 +0200 Subject: [PATCH 009/385] chore: Set number_of_policies in example --- README.md | 4 ++-- examples/complete/main.tf | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 5b9bce38..fa7806e2 100644 --- a/README.md +++ b/README.md @@ -556,13 +556,13 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | terraform | >= 0.12.6, < 0.14 | -| aws | >= 2.46, < 4.0 | +| aws | >= 2.67, < 4.0 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.46, < 4.0 | +| aws | >= 2.67, < 4.0 | | external | n/a | | local | n/a | | null | n/a | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 580566ea..b08b70d3 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -79,8 +79,9 @@ EOF attach_policy = true policy = "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess" - attach_policies = true - policies = ["arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess"] + attach_policies = true + policies = ["arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess"] + number_of_policies = 1 attach_policy_statements = true policy_statements = { From fca706383a47a98f0f0c6a45dd1f4047ac588a19 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 19 Aug 2020 13:14:40 +0200 Subject: [PATCH 010/385] docs: Updated description for provisioned_concurrent_executions (closes #38) --- README.md | 2 +- variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fa7806e2..00ebc998 100644 --- a/README.md +++ b/README.md @@ -627,7 +627,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | policy | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no | | policy\_json | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | | policy\_statements | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | -| provisioned\_concurrent\_executions | Amount of capacity to allocate. Must be greater than or equal to 1. | `number` | `-1` | no | +| provisioned\_concurrent\_executions | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | | publish | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | | reserved\_concurrent\_executions | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | | role\_description | Description of IAM role to use for Lambda Function | `string` | `null` | no | diff --git a/variables.tf b/variables.tf index 1cb42613..ffc9b1f4 100644 --- a/variables.tf +++ b/variables.tf @@ -224,7 +224,7 @@ variable "destination_on_success" { ########################## variable "provisioned_concurrent_executions" { - description = "Amount of capacity to allocate. Must be greater than or equal to 1." + description = "Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency." type = number default = -1 } From 89d72ee61a796721a174198ee8f6af81cfb9c4e2 Mon Sep 17 00:00:00 2001 From: Andrew Hlynskyi Date: Tue, 25 Aug 2020 10:03:16 +0300 Subject: [PATCH 011/385] fix: os xcode python interpreter (#50) --- package.py | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/package.py b/package.py index 0e6f603f..2e19db7e 100644 --- a/package.py +++ b/package.py @@ -850,8 +850,18 @@ def install_pip_requirements(query, requirements_file): shutil.copyfile(requirements_file, target_file) python_exec = runtime - if WINDOWS and not docker: - python_exec = 'python.exe' + subproc_env = None + + if not docker: + if WINDOWS: + python_exec = 'python.exe' + elif OSX: + # Workaround for OSX when XCode command line tools' + # python becomes the main system python interpreter + os_path = '{}:/Library/Developer/CommandLineTools' \ + '/usr/bin'.format(os.environ['PATH']) + subproc_env = os.environ.copy() + subproc_env['PATH'] = os_path # Install dependencies into the temporary directory. with cd(temp_dir): @@ -886,7 +896,14 @@ def install_pip_requirements(query, requirements_file): else: cmd_log.info(shlex_join(pip_command)) log_handler and log_handler.flush() - check_call(pip_command) + try: + check_call(pip_command, env=subproc_env) + except FileNotFoundError as e: + raise RuntimeError( + "Python interpreter version equal " + "to defined lambda runtime ({}) should be " + "available in system PATH".format(runtime) + ) from e os.remove(target_file) yield temp_dir From 18b8f74896a2671850da41128463071dc756738a Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 25 Aug 2020 09:03:41 +0200 Subject: [PATCH 012/385] Updated CHANGELOG --- CHANGELOG.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 21ba4a49..606052e6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,14 @@ All notable changes to this project will be documented in this file. + +## [v1.21.0] - 2020-08-25 + +- fix: os xcode python interpreter ([#50](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/50)) +- docs: Updated description for provisioned_concurrent_executions (closes [#38](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/38)) +- chore: Set number_of_policies in example + + ## [v1.20.0] - 2020-08-19 @@ -214,7 +222,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.20.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.21.0...HEAD +[v1.21.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.20.0...v1.21.0 [v1.20.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.6.1...v1.20.0 [v1.6.1]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.19.0...v1.6.1 [v1.19.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.18.0...v1.19.0 From c4890f28b244a64ad788bc67a5b005ea6d40d3ce Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 26 Aug 2020 15:22:34 +0200 Subject: [PATCH 013/385] feat: Updated submodules to support Terraform 0.13 --- modules/alias/README.md | 6 +++--- modules/alias/versions.tf | 4 ++-- modules/deploy/README.md | 6 +++--- modules/deploy/versions.tf | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/alias/README.md b/modules/alias/README.md index 11be29a2..6bfe7f95 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -115,14 +115,14 @@ module "lambda" { | Name | Version | |------|---------| -| terraform | ~> 0.12.6 | -| aws | ~> 2.46 | +| terraform | >= 0.12.6, < 0.14 | +| aws | >= 2.67, < 4.0 | ## Providers | Name | Version | |------|---------| -| aws | ~> 2.46 | +| aws | >= 2.67, < 4.0 | ## Inputs diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index c1b26983..5ada0a8e 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -1,7 +1,7 @@ terraform { - required_version = "~> 0.12.6" + required_version = ">= 0.12.6, < 0.14" required_providers { - aws = "~> 2.46" + aws = ">= 2.67, < 4.0" } } diff --git a/modules/deploy/README.md b/modules/deploy/README.md index d05af2f1..60798665 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -99,14 +99,14 @@ module "lambda" { | Name | Version | |------|---------| -| terraform | ~> 0.12.6 | -| aws | ~> 2.46 | +| terraform | >= 0.12.6, < 0.14 | +| aws | >= 2.67, < 4.0 | ## Providers | Name | Version | |------|---------| -| aws | ~> 2.46 | +| aws | >= 2.67, < 4.0 | | local | n/a | | null | n/a | diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index c1b26983..5ada0a8e 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -1,7 +1,7 @@ terraform { - required_version = "~> 0.12.6" + required_version = ">= 0.12.6, < 0.14" required_providers { - aws = "~> 2.46" + aws = ">= 2.67, < 4.0" } } From 0e83a2b05e55643446964d1a8bc7ceafc170c32a Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 26 Aug 2020 15:22:47 +0200 Subject: [PATCH 014/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 606052e6..2568c4f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.22.0] - 2020-08-26 + +- feat: Updated submodules to support Terraform 0.13 + + ## [v1.21.0] - 2020-08-25 @@ -222,7 +228,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.21.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.22.0...HEAD +[v1.22.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.21.0...v1.22.0 [v1.21.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.20.0...v1.21.0 [v1.20.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.6.1...v1.20.0 [v1.6.1]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.19.0...v1.6.1 From ffa3b59a46cccc5880450a0b7eae299b1d128e2b Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 14 Sep 2020 18:29:41 +0200 Subject: [PATCH 015/385] feat: Added support for policy_jsons (list of strings) (#58) --- .pre-commit-config.yaml | 4 ++-- README.md | 22 +++++++++++++++------- examples/complete/main.tf | 20 +++++++++++++++++++- iam.tf | 19 +++++++++++++++++++ variables.tf | 18 ++++++++++++++++++ versions.tf | 6 +++++- 6 files changed, 78 insertions(+), 11 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2308d6fe..b71e202b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,10 +1,10 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.31.0 + rev: v1.39.0 hooks: - id: terraform_fmt - id: terraform_docs - repo: git://github.com/pre-commit/pre-commit-hooks - rev: v3.1.0 + rev: v3.2.0 hooks: - id: check-merge-conflict diff --git a/README.md b/README.md index 00ebc998..c6e5e264 100644 --- a/README.md +++ b/README.md @@ -240,12 +240,13 @@ module "vpc" { ## Additional IAM policies for Lambda Functions -There are 4 supported ways to attach IAM policies to IAM role used by Lambda Function: +There are 5 supported ways to attach IAM policies to IAM role used by Lambda Function: -1. `policy_json` - set as JSON string or heredoc, when `attach_policy_json = true`. +1. `policy_json` - JSON string or heredoc, when `attach_policy_json = true`. +1. `policy_jsons` - List of JSON strings or heredoc, when `attach_policy_jsons = true` and `number_of_policy_jsons > 0`. 1. `policy` - ARN of existing IAM policy, when `attach_policy = true`. -1. `policies` - List of ARNs of existing IAM policies, when `attach_policies = true`. -1. `policy_statements` - Map of maps to define IAM statements which will be generated as IAM policy. Requires `attach_policy_statements = true`. See examples/complete for more information. +1. `policies` - List of ARNs of existing IAM policies, when `attach_policies = true` and `number_of_policies > 0`. +1. `policy_statements` - Map of maps to define IAM statements which will be generated as IAM policy. Requires `attach_policy_statements = true`. See `examples/complete` for more information. ## Lambda Permissions for allowed triggers @@ -557,15 +558,19 @@ Q4: What does this error mean - `"We currently do not support adding policies fo |------|---------| | terraform | >= 0.12.6, < 0.14 | | aws | >= 2.67, < 4.0 | +| external | ~> 1 | +| local | ~> 1 | +| null | ~> 2 | +| random | ~> 2 | ## Providers | Name | Version | |------|---------| | aws | >= 2.67, < 4.0 | -| external | n/a | -| local | n/a | -| null | n/a | +| external | ~> 1 | +| local | ~> 1 | +| null | ~> 2 | ## Inputs @@ -580,6 +585,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | attach\_policies | Controls whether list of policies should be added to IAM role for Lambda Function | `bool` | `false` | no | | attach\_policy | Controls whether policy should be added to IAM role for Lambda Function | `bool` | `false` | no | | attach\_policy\_json | Controls whether policy\_json should be added to IAM role for Lambda Function | `bool` | `false` | no | +| attach\_policy\_jsons | Controls whether policy\_jsons should be added to IAM role for Lambda Function | `bool` | `false` | no | | attach\_policy\_statements | Controls whether policy\_statements should be added to IAM role for Lambda Function | `bool` | `false` | no | | attach\_tracing\_policy | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | `bool` | `false` | no | | build\_in\_docker | Whether to build dependencies in Docker | `bool` | `false` | no | @@ -623,9 +629,11 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | maximum\_retry\_attempts | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | | memory\_size | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 3008 MB, in 64 MB increments. | `number` | `128` | no | | number\_of\_policies | Number of policies to attach to IAM role for Lambda Function | `number` | `0` | no | +| number\_of\_policy\_jsons | Number of policies JSON to attach to IAM role for Lambda Function | `number` | `0` | no | | policies | List of policy statements ARN to attach to Lambda Function role | `list(string)` | `[]` | no | | policy | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no | | policy\_json | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | +| policy\_jsons | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no | | policy\_statements | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | | provisioned\_concurrent\_executions | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | | publish | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index b08b70d3..36527b08 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -76,6 +76,24 @@ module "lambda_function" { } EOF + attach_policy_jsons = true + policy_jsons = [< Date: Mon, 14 Sep 2020 18:30:02 +0200 Subject: [PATCH 016/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2568c4f0..94ffd160 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.23.0] - 2020-09-14 + +- feat: Added support for policy_jsons (list of strings) ([#58](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/58)) + + ## [v1.22.0] - 2020-08-26 @@ -228,7 +234,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.22.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.23.0...HEAD +[v1.23.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.22.0...v1.23.0 [v1.22.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.21.0...v1.22.0 [v1.21.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.20.0...v1.21.0 [v1.20.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.6.1...v1.20.0 From 243cf19fb22f6720beb3a30c21d3fc48f99fb18f Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 23 Sep 2020 12:09:17 +0200 Subject: [PATCH 017/385] feat: Added tflint as pre-commit hook (#60) --- .pre-commit-config.yaml | 17 +- examples/alias/README.md | 8 +- examples/alias/main.tf | 164 +++++---- examples/alias/variables.tf | 0 examples/alias/versions.tf | 8 + examples/async/README.md | 10 +- examples/async/variables.tf | 0 examples/async/versions.tf | 8 + examples/build-package/README.md | 8 +- examples/build-package/main.tf | 2 +- examples/build-package/outputs.tf | 200 +++++----- examples/build-package/variables.tf | 0 examples/build-package/versions.tf | 8 + examples/complete/README.md | 10 +- examples/complete/main.tf | 12 +- examples/complete/variables.tf | 0 examples/complete/versions.tf | 8 + examples/deploy/README.md | 20 +- examples/deploy/outputs.tf | 15 +- examples/deploy/variables.tf | 0 examples/deploy/versions.tf | 8 + examples/simple/README.md | 8 +- examples/simple/main.tf | 541 ++++++++++++++-------------- examples/simple/variables.tf | 0 examples/simple/versions.tf | 8 + examples/with-efs/README.md | 10 +- examples/with-efs/variables.tf | 0 examples/with-efs/versions.tf | 8 + examples/with-vpc/README.md | 8 +- examples/with-vpc/variables.tf | 0 examples/with-vpc/versions.tf | 8 + iam.tf | 4 +- main.tf | 2 +- modules/alias/main.tf | 6 +- modules/deploy/README.md | 16 +- modules/deploy/main.tf | 30 +- modules/deploy/outputs.tf | 15 +- modules/deploy/versions.tf | 4 +- variables.tf | 8 +- 39 files changed, 659 insertions(+), 523 deletions(-) create mode 100644 examples/alias/variables.tf create mode 100644 examples/alias/versions.tf create mode 100644 examples/async/variables.tf create mode 100644 examples/async/versions.tf create mode 100644 examples/build-package/variables.tf create mode 100644 examples/build-package/versions.tf create mode 100644 examples/complete/variables.tf create mode 100644 examples/complete/versions.tf create mode 100644 examples/deploy/variables.tf create mode 100644 examples/deploy/versions.tf create mode 100644 examples/simple/variables.tf create mode 100644 examples/simple/versions.tf create mode 100644 examples/with-efs/variables.tf create mode 100644 examples/with-efs/versions.tf create mode 100644 examples/with-vpc/variables.tf create mode 100644 examples/with-vpc/versions.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b71e202b..95f8ee4d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,9 +1,24 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.39.0 + rev: v1.40.0 hooks: - id: terraform_fmt - id: terraform_docs + - id: terraform_tflint + args: + - '--args=--only=terraform_deprecated_interpolation' + - '--args=--only=terraform_deprecated_index' + - '--args=--only=terraform_unused_declarations' + - '--args=--only=terraform_comment_syntax' + - '--args=--only=terraform_documented_outputs' + - '--args=--only=terraform_documented_variables' + - '--args=--only=terraform_typed_variables' + - '--args=--only=terraform_module_pinned_source' + - '--args=--only=terraform_naming_convention' + - '--args=--only=terraform_required_version' + - '--args=--only=terraform_required_providers' + - '--args=--only=terraform_standard_module_structure' + - '--args=--only=terraform_workspace_remote' - repo: git://github.com/pre-commit/pre-commit-hooks rev: v3.2.0 hooks: diff --git a/examples/alias/README.md b/examples/alias/README.md index f3677763..514d247d 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -17,13 +17,17 @@ Note that this example may create resources which cost money. Run `terraform des ## Requirements -No requirements. +| Name | Version | +|------|---------| +| terraform | >= 0.12.6, < 0.14 | +| aws | >= 2.67, < 4.0 | +| random | ~> 2 | ## Providers | Name | Version | |------|---------| -| random | n/a | +| random | ~> 2 | ## Inputs diff --git a/examples/alias/main.tf b/examples/alias/main.tf index 9e6b2bc1..a8da59c9 100644 --- a/examples/alias/main.tf +++ b/examples/alias/main.tf @@ -12,62 +12,95 @@ provider "aws" { resource "random_pet" "this" { length = 2 } +# +#module "lambda_function" { +# source = "../../" +# +# function_name = "${random_pet.this.id}-lambda" +# handler = "index.lambda_handler" +# runtime = "python3.8" +# publish = true +# +# source_path = "${path.module}/../fixtures/python3.8-app1" +# hash_extra = "yo" +# +# create_async_event_config = true +# maximum_event_age_in_seconds = 100 +# +# provisioned_concurrent_executions = 1 +# +# allowed_triggers = { +# APIGatewayAny = { +# service = "apigateway" +# arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0" +# } +# } +# +# # current version +# # create_current_version_async_event_config = false +# # create_current_version_triggers = false +# +# # unqualified alias +# # create_unqualified_alias_async_event_config = false +# # create_unqualified_alias_triggers = false +#} +# +#module "alias_no_refresh" { +# source = "../../modules/alias" +# +# create = true +# refresh_alias = false +# +# name = "current-no-refresh" +# +# function_name = module.lambda_function.this_lambda_function_name +# function_version = module.lambda_function.this_lambda_function_version +# +# # create_version_async_event_config = false +# # create_async_event_config = true +# # maximum_event_age_in_seconds = 130 +# +# allowed_triggers = { +# AnotherAPIGatewayAny = { # keys should be unique +# service = "apigateway" +# arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse" +# } +# } +# +#} +# +#module "alias_refresh" { +# source = "../../modules/alias" +# +# create = true +# refresh_alias = true +# +# name = "current-with-refresh" +# +# function_name = module.lambda_function.this_lambda_function_name +#} +# +#module "alias_existing" { +# source = "../../modules/alias" +# +# create = true +# use_existing_alias = true +# +# name = module.alias_refresh.this_lambda_alias_name +# function_name = module.lambda_function.this_lambda_function_name +# +# create_async_event_config = true +# maximum_event_age_in_seconds = 100 +# +# allowed_triggers = { +# ThirdAPIGatewayAny = { +# service = "apigateway" +# arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0" +# } +# } +# +#} -module "lambda_function" { - source = "../../" - - function_name = "${random_pet.this.id}-lambda" - handler = "index.lambda_handler" - runtime = "python3.8" - publish = true - - source_path = "${path.module}/../fixtures/python3.8-app1" - hash_extra = "yo" - - create_async_event_config = true - maximum_event_age_in_seconds = 100 - - provisioned_concurrent_executions = 1 - - allowed_triggers = { - APIGatewayAny = { - service = "apigateway" - arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0" - } - } - - // current version - // create_current_version_async_event_config = false - // create_current_version_triggers = false - - // unqualified alias - // create_unqualified_alias_async_event_config = false - // create_unqualified_alias_triggers = false -} - -module "alias_no_refresh" { - source = "../../modules/alias" - - create = true - refresh_alias = false - - name = "current-no-refresh" - - function_name = module.lambda_function.this_lambda_function_name - function_version = module.lambda_function.this_lambda_function_version - - // create_version_async_event_config = false - // create_async_event_config = true - // maximum_event_age_in_seconds = 130 - - allowed_triggers = { - AnotherAPIGatewayAny = { // keys should be unique - service = "apigateway" - arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse" - } - } - -} module "alias_refresh" { source = "../../modules/alias" @@ -79,24 +112,3 @@ module "alias_refresh" { function_name = module.lambda_function.this_lambda_function_name } - -module "alias_existing" { - source = "../../modules/alias" - - create = true - use_existing_alias = true - - name = module.alias_refresh.this_lambda_alias_name - function_name = module.lambda_function.this_lambda_function_name - - create_async_event_config = true - maximum_event_age_in_seconds = 100 - - allowed_triggers = { - ThirdAPIGatewayAny = { - service = "apigateway" - arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0" - } - } - -} diff --git a/examples/alias/variables.tf b/examples/alias/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf new file mode 100644 index 00000000..4f6b9d5e --- /dev/null +++ b/examples/alias/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_version = ">= 0.12.6, < 0.14" + + required_providers { + aws = ">= 2.67, < 4.0" + random = "~> 2" + } +} diff --git a/examples/async/README.md b/examples/async/README.md index 6e78114d..c953a44f 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -17,14 +17,18 @@ Note that this example may create resources which cost money. Run `terraform des ## Requirements -No requirements. +| Name | Version | +|------|---------| +| terraform | >= 0.12.6, < 0.14 | +| aws | >= 2.67, < 4.0 | +| random | ~> 2 | ## Providers | Name | Version | |------|---------| -| aws | n/a | -| random | n/a | +| aws | >= 2.67, < 4.0 | +| random | ~> 2 | ## Inputs diff --git a/examples/async/variables.tf b/examples/async/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/async/versions.tf b/examples/async/versions.tf new file mode 100644 index 00000000..4f6b9d5e --- /dev/null +++ b/examples/async/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_version = ">= 0.12.6, < 0.14" + + required_providers { + aws = ">= 2.67, < 4.0" + random = "~> 2" + } +} diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 8900bb8e..701fbbcc 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -17,13 +17,17 @@ Note that this example may create resources which cost money. Run `terraform des ## Requirements -No requirements. +| Name | Version | +|------|---------| +| terraform | >= 0.12.6, < 0.14 | +| aws | >= 2.67, < 4.0 | +| random | ~> 2 | ## Providers | Name | Version | |------|---------| -| random | n/a | +| random | ~> 2 | ## Inputs diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 3abd2cda..1f4fcfc9 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -204,7 +204,7 @@ module "package_with_docker" { build_in_docker = true docker_pip_cache = true docker_with_ssh_agent = true - // docker_file = "${path.module}/../fixtures/python3.8-app1/docker/Dockerfile" + # docker_file = "${path.module}/../fixtures/python3.8-app1/docker/Dockerfile" docker_build_root = "${path.module}/../../docker" docker_image = "lambci/lambda:build-python3.8" } diff --git a/examples/build-package/outputs.tf b/examples/build-package/outputs.tf index 14e866f5..7cdd0207 100644 --- a/examples/build-package/outputs.tf +++ b/examples/build-package/outputs.tf @@ -1,100 +1,100 @@ -//# Lambda Function -//output "this_lambda_function_arn" { -// description = "The ARN of the Lambda Function" -// value = module.lambda_function_from_package.this_lambda_function_arn -//} -// -//output "this_lambda_function_invoke_arn" { -// description = "The Invoke ARN of the Lambda Function" -// value = module.lambda_function_from_package.this_lambda_function_invoke_arn -//} -// -//output "this_lambda_function_name" { -// description = "The name of the Lambda Function" -// value = module.lambda_function_from_package.this_lambda_function_name -//} -// -//output "this_lambda_function_qualified_arn" { -// description = "The ARN identifying your Lambda Function Version" -// value = module.lambda_function_from_package.this_lambda_function_qualified_arn -//} -// -//output "this_lambda_function_version" { -// description = "Latest published version of Lambda Function" -// value = module.lambda_function_from_package.this_lambda_function_version -//} -// -//output "this_lambda_function_last_modified" { -// description = "The date Lambda Function resource was last modified" -// value = module.lambda_function_from_package.this_lambda_function_last_modified -//} -// -//output "this_lambda_function_kms_key_arn" { -// description = "The ARN for the KMS encryption key of Lambda Function" -// value = module.lambda_function_from_package.this_lambda_function_kms_key_arn -//} -// -//output "this_lambda_function_source_code_hash" { -// description = "Base64-encoded representation of raw SHA-256 sum of the zip file" -// value = module.lambda_function_from_package.this_lambda_function_source_code_hash -//} -// -//output "this_lambda_function_source_code_size" { -// description = "The size in bytes of the function .zip file" -// value = module.lambda_function_from_package.this_lambda_function_source_code_size -//} -// -//# Lambda Layer -//output "this_lambda_layer_arn" { -// description = "The ARN of the Lambda Layer with version" -// value = module.lambda_function_from_package.this_lambda_layer_arn -//} -// -//output "this_lambda_layer_layer_arn" { -// description = "The ARN of the Lambda Layer without version" -// value = module.lambda_function_from_package.this_lambda_layer_layer_arn -//} -// -//output "this_lambda_layer_created_date" { -// description = "The date Lambda Layer resource was created" -// value = module.lambda_function_from_package.this_lambda_layer_created_date -//} -// -//output "this_lambda_layer_source_code_size" { -// description = "The size in bytes of the Lambda Layer .zip file" -// value = module.lambda_function_from_package.this_lambda_layer_source_code_size -//} -// -//output "this_lambda_layer_version" { -// description = "The Lambda Layer version" -// value = module.lambda_function_from_package.this_lambda_layer_version -//} -// -//# IAM Role -//output "lambda_role_arn" { -// description = "The ARN of the IAM role created for the Lambda Function" -// value = module.lambda_function_from_package.lambda_role_arn -//} -// -//output "lambda_role_name" { -// description = "The name of the IAM role created for the Lambda Function" -// value = module.lambda_function_from_package.lambda_role_name -//} -// -//# CloudWatch Log Group -//output "lambda_cloudwatch_log_group_arn" { -// description = "The ARN of the Cloudwatch Log Group" -// value = module.lambda_function_from_package.lambda_cloudwatch_log_group_arn -//} -// -//# Deployment package -//output "local_filename" { -// description = "The filename of zip archive deployed (if deployment was from local)" -// value = module.lambda_function_from_package.local_filename -//} -// -//output "s3_object" { -// description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" -// value = module.lambda_function_from_package.s3_object -//} -// +## Lambda Function +#output "this_lambda_function_arn" { +# description = "The ARN of the Lambda Function" +# value = module.lambda_function_from_package.this_lambda_function_arn +#} +# +#output "this_lambda_function_invoke_arn" { +# description = "The Invoke ARN of the Lambda Function" +# value = module.lambda_function_from_package.this_lambda_function_invoke_arn +#} +# +#output "this_lambda_function_name" { +# description = "The name of the Lambda Function" +# value = module.lambda_function_from_package.this_lambda_function_name +#} +# +#output "this_lambda_function_qualified_arn" { +# description = "The ARN identifying your Lambda Function Version" +# value = module.lambda_function_from_package.this_lambda_function_qualified_arn +#} +# +#output "this_lambda_function_version" { +# description = "Latest published version of Lambda Function" +# value = module.lambda_function_from_package.this_lambda_function_version +#} +# +#output "this_lambda_function_last_modified" { +# description = "The date Lambda Function resource was last modified" +# value = module.lambda_function_from_package.this_lambda_function_last_modified +#} +# +#output "this_lambda_function_kms_key_arn" { +# description = "The ARN for the KMS encryption key of Lambda Function" +# value = module.lambda_function_from_package.this_lambda_function_kms_key_arn +#} +# +#output "this_lambda_function_source_code_hash" { +# description = "Base64-encoded representation of raw SHA-256 sum of the zip file" +# value = module.lambda_function_from_package.this_lambda_function_source_code_hash +#} +# +#output "this_lambda_function_source_code_size" { +# description = "The size in bytes of the function .zip file" +# value = module.lambda_function_from_package.this_lambda_function_source_code_size +#} +# +## Lambda Layer +#output "this_lambda_layer_arn" { +# description = "The ARN of the Lambda Layer with version" +# value = module.lambda_function_from_package.this_lambda_layer_arn +#} +# +#output "this_lambda_layer_layer_arn" { +# description = "The ARN of the Lambda Layer without version" +# value = module.lambda_function_from_package.this_lambda_layer_layer_arn +#} +# +#output "this_lambda_layer_created_date" { +# description = "The date Lambda Layer resource was created" +# value = module.lambda_function_from_package.this_lambda_layer_created_date +#} +# +#output "this_lambda_layer_source_code_size" { +# description = "The size in bytes of the Lambda Layer .zip file" +# value = module.lambda_function_from_package.this_lambda_layer_source_code_size +#} +# +#output "this_lambda_layer_version" { +# description = "The Lambda Layer version" +# value = module.lambda_function_from_package.this_lambda_layer_version +#} +# +## IAM Role +#output "lambda_role_arn" { +# description = "The ARN of the IAM role created for the Lambda Function" +# value = module.lambda_function_from_package.lambda_role_arn +#} +# +#output "lambda_role_name" { +# description = "The name of the IAM role created for the Lambda Function" +# value = module.lambda_function_from_package.lambda_role_name +#} +# +## CloudWatch Log Group +#output "lambda_cloudwatch_log_group_arn" { +# description = "The ARN of the Cloudwatch Log Group" +# value = module.lambda_function_from_package.lambda_cloudwatch_log_group_arn +#} +# +## Deployment package +#output "local_filename" { +# description = "The filename of zip archive deployed (if deployment was from local)" +# value = module.lambda_function_from_package.local_filename +#} +# +#output "s3_object" { +# description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" +# value = module.lambda_function_from_package.s3_object +#} +# diff --git a/examples/build-package/variables.tf b/examples/build-package/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf new file mode 100644 index 00000000..4f6b9d5e --- /dev/null +++ b/examples/build-package/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_version = ">= 0.12.6, < 0.14" + + required_providers { + aws = ">= 2.67, < 4.0" + random = "~> 2" + } +} diff --git a/examples/complete/README.md b/examples/complete/README.md index 0eec3449..36c508fb 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -18,14 +18,18 @@ Note that this example may create resources which cost money. Run `terraform des ## Requirements -No requirements. +| Name | Version | +|------|---------| +| terraform | >= 0.12.6, < 0.14 | +| aws | >= 2.67, < 4.0 | +| random | ~> 2 | ## Providers | Name | Version | |------|---------| -| aws | n/a | -| random | n/a | +| aws | >= 2.67, < 4.0 | +| random | ~> 2 | ## Inputs diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 36527b08..d67079de 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -139,11 +139,11 @@ module "lambda_function_existing_package_local" { create_package = false local_existing_package = "${path.module}/../fixtures/python3.8-zip/existing_package.zip" - // s3_existing_package = { - // bucket = "humane-bear-bucket" - // key = "builds/506df8bef5a4fb01883cce3673c9ff0ed88fb52e8583410e0cca7980a72211a0.zip" - // version_id = null - // } + # s3_existing_package = { + # bucket = "humane-bear-bucket" + # key = "builds/506df8bef5a4fb01883cce3673c9ff0ed88fb52e8583410e0cca7980a72211a0.zip" + # version_id = null + # } layers = [ module.lambda_layer_local.this_lambda_layer_arn, @@ -201,7 +201,7 @@ module "lambda_at_edge" { runtime = "python3.8" source_path = "${path.module}/../fixtures/python3.8-app1" - hash_extra = "this string should be included in hash function to produce different filename for the same source" // this is also a build trigger if this changes + hash_extra = "this string should be included in hash function to produce different filename for the same source" # this is also a build trigger if this changes tags = { Module = "lambda-at-edge" diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf new file mode 100644 index 00000000..4f6b9d5e --- /dev/null +++ b/examples/complete/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_version = ">= 0.12.6, < 0.14" + + required_providers { + aws = ">= 2.67, < 4.0" + random = "~> 2" + } +} diff --git a/examples/deploy/README.md b/examples/deploy/README.md index 3e277ff8..c043cef9 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -17,14 +17,18 @@ Note that this example may create resources which cost money. Run `terraform des ## Requirements -No requirements. +| Name | Version | +|------|---------| +| terraform | >= 0.12.6, < 0.14 | +| aws | >= 2.67, < 4.0 | +| random | ~> 2 | ## Providers | Name | Version | |------|---------| -| aws | n/a | -| random | n/a | +| aws | >= 2.67, < 4.0 | +| random | ~> 2 | ## Inputs @@ -34,14 +38,14 @@ No input. | Name | Description | |------|-------------| -| appspec | n/a | -| appspec\_content | n/a | -| appspec\_sha256 | n/a | +| appspec | Appspec data as HCL | +| appspec\_content | Appspec data as valid JSON | +| appspec\_sha256 | SHA256 of Appspec JSON | | codedeploy\_app\_name | Name of CodeDeploy application | | codedeploy\_deployment\_group\_id | CodeDeploy deployment group id | | codedeploy\_deployment\_group\_name | CodeDeploy deployment group name | | codedeploy\_iam\_role\_name | Name of IAM role used by CodeDeploy | -| deploy\_script | n/a | -| script | n/a | +| deploy\_script | Path to a deployment script | +| script | Deployment script | diff --git a/examples/deploy/outputs.tf b/examples/deploy/outputs.tf index 8201adad..4e329b82 100644 --- a/examples/deploy/outputs.tf +++ b/examples/deploy/outputs.tf @@ -19,21 +19,26 @@ output "codedeploy_iam_role_name" { } output "appspec" { - value = module.deploy.appspec + description = "Appspec data as HCL" + value = module.deploy.appspec } output "appspec_content" { - value = module.deploy.appspec_content + description = "Appspec data as valid JSON" + value = module.deploy.appspec_content } output "appspec_sha256" { - value = module.deploy.appspec_sha256 + description = "SHA256 of Appspec JSON" + value = module.deploy.appspec_sha256 } output "script" { - value = module.deploy.script + description = "Deployment script" + value = module.deploy.script } output "deploy_script" { - value = module.deploy.deploy_script + description = "Path to a deployment script" + value = module.deploy.deploy_script } diff --git a/examples/deploy/variables.tf b/examples/deploy/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf new file mode 100644 index 00000000..4f6b9d5e --- /dev/null +++ b/examples/deploy/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_version = ">= 0.12.6, < 0.14" + + required_providers { + aws = ">= 2.67, < 4.0" + random = "~> 2" + } +} diff --git a/examples/simple/README.md b/examples/simple/README.md index 15f0de78..cc6f921d 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -17,13 +17,17 @@ Note that this example may create resources which cost money. Run `terraform des ## Requirements -No requirements. +| Name | Version | +|------|---------| +| terraform | >= 0.12.6, < 0.14 | +| aws | >= 2.67, < 4.0 | +| random | ~> 2 | ## Providers | Name | Version | |------|---------| -| random | n/a | +| random | ~> 2 | ## Inputs diff --git a/examples/simple/main.tf b/examples/simple/main.tf index 9286c83d..f6af0ca0 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -1,6 +1,6 @@ provider "aws" { region = "eu-west-1" - // region = "us-east-1" + # region = "us-east-1" # Make it faster by skipping something skip_get_ec2_platforms = true @@ -14,22 +14,22 @@ resource "random_pet" "this" { length = 2 } -//module "lambda_at_edge" { -// source = "../../" -// -// function_name = "${random_pet.this.id}-lambda-edge" -// handler = "index.lambda_handler" -// runtime = "python3.8" -// lambda_at_edge = true -// -// attach_cloudwatch_logs_policy = true -// -// source_path = "${path.module}/../fixtures/python3.8-app1/" -//} +#module "lambda_at_edge" { +# source = "../../" +# +# function_name = "${random_pet.this.id}-lambda-edge" +# handler = "index.lambda_handler" +# runtime = "python3.8" +# lambda_at_edge = true +# +# attach_cloudwatch_logs_policy = true +# +# source_path = "${path.module}/../fixtures/python3.8-app1/" +#} -//resource "aws_cloudwatch_log_group" "this" { -// name = "/aws/lambda/us-east-1.${random_pet.this.id}-lambda-simple" -//} +#resource "aws_cloudwatch_log_group" "this" { +# name = "/aws/lambda/us-east-1.${random_pet.this.id}-lambda-simple" +#} module "lambda_function" { source = "../../" @@ -40,283 +40,282 @@ module "lambda_function" { handler = "index.lambda_handler" runtime = "python3.8" - // attach_cloudwatch_logs_policy = false + # attach_cloudwatch_logs_policy = false - // use_existing_cloudwatch_log_group = true + # use_existing_cloudwatch_log_group = true - // lambda_at_edge = true + # lambda_at_edge = true - // independent_file_timestamps = true + # independent_file_timestamps = true - // store_on_s3 = true - // s3_bucket = module.s3_bucket.this_s3_bucket_id + # store_on_s3 = true + # s3_bucket = module.s3_bucket.this_s3_bucket_id - // create_package = false - // local_existing_package = data.null_data_source.downloaded_package.outputs["filename"] + # create_package = false + # local_existing_package = data.null_data_source.downloaded_package.outputs["filename"] - // - // policy_json = < ## Requirements -No requirements. +| Name | Version | +|------|---------| +| terraform | >= 0.12.6, < 0.14 | +| aws | >= 2.67, < 4.0 | +| random | ~> 2 | ## Providers | Name | Version | |------|---------| -| aws | n/a | -| random | n/a | +| aws | >= 2.67, < 4.0 | +| random | ~> 2 | ## Inputs diff --git a/examples/with-efs/variables.tf b/examples/with-efs/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf new file mode 100644 index 00000000..4f6b9d5e --- /dev/null +++ b/examples/with-efs/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_version = ">= 0.12.6, < 0.14" + + required_providers { + aws = ">= 2.67, < 4.0" + random = "~> 2" + } +} diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index a580d31b..94652fb4 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -19,13 +19,17 @@ Note that this example may create resources which cost money. Run `terraform des ## Requirements -No requirements. +| Name | Version | +|------|---------| +| terraform | >= 0.12.6, < 0.14 | +| aws | >= 2.67, < 4.0 | +| random | ~> 2 | ## Providers | Name | Version | |------|---------| -| random | n/a | +| random | ~> 2 | ## Inputs diff --git a/examples/with-vpc/variables.tf b/examples/with-vpc/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf new file mode 100644 index 00000000..4f6b9d5e --- /dev/null +++ b/examples/with-vpc/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_version = ">= 0.12.6, < 0.14" + + required_providers { + aws = ">= 2.67, < 4.0" + random = "~> 2" + } +} diff --git a/iam.tf b/iam.tf index 1f9b2cce..429f450c 100644 --- a/iam.tf +++ b/iam.tf @@ -118,7 +118,7 @@ resource "aws_iam_policy_attachment" "dead_letter" { # VPC ###### -// Copying AWS managed policy to be able to attach the same policy with multiple roles without overwrites by another function +# Copying AWS managed policy to be able to attach the same policy with multiple roles without overwrites by another function data "aws_iam_policy" "vpc" { count = local.create_role && var.attach_network_policy ? 1 : 0 @@ -144,7 +144,7 @@ resource "aws_iam_policy_attachment" "vpc" { # Tracing with X-Ray ##################### -// Copying AWS managed policy to be able to attach the same policy with multiple roles without overwrites by another function +# Copying AWS managed policy to be able to attach the same policy with multiple roles without overwrites by another function data "aws_iam_policy" "tracing" { count = local.create_role && var.attach_tracing_policy ? 1 : 0 diff --git a/main.tf b/main.tf index e74d8e8c..71e39d65 100644 --- a/main.tf +++ b/main.tf @@ -180,7 +180,7 @@ resource "aws_lambda_permission" "current_version_triggers" { event_source_token = lookup(each.value, "event_source_token", null) } -// Error: Error adding new Lambda Permission for destined-tetra-lambda: InvalidParameterValueException: We currently do not support adding policies for $LATEST. +# Error: Error adding new Lambda Permission for destined-tetra-lambda: InvalidParameterValueException: We currently do not support adding policies for $LATEST. resource "aws_lambda_permission" "unqualified_alias_triggers" { for_each = var.create && var.create_function && ! var.create_layer && var.create_unqualified_alias_allowed_triggers ? var.allowed_triggers : {} diff --git a/modules/alias/main.tf b/modules/alias/main.tf index 9eaefb22..091ea37e 100644 --- a/modules/alias/main.tf +++ b/modules/alias/main.tf @@ -19,7 +19,7 @@ resource "aws_lambda_alias" "no_refresh" { function_name = var.function_name function_version = var.function_version != "" ? var.function_version : "$LATEST" - // $LATEST is not supported for an alias pointing to more than 1 version + # $LATEST is not supported for an alias pointing to more than 1 version dynamic "routing_config" { for_each = length(keys(var.routing_additional_version_weights)) == 0 ? [] : [true] content { @@ -37,7 +37,7 @@ resource "aws_lambda_alias" "with_refresh" { function_name = var.function_name function_version = var.function_version != "" ? var.function_version : "$LATEST" - // $LATEST is not supported for an alias pointing to more than 1 version + # $LATEST is not supported for an alias pointing to more than 1 version dynamic "routing_config" { for_each = length(keys(var.routing_additional_version_weights)) == 0 ? [] : [true] content { @@ -84,7 +84,7 @@ resource "aws_lambda_permission" "version_triggers" { function_name = var.function_name - // Error: Error adding new Lambda Permission for ... InvalidParameterValueException: We currently do not support adding policies for $LATEST. + # Error: Error adding new Lambda Permission for ... InvalidParameterValueException: We currently do not support adding policies for $LATEST. qualifier = local.version != "$LATEST" ? local.version : null statement_id = lookup(each.value, "statement_id", each.key) diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 60798665..33c9fc2d 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -101,14 +101,16 @@ module "lambda" { |------|---------| | terraform | >= 0.12.6, < 0.14 | | aws | >= 2.67, < 4.0 | +| local | ~> 1 | +| null | ~> 2 | ## Providers | Name | Version | |------|---------| | aws | >= 2.67, < 4.0 | -| local | n/a | -| null | n/a | +| local | ~> 1 | +| null | ~> 2 | ## Inputs @@ -149,15 +151,15 @@ module "lambda" { | Name | Description | |------|-------------| -| appspec | n/a | -| appspec\_content | n/a | -| appspec\_sha256 | n/a | +| appspec | Appspec data as HCL | +| appspec\_content | Appspec data as valid JSON | +| appspec\_sha256 | SHA256 of Appspec JSON | | codedeploy\_app\_name | Name of CodeDeploy application | | codedeploy\_deployment\_group\_id | CodeDeploy deployment group id | | codedeploy\_deployment\_group\_name | CodeDeploy deployment group name | | codedeploy\_iam\_role\_name | Name of IAM role used by CodeDeploy | -| deploy\_script | n/a | -| script | n/a | +| deploy\_script | Path to a deployment script | +| script | Deployment script | diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index f14c7d12..9d591e33 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -219,18 +219,18 @@ resource "aws_iam_role_policy_attachment" "triggers" { policy_arn = aws_iam_policy.triggers[0].arn } -// https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations.html -// https://www.terraform.io/docs/providers/aws/r/codedeploy_deployment_config.html -//resource "aws_codedeploy_deployment_config" "this" { -// deployment_config_name = "test-deployment-config" -// compute_platform = "Lambda" -// -// traffic_routing_config { -// type = "TimeBasedLinear" -// -// time_based_linear { -// interval = 10 -// percentage = 10 -// } -// } -//} +# https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations.html +# https://www.terraform.io/docs/providers/aws/r/codedeploy_deployment_config.html +#resource "aws_codedeploy_deployment_config" "this" { +# deployment_config_name = "test-deployment-config" +# compute_platform = "Lambda" +# +# traffic_routing_config { +# type = "TimeBasedLinear" +# +# time_based_linear { +# interval = 10 +# percentage = 10 +# } +# } +#} diff --git a/modules/deploy/outputs.tf b/modules/deploy/outputs.tf index 67f62816..30937ee4 100644 --- a/modules/deploy/outputs.tf +++ b/modules/deploy/outputs.tf @@ -19,21 +19,26 @@ output "codedeploy_iam_role_name" { } output "appspec" { - value = local.appspec + description = "Appspec data as HCL" + value = local.appspec } output "appspec_content" { - value = local.appspec_content + description = "Appspec data as valid JSON" + value = local.appspec_content } output "appspec_sha256" { - value = local.appspec_sha256 + description = "SHA256 of Appspec JSON" + value = local.appspec_sha256 } output "script" { - value = local.script + description = "Deployment script" + value = local.script } output "deploy_script" { - value = element(concat(local_file.deploy_script.*.filename, [""]), 0) + description = "Path to a deployment script" + value = element(concat(local_file.deploy_script.*.filename, [""]), 0) } diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index 5ada0a8e..d15e7b16 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -2,6 +2,8 @@ terraform { required_version = ">= 0.12.6, < 0.14" required_providers { - aws = ">= 2.67, < 4.0" + aws = ">= 2.67, < 4.0" + local = "~> 1" + null = "~> 2" } } diff --git a/variables.tf b/variables.tf index 8e38286f..9c4b97a2 100644 --- a/variables.tf +++ b/variables.tf @@ -55,10 +55,10 @@ variable "runtime" { type = string default = "" - // validation { - // condition = can(var.create && contains(["nodejs10.x", "nodejs12.x", "java8", "java11", "python2.7", " python3.6", "python3.7", "python3.8", "dotnetcore2.1", "dotnetcore3.1", "go1.x", "ruby2.5", "ruby2.7", "provided"], var.runtime)) - // error_message = "The runtime value must be one of supported by AWS Lambda." - // } + # validation { + # condition = can(var.create && contains(["nodejs10.x", "nodejs12.x", "java8", "java11", "python2.7", " python3.6", "python3.7", "python3.8", "dotnetcore2.1", "dotnetcore3.1", "go1.x", "ruby2.5", "ruby2.7", "provided"], var.runtime)) + # error_message = "The runtime value must be one of supported by AWS Lambda." + # } } variable "lambda_role" { From 086466cf4050dfec1b16f841383bf2ab81db7471 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 23 Sep 2020 12:10:00 +0200 Subject: [PATCH 018/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 94ffd160..ca0ae941 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.24.0] - 2020-09-23 + +- feat: Added tflint as pre-commit hook ([#60](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/60)) + + ## [v1.23.0] - 2020-09-14 @@ -234,7 +240,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.23.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.24.0...HEAD +[v1.24.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.23.0...v1.24.0 [v1.23.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.22.0...v1.23.0 [v1.22.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.21.0...v1.22.0 [v1.21.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.20.0...v1.21.0 From 194a71a9cad19401841ea994c2584b5cf4970fff Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 24 Sep 2020 09:46:14 +0200 Subject: [PATCH 019/385] chore: Upgraded pre-commit-terraform to fix terraform-docs --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 95f8ee4d..f7527094 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.40.0 + rev: v1.41.0 hooks: - id: terraform_fmt - id: terraform_docs From 67ea9ac863b34d60bb2e89026099ac53dc396de0 Mon Sep 17 00:00:00 2001 From: Andrew Hlynskyi Date: Mon, 26 Oct 2020 12:18:29 +0200 Subject: [PATCH 020/385] fix: Fixed concurrent builds (#65) --- package.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/package.py b/package.py index 2e19db7e..b99ca2cb 100644 --- a/package.py +++ b/package.py @@ -139,7 +139,7 @@ def list_files(top_path, log=None): results = [] - for root, dirs, files in os.walk(top_path): + for root, dirs, files in os.walk(top_path, followlinks=True): for file_name in files: file_path = os.path.join(root, file_name) relative_path = os.path.relpath(file_path, top_path) @@ -210,7 +210,7 @@ def yesno_bool(val): # Packaging functions def emit_dir_content(base_dir): - for root, dirs, files in os.walk(base_dir): + for root, dirs, files in os.walk(base_dir, followlinks=True): if root != base_dir: yield os.path.normpath(root) for name in files: @@ -323,7 +323,7 @@ def _ensure_base_path(self, zip_filename): if archive_dir and not os.path.exists(archive_dir): self._log.info("creating %s", archive_dir) - os.makedirs(archive_dir) + os.makedirs(archive_dir, exist_ok=True) def write_dirs(self, *base_dirs, prefix=None, timestamp=None): """ @@ -595,7 +595,7 @@ def emit_file(fpath, opath): if apply(name): yield path else: - for root, dirs, files in os.walk(path): + for root, dirs, files in os.walk(path, followlinks=True): o, d = norm_path(path, root) # log.info('od: %s %s', o, d) if root != path: @@ -1047,6 +1047,7 @@ def prepare_command(args): hash_extra_paths = [p.format(path=tf_paths) for p in hash_extra_paths] content_hash = bpm.hash(hash_extra_paths) + content_hash.update(json.dumps(build_plan, sort_keys=True).encode()) content_hash.update(runtime.encode()) content_hash.update(hash_extra.encode()) content_hash = content_hash.hexdigest() @@ -1082,7 +1083,7 @@ def prepare_command(args): build_plan_filename = os.path.join(artifacts_dir, '{}.plan.json'.format(content_hash)) if not os.path.exists(artifacts_dir): - os.makedirs(artifacts_dir) + os.makedirs(artifacts_dir, exist_ok=True) with open(build_plan_filename, 'w') as f: f.write(build_plan) From b260ffee72f20b03fdac605c7141723c7bd79689 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 26 Oct 2020 11:19:53 +0100 Subject: [PATCH 021/385] Updated CHANGELOG --- CHANGELOG.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ca0ae941..40ff9e35 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,13 @@ All notable changes to this project will be documented in this file. + +## [v1.25.0] - 2020-10-26 + +- fix: Fixed concurrent builds ([#65](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/65)) +- chore: Upgraded pre-commit-terraform to fix terraform-docs + + ## [v1.24.0] - 2020-09-23 @@ -240,7 +247,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.24.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.25.0...HEAD +[v1.25.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.24.0...v1.25.0 [v1.24.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.23.0...v1.24.0 [v1.23.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.22.0...v1.23.0 [v1.22.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.21.0...v1.22.0 From b256c4b006af52663819cbe9b608799eccad5ee4 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 27 Oct 2020 13:49:51 +0100 Subject: [PATCH 022/385] fix: Removed hash_extra_paths to have the same hash for multiple executors (#66) --- package.tf | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/package.tf b/package.tf index 07de800c..f32b0cef 100644 --- a/package.tf +++ b/package.tf @@ -29,7 +29,14 @@ data "external" "archive_prepare" { runtime = var.runtime source_path = jsonencode(var.source_path) hash_extra = var.hash_extra - hash_extra_paths = jsonencode(["${path.module}/package.py"]) + hash_extra_paths = jsonencode( + [ + # Temporary fix when building from multiple locations + # We should take into account content of package.py when counting hash + # Related issue: https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/63 + # "${path.module}/package.py" + ] + ) } } From 962e524324ec6db8a8a3789eb636292de6aed1cc Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 27 Oct 2020 13:50:33 +0100 Subject: [PATCH 023/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 40ff9e35..821ac687 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.26.0] - 2020-10-27 + +- fix: Removed hash_extra_paths to have the same hash for multiple executors ([#66](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/66)) + + ## [v1.25.0] - 2020-10-26 @@ -247,7 +253,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.25.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.26.0...HEAD +[v1.26.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.25.0...v1.26.0 [v1.25.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.24.0...v1.25.0 [v1.24.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.23.0...v1.24.0 [v1.23.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.22.0...v1.23.0 From c27294435fb055f096f903efdfbbf155b5e38573 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 2 Nov 2020 21:57:26 +0100 Subject: [PATCH 024/385] ci: Updated pre-commit hooks, added terraform_validate (#68) --- .pre-commit-config.yaml | 5 +- examples/alias/main.tf | 164 +++++++++++++++++++--------------------- package.tf | 8 +- 3 files changed, 83 insertions(+), 94 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f7527094..8677870d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,8 +1,9 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.41.0 + rev: v1.44.0 hooks: - id: terraform_fmt + - id: terraform_validate - id: terraform_docs - id: terraform_tflint args: @@ -20,6 +21,6 @@ repos: - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - repo: git://github.com/pre-commit/pre-commit-hooks - rev: v3.2.0 + rev: v3.3.0 hooks: - id: check-merge-conflict diff --git a/examples/alias/main.tf b/examples/alias/main.tf index a8da59c9..91602229 100644 --- a/examples/alias/main.tf +++ b/examples/alias/main.tf @@ -12,95 +12,62 @@ provider "aws" { resource "random_pet" "this" { length = 2 } -# -#module "lambda_function" { -# source = "../../" -# -# function_name = "${random_pet.this.id}-lambda" -# handler = "index.lambda_handler" -# runtime = "python3.8" -# publish = true -# -# source_path = "${path.module}/../fixtures/python3.8-app1" -# hash_extra = "yo" -# -# create_async_event_config = true -# maximum_event_age_in_seconds = 100 -# -# provisioned_concurrent_executions = 1 -# -# allowed_triggers = { -# APIGatewayAny = { -# service = "apigateway" -# arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0" -# } -# } -# -# # current version -# # create_current_version_async_event_config = false -# # create_current_version_triggers = false -# -# # unqualified alias -# # create_unqualified_alias_async_event_config = false -# # create_unqualified_alias_triggers = false -#} -# -#module "alias_no_refresh" { -# source = "../../modules/alias" -# -# create = true -# refresh_alias = false -# -# name = "current-no-refresh" -# -# function_name = module.lambda_function.this_lambda_function_name -# function_version = module.lambda_function.this_lambda_function_version -# -# # create_version_async_event_config = false -# # create_async_event_config = true -# # maximum_event_age_in_seconds = 130 -# -# allowed_triggers = { -# AnotherAPIGatewayAny = { # keys should be unique -# service = "apigateway" -# arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse" -# } -# } -# -#} -# -#module "alias_refresh" { -# source = "../../modules/alias" -# -# create = true -# refresh_alias = true -# -# name = "current-with-refresh" -# -# function_name = module.lambda_function.this_lambda_function_name -#} -# -#module "alias_existing" { -# source = "../../modules/alias" -# -# create = true -# use_existing_alias = true -# -# name = module.alias_refresh.this_lambda_alias_name -# function_name = module.lambda_function.this_lambda_function_name -# -# create_async_event_config = true -# maximum_event_age_in_seconds = 100 -# -# allowed_triggers = { -# ThirdAPIGatewayAny = { -# service = "apigateway" -# arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0" -# } -# } -# -#} +module "lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-lambda" + handler = "index.lambda_handler" + runtime = "python3.8" + publish = true + + source_path = "${path.module}/../fixtures/python3.8-app1" + hash_extra = "yo" + + create_async_event_config = true + maximum_event_age_in_seconds = 100 + + provisioned_concurrent_executions = 1 + + allowed_triggers = { + APIGatewayAny = { + service = "apigateway" + arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0" + } + } + + # current version + # create_current_version_async_event_config = false + # create_current_version_triggers = false + + # unqualified alias + # create_unqualified_alias_async_event_config = false + # create_unqualified_alias_triggers = false +} + +module "alias_no_refresh" { + source = "../../modules/alias" + + create = true + refresh_alias = false + + name = "current-no-refresh" + + function_name = module.lambda_function.this_lambda_function_name + function_version = module.lambda_function.this_lambda_function_version + + # create_version_async_event_config = false + # create_async_event_config = true + # maximum_event_age_in_seconds = 130 + + allowed_triggers = { + AnotherAPIGatewayAny = { # keys should be unique + service = "apigateway" + arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse" + } + } + +} module "alias_refresh" { source = "../../modules/alias" @@ -112,3 +79,24 @@ module "alias_refresh" { function_name = module.lambda_function.this_lambda_function_name } + +module "alias_existing" { + source = "../../modules/alias" + + create = true + use_existing_alias = true + + name = module.alias_refresh.this_lambda_alias_name + function_name = module.lambda_function.this_lambda_function_name + + create_async_event_config = true + maximum_event_age_in_seconds = 100 + + allowed_triggers = { + ThirdAPIGatewayAny = { + service = "apigateway" + arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0" + } + } + +} diff --git a/package.tf b/package.tf index f32b0cef..dfb25629 100644 --- a/package.tf +++ b/package.tf @@ -25,10 +25,10 @@ data "external" "archive_prepare" { with_ssh_agent = var.docker_with_ssh_agent }) : null - artifacts_dir = var.artifacts_dir - runtime = var.runtime - source_path = jsonencode(var.source_path) - hash_extra = var.hash_extra + artifacts_dir = var.artifacts_dir + runtime = var.runtime + source_path = jsonencode(var.source_path) + hash_extra = var.hash_extra hash_extra_paths = jsonencode( [ # Temporary fix when building from multiple locations From bd13b8897ed219e235f92429badfe26aa51730d8 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 2 Nov 2020 21:57:52 +0100 Subject: [PATCH 025/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 821ac687..f23ccff5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.27.0] - 2020-11-02 + +- ci: Updated pre-commit hooks, added terraform_validate ([#68](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/68)) + + ## [v1.26.0] - 2020-10-27 @@ -253,7 +259,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.26.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.27.0...HEAD +[v1.27.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.26.0...v1.27.0 [v1.26.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.25.0...v1.26.0 [v1.25.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.24.0...v1.25.0 [v1.24.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.23.0...v1.24.0 From 05e91de7e8122a2edd506b3bcdd5ec788bfe9054 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 17 Nov 2020 15:43:06 +0100 Subject: [PATCH 026/385] feat: Updated range of supported versions of Terraform and providers (#71) --- README.md | 20 ++++++++++---------- examples/alias/README.md | 8 ++++---- examples/alias/versions.tf | 6 +++--- examples/async/README.md | 10 +++++----- examples/async/versions.tf | 6 +++--- examples/build-package/README.md | 8 ++++---- examples/build-package/versions.tf | 6 +++--- examples/complete/README.md | 10 +++++----- examples/complete/versions.tf | 6 +++--- examples/deploy/README.md | 10 +++++----- examples/deploy/versions.tf | 6 +++--- examples/simple/README.md | 8 ++++---- examples/simple/versions.tf | 6 +++--- examples/with-efs/README.md | 10 +++++----- examples/with-efs/versions.tf | 6 +++--- examples/with-vpc/README.md | 8 ++++---- examples/with-vpc/versions.tf | 6 +++--- modules/alias/README.md | 6 +++--- modules/alias/versions.tf | 4 ++-- modules/deploy/README.md | 14 +++++++------- modules/deploy/versions.tf | 8 ++++---- versions.tf | 12 ++++++------ 22 files changed, 92 insertions(+), 92 deletions(-) diff --git a/README.md b/README.md index c6e5e264..4b335265 100644 --- a/README.md +++ b/README.md @@ -556,21 +556,21 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| terraform | >= 0.12.6, < 0.14 | -| aws | >= 2.67, < 4.0 | -| external | ~> 1 | -| local | ~> 1 | -| null | ~> 2 | -| random | ~> 2 | +| terraform | >= 0.12.6 | +| aws | >= 2.67 | +| external | >= 1 | +| local | >= 1 | +| null | >= 2 | +| random | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67, < 4.0 | -| external | ~> 1 | -| local | ~> 1 | -| null | ~> 2 | +| aws | >= 2.67 | +| external | >= 1 | +| local | >= 1 | +| null | >= 2 | ## Inputs diff --git a/examples/alias/README.md b/examples/alias/README.md index 514d247d..9c130d66 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -19,15 +19,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6, < 0.14 | -| aws | >= 2.67, < 4.0 | -| random | ~> 2 | +| terraform | >= 0.12.6 | +| aws | >= 2.67 | +| random | >= 2 | ## Providers | Name | Version | |------|---------| -| random | ~> 2 | +| random | >= 2 | ## Inputs diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index 4f6b9d5e..16983974 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -1,8 +1,8 @@ terraform { - required_version = ">= 0.12.6, < 0.14" + required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67, < 4.0" - random = "~> 2" + aws = ">= 2.67" + random = ">= 2" } } diff --git a/examples/async/README.md b/examples/async/README.md index c953a44f..4b37f146 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -19,16 +19,16 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6, < 0.14 | -| aws | >= 2.67, < 4.0 | -| random | ~> 2 | +| terraform | >= 0.12.6 | +| aws | >= 2.67 | +| random | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67, < 4.0 | -| random | ~> 2 | +| aws | >= 2.67 | +| random | >= 2 | ## Inputs diff --git a/examples/async/versions.tf b/examples/async/versions.tf index 4f6b9d5e..16983974 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -1,8 +1,8 @@ terraform { - required_version = ">= 0.12.6, < 0.14" + required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67, < 4.0" - random = "~> 2" + aws = ">= 2.67" + random = ">= 2" } } diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 701fbbcc..0d91b1cd 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -19,15 +19,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6, < 0.14 | -| aws | >= 2.67, < 4.0 | -| random | ~> 2 | +| terraform | >= 0.12.6 | +| aws | >= 2.67 | +| random | >= 2 | ## Providers | Name | Version | |------|---------| -| random | ~> 2 | +| random | >= 2 | ## Inputs diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index 4f6b9d5e..16983974 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -1,8 +1,8 @@ terraform { - required_version = ">= 0.12.6, < 0.14" + required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67, < 4.0" - random = "~> 2" + aws = ">= 2.67" + random = ">= 2" } } diff --git a/examples/complete/README.md b/examples/complete/README.md index 36c508fb..e001114c 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -20,16 +20,16 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6, < 0.14 | -| aws | >= 2.67, < 4.0 | -| random | ~> 2 | +| terraform | >= 0.12.6 | +| aws | >= 2.67 | +| random | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67, < 4.0 | -| random | ~> 2 | +| aws | >= 2.67 | +| random | >= 2 | ## Inputs diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 4f6b9d5e..16983974 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,8 +1,8 @@ terraform { - required_version = ">= 0.12.6, < 0.14" + required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67, < 4.0" - random = "~> 2" + aws = ">= 2.67" + random = ">= 2" } } diff --git a/examples/deploy/README.md b/examples/deploy/README.md index c043cef9..c1f7dd24 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -19,16 +19,16 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6, < 0.14 | -| aws | >= 2.67, < 4.0 | -| random | ~> 2 | +| terraform | >= 0.12.6 | +| aws | >= 2.67 | +| random | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67, < 4.0 | -| random | ~> 2 | +| aws | >= 2.67 | +| random | >= 2 | ## Inputs diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index 4f6b9d5e..16983974 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -1,8 +1,8 @@ terraform { - required_version = ">= 0.12.6, < 0.14" + required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67, < 4.0" - random = "~> 2" + aws = ">= 2.67" + random = ">= 2" } } diff --git a/examples/simple/README.md b/examples/simple/README.md index cc6f921d..9ed16bc4 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -19,15 +19,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6, < 0.14 | -| aws | >= 2.67, < 4.0 | -| random | ~> 2 | +| terraform | >= 0.12.6 | +| aws | >= 2.67 | +| random | >= 2 | ## Providers | Name | Version | |------|---------| -| random | ~> 2 | +| random | >= 2 | ## Inputs diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index 4f6b9d5e..16983974 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -1,8 +1,8 @@ terraform { - required_version = ">= 0.12.6, < 0.14" + required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67, < 4.0" - random = "~> 2" + aws = ">= 2.67" + random = ">= 2" } } diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index 8e816767..ef2955d2 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -19,16 +19,16 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6, < 0.14 | -| aws | >= 2.67, < 4.0 | -| random | ~> 2 | +| terraform | >= 0.12.6 | +| aws | >= 2.67 | +| random | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67, < 4.0 | -| random | ~> 2 | +| aws | >= 2.67 | +| random | >= 2 | ## Inputs diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index 4f6b9d5e..16983974 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -1,8 +1,8 @@ terraform { - required_version = ">= 0.12.6, < 0.14" + required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67, < 4.0" - random = "~> 2" + aws = ">= 2.67" + random = ">= 2" } } diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 94652fb4..1eac4777 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -21,15 +21,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6, < 0.14 | -| aws | >= 2.67, < 4.0 | -| random | ~> 2 | +| terraform | >= 0.12.6 | +| aws | >= 2.67 | +| random | >= 2 | ## Providers | Name | Version | |------|---------| -| random | ~> 2 | +| random | >= 2 | ## Inputs diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index 4f6b9d5e..16983974 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -1,8 +1,8 @@ terraform { - required_version = ">= 0.12.6, < 0.14" + required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67, < 4.0" - random = "~> 2" + aws = ">= 2.67" + random = ">= 2" } } diff --git a/modules/alias/README.md b/modules/alias/README.md index 6bfe7f95..6c79e190 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -115,14 +115,14 @@ module "lambda" { | Name | Version | |------|---------| -| terraform | >= 0.12.6, < 0.14 | -| aws | >= 2.67, < 4.0 | +| terraform | >= 0.12.6 | +| aws | >= 2.67 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67, < 4.0 | +| aws | >= 2.67 | ## Inputs diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index 5ada0a8e..0d661015 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -1,7 +1,7 @@ terraform { - required_version = ">= 0.12.6, < 0.14" + required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67, < 4.0" + aws = ">= 2.67" } } diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 33c9fc2d..41dc4b67 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -99,18 +99,18 @@ module "lambda" { | Name | Version | |------|---------| -| terraform | >= 0.12.6, < 0.14 | -| aws | >= 2.67, < 4.0 | -| local | ~> 1 | -| null | ~> 2 | +| terraform | >= 0.12.6 | +| aws | >= 2.67 | +| local | >= 1 | +| null | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67, < 4.0 | -| local | ~> 1 | -| null | ~> 2 | +| aws | >= 2.67 | +| local | >= 1 | +| null | >= 2 | ## Inputs diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index d15e7b16..aca38083 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -1,9 +1,9 @@ terraform { - required_version = ">= 0.12.6, < 0.14" + required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67, < 4.0" - local = "~> 1" - null = "~> 2" + aws = ">= 2.67" + local = ">= 1" + null = ">= 2" } } diff --git a/versions.tf b/versions.tf index f8e2376a..9e316b17 100644 --- a/versions.tf +++ b/versions.tf @@ -1,11 +1,11 @@ terraform { - required_version = ">= 0.12.6, < 0.14" + required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67, < 4.0" - external = "~> 1" - local = "~> 1" - random = "~> 2" - null = "~> 2" + aws = ">= 2.67" + external = ">= 1" + local = ">= 1" + random = ">= 2" + null = ">= 2" } } From de830820e6b68034b9db3721f1d49a12f246a5f6 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 17 Nov 2020 15:43:41 +0100 Subject: [PATCH 027/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f23ccff5..b9b79888 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.28.0] - 2020-11-17 + +- feat: Updated range of supported versions of Terraform and providers ([#71](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/71)) + + ## [v1.27.0] - 2020-11-02 @@ -259,7 +265,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.27.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.28.0...HEAD +[v1.28.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.27.0...v1.28.0 [v1.27.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.26.0...v1.27.0 [v1.26.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.25.0...v1.26.0 [v1.25.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.24.0...v1.25.0 From 1722eee6edc2ba2d06675e826f829747faf7340f Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 19 Nov 2020 11:26:26 +0100 Subject: [PATCH 028/385] feat: Customizable prefixes for IAM policies (as for IAM role) (#74) --- README.md | 1 + examples/multiple-regions/.gitignore | 1 + examples/multiple-regions/README.md | 63 +++++++ examples/multiple-regions/main.tf | 223 +++++++++++++++++++++++++ examples/multiple-regions/outputs.tf | 99 +++++++++++ examples/multiple-regions/variables.tf | 0 examples/multiple-regions/versions.tf | 8 + iam.tf | 36 ++-- 8 files changed, 414 insertions(+), 17 deletions(-) create mode 100644 examples/multiple-regions/.gitignore create mode 100644 examples/multiple-regions/README.md create mode 100644 examples/multiple-regions/main.tf create mode 100644 examples/multiple-regions/outputs.tf create mode 100644 examples/multiple-regions/variables.tf create mode 100644 examples/multiple-regions/versions.tf diff --git a/README.md b/README.md index 4b335265..6986ec1c 100644 --- a/README.md +++ b/README.md @@ -549,6 +549,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo * [Async Invocations](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/async) - Create Lambda Function with async event configuration (with SQS and SNS integration). * [With VPC](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-vpc) - Create Lambda Function with VPC. * [With EFS](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-efs) - Create Lambda Function with Elastic File System attached (Terraform 0.13+ is recommended). +* [Multiple regions](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/multiple-regions) - Create the same Lambda Function in multiple regions with non-conflicting IAM roles and policies. diff --git a/examples/multiple-regions/.gitignore b/examples/multiple-regions/.gitignore new file mode 100644 index 00000000..b205ba3d --- /dev/null +++ b/examples/multiple-regions/.gitignore @@ -0,0 +1 @@ +builds/* diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md new file mode 100644 index 00000000..4ddec7f1 --- /dev/null +++ b/examples/multiple-regions/README.md @@ -0,0 +1,63 @@ +# AWS Lambda Functions in several regions + +Configuration in this directory creates AWS Lambda Functions in several regions with non-conflicting IAM roles and policies. + + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.12.6 | +| aws | >= 2.67 | +| random | >= 2 | + +## Providers + +| Name | Version | +|------|---------| +| aws | >= 2.67 | +| aws.us-east-1 | >= 2.67 | +| random | >= 2 | + +## Inputs + +No input. + +## Outputs + +| Name | Description | +|------|-------------| +| lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group | +| lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | +| lambda\_role\_name | The name of the IAM role created for the Lambda Function | +| local\_filename | The filename of zip archive deployed (if deployment was from local) | +| s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) | +| this\_lambda\_function\_arn | The ARN of the Lambda Function | +| this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | +| this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | +| this\_lambda\_function\_last\_modified | The date Lambda Function resource was last modified | +| this\_lambda\_function\_name | The name of the Lambda Function | +| this\_lambda\_function\_qualified\_arn | The ARN identifying your Lambda Function Version | +| this\_lambda\_function\_source\_code\_hash | Base64-encoded representation of raw SHA-256 sum of the zip file | +| this\_lambda\_function\_source\_code\_size | The size in bytes of the function .zip file | +| this\_lambda\_function\_version | Latest published version of Lambda Function | +| this\_lambda\_layer\_arn | The ARN of the Lambda Layer with version | +| this\_lambda\_layer\_created\_date | The date Lambda Layer resource was created | +| this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | +| this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | +| this\_lambda\_layer\_version | The Lambda Layer version | + + diff --git a/examples/multiple-regions/main.tf b/examples/multiple-regions/main.tf new file mode 100644 index 00000000..a5fb1dfb --- /dev/null +++ b/examples/multiple-regions/main.tf @@ -0,0 +1,223 @@ +provider "aws" { + region = "eu-west-1" + + # Make it faster by skipping something + skip_get_ec2_platforms = true + skip_metadata_api_check = true + skip_region_validation = true + skip_credentials_validation = true + skip_requesting_account_id = true +} + +provider "aws" { + region = "us-east-1" + alias = "us-east-1" + + # Make it faster by skipping something + skip_get_ec2_platforms = true + skip_metadata_api_check = true + skip_region_validation = true + skip_credentials_validation = true + skip_requesting_account_id = true +} + +################################ +# Lambda Function in one region +################################ + +module "lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-lambda1" + description = "My awesome lambda function" + handler = "index.lambda_handler" + runtime = "python3.8" + publish = true + + source_path = "${path.module}/../fixtures/python3.8-app1" + + attach_dead_letter_policy = true + dead_letter_target_arn = aws_sqs_queue.dlq.arn + + ###################### + # Additional policies + ###################### + + attach_policy_json = true + policy_json = < Date: Thu, 19 Nov 2020 11:26:49 +0100 Subject: [PATCH 029/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b9b79888..c0c9e2b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.29.0] - 2020-11-19 + +- feat: Customizable prefixes for IAM policies (as for IAM role) ([#74](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/74)) + + ## [v1.28.0] - 2020-11-17 @@ -265,7 +271,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.28.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.29.0...HEAD +[v1.29.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.28.0...v1.29.0 [v1.28.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.27.0...v1.28.0 [v1.27.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.26.0...v1.27.0 [v1.26.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.25.0...v1.26.0 From 9ee4d00d9891fef752e293f0f5057fa515dd7bc6 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 23 Nov 2020 10:29:50 +0100 Subject: [PATCH 030/385] fix: Fixed CodeDeploy hooks (#76) --- modules/deploy/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index 9d591e33..1675e9cb 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -25,7 +25,7 @@ locals { Hooks = [for k, v in zipmap(["BeforeAllowTraffic", "AfterAllowTraffic"], [ var.before_allow_traffic_hook_arn != "" ? var.before_allow_traffic_hook_arn : null, var.after_allow_traffic_hook_arn != "" ? var.after_allow_traffic_hook_arn : null - ]) : map(k, v)] + ]) : map(k, v) if v != null] } : {}) appspec_content = replace(jsonencode(local.appspec), "\"", "\\\"") From ff0a5dd4acfcba61f38c422a5a6d23d8eaa54514 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 23 Nov 2020 10:31:01 +0100 Subject: [PATCH 031/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0c9e2b0..1e15b94e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.30.0] - 2020-11-23 + +- fix: Fixed CodeDeploy hooks ([#76](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/76)) + + ## [v1.29.0] - 2020-11-19 @@ -271,7 +277,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.29.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.30.0...HEAD +[v1.30.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.29.0...v1.30.0 [v1.29.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.28.0...v1.29.0 [v1.28.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.27.0...v1.28.0 [v1.27.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.26.0...v1.27.0 From 9f9930cabcd4aaeadacab3aa46c085c120c59f9e Mon Sep 17 00:00:00 2001 From: Niranjan Rajendran Date: Mon, 7 Dec 2020 17:51:11 +0530 Subject: [PATCH 032/385] feat: Add support for creating lambdas that use Container Images (#80) --- .gitignore | 1 + .pre-commit-config.yaml | 2 +- README.md | 24 +++++- examples/alias/versions.tf | 2 +- examples/async/versions.tf | 2 +- examples/build-package/versions.tf | 2 +- examples/container-image/README.md | 61 ++++++++++++++ examples/container-image/context/Dockerfile | 2 + examples/container-image/context/empty | 1 + examples/container-image/main.tf | 65 +++++++++++++++ examples/container-image/outputs.tf | 88 +++++++++++++++++++++ examples/container-image/variables.tf | 0 examples/container-image/versions.tf | 13 +++ examples/deploy/versions.tf | 2 +- examples/multiple-regions/versions.tf | 2 +- examples/simple/versions.tf | 2 +- examples/with-efs/README.md | 7 +- examples/with-efs/versions.tf | 2 +- examples/with-vpc/versions.tf | 2 +- main.tf | 15 +++- modules/alias/versions.tf | 2 +- modules/deploy/versions.tf | 2 +- variables.tf | 30 +++++++ versions.tf | 2 +- 24 files changed, 313 insertions(+), 18 deletions(-) create mode 100644 examples/container-image/README.md create mode 100644 examples/container-image/context/Dockerfile create mode 100644 examples/container-image/context/empty create mode 100644 examples/container-image/main.tf create mode 100644 examples/container-image/outputs.tf create mode 100644 examples/container-image/variables.tf create mode 100644 examples/container-image/versions.tf diff --git a/.gitignore b/.gitignore index 0308fbf4..b95fccd1 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,7 @@ *.tfstate *.tfvars *.tfplan +.terraform.lock.hcl builds/ diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 8677870d..94f7541a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.44.0 + rev: v1.45.0 hooks: - id: terraform_fmt - id: terraform_validate diff --git a/README.md b/README.md index 6986ec1c..983dcba9 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ This Terraform module is the part of [serverless.tf framework](https://github.co - [x] Build dependencies for your Lambda Function and Layer. - [x] Support builds locally and in Docker (with or without SSH agent support for private builds). -- [x] Create deployment package or deploy existing (previously built package) from local, from S3, from URL. +- [x] Create deployment package or deploy existing (previously built package) from local, from S3, from URL, or from AWS ECR repository. - [x] Store deployment packages locally or in the S3 bucket. - [x] Support almost all features of Lambda resources (function, layer, alias, etc.) - [x] Lambda@Edge @@ -153,6 +153,22 @@ module "lambda_function_existing_package_s3" { } ``` +### Lambda Functions from Container Image stored on AWS ECR + +```hcl +module "lambda_function_container_image" { + source = "terraform-aws-modules/lambda/aws" + + function_name = "my-lambda-existing-package-local" + description = "My awesome lambda function" + + create_package = false + + image_uri = "132367819851.dkr.ecr.eu-west-1.amazonaws.com/complete-cow:1.0" + package_type = "Image" +} +``` + ### Lambda Layers (store packages locally and on S3) ```hcl @@ -543,6 +559,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo ## Examples * [Complete](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/complete) - Create Lambda resources in various combinations with all supported features. +* [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Create Docker image (using [docker provider](https://registry.terraform.io/providers/kreuzwerker/docker)), push it to AWS ECR, and create Lambda function from it. * [Build and Package](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) - Build and create deployment packages in various ways. * [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create static and dynamic aliases in various ways. * [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Complete end-to-end build/update/deploy process using AWS CodeDeploy. @@ -619,6 +636,11 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | function\_name | A unique name for your Lambda Function | `string` | `""` | no | | handler | Lambda Function entrypoint in your code | `string` | `""` | no | | hash\_extra | The string to add into hashing function. Useful when building same source path for different functions. | `string` | `""` | no | +| image\_uri | The ECR image URI containing the function's deployment package. | `string` | `null` | no | +| image\_config\_entry_point | The ENTRYPOINT for the docker image. | `string` | `null` | no | +| image\_config\_command | The CMD for the docker image. | `string` | `null` | no | +| image\_config\_working_directory | The working directory for the docker image. | `string` | `null` | no | +| package\_type | The Lambda deployment package type. | `string` | `Zip` | no | | kms\_key\_arn | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | | lambda\_at\_edge | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | | lambda\_role | IAM role attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index 16983974..957cf18c 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67" + aws = ">= 3.19" random = ">= 2" } } diff --git a/examples/async/versions.tf b/examples/async/versions.tf index 16983974..957cf18c 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67" + aws = ">= 3.19" random = ">= 2" } } diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index 16983974..957cf18c 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67" + aws = ">= 3.19" random = ">= 2" } } diff --git a/examples/container-image/README.md b/examples/container-image/README.md new file mode 100644 index 00000000..b4d7f3f8 --- /dev/null +++ b/examples/container-image/README.md @@ -0,0 +1,61 @@ +# AWS Lambda launched from Docker Container Image example + +Configuration in this directory creates AWS Lambda Function deployed with a Container Image. + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.12.6 | +| aws | >= 2.67 | +| random | >= 2 | + +## Providers + +| Name | Version | +|------|---------| +| aws | >= 2.67 | +| random | >= 2 | + +## Inputs + +No input. + +## Outputs + +| Name | Description | +|------|-------------| +| lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group | +| lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | +| lambda\_role\_name | The name of the IAM role created for the Lambda Function | +| local\_filename | The filename of zip archive deployed (if deployment was from local) | +| s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) | +| this\_lambda\_function\_arn | The ARN of the Lambda Function | +| this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | +| this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | +| this\_lambda\_function\_last\_modified | The date Lambda Function resource was last modified | +| this\_lambda\_function\_name | The name of the Lambda Function | +| this\_lambda\_function\_qualified\_arn | The ARN identifying your Lambda Function Version | +| this\_lambda\_function\_source\_code\_hash | Base64-encoded representation of raw SHA-256 sum of the zip file | +| this\_lambda\_function\_source\_code\_size | The size in bytes of the function .zip file | +| this\_lambda\_function\_version | Latest published version of Lambda Function | +| this\_lambda\_layer\_arn | The ARN of the Lambda Layer with version | +| this\_lambda\_layer\_created\_date | The date Lambda Layer resource was created | +| this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | +| this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | +| this\_lambda\_layer\_version | The Lambda Layer version | + + diff --git a/examples/container-image/context/Dockerfile b/examples/container-image/context/Dockerfile new file mode 100644 index 00000000..5c7f1077 --- /dev/null +++ b/examples/container-image/context/Dockerfile @@ -0,0 +1,2 @@ +FROM scratch +COPY empty /empty diff --git a/examples/container-image/context/empty b/examples/container-image/context/empty new file mode 100644 index 00000000..3f99b56c --- /dev/null +++ b/examples/container-image/context/empty @@ -0,0 +1 @@ +# empty file :) diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf new file mode 100644 index 00000000..118ea181 --- /dev/null +++ b/examples/container-image/main.tf @@ -0,0 +1,65 @@ +provider "aws" { + region = "eu-west-1" + + # Make it faster by skipping something + skip_get_ec2_platforms = true + skip_metadata_api_check = true + skip_region_validation = true + skip_credentials_validation = true + skip_requesting_account_id = true +} + +resource "random_pet" "this" { + length = 2 +} + +module "lambda_function_from_container_image" { + source = "../../" + + function_name = "${random_pet.this.id}-lambda-from-container-image" + description = "My awesome lambda function from container image" + + create_package = false + + ################## + # Container Image + ################## + image_uri = docker_registry_image.app.name + package_type = "Image" +} + +################# +# ECR Repository +################# +resource "aws_ecr_repository" "this" { + name = random_pet.this.id +} + +############################################### +# Create Docker Image and push to ECR registry +############################################### + +data "aws_caller_identity" "this" {} +data "aws_region" "current" {} +data "aws_ecr_authorization_token" "token" {} + +locals { + ecr_address = format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.name) + ecr_image = format("%v/%v:%v", local.ecr_address, aws_ecr_repository.this.id, "1.0") +} + +provider "docker" { + registry_auth { + address = local.ecr_address + username = data.aws_ecr_authorization_token.token.user_name + password = data.aws_ecr_authorization_token.token.password + } +} + +resource "docker_registry_image" "app" { + name = local.ecr_image + + build { + context = "context" + } +} diff --git a/examples/container-image/outputs.tf b/examples/container-image/outputs.tf new file mode 100644 index 00000000..ae487707 --- /dev/null +++ b/examples/container-image/outputs.tf @@ -0,0 +1,88 @@ +# Lambda Function +output "this_lambda_function_arn" { + description = "The ARN of the Lambda Function" + value = module.lambda_function_from_container_image.this_lambda_function_arn +} + +output "this_lambda_function_invoke_arn" { + description = "The Invoke ARN of the Lambda Function" + value = module.lambda_function_from_container_image.this_lambda_function_invoke_arn +} + +output "this_lambda_function_name" { + description = "The name of the Lambda Function" + value = module.lambda_function_from_container_image.this_lambda_function_name +} + +output "this_lambda_function_qualified_arn" { + description = "The ARN identifying your Lambda Function Version" + value = module.lambda_function_from_container_image.this_lambda_function_qualified_arn +} + +output "this_lambda_function_version" { + description = "Latest published version of Lambda Function" + value = module.lambda_function_from_container_image.this_lambda_function_version +} + +output "this_lambda_function_last_modified" { + description = "The date Lambda Function resource was last modified" + value = module.lambda_function_from_container_image.this_lambda_function_last_modified +} + +output "this_lambda_function_kms_key_arn" { + description = "The ARN for the KMS encryption key of Lambda Function" + value = module.lambda_function_from_container_image.this_lambda_function_kms_key_arn +} + +output "this_lambda_function_source_code_hash" { + description = "Base64-encoded representation of raw SHA-256 sum of the zip file" + value = module.lambda_function_from_container_image.this_lambda_function_source_code_hash +} + +output "this_lambda_function_source_code_size" { + description = "The size in bytes of the function .zip file" + value = module.lambda_function_from_container_image.this_lambda_function_source_code_size +} + +# Lambda Layer +output "this_lambda_layer_arn" { + description = "The ARN of the Lambda Layer with version" + value = module.lambda_function_from_container_image.this_lambda_layer_arn +} + +output "this_lambda_layer_layer_arn" { + description = "The ARN of the Lambda Layer without version" + value = module.lambda_function_from_container_image.this_lambda_layer_layer_arn +} + +output "this_lambda_layer_created_date" { + description = "The date Lambda Layer resource was created" + value = module.lambda_function_from_container_image.this_lambda_layer_created_date +} + +output "this_lambda_layer_source_code_size" { + description = "The size in bytes of the Lambda Layer .zip file" + value = module.lambda_function_from_container_image.this_lambda_layer_source_code_size +} + +output "this_lambda_layer_version" { + description = "The Lambda Layer version" + value = module.lambda_function_from_container_image.this_lambda_layer_version +} + +# IAM Role +output "lambda_role_arn" { + description = "The ARN of the IAM role created for the Lambda Function" + value = module.lambda_function_from_container_image.lambda_role_arn +} + +output "lambda_role_name" { + description = "The name of the IAM role created for the Lambda Function" + value = module.lambda_function_from_container_image.lambda_role_name +} + +# CloudWatch Log Group +output "lambda_cloudwatch_log_group_arn" { + description = "The ARN of the Cloudwatch Log Group" + value = module.lambda_function_from_container_image.lambda_cloudwatch_log_group_arn +} diff --git a/examples/container-image/variables.tf b/examples/container-image/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf new file mode 100644 index 00000000..7980d563 --- /dev/null +++ b/examples/container-image/versions.tf @@ -0,0 +1,13 @@ +terraform { + required_version = ">= 0.12.6" + + required_providers { + aws = ">= 3.19" + random = ">= 2" + + docker = { + source = "kreuzwerker/docker" + version = ">= 2.8.0" + } + } +} diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index 16983974..957cf18c 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67" + aws = ">= 3.19" random = ">= 2" } } diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index 16983974..957cf18c 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67" + aws = ">= 3.19" random = ">= 2" } } diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index 16983974..957cf18c 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67" + aws = ">= 3.19" random = ">= 2" } } diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index ef2955d2..e280726e 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -1,7 +1,8 @@ -# AWS Lambda with EFS example +# AWS Lambda with EFS Example Configuration in this directory creates AWS Lambda Function deployed with Elastic File System (EFS) attached. + ## Usage To run this example you need to execute: @@ -20,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19.0 | | random | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67 | +| aws | >= 3.19.0 | | random | >= 2 | ## Inputs diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index 16983974..957cf18c 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67" + aws = ">= 3.19" random = ">= 2" } } diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index 16983974..957cf18c 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67" + aws = ">= 3.19" random = ">= 2" } } diff --git a/main.tf b/main.tf index 71e39d65..e8b44e5b 100644 --- a/main.tf +++ b/main.tf @@ -17,14 +17,16 @@ resource "aws_lambda_function" "this" { function_name = var.function_name description = var.description role = var.create_role ? aws_iam_role.lambda[0].arn : var.lambda_role - handler = var.handler + handler = var.package_type != "Zip" ? null : var.handler memory_size = var.memory_size reserved_concurrent_executions = var.reserved_concurrent_executions - runtime = var.runtime + runtime = var.package_type != "Zip" ? null : var.runtime layers = var.layers timeout = var.lambda_at_edge ? min(var.timeout, 5) : var.timeout publish = var.lambda_at_edge ? true : var.publish kms_key_arn = var.kms_key_arn + image_uri = var.image_uri + package_type = var.package_type filename = local.filename source_code_hash = (local.filename == null ? false : fileexists(local.filename)) && ! local.was_missing ? filebase64sha256(local.filename) : null @@ -33,6 +35,15 @@ resource "aws_lambda_function" "this" { s3_key = local.s3_key s3_object_version = local.s3_object_version + dynamic "image_config" { + for_each = length(var.image_config_entry_point) > 0 || length(var.image_config_command) > 0 || var.image_config_working_directory != null ? [true] : [] + content { + entry_point = var.image_config_entry_point + command = var.image_config_command + working_directory = var.image_config_working_directory + } + } + dynamic "environment" { for_each = length(keys(var.environment_variables)) == 0 ? [] : [true] content { diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index 0d661015..9d71257e 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -2,6 +2,6 @@ terraform { required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67" + aws = ">= 3.19" } } diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index aca38083..c1227787 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67" + aws = ">= 3.19" local = ">= 1" null = ">= 2" } diff --git a/variables.tf b/variables.tf index 9c4b97a2..c6844627 100644 --- a/variables.tf +++ b/variables.tf @@ -151,6 +151,36 @@ variable "s3_object_tags" { default = {} } +variable "package_type" { + description = "The Lambda deployment package type. Valid options: Zip or Image" + type = string + default = "Zip" +} + +variable "image_uri" { + description = "The ECR image URI containing the function's deployment package." + type = string + default = null +} + +variable "image_config_entry_point" { + description = "The ENTRYPOINT for the docker image" + type = list(string) + default = [] + +} +variable "image_config_command" { + description = "The CMD for the docker image" + type = list(string) + default = [] +} + +variable "image_config_working_directory" { + description = "The working directory for the docker image" + type = string + default = null +} + ######## # Layer ######## diff --git a/versions.tf b/versions.tf index 9e316b17..07306751 100644 --- a/versions.tf +++ b/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.12.6" required_providers { - aws = ">= 2.67" + aws = ">= 3.19" external = ">= 1" local = ">= 1" random = ">= 2" From 252e5934fd2f2710863bca689572264c00b8ea77 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 7 Dec 2020 13:21:34 +0100 Subject: [PATCH 033/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1e15b94e..baac73d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.31.0] - 2020-12-07 + +- feat: Add support for creating lambdas that use Container Images ([#80](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/80)) + + ## [v1.30.0] - 2020-11-23 @@ -277,7 +283,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.30.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.31.0...HEAD +[v1.31.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.30.0...v1.31.0 [v1.30.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.29.0...v1.30.0 [v1.29.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.28.0...v1.29.0 [v1.28.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.27.0...v1.28.0 From c56f9659f28b5428738fbb5705983f77f0297bf8 Mon Sep 17 00:00:00 2001 From: David <43048964+davidpchardy@users.noreply.github.com> Date: Thu, 24 Dec 2020 03:50:16 -0500 Subject: [PATCH 034/385] docs: Explicitly state the IAM role property used for lambda_role (#90) --- README.md | 2 +- variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 983dcba9..d56f0a74 100644 --- a/README.md +++ b/README.md @@ -643,7 +643,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | package\_type | The Lambda deployment package type. | `string` | `Zip` | no | | kms\_key\_arn | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | | lambda\_at\_edge | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | -| lambda\_role | IAM role attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | +| lambda\_role | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | | layer\_name | Name of Lambda Layer to create | `string` | `""` | no | | layers | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `null` | no | | license\_info | License info for your Lambda Layer. Eg, MIT or full url of a license. | `string` | `""` | no | diff --git a/variables.tf b/variables.tf index c6844627..e156bcdd 100644 --- a/variables.tf +++ b/variables.tf @@ -62,7 +62,7 @@ variable "runtime" { } variable "lambda_role" { - description = " IAM role attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details." + description = " IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details." type = string default = "" } From f1abf32421f3e5f2063171cfe343d9e76dda8736 Mon Sep 17 00:00:00 2001 From: Edward Date: Thu, 31 Dec 2020 14:19:34 -0500 Subject: [PATCH 035/385] docs: Improved package.py error message for missing source_paths (#88) --- README.md | 2 +- package.py | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d56f0a74..31d5579a 100644 --- a/README.md +++ b/README.md @@ -351,7 +351,7 @@ terraform apply ## Build Dependencies -You can specify `source_path` in a variety of ways to achieve desired flexibility when building deployment packages locally or in Docker. You can use absolute or relative paths. +You can specify `source_path` in a variety of ways to achieve desired flexibility when building deployment packages locally or in Docker. You can use absolute or relative paths. If you have placed terraform files in subdirectories, note that relative paths are specified from the directory where `terraform plan` is run and not the location of your terraform file. Note that, when building locally, files are not copying anywhere from the source directories when making packages, we use fast Python regular expressions to find matching files and directories, which makes packaging very fast and easy to understand. diff --git a/package.py b/package.py index b99ca2cb..1e6d159b 100644 --- a/package.py +++ b/package.py @@ -698,7 +698,10 @@ def commands_step(path, commands): if isinstance(claim, str): path = claim if not os.path.exists(path): - abort('source_path must be set.') + abort('Could not locate source_path "{path}". Paths are relative to directory where `terraform plan` is being run ("{pwd}")'.format( + path=path, + pwd=os.getcwd() + )) runtime = query.runtime if runtime.startswith('python'): pip_requirements_step( From 835b7013cd07191e6b5006c42182e1768ffd2a80 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 14 Jan 2021 15:48:03 +0100 Subject: [PATCH 036/385] fix: Fixed apigateway trigger to use source_arn (#94) --- README.md | 6 ++---- examples/alias/main.tf | 12 ++++++------ examples/complete/main.tf | 4 ++-- examples/deploy/main.tf | 4 ++-- main.tf | 4 ++-- modules/alias/README.md | 8 ++++---- modules/alias/main.tf | 4 ++-- 7 files changed, 20 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 31d5579a..505c68de 100644 --- a/README.md +++ b/README.md @@ -277,8 +277,8 @@ module "lambda_function" { allowed_triggers = { APIGatewayAny = { - service = "apigateway" - arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0" + service = "apigateway" + source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*" }, APIGatewayDevPost = { service = "apigateway" @@ -292,8 +292,6 @@ module "lambda_function" { } ``` -Note: `service = "apigateway" with arn` is a short form to allow invocations of a Lambda Function from any stage, any method, any resource of an API Gateway. - ## Conditional creation Sometimes you need to have a way to create resources conditionally but Terraform does not allow usage of `count` inside `module` block, so the solution is to specify `create` arguments. diff --git a/examples/alias/main.tf b/examples/alias/main.tf index 91602229..2d673ab3 100644 --- a/examples/alias/main.tf +++ b/examples/alias/main.tf @@ -31,8 +31,8 @@ module "lambda_function" { allowed_triggers = { APIGatewayAny = { - service = "apigateway" - arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0" + service = "apigateway" + source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*" } } @@ -62,8 +62,8 @@ module "alias_no_refresh" { allowed_triggers = { AnotherAPIGatewayAny = { # keys should be unique - service = "apigateway" - arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse" + service = "apigateway" + source_arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse/*/*/*" } } @@ -94,8 +94,8 @@ module "alias_existing" { allowed_triggers = { ThirdAPIGatewayAny = { - service = "apigateway" - arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0" + service = "apigateway" + source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*" } } diff --git a/examples/complete/main.tf b/examples/complete/main.tf index d67079de..f6c15bce 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -43,8 +43,8 @@ module "lambda_function" { allowed_triggers = { APIGatewayAny = { - service = "apigateway" - arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0" + service = "apigateway" + source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*" }, APIGatewayDevPost = { service = "apigateway" diff --git a/examples/deploy/main.tf b/examples/deploy/main.tf index c236b272..d0ecd90b 100644 --- a/examples/deploy/main.tf +++ b/examples/deploy/main.tf @@ -26,8 +26,8 @@ module "lambda_function" { allowed_triggers = { APIGatewayAny = { - service = "apigateway" - arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0" + service = "apigateway" + source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*" } } } diff --git a/main.tf b/main.tf index e8b44e5b..acbe22db 100644 --- a/main.tf +++ b/main.tf @@ -186,7 +186,7 @@ resource "aws_lambda_permission" "current_version_triggers" { statement_id = lookup(each.value, "statement_id", each.key) action = lookup(each.value, "action", "lambda:InvokeFunction") principal = lookup(each.value, "principal", format("%s.amazonaws.com", lookup(each.value, "service", ""))) - source_arn = lookup(each.value, "source_arn", lookup(each.value, "service", null) == "apigateway" ? "${lookup(each.value, "arn", "")}/*/*/*" : null) + source_arn = lookup(each.value, "source_arn", null) source_account = lookup(each.value, "source_account", null) event_source_token = lookup(each.value, "event_source_token", null) } @@ -200,7 +200,7 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" { statement_id = lookup(each.value, "statement_id", each.key) action = lookup(each.value, "action", "lambda:InvokeFunction") principal = lookup(each.value, "principal", format("%s.amazonaws.com", lookup(each.value, "service", ""))) - source_arn = lookup(each.value, "source_arn", lookup(each.value, "service", null) == "apigateway" ? "${lookup(each.value, "arn", "")}/*/*/*" : null) + source_arn = lookup(each.value, "source_arn", null) source_account = lookup(each.value, "source_account", null) event_source_token = lookup(each.value, "event_source_token", null) } diff --git a/modules/alias/README.md b/modules/alias/README.md index 6c79e190..b27c7e77 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -34,8 +34,8 @@ module "alias_no_refresh" { allowed_triggers = { AnotherAPIGatewayAny = { - service = "apigateway" - arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse" + service = "apigateway" + source_arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse/*/*/*" } } } @@ -76,8 +76,8 @@ module "alias_existing" { allowed_triggers = { AnotherAwesomeAPIGateway = { - service = "apigateway" - arn = "arn:aws:execute-api:eu-west-1:999967859851:aqnku8akd0" + service = "apigateway" + source_arn = "arn:aws:execute-api:eu-west-1:999967859851:aqnku8akd0/*/*/*" } } } diff --git a/modules/alias/main.tf b/modules/alias/main.tf index 091ea37e..61ff4e20 100644 --- a/modules/alias/main.tf +++ b/modules/alias/main.tf @@ -90,7 +90,7 @@ resource "aws_lambda_permission" "version_triggers" { statement_id = lookup(each.value, "statement_id", each.key) action = lookup(each.value, "action", "lambda:InvokeFunction") principal = lookup(each.value, "principal", format("%s.amazonaws.com", lookup(each.value, "service", ""))) - source_arn = lookup(each.value, "source_arn", lookup(each.value, "service", null) == "apigateway" ? "${lookup(each.value, "arn", "")}/*/*/*" : null) + source_arn = lookup(each.value, "source_arn", null) source_account = lookup(each.value, "source_account", null) event_source_token = lookup(each.value, "event_source_token", null) } @@ -104,7 +104,7 @@ resource "aws_lambda_permission" "qualified_alias_triggers" { statement_id = lookup(each.value, "statement_id", each.key) action = lookup(each.value, "action", "lambda:InvokeFunction") principal = lookup(each.value, "principal", format("%s.amazonaws.com", lookup(each.value, "service", ""))) - source_arn = lookup(each.value, "source_arn", lookup(each.value, "service", null) == "apigateway" ? "${lookup(each.value, "arn", "")}/*/*/*" : null) + source_arn = lookup(each.value, "source_arn", null) source_account = lookup(each.value, "source_account", null) event_source_token = lookup(each.value, "event_source_token", null) } From 09d9a8d9425bfa8229cf65ff6737e3ff78a33a97 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 14 Jan 2021 15:48:21 +0100 Subject: [PATCH 037/385] Updated CHANGELOG --- CHANGELOG.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index baac73d9..e3b581d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,14 @@ All notable changes to this project will be documented in this file. + +## [v1.32.0] - 2021-01-14 + +- fix: Fixed apigateway trigger to use source_arn ([#94](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/94)) +- docs: Improved package.py error message for missing source_paths ([#88](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/88)) +- docs: Explicitly state the IAM role property used for lambda_role ([#90](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/90)) + + ## [v1.31.0] - 2020-12-07 @@ -283,7 +291,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.31.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.32.0...HEAD +[v1.32.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.31.0...v1.32.0 [v1.31.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.30.0...v1.31.0 [v1.30.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.29.0...v1.30.0 [v1.29.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.28.0...v1.29.0 From b18d8846db7a4fd048cd681fb6098b9a661d37d6 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 14 Jan 2021 17:07:51 +0100 Subject: [PATCH 038/385] docs: update description of hook vars, note naming expectations of default policy (#95) --- README.md | 12 ++++++------ examples/alias/README.md | 2 +- examples/async/README.md | 4 ++-- examples/build-package/README.md | 2 +- examples/container-image/README.md | 8 ++++---- examples/deploy/README.md | 4 ++-- examples/multiple-regions/README.md | 6 +++--- examples/simple/README.md | 2 +- examples/with-efs/README.md | 4 ++-- examples/with-vpc/README.md | 2 +- iam.tf | 2 +- main.tf | 20 ++++++++++---------- modules/alias/README.md | 4 ++-- modules/alias/main.tf | 4 ++-- modules/deploy/README.md | 8 ++++---- modules/deploy/main.tf | 6 +++--- modules/deploy/variables.tf | 4 ++-- 17 files changed, 47 insertions(+), 47 deletions(-) diff --git a/README.md b/README.md index 505c68de..2a5650f9 100644 --- a/README.md +++ b/README.md @@ -573,7 +573,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | external | >= 1 | | local | >= 1 | | null | >= 2 | @@ -583,7 +583,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| aws | >= 2.67 | +| aws | >= 3.19 | | external | >= 1 | | local | >= 1 | | null | >= 2 | @@ -634,11 +634,10 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | function\_name | A unique name for your Lambda Function | `string` | `""` | no | | handler | Lambda Function entrypoint in your code | `string` | `""` | no | | hash\_extra | The string to add into hashing function. Useful when building same source path for different functions. | `string` | `""` | no | +| image\_config\_command | The CMD for the docker image | `list(string)` | `[]` | no | +| image\_config\_entry\_point | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | +| image\_config\_working\_directory | The working directory for the docker image | `string` | `null` | no | | image\_uri | The ECR image URI containing the function's deployment package. | `string` | `null` | no | -| image\_config\_entry_point | The ENTRYPOINT for the docker image. | `string` | `null` | no | -| image\_config\_command | The CMD for the docker image. | `string` | `null` | no | -| image\_config\_working_directory | The working directory for the docker image. | `string` | `null` | no | -| package\_type | The Lambda deployment package type. | `string` | `Zip` | no | | kms\_key\_arn | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | | lambda\_at\_edge | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | | lambda\_role | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | @@ -651,6 +650,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | memory\_size | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 3008 MB, in 64 MB increments. | `number` | `128` | no | | number\_of\_policies | Number of policies to attach to IAM role for Lambda Function | `number` | `0` | no | | number\_of\_policy\_jsons | Number of policies JSON to attach to IAM role for Lambda Function | `number` | `0` | no | +| package\_type | The Lambda deployment package type. Valid options: Zip or Image | `string` | `"Zip"` | no | | policies | List of policy statements ARN to attach to Lambda Function role | `list(string)` | `[]` | no | | policy | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no | | policy\_json | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | diff --git a/examples/alias/README.md b/examples/alias/README.md index 9c130d66..0bccd041 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Providers diff --git a/examples/async/README.md b/examples/async/README.md index 4b37f146..1c63af47 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Inputs diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 0d91b1cd..4a76b6cb 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Providers diff --git a/examples/container-image/README.md b/examples/container-image/README.md index b4d7f3f8..f1884622 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -20,14 +20,16 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | +| docker | >= 2.8.0 | | random | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67 | +| aws | >= 3.19 | +| docker | >= 2.8.0 | | random | >= 2 | ## Inputs @@ -41,8 +43,6 @@ No input. | lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group | | lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | | lambda\_role\_name | The name of the IAM role created for the Lambda Function | -| local\_filename | The filename of zip archive deployed (if deployment was from local) | -| s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) | | this\_lambda\_function\_arn | The ARN of the Lambda Function | | this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | | this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | diff --git a/examples/deploy/README.md b/examples/deploy/README.md index c1f7dd24..6d820c84 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Inputs diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 4ddec7f1..d7641ee9 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -21,15 +21,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67 | -| aws.us-east-1 | >= 2.67 | +| aws | >= 3.19 | +| aws.us-east-1 | >= 3.19 | | random | >= 2 | ## Inputs diff --git a/examples/simple/README.md b/examples/simple/README.md index 9ed16bc4..2c9ee0ac 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Providers diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index e280726e..5a05beba 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 3.19.0 | +| aws | >= 3.19 | | random | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 3.19.0 | +| aws | >= 3.19 | | random | >= 2 | ## Inputs diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 1eac4777..88f72c86 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Providers diff --git a/iam.tf b/iam.tf index d97dcdb3..dd245fd7 100644 --- a/iam.tf +++ b/iam.tf @@ -1,5 +1,5 @@ locals { - create_role = var.create && var.create_function && ! var.create_layer && var.create_role + create_role = var.create && var.create_function && !var.create_layer && var.create_role # Lambda@Edge uses the Cloudwatch region closest to the location where the function is executed # The region part of the LogGroup ARN is then replaced with a wildcard (*) so Lambda@Edge is able to log in every region diff --git a/main.tf b/main.tf index acbe22db..d928cd0d 100644 --- a/main.tf +++ b/main.tf @@ -2,7 +2,7 @@ locals { # Use a generated filename to determine when the source code has changed. # filename - to get package from local filename = var.local_existing_package != null ? var.local_existing_package : (var.store_on_s3 ? null : element(concat(data.external.archive_prepare.*.result.filename, [null]), 0)) - was_missing = var.local_existing_package != null ? ! fileexists(var.local_existing_package) : element(concat(data.external.archive_prepare.*.result.was_missing, [false]), 0) + was_missing = var.local_existing_package != null ? !fileexists(var.local_existing_package) : element(concat(data.external.archive_prepare.*.result.was_missing, [false]), 0) # s3_* - to get package from S3 s3_bucket = var.s3_existing_package != null ? lookup(var.s3_existing_package, "bucket", null) : (var.store_on_s3 ? var.s3_bucket : null) @@ -12,7 +12,7 @@ locals { } resource "aws_lambda_function" "this" { - count = var.create && var.create_function && ! var.create_layer ? 1 : 0 + count = var.create && var.create_function && !var.create_layer ? 1 : 0 function_name = var.function_name description = var.description @@ -29,7 +29,7 @@ resource "aws_lambda_function" "this" { package_type = var.package_type filename = local.filename - source_code_hash = (local.filename == null ? false : fileexists(local.filename)) && ! local.was_missing ? filebase64sha256(local.filename) : null + source_code_hash = (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null s3_bucket = local.s3_bucket s3_key = local.s3_key @@ -96,7 +96,7 @@ resource "aws_lambda_layer_version" "this" { compatible_runtimes = length(var.compatible_runtimes) > 0 ? var.compatible_runtimes : [var.runtime] filename = local.filename - source_code_hash = (local.filename == null ? false : fileexists(local.filename)) && ! local.was_missing ? filebase64sha256(local.filename) : null + source_code_hash = (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null s3_bucket = local.s3_bucket s3_key = local.s3_key @@ -120,13 +120,13 @@ resource "aws_s3_bucket_object" "lambda_package" { } data "aws_cloudwatch_log_group" "lambda" { - count = var.create && var.create_function && ! var.create_layer && var.use_existing_cloudwatch_log_group ? 1 : 0 + count = var.create && var.create_function && !var.create_layer && var.use_existing_cloudwatch_log_group ? 1 : 0 name = "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}" } resource "aws_cloudwatch_log_group" "lambda" { - count = var.create && var.create_function && ! var.create_layer && ! var.use_existing_cloudwatch_log_group ? 1 : 0 + count = var.create && var.create_function && !var.create_layer && !var.use_existing_cloudwatch_log_group ? 1 : 0 name = "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}" retention_in_days = var.cloudwatch_logs_retention_in_days @@ -136,7 +136,7 @@ resource "aws_cloudwatch_log_group" "lambda" { } resource "aws_lambda_provisioned_concurrency_config" "current_version" { - count = var.create && var.create_function && ! var.create_layer && var.provisioned_concurrent_executions > -1 ? 1 : 0 + count = var.create && var.create_function && !var.create_layer && var.provisioned_concurrent_executions > -1 ? 1 : 0 function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version @@ -149,7 +149,7 @@ locals { } resource "aws_lambda_function_event_invoke_config" "this" { - for_each = var.create && var.create_function && ! var.create_layer && var.create_async_event_config ? local.qualifiers : {} + for_each = var.create && var.create_function && !var.create_layer && var.create_async_event_config ? local.qualifiers : {} function_name = aws_lambda_function.this[0].function_name qualifier = each.key == "current_version" ? aws_lambda_function.this[0].version : null @@ -178,7 +178,7 @@ resource "aws_lambda_function_event_invoke_config" "this" { } resource "aws_lambda_permission" "current_version_triggers" { - for_each = var.create && var.create_function && ! var.create_layer && var.create_current_version_allowed_triggers ? var.allowed_triggers : {} + for_each = var.create && var.create_function && !var.create_layer && var.create_current_version_allowed_triggers ? var.allowed_triggers : {} function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version @@ -193,7 +193,7 @@ resource "aws_lambda_permission" "current_version_triggers" { # Error: Error adding new Lambda Permission for destined-tetra-lambda: InvalidParameterValueException: We currently do not support adding policies for $LATEST. resource "aws_lambda_permission" "unqualified_alias_triggers" { - for_each = var.create && var.create_function && ! var.create_layer && var.create_unqualified_alias_allowed_triggers ? var.allowed_triggers : {} + for_each = var.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers ? var.allowed_triggers : {} function_name = aws_lambda_function.this[0].function_name diff --git a/modules/alias/README.md b/modules/alias/README.md index b27c7e77..ece77947 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -116,13 +116,13 @@ module "lambda" { | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67 | +| aws | >= 3.19 | ## Inputs diff --git a/modules/alias/main.tf b/modules/alias/main.tf index 61ff4e20..67ac548f 100644 --- a/modules/alias/main.tf +++ b/modules/alias/main.tf @@ -11,7 +11,7 @@ data "aws_lambda_alias" "existing" { } resource "aws_lambda_alias" "no_refresh" { - count = var.create && ! var.use_existing_alias && ! var.refresh_alias ? 1 : 0 + count = var.create && !var.use_existing_alias && !var.refresh_alias ? 1 : 0 name = var.name description = var.description @@ -29,7 +29,7 @@ resource "aws_lambda_alias" "no_refresh" { } resource "aws_lambda_alias" "with_refresh" { - count = var.create && ! var.use_existing_alias && var.refresh_alias ? 1 : 0 + count = var.create && !var.use_existing_alias && var.refresh_alias ? 1 : 0 name = var.name description = var.description diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 41dc4b67..a58333d8 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -100,7 +100,7 @@ module "lambda" { | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | local | >= 1 | | null | >= 2 | @@ -108,7 +108,7 @@ module "lambda" { | Name | Version | |------|---------| -| aws | >= 2.67 | +| aws | >= 3.19 | | local | >= 1 | | null | >= 2 | @@ -116,7 +116,7 @@ module "lambda" { | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| after\_allow\_traffic\_hook\_arn | ARN of Lambda function to execute after allow traffic during deployment | `string` | `""` | no | +| after\_allow\_traffic\_hook\_arn | ARN of Lambda function to execute after allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | | alarm\_enabled | Indicates whether the alarm configuration is enabled. This option is useful when you want to temporarily deactivate alarm monitoring for a deployment group without having to add the same alarms again later. | `bool` | `false` | no | | alarm\_ignore\_poll\_alarm\_failure | Indicates whether a deployment should continue if information about the current state of alarms cannot be retrieved from CloudWatch. | `bool` | `false` | no | | alarms | A list of alarms configured for the deployment group. A maximum of 10 alarms can be added to a deployment group. | `list(string)` | `[]` | no | @@ -126,7 +126,7 @@ module "lambda" { | auto\_rollback\_enabled | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | | auto\_rollback\_events | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | | aws\_cli\_command | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | -| before\_allow\_traffic\_hook\_arn | ARN of Lambda function to execute before allow traffic during deployment | `string` | `""` | no | +| before\_allow\_traffic\_hook\_arn | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | | codedeploy\_principals | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | | codedeploy\_role\_name | IAM role name to create or use by CodeDeploy | `string` | `""` | no | | create | Controls whether resources should be created | `bool` | `true` | no | diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index 1675e9cb..78fcc9fc 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -112,14 +112,14 @@ resource "null_resource" "deploy" { } resource "aws_codedeploy_app" "this" { - count = var.create && var.create_app && ! var.use_existing_app ? 1 : 0 + count = var.create && var.create_app && !var.use_existing_app ? 1 : 0 name = var.app_name compute_platform = "Lambda" } resource "aws_codedeploy_deployment_group" "this" { - count = var.create && var.create_deployment_group && ! var.use_existing_deployment_group ? 1 : 0 + count = var.create && var.create_deployment_group && !var.use_existing_deployment_group ? 1 : 0 app_name = local.app_name deployment_group_name = var.deployment_group_name @@ -158,7 +158,7 @@ resource "aws_codedeploy_deployment_group" "this" { } data "aws_iam_role" "codedeploy" { - count = var.create && ! var.create_codedeploy_role ? 1 : 0 + count = var.create && !var.create_codedeploy_role ? 1 : 0 name = var.codedeploy_role_name } diff --git a/modules/deploy/variables.tf b/modules/deploy/variables.tf index 22f16b3b..66b06519 100644 --- a/modules/deploy/variables.tf +++ b/modules/deploy/variables.tf @@ -29,13 +29,13 @@ variable "target_version" { } variable "before_allow_traffic_hook_arn" { - description = "ARN of Lambda function to execute before allow traffic during deployment" + description = "ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role" type = string default = "" } variable "after_allow_traffic_hook_arn" { - description = "ARN of Lambda function to execute after allow traffic during deployment" + description = "ARN of Lambda function to execute after allow traffic during deployment. This function should be named CodeDeployHook_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role" type = string default = "" } From f9a6302570ae80f2e5593727909f2defc2aa8aa5 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 14 Jan 2021 17:08:18 +0100 Subject: [PATCH 039/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e3b581d5..90136b54 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.33.0] - 2021-01-14 + +- docs: update description of hook vars, note naming expectations of default policy ([#95](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/95)) + + ## [v1.32.0] - 2021-01-14 @@ -291,7 +297,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.32.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.33.0...HEAD +[v1.33.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.32.0...v1.33.0 [v1.32.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.31.0...v1.32.0 [v1.31.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.30.0...v1.31.0 [v1.30.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.29.0...v1.30.0 From 1c3590aa2665be39f75db55458adfc23c525e0e8 Mon Sep 17 00:00:00 2001 From: Dominic Scheirlinck Date: Fri, 15 Jan 2021 05:10:31 +1300 Subject: [PATCH 040/385] fix: skip creating deployments if current and target versions match (#85) --- modules/deploy/main.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index 78fcc9fc..5dc5861c 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -33,6 +33,12 @@ locals { script = < Date: Thu, 14 Jan 2021 17:10:52 +0100 Subject: [PATCH 041/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 90136b54..a4e2abd5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.34.0] - 2021-01-14 + +- fix: skip creating deployments if current and target versions match ([#85](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/85)) + + ## [v1.33.0] - 2021-01-14 @@ -297,7 +303,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.33.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.34.0...HEAD +[v1.34.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.33.0...v1.34.0 [v1.33.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.32.0...v1.33.0 [v1.32.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.31.0...v1.32.0 [v1.31.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.30.0...v1.31.0 From 7bcfbb7442053545264e130f88fbee7318af2d65 Mon Sep 17 00:00:00 2001 From: Mehdi Bayazee Date: Fri, 22 Jan 2021 22:55:01 +0100 Subject: [PATCH 042/385] docs: Fix memory size limit (#99) --- README.md | 2 +- variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2a5650f9..a26a6dc8 100644 --- a/README.md +++ b/README.md @@ -647,7 +647,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | local\_existing\_package | The absolute path to an existing zip-file to use | `string` | `null` | no | | maximum\_event\_age\_in\_seconds | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | | maximum\_retry\_attempts | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | -| memory\_size | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 3008 MB, in 64 MB increments. | `number` | `128` | no | +| memory\_size | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | `number` | `128` | no | | number\_of\_policies | Number of policies to attach to IAM role for Lambda Function | `number` | `0` | no | | number\_of\_policy\_jsons | Number of policies JSON to attach to IAM role for Lambda Function | `number` | `0` | no | | package\_type | The Lambda deployment package type. Valid options: Zip or Image | `string` | `"Zip"` | no | diff --git a/variables.tf b/variables.tf index e156bcdd..45addab1 100644 --- a/variables.tf +++ b/variables.tf @@ -86,7 +86,7 @@ variable "kms_key_arn" { } variable "memory_size" { - description = "Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 3008 MB, in 64 MB increments." + description = "Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments." type = number default = 128 } From 7c63eeb2b0e71dadcdeee2d97a83b6c6b6f9b227 Mon Sep 17 00:00:00 2001 From: Sven Lito <57947418+svenlito@users.noreply.github.com> Date: Tue, 26 Jan 2021 21:35:00 +0700 Subject: [PATCH 043/385] fix: add permission to create log group (#100) --- iam.tf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/iam.tf b/iam.tf index dd245fd7..92551e60 100644 --- a/iam.tf +++ b/iam.tf @@ -56,10 +56,11 @@ data "aws_iam_policy_document" "logs" { statement { effect = "Allow" - actions = [ + actions = compact([ + !var.use_existing_cloudwatch_log_group ? "logs:CreateLogGroup" : "", "logs:CreateLogStream", - "logs:PutLogEvents", - ] + "logs:PutLogEvents" + ]) resources = flatten([for _, v in ["%v:*", "%v:*:*"] : format(v, local.log_group_arn)]) } From a14d9637bcf43caa3bb9a91d90f1634b9a2474c2 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 26 Jan 2021 15:35:18 +0100 Subject: [PATCH 044/385] Updated CHANGELOG --- CHANGELOG.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a4e2abd5..02f19006 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,13 @@ All notable changes to this project will be documented in this file. + +## [v1.35.0] - 2021-01-26 + +- fix: add permission to create log group ([#100](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/100)) +- docs: Fix memory size limit ([#99](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/99)) + + ## [v1.34.0] - 2021-01-14 @@ -303,7 +310,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.34.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.35.0...HEAD +[v1.35.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.34.0...v1.35.0 [v1.34.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.33.0...v1.34.0 [v1.33.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.32.0...v1.33.0 [v1.32.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.31.0...v1.32.0 From fcd8d5d51e545b6ca229cb20cef1659397f75ccf Mon Sep 17 00:00:00 2001 From: Sven Lito <57947418+svenlito@users.noreply.github.com> Date: Wed, 3 Feb 2021 15:20:59 +0700 Subject: [PATCH 045/385] feat: add eventbridge async permissions (#101) --- README.md | 2 +- iam.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a26a6dc8..2271ae55 100644 --- a/README.md +++ b/README.md @@ -561,7 +561,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo * [Build and Package](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) - Build and create deployment packages in various ways. * [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create static and dynamic aliases in various ways. * [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Complete end-to-end build/update/deploy process using AWS CodeDeploy. -* [Async Invocations](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/async) - Create Lambda Function with async event configuration (with SQS and SNS integration). +* [Async Invocations](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/async) - Create Lambda Function with async event configuration (with SQS, SNS, and EventBridge integration). * [With VPC](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-vpc) - Create Lambda Function with VPC. * [With EFS](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-efs) - Create Lambda Function with Elastic File System attached (Terraform 0.13+ is recommended). * [Multiple regions](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/multiple-regions) - Create the same Lambda Function in multiple regions with non-conflicting IAM roles and policies. diff --git a/iam.tf b/iam.tf index 92551e60..4972dfee 100644 --- a/iam.tf +++ b/iam.tf @@ -182,6 +182,7 @@ data "aws_iam_policy_document" "async" { actions = [ "sns:Publish", "sqs:SendMessage", + "events:PutEvents", ] resources = compact(distinct([var.destination_on_failure, var.destination_on_success])) From 2ee7de54e7d086967df51ed13b21648a70ea9341 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 3 Feb 2021 09:21:35 +0100 Subject: [PATCH 046/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 02f19006..62245f79 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.36.0] - 2021-02-03 + +- feat: add eventbridge async permissions ([#101](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/101)) + + ## [v1.35.0] - 2021-01-26 @@ -310,7 +316,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.35.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.36.0...HEAD +[v1.36.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.35.0...v1.36.0 [v1.35.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.34.0...v1.35.0 [v1.34.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.33.0...v1.34.0 [v1.33.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.32.0...v1.33.0 From a249771f47c11408d0f26e0b28cb2591a4dd511f Mon Sep 17 00:00:00 2001 From: Sven Lito <57947418+svenlito@users.noreply.github.com> Date: Sun, 14 Feb 2021 18:43:29 +0700 Subject: [PATCH 047/385] feat: Added Lambda event source mapping (#103) --- README.md | 10 +- examples/event-source-mapping/README.md | 16 +++ examples/event-source-mapping/main.tf | 120 +++++++++++++++++++++ examples/event-source-mapping/outputs.tf | 66 ++++++++++++ examples/event-source-mapping/variables.tf | 0 examples/event-source-mapping/versions.tf | 9 ++ main.tf | 32 +++++- outputs.tf | 21 ++++ variables.tf | 10 ++ 9 files changed, 280 insertions(+), 4 deletions(-) create mode 100644 examples/event-source-mapping/README.md create mode 100644 examples/event-source-mapping/main.tf create mode 100644 examples/event-source-mapping/outputs.tf create mode 100644 examples/event-source-mapping/variables.tf create mode 100644 examples/event-source-mapping/versions.tf diff --git a/README.md b/README.md index 2271ae55..a5728ff7 100644 --- a/README.md +++ b/README.md @@ -10,8 +10,6 @@ These types of resources supported: * [Lambda Provisioned Concurrency](https://www.terraform.io/docs/providers/aws/r/lambda_provisioned_concurrency_config.html) * [Lambda Async Event Configuration](https://www.terraform.io/docs/providers/aws/r/lambda_function_event_invoke_config.html) * [Lambda Permission](https://www.terraform.io/docs/providers/aws/r/lambda_permission.html) - -Not supported, yet: * [Lambda Event Source Mapping](https://www.terraform.io/docs/providers/aws/r/lambda_event_source_mapping.html) @@ -34,7 +32,7 @@ This Terraform module is the part of [serverless.tf framework](https://github.co - [x] Lambda@Edge - [x] Conditional creation for many types of resources. - [x] Control execution of nearly any step in the process - build, package, store package, deploy, update. -- [x] Control nearly all aspects of Lambda resources (provisioned concurrency, VPC, EFS, dead-letter notification, tracing, async events, IAM role, IAM policies, and more). +- [x] Control nearly all aspects of Lambda resources (provisioned concurrency, VPC, EFS, dead-letter notification, tracing, async events, event source mapping, IAM role, IAM policies, and more). - [x] Support integration with other `serverless.tf` modules like [HTTP API Gateway](https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2) (see [examples there](https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2/tree/master/examples/complete-http)). @@ -565,6 +563,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo * [With VPC](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-vpc) - Create Lambda Function with VPC. * [With EFS](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-efs) - Create Lambda Function with Elastic File System attached (Terraform 0.13+ is recommended). * [Multiple regions](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/multiple-regions) - Create the same Lambda Function in multiple regions with non-conflicting IAM roles and policies. +* [Event Source Mapping](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/event-source-mapping) - Create Lambda Function with event source mapping configuration (SQS, DynamoDB, and Kinesis). @@ -629,6 +628,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | docker\_pip\_cache | Whether to mount a shared pip cache folder into docker environment or not | `any` | `null` | no | | docker\_with\_ssh\_agent | Whether to pass SSH\_AUTH\_SOCK into docker environment or not | `bool` | `false` | no | | environment\_variables | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no | +| event\_source\_mapping | Map of event source mapping | `any` | `{}` | no | | file\_system\_arn | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | `string` | `null` | no | | file\_system\_local\_mount\_path | The path where the function can access the file system, starting with /mnt/. | `string` | `null` | no | | function\_name | A unique name for your Lambda Function | `string` | `""` | no | @@ -689,6 +689,10 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | lambda\_role\_name | The name of the IAM role created for the Lambda Function | | local\_filename | The filename of zip archive deployed (if deployment was from local) | | s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) | +| this\_lambda\_event\_source\_mapping\_function\_arn | The the ARN of the Lambda function the event source mapping is sending events to | +| this\_lambda\_event\_source\_mapping\_state | The state of the event source mapping | +| this\_lambda\_event\_source\_mapping\_state\_transition\_reason | The reason the event source mapping is in its current state | +| this\_lambda\_event\_source\_mapping\_uuid | The UUID of the created event source mapping | | this\_lambda\_function\_arn | The ARN of the Lambda Function | | this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | | this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md new file mode 100644 index 00000000..1a62df62 --- /dev/null +++ b/examples/event-source-mapping/README.md @@ -0,0 +1,16 @@ +# Event Source Mapping configuration + +Configuration in this directory creates Lambda Function with event source mapping configuration for SQS queue, Kinesis stream, and DynamoDB table. + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf new file mode 100644 index 00000000..db7901ea --- /dev/null +++ b/examples/event-source-mapping/main.tf @@ -0,0 +1,120 @@ +provider "aws" { + region = "eu-west-1" + + # Make it faster by skipping something + skip_get_ec2_platforms = true + skip_metadata_api_check = true + skip_region_validation = true + skip_credentials_validation = true + skip_requesting_account_id = true +} + +#################################################### +# Lambda Function with event source mapping +#################################################### + +module "lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-lambda-event-source-mapping" + handler = "index.lambda_handler" + runtime = "python3.8" + + source_path = "${path.module}/../fixtures/python3.8-app1" + + event_source_mapping = { + sqs = { + event_source_arn = aws_sqs_queue.this.arn + } + dynamodb = { + event_source_arn = aws_dynamodb_table.this.stream_arn + starting_position = "LATEST" + # This can be created but it won't be updated/removed. To be reviewed in the future. + # destination_config = { + # on_failure = { + # destination_arn = aws_sqs_queue.failure.arn + # } + # } + } + kinesis = { + event_source_arn = aws_kinesis_stream.this.arn + starting_position = "LATEST" + } + } + + allowed_triggers = { + sqs = { + principal = "sqs.amazonaws.com" + source_arn = aws_sqs_queue.this.arn + } + dynamodb = { + principal = "dynamodb.amazonaws.com" + source_arn = aws_dynamodb_table.this.stream_arn + } + kinesis = { + principal = "kinesis.amazonaws.com" + source_arn = aws_kinesis_stream.this.arn + } + } + + create_current_version_allowed_triggers = false + + # Allow failures to be sent to SQS queue + attach_policy_statements = true + policy_statements = { + sqs_failure = { + effect = "Allow", + actions = ["sqs:SendMessage"], + resources = [aws_sqs_queue.failure.arn] + } + } + + attach_policies = true + number_of_policies = 3 + + policies = [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole", + "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole", + "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole", + ] +} + +################## +# Extra resources +################## + +resource "random_pet" "this" { + length = 2 +} + +resource "aws_sqs_queue" "this" { + name = random_pet.this.id +} + +resource "aws_dynamodb_table" "this" { + name = random_pet.this.id + billing_mode = "PAY_PER_REQUEST" + hash_key = "UserId" + range_key = "GameTitle" + stream_view_type = "NEW_AND_OLD_IMAGES" + stream_enabled = true + + attribute { + name = "UserId" + type = "S" + } + + attribute { + name = "GameTitle" + type = "S" + } +} + +resource "aws_kinesis_stream" "this" { + name = random_pet.this.id + shard_count = 1 +} + +resource "aws_sqs_queue" "failure" { + name = "${random_pet.this.id}-failure" +} diff --git a/examples/event-source-mapping/outputs.tf b/examples/event-source-mapping/outputs.tf new file mode 100644 index 00000000..3e78ca90 --- /dev/null +++ b/examples/event-source-mapping/outputs.tf @@ -0,0 +1,66 @@ +# Lambda Function +output "this_lambda_function_arn" { + description = "The ARN of the Lambda Function" + value = module.lambda_function.this_lambda_function_arn +} + +output "this_lambda_function_invoke_arn" { + description = "The Invoke ARN of the Lambda Function" + value = module.lambda_function.this_lambda_function_invoke_arn +} + +output "this_lambda_function_name" { + description = "The name of the Lambda Function" + value = module.lambda_function.this_lambda_function_name +} + +output "this_lambda_function_qualified_arn" { + description = "The ARN identifying your Lambda Function Version" + value = module.lambda_function.this_lambda_function_qualified_arn +} + +output "this_lambda_function_version" { + description = "Latest published version of Lambda Function" + value = module.lambda_function.this_lambda_function_version +} + +output "this_lambda_function_last_modified" { + description = "The date Lambda Function resource was last modified" + value = module.lambda_function.this_lambda_function_last_modified +} + +output "this_lambda_function_kms_key_arn" { + description = "The ARN for the KMS encryption key of Lambda Function" + value = module.lambda_function.this_lambda_function_kms_key_arn +} + +output "this_lambda_function_source_code_hash" { + description = "Base64-encoded representation of raw SHA-256 sum of the zip file" + value = module.lambda_function.this_lambda_function_source_code_hash +} + +output "this_lambda_function_source_code_size" { + description = "The size in bytes of the function .zip file" + value = module.lambda_function.this_lambda_function_source_code_size +} + +# Lambda Event Source Mapping +output "this_lambda_event_source_mapping_function_arn" { + description = "The the ARN of the Lambda function the event source mapping is sending events to" + value = module.lambda_function.this_lambda_event_source_mapping_function_arn +} + +output "this_lambda_event_source_mapping_state" { + description = "The state of the event source mapping" + value = module.lambda_function.this_lambda_event_source_mapping_state +} + +output "this_lambda_event_source_mapping_state_transition_reason" { + description = "The reason the event source mapping is in its current state" + value = module.lambda_function.this_lambda_event_source_mapping_state_transition_reason +} + +output "this_lambda_event_source_mapping_uuid" { + description = "The UUID of the created event source mapping" + value = module.lambda_function.this_lambda_event_source_mapping_uuid +} diff --git a/examples/event-source-mapping/variables.tf b/examples/event-source-mapping/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf new file mode 100644 index 00000000..ae803842 --- /dev/null +++ b/examples/event-source-mapping/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 0.12.6" + + required_providers { + aws = ">= 3.27" + random = ">= 2" + } +} + diff --git a/main.tf b/main.tf index d928cd0d..73889d54 100644 --- a/main.tf +++ b/main.tf @@ -191,7 +191,7 @@ resource "aws_lambda_permission" "current_version_triggers" { event_source_token = lookup(each.value, "event_source_token", null) } -# Error: Error adding new Lambda Permission for destined-tetra-lambda: InvalidParameterValueException: We currently do not support adding policies for $LATEST. +# Error: Error adding new Lambda Permission for lambda: InvalidParameterValueException: We currently do not support adding policies for $LATEST. resource "aws_lambda_permission" "unqualified_alias_triggers" { for_each = var.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers ? var.allowed_triggers : {} @@ -204,3 +204,33 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" { source_account = lookup(each.value, "source_account", null) event_source_token = lookup(each.value, "event_source_token", null) } + +resource "aws_lambda_event_source_mapping" "this" { + for_each = var.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers ? var.event_source_mapping : tomap({}) + + function_name = aws_lambda_function.this[0].arn + + event_source_arn = each.value.event_source_arn + + batch_size = lookup(each.value, "batch_size", null) + maximum_batching_window_in_seconds = lookup(each.value, "maximum_batching_window_in_seconds", null) + enabled = lookup(each.value, "enabled", null) + starting_position = lookup(each.value, "starting_position", null) + starting_position_timestamp = lookup(each.value, "starting_position_timestamp", null) + parallelization_factor = lookup(each.value, "parallelization_factor", null) + maximum_retry_attempts = lookup(each.value, "maximum_retry_attempts", null) + maximum_record_age_in_seconds = lookup(each.value, "maximum_record_age_in_seconds", null) + bisect_batch_on_function_error = lookup(each.value, "bisect_batch_on_function_error", null) + + /* @todo: fix this + dynamic "destination_config" { + for_each = lookup(each.value, "destination_config", {}) + + content { + on_failure { + destination_arn = lookup(destination_config.value, "on_failure") #"destination_arn"] + } + } + } + */ +} diff --git a/outputs.tf b/outputs.tf index 73d769b4..7e0e08eb 100644 --- a/outputs.tf +++ b/outputs.tf @@ -70,6 +70,27 @@ output "this_lambda_layer_version" { value = element(concat(aws_lambda_layer_version.this.*.version, [""]), 0) } +# Lambda Event Source Mapping +output "this_lambda_event_source_mapping_function_arn" { + description = "The the ARN of the Lambda function the event source mapping is sending events to" + value = { for k, v in aws_lambda_event_source_mapping.this : k => v.function_arn } +} + +output "this_lambda_event_source_mapping_state" { + description = "The state of the event source mapping" + value = { for k, v in aws_lambda_event_source_mapping.this : k => v.state } +} + +output "this_lambda_event_source_mapping_state_transition_reason" { + description = "The reason the event source mapping is in its current state" + value = { for k, v in aws_lambda_event_source_mapping.this : k => v.state_transition_reason } +} + +output "this_lambda_event_source_mapping_uuid" { + description = "The UUID of the created event source mapping" + value = { for k, v in aws_lambda_event_source_mapping.this : k => v.uuid } +} + # IAM Role output "lambda_role_arn" { description = "The ARN of the IAM role created for the Lambda Function" diff --git a/variables.tf b/variables.tf index 45addab1..93cf7c41 100644 --- a/variables.tf +++ b/variables.tf @@ -281,6 +281,16 @@ variable "allowed_triggers" { default = {} } +############################################ +# Lambda Event Source Mapping +############################################ + +variable "event_source_mapping" { + description = "Map of event source mapping" + type = any + default = {} +} + ################# # CloudWatch Logs ################# From 2f89c5d42f746abf1b9d9a1543f03354957db2f9 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sun, 14 Feb 2021 12:43:44 +0100 Subject: [PATCH 048/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 62245f79..8fd55d7b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.37.0] - 2021-02-14 + +- feat: Added Lambda event source mapping ([#103](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/103)) + + ## [v1.36.0] - 2021-02-03 @@ -316,7 +322,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.36.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.37.0...HEAD +[v1.37.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.36.0...v1.37.0 [v1.36.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.35.0...v1.36.0 [v1.35.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.34.0...v1.35.0 [v1.34.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.33.0...v1.34.0 From 89337b218f101077a8cbe40b51b35b8cfbc03268 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Thu, 18 Feb 2021 10:19:23 -0500 Subject: [PATCH 049/385] chore: update documentation based on latest `terraform-docs` which includes module and resource sections (#108) --- .gitignore | 34 ++++++++++++++++++++++++----- .pre-commit-config.yaml | 2 +- README.md | 29 +++++++++++++++++++++++- examples/alias/README.md | 16 +++++++++++++- examples/async/README.md | 15 ++++++++++++- examples/build-package/README.md | 22 ++++++++++++++++++- examples/complete/README.md | 21 +++++++++++++++++- examples/container-image/README.md | 18 ++++++++++++++- examples/deploy/README.md | 16 +++++++++++++- examples/multiple-regions/README.md | 15 ++++++++++++- examples/simple/README.md | 13 ++++++++++- examples/with-efs/README.md | 17 ++++++++++++++- examples/with-vpc/README.md | 14 +++++++++++- modules/alias/README.md | 14 +++++++++++- modules/deploy/README.md | 21 +++++++++++++++++- 15 files changed, 248 insertions(+), 19 deletions(-) diff --git a/.gitignore b/.gitignore index b95fccd1..0da622ae 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1,34 @@ -.terraform -*.tfstate.backup +# Local .terraform directories +**/.terraform/* + +# Terraform lockfile +.terraform.lock.hcl + +# .tfstate files *.tfstate -*.tfvars +*.tfstate.* *.tfplan -.terraform.lock.hcl -builds/ +# Crash log files +crash.log +# Exclude all .tfvars files, which are likely to contain sentitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore CLI configuration files +.terraformrc +terraform.rc + +# Lambda directories +builds/ __pycache__/ diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 94f7541a..ea440070 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,6 +21,6 @@ repos: - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - repo: git://github.com/pre-commit/pre-commit-hooks - rev: v3.3.0 + rev: v3.4.0 hooks: - id: check-merge-conflict diff --git a/README.md b/README.md index a5728ff7..cabd288e 100644 --- a/README.md +++ b/README.md @@ -587,6 +587,34 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | local | >= 1 | | null | >= 2 | +## Modules + +No Modules. + +## Resources + +| Name | +|------| +| [aws_arn](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/arn) | +| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/cloudwatch_log_group) | +| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/cloudwatch_log_group) | +| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_policy) | +| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/iam_policy) | +| [aws_iam_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_policy_attachment) | +| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/iam_policy_document) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_role) | +| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_role_policy_attachment) | +| [aws_lambda_event_source_mapping](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_event_source_mapping) | +| [aws_lambda_function](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_function) | +| [aws_lambda_function_event_invoke_config](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_function_event_invoke_config) | +| [aws_lambda_layer_version](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_layer_version) | +| [aws_lambda_permission](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_permission) | +| [aws_lambda_provisioned_concurrency_config](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_provisioned_concurrency_config) | +| [aws_s3_bucket_object](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/s3_bucket_object) | +| [external_external](https://registry.terraform.io/providers/hashicorp/external/1/docs/data-sources/external) | +| [local_file](https://registry.terraform.io/providers/hashicorp/local/1/docs/resources/file) | +| [null_resource](https://registry.terraform.io/providers/hashicorp/null/2/docs/resources/resource) | + ## Inputs | Name | Description | Type | Default | Required | @@ -707,7 +735,6 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | | this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | | this\_lambda\_layer\_version | The Lambda Layer version | - ## Authors diff --git a/examples/alias/README.md b/examples/alias/README.md index 0bccd041..ae2bb21e 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -29,6 +29,21 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | random | >= 2 | +## Modules + +| Name | Source | Version | +|------|--------|---------| +| alias_existing | ../../modules/alias | | +| alias_no_refresh | ../../modules/alias | | +| alias_refresh | ../../modules/alias | | +| lambda_function | ../../ | | + +## Resources + +| Name | +|------| +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | + ## Inputs No input. @@ -60,5 +75,4 @@ No input. | this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | | this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | | this\_lambda\_layer\_version | The Lambda Layer version | - diff --git a/examples/async/README.md b/examples/async/README.md index 1c63af47..8260321c 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -30,6 +30,20 @@ Note that this example may create resources which cost money. Run `terraform des | aws | >= 3.19 | | random | >= 2 | +## Modules + +| Name | Source | Version | +|------|--------|---------| +| lambda_function | ../../ | | + +## Resources + +| Name | +|------| +| [aws_sns_topic](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/sns_topic) | +| [aws_sqs_queue](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/sqs_queue) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | + ## Inputs No input. @@ -57,5 +71,4 @@ No input. | this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | | this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | | this\_lambda\_layer\_version | The Lambda Layer version | - diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 4a76b6cb..13da980c 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -29,6 +29,27 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | random | >= 2 | +## Modules + +| Name | Source | Version | +|------|--------|---------| +| lambda_function_from_package | ../../ | | +| lambda_layer | ../../ | | +| package_dir | ../../ | | +| package_dir_without_pip_install | ../../ | | +| package_file | ../../ | | +| package_file_with_pip_requirements | ../../ | | +| package_with_commands_and_patterns | ../../ | | +| package_with_docker | ../../ | | +| package_with_patterns | ../../ | | +| package_with_pip_requirements_in_docker | ../../ | | + +## Resources + +| Name | +|------| +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | + ## Inputs No input. @@ -36,5 +57,4 @@ No input. ## Outputs No output. - diff --git a/examples/complete/README.md b/examples/complete/README.md index e001114c..750a55be 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -31,6 +31,26 @@ Note that this example may create resources which cost money. Run `terraform des | aws | >= 2.67 | | random | >= 2 | +## Modules + +| Name | Source | Version | +|------|--------|---------| +| disabled_lambda | ../../ | | +| lambda_at_edge | ../../ | | +| lambda_function | ../../ | | +| lambda_function_existing_package_local | ../../ | | +| lambda_layer_local | ../../ | | +| lambda_layer_s3 | ../../ | | +| lambda_with_provisioned_concurrency | ../../ | | +| s3_bucket | terraform-aws-modules/s3-bucket/aws | | + +## Resources + +| Name | +|------| +| [aws_sqs_queue](https://registry.terraform.io/providers/hashicorp/aws/2.67/docs/resources/sqs_queue) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | + ## Inputs No input. @@ -58,5 +78,4 @@ No input. | this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | | this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | | this\_lambda\_layer\_version | The Lambda Layer version | - diff --git a/examples/container-image/README.md b/examples/container-image/README.md index f1884622..64b4f849 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -32,6 +32,23 @@ Note that this example may create resources which cost money. Run `terraform des | docker | >= 2.8.0 | | random | >= 2 | +## Modules + +| Name | Source | Version | +|------|--------|---------| +| lambda_function_from_container_image | ../../ | | + +## Resources + +| Name | +|------| +| [aws_caller_identity](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/caller_identity) | +| [aws_ecr_authorization_token](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/ecr_authorization_token) | +| [aws_ecr_repository](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/ecr_repository) | +| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/region) | +| [docker_registry_image](https://registry.terraform.io/providers/kreuzwerker/docker/2.8.0/docs/resources/registry_image) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | + ## Inputs No input. @@ -57,5 +74,4 @@ No input. | this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | | this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | | this\_lambda\_layer\_version | The Lambda Layer version | - diff --git a/examples/deploy/README.md b/examples/deploy/README.md index 6d820c84..2acc3063 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -30,6 +30,21 @@ Note that this example may create resources which cost money. Run `terraform des | aws | >= 3.19 | | random | >= 2 | +## Modules + +| Name | Source | Version | +|------|--------|---------| +| alias_refresh | ../../modules/alias | | +| deploy | ../../modules/deploy | | +| lambda_function | ../../ | | + +## Resources + +| Name | +|------| +| [aws_sns_topic](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/sns_topic) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | + ## Inputs No input. @@ -47,5 +62,4 @@ No input. | codedeploy\_iam\_role\_name | Name of IAM role used by CodeDeploy | | deploy\_script | Path to a deployment script | | script | Deployment script | - diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index d7641ee9..83bcffaf 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -32,6 +32,20 @@ Note that this example may create resources which cost money. Run `terraform des | aws.us-east-1 | >= 3.19 | | random | >= 2 | +## Modules + +| Name | Source | Version | +|------|--------|---------| +| lambda_function | ../../ | | +| lambda_function_another_region | ../../ | | + +## Resources + +| Name | +|------| +| [aws_sqs_queue](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/sqs_queue) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | + ## Inputs No input. @@ -59,5 +73,4 @@ No input. | this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | | this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | | this\_lambda\_layer\_version | The Lambda Layer version | - diff --git a/examples/simple/README.md b/examples/simple/README.md index 2c9ee0ac..55880a80 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -29,6 +29,18 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | random | >= 2 | +## Modules + +| Name | Source | Version | +|------|--------|---------| +| lambda_function | ../../ | | + +## Resources + +| Name | +|------| +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | + ## Inputs No input. @@ -56,5 +68,4 @@ No input. | this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | | this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | | this\_lambda\_layer\_version | The Lambda Layer version | - diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index 5a05beba..755a9121 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -31,6 +31,22 @@ Note that this example may create resources which cost money. Run `terraform des | aws | >= 3.19 | | random | >= 2 | +## Modules + +| Name | Source | Version | +|------|--------|---------| +| lambda_function_with_efs | ../../ | | +| vpc | terraform-aws-modules/vpc/aws | | + +## Resources + +| Name | +|------| +| [aws_efs_access_point](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/efs_access_point) | +| [aws_efs_file_system](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/efs_file_system) | +| [aws_efs_mount_target](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/efs_mount_target) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | + ## Inputs No input. @@ -58,5 +74,4 @@ No input. | this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | | this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | | this\_lambda\_layer\_version | The Lambda Layer version | - diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 88f72c86..9764f750 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -31,6 +31,19 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | random | >= 2 | +## Modules + +| Name | Source | Version | +|------|--------|---------| +| lambda_function_in_vpc | ../../ | | +| vpc | terraform-aws-modules/vpc/aws | | + +## Resources + +| Name | +|------| +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | + ## Inputs No input. @@ -58,5 +71,4 @@ No input. | this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | | this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | | this\_lambda\_layer\_version | The Lambda Layer version | - diff --git a/modules/alias/README.md b/modules/alias/README.md index ece77947..64ec4e47 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -124,6 +124,19 @@ module "lambda" { |------|---------| | aws | >= 3.19 | +## Modules + +No Modules. + +## Resources + +| Name | +|------| +| [aws_lambda_alias](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/lambda_alias) | +| [aws_lambda_alias](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_alias) | +| [aws_lambda_function_event_invoke_config](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_function_event_invoke_config) | +| [aws_lambda_permission](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_permission) | + ## Inputs | Name | Description | Type | Default | Required | @@ -156,7 +169,6 @@ module "lambda" { | this\_lambda\_alias\_function\_version | Lambda function version which the alias uses | | this\_lambda\_alias\_invoke\_arn | The ARN to be used for invoking Lambda Function from API Gateway | | this\_lambda\_alias\_name | The name of the Lambda Function Alias | - ## Authors diff --git a/modules/deploy/README.md b/modules/deploy/README.md index a58333d8..bbe749bb 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -112,6 +112,26 @@ module "lambda" { | local | >= 1 | | null | >= 2 | +## Modules + +No Modules. + +## Resources + +| Name | +|------| +| [aws_codedeploy_app](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/codedeploy_app) | +| [aws_codedeploy_deployment_group](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/codedeploy_deployment_group) | +| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_policy) | +| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/iam_policy_document) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_role) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/iam_role) | +| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_role_policy_attachment) | +| [aws_lambda_alias](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/lambda_alias) | +| [aws_lambda_function](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/lambda_function) | +| [local_file](https://registry.terraform.io/providers/hashicorp/local/1/docs/resources/file) | +| [null_resource](https://registry.terraform.io/providers/hashicorp/null/2/docs/resources/resource) | + ## Inputs | Name | Description | Type | Default | Required | @@ -160,7 +180,6 @@ module "lambda" { | codedeploy\_iam\_role\_name | Name of IAM role used by CodeDeploy | | deploy\_script | Path to a deployment script | | script | Deployment script | - ## Authors From 76fa1ba160292eac614f322830a7db268199555c Mon Sep 17 00:00:00 2001 From: Glen Thomas <45943914+Glen-Moonpig@users.noreply.github.com> Date: Thu, 18 Feb 2021 15:26:23 +0000 Subject: [PATCH 050/385] feat: Add output for lambda CloudWatch log group name (#111) --- README.md | 1 + iam.tf | 1 + outputs.tf | 5 +++++ 3 files changed, 7 insertions(+) diff --git a/README.md b/README.md index cabd288e..1e89d9ad 100644 --- a/README.md +++ b/README.md @@ -713,6 +713,7 @@ No Modules. | Name | Description | |------|-------------| | lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group | +| lambda\_cloudwatch\_log\_group\_name | The name of the Cloudwatch Log Group | | lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | | lambda\_role\_name | The name of the IAM role created for the Lambda Function | | local\_filename | The filename of zip archive deployed (if deployment was from local) | diff --git a/iam.tf b/iam.tf index 4972dfee..99b58392 100644 --- a/iam.tf +++ b/iam.tf @@ -4,6 +4,7 @@ locals { # Lambda@Edge uses the Cloudwatch region closest to the location where the function is executed # The region part of the LogGroup ARN is then replaced with a wildcard (*) so Lambda@Edge is able to log in every region log_group_arn_regional = element(concat(data.aws_cloudwatch_log_group.lambda.*.arn, aws_cloudwatch_log_group.lambda.*.arn, [""]), 0) + log_group_name = element(concat(data.aws_cloudwatch_log_group.lambda.*.name, aws_cloudwatch_log_group.lambda.*.name, [""]), 0) log_group_arn = local.create_role && var.lambda_at_edge ? format("arn:%s:%s:%s:%s:%s", data.aws_arn.log_group_arn[0].partition, data.aws_arn.log_group_arn[0].service, "*", data.aws_arn.log_group_arn[0].account, data.aws_arn.log_group_arn[0].resource) : local.log_group_arn_regional role_name = local.create_role ? coalesce(var.role_name, var.function_name) : null diff --git a/outputs.tf b/outputs.tf index 7e0e08eb..14b27103 100644 --- a/outputs.tf +++ b/outputs.tf @@ -107,6 +107,11 @@ output "lambda_cloudwatch_log_group_arn" { description = "The ARN of the Cloudwatch Log Group" value = local.log_group_arn } + +output "lambda_cloudwatch_log_group_name" { + description = "The name of the Cloudwatch Log Group" + value = local.log_group_name +} # Deployment package output "local_filename" { From 0cd769a225242a89d6516395c27f23a5fe5d224e Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 18 Feb 2021 16:29:05 +0100 Subject: [PATCH 051/385] Updated CHANGELOG --- CHANGELOG.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8fd55d7b..3bd9229e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,13 @@ All notable changes to this project will be documented in this file. + +## [v1.38.0] - 2021-02-18 + +- feat: Add output for lambda CloudWatch log group name ([#111](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/111)) +- chore: update documentation based on latest `terraform-docs` which includes module and resource sections ([#108](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/108)) + + ## [v1.37.0] - 2021-02-14 @@ -322,7 +329,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.37.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.38.0...HEAD +[v1.38.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.37.0...v1.38.0 [v1.37.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.36.0...v1.37.0 [v1.36.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.35.0...v1.36.0 [v1.35.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.34.0...v1.35.0 From 4b9e833664bf2f49ece8e88f766da83d25e78de6 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 19 Feb 2021 09:24:24 +0100 Subject: [PATCH 052/385] docs: Fixed terraform-docs automatically --- README.md | 8 ++++---- modules/deploy/README.md | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 1e89d9ad..dd26be8a 100644 --- a/README.md +++ b/README.md @@ -598,15 +598,15 @@ No Modules. | [aws_arn](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/arn) | | [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/cloudwatch_log_group) | | [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/cloudwatch_log_group) | -| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_policy) | -| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/iam_policy) | | [aws_iam_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_policy_attachment) | | [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/iam_policy_document) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_role) | +| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/iam_policy) | +| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_policy) | | [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_role_policy_attachment) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_role) | | [aws_lambda_event_source_mapping](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_event_source_mapping) | -| [aws_lambda_function](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_function) | | [aws_lambda_function_event_invoke_config](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_function_event_invoke_config) | +| [aws_lambda_function](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_function) | | [aws_lambda_layer_version](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_layer_version) | | [aws_lambda_permission](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_permission) | | [aws_lambda_provisioned_concurrency_config](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_provisioned_concurrency_config) | diff --git a/modules/deploy/README.md b/modules/deploy/README.md index bbe749bb..2a720028 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -122,11 +122,11 @@ No Modules. |------| | [aws_codedeploy_app](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/codedeploy_app) | | [aws_codedeploy_deployment_group](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/codedeploy_deployment_group) | -| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_policy) | | [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/iam_policy_document) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_role) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/iam_role) | +| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_policy) | | [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_role_policy_attachment) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/iam_role) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_role) | | [aws_lambda_alias](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/lambda_alias) | | [aws_lambda_function](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/lambda_function) | | [local_file](https://registry.terraform.io/providers/hashicorp/local/1/docs/resources/file) | From 8449cb43153c7ca7b95e021539d581d3d0f89837 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 21 Feb 2021 15:04:27 -0500 Subject: [PATCH 053/385] chore: add ci-cd workflow for pre-commit checks (#112) --- .github/workflows/pre-commit.yml | 55 ++++++++++++++++++++++++++++++++ .pre-commit-config.yaml | 2 +- outputs.tf | 2 +- 3 files changed, 57 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/pre-commit.yml diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml new file mode 100644 index 00000000..2b38633b --- /dev/null +++ b/.github/workflows/pre-commit.yml @@ -0,0 +1,55 @@ +name: Pre-Commit + +on: + pull_request: + push: + branches: + - master + +jobs: + getBaseVersion: + name: Get min/max versions + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Terraform min/max versions + id: minMax + uses: clowdhaus/terraform-min-max@v1.0.1 + outputs: + minVersion: ${{ steps.minMax.outputs.minVersion }} + maxVersion: ${{ steps.minMax.outputs.maxVersion }} + + preCommit: + name: Pre-commit check + runs-on: ubuntu-latest + needs: getBaseVersion + strategy: + fail-fast: false + matrix: + version: + - ${{ needs.getBaseVersion.outputs.minVersion }} + - ${{ needs.getBaseVersion.outputs.maxVersion }} + + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Install Python + uses: actions/setup-python@v2 + + - name: Install Terraform v${{ matrix.version }} + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: ${{ matrix.version }} + + - name: Install pre-commit dependencies + run: | + pip install pre-commit + curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ + curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/ + + - name: Execute pre-commit + run: pre-commit run --color=always --show-diff-on-failure --all-files diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ea440070..4963e575 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.45.0 + rev: v1.46.0 hooks: - id: terraform_fmt - id: terraform_validate diff --git a/outputs.tf b/outputs.tf index 14b27103..33e5d560 100644 --- a/outputs.tf +++ b/outputs.tf @@ -107,7 +107,7 @@ output "lambda_cloudwatch_log_group_arn" { description = "The ARN of the Cloudwatch Log Group" value = local.log_group_arn } - + output "lambda_cloudwatch_log_group_name" { description = "The name of the Cloudwatch Log Group" value = local.log_group_name From 5ddbf22f8c9c59b858a5a8a4a79287c3c2d3e345 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Mon, 22 Feb 2021 02:42:34 -0500 Subject: [PATCH 054/385] chore: only run validate check on min terraform version (#114) --- .github/workflows/pre-commit.yml | 7 +++++++ README.md | 2 +- examples/alias/README.md | 2 +- examples/alias/versions.tf | 2 +- examples/async/README.md | 2 +- examples/async/versions.tf | 2 +- examples/build-package/README.md | 2 +- examples/build-package/versions.tf | 2 +- examples/complete/README.md | 2 +- examples/complete/versions.tf | 2 +- examples/container-image/README.md | 2 +- examples/container-image/versions.tf | 2 +- examples/deploy/README.md | 2 +- examples/deploy/versions.tf | 2 +- examples/event-source-mapping/versions.tf | 2 +- examples/multiple-regions/README.md | 2 +- examples/multiple-regions/versions.tf | 2 +- examples/simple/README.md | 2 +- examples/simple/versions.tf | 2 +- examples/with-efs/README.md | 2 +- examples/with-efs/versions.tf | 2 +- examples/with-vpc/README.md | 2 +- examples/with-vpc/versions.tf | 2 +- modules/alias/README.md | 2 +- modules/alias/versions.tf | 2 +- modules/deploy/README.md | 2 +- modules/deploy/versions.tf | 2 +- versions.tf | 2 +- 28 files changed, 34 insertions(+), 27 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 2b38633b..73c2bee2 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -52,4 +52,11 @@ jobs: curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/ - name: Execute pre-commit + # Run only validate pre-commit check on min version supported + if: ${{ matrix.version == needs.getBaseVersion.outputs.minVersion }} + run: pre-commit run --color=always --show-diff-on-failure --all-files terraform_validate + + - name: Execute pre-commit + # Run all pre-commit checks on max version supported + if: ${{ matrix.version == needs.getBaseVersion.outputs.maxVersion }} run: pre-commit run --color=always --show-diff-on-failure --all-files diff --git a/README.md b/README.md index dd26be8a..ae3e9848 100644 --- a/README.md +++ b/README.md @@ -571,7 +571,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| terraform | >= 0.12.6 | +| terraform | >= 0.13 | | aws | >= 3.19 | | external | >= 1 | | local | >= 1 | diff --git a/examples/alias/README.md b/examples/alias/README.md index ae2bb21e..fae60781 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6 | +| terraform | >= 0.13 | | aws | >= 3.19 | | random | >= 2 | diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index 957cf18c..aa98bd2f 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.6" + required_version = ">= 0.13" required_providers { aws = ">= 3.19" diff --git a/examples/async/README.md b/examples/async/README.md index 8260321c..6f061b4a 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6 | +| terraform | >= 0.13 | | aws | >= 3.19 | | random | >= 2 | diff --git a/examples/async/versions.tf b/examples/async/versions.tf index 957cf18c..aa98bd2f 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.6" + required_version = ">= 0.13" required_providers { aws = ">= 3.19" diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 13da980c..8e4c848e 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6 | +| terraform | >= 0.13 | | aws | >= 3.19 | | random | >= 2 | diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index 957cf18c..aa98bd2f 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.6" + required_version = ">= 0.13" required_providers { aws = ">= 3.19" diff --git a/examples/complete/README.md b/examples/complete/README.md index 750a55be..0f26c58b 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6 | +| terraform | >= 0.13 | | aws | >= 2.67 | | random | >= 2 | diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 16983974..df1ac5cb 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.6" + required_version = ">= 0.13" required_providers { aws = ">= 2.67" diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 64b4f849..7bf044f4 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6 | +| terraform | >= 0.13 | | aws | >= 3.19 | | docker | >= 2.8.0 | | random | >= 2 | diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index 7980d563..7475725f 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.6" + required_version = ">= 0.13" required_providers { aws = ">= 3.19" diff --git a/examples/deploy/README.md b/examples/deploy/README.md index 2acc3063..ff9ff5cd 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6 | +| terraform | >= 0.13 | | aws | >= 3.19 | | random | >= 2 | diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index 957cf18c..aa98bd2f 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.6" + required_version = ">= 0.13" required_providers { aws = ">= 3.19" diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index ae803842..61b754f7 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.6" + required_version = ">= 0.13" required_providers { aws = ">= 3.27" diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 83bcffaf..6927c3b2 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6 | +| terraform | >= 0.13 | | aws | >= 3.19 | | random | >= 2 | diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index 957cf18c..aa98bd2f 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.6" + required_version = ">= 0.13" required_providers { aws = ">= 3.19" diff --git a/examples/simple/README.md b/examples/simple/README.md index 55880a80..6d6a9b06 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6 | +| terraform | >= 0.13 | | aws | >= 3.19 | | random | >= 2 | diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index 957cf18c..aa98bd2f 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.6" + required_version = ">= 0.13" required_providers { aws = ">= 3.19" diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index 755a9121..916c3e42 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6 | +| terraform | >= 0.13 | | aws | >= 3.19 | | random | >= 2 | diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index 957cf18c..aa98bd2f 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.6" + required_version = ">= 0.13" required_providers { aws = ">= 3.19" diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 9764f750..cae33b1c 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.6 | +| terraform | >= 0.13 | | aws | >= 3.19 | | random | >= 2 | diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index 957cf18c..aa98bd2f 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.6" + required_version = ">= 0.13" required_providers { aws = ">= 3.19" diff --git a/modules/alias/README.md b/modules/alias/README.md index 64ec4e47..68b25af0 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -115,7 +115,7 @@ module "lambda" { | Name | Version | |------|---------| -| terraform | >= 0.12.6 | +| terraform | >= 0.13 | | aws | >= 3.19 | ## Providers diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index 9d71257e..f875bdb4 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.6" + required_version = ">= 0.13" required_providers { aws = ">= 3.19" diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 2a720028..2529e0f5 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -99,7 +99,7 @@ module "lambda" { | Name | Version | |------|---------| -| terraform | >= 0.12.6 | +| terraform | >= 0.13 | | aws | >= 3.19 | | local | >= 1 | | null | >= 2 | diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index c1227787..38de4e24 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.6" + required_version = ">= 0.13" required_providers { aws = ">= 3.19" diff --git a/versions.tf b/versions.tf index 07306751..442d6e42 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.6" + required_version = ">= 0.13" required_providers { aws = ">= 3.19" From ce3fbc8bd2a309300e89afa6979c29bb019266e7 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 22 Feb 2021 08:43:25 +0100 Subject: [PATCH 055/385] Updated CHANGELOG --- CHANGELOG.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3bd9229e..5845e19f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,14 @@ All notable changes to this project will be documented in this file. + +## [v1.39.0] - 2021-02-22 + +- chore: only run validate check on min terraform version ([#114](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/114)) +- chore: add ci-cd workflow for pre-commit checks ([#112](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/112)) +- docs: Fixed terraform-docs automatically + + ## [v1.38.0] - 2021-02-18 @@ -329,7 +337,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.38.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.39.0...HEAD +[v1.39.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.38.0...v1.39.0 [v1.38.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.37.0...v1.38.0 [v1.37.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.36.0...v1.37.0 [v1.36.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.35.0...v1.36.0 From 9b7f62a98d521427ff7ab36715f25815978de1e0 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Thu, 25 Feb 2021 03:34:47 -0500 Subject: [PATCH 056/385] chore: fix documentation due to terraform docs 0.11.2 update (#116) --- README.md | 38 ++++++++++++++--------------- examples/alias/README.md | 2 +- examples/async/README.md | 6 ++--- examples/build-package/README.md | 2 +- examples/complete/README.md | 4 +-- examples/container-image/README.md | 12 ++++----- examples/deploy/README.md | 4 +-- examples/multiple-regions/README.md | 4 +-- examples/simple/README.md | 2 +- examples/with-efs/README.md | 8 +++--- examples/with-vpc/README.md | 2 +- modules/alias/README.md | 8 +++--- modules/deploy/README.md | 22 ++++++++--------- 13 files changed, 57 insertions(+), 57 deletions(-) diff --git a/README.md b/README.md index ae3e9848..84f8004f 100644 --- a/README.md +++ b/README.md @@ -595,25 +595,25 @@ No Modules. | Name | |------| -| [aws_arn](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/arn) | -| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/cloudwatch_log_group) | -| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/cloudwatch_log_group) | -| [aws_iam_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_policy_attachment) | -| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/iam_policy_document) | -| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/iam_policy) | -| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_policy) | -| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_role_policy_attachment) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_role) | -| [aws_lambda_event_source_mapping](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_event_source_mapping) | -| [aws_lambda_function_event_invoke_config](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_function_event_invoke_config) | -| [aws_lambda_function](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_function) | -| [aws_lambda_layer_version](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_layer_version) | -| [aws_lambda_permission](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_permission) | -| [aws_lambda_provisioned_concurrency_config](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_provisioned_concurrency_config) | -| [aws_s3_bucket_object](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/s3_bucket_object) | -| [external_external](https://registry.terraform.io/providers/hashicorp/external/1/docs/data-sources/external) | -| [local_file](https://registry.terraform.io/providers/hashicorp/local/1/docs/resources/file) | -| [null_resource](https://registry.terraform.io/providers/hashicorp/null/2/docs/resources/resource) | +| [aws_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | +| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | +| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | +| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | +| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | +| [aws_iam_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | +| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | +| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | +| [aws_lambda_event_source_mapping](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | +| [aws_lambda_function](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | +| [aws_lambda_function_event_invoke_config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | +| [aws_lambda_layer_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_layer_version) | +| [aws_lambda_permission](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | +| [aws_lambda_provisioned_concurrency_config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_provisioned_concurrency_config) | +| [aws_s3_bucket_object](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_object) | +| [external_external](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | +| [local_file](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | +| [null_resource](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | ## Inputs diff --git a/examples/alias/README.md b/examples/alias/README.md index fae60781..f37cbb8b 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -42,7 +42,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | |------| -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | ## Inputs diff --git a/examples/async/README.md b/examples/async/README.md index 6f061b4a..541808db 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -40,9 +40,9 @@ Note that this example may create resources which cost money. Run `terraform des | Name | |------| -| [aws_sns_topic](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/sns_topic) | -| [aws_sqs_queue](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/sqs_queue) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | +| [aws_sns_topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | +| [aws_sqs_queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | ## Inputs diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 8e4c848e..c5d71ab9 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -48,7 +48,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | |------| -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | ## Inputs diff --git a/examples/complete/README.md b/examples/complete/README.md index 0f26c58b..d0c8a398 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -48,8 +48,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | |------| -| [aws_sqs_queue](https://registry.terraform.io/providers/hashicorp/aws/2.67/docs/resources/sqs_queue) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | +| [aws_sqs_queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | ## Inputs diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 7bf044f4..a5dfed3b 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -42,12 +42,12 @@ Note that this example may create resources which cost money. Run `terraform des | Name | |------| -| [aws_caller_identity](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/caller_identity) | -| [aws_ecr_authorization_token](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/ecr_authorization_token) | -| [aws_ecr_repository](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/ecr_repository) | -| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/region) | -| [docker_registry_image](https://registry.terraform.io/providers/kreuzwerker/docker/2.8.0/docs/resources/registry_image) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | +| [aws_caller_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | +| [aws_ecr_authorization_token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | +| [aws_ecr_repository](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | +| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | +| [docker_registry_image](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/registry_image) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | ## Inputs diff --git a/examples/deploy/README.md b/examples/deploy/README.md index ff9ff5cd..4bd8c0d5 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -42,8 +42,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | |------| -| [aws_sns_topic](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/sns_topic) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | +| [aws_sns_topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | ## Inputs diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 6927c3b2..ee63129f 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -43,8 +43,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | |------| -| [aws_sqs_queue](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/sqs_queue) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | +| [aws_sqs_queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | ## Inputs diff --git a/examples/simple/README.md b/examples/simple/README.md index 6d6a9b06..2c5db82e 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -39,7 +39,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | |------| -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | ## Inputs diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index 916c3e42..7cc88806 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -42,10 +42,10 @@ Note that this example may create resources which cost money. Run `terraform des | Name | |------| -| [aws_efs_access_point](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/efs_access_point) | -| [aws_efs_file_system](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/efs_file_system) | -| [aws_efs_mount_target](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/efs_mount_target) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | +| [aws_efs_access_point](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_access_point) | +| [aws_efs_file_system](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system) | +| [aws_efs_mount_target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_mount_target) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | ## Inputs diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index cae33b1c..c6cea831 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -42,7 +42,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | |------| -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | ## Inputs diff --git a/modules/alias/README.md b/modules/alias/README.md index 68b25af0..f4bbdecc 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -132,10 +132,10 @@ No Modules. | Name | |------| -| [aws_lambda_alias](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/lambda_alias) | -| [aws_lambda_alias](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_alias) | -| [aws_lambda_function_event_invoke_config](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_function_event_invoke_config) | -| [aws_lambda_permission](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/lambda_permission) | +| [aws_lambda_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | +| [aws_lambda_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | +| [aws_lambda_function_event_invoke_config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | +| [aws_lambda_permission](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | ## Inputs diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 2529e0f5..2ed1e86e 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -120,17 +120,17 @@ No Modules. | Name | |------| -| [aws_codedeploy_app](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/codedeploy_app) | -| [aws_codedeploy_deployment_group](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/codedeploy_deployment_group) | -| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/iam_policy_document) | -| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_policy) | -| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_role_policy_attachment) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/iam_role) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/resources/iam_role) | -| [aws_lambda_alias](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/lambda_alias) | -| [aws_lambda_function](https://registry.terraform.io/providers/hashicorp/aws/3.19/docs/data-sources/lambda_function) | -| [local_file](https://registry.terraform.io/providers/hashicorp/local/1/docs/resources/file) | -| [null_resource](https://registry.terraform.io/providers/hashicorp/null/2/docs/resources/resource) | +| [aws_codedeploy_app](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_app) | +| [aws_codedeploy_deployment_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_deployment_group) | +| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | +| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | +| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | +| [aws_lambda_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | +| [aws_lambda_function](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_function) | +| [local_file](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | +| [null_resource](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | ## Inputs From e3a1a90d3eeef2b480222cebbf742fd09dcd1220 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 28 Feb 2021 12:28:33 -0500 Subject: [PATCH 057/385] fix: revert module Terraform 0.13.x version upgrade (#117) --- .github/workflows/pre-commit.yml | 72 ++++++++++++++++++----- README.md | 2 +- examples/alias/README.md | 2 +- examples/alias/versions.tf | 2 +- examples/async/README.md | 2 +- examples/async/versions.tf | 2 +- examples/build-package/README.md | 2 +- examples/build-package/versions.tf | 2 +- examples/complete/README.md | 2 +- examples/complete/versions.tf | 2 +- examples/deploy/README.md | 2 +- examples/deploy/versions.tf | 2 +- examples/event-source-mapping/versions.tf | 2 +- examples/multiple-regions/README.md | 2 +- examples/multiple-regions/versions.tf | 2 +- examples/simple/README.md | 2 +- examples/simple/versions.tf | 2 +- modules/alias/README.md | 2 +- modules/alias/versions.tf | 2 +- modules/deploy/README.md | 2 +- modules/deploy/versions.tf | 2 +- versions.tf | 2 +- 22 files changed, 77 insertions(+), 37 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 73c2bee2..efa5a771 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,14 +7,65 @@ on: - master jobs: - getBaseVersion: - name: Get min/max versions - runs-on: ubuntu-latest +# Min Terraform version(s) + getDirectories: + name: Get root directories + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Install Python + uses: actions/setup-python@v2 + - name: Build matrix + id: matrix + run: | + DIRS=$(python -c "import json; import glob; print(json.dumps([x.replace('/versions.tf', '') for x in glob.glob('./**/versions.tf', recursive=True)]))") + echo "::set-output name=directories::$DIRS" + outputs: + directories: ${{ steps.matrix.outputs.directories }} + preCommitMinVersions: + name: Min TF validate + needs: getDirectories + runs-on: ubuntu-latest + strategy: + matrix: + directory: ${{ fromJson(needs.getDirectories.outputs.directories) }} steps: - name: Checkout uses: actions/checkout@v2 + - name: Install Python + uses: actions/setup-python@v2 + - name: Terraform min/max versions + id: minMax + uses: clowdhaus/terraform-min-max@v1.0.1 + with: + directory: ${{ matrix.directory }} + - name: Install Terraform v${{ steps.minMax.outputs.minVersion }} + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: ${{ steps.minMax.outputs.minVersion }} + - name: Install pre-commit dependencies + run: pip install pre-commit + - name: Execute pre-commit + # Run only validate pre-commit check on min version supported + if: ${{ matrix.directory != '.' }} + run: + pre-commit run terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/* + - name: Execute pre-commit + # Run only validate pre-commit check on min version supported + if: ${{ matrix.directory == '.' }} + run: + pre-commit run terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf) + +# Max Terraform version + getBaseVersion: + name: Module max TF version + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Terraform min/max versions id: minMax uses: clowdhaus/terraform-min-max@v1.0.1 @@ -22,40 +73,29 @@ jobs: minVersion: ${{ steps.minMax.outputs.minVersion }} maxVersion: ${{ steps.minMax.outputs.maxVersion }} - preCommit: - name: Pre-commit check + preCommitMaxVersion: + name: Max TF pre-commit runs-on: ubuntu-latest needs: getBaseVersion strategy: fail-fast: false matrix: version: - - ${{ needs.getBaseVersion.outputs.minVersion }} - ${{ needs.getBaseVersion.outputs.maxVersion }} - steps: - name: Checkout uses: actions/checkout@v2 - - name: Install Python uses: actions/setup-python@v2 - - name: Install Terraform v${{ matrix.version }} uses: hashicorp/setup-terraform@v1 with: terraform_version: ${{ matrix.version }} - - name: Install pre-commit dependencies run: | pip install pre-commit curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/ - - - name: Execute pre-commit - # Run only validate pre-commit check on min version supported - if: ${{ matrix.version == needs.getBaseVersion.outputs.minVersion }} - run: pre-commit run --color=always --show-diff-on-failure --all-files terraform_validate - - name: Execute pre-commit # Run all pre-commit checks on max version supported if: ${{ matrix.version == needs.getBaseVersion.outputs.maxVersion }} diff --git a/README.md b/README.md index 84f8004f..8a2d1d8b 100644 --- a/README.md +++ b/README.md @@ -571,7 +571,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| terraform | >= 0.13 | +| terraform | >= 0.12.26 | | aws | >= 3.19 | | external | >= 1 | | local | >= 1 | diff --git a/examples/alias/README.md b/examples/alias/README.md index f37cbb8b..779f074f 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.13 | +| terraform | >= 0.12.26 | | aws | >= 3.19 | | random | >= 2 | diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index aa98bd2f..ce96cacd 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.12.26" required_providers { aws = ">= 3.19" diff --git a/examples/async/README.md b/examples/async/README.md index 541808db..316a2e64 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.13 | +| terraform | >= 0.12.26 | | aws | >= 3.19 | | random | >= 2 | diff --git a/examples/async/versions.tf b/examples/async/versions.tf index aa98bd2f..ce96cacd 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.12.26" required_providers { aws = ">= 3.19" diff --git a/examples/build-package/README.md b/examples/build-package/README.md index c5d71ab9..ff2338f6 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.13 | +| terraform | >= 0.12.26 | | aws | >= 3.19 | | random | >= 2 | diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index aa98bd2f..ce96cacd 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.12.26" required_providers { aws = ">= 3.19" diff --git a/examples/complete/README.md b/examples/complete/README.md index d0c8a398..7532775e 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.13 | +| terraform | >= 0.12.26 | | aws | >= 2.67 | | random | >= 2 | diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index df1ac5cb..479e53d4 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.12.26" required_providers { aws = ">= 2.67" diff --git a/examples/deploy/README.md b/examples/deploy/README.md index 4bd8c0d5..d5825ada 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.13 | +| terraform | >= 0.12.26 | | aws | >= 3.19 | | random | >= 2 | diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index aa98bd2f..ce96cacd 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.12.26" required_providers { aws = ">= 3.19" diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 61b754f7..479d7362 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.12.26" required_providers { aws = ">= 3.27" diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index ee63129f..434c7fb6 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.13 | +| terraform | >= 0.12.26 | | aws | >= 3.19 | | random | >= 2 | diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index aa98bd2f..ce96cacd 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.12.26" required_providers { aws = ">= 3.19" diff --git a/examples/simple/README.md b/examples/simple/README.md index 2c5db82e..1219ad34 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.13 | +| terraform | >= 0.12.26 | | aws | >= 3.19 | | random | >= 2 | diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index aa98bd2f..ce96cacd 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.12.26" required_providers { aws = ">= 3.19" diff --git a/modules/alias/README.md b/modules/alias/README.md index f4bbdecc..d770a4f9 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -115,7 +115,7 @@ module "lambda" { | Name | Version | |------|---------| -| terraform | >= 0.13 | +| terraform | >= 0.12.26 | | aws | >= 3.19 | ## Providers diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index f875bdb4..2c2f74fa 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.12.26" required_providers { aws = ">= 3.19" diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 2ed1e86e..1fe289ce 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -99,7 +99,7 @@ module "lambda" { | Name | Version | |------|---------| -| terraform | >= 0.13 | +| terraform | >= 0.12.26 | | aws | >= 3.19 | | local | >= 1 | | null | >= 2 | diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index 38de4e24..dcc12288 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.12.26" required_providers { aws = ">= 3.19" diff --git a/versions.tf b/versions.tf index 442d6e42..7a3c7e2b 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.12.26" required_providers { aws = ">= 3.19" From fd23e3e2f68671adb74ea0f2975284b0c07ad2fe Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sun, 28 Feb 2021 18:31:54 +0100 Subject: [PATCH 058/385] Updated CHANGELOG --- CHANGELOG.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5845e19f..06466eac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,13 @@ All notable changes to this project will be documented in this file. + +## [v1.40.0] - 2021-02-28 + +- fix: revert module Terraform 0.13.x version upgrade ([#117](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/117)) +- chore: fix documentation due to terraform docs 0.11.2 update ([#116](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/116)) + + ## [v1.39.0] - 2021-02-22 @@ -337,7 +344,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.39.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.40.0...HEAD +[v1.40.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.39.0...v1.40.0 [v1.39.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.38.0...v1.39.0 [v1.38.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.37.0...v1.38.0 [v1.37.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.36.0...v1.37.0 From 6b1006484378e874a2f9a7acb2a2a0b404bde52e Mon Sep 17 00:00:00 2001 From: Zander Date: Mon, 1 Mar 2021 07:35:12 -0600 Subject: [PATCH 059/385] feat: Added interpreter variable to control script runtime in deploy module (#92) --- iam.tf | 2 +- modules/deploy/README.md | 1 + modules/deploy/main.tf | 3 ++- modules/deploy/variables.tf | 6 ++++++ outputs.tf | 6 +++++- 5 files changed, 15 insertions(+), 3 deletions(-) diff --git a/iam.tf b/iam.tf index 99b58392..b17d1a2e 100644 --- a/iam.tf +++ b/iam.tf @@ -23,7 +23,7 @@ data "aws_iam_policy_document" "assume_role" { principals { type = "Service" - identifiers = distinct(concat(slice(list("lambda.amazonaws.com", "edgelambda.amazonaws.com"), 0, var.lambda_at_edge ? 2 : 1), var.trusted_entities)) + identifiers = distinct(concat(slice(["lambda.amazonaws.com", "edgelambda.amazonaws.com"], 0, var.lambda_at_edge ? 2 : 1), var.trusted_entities)) } } } diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 1fe289ce..73328716 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -160,6 +160,7 @@ No Modules. | description | Description to use for the deployment | `string` | `""` | no | | force\_deploy | Force deployment every time (even when nothing changes) | `bool` | `false` | no | | function\_name | The name of the Lambda function to deploy | `string` | `""` | no | +| interpreter | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | | save\_deploy\_script | Save deploy script locally | `bool` | `false` | no | | target\_version | Target version of Lambda function version to deploy | `string` | `""` | no | | triggers | Map of triggers which will be notified when event happens. Valid options for event types are DeploymentStart, DeploymentSuccess, DeploymentFailure, DeploymentStop, DeploymentRollback, DeploymentReady (Applies only to replacement instances in a blue/green deployment), InstanceStart, InstanceSuccess, InstanceFailure, InstanceReady. Note that not all are applicable for Lambda deployments. | `map(any)` | `{}` | no | diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index 5dc5861c..b33d1c70 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -113,7 +113,8 @@ resource "null_resource" "deploy" { } provisioner "local-exec" { - command = local.script + command = local.script + interpreter = var.interpreter } } diff --git a/modules/deploy/variables.tf b/modules/deploy/variables.tf index 66b06519..867a9fda 100644 --- a/modules/deploy/variables.tf +++ b/modules/deploy/variables.tf @@ -40,6 +40,12 @@ variable "after_allow_traffic_hook_arn" { default = "" } +variable "interpreter" { + description = "List of interpreter arguments used to execute deploy script, first arg is path" + type = list(string) + default = ["/bin/bash", "-c"] +} + variable "description" { description = "Description to use for the deployment" type = string diff --git a/outputs.tf b/outputs.tf index 33e5d560..9edbdfcf 100644 --- a/outputs.tf +++ b/outputs.tf @@ -121,5 +121,9 @@ output "local_filename" { output "s3_object" { description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" - value = map("bucket", local.s3_bucket, "key", local.s3_key, "version_id", local.s3_object_version) + value = { + bucket = local.s3_bucket + key = local.s3_key + version_id = local.s3_object_version + } } From caa8a5cdd5d3092a732069d901cf935edda58082 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 1 Mar 2021 14:35:27 +0100 Subject: [PATCH 060/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 06466eac..1710f779 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.41.0] - 2021-03-01 + +- feat: Added interpreter variable to control script runtime in deploy module ([#92](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/92)) + + ## [v1.40.0] - 2021-02-28 @@ -344,7 +350,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.40.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.41.0...HEAD +[v1.41.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.40.0...v1.41.0 [v1.40.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.39.0...v1.40.0 [v1.39.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.38.0...v1.39.0 [v1.38.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.37.0...v1.38.0 From a85cfb33253e7cfacd9dc1f841d56675442ed690 Mon Sep 17 00:00:00 2001 From: Tomasz Charewicz Date: Tue, 2 Mar 2021 19:29:49 +0100 Subject: [PATCH 061/385] feat: Add s3_acl and s3_server_site_encryption variables (#120) --- README.md | 2 ++ main.tf | 3 +++ variables.tf | 12 ++++++++++++ 3 files changed, 17 insertions(+) diff --git a/README.md b/README.md index 8a2d1d8b..fa9974a1 100644 --- a/README.md +++ b/README.md @@ -694,10 +694,12 @@ No Modules. | role\_permissions\_boundary | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | `string` | `null` | no | | role\_tags | A map of tags to assign to IAM role | `map(string)` | `{}` | no | | runtime | Lambda Function runtime | `string` | `""` | no | +| s3\_acl | The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, and bucket-owner-full-control. Defaults to private. | `string` | `"private"` | no | | s3\_bucket | S3 bucket to store artifacts | `string` | `null` | no | | s3\_existing\_package | The S3 bucket object with keys bucket, key, version pointing to an existing zip-file to use | `map(string)` | `null` | no | | s3\_object\_storage\_class | Specifies the desired Storage Class for the artifact uploaded to S3. Can be either STANDARD, REDUCED\_REDUNDANCY, ONEZONE\_IA, INTELLIGENT\_TIERING, or STANDARD\_IA. | `string` | `"ONEZONE_IA"` | no | | s3\_object\_tags | A map of tags to assign to S3 bucket object. | `map(string)` | `{}` | no | +| s3\_server\_side\_encryption | Specifies server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms". | `string` | `null` | no | | source\_path | The absolute path to a local file or directory containing your Lambda source code | `any` | `null` | no | | store\_on\_s3 | Whether to store produced artifacts on S3 or locally. | `bool` | `false` | no | | tags | A map of tags to assign to resources. | `map(string)` | `{}` | no | diff --git a/main.tf b/main.tf index 73889d54..70458153 100644 --- a/main.tf +++ b/main.tf @@ -109,11 +109,14 @@ resource "aws_s3_bucket_object" "lambda_package" { count = var.create && var.store_on_s3 && var.create_package ? 1 : 0 bucket = var.s3_bucket + acl = var.s3_acl key = data.external.archive_prepare[0].result.filename source = data.external.archive_prepare[0].result.filename etag = fileexists(data.external.archive_prepare[0].result.filename) ? filemd5(data.external.archive_prepare[0].result.filename) : null storage_class = var.s3_object_storage_class + server_side_encryption = var.s3_server_side_encryption + tags = merge(var.tags, var.s3_object_tags) depends_on = [null_resource.archive] diff --git a/variables.tf b/variables.tf index 93cf7c41..d9f8daed 100644 --- a/variables.tf +++ b/variables.tf @@ -523,6 +523,18 @@ variable "s3_bucket" { default = null } +variable "s3_acl" { + description = "The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, and bucket-owner-full-control. Defaults to private." + type = string + default = "private" +} + +variable "s3_server_side_encryption" { + description = "Specifies server-side encryption of the object in S3. Valid values are \"AES256\" and \"aws:kms\"." + type = string + default = null +} + variable "source_path" { description = "The absolute path to a local file or directory containing your Lambda source code" type = any # string | list(string | map(any)) From 5a480b367ddef24e89cf9dc43be8a1e4f4408953 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 2 Mar 2021 19:30:10 +0100 Subject: [PATCH 062/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1710f779..31f90a56 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.42.0] - 2021-03-02 + +- feat: Add s3_acl and s3_server_site_encryption variables ([#120](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/120)) + + ## [v1.41.0] - 2021-03-01 @@ -350,7 +356,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.41.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.42.0...HEAD +[v1.42.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.41.0...v1.42.0 [v1.41.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.40.0...v1.41.0 [v1.40.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.39.0...v1.40.0 [v1.39.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.38.0...v1.39.0 From 5400c8f12c83566adb8ef243ade3edcf7e98405b Mon Sep 17 00:00:00 2001 From: Mike Carey <32496966+mike-carey@users.noreply.github.com> Date: Wed, 3 Mar 2021 01:39:06 -0600 Subject: [PATCH 063/385] fix: Defaults the role_name coalesce to * to workaround import error (#121) --- iam.tf | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/iam.tf b/iam.tf index b17d1a2e..6fc2aa2d 100644 --- a/iam.tf +++ b/iam.tf @@ -7,7 +7,11 @@ locals { log_group_name = element(concat(data.aws_cloudwatch_log_group.lambda.*.name, aws_cloudwatch_log_group.lambda.*.name, [""]), 0) log_group_arn = local.create_role && var.lambda_at_edge ? format("arn:%s:%s:%s:%s:%s", data.aws_arn.log_group_arn[0].partition, data.aws_arn.log_group_arn[0].service, "*", data.aws_arn.log_group_arn[0].account, data.aws_arn.log_group_arn[0].resource) : local.log_group_arn_regional - role_name = local.create_role ? coalesce(var.role_name, var.function_name) : null + # Defaulting to "*" (an invalid character for an IAM Role name) will cause an error when + # attempting to plan if the role_name and function_name are not set. This is a workaround + # for #83 that will allow one to import resources without receiving an error from coalesce. + # @see https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/83 + role_name = local.create_role ? coalesce(var.role_name, var.function_name, "*") : null } ########### From 3c89d13dafa36ce5442856b61d6bf31423245c78 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 3 Mar 2021 08:39:45 +0100 Subject: [PATCH 064/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 31f90a56..82357c7e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.43.0] - 2021-03-03 + +- fix: Defaults the role_name coalesce to * to workaround import error ([#121](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/121)) + + ## [v1.42.0] - 2021-03-02 @@ -356,7 +362,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.42.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.43.0...HEAD +[v1.43.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.42.0...v1.43.0 [v1.42.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.41.0...v1.42.0 [v1.41.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.40.0...v1.41.0 [v1.40.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.39.0...v1.40.0 From c5d65ee681e339ac9d7883380b6c71a248b64d8c Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 9 Mar 2021 12:34:53 +0100 Subject: [PATCH 065/385] chore: Added examples to show CloudWatch Event Rule as triggers (#126) --- README.md | 1 + examples/triggers/.gitignore | 1 + examples/triggers/README.md | 75 ++++++++++++++++++++++++++ examples/triggers/main.tf | 65 ++++++++++++++++++++++ examples/triggers/outputs.tf | 99 ++++++++++++++++++++++++++++++++++ examples/triggers/variables.tf | 0 examples/triggers/versions.tf | 8 +++ 7 files changed, 249 insertions(+) create mode 100644 examples/triggers/.gitignore create mode 100644 examples/triggers/README.md create mode 100644 examples/triggers/main.tf create mode 100644 examples/triggers/outputs.tf create mode 100644 examples/triggers/variables.tf create mode 100644 examples/triggers/versions.tf diff --git a/README.md b/README.md index fa9974a1..04862c1a 100644 --- a/README.md +++ b/README.md @@ -564,6 +564,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo * [With EFS](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-efs) - Create Lambda Function with Elastic File System attached (Terraform 0.13+ is recommended). * [Multiple regions](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/multiple-regions) - Create the same Lambda Function in multiple regions with non-conflicting IAM roles and policies. * [Event Source Mapping](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/event-source-mapping) - Create Lambda Function with event source mapping configuration (SQS, DynamoDB, and Kinesis). +* [Triggers](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/triggers) - Create Lambda Function with some triggers (eg, Cloudwatch Events, EventBridge). diff --git a/examples/triggers/.gitignore b/examples/triggers/.gitignore new file mode 100644 index 00000000..b205ba3d --- /dev/null +++ b/examples/triggers/.gitignore @@ -0,0 +1 @@ +builds/* diff --git a/examples/triggers/README.md b/examples/triggers/README.md new file mode 100644 index 00000000..ae6aeada --- /dev/null +++ b/examples/triggers/README.md @@ -0,0 +1,75 @@ +# Triggers of AWS Lambda examples + +Configuration in this directory creates AWS Lambda Function with some triggers (eg. CloudWatch Events). + + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.12.26 | +| aws | >= 2.67 | +| random | >= 2 | + +## Providers + +| Name | Version | +|------|---------| +| aws | >= 2.67 | +| random | >= 2 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| lambda_function | ../../ | | + +## Resources + +| Name | +|------| +| [aws_cloudwatch_event_rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | +| [aws_cloudwatch_event_target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | + +## Inputs + +No input. + +## Outputs + +| Name | Description | +|------|-------------| +| lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group | +| lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | +| lambda\_role\_name | The name of the IAM role created for the Lambda Function | +| local\_filename | The filename of zip archive deployed (if deployment was from local) | +| s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) | +| this\_lambda\_function\_arn | The ARN of the Lambda Function | +| this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | +| this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | +| this\_lambda\_function\_last\_modified | The date Lambda Function resource was last modified | +| this\_lambda\_function\_name | The name of the Lambda Function | +| this\_lambda\_function\_qualified\_arn | The ARN identifying your Lambda Function Version | +| this\_lambda\_function\_source\_code\_hash | Base64-encoded representation of raw SHA-256 sum of the zip file | +| this\_lambda\_function\_source\_code\_size | The size in bytes of the function .zip file | +| this\_lambda\_function\_version | Latest published version of Lambda Function | +| this\_lambda\_layer\_arn | The ARN of the Lambda Layer with version | +| this\_lambda\_layer\_created\_date | The date Lambda Layer resource was created | +| this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | +| this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | +| this\_lambda\_layer\_version | The Lambda Layer version | + diff --git a/examples/triggers/main.tf b/examples/triggers/main.tf new file mode 100644 index 00000000..a5545c92 --- /dev/null +++ b/examples/triggers/main.tf @@ -0,0 +1,65 @@ +provider "aws" { + region = "eu-west-1" + + # Make it faster by skipping something + skip_get_ec2_platforms = true + skip_metadata_api_check = true + skip_region_validation = true + skip_credentials_validation = true + skip_requesting_account_id = true +} + +########################################## +# Lambda Function (with various triggers) +########################################## + +module "lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-lambda-triggers" + description = "My awesome lambda function" + handler = "index.lambda_handler" + runtime = "python3.8" + publish = true + + create_package = false + local_existing_package = "${path.module}/../fixtures/python3.8-zip/existing_package.zip" + + allowed_triggers = { + ScanAmiRule = { + principal = "events.amazonaws.com" + source_arn = aws_cloudwatch_event_rule.scan_ami.arn + } + } +} + +################## +# Extra resources +################## + +resource "random_pet" "this" { + length = 2 +} + +################################## +# Cloudwatch Events (EventBridge) +################################## +resource "aws_cloudwatch_event_rule" "scan_ami" { + name = "EC2CreateImageEvent" + description = "EC2 Create Image Event..." + event_pattern = < Date: Tue, 9 Mar 2021 12:41:32 +0100 Subject: [PATCH 066/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 82357c7e..f20f8fc9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.44.0] - 2021-03-09 + +- chore: Added examples to show CloudWatch Event Rule as triggers ([#126](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/126)) + + ## [v1.43.0] - 2021-03-03 @@ -362,7 +368,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.43.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.44.0...HEAD +[v1.44.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.43.0...v1.44.0 [v1.43.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.42.0...v1.43.0 [v1.42.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.41.0...v1.42.0 [v1.41.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.40.0...v1.41.0 From fe1dfcb3c9a37530d3c4b6dc5ca76b1db64cbdd8 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sat, 27 Mar 2021 16:28:37 -0400 Subject: [PATCH 067/385] chore: update documentation and pin `terraform_docs` version to avoid future changes (#134) --- .github/workflows/pre-commit.yml | 2 +- .pre-commit-config.yaml | 2 +- README.md | 313 +++++++++++++++------------- examples/alias/README.md | 70 +++---- examples/async/README.md | 62 +++--- examples/build-package/README.md | 38 ++-- examples/complete/README.md | 74 +++---- examples/container-image/README.md | 68 +++--- examples/deploy/README.md | 45 ++-- examples/multiple-regions/README.md | 65 +++--- examples/simple/README.md | 56 ++--- examples/triggers/README.md | 62 +++--- examples/with-efs/README.md | 66 +++--- examples/with-vpc/README.md | 58 +++--- modules/alias/README.md | 68 +++--- modules/deploy/README.md | 124 +++++------ 16 files changed, 600 insertions(+), 573 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index efa5a771..7eaa782b 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -94,7 +94,7 @@ jobs: - name: Install pre-commit dependencies run: | pip install pre-commit - curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ + curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-v0.12.0-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/ - name: Execute pre-commit # Run all pre-commit checks on max version supported diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 4963e575..8814cf61 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.46.0 + rev: v1.48.0 hooks: - id: terraform_fmt - id: terraform_validate diff --git a/README.md b/README.md index 04862c1a..e83a210e 100644 --- a/README.md +++ b/README.md @@ -572,173 +572,194 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| terraform | >= 0.12.26 | -| aws | >= 3.19 | -| external | >= 1 | -| local | >= 1 | -| null | >= 2 | -| random | >= 2 | +| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [aws](#requirement\_aws) | >= 3.19 | +| [external](#requirement\_external) | >= 1 | +| [local](#requirement\_local) | >= 1 | +| [null](#requirement\_null) | >= 2 | +| [random](#requirement\_random) | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 3.19 | -| external | >= 1 | -| local | >= 1 | -| null | >= 2 | +| [aws](#provider\_aws) | >= 3.19 | +| [external](#provider\_external) | >= 1 | +| [local](#provider\_local) | >= 1 | +| [null](#provider\_null) | >= 2 | ## Modules -No Modules. +No modules. ## Resources -| Name | -|------| -| [aws_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | -| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | -| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | -| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | -| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | -| [aws_iam_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | -| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | -| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | -| [aws_lambda_event_source_mapping](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | -| [aws_lambda_function](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | -| [aws_lambda_function_event_invoke_config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | -| [aws_lambda_layer_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_layer_version) | -| [aws_lambda_permission](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | -| [aws_lambda_provisioned_concurrency_config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_provisioned_concurrency_config) | -| [aws_s3_bucket_object](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_object) | -| [external_external](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | -| [local_file](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | -| [null_resource](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | +| Name | Type | +|------|------| +| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | +| [aws_iam_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy_attachment.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | +| [aws_iam_policy_attachment.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | +| [aws_iam_policy_attachment.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | +| [aws_iam_policy_attachment.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | +| [aws_iam_policy_attachment.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | +| [aws_iam_policy_attachment.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | +| [aws_iam_policy_attachment.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | +| [aws_iam_policy_attachment.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | +| [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.additional_many](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.additional_one](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | +| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | +| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | +| [aws_lambda_layer_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_layer_version) | resource | +| [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_permission.unqualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_provisioned_concurrency_config.current_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_provisioned_concurrency_config) | resource | +| [aws_s3_bucket_object.lambda_package](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_object) | resource | +| [local_file.archive_plan](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | +| [null_resource.archive](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [aws_arn.log_group_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | +| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | data source | +| [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | +| [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | +| [aws_iam_policy_document.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [external_external.archive_prepare](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| allowed\_triggers | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | -| artifacts\_dir | Directory name where artifacts should be stored | `string` | `"builds"` | no | -| attach\_async\_event\_policy | Controls whether async event policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| attach\_cloudwatch\_logs\_policy | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | `bool` | `true` | no | -| attach\_dead\_letter\_policy | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| attach\_network\_policy | Controls whether VPC/network policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| attach\_policies | Controls whether list of policies should be added to IAM role for Lambda Function | `bool` | `false` | no | -| attach\_policy | Controls whether policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| attach\_policy\_json | Controls whether policy\_json should be added to IAM role for Lambda Function | `bool` | `false` | no | -| attach\_policy\_jsons | Controls whether policy\_jsons should be added to IAM role for Lambda Function | `bool` | `false` | no | -| attach\_policy\_statements | Controls whether policy\_statements should be added to IAM role for Lambda Function | `bool` | `false` | no | -| attach\_tracing\_policy | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | `bool` | `false` | no | -| build\_in\_docker | Whether to build dependencies in Docker | `bool` | `false` | no | -| cloudwatch\_logs\_kms\_key\_id | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | -| cloudwatch\_logs\_retention\_in\_days | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | -| cloudwatch\_logs\_tags | A map of tags to assign to the resource. | `map(string)` | `{}` | no | -| compatible\_runtimes | A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified. | `list(string)` | `[]` | no | -| create | Controls whether resources should be created | `bool` | `true` | no | -| create\_async\_event\_config | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | -| create\_current\_version\_allowed\_triggers | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| create\_current\_version\_async\_event\_config | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| create\_function | Controls whether Lambda Function resource should be created | `bool` | `true` | no | -| create\_layer | Controls whether Lambda Layer resource should be created | `bool` | `false` | no | -| create\_package | Controls whether Lambda package should be created | `bool` | `true` | no | -| create\_role | Controls whether IAM role for Lambda Function should be created | `bool` | `true` | no | -| create\_unqualified\_alias\_allowed\_triggers | Whether to allow triggers on unqualified alias pointing to $LATEST version | `bool` | `true` | no | -| create\_unqualified\_alias\_async\_event\_config | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | `bool` | `true` | no | -| dead\_letter\_target\_arn | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | `string` | `null` | no | -| description | Description of your Lambda Function (or Layer) | `string` | `""` | no | -| destination\_on\_failure | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | -| destination\_on\_success | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | -| docker\_build\_root | Root dir where to build in Docker | `string` | `""` | no | -| docker\_file | Path to a Dockerfile when building in Docker | `string` | `""` | no | -| docker\_image | Docker image to use for the build | `string` | `""` | no | -| docker\_pip\_cache | Whether to mount a shared pip cache folder into docker environment or not | `any` | `null` | no | -| docker\_with\_ssh\_agent | Whether to pass SSH\_AUTH\_SOCK into docker environment or not | `bool` | `false` | no | -| environment\_variables | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no | -| event\_source\_mapping | Map of event source mapping | `any` | `{}` | no | -| file\_system\_arn | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | `string` | `null` | no | -| file\_system\_local\_mount\_path | The path where the function can access the file system, starting with /mnt/. | `string` | `null` | no | -| function\_name | A unique name for your Lambda Function | `string` | `""` | no | -| handler | Lambda Function entrypoint in your code | `string` | `""` | no | -| hash\_extra | The string to add into hashing function. Useful when building same source path for different functions. | `string` | `""` | no | -| image\_config\_command | The CMD for the docker image | `list(string)` | `[]` | no | -| image\_config\_entry\_point | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | -| image\_config\_working\_directory | The working directory for the docker image | `string` | `null` | no | -| image\_uri | The ECR image URI containing the function's deployment package. | `string` | `null` | no | -| kms\_key\_arn | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | -| lambda\_at\_edge | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | -| lambda\_role | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | -| layer\_name | Name of Lambda Layer to create | `string` | `""` | no | -| layers | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `null` | no | -| license\_info | License info for your Lambda Layer. Eg, MIT or full url of a license. | `string` | `""` | no | -| local\_existing\_package | The absolute path to an existing zip-file to use | `string` | `null` | no | -| maximum\_event\_age\_in\_seconds | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | -| maximum\_retry\_attempts | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | -| memory\_size | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | `number` | `128` | no | -| number\_of\_policies | Number of policies to attach to IAM role for Lambda Function | `number` | `0` | no | -| number\_of\_policy\_jsons | Number of policies JSON to attach to IAM role for Lambda Function | `number` | `0` | no | -| package\_type | The Lambda deployment package type. Valid options: Zip or Image | `string` | `"Zip"` | no | -| policies | List of policy statements ARN to attach to Lambda Function role | `list(string)` | `[]` | no | -| policy | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no | -| policy\_json | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | -| policy\_jsons | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no | -| policy\_statements | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | -| provisioned\_concurrent\_executions | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | -| publish | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | -| reserved\_concurrent\_executions | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | -| role\_description | Description of IAM role to use for Lambda Function | `string` | `null` | no | -| role\_force\_detach\_policies | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no | -| role\_name | Name of IAM role to use for Lambda Function | `string` | `null` | no | -| role\_path | Path of IAM role to use for Lambda Function | `string` | `null` | no | -| role\_permissions\_boundary | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | `string` | `null` | no | -| role\_tags | A map of tags to assign to IAM role | `map(string)` | `{}` | no | -| runtime | Lambda Function runtime | `string` | `""` | no | -| s3\_acl | The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, and bucket-owner-full-control. Defaults to private. | `string` | `"private"` | no | -| s3\_bucket | S3 bucket to store artifacts | `string` | `null` | no | -| s3\_existing\_package | The S3 bucket object with keys bucket, key, version pointing to an existing zip-file to use | `map(string)` | `null` | no | -| s3\_object\_storage\_class | Specifies the desired Storage Class for the artifact uploaded to S3. Can be either STANDARD, REDUCED\_REDUNDANCY, ONEZONE\_IA, INTELLIGENT\_TIERING, or STANDARD\_IA. | `string` | `"ONEZONE_IA"` | no | -| s3\_object\_tags | A map of tags to assign to S3 bucket object. | `map(string)` | `{}` | no | -| s3\_server\_side\_encryption | Specifies server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms". | `string` | `null` | no | -| source\_path | The absolute path to a local file or directory containing your Lambda source code | `any` | `null` | no | -| store\_on\_s3 | Whether to store produced artifacts on S3 or locally. | `bool` | `false` | no | -| tags | A map of tags to assign to resources. | `map(string)` | `{}` | no | -| timeout | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no | -| tracing\_mode | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no | -| trusted\_entities | Lambda Function additional trusted entities for assuming roles (trust relationship) | `list(string)` | `[]` | no | -| use\_existing\_cloudwatch\_log\_group | Whether to use an existing CloudWatch log group or create new | `bool` | `false` | no | -| vpc\_security\_group\_ids | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no | -| vpc\_subnet\_ids | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | `list(string)` | `null` | no | +| [allowed\_triggers](#input\_allowed\_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | +| [artifacts\_dir](#input\_artifacts\_dir) | Directory name where artifacts should be stored | `string` | `"builds"` | no | +| [attach\_async\_event\_policy](#input\_attach\_async\_event\_policy) | Controls whether async event policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_cloudwatch\_logs\_policy](#input\_attach\_cloudwatch\_logs\_policy) | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | `bool` | `true` | no | +| [attach\_dead\_letter\_policy](#input\_attach\_dead\_letter\_policy) | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_network\_policy](#input\_attach\_network\_policy) | Controls whether VPC/network policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_policies](#input\_attach\_policies) | Controls whether list of policies should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_policy](#input\_attach\_policy) | Controls whether policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_policy\_json](#input\_attach\_policy\_json) | Controls whether policy\_json should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_policy\_jsons](#input\_attach\_policy\_jsons) | Controls whether policy\_jsons should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_policy\_statements](#input\_attach\_policy\_statements) | Controls whether policy\_statements should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [attach\_tracing\_policy](#input\_attach\_tracing\_policy) | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [build\_in\_docker](#input\_build\_in\_docker) | Whether to build dependencies in Docker | `bool` | `false` | no | +| [cloudwatch\_logs\_kms\_key\_id](#input\_cloudwatch\_logs\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | +| [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | +| [cloudwatch\_logs\_tags](#input\_cloudwatch\_logs\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | +| [compatible\_runtimes](#input\_compatible\_runtimes) | A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified. | `list(string)` | `[]` | no | +| [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | +| [create\_async\_event\_config](#input\_create\_async\_event\_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | +| [create\_current\_version\_allowed\_triggers](#input\_create\_current\_version\_allowed\_triggers) | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [create\_current\_version\_async\_event\_config](#input\_create\_current\_version\_async\_event\_config) | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [create\_function](#input\_create\_function) | Controls whether Lambda Function resource should be created | `bool` | `true` | no | +| [create\_layer](#input\_create\_layer) | Controls whether Lambda Layer resource should be created | `bool` | `false` | no | +| [create\_package](#input\_create\_package) | Controls whether Lambda package should be created | `bool` | `true` | no | +| [create\_role](#input\_create\_role) | Controls whether IAM role for Lambda Function should be created | `bool` | `true` | no | +| [create\_unqualified\_alias\_allowed\_triggers](#input\_create\_unqualified\_alias\_allowed\_triggers) | Whether to allow triggers on unqualified alias pointing to $LATEST version | `bool` | `true` | no | +| [create\_unqualified\_alias\_async\_event\_config](#input\_create\_unqualified\_alias\_async\_event\_config) | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | `bool` | `true` | no | +| [dead\_letter\_target\_arn](#input\_dead\_letter\_target\_arn) | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | `string` | `null` | no | +| [description](#input\_description) | Description of your Lambda Function (or Layer) | `string` | `""` | no | +| [destination\_on\_failure](#input\_destination\_on\_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | +| [destination\_on\_success](#input\_destination\_on\_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | +| [docker\_build\_root](#input\_docker\_build\_root) | Root dir where to build in Docker | `string` | `""` | no | +| [docker\_file](#input\_docker\_file) | Path to a Dockerfile when building in Docker | `string` | `""` | no | +| [docker\_image](#input\_docker\_image) | Docker image to use for the build | `string` | `""` | no | +| [docker\_pip\_cache](#input\_docker\_pip\_cache) | Whether to mount a shared pip cache folder into docker environment or not | `any` | `null` | no | +| [docker\_with\_ssh\_agent](#input\_docker\_with\_ssh\_agent) | Whether to pass SSH\_AUTH\_SOCK into docker environment or not | `bool` | `false` | no | +| [environment\_variables](#input\_environment\_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no | +| [event\_source\_mapping](#input\_event\_source\_mapping) | Map of event source mapping | `any` | `{}` | no | +| [file\_system\_arn](#input\_file\_system\_arn) | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | `string` | `null` | no | +| [file\_system\_local\_mount\_path](#input\_file\_system\_local\_mount\_path) | The path where the function can access the file system, starting with /mnt/. | `string` | `null` | no | +| [function\_name](#input\_function\_name) | A unique name for your Lambda Function | `string` | `""` | no | +| [handler](#input\_handler) | Lambda Function entrypoint in your code | `string` | `""` | no | +| [hash\_extra](#input\_hash\_extra) | The string to add into hashing function. Useful when building same source path for different functions. | `string` | `""` | no | +| [image\_config\_command](#input\_image\_config\_command) | The CMD for the docker image | `list(string)` | `[]` | no | +| [image\_config\_entry\_point](#input\_image\_config\_entry\_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | +| [image\_config\_working\_directory](#input\_image\_config\_working\_directory) | The working directory for the docker image | `string` | `null` | no | +| [image\_uri](#input\_image\_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no | +| [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | +| [lambda\_at\_edge](#input\_lambda\_at\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | +| [lambda\_role](#input\_lambda\_role) | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | +| [layer\_name](#input\_layer\_name) | Name of Lambda Layer to create | `string` | `""` | no | +| [layers](#input\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `null` | no | +| [license\_info](#input\_license\_info) | License info for your Lambda Layer. Eg, MIT or full url of a license. | `string` | `""` | no | +| [local\_existing\_package](#input\_local\_existing\_package) | The absolute path to an existing zip-file to use | `string` | `null` | no | +| [maximum\_event\_age\_in\_seconds](#input\_maximum\_event\_age\_in\_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | +| [maximum\_retry\_attempts](#input\_maximum\_retry\_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | +| [memory\_size](#input\_memory\_size) | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | `number` | `128` | no | +| [number\_of\_policies](#input\_number\_of\_policies) | Number of policies to attach to IAM role for Lambda Function | `number` | `0` | no | +| [number\_of\_policy\_jsons](#input\_number\_of\_policy\_jsons) | Number of policies JSON to attach to IAM role for Lambda Function | `number` | `0` | no | +| [package\_type](#input\_package\_type) | The Lambda deployment package type. Valid options: Zip or Image | `string` | `"Zip"` | no | +| [policies](#input\_policies) | List of policy statements ARN to attach to Lambda Function role | `list(string)` | `[]` | no | +| [policy](#input\_policy) | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no | +| [policy\_json](#input\_policy\_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | +| [policy\_jsons](#input\_policy\_jsons) | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no | +| [policy\_statements](#input\_policy\_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | +| [provisioned\_concurrent\_executions](#input\_provisioned\_concurrent\_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | +| [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | +| [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | +| [role\_description](#input\_role\_description) | Description of IAM role to use for Lambda Function | `string` | `null` | no | +| [role\_force\_detach\_policies](#input\_role\_force\_detach\_policies) | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no | +| [role\_name](#input\_role\_name) | Name of IAM role to use for Lambda Function | `string` | `null` | no | +| [role\_path](#input\_role\_path) | Path of IAM role to use for Lambda Function | `string` | `null` | no | +| [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | `string` | `null` | no | +| [role\_tags](#input\_role\_tags) | A map of tags to assign to IAM role | `map(string)` | `{}` | no | +| [runtime](#input\_runtime) | Lambda Function runtime | `string` | `""` | no | +| [s3\_acl](#input\_s3\_acl) | The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, and bucket-owner-full-control. Defaults to private. | `string` | `"private"` | no | +| [s3\_bucket](#input\_s3\_bucket) | S3 bucket to store artifacts | `string` | `null` | no | +| [s3\_existing\_package](#input\_s3\_existing\_package) | The S3 bucket object with keys bucket, key, version pointing to an existing zip-file to use | `map(string)` | `null` | no | +| [s3\_object\_storage\_class](#input\_s3\_object\_storage\_class) | Specifies the desired Storage Class for the artifact uploaded to S3. Can be either STANDARD, REDUCED\_REDUNDANCY, ONEZONE\_IA, INTELLIGENT\_TIERING, or STANDARD\_IA. | `string` | `"ONEZONE_IA"` | no | +| [s3\_object\_tags](#input\_s3\_object\_tags) | A map of tags to assign to S3 bucket object. | `map(string)` | `{}` | no | +| [s3\_server\_side\_encryption](#input\_s3\_server\_side\_encryption) | Specifies server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms". | `string` | `null` | no | +| [source\_path](#input\_source\_path) | The absolute path to a local file or directory containing your Lambda source code | `any` | `null` | no | +| [store\_on\_s3](#input\_store\_on\_s3) | Whether to store produced artifacts on S3 or locally. | `bool` | `false` | no | +| [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | +| [timeout](#input\_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no | +| [tracing\_mode](#input\_tracing\_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no | +| [trusted\_entities](#input\_trusted\_entities) | Lambda Function additional trusted entities for assuming roles (trust relationship) | `list(string)` | `[]` | no | +| [use\_existing\_cloudwatch\_log\_group](#input\_use\_existing\_cloudwatch\_log\_group) | Whether to use an existing CloudWatch log group or create new | `bool` | `false` | no | +| [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no | +| [vpc\_subnet\_ids](#input\_vpc\_subnet\_ids) | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | `list(string)` | `null` | no | ## Outputs | Name | Description | |------|-------------| -| lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group | -| lambda\_cloudwatch\_log\_group\_name | The name of the Cloudwatch Log Group | -| lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | -| lambda\_role\_name | The name of the IAM role created for the Lambda Function | -| local\_filename | The filename of zip archive deployed (if deployment was from local) | -| s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| this\_lambda\_event\_source\_mapping\_function\_arn | The the ARN of the Lambda function the event source mapping is sending events to | -| this\_lambda\_event\_source\_mapping\_state | The state of the event source mapping | -| this\_lambda\_event\_source\_mapping\_state\_transition\_reason | The reason the event source mapping is in its current state | -| this\_lambda\_event\_source\_mapping\_uuid | The UUID of the created event source mapping | -| this\_lambda\_function\_arn | The ARN of the Lambda Function | -| this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | -| this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | -| this\_lambda\_function\_last\_modified | The date Lambda Function resource was last modified | -| this\_lambda\_function\_name | The name of the Lambda Function | -| this\_lambda\_function\_qualified\_arn | The ARN identifying your Lambda Function Version | -| this\_lambda\_function\_source\_code\_hash | Base64-encoded representation of raw SHA-256 sum of the zip file | -| this\_lambda\_function\_source\_code\_size | The size in bytes of the function .zip file | -| this\_lambda\_function\_version | Latest published version of Lambda Function | -| this\_lambda\_layer\_arn | The ARN of the Lambda Layer with version | -| this\_lambda\_layer\_created\_date | The date Lambda Layer resource was created | -| this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | -| this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | -| this\_lambda\_layer\_version | The Lambda Layer version | +| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_cloudwatch\_log\_group\_name](#output\_lambda\_cloudwatch\_log\_group\_name) | The name of the Cloudwatch Log Group | +| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | +| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | +| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | +| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +| [this\_lambda\_event\_source\_mapping\_function\_arn](#output\_this\_lambda\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | +| [this\_lambda\_event\_source\_mapping\_state](#output\_this\_lambda\_event\_source\_mapping\_state) | The state of the event source mapping | +| [this\_lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_this\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | +| [this\_lambda\_event\_source\_mapping\_uuid](#output\_this\_lambda\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | +| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | +| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | +| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | ## Authors diff --git a/examples/alias/README.md b/examples/alias/README.md index 779f074f..0bbd8e25 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -19,60 +19,60 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.26 | -| aws | >= 3.19 | -| random | >= 2 | +| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [aws](#requirement\_aws) | >= 3.19 | +| [random](#requirement\_random) | >= 2 | ## Providers | Name | Version | |------|---------| -| random | >= 2 | +| [random](#provider\_random) | >= 2 | ## Modules | Name | Source | Version | |------|--------|---------| -| alias_existing | ../../modules/alias | | -| alias_no_refresh | ../../modules/alias | | -| alias_refresh | ../../modules/alias | | -| lambda_function | ../../ | | +| [alias\_existing](#module\_alias\_existing) | ../../modules/alias | | +| [alias\_no\_refresh](#module\_alias\_no\_refresh) | ../../modules/alias | | +| [alias\_refresh](#module\_alias\_refresh) | ../../modules/alias | | +| [lambda\_function](#module\_lambda\_function) | ../../ | | ## Resources -| Name | -|------| -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | +| Name | Type | +|------|------| +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | ## Inputs -No input. +No inputs. ## Outputs | Name | Description | |------|-------------| -| lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | -| lambda\_role\_name | The name of the IAM role created for the Lambda Function | -| local\_filename | The filename of zip archive deployed (if deployment was from local) | -| s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| this\_lambda\_alias\_arn | The ARN of the Lambda Function Alias | -| this\_lambda\_alias\_description | Description of alias | -| this\_lambda\_alias\_function\_version | Lambda function version which the alias uses | -| this\_lambda\_alias\_invoke\_arn | The ARN to be used for invoking Lambda Function from API Gateway | -| this\_lambda\_alias\_name | The name of the Lambda Function Alias | -| this\_lambda\_function\_arn | The ARN of the Lambda Function | -| this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | -| this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | -| this\_lambda\_function\_last\_modified | The date Lambda Function resource was last modified | -| this\_lambda\_function\_name | The name of the Lambda Function | -| this\_lambda\_function\_qualified\_arn | The ARN identifying your Lambda Function Version | -| this\_lambda\_function\_source\_code\_hash | Base64-encoded representation of raw SHA-256 sum of the zip file | -| this\_lambda\_function\_source\_code\_size | The size in bytes of the function .zip file | -| this\_lambda\_function\_version | Latest published version of Lambda Function | -| this\_lambda\_layer\_arn | The ARN of the Lambda Layer with version | -| this\_lambda\_layer\_created\_date | The date Lambda Layer resource was created | -| this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | -| this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | -| this\_lambda\_layer\_version | The Lambda Layer version | +| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | +| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | +| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | +| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +| [this\_lambda\_alias\_arn](#output\_this\_lambda\_alias\_arn) | The ARN of the Lambda Function Alias | +| [this\_lambda\_alias\_description](#output\_this\_lambda\_alias\_description) | Description of alias | +| [this\_lambda\_alias\_function\_version](#output\_this\_lambda\_alias\_function\_version) | Lambda function version which the alias uses | +| [this\_lambda\_alias\_invoke\_arn](#output\_this\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | +| [this\_lambda\_alias\_name](#output\_this\_lambda\_alias\_name) | The name of the Lambda Function Alias | +| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | +| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | +| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/async/README.md b/examples/async/README.md index 316a2e64..472d6177 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -19,56 +19,56 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.26 | -| aws | >= 3.19 | -| random | >= 2 | +| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [aws](#requirement\_aws) | >= 3.19 | +| [random](#requirement\_random) | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 3.19 | -| random | >= 2 | +| [aws](#provider\_aws) | >= 3.19 | +| [random](#provider\_random) | >= 2 | ## Modules | Name | Source | Version | |------|--------|---------| -| lambda_function | ../../ | | +| [lambda\_function](#module\_lambda\_function) | ../../ | | ## Resources -| Name | -|------| -| [aws_sns_topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | -| [aws_sqs_queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | +| Name | Type | +|------|------| +| [aws_sns_topic.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource | +| [aws_sqs_queue.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | ## Inputs -No input. +No inputs. ## Outputs | Name | Description | |------|-------------| -| lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group | -| lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | -| lambda\_role\_name | The name of the IAM role created for the Lambda Function | -| local\_filename | The filename of zip archive deployed (if deployment was from local) | -| s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| this\_lambda\_function\_arn | The ARN of the Lambda Function | -| this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | -| this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | -| this\_lambda\_function\_last\_modified | The date Lambda Function resource was last modified | -| this\_lambda\_function\_name | The name of the Lambda Function | -| this\_lambda\_function\_qualified\_arn | The ARN identifying your Lambda Function Version | -| this\_lambda\_function\_source\_code\_hash | Base64-encoded representation of raw SHA-256 sum of the zip file | -| this\_lambda\_function\_source\_code\_size | The size in bytes of the function .zip file | -| this\_lambda\_function\_version | Latest published version of Lambda Function | -| this\_lambda\_layer\_arn | The ARN of the Lambda Layer with version | -| this\_lambda\_layer\_created\_date | The date Lambda Layer resource was created | -| this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | -| this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | -| this\_lambda\_layer\_version | The Lambda Layer version | +| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | +| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | +| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | +| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | +| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | +| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/build-package/README.md b/examples/build-package/README.md index ff2338f6..404ff9ef 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -19,42 +19,42 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.26 | -| aws | >= 3.19 | -| random | >= 2 | +| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [aws](#requirement\_aws) | >= 3.19 | +| [random](#requirement\_random) | >= 2 | ## Providers | Name | Version | |------|---------| -| random | >= 2 | +| [random](#provider\_random) | >= 2 | ## Modules | Name | Source | Version | |------|--------|---------| -| lambda_function_from_package | ../../ | | -| lambda_layer | ../../ | | -| package_dir | ../../ | | -| package_dir_without_pip_install | ../../ | | -| package_file | ../../ | | -| package_file_with_pip_requirements | ../../ | | -| package_with_commands_and_patterns | ../../ | | -| package_with_docker | ../../ | | -| package_with_patterns | ../../ | | -| package_with_pip_requirements_in_docker | ../../ | | +| [lambda\_function\_from\_package](#module\_lambda\_function\_from\_package) | ../../ | | +| [lambda\_layer](#module\_lambda\_layer) | ../../ | | +| [package\_dir](#module\_package\_dir) | ../../ | | +| [package\_dir\_without\_pip\_install](#module\_package\_dir\_without\_pip\_install) | ../../ | | +| [package\_file](#module\_package\_file) | ../../ | | +| [package\_file\_with\_pip\_requirements](#module\_package\_file\_with\_pip\_requirements) | ../../ | | +| [package\_with\_commands\_and\_patterns](#module\_package\_with\_commands\_and\_patterns) | ../../ | | +| [package\_with\_docker](#module\_package\_with\_docker) | ../../ | | +| [package\_with\_patterns](#module\_package\_with\_patterns) | ../../ | | +| [package\_with\_pip\_requirements\_in\_docker](#module\_package\_with\_pip\_requirements\_in\_docker) | ../../ | | ## Resources -| Name | -|------| -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | +| Name | Type | +|------|------| +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | ## Inputs -No input. +No inputs. ## Outputs -No output. +No outputs. diff --git a/examples/complete/README.md b/examples/complete/README.md index 7532775e..a6e8a6ba 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -20,62 +20,62 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.26 | -| aws | >= 2.67 | -| random | >= 2 | +| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [aws](#requirement\_aws) | >= 2.67 | +| [random](#requirement\_random) | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67 | -| random | >= 2 | +| [aws](#provider\_aws) | >= 2.67 | +| [random](#provider\_random) | >= 2 | ## Modules | Name | Source | Version | |------|--------|---------| -| disabled_lambda | ../../ | | -| lambda_at_edge | ../../ | | -| lambda_function | ../../ | | -| lambda_function_existing_package_local | ../../ | | -| lambda_layer_local | ../../ | | -| lambda_layer_s3 | ../../ | | -| lambda_with_provisioned_concurrency | ../../ | | -| s3_bucket | terraform-aws-modules/s3-bucket/aws | | +| [disabled\_lambda](#module\_disabled\_lambda) | ../../ | | +| [lambda\_at\_edge](#module\_lambda\_at\_edge) | ../../ | | +| [lambda\_function](#module\_lambda\_function) | ../../ | | +| [lambda\_function\_existing\_package\_local](#module\_lambda\_function\_existing\_package\_local) | ../../ | | +| [lambda\_layer\_local](#module\_lambda\_layer\_local) | ../../ | | +| [lambda\_layer\_s3](#module\_lambda\_layer\_s3) | ../../ | | +| [lambda\_with\_provisioned\_concurrency](#module\_lambda\_with\_provisioned\_concurrency) | ../../ | | +| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | | ## Resources -| Name | -|------| -| [aws_sqs_queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | +| Name | Type | +|------|------| +| [aws_sqs_queue.dlq](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | ## Inputs -No input. +No inputs. ## Outputs | Name | Description | |------|-------------| -| lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group | -| lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | -| lambda\_role\_name | The name of the IAM role created for the Lambda Function | -| local\_filename | The filename of zip archive deployed (if deployment was from local) | -| s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| this\_lambda\_function\_arn | The ARN of the Lambda Function | -| this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | -| this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | -| this\_lambda\_function\_last\_modified | The date Lambda Function resource was last modified | -| this\_lambda\_function\_name | The name of the Lambda Function | -| this\_lambda\_function\_qualified\_arn | The ARN identifying your Lambda Function Version | -| this\_lambda\_function\_source\_code\_hash | Base64-encoded representation of raw SHA-256 sum of the zip file | -| this\_lambda\_function\_source\_code\_size | The size in bytes of the function .zip file | -| this\_lambda\_function\_version | Latest published version of Lambda Function | -| this\_lambda\_layer\_arn | The ARN of the Lambda Layer with version | -| this\_lambda\_layer\_created\_date | The date Lambda Layer resource was created | -| this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | -| this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | -| this\_lambda\_layer\_version | The Lambda Layer version | +| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | +| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | +| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | +| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | +| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | +| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/container-image/README.md b/examples/container-image/README.md index a5dfed3b..caae5b98 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -19,59 +19,59 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.13 | -| aws | >= 3.19 | -| docker | >= 2.8.0 | -| random | >= 2 | +| [terraform](#requirement\_terraform) | >= 0.13 | +| [aws](#requirement\_aws) | >= 3.19 | +| [docker](#requirement\_docker) | >= 2.8.0 | +| [random](#requirement\_random) | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 3.19 | -| docker | >= 2.8.0 | -| random | >= 2 | +| [aws](#provider\_aws) | >= 3.19 | +| [docker](#provider\_docker) | >= 2.8.0 | +| [random](#provider\_random) | >= 2 | ## Modules | Name | Source | Version | |------|--------|---------| -| lambda_function_from_container_image | ../../ | | +| [lambda\_function\_from\_container\_image](#module\_lambda\_function\_from\_container\_image) | ../../ | | ## Resources -| Name | -|------| -| [aws_caller_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | -| [aws_ecr_authorization_token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | -| [aws_ecr_repository](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | -| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | -| [docker_registry_image](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/registry_image) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | +| Name | Type | +|------|------| +| [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource | +| [docker_registry_image.app](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/registry_image) | resource | +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_ecr_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs -No input. +No inputs. ## Outputs | Name | Description | |------|-------------| -| lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group | -| lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | -| lambda\_role\_name | The name of the IAM role created for the Lambda Function | -| this\_lambda\_function\_arn | The ARN of the Lambda Function | -| this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | -| this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | -| this\_lambda\_function\_last\_modified | The date Lambda Function resource was last modified | -| this\_lambda\_function\_name | The name of the Lambda Function | -| this\_lambda\_function\_qualified\_arn | The ARN identifying your Lambda Function Version | -| this\_lambda\_function\_source\_code\_hash | Base64-encoded representation of raw SHA-256 sum of the zip file | -| this\_lambda\_function\_source\_code\_size | The size in bytes of the function .zip file | -| this\_lambda\_function\_version | Latest published version of Lambda Function | -| this\_lambda\_layer\_arn | The ARN of the Lambda Layer with version | -| this\_lambda\_layer\_created\_date | The date Lambda Layer resource was created | -| this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | -| this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | -| this\_lambda\_layer\_version | The Lambda Layer version | +| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | +| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | +| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | +| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | +| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/deploy/README.md b/examples/deploy/README.md index d5825ada..1bf75d45 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -19,47 +19,48 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.26 | -| aws | >= 3.19 | -| random | >= 2 | +| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [aws](#requirement\_aws) | >= 3.19 | +| [random](#requirement\_random) | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 3.19 | -| random | >= 2 | +| [aws](#provider\_aws) | >= 3.19 | +| [random](#provider\_random) | >= 2 | ## Modules | Name | Source | Version | |------|--------|---------| -| alias_refresh | ../../modules/alias | | -| deploy | ../../modules/deploy | | -| lambda_function | ../../ | | +| [alias\_refresh](#module\_alias\_refresh) | ../../modules/alias | | +| [deploy](#module\_deploy) | ../../modules/deploy | | +| [lambda\_function](#module\_lambda\_function) | ../../ | | ## Resources -| Name | -|------| -| [aws_sns_topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | +| Name | Type | +|------|------| +| [aws_sns_topic.sns1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource | +| [aws_sns_topic.sns2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource | +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | ## Inputs -No input. +No inputs. ## Outputs | Name | Description | |------|-------------| -| appspec | Appspec data as HCL | -| appspec\_content | Appspec data as valid JSON | -| appspec\_sha256 | SHA256 of Appspec JSON | -| codedeploy\_app\_name | Name of CodeDeploy application | -| codedeploy\_deployment\_group\_id | CodeDeploy deployment group id | -| codedeploy\_deployment\_group\_name | CodeDeploy deployment group name | -| codedeploy\_iam\_role\_name | Name of IAM role used by CodeDeploy | -| deploy\_script | Path to a deployment script | -| script | Deployment script | +| [appspec](#output\_appspec) | Appspec data as HCL | +| [appspec\_content](#output\_appspec\_content) | Appspec data as valid JSON | +| [appspec\_sha256](#output\_appspec\_sha256) | SHA256 of Appspec JSON | +| [codedeploy\_app\_name](#output\_codedeploy\_app\_name) | Name of CodeDeploy application | +| [codedeploy\_deployment\_group\_id](#output\_codedeploy\_deployment\_group\_id) | CodeDeploy deployment group id | +| [codedeploy\_deployment\_group\_name](#output\_codedeploy\_deployment\_group\_name) | CodeDeploy deployment group name | +| [codedeploy\_iam\_role\_name](#output\_codedeploy\_iam\_role\_name) | Name of IAM role used by CodeDeploy | +| [deploy\_script](#output\_deploy\_script) | Path to a deployment script | +| [script](#output\_script) | Deployment script | diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 434c7fb6..1c4b5e8e 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -20,57 +20,58 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.26 | -| aws | >= 3.19 | -| random | >= 2 | +| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [aws](#requirement\_aws) | >= 3.19 | +| [random](#requirement\_random) | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 3.19 | -| aws.us-east-1 | >= 3.19 | -| random | >= 2 | +| [aws](#provider\_aws) | >= 3.19 | +| [aws.us-east-1](#provider\_aws.us-east-1) | >= 3.19 | +| [random](#provider\_random) | >= 2 | ## Modules | Name | Source | Version | |------|--------|---------| -| lambda_function | ../../ | | -| lambda_function_another_region | ../../ | | +| [lambda\_function](#module\_lambda\_function) | ../../ | | +| [lambda\_function\_another\_region](#module\_lambda\_function\_another\_region) | ../../ | | ## Resources -| Name | -|------| -| [aws_sqs_queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | +| Name | Type | +|------|------| +| [aws_sqs_queue.dlq](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | +| [aws_sqs_queue.dlq_us_east_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | ## Inputs -No input. +No inputs. ## Outputs | Name | Description | |------|-------------| -| lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group | -| lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | -| lambda\_role\_name | The name of the IAM role created for the Lambda Function | -| local\_filename | The filename of zip archive deployed (if deployment was from local) | -| s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| this\_lambda\_function\_arn | The ARN of the Lambda Function | -| this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | -| this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | -| this\_lambda\_function\_last\_modified | The date Lambda Function resource was last modified | -| this\_lambda\_function\_name | The name of the Lambda Function | -| this\_lambda\_function\_qualified\_arn | The ARN identifying your Lambda Function Version | -| this\_lambda\_function\_source\_code\_hash | Base64-encoded representation of raw SHA-256 sum of the zip file | -| this\_lambda\_function\_source\_code\_size | The size in bytes of the function .zip file | -| this\_lambda\_function\_version | Latest published version of Lambda Function | -| this\_lambda\_layer\_arn | The ARN of the Lambda Layer with version | -| this\_lambda\_layer\_created\_date | The date Lambda Layer resource was created | -| this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | -| this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | -| this\_lambda\_layer\_version | The Lambda Layer version | +| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | +| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | +| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | +| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | +| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | +| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/simple/README.md b/examples/simple/README.md index 1219ad34..0ff3061b 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -19,53 +19,53 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.26 | -| aws | >= 3.19 | -| random | >= 2 | +| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [aws](#requirement\_aws) | >= 3.19 | +| [random](#requirement\_random) | >= 2 | ## Providers | Name | Version | |------|---------| -| random | >= 2 | +| [random](#provider\_random) | >= 2 | ## Modules | Name | Source | Version | |------|--------|---------| -| lambda_function | ../../ | | +| [lambda\_function](#module\_lambda\_function) | ../../ | | ## Resources -| Name | -|------| -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | +| Name | Type | +|------|------| +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | ## Inputs -No input. +No inputs. ## Outputs | Name | Description | |------|-------------| -| lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group | -| lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | -| lambda\_role\_name | The name of the IAM role created for the Lambda Function | -| local\_filename | The filename of zip archive deployed (if deployment was from local) | -| s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| this\_lambda\_function\_arn | The ARN of the Lambda Function | -| this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | -| this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | -| this\_lambda\_function\_last\_modified | The date Lambda Function resource was last modified | -| this\_lambda\_function\_name | The name of the Lambda Function | -| this\_lambda\_function\_qualified\_arn | The ARN identifying your Lambda Function Version | -| this\_lambda\_function\_source\_code\_hash | Base64-encoded representation of raw SHA-256 sum of the zip file | -| this\_lambda\_function\_source\_code\_size | The size in bytes of the function .zip file | -| this\_lambda\_function\_version | Latest published version of Lambda Function | -| this\_lambda\_layer\_arn | The ARN of the Lambda Layer with version | -| this\_lambda\_layer\_created\_date | The date Lambda Layer resource was created | -| this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | -| this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | -| this\_lambda\_layer\_version | The Lambda Layer version | +| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | +| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | +| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | +| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | +| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | +| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/triggers/README.md b/examples/triggers/README.md index ae6aeada..2da7580d 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -20,56 +20,56 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.12.26 | -| aws | >= 2.67 | -| random | >= 2 | +| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [aws](#requirement\_aws) | >= 2.67 | +| [random](#requirement\_random) | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67 | -| random | >= 2 | +| [aws](#provider\_aws) | >= 2.67 | +| [random](#provider\_random) | >= 2 | ## Modules | Name | Source | Version | |------|--------|---------| -| lambda_function | ../../ | | +| [lambda\_function](#module\_lambda\_function) | ../../ | | ## Resources -| Name | -|------| -| [aws_cloudwatch_event_rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | -| [aws_cloudwatch_event_target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | +| Name | Type | +|------|------| +| [aws_cloudwatch_event_rule.scan_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource | +| [aws_cloudwatch_event_target.scan_ami_lambda_function](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource | +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | ## Inputs -No input. +No inputs. ## Outputs | Name | Description | |------|-------------| -| lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group | -| lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | -| lambda\_role\_name | The name of the IAM role created for the Lambda Function | -| local\_filename | The filename of zip archive deployed (if deployment was from local) | -| s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| this\_lambda\_function\_arn | The ARN of the Lambda Function | -| this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | -| this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | -| this\_lambda\_function\_last\_modified | The date Lambda Function resource was last modified | -| this\_lambda\_function\_name | The name of the Lambda Function | -| this\_lambda\_function\_qualified\_arn | The ARN identifying your Lambda Function Version | -| this\_lambda\_function\_source\_code\_hash | Base64-encoded representation of raw SHA-256 sum of the zip file | -| this\_lambda\_function\_source\_code\_size | The size in bytes of the function .zip file | -| this\_lambda\_function\_version | Latest published version of Lambda Function | -| this\_lambda\_layer\_arn | The ARN of the Lambda Layer with version | -| this\_lambda\_layer\_created\_date | The date Lambda Layer resource was created | -| this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | -| this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | -| this\_lambda\_layer\_version | The Lambda Layer version | +| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | +| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | +| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | +| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | +| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | +| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index 7cc88806..8ef74a1a 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -20,58 +20,58 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.13 | -| aws | >= 3.19 | -| random | >= 2 | +| [terraform](#requirement\_terraform) | >= 0.13 | +| [aws](#requirement\_aws) | >= 3.19 | +| [random](#requirement\_random) | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 3.19 | -| random | >= 2 | +| [aws](#provider\_aws) | >= 3.19 | +| [random](#provider\_random) | >= 2 | ## Modules | Name | Source | Version | |------|--------|---------| -| lambda_function_with_efs | ../../ | | -| vpc | terraform-aws-modules/vpc/aws | | +| [lambda\_function\_with\_efs](#module\_lambda\_function\_with\_efs) | ../../ | | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | | ## Resources -| Name | -|------| -| [aws_efs_access_point](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_access_point) | -| [aws_efs_file_system](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system) | -| [aws_efs_mount_target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_mount_target) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | +| Name | Type | +|------|------| +| [aws_efs_access_point.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_access_point) | resource | +| [aws_efs_file_system.shared](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system) | resource | +| [aws_efs_mount_target.alpha](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_mount_target) | resource | +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | ## Inputs -No input. +No inputs. ## Outputs | Name | Description | |------|-------------| -| lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group | -| lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | -| lambda\_role\_name | The name of the IAM role created for the Lambda Function | -| local\_filename | The filename of zip archive deployed (if deployment was from local) | -| s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| this\_lambda\_function\_arn | The ARN of the Lambda Function | -| this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | -| this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | -| this\_lambda\_function\_last\_modified | The date Lambda Function resource was last modified | -| this\_lambda\_function\_name | The name of the Lambda Function | -| this\_lambda\_function\_qualified\_arn | The ARN identifying your Lambda Function Version | -| this\_lambda\_function\_source\_code\_hash | Base64-encoded representation of raw SHA-256 sum of the zip file | -| this\_lambda\_function\_source\_code\_size | The size in bytes of the function .zip file | -| this\_lambda\_function\_version | Latest published version of Lambda Function | -| this\_lambda\_layer\_arn | The ARN of the Lambda Layer with version | -| this\_lambda\_layer\_created\_date | The date Lambda Layer resource was created | -| this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | -| this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | -| this\_lambda\_layer\_version | The Lambda Layer version | +| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | +| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | +| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | +| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | +| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | +| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index c6cea831..4776d667 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -21,54 +21,54 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| terraform | >= 0.13 | -| aws | >= 3.19 | -| random | >= 2 | +| [terraform](#requirement\_terraform) | >= 0.13 | +| [aws](#requirement\_aws) | >= 3.19 | +| [random](#requirement\_random) | >= 2 | ## Providers | Name | Version | |------|---------| -| random | >= 2 | +| [random](#provider\_random) | >= 2 | ## Modules | Name | Source | Version | |------|--------|---------| -| lambda_function_in_vpc | ../../ | | -| vpc | terraform-aws-modules/vpc/aws | | +| [lambda\_function\_in\_vpc](#module\_lambda\_function\_in\_vpc) | ../../ | | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | | ## Resources -| Name | -|------| -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | +| Name | Type | +|------|------| +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | ## Inputs -No input. +No inputs. ## Outputs | Name | Description | |------|-------------| -| lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group | -| lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | -| lambda\_role\_name | The name of the IAM role created for the Lambda Function | -| local\_filename | The filename of zip archive deployed (if deployment was from local) | -| s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| this\_lambda\_function\_arn | The ARN of the Lambda Function | -| this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | -| this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | -| this\_lambda\_function\_last\_modified | The date Lambda Function resource was last modified | -| this\_lambda\_function\_name | The name of the Lambda Function | -| this\_lambda\_function\_qualified\_arn | The ARN identifying your Lambda Function Version | -| this\_lambda\_function\_source\_code\_hash | Base64-encoded representation of raw SHA-256 sum of the zip file | -| this\_lambda\_function\_source\_code\_size | The size in bytes of the function .zip file | -| this\_lambda\_function\_version | Latest published version of Lambda Function | -| this\_lambda\_layer\_arn | The ARN of the Lambda Layer with version | -| this\_lambda\_layer\_created\_date | The date Lambda Layer resource was created | -| this\_lambda\_layer\_layer\_arn | The ARN of the Lambda Layer without version | -| this\_lambda\_layer\_source\_code\_size | The size in bytes of the Lambda Layer .zip file | -| this\_lambda\_layer\_version | The Lambda Layer version | +| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | +| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | +| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | +| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | +| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | +| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/modules/alias/README.md b/modules/alias/README.md index d770a4f9..d12c2c5c 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -115,60 +115,62 @@ module "lambda" { | Name | Version | |------|---------| -| terraform | >= 0.12.26 | -| aws | >= 3.19 | +| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [aws](#requirement\_aws) | >= 3.19 | ## Providers | Name | Version | |------|---------| -| aws | >= 3.19 | +| [aws](#provider\_aws) | >= 3.19 | ## Modules -No Modules. +No modules. ## Resources -| Name | -|------| -| [aws_lambda_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | -| [aws_lambda_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | -| [aws_lambda_function_event_invoke_config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | -| [aws_lambda_permission](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | +| Name | Type | +|------|------| +| [aws_lambda_alias.no_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | +| [aws_lambda_alias.with_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | +| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | +| [aws_lambda_permission.qualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_permission.version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_lambda_alias.existing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| allowed\_triggers | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | -| create | Controls whether resources should be created | `bool` | `true` | no | -| create\_async\_event\_config | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | -| create\_qualified\_alias\_allowed\_triggers | Whether to allow triggers on qualified alias | `bool` | `true` | no | -| create\_qualified\_alias\_async\_event\_config | Whether to allow async event configuration on qualified alias | `bool` | `true` | no | -| create\_version\_allowed\_triggers | Whether to allow triggers on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| create\_version\_async\_event\_config | Whether to allow async event configuration on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | -| description | Description of the alias. | `string` | `""` | no | -| destination\_on\_failure | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | -| destination\_on\_success | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | -| function\_name | The function ARN of the Lambda function for which you want to create an alias. | `string` | `""` | no | -| function\_version | Lambda function version for which you are creating the alias. Pattern: ($LATEST\|[0-9]+). | `string` | `""` | no | -| maximum\_event\_age\_in\_seconds | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | -| maximum\_retry\_attempts | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | -| name | Name for the alias you are creating. | `string` | `""` | no | -| refresh\_alias | Whether to refresh function version used in the alias. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `true` | no | -| routing\_additional\_version\_weights | A map that defines the proportion of events that should be sent to different versions of a lambda function. | `map(number)` | `{}` | no | -| use\_existing\_alias | Whether to manage existing alias instead of creating a new one. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `false` | no | +| [allowed\_triggers](#input\_allowed\_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | +| [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | +| [create\_async\_event\_config](#input\_create\_async\_event\_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | +| [create\_qualified\_alias\_allowed\_triggers](#input\_create\_qualified\_alias\_allowed\_triggers) | Whether to allow triggers on qualified alias | `bool` | `true` | no | +| [create\_qualified\_alias\_async\_event\_config](#input\_create\_qualified\_alias\_async\_event\_config) | Whether to allow async event configuration on qualified alias | `bool` | `true` | no | +| [create\_version\_allowed\_triggers](#input\_create\_version\_allowed\_triggers) | Whether to allow triggers on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [create\_version\_async\_event\_config](#input\_create\_version\_async\_event\_config) | Whether to allow async event configuration on version of Lambda Function used by alias (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | +| [description](#input\_description) | Description of the alias. | `string` | `""` | no | +| [destination\_on\_failure](#input\_destination\_on\_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | +| [destination\_on\_success](#input\_destination\_on\_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | +| [function\_name](#input\_function\_name) | The function ARN of the Lambda function for which you want to create an alias. | `string` | `""` | no | +| [function\_version](#input\_function\_version) | Lambda function version for which you are creating the alias. Pattern: ($LATEST\|[0-9]+). | `string` | `""` | no | +| [maximum\_event\_age\_in\_seconds](#input\_maximum\_event\_age\_in\_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | +| [maximum\_retry\_attempts](#input\_maximum\_retry\_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | +| [name](#input\_name) | Name for the alias you are creating. | `string` | `""` | no | +| [refresh\_alias](#input\_refresh\_alias) | Whether to refresh function version used in the alias. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `true` | no | +| [routing\_additional\_version\_weights](#input\_routing\_additional\_version\_weights) | A map that defines the proportion of events that should be sent to different versions of a lambda function. | `map(number)` | `{}` | no | +| [use\_existing\_alias](#input\_use\_existing\_alias) | Whether to manage existing alias instead of creating a new one. Useful when using this module together with external tool do deployments (eg, AWS CodeDeploy). | `bool` | `false` | no | ## Outputs | Name | Description | |------|-------------| -| this\_lambda\_alias\_arn | The ARN of the Lambda Function Alias | -| this\_lambda\_alias\_description | Description of alias | -| this\_lambda\_alias\_function\_version | Lambda function version which the alias uses | -| this\_lambda\_alias\_invoke\_arn | The ARN to be used for invoking Lambda Function from API Gateway | -| this\_lambda\_alias\_name | The name of the Lambda Function Alias | +| [this\_lambda\_alias\_arn](#output\_this\_lambda\_alias\_arn) | The ARN of the Lambda Function Alias | +| [this\_lambda\_alias\_description](#output\_this\_lambda\_alias\_description) | Description of alias | +| [this\_lambda\_alias\_function\_version](#output\_this\_lambda\_alias\_function\_version) | Lambda function version which the alias uses | +| [this\_lambda\_alias\_invoke\_arn](#output\_this\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | +| [this\_lambda\_alias\_name](#output\_this\_lambda\_alias\_name) | The name of the Lambda Function Alias | ## Authors diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 73328716..84cb8937 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -99,88 +99,90 @@ module "lambda" { | Name | Version | |------|---------| -| terraform | >= 0.12.26 | -| aws | >= 3.19 | -| local | >= 1 | -| null | >= 2 | +| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [aws](#requirement\_aws) | >= 3.19 | +| [local](#requirement\_local) | >= 1 | +| [null](#requirement\_null) | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 3.19 | -| local | >= 1 | -| null | >= 2 | +| [aws](#provider\_aws) | >= 3.19 | +| [local](#provider\_local) | >= 1 | +| [null](#provider\_null) | >= 2 | ## Modules -No Modules. +No modules. ## Resources -| Name | -|------| -| [aws_codedeploy_app](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_app) | -| [aws_codedeploy_deployment_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_deployment_group) | -| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | -| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | -| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | -| [aws_lambda_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | -| [aws_lambda_function](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_function) | -| [local_file](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | -| [null_resource](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | +| Name | Type | +|------|------| +| [aws_codedeploy_app.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_app) | resource | +| [aws_codedeploy_deployment_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_deployment_group) | resource | +| [aws_iam_policy.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [local_file.deploy_script](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | +| [null_resource.deploy](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | +| [aws_lambda_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | +| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_function) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| after\_allow\_traffic\_hook\_arn | ARN of Lambda function to execute after allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| alarm\_enabled | Indicates whether the alarm configuration is enabled. This option is useful when you want to temporarily deactivate alarm monitoring for a deployment group without having to add the same alarms again later. | `bool` | `false` | no | -| alarm\_ignore\_poll\_alarm\_failure | Indicates whether a deployment should continue if information about the current state of alarms cannot be retrieved from CloudWatch. | `bool` | `false` | no | -| alarms | A list of alarms configured for the deployment group. A maximum of 10 alarms can be added to a deployment group. | `list(string)` | `[]` | no | -| alias\_name | Name for the alias | `string` | `""` | no | -| app\_name | Name of AWS CodeDeploy application | `string` | `""` | no | -| attach\_triggers\_policy | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | -| auto\_rollback\_enabled | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | -| auto\_rollback\_events | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | -| aws\_cli\_command | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | -| before\_allow\_traffic\_hook\_arn | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| codedeploy\_principals | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | -| codedeploy\_role\_name | IAM role name to create or use by CodeDeploy | `string` | `""` | no | -| create | Controls whether resources should be created | `bool` | `true` | no | -| create\_app | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | -| create\_codedeploy\_role | Whether to create new AWS CodeDeploy IAM role | `bool` | `true` | no | -| create\_deployment | Run AWS CLI command to create deployment | `bool` | `false` | no | -| create\_deployment\_group | Whether to create new AWS CodeDeploy Deployment Group | `bool` | `false` | no | -| current\_version | Current version of Lambda function version to deploy (can't be $LATEST) | `string` | `""` | no | -| deployment\_config\_name | Name of deployment config to use | `string` | `"CodeDeployDefault.LambdaAllAtOnce"` | no | -| deployment\_group\_name | Name of deployment group to use | `string` | `""` | no | -| description | Description to use for the deployment | `string` | `""` | no | -| force\_deploy | Force deployment every time (even when nothing changes) | `bool` | `false` | no | -| function\_name | The name of the Lambda function to deploy | `string` | `""` | no | -| interpreter | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | -| save\_deploy\_script | Save deploy script locally | `bool` | `false` | no | -| target\_version | Target version of Lambda function version to deploy | `string` | `""` | no | -| triggers | Map of triggers which will be notified when event happens. Valid options for event types are DeploymentStart, DeploymentSuccess, DeploymentFailure, DeploymentStop, DeploymentRollback, DeploymentReady (Applies only to replacement instances in a blue/green deployment), InstanceStart, InstanceSuccess, InstanceFailure, InstanceReady. Note that not all are applicable for Lambda deployments. | `map(any)` | `{}` | no | -| use\_existing\_app | Whether to use existing AWS CodeDeploy app | `bool` | `false` | no | -| use\_existing\_deployment\_group | Whether to use existing AWS CodeDeploy Deployment Group | `bool` | `false` | no | -| wait\_deployment\_completion | Wait until deployment completes. It can take a lot of time and your terraform process may lock execution for long time. | `bool` | `false` | no | +| [after\_allow\_traffic\_hook\_arn](#input\_after\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute after allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | +| [alarm\_enabled](#input\_alarm\_enabled) | Indicates whether the alarm configuration is enabled. This option is useful when you want to temporarily deactivate alarm monitoring for a deployment group without having to add the same alarms again later. | `bool` | `false` | no | +| [alarm\_ignore\_poll\_alarm\_failure](#input\_alarm\_ignore\_poll\_alarm\_failure) | Indicates whether a deployment should continue if information about the current state of alarms cannot be retrieved from CloudWatch. | `bool` | `false` | no | +| [alarms](#input\_alarms) | A list of alarms configured for the deployment group. A maximum of 10 alarms can be added to a deployment group. | `list(string)` | `[]` | no | +| [alias\_name](#input\_alias\_name) | Name for the alias | `string` | `""` | no | +| [app\_name](#input\_app\_name) | Name of AWS CodeDeploy application | `string` | `""` | no | +| [attach\_triggers\_policy](#input\_attach\_triggers\_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | +| [auto\_rollback\_enabled](#input\_auto\_rollback\_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | +| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | +| [aws\_cli\_command](#input\_aws\_cli\_command) | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | +| [before\_allow\_traffic\_hook\_arn](#input\_before\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | +| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | +| [codedeploy\_role\_name](#input\_codedeploy\_role\_name) | IAM role name to create or use by CodeDeploy | `string` | `""` | no | +| [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | +| [create\_app](#input\_create\_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | +| [create\_codedeploy\_role](#input\_create\_codedeploy\_role) | Whether to create new AWS CodeDeploy IAM role | `bool` | `true` | no | +| [create\_deployment](#input\_create\_deployment) | Run AWS CLI command to create deployment | `bool` | `false` | no | +| [create\_deployment\_group](#input\_create\_deployment\_group) | Whether to create new AWS CodeDeploy Deployment Group | `bool` | `false` | no | +| [current\_version](#input\_current\_version) | Current version of Lambda function version to deploy (can't be $LATEST) | `string` | `""` | no | +| [deployment\_config\_name](#input\_deployment\_config\_name) | Name of deployment config to use | `string` | `"CodeDeployDefault.LambdaAllAtOnce"` | no | +| [deployment\_group\_name](#input\_deployment\_group\_name) | Name of deployment group to use | `string` | `""` | no | +| [description](#input\_description) | Description to use for the deployment | `string` | `""` | no | +| [force\_deploy](#input\_force\_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | +| [function\_name](#input\_function\_name) | The name of the Lambda function to deploy | `string` | `""` | no | +| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | +| [save\_deploy\_script](#input\_save\_deploy\_script) | Save deploy script locally | `bool` | `false` | no | +| [target\_version](#input\_target\_version) | Target version of Lambda function version to deploy | `string` | `""` | no | +| [triggers](#input\_triggers) | Map of triggers which will be notified when event happens. Valid options for event types are DeploymentStart, DeploymentSuccess, DeploymentFailure, DeploymentStop, DeploymentRollback, DeploymentReady (Applies only to replacement instances in a blue/green deployment), InstanceStart, InstanceSuccess, InstanceFailure, InstanceReady. Note that not all are applicable for Lambda deployments. | `map(any)` | `{}` | no | +| [use\_existing\_app](#input\_use\_existing\_app) | Whether to use existing AWS CodeDeploy app | `bool` | `false` | no | +| [use\_existing\_deployment\_group](#input\_use\_existing\_deployment\_group) | Whether to use existing AWS CodeDeploy Deployment Group | `bool` | `false` | no | +| [wait\_deployment\_completion](#input\_wait\_deployment\_completion) | Wait until deployment completes. It can take a lot of time and your terraform process may lock execution for long time. | `bool` | `false` | no | ## Outputs | Name | Description | |------|-------------| -| appspec | Appspec data as HCL | -| appspec\_content | Appspec data as valid JSON | -| appspec\_sha256 | SHA256 of Appspec JSON | -| codedeploy\_app\_name | Name of CodeDeploy application | -| codedeploy\_deployment\_group\_id | CodeDeploy deployment group id | -| codedeploy\_deployment\_group\_name | CodeDeploy deployment group name | -| codedeploy\_iam\_role\_name | Name of IAM role used by CodeDeploy | -| deploy\_script | Path to a deployment script | -| script | Deployment script | +| [appspec](#output\_appspec) | Appspec data as HCL | +| [appspec\_content](#output\_appspec\_content) | Appspec data as valid JSON | +| [appspec\_sha256](#output\_appspec\_sha256) | SHA256 of Appspec JSON | +| [codedeploy\_app\_name](#output\_codedeploy\_app\_name) | Name of CodeDeploy application | +| [codedeploy\_deployment\_group\_id](#output\_codedeploy\_deployment\_group\_id) | CodeDeploy deployment group id | +| [codedeploy\_deployment\_group\_name](#output\_codedeploy\_deployment\_group\_name) | CodeDeploy deployment group name | +| [codedeploy\_iam\_role\_name](#output\_codedeploy\_iam\_role\_name) | Name of IAM role used by CodeDeploy | +| [deploy\_script](#output\_deploy\_script) | Path to a deployment script | +| [script](#output\_script) | Deployment script | ## Authors From a1f0f6168156cb6afdd536baa681296558b8ef11 Mon Sep 17 00:00:00 2001 From: Ilias Diamantakos Date: Tue, 6 Apr 2021 17:07:40 +0100 Subject: [PATCH 068/385] fix: permission for lambda-to-lambda async calls (#141) --- .github/workflows/pre-commit.yml | 2 +- iam.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 7eaa782b..cbf80b6b 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -94,7 +94,7 @@ jobs: - name: Install pre-commit dependencies run: | pip install pre-commit - curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-v0.12.0-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ + curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-v0.12\..+?-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/ - name: Execute pre-commit # Run all pre-commit checks on max version supported diff --git a/iam.tf b/iam.tf index 6fc2aa2d..445c56c7 100644 --- a/iam.tf +++ b/iam.tf @@ -188,6 +188,7 @@ data "aws_iam_policy_document" "async" { "sns:Publish", "sqs:SendMessage", "events:PutEvents", + "lambda:InvokeFunction", ] resources = compact(distinct([var.destination_on_failure, var.destination_on_success])) From f8887e2c05542152d8f9bbbc9eaea00fbb752d52 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 6 Apr 2021 18:08:44 +0200 Subject: [PATCH 069/385] Updated CHANGELOG --- CHANGELOG.md | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f20f8fc9..f850f131 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,13 @@ All notable changes to this project will be documented in this file. + +## [v1.45.0] - 2021-04-06 + +- fix: permission for lambda-to-lambda async calls ([#141](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/141)) +- chore: update documentation and pin `terraform_docs` version to avoid future changes ([#134](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/134)) + + ## [v1.44.0] - 2021-03-09 @@ -360,6 +367,18 @@ All notable changes to this project will be documented in this file. - Initial terraform-aws-lambda implementation - Added example of Dockerfile for custom AWS Lambda build env - Added initial draft implementation of lambda.py and package.tf +- Merge pull request [#8](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/8) from terraform-aws-modules/terraform-provider-githubfile-1591109277277141000 +- [ci skip] Create ".gitignore". +- Merge pull request [#7](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/7) from terraform-aws-modules/terraform-provider-githubfile-1591109259601315000 +- [ci skip] Create ".pre-commit-config.yaml". +- Merge pull request [#5](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/5) from terraform-aws-modules/terraform-provider-githubfile-1591109219976213000 +- Merge pull request [#3](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/3) from terraform-aws-modules/terraform-provider-githubfile-1591109219975583000 +- Merge pull request [#1](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/1) from terraform-aws-modules/terraform-provider-githubfile-1591109219975771000 +- Merge pull request [#4](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/4) from terraform-aws-modules/terraform-provider-githubfile-1591109219975843000 +- [ci skip] Create ".editorconfig". +- [ci skip] Create "Makefile". +- [ci skip] Create "LICENSE". +- [ci skip] Create ".chglog/CHANGELOG.tpl.md". @@ -368,7 +387,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.44.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.45.0...HEAD +[v1.45.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.44.0...v1.45.0 [v1.44.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.43.0...v1.44.0 [v1.43.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.42.0...v1.43.0 [v1.42.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.41.0...v1.42.0 From f8f1fb3267abed0bd52502b84c951def6b8b547b Mon Sep 17 00:00:00 2001 From: Alex Jones Date: Tue, 13 Apr 2021 10:31:33 +0100 Subject: [PATCH 070/385] fix: package.py not found with -chdir option (#136) --- package.py | 2 ++ package.tf | 6 ++---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package.py b/package.py index 1e6d159b..98613118 100644 --- a/package.py +++ b/package.py @@ -670,6 +670,8 @@ def commands_step(path, commands): # If path doesn't defined for a block with # commands it will be set to Terraform's # current working directory + # NB: cwd may vary when using Terraform 0.14+ like: + # `terraform -chdir=...` path = query.paths.cwd if batch: step('sh', path, '\n'.join(batch)) diff --git a/package.tf b/package.tf index dfb25629..c6433965 100644 --- a/package.tf +++ b/package.tf @@ -7,8 +7,7 @@ locals { data "external" "archive_prepare" { count = var.create && var.create_package ? 1 : 0 - program = [local.python, "${path.module}/package.py", "prepare"] - working_dir = path.cwd + program = [local.python, "${path.module}/package.py", "prepare"] query = { paths = jsonencode({ @@ -66,8 +65,7 @@ resource "null_resource" "archive" { local.python, "${path.module}/package.py", "build", "--timestamp", data.external.archive_prepare[0].result.timestamp ] - command = data.external.archive_prepare[0].result.build_plan_filename - working_dir = path.cwd + command = data.external.archive_prepare[0].result.build_plan_filename } depends_on = [local_file.archive_plan] From 0a1a1a397f8c4478c407ded5b669c77e15dc529c Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 13 Apr 2021 11:31:47 +0200 Subject: [PATCH 071/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f850f131..567d6640 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.46.0] - 2021-04-13 + +- fix: package.py not found with -chdir option ([#136](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/136)) + + ## [v1.45.0] - 2021-04-06 @@ -387,7 +393,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.45.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.46.0...HEAD +[v1.46.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.45.0...v1.46.0 [v1.45.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.44.0...v1.45.0 [v1.44.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.43.0...v1.44.0 [v1.43.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.42.0...v1.43.0 From 004f13dcbd72311cd89c0251db17ce567025b812 Mon Sep 17 00:00:00 2001 From: Jon <9994935+flibustier@users.noreply.github.com> Date: Mon, 19 Apr 2021 11:54:46 +0100 Subject: [PATCH 072/385] feat: Extended `trusted_entities` variable to support multiple types (#143) --- README.md | 2 +- examples/complete/README.md | 1 + examples/complete/main.tf | 31 +++++++++++++++++++++++++++++++ iam.tf | 24 +++++++++++++++++++++++- variables.tf | 4 ++-- 5 files changed, 58 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e83a210e..1be84e7a 100644 --- a/README.md +++ b/README.md @@ -727,7 +727,7 @@ No modules. | [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | | [timeout](#input\_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no | | [tracing\_mode](#input\_tracing\_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no | -| [trusted\_entities](#input\_trusted\_entities) | Lambda Function additional trusted entities for assuming roles (trust relationship) | `list(string)` | `[]` | no | +| [trusted\_entities](#input\_trusted\_entities) | List of additional trusted entities for assuming Lambda Function role (trust relationship) | `any` | `[]` | no | | [use\_existing\_cloudwatch\_log\_group](#input\_use\_existing\_cloudwatch\_log\_group) | Whether to use an existing CloudWatch log group or create new | `bool` | `false` | no | | [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no | | [vpc\_subnet\_ids](#input\_vpc\_subnet\_ids) | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | `list(string)` | `null` | no | diff --git a/examples/complete/README.md b/examples/complete/README.md index a6e8a6ba..2c13f406 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -41,6 +41,7 @@ Note that this example may create resources which cost money. Run `terraform des | [lambda\_function\_existing\_package\_local](#module\_lambda\_function\_existing\_package\_local) | ../../ | | | [lambda\_layer\_local](#module\_lambda\_layer\_local) | ../../ | | | [lambda\_layer\_s3](#module\_lambda\_layer\_s3) | ../../ | | +| [lambda\_with\_mixed\_trusted\_entities](#module\_lambda\_with\_mixed\_trusted\_entities) | ../../ | | | [lambda\_with\_provisioned\_concurrency](#module\_lambda\_with\_provisioned\_concurrency) | ../../ | | | [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index f6c15bce..be7ff8ca 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -227,6 +227,37 @@ module "lambda_with_provisioned_concurrency" { provisioned_concurrent_executions = -1 # 2 } +############################################### +# Lambda Function with mixed trusted entities +############################################### + +module "lambda_with_mixed_trusted_entities" { + source = "../../" + + function_name = "${random_pet.this.id}-lambda-mixed-trusted-entities" + handler = "index.lambda_handler" + runtime = "python3.8" + + source_path = "${path.module}/../fixtures/python3.8-app1" + + trusted_entities = [ + "appsync.amazonaws.com", + { + type = "AWS", + identifiers = [ + "arn:aws:iam::307990089504:root", + ] + }, + { + type = "Service", + identifiers = [ + "codedeploy.amazonaws.com", + "ecs.amazonaws.com" + ] + } + ] +} + ########### # Disabled ########### diff --git a/iam.tf b/iam.tf index 445c56c7..6ab10ee7 100644 --- a/iam.tf +++ b/iam.tf @@ -12,6 +12,20 @@ locals { # for #83 that will allow one to import resources without receiving an error from coalesce. # @see https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/83 role_name = local.create_role ? coalesce(var.role_name, var.function_name, "*") : null + + # IAM Role trusted entities is a list of any (allow strings (services) and maps (type+identifiers)) + trusted_entities_services = distinct(compact(concat( + slice(["lambda.amazonaws.com", "edgelambda.amazonaws.com"], 0, var.lambda_at_edge ? 2 : 1), + [for service in var.trusted_entities : try(tostring(service), "")] + ))) + + trusted_entities_principals = [ + for principal in var.trusted_entities : { + type = principal.type + identifiers = tolist(principal.identifiers) + } + if !can(tostring(principal)) + ] } ########### @@ -27,7 +41,15 @@ data "aws_iam_policy_document" "assume_role" { principals { type = "Service" - identifiers = distinct(concat(slice(["lambda.amazonaws.com", "edgelambda.amazonaws.com"], 0, var.lambda_at_edge ? 2 : 1), var.trusted_entities)) + identifiers = local.trusted_entities_services + } + + dynamic "principals" { + for_each = local.trusted_entities_principals + content { + type = principals.value.type + identifiers = principals.value.identifiers + } } } } diff --git a/variables.tf b/variables.tf index d9f8daed..6a683ed0 100644 --- a/variables.tf +++ b/variables.tf @@ -436,8 +436,8 @@ variable "attach_policy_statements" { } variable "trusted_entities" { - description = "Lambda Function additional trusted entities for assuming roles (trust relationship)" - type = list(string) + description = "List of additional trusted entities for assuming Lambda Function role (trust relationship)" + type = any default = [] } From a2fee3471845e8c270e7c1bbb3fd48e2f1978cc4 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 19 Apr 2021 12:55:06 +0200 Subject: [PATCH 073/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 567d6640..c34e0532 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v1.47.0] - 2021-04-19 + +- feat: Extended `trusted_entities` variable to support multiple types ([#143](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/143)) + + ## [v1.46.0] - 2021-04-13 @@ -393,7 +399,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.46.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.47.0...HEAD +[v1.47.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.46.0...v1.47.0 [v1.46.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.45.0...v1.46.0 [v1.45.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.44.0...v1.45.0 [v1.44.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.43.0...v1.44.0 From 7c7c56c63e6215546677941a52414ef163e50c2b Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 22 Apr 2021 17:35:46 +0200 Subject: [PATCH 074/385] feat: Added example to show creation of Lambdas with for_each (#146) --- .pre-commit-config.yaml | 2 +- examples/complete/README.md | 3 ++- examples/complete/main.tf | 19 +++++++++++++++++++ examples/complete/versions.tf | 2 +- 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 8814cf61..f580a412 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.48.0 + rev: v1.49.0 hooks: - id: terraform_fmt - id: terraform_validate diff --git a/examples/complete/README.md b/examples/complete/README.md index 2c13f406..10752f33 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [terraform](#requirement\_terraform) | >= 0.13 | | [aws](#requirement\_aws) | >= 2.67 | | [random](#requirement\_random) | >= 2 | @@ -39,6 +39,7 @@ Note that this example may create resources which cost money. Run `terraform des | [lambda\_at\_edge](#module\_lambda\_at\_edge) | ../../ | | | [lambda\_function](#module\_lambda\_function) | ../../ | | | [lambda\_function\_existing\_package\_local](#module\_lambda\_function\_existing\_package\_local) | ../../ | | +| [lambda\_function\_for\_each](#module\_lambda\_function\_for\_each) | ../../ | | | [lambda\_layer\_local](#module\_lambda\_layer\_local) | ../../ | | | [lambda\_layer\_s3](#module\_lambda\_layer\_s3) | ../../ | | | [lambda\_with\_mixed\_trusted\_entities](#module\_lambda\_with\_mixed\_trusted\_entities) | ../../ | | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index be7ff8ca..89fc2c0e 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -258,6 +258,25 @@ module "lambda_with_mixed_trusted_entities" { ] } +############################## +# Lambda Functions + for_each +############################## + +module "lambda_function_for_each" { + source = "../../" + + for_each = toset(["dev", "staging", "prod"]) + + function_name = "my-${each.value}" + description = "My awesome lambda function" + handler = "index.lambda_handler" + runtime = "python3.8" + publish = true + + create_package = false + local_existing_package = "${path.module}/../fixtures/python3.8-zip/existing_package.zip" +} + ########### # Disabled ########### diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 479e53d4..df1ac5cb 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13" required_providers { aws = ">= 2.67" From 0777961648e68f3327ae3aa433549b5e6944bd04 Mon Sep 17 00:00:00 2001 From: Christopher Wade Date: Mon, 26 Apr 2021 13:07:14 -0500 Subject: [PATCH 075/385] fix: add documentation for the :zip command (#115) --- README.md | 6 +++++- examples/simple/main.tf | 15 ++++++++++++--- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 1be84e7a..1f999792 100644 --- a/README.md +++ b/README.md @@ -389,7 +389,10 @@ source_path = [ ] }, { path = "src/python3.8-app3", - commands = ["npm install"], + commands = [ + "npm install", + ":zip" + ], patterns = [ "!.*/.*\\.txt", # Skip all txt files recursively "node_modules/.+", # Include all node_modules @@ -424,6 +427,7 @@ Few notes: ``` * `commands` - List of commands to run. If specified, this argument overrides `pip_requirements`. + * `:zip [source] [destination]` is a special command which creates content of current working directory (first argument) and places it inside of path (second argument). * `pip_requirements` - Controls whether to execute `pip install`. Set to `false` to disable this feature, `true` to run `pip install` with `requirements.txt` found in `path`. Or set to another filename which you want to use instead. * `prefix_in_zip` - If specified, will be used as a prefix inside zip-archive. By default, everything installs into the root of zip-archive. diff --git a/examples/simple/main.tf b/examples/simple/main.tf index f6af0ca0..596e08eb 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -255,7 +255,10 @@ module "lambda_function" { # }, # { # path = "${path.module}/../fixtures/python3.8-app1" - # commands = ["npm install"] + # commands = [ + # "npm install", + # ":zip" + # ] # prefix_in_zip = "foo/bar", # patterns = [ # "!.*/.*\\.txt", # Filter all txt files recursively @@ -264,7 +267,10 @@ module "lambda_function" { # }, # { # path = "${path.module}/../fixtures/python3.8-app1" - # commands = ["npm install"] + # commands = [ + # "npm install", + # ":zip" + # ] # prefix_in_zip = "foo/bar", # By default everything installs into the root of a zip package # patterns = < Date: Mon, 26 Apr 2021 20:18:30 +0200 Subject: [PATCH 076/385] fix: make lambda function depend on the Cloudwatch log group (#133) --- examples/complete/main.tf | 4 ++-- main.tf | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 89fc2c0e..431a58c6 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -26,7 +26,7 @@ module "lambda_function" { source_path = "${path.module}/../fixtures/python3.8-app1" store_on_s3 = true - s3_bucket = module.s3_bucket.this_s3_bucket_id + s3_bucket = module.s3_bucket.s3_bucket_id layers = [ module.lambda_layer_local.this_lambda_layer_arn, @@ -183,7 +183,7 @@ module "lambda_layer_s3" { source_path = "${path.module}/../fixtures/python3.8-app1" store_on_s3 = true - s3_bucket = module.s3_bucket.this_s3_bucket_id + s3_bucket = module.s3_bucket.s3_bucket_id } ############## diff --git a/main.tf b/main.tf index 70458153..9b765413 100644 --- a/main.tf +++ b/main.tf @@ -83,7 +83,11 @@ resource "aws_lambda_function" "this" { tags = var.tags - depends_on = [null_resource.archive, aws_s3_bucket_object.lambda_package] + # Depending on the log group is necessary to allow Terraform to create the log group before AWS can. + # When a lambda function is invoked, AWS creates the log group automatically if it doesn't exist yet. + # Without the dependency, this can result in a race condition if the lambda function is invoked before + # Terraform can create the log group. + depends_on = [null_resource.archive, aws_s3_bucket_object.lambda_package, aws_cloudwatch_log_group.lambda] } resource "aws_lambda_layer_version" "this" { From ceab5f52205bd6101a5dc912c89ebc47e2c38fb8 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 26 Apr 2021 20:18:59 +0200 Subject: [PATCH 077/385] Updated CHANGELOG --- CHANGELOG.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c34e0532..f57d288e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,14 @@ All notable changes to this project will be documented in this file. + +## [v1.48.0] - 2021-04-26 + +- fix: make lambda function depend on the Cloudwatch log group ([#133](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/133)) +- fix: add documentation for the :zip command ([#115](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/115)) +- feat: Added example to show creation of Lambdas with for_each ([#146](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/146)) + + ## [v1.47.0] - 2021-04-19 @@ -399,7 +407,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.47.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.48.0...HEAD +[v1.48.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.47.0...v1.48.0 [v1.47.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.46.0...v1.47.0 [v1.46.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.45.0...v1.46.0 [v1.45.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.44.0...v1.45.0 From 1e616351fd1976dea7dcd455fdc123759cd43f9d Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 26 Apr 2021 20:34:22 +0200 Subject: [PATCH 078/385] feat: Shorten outputs (removing this_) (#148) --- .pre-commit-config.yaml | 2 +- README.md | 36 +++++------ examples/alias/README.md | 38 ++++++------ examples/alias/main.tf | 10 ++-- examples/alias/outputs.tf | 76 ++++++++++++------------ examples/async/README.md | 28 ++++----- examples/async/outputs.tf | 56 ++++++++--------- examples/build-package/main.tf | 2 +- examples/build-package/outputs.tf | 56 ++++++++--------- examples/complete/README.md | 28 ++++----- examples/complete/main.tf | 8 +-- examples/complete/outputs.tf | 56 ++++++++--------- examples/container-image/README.md | 28 ++++----- examples/container-image/outputs.tf | 56 ++++++++--------- examples/deploy/main.tf | 10 ++-- examples/event-source-mapping/outputs.tf | 52 ++++++++-------- examples/multiple-regions/README.md | 28 ++++----- examples/multiple-regions/outputs.tf | 56 ++++++++--------- examples/simple/README.md | 28 ++++----- examples/simple/outputs.tf | 56 ++++++++--------- examples/triggers/README.md | 28 ++++----- examples/triggers/main.tf | 2 +- examples/triggers/outputs.tf | 56 ++++++++--------- examples/with-efs/README.md | 28 ++++----- examples/with-efs/outputs.tf | 56 ++++++++--------- examples/with-vpc/README.md | 28 ++++----- examples/with-vpc/outputs.tf | 56 ++++++++--------- modules/alias/README.md | 10 ++-- modules/alias/outputs.tf | 10 ++-- outputs.tf | 36 +++++------ 30 files changed, 510 insertions(+), 510 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f580a412..6dda8931 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.49.0 + rev: v1.50.0 hooks: - id: terraform_fmt - id: terraform_validate diff --git a/README.md b/README.md index 1f999792..e5bde360 100644 --- a/README.md +++ b/README.md @@ -742,28 +742,28 @@ No modules. |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | | [lambda\_cloudwatch\_log\_group\_name](#output\_lambda\_cloudwatch\_log\_group\_name) | The name of the Cloudwatch Log Group | +| [lambda\_event\_source\_mapping\_function\_arn](#output\_lambda\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | +| [lambda\_event\_source\_mapping\_state](#output\_lambda\_event\_source\_mapping\_state) | The state of the event source mapping | +| [lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | +| [lambda\_event\_source\_mapping\_uuid](#output\_lambda\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | +| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | +| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | | [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| [this\_lambda\_event\_source\_mapping\_function\_arn](#output\_this\_lambda\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | -| [this\_lambda\_event\_source\_mapping\_state](#output\_this\_lambda\_event\_source\_mapping\_state) | The state of the event source mapping | -| [this\_lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_this\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | -| [this\_lambda\_event\_source\_mapping\_uuid](#output\_this\_lambda\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | -| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | -| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | -| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | ## Authors diff --git a/examples/alias/README.md b/examples/alias/README.md index 0bbd8e25..30d8ec09 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -52,27 +52,27 @@ No inputs. | Name | Description | |------|-------------| +| [lambda\_alias\_arn](#output\_lambda\_alias\_arn) | The ARN of the Lambda Function Alias | +| [lambda\_alias\_description](#output\_lambda\_alias\_description) | Description of alias | +| [lambda\_alias\_function\_version](#output\_lambda\_alias\_function\_version) | Lambda function version which the alias uses | +| [lambda\_alias\_invoke\_arn](#output\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | +| [lambda\_alias\_name](#output\_lambda\_alias\_name) | The name of the Lambda Function Alias | +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | +| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | +| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | | [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| [this\_lambda\_alias\_arn](#output\_this\_lambda\_alias\_arn) | The ARN of the Lambda Function Alias | -| [this\_lambda\_alias\_description](#output\_this\_lambda\_alias\_description) | Description of alias | -| [this\_lambda\_alias\_function\_version](#output\_this\_lambda\_alias\_function\_version) | Lambda function version which the alias uses | -| [this\_lambda\_alias\_invoke\_arn](#output\_this\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | -| [this\_lambda\_alias\_name](#output\_this\_lambda\_alias\_name) | The name of the Lambda Function Alias | -| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | -| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | -| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/alias/main.tf b/examples/alias/main.tf index 2d673ab3..f429bdff 100644 --- a/examples/alias/main.tf +++ b/examples/alias/main.tf @@ -53,8 +53,8 @@ module "alias_no_refresh" { name = "current-no-refresh" - function_name = module.lambda_function.this_lambda_function_name - function_version = module.lambda_function.this_lambda_function_version + function_name = module.lambda_function.lambda_function_name + function_version = module.lambda_function.lambda_function_version # create_version_async_event_config = false # create_async_event_config = true @@ -77,7 +77,7 @@ module "alias_refresh" { name = "current-with-refresh" - function_name = module.lambda_function.this_lambda_function_name + function_name = module.lambda_function.lambda_function_name } module "alias_existing" { @@ -86,8 +86,8 @@ module "alias_existing" { create = true use_existing_alias = true - name = module.alias_refresh.this_lambda_alias_name - function_name = module.lambda_function.this_lambda_function_name + name = module.alias_refresh.lambda_alias_name + function_name = module.lambda_function.lambda_function_name create_async_event_config = true maximum_event_age_in_seconds = 100 diff --git a/examples/alias/outputs.tf b/examples/alias/outputs.tf index 03380965..a2b13ac9 100644 --- a/examples/alias/outputs.tf +++ b/examples/alias/outputs.tf @@ -1,73 +1,73 @@ # Lambda Function -output "this_lambda_function_arn" { +output "lambda_function_arn" { description = "The ARN of the Lambda Function" - value = module.lambda_function.this_lambda_function_arn + value = module.lambda_function.lambda_function_arn } -output "this_lambda_function_invoke_arn" { +output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function.this_lambda_function_invoke_arn + value = module.lambda_function.lambda_function_invoke_arn } -output "this_lambda_function_name" { +output "lambda_function_name" { description = "The name of the Lambda Function" - value = module.lambda_function.this_lambda_function_name + value = module.lambda_function.lambda_function_name } -output "this_lambda_function_qualified_arn" { +output "lambda_function_qualified_arn" { description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function.this_lambda_function_qualified_arn + value = module.lambda_function.lambda_function_qualified_arn } -output "this_lambda_function_version" { +output "lambda_function_version" { description = "Latest published version of Lambda Function" - value = module.lambda_function.this_lambda_function_version + value = module.lambda_function.lambda_function_version } -output "this_lambda_function_last_modified" { +output "lambda_function_last_modified" { description = "The date Lambda Function resource was last modified" - value = module.lambda_function.this_lambda_function_last_modified + value = module.lambda_function.lambda_function_last_modified } -output "this_lambda_function_kms_key_arn" { +output "lambda_function_kms_key_arn" { description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function.this_lambda_function_kms_key_arn + value = module.lambda_function.lambda_function_kms_key_arn } -output "this_lambda_function_source_code_hash" { +output "lambda_function_source_code_hash" { description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function.this_lambda_function_source_code_hash + value = module.lambda_function.lambda_function_source_code_hash } -output "this_lambda_function_source_code_size" { +output "lambda_function_source_code_size" { description = "The size in bytes of the function .zip file" - value = module.lambda_function.this_lambda_function_source_code_size + value = module.lambda_function.lambda_function_source_code_size } # Lambda Layer -output "this_lambda_layer_arn" { +output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" - value = module.lambda_function.this_lambda_layer_arn + value = module.lambda_function.lambda_layer_arn } -output "this_lambda_layer_layer_arn" { +output "lambda_layer_layer_arn" { description = "The ARN of the Lambda Layer without version" - value = module.lambda_function.this_lambda_layer_layer_arn + value = module.lambda_function.lambda_layer_layer_arn } -output "this_lambda_layer_created_date" { +output "lambda_layer_created_date" { description = "The date Lambda Layer resource was created" - value = module.lambda_function.this_lambda_layer_created_date + value = module.lambda_function.lambda_layer_created_date } -output "this_lambda_layer_source_code_size" { +output "lambda_layer_source_code_size" { description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function.this_lambda_layer_source_code_size + value = module.lambda_function.lambda_layer_source_code_size } -output "this_lambda_layer_version" { +output "lambda_layer_version" { description = "The Lambda Layer version" - value = module.lambda_function.this_lambda_layer_version + value = module.lambda_function.lambda_layer_version } # IAM Role @@ -95,27 +95,27 @@ output "s3_object" { ############### # Lambda Alias ############### -output "this_lambda_alias_name" { +output "lambda_alias_name" { description = "The name of the Lambda Function Alias" - value = module.alias_refresh.this_lambda_alias_name + value = module.alias_refresh.lambda_alias_name } -output "this_lambda_alias_arn" { +output "lambda_alias_arn" { description = "The ARN of the Lambda Function Alias" - value = module.alias_refresh.this_lambda_alias_arn + value = module.alias_refresh.lambda_alias_arn } -output "this_lambda_alias_invoke_arn" { +output "lambda_alias_invoke_arn" { description = "The ARN to be used for invoking Lambda Function from API Gateway" - value = module.alias_refresh.this_lambda_alias_invoke_arn + value = module.alias_refresh.lambda_alias_invoke_arn } -output "this_lambda_alias_description" { +output "lambda_alias_description" { description = "Description of alias" - value = module.alias_refresh.this_lambda_alias_description + value = module.alias_refresh.lambda_alias_description } -output "this_lambda_alias_function_version" { +output "lambda_alias_function_version" { description = "Lambda function version which the alias uses" - value = module.alias_refresh.this_lambda_alias_function_version + value = module.alias_refresh.lambda_alias_function_version } diff --git a/examples/async/README.md b/examples/async/README.md index 472d6177..f4774c60 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -53,22 +53,22 @@ No inputs. | Name | Description | |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | +| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | +| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | | [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | -| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | -| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/async/outputs.tf b/examples/async/outputs.tf index c69f2572..bf82a893 100644 --- a/examples/async/outputs.tf +++ b/examples/async/outputs.tf @@ -1,73 +1,73 @@ # Lambda Function -output "this_lambda_function_arn" { +output "lambda_function_arn" { description = "The ARN of the Lambda Function" - value = module.lambda_function.this_lambda_function_arn + value = module.lambda_function.lambda_function_arn } -output "this_lambda_function_invoke_arn" { +output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function.this_lambda_function_invoke_arn + value = module.lambda_function.lambda_function_invoke_arn } -output "this_lambda_function_name" { +output "lambda_function_name" { description = "The name of the Lambda Function" - value = module.lambda_function.this_lambda_function_name + value = module.lambda_function.lambda_function_name } -output "this_lambda_function_qualified_arn" { +output "lambda_function_qualified_arn" { description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function.this_lambda_function_qualified_arn + value = module.lambda_function.lambda_function_qualified_arn } -output "this_lambda_function_version" { +output "lambda_function_version" { description = "Latest published version of Lambda Function" - value = module.lambda_function.this_lambda_function_version + value = module.lambda_function.lambda_function_version } -output "this_lambda_function_last_modified" { +output "lambda_function_last_modified" { description = "The date Lambda Function resource was last modified" - value = module.lambda_function.this_lambda_function_last_modified + value = module.lambda_function.lambda_function_last_modified } -output "this_lambda_function_kms_key_arn" { +output "lambda_function_kms_key_arn" { description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function.this_lambda_function_kms_key_arn + value = module.lambda_function.lambda_function_kms_key_arn } -output "this_lambda_function_source_code_hash" { +output "lambda_function_source_code_hash" { description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function.this_lambda_function_source_code_hash + value = module.lambda_function.lambda_function_source_code_hash } -output "this_lambda_function_source_code_size" { +output "lambda_function_source_code_size" { description = "The size in bytes of the function .zip file" - value = module.lambda_function.this_lambda_function_source_code_size + value = module.lambda_function.lambda_function_source_code_size } # Lambda Layer -output "this_lambda_layer_arn" { +output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" - value = module.lambda_function.this_lambda_layer_arn + value = module.lambda_function.lambda_layer_arn } -output "this_lambda_layer_layer_arn" { +output "lambda_layer_layer_arn" { description = "The ARN of the Lambda Layer without version" - value = module.lambda_function.this_lambda_layer_layer_arn + value = module.lambda_function.lambda_layer_layer_arn } -output "this_lambda_layer_created_date" { +output "lambda_layer_created_date" { description = "The date Lambda Layer resource was created" - value = module.lambda_function.this_lambda_layer_created_date + value = module.lambda_function.lambda_layer_created_date } -output "this_lambda_layer_source_code_size" { +output "lambda_layer_source_code_size" { description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function.this_lambda_layer_source_code_size + value = module.lambda_function.lambda_layer_source_code_size } -output "this_lambda_layer_version" { +output "lambda_layer_version" { description = "The Lambda Layer version" - value = module.lambda_function.this_lambda_layer_version + value = module.lambda_function.lambda_layer_version } # IAM Role diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 1f4fcfc9..47435e55 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -244,6 +244,6 @@ module "lambda_function_from_package" { runtime = "python3.8" layers = [ - module.lambda_layer.this_lambda_layer_arn + module.lambda_layer.lambda_layer_arn ] } diff --git a/examples/build-package/outputs.tf b/examples/build-package/outputs.tf index 7cdd0207..a7b11f8b 100644 --- a/examples/build-package/outputs.tf +++ b/examples/build-package/outputs.tf @@ -1,73 +1,73 @@ ## Lambda Function -#output "this_lambda_function_arn" { +#output "lambda_function_arn" { # description = "The ARN of the Lambda Function" -# value = module.lambda_function_from_package.this_lambda_function_arn +# value = module.lambda_function_from_package.lambda_function_arn #} # -#output "this_lambda_function_invoke_arn" { +#output "lambda_function_invoke_arn" { # description = "The Invoke ARN of the Lambda Function" -# value = module.lambda_function_from_package.this_lambda_function_invoke_arn +# value = module.lambda_function_from_package.lambda_function_invoke_arn #} # -#output "this_lambda_function_name" { +#output "lambda_function_name" { # description = "The name of the Lambda Function" -# value = module.lambda_function_from_package.this_lambda_function_name +# value = module.lambda_function_from_package.lambda_function_name #} # -#output "this_lambda_function_qualified_arn" { +#output "lambda_function_qualified_arn" { # description = "The ARN identifying your Lambda Function Version" -# value = module.lambda_function_from_package.this_lambda_function_qualified_arn +# value = module.lambda_function_from_package.lambda_function_qualified_arn #} # -#output "this_lambda_function_version" { +#output "lambda_function_version" { # description = "Latest published version of Lambda Function" -# value = module.lambda_function_from_package.this_lambda_function_version +# value = module.lambda_function_from_package.lambda_function_version #} # -#output "this_lambda_function_last_modified" { +#output "lambda_function_last_modified" { # description = "The date Lambda Function resource was last modified" -# value = module.lambda_function_from_package.this_lambda_function_last_modified +# value = module.lambda_function_from_package.lambda_function_last_modified #} # -#output "this_lambda_function_kms_key_arn" { +#output "lambda_function_kms_key_arn" { # description = "The ARN for the KMS encryption key of Lambda Function" -# value = module.lambda_function_from_package.this_lambda_function_kms_key_arn +# value = module.lambda_function_from_package.lambda_function_kms_key_arn #} # -#output "this_lambda_function_source_code_hash" { +#output "lambda_function_source_code_hash" { # description = "Base64-encoded representation of raw SHA-256 sum of the zip file" -# value = module.lambda_function_from_package.this_lambda_function_source_code_hash +# value = module.lambda_function_from_package.lambda_function_source_code_hash #} # -#output "this_lambda_function_source_code_size" { +#output "lambda_function_source_code_size" { # description = "The size in bytes of the function .zip file" -# value = module.lambda_function_from_package.this_lambda_function_source_code_size +# value = module.lambda_function_from_package.lambda_function_source_code_size #} # ## Lambda Layer -#output "this_lambda_layer_arn" { +#output "lambda_layer_arn" { # description = "The ARN of the Lambda Layer with version" -# value = module.lambda_function_from_package.this_lambda_layer_arn +# value = module.lambda_function_from_package.lambda_layer_arn #} # -#output "this_lambda_layer_layer_arn" { +#output "lambda_layer_layer_arn" { # description = "The ARN of the Lambda Layer without version" -# value = module.lambda_function_from_package.this_lambda_layer_layer_arn +# value = module.lambda_function_from_package.lambda_layer_layer_arn #} # -#output "this_lambda_layer_created_date" { +#output "lambda_layer_created_date" { # description = "The date Lambda Layer resource was created" -# value = module.lambda_function_from_package.this_lambda_layer_created_date +# value = module.lambda_function_from_package.lambda_layer_created_date #} # -#output "this_lambda_layer_source_code_size" { +#output "lambda_layer_source_code_size" { # description = "The size in bytes of the Lambda Layer .zip file" -# value = module.lambda_function_from_package.this_lambda_layer_source_code_size +# value = module.lambda_function_from_package.lambda_layer_source_code_size #} # -#output "this_lambda_layer_version" { +#output "lambda_layer_version" { # description = "The Lambda Layer version" -# value = module.lambda_function_from_package.this_lambda_layer_version +# value = module.lambda_function_from_package.lambda_layer_version #} # ## IAM Role diff --git a/examples/complete/README.md b/examples/complete/README.md index 10752f33..5cbdce79 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -62,22 +62,22 @@ No inputs. | Name | Description | |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | +| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | +| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | | [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | -| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | -| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 431a58c6..7a189597 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -29,8 +29,8 @@ module "lambda_function" { s3_bucket = module.s3_bucket.s3_bucket_id layers = [ - module.lambda_layer_local.this_lambda_layer_arn, - module.lambda_layer_s3.this_lambda_layer_arn, + module.lambda_layer_local.lambda_layer_arn, + module.lambda_layer_s3.lambda_layer_arn, ] environment_variables = { @@ -146,8 +146,8 @@ module "lambda_function_existing_package_local" { # } layers = [ - module.lambda_layer_local.this_lambda_layer_arn, - module.lambda_layer_s3.this_lambda_layer_arn, + module.lambda_layer_local.lambda_layer_arn, + module.lambda_layer_s3.lambda_layer_arn, ] } diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index a878def0..83dbee63 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -1,73 +1,73 @@ # Lambda Function -output "this_lambda_function_arn" { +output "lambda_function_arn" { description = "The ARN of the Lambda Function" - value = module.lambda_function.this_lambda_function_arn + value = module.lambda_function.lambda_function_arn } -output "this_lambda_function_invoke_arn" { +output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function.this_lambda_function_invoke_arn + value = module.lambda_function.lambda_function_invoke_arn } -output "this_lambda_function_name" { +output "lambda_function_name" { description = "The name of the Lambda Function" - value = module.lambda_function.this_lambda_function_name + value = module.lambda_function.lambda_function_name } -output "this_lambda_function_qualified_arn" { +output "lambda_function_qualified_arn" { description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function.this_lambda_function_qualified_arn + value = module.lambda_function.lambda_function_qualified_arn } -output "this_lambda_function_version" { +output "lambda_function_version" { description = "Latest published version of Lambda Function" - value = module.lambda_function.this_lambda_function_version + value = module.lambda_function.lambda_function_version } -output "this_lambda_function_last_modified" { +output "lambda_function_last_modified" { description = "The date Lambda Function resource was last modified" - value = module.lambda_function.this_lambda_function_last_modified + value = module.lambda_function.lambda_function_last_modified } -output "this_lambda_function_kms_key_arn" { +output "lambda_function_kms_key_arn" { description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function.this_lambda_function_kms_key_arn + value = module.lambda_function.lambda_function_kms_key_arn } -output "this_lambda_function_source_code_hash" { +output "lambda_function_source_code_hash" { description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function.this_lambda_function_source_code_hash + value = module.lambda_function.lambda_function_source_code_hash } -output "this_lambda_function_source_code_size" { +output "lambda_function_source_code_size" { description = "The size in bytes of the function .zip file" - value = module.lambda_function.this_lambda_function_source_code_size + value = module.lambda_function.lambda_function_source_code_size } # Lambda Layer -output "this_lambda_layer_arn" { +output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" - value = module.lambda_function.this_lambda_layer_arn + value = module.lambda_function.lambda_layer_arn } -output "this_lambda_layer_layer_arn" { +output "lambda_layer_layer_arn" { description = "The ARN of the Lambda Layer without version" - value = module.lambda_function.this_lambda_layer_layer_arn + value = module.lambda_function.lambda_layer_layer_arn } -output "this_lambda_layer_created_date" { +output "lambda_layer_created_date" { description = "The date Lambda Layer resource was created" - value = module.lambda_function.this_lambda_layer_created_date + value = module.lambda_function.lambda_layer_created_date } -output "this_lambda_layer_source_code_size" { +output "lambda_layer_source_code_size" { description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function.this_lambda_layer_source_code_size + value = module.lambda_function.lambda_layer_source_code_size } -output "this_lambda_layer_version" { +output "lambda_layer_version" { description = "The Lambda Layer version" - value = module.lambda_function.this_lambda_layer_version + value = module.lambda_function.lambda_layer_version } # IAM Role diff --git a/examples/container-image/README.md b/examples/container-image/README.md index caae5b98..1eb229af 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -58,20 +58,20 @@ No inputs. | Name | Description | |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | +| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | +| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | | [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | -| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | -| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | -| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/container-image/outputs.tf b/examples/container-image/outputs.tf index ae487707..b3f3ea28 100644 --- a/examples/container-image/outputs.tf +++ b/examples/container-image/outputs.tf @@ -1,73 +1,73 @@ # Lambda Function -output "this_lambda_function_arn" { +output "lambda_function_arn" { description = "The ARN of the Lambda Function" - value = module.lambda_function_from_container_image.this_lambda_function_arn + value = module.lambda_function_from_container_image.lambda_function_arn } -output "this_lambda_function_invoke_arn" { +output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function_from_container_image.this_lambda_function_invoke_arn + value = module.lambda_function_from_container_image.lambda_function_invoke_arn } -output "this_lambda_function_name" { +output "lambda_function_name" { description = "The name of the Lambda Function" - value = module.lambda_function_from_container_image.this_lambda_function_name + value = module.lambda_function_from_container_image.lambda_function_name } -output "this_lambda_function_qualified_arn" { +output "lambda_function_qualified_arn" { description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function_from_container_image.this_lambda_function_qualified_arn + value = module.lambda_function_from_container_image.lambda_function_qualified_arn } -output "this_lambda_function_version" { +output "lambda_function_version" { description = "Latest published version of Lambda Function" - value = module.lambda_function_from_container_image.this_lambda_function_version + value = module.lambda_function_from_container_image.lambda_function_version } -output "this_lambda_function_last_modified" { +output "lambda_function_last_modified" { description = "The date Lambda Function resource was last modified" - value = module.lambda_function_from_container_image.this_lambda_function_last_modified + value = module.lambda_function_from_container_image.lambda_function_last_modified } -output "this_lambda_function_kms_key_arn" { +output "lambda_function_kms_key_arn" { description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function_from_container_image.this_lambda_function_kms_key_arn + value = module.lambda_function_from_container_image.lambda_function_kms_key_arn } -output "this_lambda_function_source_code_hash" { +output "lambda_function_source_code_hash" { description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function_from_container_image.this_lambda_function_source_code_hash + value = module.lambda_function_from_container_image.lambda_function_source_code_hash } -output "this_lambda_function_source_code_size" { +output "lambda_function_source_code_size" { description = "The size in bytes of the function .zip file" - value = module.lambda_function_from_container_image.this_lambda_function_source_code_size + value = module.lambda_function_from_container_image.lambda_function_source_code_size } # Lambda Layer -output "this_lambda_layer_arn" { +output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" - value = module.lambda_function_from_container_image.this_lambda_layer_arn + value = module.lambda_function_from_container_image.lambda_layer_arn } -output "this_lambda_layer_layer_arn" { +output "lambda_layer_layer_arn" { description = "The ARN of the Lambda Layer without version" - value = module.lambda_function_from_container_image.this_lambda_layer_layer_arn + value = module.lambda_function_from_container_image.lambda_layer_layer_arn } -output "this_lambda_layer_created_date" { +output "lambda_layer_created_date" { description = "The date Lambda Layer resource was created" - value = module.lambda_function_from_container_image.this_lambda_layer_created_date + value = module.lambda_function_from_container_image.lambda_layer_created_date } -output "this_lambda_layer_source_code_size" { +output "lambda_layer_source_code_size" { description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function_from_container_image.this_lambda_layer_source_code_size + value = module.lambda_function_from_container_image.lambda_layer_source_code_size } -output "this_lambda_layer_version" { +output "lambda_layer_version" { description = "The Lambda Layer version" - value = module.lambda_function_from_container_image.this_lambda_layer_version + value = module.lambda_function_from_container_image.lambda_layer_version } # IAM Role diff --git a/examples/deploy/main.tf b/examples/deploy/main.tf index d0ecd90b..8c9a6bd1 100644 --- a/examples/deploy/main.tf +++ b/examples/deploy/main.tf @@ -39,20 +39,20 @@ module "alias_refresh" { name = "current-with-refresh" - function_name = module.lambda_function.this_lambda_function_name + function_name = module.lambda_function.lambda_function_name # Set function_version when creating alias to be able to deploy using it, # because AWS CodeDeploy doesn't understand $LATEST as CurrentVersion. - function_version = module.lambda_function.this_lambda_function_version + function_version = module.lambda_function.lambda_function_version } module "deploy" { source = "../../modules/deploy" - alias_name = module.alias_refresh.this_lambda_alias_name - function_name = module.lambda_function.this_lambda_function_name + alias_name = module.alias_refresh.lambda_alias_name + function_name = module.lambda_function.lambda_function_name - target_version = module.lambda_function.this_lambda_function_version + target_version = module.lambda_function.lambda_function_version description = "This is my awesome deploy!" create_app = true diff --git a/examples/event-source-mapping/outputs.tf b/examples/event-source-mapping/outputs.tf index 3e78ca90..ad8a35c6 100644 --- a/examples/event-source-mapping/outputs.tf +++ b/examples/event-source-mapping/outputs.tf @@ -1,66 +1,66 @@ # Lambda Function -output "this_lambda_function_arn" { +output "lambda_function_arn" { description = "The ARN of the Lambda Function" - value = module.lambda_function.this_lambda_function_arn + value = module.lambda_function.lambda_function_arn } -output "this_lambda_function_invoke_arn" { +output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function.this_lambda_function_invoke_arn + value = module.lambda_function.lambda_function_invoke_arn } -output "this_lambda_function_name" { +output "lambda_function_name" { description = "The name of the Lambda Function" - value = module.lambda_function.this_lambda_function_name + value = module.lambda_function.lambda_function_name } -output "this_lambda_function_qualified_arn" { +output "lambda_function_qualified_arn" { description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function.this_lambda_function_qualified_arn + value = module.lambda_function.lambda_function_qualified_arn } -output "this_lambda_function_version" { +output "lambda_function_version" { description = "Latest published version of Lambda Function" - value = module.lambda_function.this_lambda_function_version + value = module.lambda_function.lambda_function_version } -output "this_lambda_function_last_modified" { +output "lambda_function_last_modified" { description = "The date Lambda Function resource was last modified" - value = module.lambda_function.this_lambda_function_last_modified + value = module.lambda_function.lambda_function_last_modified } -output "this_lambda_function_kms_key_arn" { +output "lambda_function_kms_key_arn" { description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function.this_lambda_function_kms_key_arn + value = module.lambda_function.lambda_function_kms_key_arn } -output "this_lambda_function_source_code_hash" { +output "lambda_function_source_code_hash" { description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function.this_lambda_function_source_code_hash + value = module.lambda_function.lambda_function_source_code_hash } -output "this_lambda_function_source_code_size" { +output "lambda_function_source_code_size" { description = "The size in bytes of the function .zip file" - value = module.lambda_function.this_lambda_function_source_code_size + value = module.lambda_function.lambda_function_source_code_size } # Lambda Event Source Mapping -output "this_lambda_event_source_mapping_function_arn" { +output "lambda_event_source_mapping_function_arn" { description = "The the ARN of the Lambda function the event source mapping is sending events to" - value = module.lambda_function.this_lambda_event_source_mapping_function_arn + value = module.lambda_function.lambda_event_source_mapping_function_arn } -output "this_lambda_event_source_mapping_state" { +output "lambda_event_source_mapping_state" { description = "The state of the event source mapping" - value = module.lambda_function.this_lambda_event_source_mapping_state + value = module.lambda_function.lambda_event_source_mapping_state } -output "this_lambda_event_source_mapping_state_transition_reason" { +output "lambda_event_source_mapping_state_transition_reason" { description = "The reason the event source mapping is in its current state" - value = module.lambda_function.this_lambda_event_source_mapping_state_transition_reason + value = module.lambda_function.lambda_event_source_mapping_state_transition_reason } -output "this_lambda_event_source_mapping_uuid" { +output "lambda_event_source_mapping_uuid" { description = "The UUID of the created event source mapping" - value = module.lambda_function.this_lambda_event_source_mapping_uuid + value = module.lambda_function.lambda_event_source_mapping_uuid } diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 1c4b5e8e..7c27e2ef 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -56,22 +56,22 @@ No inputs. | Name | Description | |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | +| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | +| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | | [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | -| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | -| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/multiple-regions/outputs.tf b/examples/multiple-regions/outputs.tf index a878def0..83dbee63 100644 --- a/examples/multiple-regions/outputs.tf +++ b/examples/multiple-regions/outputs.tf @@ -1,73 +1,73 @@ # Lambda Function -output "this_lambda_function_arn" { +output "lambda_function_arn" { description = "The ARN of the Lambda Function" - value = module.lambda_function.this_lambda_function_arn + value = module.lambda_function.lambda_function_arn } -output "this_lambda_function_invoke_arn" { +output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function.this_lambda_function_invoke_arn + value = module.lambda_function.lambda_function_invoke_arn } -output "this_lambda_function_name" { +output "lambda_function_name" { description = "The name of the Lambda Function" - value = module.lambda_function.this_lambda_function_name + value = module.lambda_function.lambda_function_name } -output "this_lambda_function_qualified_arn" { +output "lambda_function_qualified_arn" { description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function.this_lambda_function_qualified_arn + value = module.lambda_function.lambda_function_qualified_arn } -output "this_lambda_function_version" { +output "lambda_function_version" { description = "Latest published version of Lambda Function" - value = module.lambda_function.this_lambda_function_version + value = module.lambda_function.lambda_function_version } -output "this_lambda_function_last_modified" { +output "lambda_function_last_modified" { description = "The date Lambda Function resource was last modified" - value = module.lambda_function.this_lambda_function_last_modified + value = module.lambda_function.lambda_function_last_modified } -output "this_lambda_function_kms_key_arn" { +output "lambda_function_kms_key_arn" { description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function.this_lambda_function_kms_key_arn + value = module.lambda_function.lambda_function_kms_key_arn } -output "this_lambda_function_source_code_hash" { +output "lambda_function_source_code_hash" { description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function.this_lambda_function_source_code_hash + value = module.lambda_function.lambda_function_source_code_hash } -output "this_lambda_function_source_code_size" { +output "lambda_function_source_code_size" { description = "The size in bytes of the function .zip file" - value = module.lambda_function.this_lambda_function_source_code_size + value = module.lambda_function.lambda_function_source_code_size } # Lambda Layer -output "this_lambda_layer_arn" { +output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" - value = module.lambda_function.this_lambda_layer_arn + value = module.lambda_function.lambda_layer_arn } -output "this_lambda_layer_layer_arn" { +output "lambda_layer_layer_arn" { description = "The ARN of the Lambda Layer without version" - value = module.lambda_function.this_lambda_layer_layer_arn + value = module.lambda_function.lambda_layer_layer_arn } -output "this_lambda_layer_created_date" { +output "lambda_layer_created_date" { description = "The date Lambda Layer resource was created" - value = module.lambda_function.this_lambda_layer_created_date + value = module.lambda_function.lambda_layer_created_date } -output "this_lambda_layer_source_code_size" { +output "lambda_layer_source_code_size" { description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function.this_lambda_layer_source_code_size + value = module.lambda_function.lambda_layer_source_code_size } -output "this_lambda_layer_version" { +output "lambda_layer_version" { description = "The Lambda Layer version" - value = module.lambda_function.this_lambda_layer_version + value = module.lambda_function.lambda_layer_version } # IAM Role diff --git a/examples/simple/README.md b/examples/simple/README.md index 0ff3061b..879cff46 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -50,22 +50,22 @@ No inputs. | Name | Description | |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | +| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | +| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | | [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | -| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | -| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/simple/outputs.tf b/examples/simple/outputs.tf index a878def0..83dbee63 100644 --- a/examples/simple/outputs.tf +++ b/examples/simple/outputs.tf @@ -1,73 +1,73 @@ # Lambda Function -output "this_lambda_function_arn" { +output "lambda_function_arn" { description = "The ARN of the Lambda Function" - value = module.lambda_function.this_lambda_function_arn + value = module.lambda_function.lambda_function_arn } -output "this_lambda_function_invoke_arn" { +output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function.this_lambda_function_invoke_arn + value = module.lambda_function.lambda_function_invoke_arn } -output "this_lambda_function_name" { +output "lambda_function_name" { description = "The name of the Lambda Function" - value = module.lambda_function.this_lambda_function_name + value = module.lambda_function.lambda_function_name } -output "this_lambda_function_qualified_arn" { +output "lambda_function_qualified_arn" { description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function.this_lambda_function_qualified_arn + value = module.lambda_function.lambda_function_qualified_arn } -output "this_lambda_function_version" { +output "lambda_function_version" { description = "Latest published version of Lambda Function" - value = module.lambda_function.this_lambda_function_version + value = module.lambda_function.lambda_function_version } -output "this_lambda_function_last_modified" { +output "lambda_function_last_modified" { description = "The date Lambda Function resource was last modified" - value = module.lambda_function.this_lambda_function_last_modified + value = module.lambda_function.lambda_function_last_modified } -output "this_lambda_function_kms_key_arn" { +output "lambda_function_kms_key_arn" { description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function.this_lambda_function_kms_key_arn + value = module.lambda_function.lambda_function_kms_key_arn } -output "this_lambda_function_source_code_hash" { +output "lambda_function_source_code_hash" { description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function.this_lambda_function_source_code_hash + value = module.lambda_function.lambda_function_source_code_hash } -output "this_lambda_function_source_code_size" { +output "lambda_function_source_code_size" { description = "The size in bytes of the function .zip file" - value = module.lambda_function.this_lambda_function_source_code_size + value = module.lambda_function.lambda_function_source_code_size } # Lambda Layer -output "this_lambda_layer_arn" { +output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" - value = module.lambda_function.this_lambda_layer_arn + value = module.lambda_function.lambda_layer_arn } -output "this_lambda_layer_layer_arn" { +output "lambda_layer_layer_arn" { description = "The ARN of the Lambda Layer without version" - value = module.lambda_function.this_lambda_layer_layer_arn + value = module.lambda_function.lambda_layer_layer_arn } -output "this_lambda_layer_created_date" { +output "lambda_layer_created_date" { description = "The date Lambda Layer resource was created" - value = module.lambda_function.this_lambda_layer_created_date + value = module.lambda_function.lambda_layer_created_date } -output "this_lambda_layer_source_code_size" { +output "lambda_layer_source_code_size" { description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function.this_lambda_layer_source_code_size + value = module.lambda_function.lambda_layer_source_code_size } -output "this_lambda_layer_version" { +output "lambda_layer_version" { description = "The Lambda Layer version" - value = module.lambda_function.this_lambda_layer_version + value = module.lambda_function.lambda_layer_version } # IAM Role diff --git a/examples/triggers/README.md b/examples/triggers/README.md index 2da7580d..4d0ea282 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -54,22 +54,22 @@ No inputs. | Name | Description | |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | +| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | +| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | | [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | -| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | -| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/triggers/main.tf b/examples/triggers/main.tf index a5545c92..b207c075 100644 --- a/examples/triggers/main.tf +++ b/examples/triggers/main.tf @@ -61,5 +61,5 @@ EOF resource "aws_cloudwatch_event_target" "scan_ami_lambda_function" { rule = aws_cloudwatch_event_rule.scan_ami.name - arn = module.lambda_function.this_lambda_function_arn + arn = module.lambda_function.lambda_function_arn } diff --git a/examples/triggers/outputs.tf b/examples/triggers/outputs.tf index a878def0..83dbee63 100644 --- a/examples/triggers/outputs.tf +++ b/examples/triggers/outputs.tf @@ -1,73 +1,73 @@ # Lambda Function -output "this_lambda_function_arn" { +output "lambda_function_arn" { description = "The ARN of the Lambda Function" - value = module.lambda_function.this_lambda_function_arn + value = module.lambda_function.lambda_function_arn } -output "this_lambda_function_invoke_arn" { +output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function.this_lambda_function_invoke_arn + value = module.lambda_function.lambda_function_invoke_arn } -output "this_lambda_function_name" { +output "lambda_function_name" { description = "The name of the Lambda Function" - value = module.lambda_function.this_lambda_function_name + value = module.lambda_function.lambda_function_name } -output "this_lambda_function_qualified_arn" { +output "lambda_function_qualified_arn" { description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function.this_lambda_function_qualified_arn + value = module.lambda_function.lambda_function_qualified_arn } -output "this_lambda_function_version" { +output "lambda_function_version" { description = "Latest published version of Lambda Function" - value = module.lambda_function.this_lambda_function_version + value = module.lambda_function.lambda_function_version } -output "this_lambda_function_last_modified" { +output "lambda_function_last_modified" { description = "The date Lambda Function resource was last modified" - value = module.lambda_function.this_lambda_function_last_modified + value = module.lambda_function.lambda_function_last_modified } -output "this_lambda_function_kms_key_arn" { +output "lambda_function_kms_key_arn" { description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function.this_lambda_function_kms_key_arn + value = module.lambda_function.lambda_function_kms_key_arn } -output "this_lambda_function_source_code_hash" { +output "lambda_function_source_code_hash" { description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function.this_lambda_function_source_code_hash + value = module.lambda_function.lambda_function_source_code_hash } -output "this_lambda_function_source_code_size" { +output "lambda_function_source_code_size" { description = "The size in bytes of the function .zip file" - value = module.lambda_function.this_lambda_function_source_code_size + value = module.lambda_function.lambda_function_source_code_size } # Lambda Layer -output "this_lambda_layer_arn" { +output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" - value = module.lambda_function.this_lambda_layer_arn + value = module.lambda_function.lambda_layer_arn } -output "this_lambda_layer_layer_arn" { +output "lambda_layer_layer_arn" { description = "The ARN of the Lambda Layer without version" - value = module.lambda_function.this_lambda_layer_layer_arn + value = module.lambda_function.lambda_layer_layer_arn } -output "this_lambda_layer_created_date" { +output "lambda_layer_created_date" { description = "The date Lambda Layer resource was created" - value = module.lambda_function.this_lambda_layer_created_date + value = module.lambda_function.lambda_layer_created_date } -output "this_lambda_layer_source_code_size" { +output "lambda_layer_source_code_size" { description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function.this_lambda_layer_source_code_size + value = module.lambda_function.lambda_layer_source_code_size } -output "this_lambda_layer_version" { +output "lambda_layer_version" { description = "The Lambda Layer version" - value = module.lambda_function.this_lambda_layer_version + value = module.lambda_function.lambda_layer_version } # IAM Role diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index 8ef74a1a..e53836b9 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -56,22 +56,22 @@ No inputs. | Name | Description | |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | +| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | +| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | | [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | -| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | -| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/with-efs/outputs.tf b/examples/with-efs/outputs.tf index 6417f50d..1e6e0ac6 100644 --- a/examples/with-efs/outputs.tf +++ b/examples/with-efs/outputs.tf @@ -1,73 +1,73 @@ # Lambda Function -output "this_lambda_function_arn" { +output "lambda_function_arn" { description = "The ARN of the Lambda Function" - value = module.lambda_function_with_efs.this_lambda_function_arn + value = module.lambda_function_with_efs.lambda_function_arn } -output "this_lambda_function_invoke_arn" { +output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function_with_efs.this_lambda_function_invoke_arn + value = module.lambda_function_with_efs.lambda_function_invoke_arn } -output "this_lambda_function_name" { +output "lambda_function_name" { description = "The name of the Lambda Function" - value = module.lambda_function_with_efs.this_lambda_function_name + value = module.lambda_function_with_efs.lambda_function_name } -output "this_lambda_function_qualified_arn" { +output "lambda_function_qualified_arn" { description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function_with_efs.this_lambda_function_qualified_arn + value = module.lambda_function_with_efs.lambda_function_qualified_arn } -output "this_lambda_function_version" { +output "lambda_function_version" { description = "Latest published version of Lambda Function" - value = module.lambda_function_with_efs.this_lambda_function_version + value = module.lambda_function_with_efs.lambda_function_version } -output "this_lambda_function_last_modified" { +output "lambda_function_last_modified" { description = "The date Lambda Function resource was last modified" - value = module.lambda_function_with_efs.this_lambda_function_last_modified + value = module.lambda_function_with_efs.lambda_function_last_modified } -output "this_lambda_function_kms_key_arn" { +output "lambda_function_kms_key_arn" { description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function_with_efs.this_lambda_function_kms_key_arn + value = module.lambda_function_with_efs.lambda_function_kms_key_arn } -output "this_lambda_function_source_code_hash" { +output "lambda_function_source_code_hash" { description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function_with_efs.this_lambda_function_source_code_hash + value = module.lambda_function_with_efs.lambda_function_source_code_hash } -output "this_lambda_function_source_code_size" { +output "lambda_function_source_code_size" { description = "The size in bytes of the function .zip file" - value = module.lambda_function_with_efs.this_lambda_function_source_code_size + value = module.lambda_function_with_efs.lambda_function_source_code_size } # Lambda Layer -output "this_lambda_layer_arn" { +output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" - value = module.lambda_function_with_efs.this_lambda_layer_arn + value = module.lambda_function_with_efs.lambda_layer_arn } -output "this_lambda_layer_layer_arn" { +output "lambda_layer_layer_arn" { description = "The ARN of the Lambda Layer without version" - value = module.lambda_function_with_efs.this_lambda_layer_layer_arn + value = module.lambda_function_with_efs.lambda_layer_layer_arn } -output "this_lambda_layer_created_date" { +output "lambda_layer_created_date" { description = "The date Lambda Layer resource was created" - value = module.lambda_function_with_efs.this_lambda_layer_created_date + value = module.lambda_function_with_efs.lambda_layer_created_date } -output "this_lambda_layer_source_code_size" { +output "lambda_layer_source_code_size" { description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function_with_efs.this_lambda_layer_source_code_size + value = module.lambda_function_with_efs.lambda_layer_source_code_size } -output "this_lambda_layer_version" { +output "lambda_layer_version" { description = "The Lambda Layer version" - value = module.lambda_function_with_efs.this_lambda_layer_version + value = module.lambda_function_with_efs.lambda_layer_version } # IAM Role diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 4776d667..21d60def 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -53,22 +53,22 @@ No inputs. | Name | Description | |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | +| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | +| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | | [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | -| [this\_lambda\_function\_arn](#output\_this\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [this\_lambda\_function\_invoke\_arn](#output\_this\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [this\_lambda\_function\_kms\_key\_arn](#output\_this\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | -| [this\_lambda\_function\_last\_modified](#output\_this\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [this\_lambda\_function\_name](#output\_this\_lambda\_function\_name) | The name of the Lambda Function | -| [this\_lambda\_function\_qualified\_arn](#output\_this\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [this\_lambda\_function\_source\_code\_hash](#output\_this\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [this\_lambda\_function\_source\_code\_size](#output\_this\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [this\_lambda\_function\_version](#output\_this\_lambda\_function\_version) | Latest published version of Lambda Function | -| [this\_lambda\_layer\_arn](#output\_this\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | -| [this\_lambda\_layer\_created\_date](#output\_this\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | -| [this\_lambda\_layer\_layer\_arn](#output\_this\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | -| [this\_lambda\_layer\_source\_code\_size](#output\_this\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | -| [this\_lambda\_layer\_version](#output\_this\_lambda\_layer\_version) | The Lambda Layer version | diff --git a/examples/with-vpc/outputs.tf b/examples/with-vpc/outputs.tf index a505c0de..a77d28a7 100644 --- a/examples/with-vpc/outputs.tf +++ b/examples/with-vpc/outputs.tf @@ -1,73 +1,73 @@ # Lambda Function -output "this_lambda_function_arn" { +output "lambda_function_arn" { description = "The ARN of the Lambda Function" - value = module.lambda_function_in_vpc.this_lambda_function_arn + value = module.lambda_function_in_vpc.lambda_function_arn } -output "this_lambda_function_invoke_arn" { +output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function_in_vpc.this_lambda_function_invoke_arn + value = module.lambda_function_in_vpc.lambda_function_invoke_arn } -output "this_lambda_function_name" { +output "lambda_function_name" { description = "The name of the Lambda Function" - value = module.lambda_function_in_vpc.this_lambda_function_name + value = module.lambda_function_in_vpc.lambda_function_name } -output "this_lambda_function_qualified_arn" { +output "lambda_function_qualified_arn" { description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function_in_vpc.this_lambda_function_qualified_arn + value = module.lambda_function_in_vpc.lambda_function_qualified_arn } -output "this_lambda_function_version" { +output "lambda_function_version" { description = "Latest published version of Lambda Function" - value = module.lambda_function_in_vpc.this_lambda_function_version + value = module.lambda_function_in_vpc.lambda_function_version } -output "this_lambda_function_last_modified" { +output "lambda_function_last_modified" { description = "The date Lambda Function resource was last modified" - value = module.lambda_function_in_vpc.this_lambda_function_last_modified + value = module.lambda_function_in_vpc.lambda_function_last_modified } -output "this_lambda_function_kms_key_arn" { +output "lambda_function_kms_key_arn" { description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function_in_vpc.this_lambda_function_kms_key_arn + value = module.lambda_function_in_vpc.lambda_function_kms_key_arn } -output "this_lambda_function_source_code_hash" { +output "lambda_function_source_code_hash" { description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function_in_vpc.this_lambda_function_source_code_hash + value = module.lambda_function_in_vpc.lambda_function_source_code_hash } -output "this_lambda_function_source_code_size" { +output "lambda_function_source_code_size" { description = "The size in bytes of the function .zip file" - value = module.lambda_function_in_vpc.this_lambda_function_source_code_size + value = module.lambda_function_in_vpc.lambda_function_source_code_size } # Lambda Layer -output "this_lambda_layer_arn" { +output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" - value = module.lambda_function_in_vpc.this_lambda_layer_arn + value = module.lambda_function_in_vpc.lambda_layer_arn } -output "this_lambda_layer_layer_arn" { +output "lambda_layer_layer_arn" { description = "The ARN of the Lambda Layer without version" - value = module.lambda_function_in_vpc.this_lambda_layer_layer_arn + value = module.lambda_function_in_vpc.lambda_layer_layer_arn } -output "this_lambda_layer_created_date" { +output "lambda_layer_created_date" { description = "The date Lambda Layer resource was created" - value = module.lambda_function_in_vpc.this_lambda_layer_created_date + value = module.lambda_function_in_vpc.lambda_layer_created_date } -output "this_lambda_layer_source_code_size" { +output "lambda_layer_source_code_size" { description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function_in_vpc.this_lambda_layer_source_code_size + value = module.lambda_function_in_vpc.lambda_layer_source_code_size } -output "this_lambda_layer_version" { +output "lambda_layer_version" { description = "The Lambda Layer version" - value = module.lambda_function_in_vpc.this_lambda_layer_version + value = module.lambda_function_in_vpc.lambda_layer_version } # IAM Role diff --git a/modules/alias/README.md b/modules/alias/README.md index d12c2c5c..ca580037 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -166,11 +166,11 @@ No modules. | Name | Description | |------|-------------| -| [this\_lambda\_alias\_arn](#output\_this\_lambda\_alias\_arn) | The ARN of the Lambda Function Alias | -| [this\_lambda\_alias\_description](#output\_this\_lambda\_alias\_description) | Description of alias | -| [this\_lambda\_alias\_function\_version](#output\_this\_lambda\_alias\_function\_version) | Lambda function version which the alias uses | -| [this\_lambda\_alias\_invoke\_arn](#output\_this\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | -| [this\_lambda\_alias\_name](#output\_this\_lambda\_alias\_name) | The name of the Lambda Function Alias | +| [lambda\_alias\_arn](#output\_lambda\_alias\_arn) | The ARN of the Lambda Function Alias | +| [lambda\_alias\_description](#output\_lambda\_alias\_description) | Description of alias | +| [lambda\_alias\_function\_version](#output\_lambda\_alias\_function\_version) | Lambda function version which the alias uses | +| [lambda\_alias\_invoke\_arn](#output\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | +| [lambda\_alias\_name](#output\_lambda\_alias\_name) | The name of the Lambda Function Alias | ## Authors diff --git a/modules/alias/outputs.tf b/modules/alias/outputs.tf index 3e284331..7582b0be 100644 --- a/modules/alias/outputs.tf +++ b/modules/alias/outputs.tf @@ -1,25 +1,25 @@ # Lambda Alias -output "this_lambda_alias_name" { +output "lambda_alias_name" { description = "The name of the Lambda Function Alias" value = element(concat(data.aws_lambda_alias.existing.*.name, aws_lambda_alias.with_refresh.*.name, aws_lambda_alias.no_refresh.*.name, [""]), 0) } -output "this_lambda_alias_arn" { +output "lambda_alias_arn" { description = "The ARN of the Lambda Function Alias" value = element(concat(data.aws_lambda_alias.existing.*.arn, aws_lambda_alias.with_refresh.*.arn, aws_lambda_alias.no_refresh.*.arn, [""]), 0) } -output "this_lambda_alias_invoke_arn" { +output "lambda_alias_invoke_arn" { description = "The ARN to be used for invoking Lambda Function from API Gateway" value = element(concat(data.aws_lambda_alias.existing.*.invoke_arn, aws_lambda_alias.with_refresh.*.invoke_arn, aws_lambda_alias.no_refresh.*.invoke_arn, [""]), 0) } -output "this_lambda_alias_description" { +output "lambda_alias_description" { description = "Description of alias" value = element(concat(data.aws_lambda_alias.existing.*.description, aws_lambda_alias.with_refresh.*.description, aws_lambda_alias.no_refresh.*.description, [""]), 0) } -output "this_lambda_alias_function_version" { +output "lambda_alias_function_version" { description = "Lambda function version which the alias uses" value = element(concat(data.aws_lambda_alias.existing.*.function_version, aws_lambda_alias.with_refresh.*.function_version, aws_lambda_alias.no_refresh.*.function_version, [""]), 0) } diff --git a/outputs.tf b/outputs.tf index 9edbdfcf..90bae655 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,92 +1,92 @@ # Lambda Function -output "this_lambda_function_arn" { +output "lambda_function_arn" { description = "The ARN of the Lambda Function" value = element(concat(aws_lambda_function.this.*.arn, [""]), 0) } -output "this_lambda_function_invoke_arn" { +output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" value = element(concat(aws_lambda_function.this.*.invoke_arn, [""]), 0) } -output "this_lambda_function_name" { +output "lambda_function_name" { description = "The name of the Lambda Function" value = element(concat(aws_lambda_function.this.*.function_name, [""]), 0) } -output "this_lambda_function_qualified_arn" { +output "lambda_function_qualified_arn" { description = "The ARN identifying your Lambda Function Version" value = element(concat(aws_lambda_function.this.*.qualified_arn, [""]), 0) } -output "this_lambda_function_version" { +output "lambda_function_version" { description = "Latest published version of Lambda Function" value = element(concat(aws_lambda_function.this.*.version, [""]), 0) } -output "this_lambda_function_last_modified" { +output "lambda_function_last_modified" { description = "The date Lambda Function resource was last modified" value = element(concat(aws_lambda_function.this.*.last_modified, [""]), 0) } -output "this_lambda_function_kms_key_arn" { +output "lambda_function_kms_key_arn" { description = "The ARN for the KMS encryption key of Lambda Function" value = element(concat(aws_lambda_function.this.*.kms_key_arn, [""]), 0) } -output "this_lambda_function_source_code_hash" { +output "lambda_function_source_code_hash" { description = "Base64-encoded representation of raw SHA-256 sum of the zip file" value = element(concat(aws_lambda_function.this.*.source_code_hash, [""]), 0) } -output "this_lambda_function_source_code_size" { +output "lambda_function_source_code_size" { description = "The size in bytes of the function .zip file" value = element(concat(aws_lambda_function.this.*.source_code_size, [""]), 0) } # Lambda Layer -output "this_lambda_layer_arn" { +output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" value = element(concat(aws_lambda_layer_version.this.*.arn, [""]), 0) } -output "this_lambda_layer_layer_arn" { +output "lambda_layer_layer_arn" { description = "The ARN of the Lambda Layer without version" value = element(concat(aws_lambda_layer_version.this.*.layer_arn, [""]), 0) } -output "this_lambda_layer_created_date" { +output "lambda_layer_created_date" { description = "The date Lambda Layer resource was created" value = element(concat(aws_lambda_layer_version.this.*.created_date, [""]), 0) } -output "this_lambda_layer_source_code_size" { +output "lambda_layer_source_code_size" { description = "The size in bytes of the Lambda Layer .zip file" value = element(concat(aws_lambda_layer_version.this.*.source_code_size, [""]), 0) } -output "this_lambda_layer_version" { +output "lambda_layer_version" { description = "The Lambda Layer version" value = element(concat(aws_lambda_layer_version.this.*.version, [""]), 0) } # Lambda Event Source Mapping -output "this_lambda_event_source_mapping_function_arn" { +output "lambda_event_source_mapping_function_arn" { description = "The the ARN of the Lambda function the event source mapping is sending events to" value = { for k, v in aws_lambda_event_source_mapping.this : k => v.function_arn } } -output "this_lambda_event_source_mapping_state" { +output "lambda_event_source_mapping_state" { description = "The state of the event source mapping" value = { for k, v in aws_lambda_event_source_mapping.this : k => v.state } } -output "this_lambda_event_source_mapping_state_transition_reason" { +output "lambda_event_source_mapping_state_transition_reason" { description = "The reason the event source mapping is in its current state" value = { for k, v in aws_lambda_event_source_mapping.this : k => v.state_transition_reason } } -output "this_lambda_event_source_mapping_uuid" { +output "lambda_event_source_mapping_uuid" { description = "The UUID of the created event source mapping" value = { for k, v in aws_lambda_event_source_mapping.this : k => v.uuid } } From 1c4288eb7c8175450ae50fd7bda54aa79444ed0f Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 26 Apr 2021 20:34:38 +0200 Subject: [PATCH 079/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f57d288e..c50be270 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.0.0] - 2021-04-26 + +- feat: Shorten outputs (removing this_) ([#148](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/148)) + + ## [v1.48.0] - 2021-04-26 @@ -407,7 +413,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.48.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.0.0...HEAD +[v2.0.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.48.0...v2.0.0 [v1.48.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.47.0...v1.48.0 [v1.47.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.46.0...v1.47.0 [v1.46.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.45.0...v1.46.0 From 05cd3ecdef00be4393233fe852875961941ebd46 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 28 Apr 2021 18:47:29 +0200 Subject: [PATCH 080/385] chore: Updated versions in README --- README.md | 2 +- modules/alias/README.md | 12 ++++++------ modules/deploy/README.md | 10 +++++----- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index e5bde360..90ca5352 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ module "lambda_function" { s3_bucket = "my-bucket-with-lambda-builds" layers = [ - module.lambda_layer_s3.this_lambda_layer_arn, + module.lambda_layer_s3.lambda_layer_arn, ] environment_variables = { diff --git a/modules/alias/README.md b/modules/alias/README.md index ca580037..35ed350b 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -29,8 +29,8 @@ module "alias_no_refresh" { name = "current-no-refresh" - function_name = module.lambda_function.this_lambda_function_name - function_version = module.lambda_function.this_lambda_function_version + function_name = module.lambda_function.lambda_function_name + function_version = module.lambda_function.lambda_function_version allowed_triggers = { AnotherAPIGatewayAny = { @@ -50,7 +50,7 @@ module "alias_refresh" { source = "terraform-aws-modules/lambda/aws//modules/alias" name = "current-with-refresh" - function_name = module.lambda_function.this_lambda_function_name + function_name = module.lambda_function.lambda_function_name } ``` @@ -63,7 +63,7 @@ module "alias_refresh" { source = "terraform-aws-modules/lambda/aws//modules/alias" name = "current-with-refresh" - function_name = module.lambda_function.this_lambda_function_name + function_name = module.lambda_function.lambda_function_name } module "alias_existing" { @@ -71,8 +71,8 @@ module "alias_existing" { use_existing_alias = true - name = module.alias_refresh.this_lambda_alias_name - function_name = module.lambda_function.this_lambda_function_name + name = module.alias_refresh.lambda_alias_name + function_name = module.lambda_function.lambda_function_name allowed_triggers = { AnotherAwesomeAPIGateway = { diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 84cb8937..93d226aa 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -31,20 +31,20 @@ module "alias_refresh" { source = "terraform-aws-modules/lambda/aws//modules/alias" name = "current-with-refresh" - function_name = module.lambda_function.this_lambda_function_name + function_name = module.lambda_function.lambda_function_name # Set function_version when creating alias to be able to deploy using it, # because AWS CodeDeploy doesn't understand $LATEST as CurrentVersion. - function_version = module.lambda_function.this_lambda_function_version + function_version = module.lambda_function.lambda_function_version } module "deploy" { source = "terraform-aws-modules/lambda/aws//modules/deploy" - alias_name = module.alias_refresh.this_lambda_alias_name - function_name = module.lambda_function.this_lambda_function_name + alias_name = module.alias_refresh.lambda_alias_name + function_name = module.lambda_function.lambda_function_name - target_version = module.lambda_function.this_lambda_function_version + target_version = module.lambda_function.lambda_function_version create_app = true app_name = "my-awesome-app" From 6d2acf7ad8a28b1b9b48caab0570126de57d6051 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 28 Apr 2021 19:36:37 +0200 Subject: [PATCH 081/385] chore: Updated versions&comments in examples --- examples/simple/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/simple/main.tf b/examples/simple/main.tf index 596e08eb..e64f2310 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -49,7 +49,7 @@ module "lambda_function" { # independent_file_timestamps = true # store_on_s3 = true - # s3_bucket = module.s3_bucket.this_s3_bucket_id + # s3_bucket = module.s3_bucket.s3_bucket_id # create_package = false # local_existing_package = data.null_data_source.downloaded_package.outputs["filename"] From bb35d611746cc31f041935001f5a571c51a4cb72 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sat, 1 May 2021 14:45:22 -0400 Subject: [PATCH 082/385] chore: update CI/CD to use stable `terraform-docs` release artifact and discoverable Apache2.0 license (#149) --- .github/workflows/pre-commit.yml | 49 ++++----- LICENSE | 183 +++++++++++++++++++++++++++++-- README.md | 77 ++++--------- 3 files changed, 220 insertions(+), 89 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index cbf80b6b..ab9aef23 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,30 +7,30 @@ on: - master jobs: -# Min Terraform version(s) + # Min Terraform version(s) getDirectories: - name: Get root directories - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Install Python - uses: actions/setup-python@v2 - - name: Build matrix - id: matrix - run: | - DIRS=$(python -c "import json; import glob; print(json.dumps([x.replace('/versions.tf', '') for x in glob.glob('./**/versions.tf', recursive=True)]))") - echo "::set-output name=directories::$DIRS" - outputs: - directories: ${{ steps.matrix.outputs.directories }} + name: Get root directories + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Install Python + uses: actions/setup-python@v2 + - name: Build matrix + id: matrix + run: | + DIRS=$(python -c "import json; import glob; print(json.dumps([x.replace('/versions.tf', '') for x in glob.glob('./**/versions.tf', recursive=True)]))") + echo "::set-output name=directories::$DIRS" + outputs: + directories: ${{ steps.matrix.outputs.directories }} preCommitMinVersions: name: Min TF validate needs: getDirectories runs-on: ubuntu-latest strategy: - matrix: - directory: ${{ fromJson(needs.getDirectories.outputs.directories) }} + matrix: + directory: ${{ fromJson(needs.getDirectories.outputs.directories) }} steps: - name: Checkout uses: actions/checkout@v2 @@ -38,7 +38,7 @@ jobs: uses: actions/setup-python@v2 - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.0.1 + uses: clowdhaus/terraform-min-max@v1.0.2 with: directory: ${{ matrix.directory }} - name: Install Terraform v${{ steps.minMax.outputs.minVersion }} @@ -50,16 +50,13 @@ jobs: - name: Execute pre-commit # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - run: - pre-commit run terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/* + run: pre-commit run terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/* - name: Execute pre-commit # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - run: - pre-commit run terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf) - + run: pre-commit run terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf) -# Max Terraform version + # Max Terraform version getBaseVersion: name: Module max TF version runs-on: ubuntu-latest @@ -68,7 +65,7 @@ jobs: uses: actions/checkout@v2 - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.0.1 + uses: clowdhaus/terraform-min-max@v1.0.2 outputs: minVersion: ${{ steps.minMax.outputs.minVersion }} maxVersion: ${{ steps.minMax.outputs.maxVersion }} @@ -94,7 +91,7 @@ jobs: - name: Install pre-commit dependencies run: | pip install pre-commit - curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-v0.12\..+?-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ + curl -Lo ./terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v0.13.0/terraform-docs-v0.13.0-$(uname)-amd64.tar.gz && tar -xzf terraform-docs.tar.gz && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/ - name: Execute pre-commit # Run all pre-commit checks on max version supported diff --git a/LICENSE b/LICENSE index 29010ded..d9a10c0d 100644 --- a/LICENSE +++ b/LICENSE @@ -1,13 +1,176 @@ -Copyright 2020 Anton Babenko (Betajob AS) + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - http://www.apache.org/licenses/LICENSE-2.0 + 1. Definitions. -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS diff --git a/README.md b/README.md index 90ca5352..fb7fe2bd 100644 --- a/README.md +++ b/README.md @@ -2,17 +2,6 @@ Terraform module, which creates almost all supported AWS Lambda resources as well as taking care of building and packaging of required Lambda dependencies for functions and layers. -These types of resources supported: - -* [Lambda Function](https://www.terraform.io/docs/providers/aws/r/lambda_function.html) -* [Lambda Layer](https://www.terraform.io/docs/providers/aws/r/lambda_layer_version.html) -* [Lambda Alias](https://www.terraform.io/docs/providers/aws/r/lambda_alias.html) - using [alias module](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/modules/alias) -* [Lambda Provisioned Concurrency](https://www.terraform.io/docs/providers/aws/r/lambda_provisioned_concurrency_config.html) -* [Lambda Async Event Configuration](https://www.terraform.io/docs/providers/aws/r/lambda_function_event_invoke_config.html) -* [Lambda Permission](https://www.terraform.io/docs/providers/aws/r/lambda_permission.html) -* [Lambda Event Source Mapping](https://www.terraform.io/docs/providers/aws/r/lambda_event_source_mapping.html) - - This Terraform module is the part of [serverless.tf framework](https://github.com/antonbabenko/serverless.tf), which aims to simplify all operations when working with the serverless in Terraform: 1. Build and install dependencies - [read more](#build). Requires Python 3.6 or newer. @@ -21,7 +10,6 @@ This Terraform module is the part of [serverless.tf framework](https://github.co 4. Create static and dynamic aliases for AWS Lambda Function - [see usage](#usage), see [modules/alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/modules/alias). 5. Do complex deployments (eg, rolling, canary, rollbacks, triggers) - [read more](#deployment), see [modules/deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/modules/deploy). - ## Features - [x] Build dependencies for your Lambda Function and Layer. @@ -35,7 +23,6 @@ This Terraform module is the part of [serverless.tf framework](https://github.co - [x] Control nearly all aspects of Lambda resources (provisioned concurrency, VPC, EFS, dead-letter notification, tracing, async events, event source mapping, IAM role, IAM policies, and more). - [x] Support integration with other `serverless.tf` modules like [HTTP API Gateway](https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2) (see [examples there](https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2/tree/master/examples/complete-http)). - ## Usage ### Lambda Function (store package locally) @@ -101,7 +88,6 @@ module "lambda_layer_s3" { store_on_s3 = true s3_bucket = "my-bucket-with-lambda-builds" } - ``` ### Lambda Functions with existing package (prebuilt) stored locally @@ -161,7 +147,7 @@ module "lambda_function_container_image" { description = "My awesome lambda function" create_package = false - + image_uri = "132367819851.dkr.ecr.eu-west-1.amazonaws.com/complete-cow:1.0" package_type = "Image" } @@ -251,7 +237,6 @@ module "vpc" { } ``` - ## Additional IAM policies for Lambda Functions There are 5 supported ways to attach IAM policies to IAM role used by Lambda Function: @@ -262,15 +247,14 @@ There are 5 supported ways to attach IAM policies to IAM role used by Lambda Fun 1. `policies` - List of ARNs of existing IAM policies, when `attach_policies = true` and `number_of_policies > 0`. 1. `policy_statements` - Map of maps to define IAM statements which will be generated as IAM policy. Requires `attach_policy_statements = true`. See `examples/complete` for more information. - ## Lambda Permissions for allowed triggers Lambda Permissions should be specified to allow certain resources to invoke Lambda Function. - + ```hcl module "lambda_function" { source = "terraform-aws-modules/lambda/aws" - + # ...omitted for brevity allowed_triggers = { @@ -325,7 +309,6 @@ Hash of zip-archive created with the same content of the files is always identic When calling this module multiple times in one execution to create packages with the same `source_path`, zip-archives will be corrupted due to concurrent writes into the same file. There are two solutions - set different values for `hash_extra` to create different archives, or create package once outside (using this module) and then pass `local_existing_package` argument to create other Lambda resources. - ## Debug Building and packaging has been historically hard to debug (especially with Terraform), so we made an effort to make it easier for user to see debug info. There are 3 different debug levels: `DEBUG` - to see only what is happening during planning phase and how a zip file content filtering in case of applied patterns, `DEBUG2` - to see more logging output, `DEBUG3` - to see all logging values, `DUMP_ENV` - to see all logging values and env variables (be careful sharing your env variables as they may contain secrets!). @@ -334,20 +317,19 @@ User can specify debug level like this: ``` export TF_LAMBDA_PACKAGE_LOG_LEVEL=DEBUG2 -terraform apply +terraform apply ``` User can enable comments in heredoc strings in `patterns` which can be helpful in some situations. To do this set this environment variable: ``` export TF_LAMBDA_PACKAGE_PATTERN_COMMENTS=true -terraform apply +terraform apply ``` - ## Build Dependencies -You can specify `source_path` in a variety of ways to achieve desired flexibility when building deployment packages locally or in Docker. You can use absolute or relative paths. If you have placed terraform files in subdirectories, note that relative paths are specified from the directory where `terraform plan` is run and not the location of your terraform file. +You can specify `source_path` in a variety of ways to achieve desired flexibility when building deployment packages locally or in Docker. You can use absolute or relative paths. If you have placed terraform files in subdirectories, note that relative paths are specified from the directory where `terraform plan` is run and not the location of your terraform file. Note that, when building locally, files are not copying anywhere from the source directories when making packages, we use fast Python regular expressions to find matching files and directories, which makes packaging very fast and easy to understand. @@ -361,7 +343,6 @@ When `source_path` is set to a string, the content of that path will be used to When `source_path` is set to a list of directories the content of each will be taken and one archive will be created. - ### Combine various options for extreme flexibility This is the most complete way of creating a deployment package from multiple sources with multiple dependencies. This example is showing some of the available options (see [examples/build-package](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) for more): @@ -410,8 +391,8 @@ source_path = [ Few notes: -* All arguments except `path` are optional. -* `patterns` - List of Python regex filenames should satisfy. Default value is "include everything" which is equal to `patterns = [".*"]`. This can also be specified as multiline heredoc string (no comments allowed). Some examples of valid patterns: +- All arguments except `path` are optional. +- `patterns` - List of Python regex filenames should satisfy. Default value is "include everything" which is equal to `patterns = [".*"]`. This can also be specified as multiline heredoc string (no comments allowed). Some examples of valid patterns: ```txt !.*/.*\.txt # Filter all txt files recursively @@ -426,11 +407,10 @@ Few notes: !abc/def/hgk/.* # Filter out again in abc/def/hgk sub folder ``` -* `commands` - List of commands to run. If specified, this argument overrides `pip_requirements`. - * `:zip [source] [destination]` is a special command which creates content of current working directory (first argument) and places it inside of path (second argument). -* `pip_requirements` - Controls whether to execute `pip install`. Set to `false` to disable this feature, `true` to run `pip install` with `requirements.txt` found in `path`. Or set to another filename which you want to use instead. -* `prefix_in_zip` - If specified, will be used as a prefix inside zip-archive. By default, everything installs into the root of zip-archive. - +- `commands` - List of commands to run. If specified, this argument overrides `pip_requirements`. + - `:zip [source] [destination]` is a special command which creates content of current working directory (first argument) and places it inside of path (second argument). +- `pip_requirements` - Controls whether to execute `pip install`. Set to `false` to disable this feature, `true` to run `pip install` with `requirements.txt` found in `path`. Or set to another filename which you want to use instead. +- `prefix_in_zip` - If specified, will be used as a prefix inside zip-archive. By default, everything installs into the root of zip-archive. ### Building in Docker @@ -446,7 +426,6 @@ Using this module you can install dependencies from private hosts. To do this, y docker_with_ssh_agent = true - ## Deployment package - Create or use existing By default, this module creates deployment package and uses it to create or update Lambda Function or Lambda Layer. @@ -463,7 +442,6 @@ When creating archive locally outside of this module you need to set `create_pac } ``` - ### Using deployment package from remote URL This can be implemented in two steps: download file locally using CURL, and pass path to deployment package as `local_existing_package` argument. @@ -504,7 +482,6 @@ module "lambda_function_existing_package_from_remote_url" { } ``` - ## How to deploy and manage Lambda Functions? ### Simple deployments @@ -513,7 +490,6 @@ Typically, Lambda Function resource updates when source code changes. If `publis Published Lambda Function can be invoked using either by version number or using `$LATEST`. This is the simplest way of deployment which does not required any additional tool or service. - ### Controlled deployments (rolling, canary, rollbacks) In order to do controlled deployments (rolling, canary, rollbacks) of Lambda Functions we need to use [Lambda Function aliases](https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html). @@ -526,7 +502,6 @@ There is [alias module](https://github.com/terraform-aws-modules/terraform-aws-l There is [deploy module](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/modules/deploy), which creates required resources to do deployments using AWS CodeDeploy. It also creates the deployment, and wait for completion. See [examples/deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) for complete end-to-end build/update/deploy process. - ## FAQ Q1: Why deployment package not recreating every time I change something? Or why deployment package is being recreated every time but content has not been changed? @@ -549,27 +524,24 @@ Q4: What does this error mean - `"We currently do not support adding policies fo > > The solution is to either disable the creation of Lambda permissions for the current version by setting `create_current_version_allowed_triggers = false`, or to enable publish of Lambda function (`publish = true`). - ## Notes 1. Creation of Lambda Functions and Lambda Layers is very similar and both support the same features (building from source path, using existing package, storing package locally or on S3) 2. Check out this [Awesome list of AWS Lambda Layers](https://github.com/mthenw/awesome-layers) - ## Examples -* [Complete](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/complete) - Create Lambda resources in various combinations with all supported features. -* [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Create Docker image (using [docker provider](https://registry.terraform.io/providers/kreuzwerker/docker)), push it to AWS ECR, and create Lambda function from it. -* [Build and Package](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) - Build and create deployment packages in various ways. -* [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create static and dynamic aliases in various ways. -* [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Complete end-to-end build/update/deploy process using AWS CodeDeploy. -* [Async Invocations](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/async) - Create Lambda Function with async event configuration (with SQS, SNS, and EventBridge integration). -* [With VPC](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-vpc) - Create Lambda Function with VPC. -* [With EFS](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-efs) - Create Lambda Function with Elastic File System attached (Terraform 0.13+ is recommended). -* [Multiple regions](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/multiple-regions) - Create the same Lambda Function in multiple regions with non-conflicting IAM roles and policies. -* [Event Source Mapping](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/event-source-mapping) - Create Lambda Function with event source mapping configuration (SQS, DynamoDB, and Kinesis). -* [Triggers](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/triggers) - Create Lambda Function with some triggers (eg, Cloudwatch Events, EventBridge). - +- [Complete](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/complete) - Create Lambda resources in various combinations with all supported features. +- [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Create Docker image (using [docker provider](https://registry.terraform.io/providers/kreuzwerker/docker)), push it to AWS ECR, and create Lambda function from it. +- [Build and Package](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) - Build and create deployment packages in various ways. +- [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create static and dynamic aliases in various ways. +- [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Complete end-to-end build/update/deploy process using AWS CodeDeploy. +- [Async Invocations](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/async) - Create Lambda Function with async event configuration (with SQS, SNS, and EventBridge integration). +- [With VPC](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-vpc) - Create Lambda Function with VPC. +- [With EFS](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-efs) - Create Lambda Function with Elastic File System attached (Terraform 0.13+ is recommended). +- [Multiple regions](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/multiple-regions) - Create the same Lambda Function in multiple regions with non-conflicting IAM roles and policies. +- [Event Source Mapping](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/event-source-mapping) - Create Lambda Function with event source mapping configuration (SQS, DynamoDB, and Kinesis). +- [Triggers](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/triggers) - Create Lambda Function with some triggers (eg, Cloudwatch Events, EventBridge). ## Requirements @@ -772,7 +744,6 @@ Module managed by [Anton Babenko](https://github.com/antonbabenko). Check out [s Please reach out to [Betajob](https://www.betajob.com/) if you are looking for commercial support for your Terraform, AWS, or serverless project. - ## License -Apache 2 Licensed. See LICENSE for full details. +Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/LICENSE) for full details. From 9c3730b60f0f9f4b3f958e32c563621fda7502ce Mon Sep 17 00:00:00 2001 From: Owen Byrne Date: Thu, 20 May 2021 14:59:59 +0100 Subject: [PATCH 083/385] feat: Added destination_config in aws_lambda_event_source_mapping (#152) --- examples/event-source-mapping/main.tf | 11 +++-------- main.tf | 9 +++------ 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index db7901ea..aa7c2b31 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -27,14 +27,9 @@ module "lambda_function" { event_source_arn = aws_sqs_queue.this.arn } dynamodb = { - event_source_arn = aws_dynamodb_table.this.stream_arn - starting_position = "LATEST" - # This can be created but it won't be updated/removed. To be reviewed in the future. - # destination_config = { - # on_failure = { - # destination_arn = aws_sqs_queue.failure.arn - # } - # } + event_source_arn = aws_dynamodb_table.this.stream_arn + starting_position = "LATEST" + destination_arn_on_failure = aws_sqs_queue.failure.arn } kinesis = { event_source_arn = aws_kinesis_stream.this.arn diff --git a/main.tf b/main.tf index 9b765413..bcaef9c4 100644 --- a/main.tf +++ b/main.tf @@ -213,7 +213,7 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" { } resource "aws_lambda_event_source_mapping" "this" { - for_each = var.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers ? var.event_source_mapping : tomap({}) + for_each = var.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers ? tomap(var.event_source_mapping) : tomap({}) function_name = aws_lambda_function.this[0].arn @@ -229,15 +229,12 @@ resource "aws_lambda_event_source_mapping" "this" { maximum_record_age_in_seconds = lookup(each.value, "maximum_record_age_in_seconds", null) bisect_batch_on_function_error = lookup(each.value, "bisect_batch_on_function_error", null) - /* @todo: fix this dynamic "destination_config" { - for_each = lookup(each.value, "destination_config", {}) - + for_each = lookup(each.value, "destination_arn_on_failure", null) != null ? [true] : [] content { on_failure { - destination_arn = lookup(destination_config.value, "on_failure") #"destination_arn"] + destination_arn = each.value["destination_arn_on_failure"] } } } - */ } From 05817a29370b410d79fcc55122fa6062848be91a Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 20 May 2021 16:00:24 +0200 Subject: [PATCH 084/385] Updated CHANGELOG --- CHANGELOG.md | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c50be270..31a6a0bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,15 @@ All notable changes to this project will be documented in this file. + +## [v2.1.0] - 2021-05-20 + +- feat: Added destination_config in aws_lambda_event_source_mapping ([#152](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/152)) +- chore: update CI/CD to use stable `terraform-docs` release artifact and discoverable Apache2.0 license ([#149](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/149)) +- chore: Updated versions&comments in examples +- chore: Updated versions in README + + ## [v2.0.0] - 2021-04-26 @@ -393,18 +402,6 @@ All notable changes to this project will be documented in this file. - Initial terraform-aws-lambda implementation - Added example of Dockerfile for custom AWS Lambda build env - Added initial draft implementation of lambda.py and package.tf -- Merge pull request [#8](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/8) from terraform-aws-modules/terraform-provider-githubfile-1591109277277141000 -- [ci skip] Create ".gitignore". -- Merge pull request [#7](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/7) from terraform-aws-modules/terraform-provider-githubfile-1591109259601315000 -- [ci skip] Create ".pre-commit-config.yaml". -- Merge pull request [#5](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/5) from terraform-aws-modules/terraform-provider-githubfile-1591109219976213000 -- Merge pull request [#3](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/3) from terraform-aws-modules/terraform-provider-githubfile-1591109219975583000 -- Merge pull request [#1](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/1) from terraform-aws-modules/terraform-provider-githubfile-1591109219975771000 -- Merge pull request [#4](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/4) from terraform-aws-modules/terraform-provider-githubfile-1591109219975843000 -- [ci skip] Create ".editorconfig". -- [ci skip] Create "Makefile". -- [ci skip] Create "LICENSE". -- [ci skip] Create ".chglog/CHANGELOG.tpl.md". @@ -413,7 +410,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.0.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.1.0...HEAD +[v2.1.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.0.0...v2.1.0 [v2.0.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.48.0...v2.0.0 [v1.48.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.47.0...v1.48.0 [v1.47.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.46.0...v1.47.0 From 5792dbc36b5ca274bb4646c1dedcb8d289d375ff Mon Sep 17 00:00:00 2001 From: Frank Rosner Date: Tue, 25 May 2021 09:26:22 +0200 Subject: [PATCH 085/385] chore: Remove checked checkboxes to make module docs render properly (#156) --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index fb7fe2bd..4812cbff 100644 --- a/README.md +++ b/README.md @@ -12,16 +12,16 @@ This Terraform module is the part of [serverless.tf framework](https://github.co ## Features -- [x] Build dependencies for your Lambda Function and Layer. -- [x] Support builds locally and in Docker (with or without SSH agent support for private builds). -- [x] Create deployment package or deploy existing (previously built package) from local, from S3, from URL, or from AWS ECR repository. -- [x] Store deployment packages locally or in the S3 bucket. -- [x] Support almost all features of Lambda resources (function, layer, alias, etc.) -- [x] Lambda@Edge -- [x] Conditional creation for many types of resources. -- [x] Control execution of nearly any step in the process - build, package, store package, deploy, update. -- [x] Control nearly all aspects of Lambda resources (provisioned concurrency, VPC, EFS, dead-letter notification, tracing, async events, event source mapping, IAM role, IAM policies, and more). -- [x] Support integration with other `serverless.tf` modules like [HTTP API Gateway](https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2) (see [examples there](https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2/tree/master/examples/complete-http)). +- Build dependencies for your Lambda Function and Layer. +- Support builds locally and in Docker (with or without SSH agent support for private builds). +- Create deployment package or deploy existing (previously built package) from local, from S3, from URL, or from AWS ECR repository. +- Store deployment packages locally or in the S3 bucket. +- Support almost all features of Lambda resources (function, layer, alias, etc.) +- Lambda@Edge +- Conditional creation for many types of resources. +- Control execution of nearly any step in the process - build, package, store package, deploy, update. +- Control nearly all aspects of Lambda resources (provisioned concurrency, VPC, EFS, dead-letter notification, tracing, async events, event source mapping, IAM role, IAM policies, and more). +- Support integration with other `serverless.tf` modules like [HTTP API Gateway](https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2) (see [examples there](https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2/tree/master/examples/complete-http)). ## Usage From d8c8c50d3a631eeb8e2346cbc50dd21c702d1447 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 25 May 2021 09:27:03 +0200 Subject: [PATCH 086/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 31a6a0bd..909a4d41 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.2.0] - 2021-05-25 + +- chore: Remove checked checkboxes to make module docs render properly ([#156](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/156)) + + ## [v2.1.0] - 2021-05-20 @@ -410,7 +416,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.1.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.2.0...HEAD +[v2.2.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.1.0...v2.2.0 [v2.1.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.0.0...v2.1.0 [v2.0.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.48.0...v2.0.0 [v1.48.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.47.0...v1.48.0 From bdf695f3feae06ccc9945d9c70b14c89b2005ecc Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Thu, 27 May 2021 15:07:44 -0400 Subject: [PATCH 087/385] feat: add tags to `aws_iam_policy` resources (#153) --- .pre-commit-config.yaml | 2 +- README.md | 4 ++-- iam.tf | 8 ++++++++ modules/alias/README.md | 4 ++-- modules/alias/versions.tf | 2 +- modules/deploy/README.md | 5 +++-- modules/deploy/main.tf | 5 +++++ modules/deploy/variables.tf | 6 ++++++ modules/deploy/versions.tf | 2 +- versions.tf | 2 +- 10 files changed, 30 insertions(+), 10 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6dda8931..daf979f4 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,6 +21,6 @@ repos: - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - repo: git://github.com/pre-commit/pre-commit-hooks - rev: v3.4.0 + rev: v4.0.1 hooks: - id: check-merge-conflict diff --git a/README.md b/README.md index 4812cbff..8b737a14 100644 --- a/README.md +++ b/README.md @@ -549,7 +549,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 3.19 | +| [aws](#requirement\_aws) | >= 3.35 | | [external](#requirement\_external) | >= 1 | | [local](#requirement\_local) | >= 1 | | [null](#requirement\_null) | >= 2 | @@ -559,7 +559,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.19 | +| [aws](#provider\_aws) | >= 3.35 | | [external](#provider\_external) | >= 1 | | [local](#provider\_local) | >= 1 | | [null](#provider\_null) | >= 2 | diff --git a/iam.tf b/iam.tf index 6ab10ee7..41492ab1 100644 --- a/iam.tf +++ b/iam.tf @@ -98,6 +98,7 @@ resource "aws_iam_policy" "logs" { name = "${local.role_name}-logs" policy = data.aws_iam_policy_document.logs[0].json + tags = var.tags } resource "aws_iam_policy_attachment" "logs" { @@ -134,6 +135,7 @@ resource "aws_iam_policy" "dead_letter" { name = "${local.role_name}-dl" policy = data.aws_iam_policy_document.dead_letter[0].json + tags = var.tags } resource "aws_iam_policy_attachment" "dead_letter" { @@ -160,6 +162,7 @@ resource "aws_iam_policy" "vpc" { name = "${local.role_name}-vpc" policy = data.aws_iam_policy.vpc[0].policy + tags = var.tags } resource "aws_iam_policy_attachment" "vpc" { @@ -186,6 +189,7 @@ resource "aws_iam_policy" "tracing" { name = "${local.role_name}-tracing" policy = data.aws_iam_policy.tracing[0].policy + tags = var.tags } resource "aws_iam_policy_attachment" "tracing" { @@ -222,6 +226,7 @@ resource "aws_iam_policy" "async" { name = "${local.role_name}-async" policy = data.aws_iam_policy_document.async[0].json + tags = var.tags } resource "aws_iam_policy_attachment" "async" { @@ -241,6 +246,7 @@ resource "aws_iam_policy" "additional_json" { name = local.role_name policy = var.policy_json + tags = var.tags } resource "aws_iam_policy_attachment" "additional_json" { @@ -260,6 +266,7 @@ resource "aws_iam_policy" "additional_jsons" { name = "${local.role_name}-${count.index}" policy = var.policy_jsons[count.index] + tags = var.tags } resource "aws_iam_policy_attachment" "additional_jsons" { @@ -343,6 +350,7 @@ resource "aws_iam_policy" "additional_inline" { name = "${local.role_name}-inline" policy = data.aws_iam_policy_document.additional_inline[0].json + tags = var.tags } resource "aws_iam_policy_attachment" "additional_inline" { diff --git a/modules/alias/README.md b/modules/alias/README.md index 35ed350b..4677fb48 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -116,13 +116,13 @@ module "lambda" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 3.19 | +| [aws](#requirement\_aws) | >= 3.35 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.19 | +| [aws](#provider\_aws) | >= 3.35 | ## Modules diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index 2c2f74fa..e8c4e706 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -2,6 +2,6 @@ terraform { required_version = ">= 0.12.26" required_providers { - aws = ">= 3.19" + aws = ">= 3.35" } } diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 93d226aa..499b169b 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -100,7 +100,7 @@ module "lambda" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 3.19 | +| [aws](#requirement\_aws) | >= 3.35 | | [local](#requirement\_local) | >= 1 | | [null](#requirement\_null) | >= 2 | @@ -108,7 +108,7 @@ module "lambda" { | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.19 | +| [aws](#provider\_aws) | >= 3.35 | | [local](#provider\_local) | >= 1 | | [null](#provider\_null) | >= 2 | @@ -164,6 +164,7 @@ No modules. | [function\_name](#input\_function\_name) | The name of the Lambda function to deploy | `string` | `""` | no | | [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | | [save\_deploy\_script](#input\_save\_deploy\_script) | Save deploy script locally | `bool` | `false` | no | +| [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | | [target\_version](#input\_target\_version) | Target version of Lambda function version to deploy | `string` | `""` | no | | [triggers](#input\_triggers) | Map of triggers which will be notified when event happens. Valid options for event types are DeploymentStart, DeploymentSuccess, DeploymentFailure, DeploymentStop, DeploymentRollback, DeploymentReady (Applies only to replacement instances in a blue/green deployment), InstanceStart, InstanceSuccess, InstanceFailure, InstanceReady. Note that not all are applicable for Lambda deployments. | `map(any)` | `{}` | no | | [use\_existing\_app](#input\_use\_existing\_app) | Whether to use existing AWS CodeDeploy app | `bool` | `false` | no | diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index b33d1c70..f1d18d5d 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -123,6 +123,7 @@ resource "aws_codedeploy_app" "this" { name = var.app_name compute_platform = "Lambda" + tags = var.tags } resource "aws_codedeploy_deployment_group" "this" { @@ -162,6 +163,8 @@ resource "aws_codedeploy_deployment_group" "this" { trigger_target_arn = trigger_configuration.value.target_arn } } + + tags = var.tags } data "aws_iam_role" "codedeploy" { @@ -175,6 +178,7 @@ resource "aws_iam_role" "codedeploy" { name = coalesce(var.codedeploy_role_name, "${local.app_name}-codedeploy") assume_role_policy = data.aws_iam_policy_document.assume_role[0].json + tags = var.tags } @@ -217,6 +221,7 @@ resource "aws_iam_policy" "triggers" { count = var.create && var.create_codedeploy_role && var.attach_triggers_policy ? 1 : 0 policy = data.aws_iam_policy_document.triggers[0].json + tags = var.tags } resource "aws_iam_role_policy_attachment" "triggers" { diff --git a/modules/deploy/variables.tf b/modules/deploy/variables.tf index 867a9fda..4d22144a 100644 --- a/modules/deploy/variables.tf +++ b/modules/deploy/variables.tf @@ -4,6 +4,12 @@ variable "create" { default = true } +variable "tags" { + description = "A map of tags to assign to resources." + type = map(string) + default = {} +} + variable "alias_name" { description = "Name for the alias" type = string diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index dcc12288..6b4055ba 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.12.26" required_providers { - aws = ">= 3.19" + aws = ">= 3.35" local = ">= 1" null = ">= 2" } diff --git a/versions.tf b/versions.tf index 7a3c7e2b..67683702 100644 --- a/versions.tf +++ b/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.12.26" required_providers { - aws = ">= 3.19" + aws = ">= 3.35" external = ">= 1" local = ">= 1" random = ">= 2" From c21fb61799f8d3fd2764bae07bc9f7466ceb5a2a Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 27 May 2021 21:08:19 +0200 Subject: [PATCH 088/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 909a4d41..2cefc443 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.3.0] - 2021-05-27 + +- feat: add tags to `aws_iam_policy` resources ([#153](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/153)) + + ## [v2.2.0] - 2021-05-25 @@ -416,7 +422,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.2.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.3.0...HEAD +[v2.3.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.2.0...v2.3.0 [v2.2.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.1.0...v2.2.0 [v2.1.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.0.0...v2.1.0 [v2.0.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.48.0...v2.0.0 From d92202546149719b252477eb681e38f585ce9e1f Mon Sep 17 00:00:00 2001 From: Vincent LE GOFF Date: Mon, 7 Jun 2021 15:30:57 +0200 Subject: [PATCH 089/385] docs: Updated README with S3 bucket id handling (#157) --- README.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 8b737a14..6f48701f 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ module "lambda_function" { source_path = "../src/lambda-function1" store_on_s3 = true - s3_bucket = "my-bucket-with-lambda-builds" + s3_bucket = "my-bucket-id-with-lambda-builds" layers = [ module.lambda_layer_s3.lambda_layer_arn, @@ -86,7 +86,7 @@ module "lambda_layer_s3" { source_path = "../src/lambda-layer" store_on_s3 = true - s3_bucket = "my-bucket-with-lambda-builds" + s3_bucket = "my-bucket-id-with-lambda-builds" } ``` @@ -115,8 +115,13 @@ locals { my_function_source = "../path/to/package.zip" } +resource "aws_s3_bucket" "builds" { + bucket = "my-builds" + acl = "private" +} + resource "aws_s3_bucket_object" "my_function" { - bucket = "my-bucket-with-lambda-builds" + bucket = aws_s3_bucket.builds.id key = "${filemd5(local.my_function_source)}.zip" source = local.my_function_source } @@ -131,7 +136,7 @@ module "lambda_function_existing_package_s3" { create_package = false s3_existing_package = { - bucket = "my-bucket-with-lambda-builds" + bucket = aws_s3_bucket.builds.id key = aws_s3_bucket_object.my_function.id } } @@ -180,7 +185,7 @@ module "lambda_layer_s3" { source_path = "../fixtures/python3.8-app1" store_on_s3 = true - s3_bucket = "my-bucket-with-lambda-builds" + s3_bucket = "my-bucket-id-with-lambda-builds" } ``` From f3c200594a87c5c60a5c5006db390e21b3b0df80 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 7 Jun 2021 15:32:14 +0200 Subject: [PATCH 090/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2cefc443..6e3ee121 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.4.0] - 2021-06-07 + +- docs: Updated README with S3 bucket id handling ([#157](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/157)) + + ## [v2.3.0] - 2021-05-27 @@ -422,7 +428,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.3.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.4.0...HEAD +[v2.4.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.3.0...v2.4.0 [v2.3.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.2.0...v2.3.0 [v2.2.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.1.0...v2.2.0 [v2.1.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.0.0...v2.1.0 From 4a0b6162d73dad5c450b064f5cc777320fb15552 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bart=C5=82omiej=20Poniecki-Klotz?= Date: Mon, 28 Jun 2021 17:44:06 +0200 Subject: [PATCH 091/385] feat: Add submodule to handle creation of docker images (#162) --- examples/container-image/README.md | 10 +-- examples/container-image/main.tf | 41 +++--------- examples/container-image/outputs.tf | 6 ++ examples/container-image/versions.tf | 5 -- modules/docker-build/README.md | 93 ++++++++++++++++++++++++++++ modules/docker-build/main.tf | 35 +++++++++++ modules/docker-build/outputs.tf | 4 ++ modules/docker-build/variables.tf | 29 +++++++++ modules/docker-build/versions.tf | 11 ++++ 9 files changed, 187 insertions(+), 47 deletions(-) create mode 100644 modules/docker-build/README.md create mode 100644 modules/docker-build/main.tf create mode 100644 modules/docker-build/outputs.tf create mode 100644 modules/docker-build/variables.tf create mode 100644 modules/docker-build/versions.tf diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 1eb229af..6ee6690f 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -21,33 +21,26 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | [terraform](#requirement\_terraform) | >= 0.13 | | [aws](#requirement\_aws) | >= 3.19 | -| [docker](#requirement\_docker) | >= 2.8.0 | | [random](#requirement\_random) | >= 2 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.19 | -| [docker](#provider\_docker) | >= 2.8.0 | | [random](#provider\_random) | >= 2 | ## Modules | Name | Source | Version | |------|--------|---------| +| [docker\_image](#module\_docker\_image) | ../../modules/docker-build | | | [lambda\_function\_from\_container\_image](#module\_lambda\_function\_from\_container\_image) | ../../ | | ## Resources | Name | Type | |------|------| -| [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource | -| [docker_registry_image.app](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/registry_image) | resource | | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | -| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_ecr_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs @@ -57,6 +50,7 @@ No inputs. | Name | Description | |------|-------------| +| [docker\_image\_uri](#output\_docker\_image\_uri) | The ECR Docker image URI used to deploy Lambda Function | | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | | [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | | [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index 118ea181..8e21d422 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -24,42 +24,15 @@ module "lambda_function_from_container_image" { ################## # Container Image ################## - image_uri = docker_registry_image.app.name + image_uri = module.docker_image.image_uri package_type = "Image" } -################# -# ECR Repository -################# -resource "aws_ecr_repository" "this" { - name = random_pet.this.id -} - -############################################### -# Create Docker Image and push to ECR registry -############################################### - -data "aws_caller_identity" "this" {} -data "aws_region" "current" {} -data "aws_ecr_authorization_token" "token" {} - -locals { - ecr_address = format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.name) - ecr_image = format("%v/%v:%v", local.ecr_address, aws_ecr_repository.this.id, "1.0") -} - -provider "docker" { - registry_auth { - address = local.ecr_address - username = data.aws_ecr_authorization_token.token.user_name - password = data.aws_ecr_authorization_token.token.password - } -} - -resource "docker_registry_image" "app" { - name = local.ecr_image +module "docker_image" { + source = "../../modules/docker-build" - build { - context = "context" - } + create_ecr_repo = true + ecr_repo = random_pet.this.id + image_tag = "1.0" + source_path = "context" } diff --git a/examples/container-image/outputs.tf b/examples/container-image/outputs.tf index b3f3ea28..64d7e82d 100644 --- a/examples/container-image/outputs.tf +++ b/examples/container-image/outputs.tf @@ -86,3 +86,9 @@ output "lambda_cloudwatch_log_group_arn" { description = "The ARN of the Cloudwatch Log Group" value = module.lambda_function_from_container_image.lambda_cloudwatch_log_group_arn } + +# Docker Image +output "docker_image_uri" { + description = "The ECR Docker image URI used to deploy Lambda Function" + value = module.docker_image.image_uri +} diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index 7475725f..aa98bd2f 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -4,10 +4,5 @@ terraform { required_providers { aws = ">= 3.19" random = ">= 2" - - docker = { - source = "kreuzwerker/docker" - version = ">= 2.8.0" - } } } diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md new file mode 100644 index 00000000..b2c33207 --- /dev/null +++ b/modules/docker-build/README.md @@ -0,0 +1,93 @@ +# Build Docker Image module + +Terraform module that builds Docker image from `Dockerfile` and pushes it to ECR repository. Lambda can deploy container images from private ECR. + +This Terraform module is the part of [serverless.tf framework](https://github.com/antonbabenko/serverless.tf), which aims to simplify all operations when working with the serverless in Terraform. + +## Usage + +### Complete example of Lambda Function deployment via AWS CodeDeploy + +```hcl +module "lambda_function" { + source = "terraform-aws-modules/lambda/aws" + + function_name = "my-lambda1" + create_package = false + + image_uri = module.docker_image.image_uri + package_type = "Image" +} + +module "docker_image" { + source = "terraform-aws-modules/lambda/aws//modules/docker-build" + + create_ecr_repo = true + ecr_repo = "my-cool-ecr-repo" + image_tag = "1.0" + source_path = "context" +} +``` + +## Examples + +* [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Creates Docker Image and deploy Lambda Function using it. + + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.13 | +| [aws](#requirement\_aws) | >= 3.35 | +| [docker](#requirement\_docker) | >= 2.8.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 3.35 | +| [docker](#provider\_docker) | >= 2.8.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource | +| [docker_registry_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/registry_image) | resource | +| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_ecr_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | +| [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | +| [ecr\_repo](#input\_ecr\_repo) | Name of ECR repository to use or to create | `string` | `null` | no | +| [image\_tag](#input\_image\_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | +| [source\_path](#input\_source\_path) | Path to folder containing application code | `string` | `null` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [image\_uri](#output\_image\_uri) | The ECR image URI for deploying lambda | + + +## Authors + +Module managed by [Anton Babenko](https://github.com/antonbabenko). Check out [serverless.tf](https://serverless.tf) to learn more about doing serverless with Terraform. + +Please reach out to [Betajob](https://www.betajob.com/) if you are looking for commercial support for your Terraform, AWS, or serverless project. + + +## License + +Apache 2 Licensed. See LICENSE for full details. diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf new file mode 100644 index 00000000..c2aad58c --- /dev/null +++ b/modules/docker-build/main.tf @@ -0,0 +1,35 @@ +data "aws_region" "current" {} + +data "aws_caller_identity" "this" {} + +data "aws_ecr_authorization_token" "token" {} + +locals { + ecr_address = format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.name) + ecr_repo = var.create_ecr_repo ? aws_ecr_repository.this[0].id : var.ecr_repo + image_tag = coalesce(var.image_tag, formatdate("YYYYMMDDhhmmss", timestamp())) + ecr_image_name = format("%v/%v:%v", local.ecr_address, local.ecr_repo, local.image_tag) +} + +provider "docker" { + registry_auth { + address = local.ecr_address + username = data.aws_ecr_authorization_token.token.user_name + password = data.aws_ecr_authorization_token.token.password + } +} + +resource "docker_registry_image" "this" { + name = local.ecr_image_name + + build { + context = var.source_path + dockerfile = var.docker_file_path + } +} + +resource "aws_ecr_repository" "this" { + count = var.create_ecr_repo ? 1 : 0 + + name = var.ecr_repo +} diff --git a/modules/docker-build/outputs.tf b/modules/docker-build/outputs.tf new file mode 100644 index 00000000..05c9063a --- /dev/null +++ b/modules/docker-build/outputs.tf @@ -0,0 +1,4 @@ +output "image_uri" { + description = "The ECR image URI for deploying lambda" + value = docker_registry_image.this.name +} diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf new file mode 100644 index 00000000..5e3f4677 --- /dev/null +++ b/modules/docker-build/variables.tf @@ -0,0 +1,29 @@ +variable "create_ecr_repo" { + description = "Controls whether ECR repository for Lambda image should be created" + type = bool + default = false +} + +variable "ecr_repo" { + description = "Name of ECR repository to use or to create" + type = string + default = null +} + +variable "image_tag" { + description = "Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds." + type = string + default = null +} + +variable "source_path" { + description = "Path to folder containing application code" + type = string + default = null +} + +variable "docker_file_path" { + description = "Path to Dockerfile in source package" + type = string + default = "Dockerfile" +} diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf new file mode 100644 index 00000000..cac19d9a --- /dev/null +++ b/modules/docker-build/versions.tf @@ -0,0 +1,11 @@ +terraform { + required_version = ">= 0.13" + + required_providers { + aws = ">= 3.35" + docker = { + source = "kreuzwerker/docker" + version = ">= 2.8.0" + } + } +} From 62ebcd4c239b79853ce928bcfead1bc3b0b533c7 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 28 Jun 2021 18:45:13 +0300 Subject: [PATCH 092/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e3ee121..dec42303 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.5.0] - 2021-06-28 + +- feat: Add submodule to handle creation of docker images ([#162](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/162)) + + ## [v2.4.0] - 2021-06-07 @@ -428,7 +434,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.4.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.5.0...HEAD +[v2.5.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.4.0...v2.5.0 [v2.4.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.3.0...v2.4.0 [v2.3.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.2.0...v2.3.0 [v2.2.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.1.0...v2.2.0 From b99c7b4911ccc14ff6aa42a10df1909103048f05 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 7 Jul 2021 16:50:44 +0300 Subject: [PATCH 093/385] fix: Fixed deprecated call to map() in deploy submodule (#171) --- modules/deploy/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index f1d18d5d..ddeabfe9 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -25,7 +25,7 @@ locals { Hooks = [for k, v in zipmap(["BeforeAllowTraffic", "AfterAllowTraffic"], [ var.before_allow_traffic_hook_arn != "" ? var.before_allow_traffic_hook_arn : null, var.after_allow_traffic_hook_arn != "" ? var.after_allow_traffic_hook_arn : null - ]) : map(k, v) if v != null] + ]) : tomap({ (k) = v }) if v != null] } : {}) appspec_content = replace(jsonencode(local.appspec), "\"", "\\\"") From c89072939311aa21c8f531385204746d360dda06 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 7 Jul 2021 16:51:04 +0300 Subject: [PATCH 094/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dec42303..fdbbeb6c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.6.0] - 2021-07-07 + +- fix: Fixed deprecated call to map() in deploy submodule ([#171](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/171)) + + ## [v2.5.0] - 2021-06-28 @@ -434,7 +440,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.5.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.6.0...HEAD +[v2.6.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.5.0...v2.6.0 [v2.5.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.4.0...v2.5.0 [v2.4.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.3.0...v2.4.0 [v2.3.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.2.0...v2.3.0 From a86a32636efe444d312fd8b0dc0c7e332edbd16e Mon Sep 17 00:00:00 2001 From: Richard Lee Date: Thu, 8 Jul 2021 09:13:22 -0700 Subject: [PATCH 095/385] fix: Remove `random` provider because it is not used (#172) --- README.md | 1 - versions.tf | 1 - 2 files changed, 2 deletions(-) diff --git a/README.md b/README.md index 6f48701f..1715f143 100644 --- a/README.md +++ b/README.md @@ -558,7 +558,6 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | [external](#requirement\_external) | >= 1 | | [local](#requirement\_local) | >= 1 | | [null](#requirement\_null) | >= 2 | -| [random](#requirement\_random) | >= 2 | ## Providers diff --git a/versions.tf b/versions.tf index 67683702..b8953f24 100644 --- a/versions.tf +++ b/versions.tf @@ -5,7 +5,6 @@ terraform { aws = ">= 3.35" external = ">= 1" local = ">= 1" - random = ">= 2" null = ">= 2" } } From 185858df99f467e7e75efab6d6eada3e76905766 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 8 Jul 2021 19:13:52 +0300 Subject: [PATCH 096/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fdbbeb6c..757f46b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.7.0] - 2021-07-08 + +- fix: Remove `random` provider because it is not used ([#172](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/172)) + + ## [v2.6.0] - 2021-07-07 @@ -440,7 +446,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.6.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.7.0...HEAD +[v2.7.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.6.0...v2.7.0 [v2.6.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.5.0...v2.6.0 [v2.5.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.4.0...v2.5.0 [v2.4.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.3.0...v2.4.0 From 12d1a6595e83cc31a99e73b363d61dcf994066bf Mon Sep 17 00:00:00 2001 From: bondezbond Date: Sat, 14 Aug 2021 08:31:49 -0400 Subject: [PATCH 097/385] feat: Expose ecr tag & scan variables in docker-build module (#189) --- modules/docker-build/README.md | 3 +++ modules/docker-build/main.tf | 9 ++++++++- modules/docker-build/variables.tf | 19 +++++++++++++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index b2c33207..0c82cea2 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -71,7 +71,10 @@ No modules. | [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | | [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | | [ecr\_repo](#input\_ecr\_repo) | Name of ECR repository to use or to create | `string` | `null` | no | +| [ecr\_repo\_tags](#input\_ecr\_repo\_tags) | A map of tags to assign to ECR repository | `map(string)` | `{}` | no | | [image\_tag](#input\_image\_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | +| [image\_tag\_mutability](#input\_image\_tag\_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | +| [scan\_on\_push](#input\_scan\_on\_push) | Indicates whether images are scanned after being pushed to the repository | `bool` | `false` | no | | [source\_path](#input\_source\_path) | Path to folder containing application code | `string` | `null` | no | ## Outputs diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index c2aad58c..f33ca1ae 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -31,5 +31,12 @@ resource "docker_registry_image" "this" { resource "aws_ecr_repository" "this" { count = var.create_ecr_repo ? 1 : 0 - name = var.ecr_repo + name = var.ecr_repo + image_tag_mutability = var.image_tag_mutability + + image_scanning_configuration { + scan_on_push = var.scan_on_push + } + + tags = var.ecr_repo_tags } diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf index 5e3f4677..e1321279 100644 --- a/modules/docker-build/variables.tf +++ b/modules/docker-build/variables.tf @@ -27,3 +27,22 @@ variable "docker_file_path" { type = string default = "Dockerfile" } + + +variable "image_tag_mutability" { + description = "The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE`" + type = string + default = "MUTABLE" +} + +variable "scan_on_push" { + description = "Indicates whether images are scanned after being pushed to the repository" + type = bool + default = false +} + +variable "ecr_repo_tags" { + description = "A map of tags to assign to ECR repository" + type = map(string) + default = {} +} From 8575fd329c1f9f8d409ce0a2beb5928216425523 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sat, 14 Aug 2021 14:32:06 +0200 Subject: [PATCH 098/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 757f46b3..3859758d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.8.0] - 2021-08-14 + +- feat: Expose ecr tag & scan variables in docker-build module ([#189](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/189)) + + ## [v2.7.0] - 2021-07-08 @@ -446,7 +452,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.7.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.8.0...HEAD +[v2.8.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.7.0...v2.8.0 [v2.7.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.6.0...v2.7.0 [v2.6.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.5.0...v2.6.0 [v2.5.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.4.0...v2.5.0 From 376d5e75fd62791cfb333e5f6f14411dc52df763 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Muszy=C5=84ski?= <63265460+pawelmuszynski@users.noreply.github.com> Date: Fri, 20 Aug 2021 12:29:47 +0200 Subject: [PATCH 099/385] feat: Add topics parameter support for lambda event source (#166) --- main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/main.tf b/main.tf index bcaef9c4..a400077f 100644 --- a/main.tf +++ b/main.tf @@ -228,6 +228,7 @@ resource "aws_lambda_event_source_mapping" "this" { maximum_retry_attempts = lookup(each.value, "maximum_retry_attempts", null) maximum_record_age_in_seconds = lookup(each.value, "maximum_record_age_in_seconds", null) bisect_batch_on_function_error = lookup(each.value, "bisect_batch_on_function_error", null) + topics = lookup(each.value, "topics", null) dynamic "destination_config" { for_each = lookup(each.value, "destination_arn_on_failure", null) != null ? [true] : [] From afbf7bd3cbe4a476bafe07327793fc9dd7b99cf4 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 20 Aug 2021 12:30:19 +0200 Subject: [PATCH 100/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3859758d..4a86dfff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.9.0] - 2021-08-20 + +- feat: Add topics parameter support for lambda event source ([#166](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/166)) + + ## [v2.8.0] - 2021-08-14 @@ -452,7 +458,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.8.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.9.0...HEAD +[v2.9.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.8.0...v2.9.0 [v2.8.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.7.0...v2.8.0 [v2.7.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.6.0...v2.7.0 [v2.6.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.5.0...v2.6.0 From 508f0d5be43a8262da82bc2733bfb0999b799908 Mon Sep 17 00:00:00 2001 From: anoshi Date: Sat, 21 Aug 2021 01:20:49 +1000 Subject: [PATCH 101/385] feat: Add support for separate deployments of infra and code (#175) --- CHANGELOG.md | 2 +- README.md | 27 ++++++++++++++++++++++++++ examples/complete/README.md | 2 ++ examples/complete/main.tf | 38 +++++++++++++++++++++++++++++++++++++ main.tf | 4 ++-- variables.tf | 6 ++++++ 6 files changed, 76 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a86dfff..0e3dc20f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. ## [Unreleased] - +- feat: Add `ignore_source_code_hash` variable to allow the lambda function resource to be managed by terraform but have the function code managed externally ## [v2.9.0] - 2021-08-20 diff --git a/README.md b/README.md index 1715f143..b657f60f 100644 --- a/README.md +++ b/README.md @@ -106,6 +106,32 @@ module "lambda_function_existing_package_local" { } ``` +### Lambda Function or Lambda Layer with the deployable artifact maintained separately from the infrastructure + +If you want to manage function code and infrastructure resources (such as IAM permissions, policies, events, etc) in separate flows (e.g., different repositories, teams, CI/CD pipelines). + +Disable source code tracking to turn off deployments (and rollbacks) using the module by setting `ignore_source_code_hash = true` and deploy a _dummy function_. + +When the infrastructure and the dummy function is deployed, you can use external tool to update the source code of the function (eg, using [AWS CLI](https://docs.aws.amazon.com/cli/latest/reference/lambda/update-function-code.html)) and keep using this module via Terraform to manage the infrastructure. + +Be aware that changes in `local_existing_package` value may trigger deployment via Terraform. + +```hcl +module "lambda_function_externally_managed_package" { + source = "terraform-aws-modules/lambda/aws" + + function_name = "my-lambda-externally-managed-package" + description = "My lambda function code is deployed separately" + handler = "index.lambda_handler" + runtime = "python3.8" + + create_package = false + local_existing_package = "./lambda_functions/code.zip" + + ignore_source_code_hash = true +} +``` + ### Lambda Function with existing package (prebuilt) stored in S3 bucket Note that this module does not copy prebuilt packages into S3 bucket. This module can only store packages it builds locally and in S3 bucket. @@ -664,6 +690,7 @@ No modules. | [function\_name](#input\_function\_name) | A unique name for your Lambda Function | `string` | `""` | no | | [handler](#input\_handler) | Lambda Function entrypoint in your code | `string` | `""` | no | | [hash\_extra](#input\_hash\_extra) | The string to add into hashing function. Useful when building same source path for different functions. | `string` | `""` | no | +| [ignore\_source\_code\_hash](#input\_ignore\_source\_code\_hash) | Whether to ignore changes to the function's source code hash. Set to true if you manage infrastructure and code deployments separately. | `bool` | `false` | no | | [image\_config\_command](#input\_image\_config\_command) | The CMD for the docker image | `list(string)` | `[]` | no | | [image\_config\_entry\_point](#input\_image\_config\_entry\_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | | [image\_config\_working\_directory](#input\_image\_config\_working\_directory) | The working directory for the docker image | `string` | `null` | no | diff --git a/examples/complete/README.md b/examples/complete/README.md index 5cbdce79..94d81913 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -40,8 +40,10 @@ Note that this example may create resources which cost money. Run `terraform des | [lambda\_function](#module\_lambda\_function) | ../../ | | | [lambda\_function\_existing\_package\_local](#module\_lambda\_function\_existing\_package\_local) | ../../ | | | [lambda\_function\_for\_each](#module\_lambda\_function\_for\_each) | ../../ | | +| [lambda\_function\_with\_package\_deploying\_externally](#module\_lambda\_function\_with\_package\_deploying\_externally) | ../../ | | | [lambda\_layer\_local](#module\_lambda\_layer\_local) | ../../ | | | [lambda\_layer\_s3](#module\_lambda\_layer\_s3) | ../../ | | +| [lambda\_layer\_with\_package\_deploying\_externally](#module\_lambda\_layer\_with\_package\_deploying\_externally) | ../../ | | | [lambda\_with\_mixed\_trusted\_entities](#module\_lambda\_with\_mixed\_trusted\_entities) | ../../ | | | [lambda\_with\_provisioned\_concurrency](#module\_lambda\_with\_provisioned\_concurrency) | ../../ | | | [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 7a189597..348aab8c 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -167,6 +167,26 @@ module "lambda_layer_local" { source_path = "${path.module}/../fixtures/python3.8-app1" } +#################################################### +# Lambda Layer with package deploying externally +# (e.g., using separate CI/CD pipeline) +#################################################### + +module "lambda_layer_with_package_deploying_externally" { + source = "../../" + + create_layer = true + + layer_name = "${random_pet.this.id}-layer-local" + description = "My amazing lambda layer (deployed from local)" + compatible_runtimes = ["python3.8"] + + create_package = false + local_existing_package = "../fixtures/python3.8-zip/existing_package.zip" + + ignore_source_code_hash = true +} + ############################### # Lambda Layer (storing on S3) ############################### @@ -277,6 +297,24 @@ module "lambda_function_for_each" { local_existing_package = "${path.module}/../fixtures/python3.8-zip/existing_package.zip" } +#################################################### +# Lambda Function with package deploying externally +# (e.g., using separate CI/CD pipeline) +#################################################### + +module "lambda_function_with_package_deploying_externally" { + source = "../../" + + function_name = "${random_pet.this.id}-lambda-with-package-deploying-externally" + handler = "index.lambda_handler" + runtime = "python3.8" + + create_package = false + local_existing_package = "../fixtures/python3.8-zip/existing_package.zip" + + ignore_source_code_hash = true +} + ########### # Disabled ########### diff --git a/main.tf b/main.tf index a400077f..5608b816 100644 --- a/main.tf +++ b/main.tf @@ -29,7 +29,7 @@ resource "aws_lambda_function" "this" { package_type = var.package_type filename = local.filename - source_code_hash = (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null + source_code_hash = var.ignore_source_code_hash ? null : (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null s3_bucket = local.s3_bucket s3_key = local.s3_key @@ -100,7 +100,7 @@ resource "aws_lambda_layer_version" "this" { compatible_runtimes = length(var.compatible_runtimes) > 0 ? var.compatible_runtimes : [var.runtime] filename = local.filename - source_code_hash = (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null + source_code_hash = var.ignore_source_code_hash ? null : (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null s3_bucket = local.s3_bucket s3_key = local.s3_key diff --git a/variables.tf b/variables.tf index 6a683ed0..56af85ca 100644 --- a/variables.tf +++ b/variables.tf @@ -493,6 +493,12 @@ variable "artifacts_dir" { default = "builds" } +variable "ignore_source_code_hash" { + description = "Whether to ignore changes to the function's source code hash. Set to true if you manage infrastructure and code deployments separately." + type = bool + default = false +} + variable "local_existing_package" { description = "The absolute path to an existing zip-file to use" type = string From 93dfd1485b68d6ddb86427431d6c04e10796875f Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 20 Aug 2021 17:21:13 +0200 Subject: [PATCH 102/385] Updated CHANGELOG --- CHANGELOG.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e3dc20f..62cefafa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,13 @@ All notable changes to this project will be documented in this file. ## [Unreleased] -- feat: Add `ignore_source_code_hash` variable to allow the lambda function resource to be managed by terraform but have the function code managed externally + + + +## [v2.10.0] - 2021-08-20 + +- feat: Add support for separate deployments of infra and code ([#175](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/175)) + ## [v2.9.0] - 2021-08-20 @@ -458,7 +464,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.9.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.10.0...HEAD +[v2.10.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.9.0...v2.10.0 [v2.9.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.8.0...v2.9.0 [v2.8.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.7.0...v2.8.0 [v2.7.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.6.0...v2.7.0 From fd86a892fc205c40eb569676b080c86369251dec Mon Sep 17 00:00:00 2001 From: Patrick Decat Date: Fri, 20 Aug 2021 21:05:16 +0200 Subject: [PATCH 103/385] fix: No need to set `aws_s3_bucket_object` `etag` as filename is already a hash of the content (#180) --- main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/main.tf b/main.tf index 5608b816..e0da0cbc 100644 --- a/main.tf +++ b/main.tf @@ -116,7 +116,6 @@ resource "aws_s3_bucket_object" "lambda_package" { acl = var.s3_acl key = data.external.archive_prepare[0].result.filename source = data.external.archive_prepare[0].result.filename - etag = fileexists(data.external.archive_prepare[0].result.filename) ? filemd5(data.external.archive_prepare[0].result.filename) : null storage_class = var.s3_object_storage_class server_side_encryption = var.s3_server_side_encryption From 87d8a58d636dd220f71aed1435086621ddd3ad70 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 20 Aug 2021 21:05:34 +0200 Subject: [PATCH 104/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 62cefafa..67ac5546 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.11.0] - 2021-08-20 + +- fix: No need to set `aws_s3_bucket_object` `etag` as filename is already a hash of the content ([#180](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/180)) + + ## [v2.10.0] - 2021-08-20 @@ -464,7 +470,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.10.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.11.0...HEAD +[v2.11.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.10.0...v2.11.0 [v2.10.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.9.0...v2.10.0 [v2.9.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.8.0...v2.9.0 [v2.8.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.7.0...v2.8.0 From 43a5134cbd10a1c93d7c30b48e0daa462723d7c9 Mon Sep 17 00:00:00 2001 From: Andrei Krasnitski Date: Mon, 30 Aug 2021 11:51:31 +0200 Subject: [PATCH 105/385] feat: Add Amazon MQ event source type support (#190) --- README.md | 8 +-- examples/alias/README.md | 2 +- examples/alias/versions.tf | 2 +- examples/async/README.md | 2 +- examples/async/versions.tf | 2 +- examples/build-package/README.md | 2 +- examples/build-package/versions.tf | 2 +- examples/deploy/README.md | 2 +- examples/deploy/versions.tf | 2 +- examples/event-source-mapping/README.md | 2 +- examples/event-source-mapping/main.tf | 87 ++++++++++++++++++++++- examples/event-source-mapping/versions.tf | 4 +- examples/multiple-regions/README.md | 2 +- examples/multiple-regions/versions.tf | 2 +- examples/simple/README.md | 2 +- examples/simple/versions.tf | 2 +- examples/triggers/README.md | 2 +- examples/triggers/versions.tf | 2 +- main.tf | 11 ++- modules/alias/README.md | 2 +- modules/alias/versions.tf | 2 +- modules/deploy/README.md | 2 +- modules/deploy/versions.tf | 2 +- versions.tf | 4 +- 24 files changed, 121 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index b657f60f..722604f7 100644 --- a/README.md +++ b/README.md @@ -571,7 +571,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo - [With VPC](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-vpc) - Create Lambda Function with VPC. - [With EFS](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-efs) - Create Lambda Function with Elastic File System attached (Terraform 0.13+ is recommended). - [Multiple regions](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/multiple-regions) - Create the same Lambda Function in multiple regions with non-conflicting IAM roles and policies. -- [Event Source Mapping](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/event-source-mapping) - Create Lambda Function with event source mapping configuration (SQS, DynamoDB, and Kinesis). +- [Event Source Mapping](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/event-source-mapping) - Create Lambda Function with event source mapping configuration (SQS, DynamoDB, Amazon MQ, and Kinesis). - [Triggers](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/triggers) - Create Lambda Function with some triggers (eg, Cloudwatch Events, EventBridge). @@ -579,8 +579,8 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 3.35 | +| [terraform](#requirement\_terraform) | >= 0.12.31 | +| [aws](#requirement\_aws) | >= 3.43 | | [external](#requirement\_external) | >= 1 | | [local](#requirement\_local) | >= 1 | | [null](#requirement\_null) | >= 2 | @@ -589,7 +589,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.35 | +| [aws](#provider\_aws) | >= 3.43 | | [external](#provider\_external) | >= 1 | | [local](#provider\_local) | >= 1 | | [null](#provider\_null) | >= 2 | diff --git a/examples/alias/README.md b/examples/alias/README.md index 30d8ec09..6278a117 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [terraform](#requirement\_terraform) | >= 0.12.31 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index ce96cacd..d19ea6ad 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" required_providers { aws = ">= 3.19" diff --git a/examples/async/README.md b/examples/async/README.md index f4774c60..4ecdfd7a 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [terraform](#requirement\_terraform) | >= 0.12.31 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/async/versions.tf b/examples/async/versions.tf index ce96cacd..d19ea6ad 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" required_providers { aws = ">= 3.19" diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 404ff9ef..faac5ea6 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [terraform](#requirement\_terraform) | >= 0.12.31 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index ce96cacd..d19ea6ad 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" required_providers { aws = ">= 3.19" diff --git a/examples/deploy/README.md b/examples/deploy/README.md index 1bf75d45..bf0393f8 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [terraform](#requirement\_terraform) | >= 0.12.31 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index ce96cacd..d19ea6ad 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" required_providers { aws = ">= 3.19" diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md index 1a62df62..20e6fff8 100644 --- a/examples/event-source-mapping/README.md +++ b/examples/event-source-mapping/README.md @@ -1,6 +1,6 @@ # Event Source Mapping configuration -Configuration in this directory creates Lambda Function with event source mapping configuration for SQS queue, Kinesis stream, and DynamoDB table. +Configuration in this directory creates Lambda Function with event source mapping configuration for SQS queue, Kinesis stream, Amazon MQ, and DynamoDB table. ## Usage diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index aa7c2b31..9c2f3f24 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -35,6 +35,20 @@ module "lambda_function" { event_source_arn = aws_kinesis_stream.this.arn starting_position = "LATEST" } + mq = { + event_source_arn = aws_mq_broker.this.arn + queues = ["my-queue"] + source_access_configuration = [ + { + type = "BASIC_AUTH" + uri = aws_secretsmanager_secret.this.arn + }, + { + type = "VIRTUAL_HOST" + uri = "/" + } + ] + } } allowed_triggers = { @@ -50,17 +64,40 @@ module "lambda_function" { principal = "kinesis.amazonaws.com" source_arn = aws_kinesis_stream.this.arn } + mq = { + principal = "mq.amazonaws.com" + source_arn = aws_mq_broker.this.arn + } } create_current_version_allowed_triggers = false - # Allow failures to be sent to SQS queue + attach_network_policy = true + attach_policy_statements = true policy_statements = { + # Allow failures to be sent to SQS queue sqs_failure = { effect = "Allow", actions = ["sqs:SendMessage"], resources = [aws_sqs_queue.failure.arn] + }, + # Execution role permissions to read records from an Amazon MQ broker + # https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#events-mq-permissions + mq_event_source = { + effect = "Allow", + actions = ["ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs"], + resources = ["*"] + }, + mq_describe_broker = { + effect = "Allow", + actions = ["mq:DescribeBroker"], + resources = [aws_mq_broker.this.arn] + }, + secrets_manager_get_value = { + effect = "Allow", + actions = ["secretsmanager:GetSecretValue"], + resources = [aws_secretsmanager_secret.this.arn] } } @@ -78,14 +115,26 @@ module "lambda_function" { # Extra resources ################## +# Shared resources resource "random_pet" "this" { length = 2 } +resource "random_password" "this" { + length = 40 + special = false +} + +# SQS resource "aws_sqs_queue" "this" { name = random_pet.this.id } +resource "aws_sqs_queue" "failure" { + name = "${random_pet.this.id}-failure" +} + +# DynamoDB resource "aws_dynamodb_table" "this" { name = random_pet.this.id billing_mode = "PAY_PER_REQUEST" @@ -105,11 +154,43 @@ resource "aws_dynamodb_table" "this" { } } +# Kinesis resource "aws_kinesis_stream" "this" { name = random_pet.this.id shard_count = 1 } -resource "aws_sqs_queue" "failure" { - name = "${random_pet.this.id}-failure" +# Amazon MQ +data "aws_vpc" "default" { + default = true +} + +data "aws_security_group" "default" { + vpc_id = data.aws_vpc.default.id + name = "default" +} + +resource "aws_mq_broker" "this" { + broker_name = random_pet.this.id + engine_type = "RabbitMQ" + engine_version = "3.8.11" + host_instance_type = "mq.t3.micro" + security_groups = [data.aws_security_group.default.id] + + user { + username = random_pet.this.id + password = random_password.this.result + } +} + +resource "aws_secretsmanager_secret" "this" { + name = "${random_pet.this.id}-mq-credentials" +} + +resource "aws_secretsmanager_secret_version" "this" { + secret_id = aws_secretsmanager_secret.this.id + secret_string = jsonencode({ + username = random_pet.this.id + password = random_password.this.result + }) } diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 479d7362..8735e5c8 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -1,8 +1,8 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" required_providers { - aws = ">= 3.27" + aws = ">= 3.43" random = ">= 2" } } diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 7c27e2ef..eaf1b186 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [terraform](#requirement\_terraform) | >= 0.12.31 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index ce96cacd..d19ea6ad 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" required_providers { aws = ">= 3.19" diff --git a/examples/simple/README.md b/examples/simple/README.md index 879cff46..3fea96e5 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [terraform](#requirement\_terraform) | >= 0.12.31 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index ce96cacd..d19ea6ad 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" required_providers { aws = ">= 3.19" diff --git a/examples/triggers/README.md b/examples/triggers/README.md index 4d0ea282..a1ca901f 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [terraform](#requirement\_terraform) | >= 0.12.31 | | [aws](#requirement\_aws) | >= 2.67 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/triggers/versions.tf b/examples/triggers/versions.tf index 479e53d4..c7814727 100644 --- a/examples/triggers/versions.tf +++ b/examples/triggers/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" required_providers { aws = ">= 2.67" diff --git a/main.tf b/main.tf index e0da0cbc..b7fc74cf 100644 --- a/main.tf +++ b/main.tf @@ -212,7 +212,7 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" { } resource "aws_lambda_event_source_mapping" "this" { - for_each = var.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers ? tomap(var.event_source_mapping) : tomap({}) + for_each = var.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers ? var.event_source_mapping : tomap({}) function_name = aws_lambda_function.this[0].arn @@ -228,6 +228,7 @@ resource "aws_lambda_event_source_mapping" "this" { maximum_record_age_in_seconds = lookup(each.value, "maximum_record_age_in_seconds", null) bisect_batch_on_function_error = lookup(each.value, "bisect_batch_on_function_error", null) topics = lookup(each.value, "topics", null) + queues = lookup(each.value, "queues", null) dynamic "destination_config" { for_each = lookup(each.value, "destination_arn_on_failure", null) != null ? [true] : [] @@ -237,4 +238,12 @@ resource "aws_lambda_event_source_mapping" "this" { } } } + + dynamic "source_access_configuration" { + for_each = lookup(each.value, "source_access_configuration", []) + content { + type = source_access_configuration.value["type"] + uri = source_access_configuration.value["uri"] + } + } } diff --git a/modules/alias/README.md b/modules/alias/README.md index 4677fb48..6b346f2f 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -115,7 +115,7 @@ module "lambda" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [terraform](#requirement\_terraform) | >= 0.12.31 | | [aws](#requirement\_aws) | >= 3.35 | ## Providers diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index e8c4e706..c8024436 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" required_providers { aws = ">= 3.35" diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 499b169b..8207c969 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -99,7 +99,7 @@ module "lambda" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [terraform](#requirement\_terraform) | >= 0.12.31 | | [aws](#requirement\_aws) | >= 3.35 | | [local](#requirement\_local) | >= 1 | | [null](#requirement\_null) | >= 2 | diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index 6b4055ba..917d8213 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" required_providers { aws = ">= 3.35" diff --git a/versions.tf b/versions.tf index b8953f24..2dddf02a 100644 --- a/versions.tf +++ b/versions.tf @@ -1,8 +1,8 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" required_providers { - aws = ">= 3.35" + aws = ">= 3.43" external = ">= 1" local = ">= 1" null = ">= 2" From b5e26aa494361045597897501da56165dfd52ca2 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 30 Aug 2021 11:51:48 +0200 Subject: [PATCH 106/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 67ac5546..d1ab4dba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.12.0] - 2021-08-30 + +- feat: Add Amazon MQ event source type support ([#190](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/190)) + + ## [v2.11.0] - 2021-08-20 @@ -470,7 +476,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.11.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.12.0...HEAD +[v2.12.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.11.0...v2.12.0 [v2.11.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.10.0...v2.11.0 [v2.10.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.9.0...v2.10.0 [v2.9.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.8.0...v2.9.0 From 9f99b851caef8a3b55ec01491e9b829c266ba594 Mon Sep 17 00:00:00 2001 From: Benn Linger Date: Mon, 30 Aug 2021 05:54:40 -0400 Subject: [PATCH 107/385] feat: Added docker pip cache support for macOS (#192) --- package.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.py b/package.py index 98613118..48a49949 100644 --- a/package.py +++ b/package.py @@ -981,7 +981,7 @@ def docker_run_command(build_root, command, runtime, '-e', 'SSH_AUTH_SOCK=/tmp/ssh_sock', ]) - if platform.system() == 'Linux': + if platform.system() in ('Linux', 'Darwin'): if pip_cache_dir: pip_cache_dir = os.path.abspath(pip_cache_dir) docker_cmd.extend([ From c5ab7799071cd6f1405773454d90b4645e2e561e Mon Sep 17 00:00:00 2001 From: Patrick Decat Date: Mon, 30 Aug 2021 12:36:18 +0200 Subject: [PATCH 108/385] fix: Sort directories and files to ensure they are always processed in the same order (#177) --- package.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/package.py b/package.py index 48a49949..d557a329 100644 --- a/package.py +++ b/package.py @@ -140,6 +140,9 @@ def list_files(top_path, log=None): results = [] for root, dirs, files in os.walk(top_path, followlinks=True): + # Sort directories and files to ensure they are always processed in the same order + dirs.sort() + files.sort() for file_name in files: file_path = os.path.join(root, file_name) relative_path = os.path.relpath(file_path, top_path) @@ -211,6 +214,9 @@ def yesno_bool(val): def emit_dir_content(base_dir): for root, dirs, files in os.walk(base_dir, followlinks=True): + # Sort directories and files to ensure they are always processed in the same order + dirs.sort() + files.sort() if root != base_dir: yield os.path.normpath(root) for name in files: @@ -596,6 +602,9 @@ def emit_file(fpath, opath): yield path else: for root, dirs, files in os.walk(path, followlinks=True): + # Sort directories and files to ensure they are always processed in the same order + dirs.sort() + files.sort() o, d = norm_path(path, root) # log.info('od: %s %s', o, d) if root != path: From 2574b83ef0e8fbe123b9369bf0c48710b2845223 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 30 Aug 2021 13:41:54 +0200 Subject: [PATCH 109/385] Updated CHANGELOG --- CHANGELOG.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d1ab4dba..f99eceb8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,13 @@ All notable changes to this project will be documented in this file. + +## [v2.13.0] - 2021-08-30 + +- fix: Sort directories and files to ensure they are always processed in the same order ([#177](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/177)) +- feat: Added docker pip cache support for macOS ([#192](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/192)) + + ## [v2.12.0] - 2021-08-30 @@ -476,7 +483,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.12.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.13.0...HEAD +[v2.13.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.12.0...v2.13.0 [v2.12.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.11.0...v2.12.0 [v2.11.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.10.0...v2.11.0 [v2.10.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.9.0...v2.10.0 From ba4dbbbf274014c2bdb61c9a4f464d08021f1e38 Mon Sep 17 00:00:00 2001 From: pglagerweij Date: Mon, 30 Aug 2021 15:04:54 +0200 Subject: [PATCH 110/385] feat: Add unique_id output of the lambda role (#173) --- .github/workflows/pre-commit.yml | 2 +- README.md | 1 + outputs.tf | 5 +++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index ab9aef23..f5d5d776 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -91,7 +91,7 @@ jobs: - name: Install pre-commit dependencies run: | pip install pre-commit - curl -Lo ./terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v0.13.0/terraform-docs-v0.13.0-$(uname)-amd64.tar.gz && tar -xzf terraform-docs.tar.gz && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ + curl -Lo ./terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v0.13.0/terraform-docs-v0.13.0-$(uname)-amd64.tar.gz && tar -xzf terraform-docs.tar.gz terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/ - name: Execute pre-commit # Run all pre-commit checks on max version supported diff --git a/README.md b/README.md index 722604f7..d95c4661 100644 --- a/README.md +++ b/README.md @@ -765,6 +765,7 @@ No modules. | [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | | [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | +| [lambda\_role\_unique\_id](#output\_lambda\_role\_unique\_id) | The unique id of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | diff --git a/outputs.tf b/outputs.tf index 90bae655..7162a3de 100644 --- a/outputs.tf +++ b/outputs.tf @@ -102,6 +102,11 @@ output "lambda_role_name" { value = element(concat(aws_iam_role.lambda.*.name, [""]), 0) } +output "lambda_role_unique_id" { + description = "The unique id of the IAM role created for the Lambda Function" + value = element(concat(aws_iam_role.lambda.*.unique_id, [""]), 0) +} + # CloudWatch Log Group output "lambda_cloudwatch_log_group_arn" { description = "The ARN of the Cloudwatch Log Group" From e2d5ddd3cad6269970593a62c6b0e3f69a2d902a Mon Sep 17 00:00:00 2001 From: Patrick Decat Date: Mon, 30 Aug 2021 15:25:09 +0200 Subject: [PATCH 111/385] fix: Take patterns into account when computing hash (#169) --- package.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/package.py b/package.py index d557a329..aff22a31 100644 --- a/package.py +++ b/package.py @@ -739,9 +739,19 @@ def commands_step(path, commands): else: pip_requirements_step(pip_requirements, prefix, required=True) + if path: step('zip', path, prefix) - hash(path) + if patterns: + # Take patterns into account when computing hash + pf = ZipContentFilter(args=self._args) + pf.compile(patterns) + + for path_from_pattern in pf.filter(path, prefix): + hash(path_from_pattern) + else: + hash(path) + if patterns: step('clear:filter') else: From b2a3657e45b742f47b1f7a664ae28ec7480004d4 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 30 Aug 2021 15:25:55 +0200 Subject: [PATCH 112/385] Updated CHANGELOG --- CHANGELOG.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f99eceb8..45f24042 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,13 @@ All notable changes to this project will be documented in this file. + +## [v2.14.0] - 2021-08-30 + +- fix: Take patterns into account when computing hash ([#169](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/169)) +- feat: Add unique_id output of the lambda role ([#173](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/173)) + + ## [v2.13.0] - 2021-08-30 @@ -483,7 +490,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.13.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.14.0...HEAD +[v2.14.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.13.0...v2.14.0 [v2.13.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.12.0...v2.13.0 [v2.12.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.11.0...v2.12.0 [v2.11.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.10.0...v2.11.0 From 883ec89ba9498cc672cd144ab4b96926ad6f4f33 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 30 Aug 2021 15:44:20 +0200 Subject: [PATCH 113/385] docs: Added a note for TFC/TFE customers (#193) --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index d95c4661..b0be6d93 100644 --- a/README.md +++ b/README.md @@ -533,6 +533,10 @@ There is [alias module](https://github.com/terraform-aws-modules/terraform-aws-l There is [deploy module](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/modules/deploy), which creates required resources to do deployments using AWS CodeDeploy. It also creates the deployment, and wait for completion. See [examples/deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) for complete end-to-end build/update/deploy process. +## Terraform CI/CD + +Terraform Cloud, Terraform Enterprise, and many other SaaS for running Terraform do not have Python pre-installed on the workers. You will need to provide an [alternative Docker image](https://www.terraform.io/docs/enterprise/install/installer.html#alternative-terraform-worker-image) with Python installed to be able to use this module there. + ## FAQ Q1: Why deployment package not recreating every time I change something? Or why deployment package is being recreated every time but content has not been changed? From 2c845c358a83944d8ff628589816a68c446fd10e Mon Sep 17 00:00:00 2001 From: Patrick Decat Date: Mon, 30 Aug 2021 17:14:01 +0200 Subject: [PATCH 114/385] fix: Strip leading `./` in S3 key (#191) --- README.md | 1 + examples/complete/main.tf | 3 +++ main.tf | 11 +++++++---- variables.tf | 6 ++++++ 4 files changed, 17 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index b0be6d93..dc79fde4 100644 --- a/README.md +++ b/README.md @@ -732,6 +732,7 @@ No modules. | [s3\_existing\_package](#input\_s3\_existing\_package) | The S3 bucket object with keys bucket, key, version pointing to an existing zip-file to use | `map(string)` | `null` | no | | [s3\_object\_storage\_class](#input\_s3\_object\_storage\_class) | Specifies the desired Storage Class for the artifact uploaded to S3. Can be either STANDARD, REDUCED\_REDUNDANCY, ONEZONE\_IA, INTELLIGENT\_TIERING, or STANDARD\_IA. | `string` | `"ONEZONE_IA"` | no | | [s3\_object\_tags](#input\_s3\_object\_tags) | A map of tags to assign to S3 bucket object. | `map(string)` | `{}` | no | +| [s3\_prefix](#input\_s3\_prefix) | Directory name where artifacts should be stored in the S3 bucket. If unset, the path from `artifacts_dir` is used | `string` | `null` | no | | [s3\_server\_side\_encryption](#input\_s3\_server\_side\_encryption) | Specifies server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms". | `string` | `null` | no | | [source\_path](#input\_source\_path) | The absolute path to a local file or directory containing your Lambda source code | `any` | `null` | no | | [store\_on\_s3](#input\_store\_on\_s3) | Whether to store produced artifacts on S3 or locally. | `bool` | `false` | no | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 348aab8c..dc28e495 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -27,6 +27,9 @@ module "lambda_function" { store_on_s3 = true s3_bucket = module.s3_bucket.s3_bucket_id + s3_prefix = "lambda-builds/" + + artifacts_dir = "${path.root}/.terraform/lambda-builds/" layers = [ module.lambda_layer_local.lambda_layer_arn, diff --git a/main.tf b/main.tf index b7fc74cf..c8a84317 100644 --- a/main.tf +++ b/main.tf @@ -1,12 +1,15 @@ locals { + archive_filename = element(concat(data.external.archive_prepare.*.result.filename, [null]), 0) + archive_was_missing = element(concat(data.external.archive_prepare.*.result.was_missing, [false]), 0) + # Use a generated filename to determine when the source code has changed. # filename - to get package from local - filename = var.local_existing_package != null ? var.local_existing_package : (var.store_on_s3 ? null : element(concat(data.external.archive_prepare.*.result.filename, [null]), 0)) - was_missing = var.local_existing_package != null ? !fileexists(var.local_existing_package) : element(concat(data.external.archive_prepare.*.result.was_missing, [false]), 0) + filename = var.local_existing_package != null ? var.local_existing_package : (var.store_on_s3 ? null : local.archive_filename) + was_missing = var.local_existing_package != null ? !fileexists(var.local_existing_package) : local.archive_was_missing # s3_* - to get package from S3 s3_bucket = var.s3_existing_package != null ? lookup(var.s3_existing_package, "bucket", null) : (var.store_on_s3 ? var.s3_bucket : null) - s3_key = var.s3_existing_package != null ? lookup(var.s3_existing_package, "key", null) : (var.store_on_s3 ? element(concat(data.external.archive_prepare.*.result.filename, [null]), 0) : null) + s3_key = var.s3_existing_package != null ? lookup(var.s3_existing_package, "key", null) : (var.store_on_s3 ? var.s3_prefix != null ? format("%s%s", var.s3_prefix, replace(local.archive_filename, "/^.*//", "")) : replace(local.archive_filename, "/^\\.//", "") : null) s3_object_version = var.s3_existing_package != null ? lookup(var.s3_existing_package, "version_id", null) : (var.store_on_s3 ? element(concat(aws_s3_bucket_object.lambda_package.*.version_id, [null]), 0) : null) } @@ -114,7 +117,7 @@ resource "aws_s3_bucket_object" "lambda_package" { bucket = var.s3_bucket acl = var.s3_acl - key = data.external.archive_prepare[0].result.filename + key = local.s3_key source = data.external.archive_prepare[0].result.filename storage_class = var.s3_object_storage_class diff --git a/variables.tf b/variables.tf index 56af85ca..33f9f893 100644 --- a/variables.tf +++ b/variables.tf @@ -493,6 +493,12 @@ variable "artifacts_dir" { default = "builds" } +variable "s3_prefix" { + description = "Directory name where artifacts should be stored in the S3 bucket. If unset, the path from `artifacts_dir` is used" + type = string + default = null +} + variable "ignore_source_code_hash" { description = "Whether to ignore changes to the function's source code hash. Set to true if you manage infrastructure and code deployments separately." type = bool From ad97a3e864115437d992c9174badd2e217380d47 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 30 Aug 2021 17:14:19 +0200 Subject: [PATCH 115/385] Updated CHANGELOG --- CHANGELOG.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 45f24042..491f0372 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,13 @@ All notable changes to this project will be documented in this file. + +## [v2.15.0] - 2021-08-30 + +- fix: Strip leading `./` in S3 key ([#191](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/191)) +- docs: Added a note for TFC/TFE customers ([#193](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/193)) + + ## [v2.14.0] - 2021-08-30 @@ -490,7 +497,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.14.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.15.0...HEAD +[v2.15.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.14.0...v2.15.0 [v2.14.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.13.0...v2.14.0 [v2.13.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.12.0...v2.13.0 [v2.12.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.11.0...v2.12.0 From 10cfba56610c2cbaec148f3c63d4d8c1efa37515 Mon Sep 17 00:00:00 2001 From: Patrick Decat Date: Mon, 30 Aug 2021 17:36:15 +0200 Subject: [PATCH 116/385] feat: Add `recreate_missing_package` parameter (#181) --- README.md | 3 ++- package.py | 4 ++-- package.tf | 2 ++ variables.tf | 6 ++++++ 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index dc79fde4..d24f7914 100644 --- a/README.md +++ b/README.md @@ -549,7 +549,7 @@ Q2: How to force recreate deployment package? Q3: `null_resource.archive[0] must be replaced` -> Answer: This probably mean that zip-archive has been deployed, but is currently absent locally, and it has to be recreated locally. When you run into this issue during CI/CD process (where workspace is clean), you can set environment variable `TF_RECREATE_MISSING_LAMBDA_PACKAGE=false` and run `terraform apply`. +> Answer: This probably mean that zip-archive has been deployed, but is currently absent locally, and it has to be recreated locally. When you run into this issue during CI/CD process (where workspace is clean) or from multiple workspaces, you can set environment variable `TF_RECREATE_MISSING_LAMBDA_PACKAGE=false` or pass `recreate_missing_package = false` as a parameter to the module and run `terraform apply`. Q4: What does this error mean - `"We currently do not support adding policies for $LATEST."` ? @@ -719,6 +719,7 @@ No modules. | [policy\_statements](#input\_policy\_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | | [provisioned\_concurrent\_executions](#input\_provisioned\_concurrent\_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | | [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | +| [recreate\_missing\_package](#input\_recreate\_missing\_package) | Whether to recreate missing Lambda package if it is missing locally or not | `bool` | `true` | no | | [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | | [role\_description](#input\_role\_description) | Description of IAM role to use for Lambda Function | `string` | `null` | no | | [role\_force\_detach\_policies](#input\_role\_force\_detach\_policies) | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no | diff --git a/package.py b/package.py index aff22a31..8b2c2ff9 100644 --- a/package.py +++ b/package.py @@ -1058,7 +1058,7 @@ def prepare_command(args): hash_extra_paths = query.hash_extra_paths source_path = query.source_path hash_extra = query.hash_extra - recreate_missing_package = yesno_bool(args.recreate_missing_package) + recreate_missing_package = yesno_bool(args.recreate_missing_package if args.recreate_missing_package is not None else query.recreate_missing_package) docker = query.docker bpm = BuildPlanManager(args, log=log) @@ -1246,7 +1246,7 @@ def main(): pattern_comments=yesno_bool(os.environ.get( 'TF_LAMBDA_PACKAGE_PATTERN_COMMENTS', False)), recreate_missing_package=os.environ.get( - 'TF_RECREATE_MISSING_LAMBDA_PACKAGE', True), + 'TF_RECREATE_MISSING_LAMBDA_PACKAGE', None), log_level=os.environ.get('TF_LAMBDA_PACKAGE_LOG_LEVEL', 'INFO'), ) diff --git a/package.tf b/package.tf index c6433965..ca473a48 100644 --- a/package.tf +++ b/package.tf @@ -36,6 +36,8 @@ data "external" "archive_prepare" { # "${path.module}/package.py" ] ) + + recreate_missing_package = var.recreate_missing_package } } diff --git a/variables.tf b/variables.tf index 33f9f893..067be19b 100644 --- a/variables.tf +++ b/variables.tf @@ -594,3 +594,9 @@ variable "docker_pip_cache" { type = any default = null } + +variable "recreate_missing_package" { + description = "Whether to recreate missing Lambda package if it is missing locally or not" + type = bool + default = true +} \ No newline at end of file From 05bec4596598be0607f11e9b47e0ef87a54f6ca1 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 30 Aug 2021 17:36:38 +0200 Subject: [PATCH 117/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 491f0372..dc94cda1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.16.0] - 2021-08-30 + +- feat: Add `recreate_missing_package` parameter ([#181](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/181)) + + ## [v2.15.0] - 2021-08-30 @@ -497,7 +503,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.15.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.16.0...HEAD +[v2.16.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.15.0...v2.16.0 [v2.15.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.14.0...v2.15.0 [v2.14.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.13.0...v2.14.0 [v2.13.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.12.0...v2.13.0 From 7c53da1642cacfd23f038f3e16cd5268d95a3a5c Mon Sep 17 00:00:00 2001 From: wsim-plaid <83605795+wsim-plaid@users.noreply.github.com> Date: Sat, 11 Sep 2021 05:58:47 -0400 Subject: [PATCH 118/385] fix: Replace aws_iam_policy_attachment to aws_iam_role_policy_attachment (#195) --- README.md | 16 ++++++++-------- iam.tf | 40 ++++++++++++++++------------------------ 2 files changed, 24 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index d24f7914..b0f5443b 100644 --- a/README.md +++ b/README.md @@ -615,17 +615,17 @@ No modules. | [aws_iam_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy_attachment.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | -| [aws_iam_policy_attachment.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | -| [aws_iam_policy_attachment.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | -| [aws_iam_policy_attachment.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | -| [aws_iam_policy_attachment.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | -| [aws_iam_policy_attachment.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | -| [aws_iam_policy_attachment.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | -| [aws_iam_policy_attachment.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | | [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_role_policy_attachment.additional_many](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_role_policy_attachment.additional_one](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | | [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | | [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | diff --git a/iam.tf b/iam.tf index 41492ab1..4d03f52d 100644 --- a/iam.tf +++ b/iam.tf @@ -101,11 +101,10 @@ resource "aws_iam_policy" "logs" { tags = var.tags } -resource "aws_iam_policy_attachment" "logs" { +resource "aws_iam_role_policy_attachment" "logs" { count = local.create_role && var.attach_cloudwatch_logs_policy ? 1 : 0 - name = "${local.role_name}-logs" - roles = [aws_iam_role.lambda[0].name] + role = aws_iam_role.lambda[0].name policy_arn = aws_iam_policy.logs[0].arn } @@ -138,11 +137,10 @@ resource "aws_iam_policy" "dead_letter" { tags = var.tags } -resource "aws_iam_policy_attachment" "dead_letter" { +resource "aws_iam_role_policy_attachment" "dead_letter" { count = local.create_role && var.attach_dead_letter_policy ? 1 : 0 - name = "${local.role_name}-dl" - roles = [aws_iam_role.lambda[0].name] + role = aws_iam_role.lambda[0].name policy_arn = aws_iam_policy.dead_letter[0].arn } @@ -165,11 +163,10 @@ resource "aws_iam_policy" "vpc" { tags = var.tags } -resource "aws_iam_policy_attachment" "vpc" { +resource "aws_iam_role_policy_attachment" "vpc" { count = local.create_role && var.attach_network_policy ? 1 : 0 - name = "${local.role_name}-vpc" - roles = [aws_iam_role.lambda[0].name] + role = aws_iam_role.lambda[0].name policy_arn = aws_iam_policy.vpc[0].arn } @@ -192,11 +189,10 @@ resource "aws_iam_policy" "tracing" { tags = var.tags } -resource "aws_iam_policy_attachment" "tracing" { +resource "aws_iam_role_policy_attachment" "tracing" { count = local.create_role && var.attach_tracing_policy ? 1 : 0 - name = "${local.role_name}-tracing" - roles = [aws_iam_role.lambda[0].name] + role = aws_iam_role.lambda[0].name policy_arn = aws_iam_policy.tracing[0].arn } @@ -229,11 +225,10 @@ resource "aws_iam_policy" "async" { tags = var.tags } -resource "aws_iam_policy_attachment" "async" { +resource "aws_iam_role_policy_attachment" "async" { count = local.create_role && var.attach_async_event_policy ? 1 : 0 - name = "${local.role_name}-async" - roles = [aws_iam_role.lambda[0].name] + role = aws_iam_role.lambda[0].name policy_arn = aws_iam_policy.async[0].arn } @@ -249,11 +244,10 @@ resource "aws_iam_policy" "additional_json" { tags = var.tags } -resource "aws_iam_policy_attachment" "additional_json" { +resource "aws_iam_role_policy_attachment" "additional_json" { count = local.create_role && var.attach_policy_json ? 1 : 0 - name = local.role_name - roles = [aws_iam_role.lambda[0].name] + role = aws_iam_role.lambda[0].name policy_arn = aws_iam_policy.additional_json[0].arn } @@ -269,11 +263,10 @@ resource "aws_iam_policy" "additional_jsons" { tags = var.tags } -resource "aws_iam_policy_attachment" "additional_jsons" { +resource "aws_iam_role_policy_attachment" "additional_jsons" { count = local.create_role && var.attach_policy_jsons ? var.number_of_policy_jsons : 0 - name = "${local.role_name}-${count.index}" - roles = [aws_iam_role.lambda[0].name] + role = aws_iam_role.lambda[0].name policy_arn = aws_iam_policy.additional_jsons[count.index].arn } @@ -353,10 +346,9 @@ resource "aws_iam_policy" "additional_inline" { tags = var.tags } -resource "aws_iam_policy_attachment" "additional_inline" { +resource "aws_iam_role_policy_attachment" "additional_inline" { count = local.create_role && var.attach_policy_statements ? 1 : 0 - name = local.role_name - roles = [aws_iam_role.lambda[0].name] + role = aws_iam_role.lambda[0].name policy_arn = aws_iam_policy.additional_inline[0].arn } From 8556dbc7ea2fd44c8f05401a2c4e71bfbe708f19 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sat, 11 Sep 2021 11:59:05 +0200 Subject: [PATCH 119/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dc94cda1..8bdb9854 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.17.0] - 2021-09-11 + +- fix: Replace aws_iam_policy_attachment to aws_iam_role_policy_attachment ([#195](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/195)) + + ## [v2.16.0] - 2021-08-30 @@ -503,7 +509,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.16.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.17.0...HEAD +[v2.17.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.16.0...v2.17.0 [v2.16.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.15.0...v2.16.0 [v2.15.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.14.0...v2.15.0 [v2.14.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.13.0...v2.14.0 From b5d6ddeef53293513e8f3622dc833fa6bad75c10 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 24 Sep 2021 09:18:09 +0200 Subject: [PATCH 120/385] docs: Added a mention of good examples - 1Mill/serverless-tf-examples (#197) --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index b0f5443b..5ac0b87b 100644 --- a/README.md +++ b/README.md @@ -578,6 +578,11 @@ Q4: What does this error mean - `"We currently do not support adding policies fo - [Event Source Mapping](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/event-source-mapping) - Create Lambda Function with event source mapping configuration (SQS, DynamoDB, Amazon MQ, and Kinesis). - [Triggers](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/triggers) - Create Lambda Function with some triggers (eg, Cloudwatch Events, EventBridge). +# Examples by the users of this module + +- [1Mill/serverless-tf-examples](https://github.com/1Mill/serverless-tf-examples/tree/main/src) + + ## Requirements From 9a0b0ca5685e21d445a4ec4e3eeff2f99a9db290 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sat, 25 Sep 2021 12:14:03 +0200 Subject: [PATCH 121/385] feat: Added support for partition in IAM policies to work in GovCloud (#201) --- README.md | 1 + iam.tf | 4 ++-- main.tf | 2 ++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5ac0b87b..e120d62a 100644 --- a/README.md +++ b/README.md @@ -650,6 +650,7 @@ No modules. | [aws_iam_policy_document.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | | [external_external.archive_prepare](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | ## Inputs diff --git a/iam.tf b/iam.tf index 4d03f52d..6d1bf569 100644 --- a/iam.tf +++ b/iam.tf @@ -152,7 +152,7 @@ resource "aws_iam_role_policy_attachment" "dead_letter" { data "aws_iam_policy" "vpc" { count = local.create_role && var.attach_network_policy ? 1 : 0 - arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess" + arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSLambdaENIManagementAccess" } resource "aws_iam_policy" "vpc" { @@ -178,7 +178,7 @@ resource "aws_iam_role_policy_attachment" "vpc" { data "aws_iam_policy" "tracing" { count = local.create_role && var.attach_tracing_policy ? 1 : 0 - arn = "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess" + arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AWSXrayWriteOnlyAccess" } resource "aws_iam_policy" "tracing" { diff --git a/main.tf b/main.tf index c8a84317..7c4a10be 100644 --- a/main.tf +++ b/main.tf @@ -1,3 +1,5 @@ +data "aws_partition" "current" {} + locals { archive_filename = element(concat(data.external.archive_prepare.*.result.filename, [null]), 0) archive_was_missing = element(concat(data.external.archive_prepare.*.result.was_missing, [false]), 0) From 53b55fd52b9500742f77a8736f443bffdc7501ce Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sat, 25 Sep 2021 12:14:25 +0200 Subject: [PATCH 122/385] Updated CHANGELOG --- CHANGELOG.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8bdb9854..5c575e53 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,13 @@ All notable changes to this project will be documented in this file. + +## [v2.18.0] - 2021-09-25 + +- feat: Added support for partition in IAM policies to work in GovCloud ([#201](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/201)) +- docs: Added a mention of good examples - 1Mill/serverless-tf-examples ([#197](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/197)) + + ## [v2.17.0] - 2021-09-11 @@ -509,7 +516,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.17.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.18.0...HEAD +[v2.18.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.17.0...v2.18.0 [v2.17.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.16.0...v2.17.0 [v2.16.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.15.0...v2.16.0 [v2.15.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.14.0...v2.15.0 From 90ec6a12a4edc100ac8ee126c707324d5cfedb54 Mon Sep 17 00:00:00 2001 From: pjungels-paraport <90796309+pjungels-paraport@users.noreply.github.com> Date: Fri, 1 Oct 2021 12:06:10 -0500 Subject: [PATCH 123/385] feat: add support for additional assume_role_policy statements (#203) --- README.md | 4 +++- examples/complete/main.tf | 20 ++++++++++++++++++++ iam.tf | 36 ++++++++++++++++++++++++++++++++++++ variables.tf | 6 ++++++ 4 files changed, 65 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e120d62a..6038fb16 100644 --- a/README.md +++ b/README.md @@ -270,13 +270,14 @@ module "vpc" { ## Additional IAM policies for Lambda Functions -There are 5 supported ways to attach IAM policies to IAM role used by Lambda Function: +There are 6 supported ways to attach IAM policies to IAM role used by Lambda Function: 1. `policy_json` - JSON string or heredoc, when `attach_policy_json = true`. 1. `policy_jsons` - List of JSON strings or heredoc, when `attach_policy_jsons = true` and `number_of_policy_jsons > 0`. 1. `policy` - ARN of existing IAM policy, when `attach_policy = true`. 1. `policies` - List of ARNs of existing IAM policies, when `attach_policies = true` and `number_of_policies > 0`. 1. `policy_statements` - Map of maps to define IAM statements which will be generated as IAM policy. Requires `attach_policy_statements = true`. See `examples/complete` for more information. +1. `assume_role_policy_statements` - Map of maps to define IAM statements which will be generated as IAM policy for assuming Lambda Function role (trust relationship). See `examples/complete` for more information. ## Lambda Permissions for allowed triggers @@ -659,6 +660,7 @@ No modules. |------|-------------|------|---------|:--------:| | [allowed\_triggers](#input\_allowed\_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | | [artifacts\_dir](#input\_artifacts\_dir) | Directory name where artifacts should be stored | `string` | `"builds"` | no | +| [assume\_role\_policy\_statements](#input\_assume\_role\_policy\_statements) | Map of dynamic policy statements for assuming Lambda Function role (trust relationship) | `any` | `{}` | no | | [attach\_async\_event\_policy](#input\_attach\_async\_event\_policy) | Controls whether async event policy should be added to IAM role for Lambda Function | `bool` | `false` | no | | [attach\_cloudwatch\_logs\_policy](#input\_attach\_cloudwatch\_logs\_policy) | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | `bool` | `true` | no | | [attach\_dead\_letter\_policy](#input\_attach\_dead\_letter\_policy) | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | `bool` | `false` | no | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index dc28e495..34deb8b4 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -63,6 +63,26 @@ module "lambda_function" { # Additional policies ###################### + assume_role_policy_statements = { + account_root = { + effect = "Allow", + actions = ["sts:AssumeRole"], + principals = { + account_principal = { + type = "AWS", + identifiers = ["arn:aws:iam::135367859851:root"] + } + } + condition = { + stringequals_condition = { + test = "StringEquals" + variable = "sts:ExternalId" + values = ["12345"] + } + } + } + } + attach_policy_json = true policy_json = < Date: Fri, 1 Oct 2021 19:06:30 +0200 Subject: [PATCH 124/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5c575e53..ca6cd313 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.19.0] - 2021-10-01 + +- feat: add support for additional assume_role_policy statements ([#203](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/203)) + + ## [v2.18.0] - 2021-09-25 @@ -516,7 +522,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.18.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.19.0...HEAD +[v2.19.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.18.0...v2.19.0 [v2.18.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.17.0...v2.18.0 [v2.17.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.16.0...v2.17.0 [v2.16.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.15.0...v2.16.0 From 3873c106def29fda492384ed984cc407d0f01153 Mon Sep 17 00:00:00 2001 From: Andrei Krasnitski Date: Sat, 2 Oct 2021 21:19:39 +0200 Subject: [PATCH 125/385] feat: Add support for AWS Graviton2 powered functions (#206) --- README.md | 6 ++++-- examples/async/README.md | 4 ++-- examples/async/main.tf | 1 + examples/async/versions.tf | 2 +- examples/complete/main.tf | 8 +++++--- main.tf | 4 +++- variables.tf | 14 +++++++++++++- versions.tf | 2 +- 8 files changed, 30 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 6038fb16..93e2ad5f 100644 --- a/README.md +++ b/README.md @@ -590,7 +590,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.12.31 | -| [aws](#requirement\_aws) | >= 3.43 | +| [aws](#requirement\_aws) | >= 3.61 | | [external](#requirement\_external) | >= 1 | | [local](#requirement\_local) | >= 1 | | [null](#requirement\_null) | >= 2 | @@ -599,7 +599,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.43 | +| [aws](#provider\_aws) | >= 3.61 | | [external](#provider\_external) | >= 1 | | [local](#provider\_local) | >= 1 | | [null](#provider\_null) | >= 2 | @@ -659,6 +659,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [allowed\_triggers](#input\_allowed\_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no | +| [architectures](#input\_architectures) | Instruction set architecture for your Lambda function. Valid values are ["x86\_64"] and ["arm64"]. | `list(string)` | `null` | no | | [artifacts\_dir](#input\_artifacts\_dir) | Directory name where artifacts should be stored | `string` | `"builds"` | no | | [assume\_role\_policy\_statements](#input\_assume\_role\_policy\_statements) | Map of dynamic policy statements for assuming Lambda Function role (trust relationship) | `any` | `{}` | no | | [attach\_async\_event\_policy](#input\_attach\_async\_event\_policy) | Controls whether async event policy should be added to IAM role for Lambda Function | `bool` | `false` | no | @@ -675,6 +676,7 @@ No modules. | [cloudwatch\_logs\_kms\_key\_id](#input\_cloudwatch\_logs\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | | [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | | [cloudwatch\_logs\_tags](#input\_cloudwatch\_logs\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | +| [compatible\_architectures](#input\_compatible\_architectures) | A list of Architectures Lambda layer is compatible with. Currently x86\_64 and arm64 can be specified. | `list(string)` | `null` | no | | [compatible\_runtimes](#input\_compatible\_runtimes) | A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified. | `list(string)` | `[]` | no | | [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | | [create\_async\_event\_config](#input\_create\_async\_event\_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | diff --git a/examples/async/README.md b/examples/async/README.md index 4ecdfd7a..4f1a9a65 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.12.31 | -| [aws](#requirement\_aws) | >= 3.19 | +| [aws](#requirement\_aws) | >= 3.61 | | [random](#requirement\_random) | >= 2 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.19 | +| [aws](#provider\_aws) | >= 3.61 | | [random](#provider\_random) | >= 2 | ## Modules diff --git a/examples/async/main.tf b/examples/async/main.tf index b91e06b6..c2755359 100644 --- a/examples/async/main.tf +++ b/examples/async/main.tf @@ -19,6 +19,7 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda-async" handler = "index.lambda_handler" runtime = "python3.8" + architectures = ["arm64"] source_path = "${path.module}/../fixtures/python3.8-app1" diff --git a/examples/async/versions.tf b/examples/async/versions.tf index d19ea6ad..deca917d 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.12.31" required_providers { - aws = ">= 3.19" + aws = ">= 3.61" random = ">= 2" } } diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 34deb8b4..dc45da57 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -21,6 +21,7 @@ module "lambda_function" { description = "My awesome lambda function" handler = "index.lambda_handler" runtime = "python3.8" + architectures = ["x86_64"] publish = true source_path = "${path.module}/../fixtures/python3.8-app1" @@ -183,9 +184,10 @@ module "lambda_layer_local" { create_layer = true - layer_name = "${random_pet.this.id}-layer-local" - description = "My amazing lambda layer (deployed from local)" - compatible_runtimes = ["python3.8"] + layer_name = "${random_pet.this.id}-layer-local" + description = "My amazing lambda layer (deployed from local)" + compatible_runtimes = ["python3.8"] + compatible_architectures = ["arm64"] source_path = "${path.module}/../fixtures/python3.8-app1" } diff --git a/main.tf b/main.tf index 7c4a10be..047900c2 100644 --- a/main.tf +++ b/main.tf @@ -32,6 +32,7 @@ resource "aws_lambda_function" "this" { kms_key_arn = var.kms_key_arn image_uri = var.image_uri package_type = var.package_type + architectures = var.architectures filename = local.filename source_code_hash = var.ignore_source_code_hash ? null : (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null @@ -102,7 +103,8 @@ resource "aws_lambda_layer_version" "this" { description = var.description license_info = var.license_info - compatible_runtimes = length(var.compatible_runtimes) > 0 ? var.compatible_runtimes : [var.runtime] + compatible_runtimes = length(var.compatible_runtimes) > 0 ? var.compatible_runtimes : [var.runtime] + compatible_architectures = var.compatible_architectures filename = local.filename source_code_hash = var.ignore_source_code_hash ? null : (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null diff --git a/variables.tf b/variables.tf index 96e44a5a..4c5b8c61 100644 --- a/variables.tf +++ b/variables.tf @@ -79,6 +79,12 @@ variable "layers" { default = null } +variable "architectures" { + description = "Instruction set architecture for your Lambda function. Valid values are [\"x86_64\"] and [\"arm64\"]." + type = list(string) + default = null +} + variable "kms_key_arn" { description = "The ARN of KMS key to use by your Lambda Function" type = string @@ -203,6 +209,12 @@ variable "compatible_runtimes" { default = [] } +variable "compatible_architectures" { + description = "A list of Architectures Lambda layer is compatible with. Currently x86_64 and arm64 can be specified." + type = list(string) + default = null +} + ############################ # Lambda Async Event Config ############################ @@ -605,4 +617,4 @@ variable "recreate_missing_package" { description = "Whether to recreate missing Lambda package if it is missing locally or not" type = bool default = true -} \ No newline at end of file +} diff --git a/versions.tf b/versions.tf index 2dddf02a..26f42e20 100644 --- a/versions.tf +++ b/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.12.31" required_providers { - aws = ">= 3.43" + aws = ">= 3.61" external = ">= 1" local = ">= 1" null = ">= 2" From be6cf9701071bf807cd7864fbcc751ed2552e434 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sat, 2 Oct 2021 21:20:13 +0200 Subject: [PATCH 126/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ca6cd313..9fc460be 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.20.0] - 2021-10-02 + +- feat: Add support for AWS Graviton2 powered functions ([#206](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/206)) + + ## [v2.19.0] - 2021-10-01 @@ -522,7 +528,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.19.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.20.0...HEAD +[v2.20.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.19.0...v2.20.0 [v2.19.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.18.0...v2.19.0 [v2.18.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.17.0...v2.18.0 [v2.17.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.16.0...v2.17.0 From 3d520447f941907816119f8f4f8abac6964be517 Mon Sep 17 00:00:00 2001 From: Patrick Decat Date: Thu, 7 Oct 2021 09:56:58 +0200 Subject: [PATCH 127/385] fix: Use `AWSXRayDaemonWriteAccess` instead of deprecated `AWSXrayWriteOnlyAccess` (#211) --- iam.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iam.tf b/iam.tf index cdb8f744..ea64e59a 100644 --- a/iam.tf +++ b/iam.tf @@ -214,7 +214,7 @@ resource "aws_iam_role_policy_attachment" "vpc" { data "aws_iam_policy" "tracing" { count = local.create_role && var.attach_tracing_policy ? 1 : 0 - arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AWSXrayWriteOnlyAccess" + arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AWSXRayDaemonWriteAccess" } resource "aws_iam_policy" "tracing" { From e84892e778854518e7d676afe6d238abe602235c Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 7 Oct 2021 09:57:35 +0200 Subject: [PATCH 128/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9fc460be..59145f7e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.21.0] - 2021-10-07 + +- fix: Use `AWSXRayDaemonWriteAccess` instead of deprecated `AWSXrayWriteOnlyAccess` ([#211](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/211)) + + ## [v2.20.0] - 2021-10-02 @@ -528,7 +534,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.20.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.21.0...HEAD +[v2.21.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.20.0...v2.21.0 [v2.20.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.19.0...v2.20.0 [v2.19.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.18.0...v2.19.0 [v2.18.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.17.0...v2.18.0 From d95d76ce4024d9ce39c7898dc6adac67e2e7a6e0 Mon Sep 17 00:00:00 2001 From: MBarendregt <45227141+MBarendregt@users.noreply.github.com> Date: Mon, 11 Oct 2021 10:41:02 +0200 Subject: [PATCH 129/385] chore: Added example for pip install in layers (#214) --- examples/build-package/README.md | 1 + examples/build-package/main.tf | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/examples/build-package/README.md b/examples/build-package/README.md index faac5ea6..fd90df82 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -35,6 +35,7 @@ Note that this example may create resources which cost money. Run `terraform des |------|--------|---------| | [lambda\_function\_from\_package](#module\_lambda\_function\_from\_package) | ../../ | | | [lambda\_layer](#module\_lambda\_layer) | ../../ | | +| [lambda\_layer\_pip\_requirements](#module\_lambda\_layer\_pip\_requirements) | ../.. | | | [package\_dir](#module\_package\_dir) | ../../ | | | [package\_dir\_without\_pip\_install](#module\_package\_dir\_without\_pip\_install) | ../../ | | | [package\_file](#module\_package\_file) | ../../ | | diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 47435e55..d61cf8b4 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -247,3 +247,25 @@ module "lambda_function_from_package" { module.lambda_layer.lambda_layer_arn ] } + +################################################ +# Layer that supports requirements.txt install # +############################################### +module "lambda_layer_pip_requirements" { + source = "../.." + + create_function = false + create_layer = true + + layer_name = "${random_pet.this.id}-layer-pip-requirements" + compatible_runtimes = ["python3.8"] + runtime = "python3.8" # required to force layers to do pip install + + source_path = [ + { + path = "${path.module}/../fixtures/python3.8-app1" + pip_requirements = true + prefix_in_zip = "python" # required to get the path correct + } + ] +} From a13b57c0e786c36b9f3f8b5d3e17b81d15635007 Mon Sep 17 00:00:00 2001 From: Emily Orchison <85845585+ekorchison@users.noreply.github.com> Date: Tue, 12 Oct 2021 15:19:09 +0100 Subject: [PATCH 130/385] feat: Add policy_path variable for IAM policies (#202) --- README.md | 1 + examples/complete/main.tf | 3 +++ iam.tf | 8 ++++++++ variables.tf | 6 ++++++ 4 files changed, 18 insertions(+) diff --git a/README.md b/README.md index 93e2ad5f..483cbe24 100644 --- a/README.md +++ b/README.md @@ -726,6 +726,7 @@ No modules. | [policy](#input\_policy) | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no | | [policy\_json](#input\_policy\_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | | [policy\_jsons](#input\_policy\_jsons) | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no | +| [policy\_path](#input\_policy\_path) | Path of policies to that should be added to IAM role for Lambda Function | `string` | `null` | no | | [policy\_statements](#input\_policy\_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | | [provisioned\_concurrent\_executions](#input\_provisioned\_concurrent\_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | | [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index dc45da57..4c4a0208 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -42,6 +42,9 @@ module "lambda_function" { Serverless = "Terraform" } + role_path = "/tf-managed/" + policy_path = "/tf-managed/" + attach_dead_letter_policy = true dead_letter_target_arn = aws_sqs_queue.dlq.arn diff --git a/iam.tf b/iam.tf index ea64e59a..9d8b8021 100644 --- a/iam.tf +++ b/iam.tf @@ -133,6 +133,7 @@ resource "aws_iam_policy" "logs" { count = local.create_role && var.attach_cloudwatch_logs_policy ? 1 : 0 name = "${local.role_name}-logs" + path = var.policy_path policy = data.aws_iam_policy_document.logs[0].json tags = var.tags } @@ -169,6 +170,7 @@ resource "aws_iam_policy" "dead_letter" { count = local.create_role && var.attach_dead_letter_policy ? 1 : 0 name = "${local.role_name}-dl" + path = var.policy_path policy = data.aws_iam_policy_document.dead_letter[0].json tags = var.tags } @@ -195,6 +197,7 @@ resource "aws_iam_policy" "vpc" { count = local.create_role && var.attach_network_policy ? 1 : 0 name = "${local.role_name}-vpc" + path = var.policy_path policy = data.aws_iam_policy.vpc[0].policy tags = var.tags } @@ -221,6 +224,7 @@ resource "aws_iam_policy" "tracing" { count = local.create_role && var.attach_tracing_policy ? 1 : 0 name = "${local.role_name}-tracing" + path = var.policy_path policy = data.aws_iam_policy.tracing[0].policy tags = var.tags } @@ -257,6 +261,7 @@ resource "aws_iam_policy" "async" { count = local.create_role && var.attach_async_event_policy ? 1 : 0 name = "${local.role_name}-async" + path = var.policy_path policy = data.aws_iam_policy_document.async[0].json tags = var.tags } @@ -276,6 +281,7 @@ resource "aws_iam_policy" "additional_json" { count = local.create_role && var.attach_policy_json ? 1 : 0 name = local.role_name + path = var.policy_path policy = var.policy_json tags = var.tags } @@ -295,6 +301,7 @@ resource "aws_iam_policy" "additional_jsons" { count = local.create_role && var.attach_policy_jsons ? var.number_of_policy_jsons : 0 name = "${local.role_name}-${count.index}" + path = var.policy_path policy = var.policy_jsons[count.index] tags = var.tags } @@ -378,6 +385,7 @@ resource "aws_iam_policy" "additional_inline" { count = local.create_role && var.attach_policy_statements ? 1 : 0 name = "${local.role_name}-inline" + path = var.policy_path policy = data.aws_iam_policy_document.additional_inline[0].json tags = var.tags } diff --git a/variables.tf b/variables.tf index 4c5b8c61..eb9fce5c 100644 --- a/variables.tf +++ b/variables.tf @@ -429,6 +429,12 @@ variable "attach_policies" { default = false } +variable "policy_path" { + description = "Path of policies to that should be added to IAM role for Lambda Function" + type = string + default = null +} + variable "number_of_policy_jsons" { description = "Number of policies JSON to attach to IAM role for Lambda Function" type = number From 9a6e53542cfd9cfc4042aef4d7967ea9fb99e669 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 12 Oct 2021 16:19:27 +0200 Subject: [PATCH 131/385] Updated CHANGELOG --- CHANGELOG.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 59145f7e..aa099ae5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,13 @@ All notable changes to this project will be documented in this file. + +## [v2.22.0] - 2021-10-12 + +- feat: Add policy_path variable for IAM policies ([#202](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/202)) +- chore: Added example for pip install in layers ([#214](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/214)) + + ## [v2.21.0] - 2021-10-07 @@ -534,7 +541,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.21.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.22.0...HEAD +[v2.22.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.21.0...v2.22.0 [v2.21.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.20.0...v2.21.0 [v2.20.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.19.0...v2.20.0 [v2.19.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.18.0...v2.19.0 From a96bbeb81de6e47e0c2bae96ca77b1ce6e4b6381 Mon Sep 17 00:00:00 2001 From: Mike Helmick <352270+michaelhelmick@users.noreply.github.com> Date: Fri, 22 Oct 2021 09:05:28 -0400 Subject: [PATCH 132/385] feat: Allow passing build_args for building with docker-build module (#217) --- README.md | 2 +- examples/alias/README.md | 2 +- examples/alias/versions.tf | 2 +- examples/async/README.md | 2 +- examples/async/versions.tf | 2 +- examples/build-package/README.md | 2 +- examples/build-package/versions.tf | 2 +- examples/complete/README.md | 2 +- examples/complete/versions.tf | 2 +- examples/container-image/README.md | 2 +- examples/container-image/context/Dockerfile | 5 +++++ examples/container-image/main.tf | 3 +++ examples/container-image/versions.tf | 2 +- examples/deploy/README.md | 2 +- examples/deploy/versions.tf | 2 +- examples/event-source-mapping/versions.tf | 2 +- examples/multiple-regions/README.md | 2 +- examples/multiple-regions/versions.tf | 2 +- examples/simple/README.md | 2 +- examples/simple/versions.tf | 2 +- examples/triggers/README.md | 2 +- examples/triggers/versions.tf | 2 +- examples/with-efs/README.md | 2 +- examples/with-efs/versions.tf | 2 +- examples/with-vpc/README.md | 2 +- examples/with-vpc/versions.tf | 2 +- modules/alias/README.md | 2 +- modules/alias/versions.tf | 2 +- modules/deploy/README.md | 2 +- modules/deploy/versions.tf | 2 +- modules/docker-build/README.md | 6 +++++- modules/docker-build/main.tf | 1 + modules/docker-build/variables.tf | 6 ++++++ modules/docker-build/versions.tf | 2 +- versions.tf | 2 +- 35 files changed, 50 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index 483cbe24..0e1b7da2 100644 --- a/README.md +++ b/README.md @@ -589,7 +589,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.31 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.61 | | [external](#requirement\_external) | >= 1 | | [local](#requirement\_local) | >= 1 | diff --git a/examples/alias/README.md b/examples/alias/README.md index 6278a117..5c9a4b4f 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.31 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index d19ea6ad..d977ca64 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.31" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.19" diff --git a/examples/async/README.md b/examples/async/README.md index 4f1a9a65..2042b095 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.31 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.61 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/async/versions.tf b/examples/async/versions.tf index deca917d..16aefdd0 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.31" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.61" diff --git a/examples/build-package/README.md b/examples/build-package/README.md index fd90df82..005d709c 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.31 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index d19ea6ad..d977ca64 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.31" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.19" diff --git a/examples/complete/README.md b/examples/complete/README.md index 94d81913..12d89805 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 2.67 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index df1ac5cb..a32909ec 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.13.1" required_providers { aws = ">= 2.67" diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 6ee6690f..5e3466d6 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/container-image/context/Dockerfile b/examples/container-image/context/Dockerfile index 5c7f1077..1f577e0e 100644 --- a/examples/container-image/context/Dockerfile +++ b/examples/container-image/context/Dockerfile @@ -1,2 +1,7 @@ FROM scratch + +ARG FOO + +ENV FOO $FOO + COPY empty /empty diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index 8e21d422..f340192e 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -35,4 +35,7 @@ module "docker_image" { ecr_repo = random_pet.this.id image_tag = "1.0" source_path = "context" + build_args = { + FOO = "bar" + } } diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index aa98bd2f..d977ca64 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.19" diff --git a/examples/deploy/README.md b/examples/deploy/README.md index bf0393f8..1c85de67 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.31 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index d19ea6ad..d977ca64 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.31" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.19" diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 8735e5c8..3c075fa3 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.31" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.43" diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index eaf1b186..8fb3bde1 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.31 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index d19ea6ad..d977ca64 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.31" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.19" diff --git a/examples/simple/README.md b/examples/simple/README.md index 3fea96e5..b89473ef 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.31 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index d19ea6ad..d977ca64 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.31" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.19" diff --git a/examples/triggers/README.md b/examples/triggers/README.md index a1ca901f..504cd0ce 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.31 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 2.67 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/triggers/versions.tf b/examples/triggers/versions.tf index c7814727..a32909ec 100644 --- a/examples/triggers/versions.tf +++ b/examples/triggers/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.31" + required_version = ">= 0.13.1" required_providers { aws = ">= 2.67" diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index e53836b9..8fca75d6 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index aa98bd2f..d977ca64 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.19" diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 21d60def..b4d9c101 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2 | diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index aa98bd2f..d977ca64 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.19" diff --git a/modules/alias/README.md b/modules/alias/README.md index 6b346f2f..303c314d 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -115,7 +115,7 @@ module "lambda" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.31 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.35 | ## Providers diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index c8024436..7c107841 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.31" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.35" diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 8207c969..6e366e1f 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -99,7 +99,7 @@ module "lambda" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.31 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.35 | | [local](#requirement\_local) | >= 1 | | [null](#requirement\_null) | >= 2 | diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index 917d8213..232880f0 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.31" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.35" diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 0c82cea2..1f41c681 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -26,6 +26,9 @@ module "docker_image" { ecr_repo = "my-cool-ecr-repo" image_tag = "1.0" source_path = "context" + build_args = { + FOO = "bar" + } } ``` @@ -39,7 +42,7 @@ module "docker_image" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.35 | | [docker](#requirement\_docker) | >= 2.8.0 | @@ -68,6 +71,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [build\_args](#input\_build\_args) | A map of Docker build arguments. | `map(string)` | `{}` | no | | [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | | [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | | [ecr\_repo](#input\_ecr\_repo) | Name of ECR repository to use or to create | `string` | `null` | no | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index f33ca1ae..de26f2a8 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -25,6 +25,7 @@ resource "docker_registry_image" "this" { build { context = var.source_path dockerfile = var.docker_file_path + build_args = var.build_args } } diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf index e1321279..bbab9a1f 100644 --- a/modules/docker-build/variables.tf +++ b/modules/docker-build/variables.tf @@ -46,3 +46,9 @@ variable "ecr_repo_tags" { type = map(string) default = {} } + +variable "build_args" { + description = "A map of Docker build arguments." + type = map(string) + default = {} +} diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index cac19d9a..001ad6f0 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.35" diff --git a/versions.tf b/versions.tf index 26f42e20..509bccdf 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.31" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.61" From c2c4b0484bea441a9625751c5b05ec17962edb96 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 22 Oct 2021 15:10:04 +0200 Subject: [PATCH 133/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa099ae5..a0474099 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.23.0] - 2021-10-22 + +- feat: Allow passing build_args for building with docker-build module ([#217](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/217)) + + ## [v2.22.0] - 2021-10-12 @@ -541,7 +547,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.22.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.23.0...HEAD +[v2.23.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.22.0...v2.23.0 [v2.22.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.21.0...v2.22.0 [v2.21.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.20.0...v2.21.0 [v2.20.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.19.0...v2.20.0 From 16e70be7ca79d2fb7225ad88a5a8d257f65bb825 Mon Sep 17 00:00:00 2001 From: Will Giddens <2144924+wgiddens@users.noreply.github.com> Date: Fri, 5 Nov 2021 06:40:08 -0400 Subject: [PATCH 134/385] fix: Raise failure when CodeDeploy deployment fails (#225) --- modules/deploy/main.tf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index ddeabfe9..0b03bda4 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -63,18 +63,19 @@ while [[ $STATUS == "Created" || $STATUS == "InProgress" || $STATUS == "Pending" sleep 5 done +${var.aws_cli_command} deploy get-deployment --deployment-id $ID + if [[ $STATUS == "Succeeded" ]]; then echo "Deployment succeeded." else echo "Deployment failed!" + exit 1 fi -${var.aws_cli_command} deploy get-deployment --deployment-id $ID - %{else} -echo "Deployment started, but wait deployment completion is disabled!" ${var.aws_cli_command} deploy get-deployment --deployment-id $ID +echo "Deployment started, but wait deployment completion is disabled!" %{endif} EOF From 7b17b6a7eaf926829d3f9961fa913a5567c5a360 Mon Sep 17 00:00:00 2001 From: Filippo Panessa Date: Fri, 5 Nov 2021 21:24:09 +0100 Subject: [PATCH 135/385] feat: Added support for Cross-Account ECR for docker-build module (#227) --- modules/docker-build/README.md | 1 + modules/docker-build/main.tf | 2 +- modules/docker-build/variables.tf | 6 ++++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 1f41c681..2bc99857 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -74,6 +74,7 @@ No modules. | [build\_args](#input\_build\_args) | A map of Docker build arguments. | `map(string)` | `{}` | no | | [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | | [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | +| [ecr\_address](#input\_ecr\_address) | Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false` | `string` | `null` | no | | [ecr\_repo](#input\_ecr\_repo) | Name of ECR repository to use or to create | `string` | `null` | no | | [ecr\_repo\_tags](#input\_ecr\_repo\_tags) | A map of tags to assign to ECR repository | `map(string)` | `{}` | no | | [image\_tag](#input\_image\_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index de26f2a8..e4107f08 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -5,7 +5,7 @@ data "aws_caller_identity" "this" {} data "aws_ecr_authorization_token" "token" {} locals { - ecr_address = format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.name) + ecr_address = coalesce(var.ecr_address, format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.name)) ecr_repo = var.create_ecr_repo ? aws_ecr_repository.this[0].id : var.ecr_repo image_tag = coalesce(var.image_tag, formatdate("YYYYMMDDhhmmss", timestamp())) ecr_image_name = format("%v/%v:%v", local.ecr_address, local.ecr_repo, local.image_tag) diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf index bbab9a1f..a86402f7 100644 --- a/modules/docker-build/variables.tf +++ b/modules/docker-build/variables.tf @@ -4,6 +4,12 @@ variable "create_ecr_repo" { default = false } +variable "ecr_address" { + description = "Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false`" + type = string + default = null +} + variable "ecr_repo" { description = "Name of ECR repository to use or to create" type = string From dba627b92fe5f8c8d3f92d9abd906fe2f0ba7177 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 5 Nov 2021 21:24:47 +0100 Subject: [PATCH 136/385] Updated CHANGELOG --- CHANGELOG.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a0474099..bd6661da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,13 @@ All notable changes to this project will be documented in this file. + +## [v2.24.0] - 2021-11-05 + +- feat: Added support for Cross-Account ECR for docker-build module ([#227](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/227)) +- fix: Raise failure when CodeDeploy deployment fails ([#225](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/225)) + + ## [v2.23.0] - 2021-10-22 @@ -547,7 +554,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.23.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.24.0...HEAD +[v2.24.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.23.0...v2.24.0 [v2.23.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.22.0...v2.23.0 [v2.22.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.21.0...v2.22.0 [v2.21.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.20.0...v2.21.0 From 9bcb74d1081c5ea88fc8d4c5b1ebfbe111432560 Mon Sep 17 00:00:00 2001 From: Will Giddens <2144924+wgiddens@users.noreply.github.com> Date: Tue, 9 Nov 2021 10:17:26 -0500 Subject: [PATCH 137/385] feat: Added required IAM permissions for CodeDeploy hooks (#228) --- modules/deploy/README.md | 4 ++++ modules/deploy/main.tf | 33 +++++++++++++++++++++++++++++++++ modules/deploy/variables.tf | 6 ++++++ 3 files changed, 43 insertions(+) diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 6e366e1f..50d3fa70 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -122,13 +122,16 @@ No modules. |------|------| | [aws_codedeploy_app.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_app) | resource | | [aws_codedeploy_deployment_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codedeploy_deployment_group) | resource | +| [aws_iam_policy.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy_attachment.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_role_policy_attachment.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [local_file.deploy_script](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | | [null_resource.deploy](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.hooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | | [aws_lambda_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | @@ -144,6 +147,7 @@ No modules. | [alarms](#input\_alarms) | A list of alarms configured for the deployment group. A maximum of 10 alarms can be added to a deployment group. | `list(string)` | `[]` | no | | [alias\_name](#input\_alias\_name) | Name for the alias | `string` | `""` | no | | [app\_name](#input\_app\_name) | Name of AWS CodeDeploy application | `string` | `""` | no | +| [attach\_hooks\_policy](#input\_attach\_hooks\_policy) | Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined. | `bool` | `true` | no | | [attach\_triggers\_policy](#input\_attach\_triggers\_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | | [auto\_rollback\_enabled](#input\_auto\_rollback\_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | | [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index 0b03bda4..a2d82f0f 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -117,6 +117,10 @@ resource "null_resource" "deploy" { command = local.script interpreter = var.interpreter } + + depends_on = [ + aws_iam_role_policy_attachment.hooks + ] } resource "aws_codedeploy_app" "this" { @@ -204,6 +208,35 @@ resource "aws_iam_role_policy_attachment" "codedeploy" { policy_arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda" } +data "aws_iam_policy_document" "hooks" { + count = var.create && var.create_codedeploy_role && var.attach_hooks_policy && (var.before_allow_traffic_hook_arn != "" || var.after_allow_traffic_hook_arn != "") ? 1 : 0 + + statement { + effect = "Allow" + + actions = [ + "lambda:InvokeFunction", + ] + + resources = compact([var.before_allow_traffic_hook_arn, var.after_allow_traffic_hook_arn]) + } + +} + +resource "aws_iam_policy" "hooks" { + count = var.create && var.create_codedeploy_role && var.attach_hooks_policy && (var.before_allow_traffic_hook_arn != "" || var.after_allow_traffic_hook_arn != "") ? 1 : 0 + + policy = data.aws_iam_policy_document.hooks[0].json + tags = var.tags +} + +resource "aws_iam_role_policy_attachment" "hooks" { + count = var.create && var.create_codedeploy_role && var.attach_hooks_policy && (var.before_allow_traffic_hook_arn != "" || var.after_allow_traffic_hook_arn != "") ? 1 : 0 + + role = element(concat(aws_iam_role.codedeploy.*.id, [""]), 0) + policy_arn = aws_iam_policy.hooks[0].arn +} + data "aws_iam_policy_document" "triggers" { count = var.create && var.create_codedeploy_role && var.attach_triggers_policy ? 1 : 0 diff --git a/modules/deploy/variables.tf b/modules/deploy/variables.tf index 4d22144a..b283baf3 100644 --- a/modules/deploy/variables.tf +++ b/modules/deploy/variables.tf @@ -200,6 +200,12 @@ variable "codedeploy_principals" { default = ["codedeploy.amazonaws.com"] } +variable "attach_hooks_policy" { + description = "Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined." + type = bool + default = true +} + variable "attach_triggers_policy" { description = "Whether to attach SNS policy to CodeDeploy role when triggers are defined" type = bool From 3212f4d483088161a19355c472c9ddc8cb20061f Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 9 Nov 2021 16:18:34 +0100 Subject: [PATCH 138/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bd6661da..a0343176 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.25.0] - 2021-11-09 + +- feat: Added required IAM permissions for CodeDeploy hooks ([#228](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/228)) + + ## [v2.24.0] - 2021-11-05 @@ -554,7 +560,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.24.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.25.0...HEAD +[v2.25.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.24.0...v2.25.0 [v2.24.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.23.0...v2.24.0 [v2.23.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.22.0...v2.23.0 [v2.22.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.21.0...v2.22.0 From 891e257933eeebacebc50be39928f975c449cb9b Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 12 Nov 2021 15:41:25 +0100 Subject: [PATCH 139/385] fix: Fixed max timeout for Lambda@Edge (#232) --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 047900c2..551d8f61 100644 --- a/main.tf +++ b/main.tf @@ -27,7 +27,7 @@ resource "aws_lambda_function" "this" { reserved_concurrent_executions = var.reserved_concurrent_executions runtime = var.package_type != "Zip" ? null : var.runtime layers = var.layers - timeout = var.lambda_at_edge ? min(var.timeout, 5) : var.timeout + timeout = var.lambda_at_edge ? min(var.timeout, 30) : var.timeout publish = var.lambda_at_edge ? true : var.publish kms_key_arn = var.kms_key_arn image_uri = var.image_uri From 0fa0e0bfad7fdbb8b460f3cbc4db772b93c51d62 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 12 Nov 2021 15:41:53 +0100 Subject: [PATCH 140/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a0343176..37dffc59 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.26.0] - 2021-11-12 + +- fix: Fixed max timeout for Lambda[@Edge](https://github.com/Edge) ([#232](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/232)) + + ## [v2.25.0] - 2021-11-09 @@ -560,7 +566,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.25.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.26.0...HEAD +[v2.26.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.25.0...v2.26.0 [v2.25.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.24.0...v2.25.0 [v2.24.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.23.0...v2.24.0 [v2.23.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.22.0...v2.23.0 From 65f3717b3cbba70f041602185318b926d0e90656 Mon Sep 17 00:00:00 2001 From: Pavlos Kleanthous <65065195+pkleanthous@users.noreply.github.com> Date: Mon, 22 Nov 2021 13:08:51 +0000 Subject: [PATCH 141/385] feat: Added support for random sleep delay in deploy submodule (#233) --- examples/deploy/main.tf | 8 +------- modules/deploy/README.md | 7 +++++-- modules/deploy/main.tf | 7 +++++-- modules/deploy/variables.tf | 14 +++++++++++++- 4 files changed, 24 insertions(+), 12 deletions(-) diff --git a/examples/deploy/main.tf b/examples/deploy/main.tf index 8c9a6bd1..f9007fd8 100644 --- a/examples/deploy/main.tf +++ b/examples/deploy/main.tf @@ -23,13 +23,6 @@ module "lambda_function" { source_path = "${path.module}/../fixtures/python3.8-app1" hash_extra = "yo1" - - allowed_triggers = { - APIGatewayAny = { - service = "apigateway" - source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*" - } - } } module "alias_refresh" { @@ -62,6 +55,7 @@ module "deploy" { deployment_group_name = "something" create_deployment = true + run_deployment = true save_deploy_script = true wait_deployment_completion = true force_deploy = true diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 50d3fa70..7a190794 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -8,7 +8,7 @@ This module can create AWS CodeDeploy application and deployment group, if neces During deployment this module does the following: 1. Create JSON object with required AppSpec configuration. Optionally, you can store deploy script for debug purposes by setting `save_deploy_script = true`. -1. Run [`aws deploy create-deployment` command](https://docs.aws.amazon.com/cli/latest/reference/deploy/create-deployment.html) if `create_deployment = true` was set +1. Run [`aws deploy create-deployment` command](https://docs.aws.amazon.com/cli/latest/reference/deploy/create-deployment.html) if `create_deployment = true` and `run_deployment = true` was set. 1. After deployment is created, it can wait for the completion if `wait_deployment_completion = true`. Be aware, that Terraform will lock the execution and it can fail if it runs for a long period of time. Set this flag for fast deployments (eg, `deployment_config_name = "CodeDeployDefault.LambdaAllAtOnce"`). @@ -53,6 +53,7 @@ module "deploy" { deployment_group_name = "something" create_deployment = true + run_deployment = true wait_deployment_completion = true triggers = { @@ -158,7 +159,7 @@ No modules. | [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | | [create\_app](#input\_create\_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | | [create\_codedeploy\_role](#input\_create\_codedeploy\_role) | Whether to create new AWS CodeDeploy IAM role | `bool` | `true` | no | -| [create\_deployment](#input\_create\_deployment) | Run AWS CLI command to create deployment | `bool` | `false` | no | +| [create\_deployment](#input\_create\_deployment) | Create the AWS resources and script for CodeDeploy | `bool` | `false` | no | | [create\_deployment\_group](#input\_create\_deployment\_group) | Whether to create new AWS CodeDeploy Deployment Group | `bool` | `false` | no | | [current\_version](#input\_current\_version) | Current version of Lambda function version to deploy (can't be $LATEST) | `string` | `""` | no | | [deployment\_config\_name](#input\_deployment\_config\_name) | Name of deployment config to use | `string` | `"CodeDeployDefault.LambdaAllAtOnce"` | no | @@ -166,7 +167,9 @@ No modules. | [description](#input\_description) | Description to use for the deployment | `string` | `""` | no | | [force\_deploy](#input\_force\_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | | [function\_name](#input\_function\_name) | The name of the Lambda function to deploy | `string` | `""` | no | +| [get\_deployment\_sleep\_timer](#input\_get\_deployment\_sleep\_timer) | Adds additional sleep time to get-deployment command to avoid the service throttling | `number` | `5` | no | | [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | +| [run\_deployment](#input\_run\_deployment) | Run AWS CLI command to start the deployment | `bool` | `false` | no | | [save\_deploy\_script](#input\_save\_deploy\_script) | Save deploy script locally | `bool` | `false` | no | | [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | | [target\_version](#input\_target\_version) | Target version of Lambda function version to deploy | `string` | `""` | no | diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index a2d82f0f..33a1907c 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -60,7 +60,10 @@ while [[ $STATUS == "Created" || $STATUS == "InProgress" || $STATUS == "Pending" --deployment-id $ID \ --output text \ --query '[deploymentInfo.status]') - sleep 5 + + SLEEP_TIME=$(( $RANDOM % 5 ) + ${var.get_deployment_sleep_timer}) + echo "Sleeping for: $SLEEP_TIME Seconds" + sleep $SLEEP_TIME done ${var.aws_cli_command} deploy get-deployment --deployment-id $ID @@ -106,7 +109,7 @@ resource "local_file" "deploy_script" { } resource "null_resource" "deploy" { - count = var.create && var.create_deployment ? 1 : 0 + count = var.create && var.create_deployment && var.run_deployment ? 1 : 0 triggers = { appspec_sha256 = local.appspec_sha256 diff --git a/modules/deploy/variables.tf b/modules/deploy/variables.tf index b283baf3..c27dec9f 100644 --- a/modules/deploy/variables.tf +++ b/modules/deploy/variables.tf @@ -161,7 +161,13 @@ variable "save_deploy_script" { } variable "create_deployment" { - description = "Run AWS CLI command to create deployment" + description = "Create the AWS resources and script for CodeDeploy" + type = bool + default = false +} + +variable "run_deployment" { + description = "Run AWS CLI command to start the deployment" type = bool default = false } @@ -211,3 +217,9 @@ variable "attach_triggers_policy" { type = bool default = false } + +variable "get_deployment_sleep_timer" { + description = "Adds additional sleep time to get-deployment command to avoid the service throttling" + type = number + default = 5 +} From 0f982f646714476aa1aff6f4666353f0e3cdc2c3 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 22 Nov 2021 14:09:10 +0100 Subject: [PATCH 142/385] Updated CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 37dffc59..afb1c209 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file. + +## [v2.27.0] - 2021-11-22 + +- feat: Added support for random sleep delay in deploy submodule ([#233](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/233)) + + ## [v2.26.0] - 2021-11-12 @@ -566,7 +572,8 @@ All notable changes to this project will be documented in this file. - first commit -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.26.0...HEAD +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.27.0...HEAD +[v2.27.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.26.0...v2.27.0 [v2.26.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.25.0...v2.26.0 [v2.25.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.24.0...v2.25.0 [v2.24.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.23.0...v2.24.0 From e882a072ff587d7271e0fdd647f180f9b61ceefc Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Mon, 22 Nov 2021 11:11:45 -0500 Subject: [PATCH 143/385] fix: update CI/CD process to enable auto-release workflow (#234) --- .chglog/CHANGELOG.tpl.md | 111 ---------------------------- .chglog/config.yml | 10 --- .github/workflows/pre-commit.yml | 103 ++++++++++---------------- .github/workflows/release.yml | 32 ++++++++ .pre-commit-config.yaml | 8 +- .releaserc.json | 36 +++++++++ CHANGELOG.md | 9 --- Makefile | 7 -- examples/alias/README.md | 8 +- examples/async/README.md | 2 +- examples/build-package/README.md | 22 +++--- examples/complete/README.md | 24 +++--- examples/container-image/README.md | 4 +- examples/deploy/README.md | 6 +- examples/multiple-regions/README.md | 4 +- examples/simple/README.md | 2 +- examples/triggers/README.md | 2 +- examples/with-efs/README.md | 4 +- examples/with-vpc/README.md | 4 +- 19 files changed, 155 insertions(+), 243 deletions(-) delete mode 100644 .chglog/CHANGELOG.tpl.md delete mode 100644 .chglog/config.yml create mode 100644 .github/workflows/release.yml create mode 100644 .releaserc.json delete mode 100644 Makefile diff --git a/.chglog/CHANGELOG.tpl.md b/.chglog/CHANGELOG.tpl.md deleted file mode 100644 index 687d7023..00000000 --- a/.chglog/CHANGELOG.tpl.md +++ /dev/null @@ -1,111 +0,0 @@ -# Change Log - -All notable changes to this project will be documented in this file. - -{{ if .Versions -}} - -## [Unreleased] -{{ if .Unreleased.CommitGroups -}} -{{ range .Unreleased.CommitGroups -}} -### {{ .Title }} -{{ range .Commits -}} -{{/* SKIPPING RULES - START */ -}} -{{- if not (hasPrefix .Subject "Updated CHANGELOG") -}} -{{- if not (contains .Subject "[ci skip]") -}} -{{- if not (contains .Subject "[skip ci]") -}} -{{- if not (hasPrefix .Subject "Merge pull request ") -}} -{{- if not (hasPrefix .Subject "Added CHANGELOG") -}} -{{- /* SKIPPING RULES - END */ -}} -- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} -{{/* SKIPPING RULES - START */ -}} -{{ end -}} -{{ end -}} -{{ end -}} -{{ end -}} -{{ end -}} -{{/* SKIPPING RULES - END */ -}} -{{ end }} -{{ end -}} -{{ else }} -{{ range .Unreleased.Commits -}} -{{/* SKIPPING RULES - START */ -}} -{{- if not (hasPrefix .Subject "Updated CHANGELOG") -}} -{{- if not (contains .Subject "[ci skip]") -}} -{{- if not (contains .Subject "[skip ci]") -}} -{{- if not (hasPrefix .Subject "Merge pull request ") -}} -{{- if not (hasPrefix .Subject "Added CHANGELOG") -}} -{{- /* SKIPPING RULES - END */ -}} -- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} -{{/* SKIPPING RULES - START */ -}} -{{ end -}} -{{ end -}} -{{ end -}} -{{ end -}} -{{ end -}} -{{/* SKIPPING RULES - END */ -}} -{{ end }} -{{ end -}} -{{ end -}} - -{{ range .Versions }} - -## {{ if .Tag.Previous }}[{{ .Tag.Name }}]{{ else }}{{ .Tag.Name }}{{ end }} - {{ datetime "2006-01-02" .Tag.Date }} -{{ if .CommitGroups -}} -{{ range .CommitGroups -}} -### {{ .Title }} -{{ range .Commits -}} -{{/* SKIPPING RULES - START */ -}} -{{- if not (hasPrefix .Subject "Updated CHANGELOG") -}} -{{- if not (contains .Subject "[ci skip]") -}} -{{- if not (contains .Subject "[skip ci]") -}} -{{- if not (hasPrefix .Subject "Merge pull request ") -}} -{{- if not (hasPrefix .Subject "Added CHANGELOG") -}} -{{- /* SKIPPING RULES - END */ -}} -- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} -{{/* SKIPPING RULES - START */ -}} -{{ end -}} -{{ end -}} -{{ end -}} -{{ end -}} -{{ end -}} -{{/* SKIPPING RULES - END */ -}} -{{ end }} -{{ end -}} -{{ else }} -{{ range .Commits -}} -{{/* SKIPPING RULES - START */ -}} -{{- if not (hasPrefix .Subject "Updated CHANGELOG") -}} -{{- if not (contains .Subject "[ci skip]") -}} -{{- if not (contains .Subject "[skip ci]") -}} -{{- if not (hasPrefix .Subject "Merge pull request ") -}} -{{- if not (hasPrefix .Subject "Added CHANGELOG") -}} -{{- /* SKIPPING RULES - END */ -}} -- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} -{{/* SKIPPING RULES - START */ -}} -{{ end -}} -{{ end -}} -{{ end -}} -{{ end -}} -{{ end -}} -{{/* SKIPPING RULES - END */ -}} -{{ end }} -{{ end -}} - -{{- if .NoteGroups -}} -{{ range .NoteGroups -}} -### {{ .Title }} -{{ range .Notes }} -{{ .Body }} -{{ end }} -{{ end -}} -{{ end -}} -{{ end -}} - -{{- if .Versions }} -[Unreleased]: {{ .Info.RepositoryURL }}/compare/{{ $latest := index .Versions 0 }}{{ $latest.Tag.Name }}...HEAD -{{ range .Versions -}} -{{ if .Tag.Previous -}} -[{{ .Tag.Name }}]: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }} -{{ end -}} -{{ end -}} -{{ end -}} diff --git a/.chglog/config.yml b/.chglog/config.yml deleted file mode 100644 index 2b837bd5..00000000 --- a/.chglog/config.yml +++ /dev/null @@ -1,10 +0,0 @@ -style: github -template: CHANGELOG.tpl.md -info: - title: CHANGELOG - repository_url: https://github.com/terraform-aws-modules/terraform-aws-lambda -options: - header: - pattern: "^(.*)$" - pattern_maps: - - Subject diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index f5d5d776..b8f1b8a5 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -2,98 +2,77 @@ name: Pre-Commit on: pull_request: - push: branches: + - main - master +env: + TERRAFORM_DOCS_VERSION: v0.16.0 + jobs: - # Min Terraform version(s) - getDirectories: - name: Get root directories + collectInputs: + name: Collect workflow inputs runs-on: ubuntu-latest + outputs: + directories: ${{ steps.dirs.outputs.directories }} steps: - name: Checkout uses: actions/checkout@v2 - - name: Install Python - uses: actions/setup-python@v2 - - name: Build matrix - id: matrix - run: | - DIRS=$(python -c "import json; import glob; print(json.dumps([x.replace('/versions.tf', '') for x in glob.glob('./**/versions.tf', recursive=True)]))") - echo "::set-output name=directories::$DIRS" - outputs: - directories: ${{ steps.matrix.outputs.directories }} + + - name: Get root directories + id: dirs + uses: clowdhaus/terraform-composite-actions/directories@v1.3.0 preCommitMinVersions: - name: Min TF validate - needs: getDirectories + name: Min TF pre-commit + needs: collectInputs runs-on: ubuntu-latest strategy: matrix: - directory: ${{ fromJson(needs.getDirectories.outputs.directories) }} + directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} steps: - name: Checkout uses: actions/checkout@v2 - - name: Install Python - uses: actions/setup-python@v2 + - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.0.2 + uses: clowdhaus/terraform-min-max@v1.0.3 with: directory: ${{ matrix.directory }} - - name: Install Terraform v${{ steps.minMax.outputs.minVersion }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ steps.minMax.outputs.minVersion }} - - name: Install pre-commit dependencies - run: pip install pre-commit - - name: Execute pre-commit + + - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - run: pre-commit run terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/* - - name: Execute pre-commit + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 + with: + terraform-version: ${{ steps.minMax.outputs.minVersion }} + args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*' + + - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - run: pre-commit run terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf) + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 + with: + terraform-version: ${{ steps.minMax.outputs.minVersion }} + args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)' - # Max Terraform version - getBaseVersion: - name: Module max TF version + preCommitMaxVersion: + name: Max TF pre-commit runs-on: ubuntu-latest + needs: collectInputs steps: - name: Checkout uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.ref }} + repository: ${{github.event.pull_request.head.repo.full_name}} + - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.0.2 - outputs: - minVersion: ${{ steps.minMax.outputs.minVersion }} - maxVersion: ${{ steps.minMax.outputs.maxVersion }} + uses: clowdhaus/terraform-min-max@v1.0.3 - preCommitMaxVersion: - name: Max TF pre-commit - runs-on: ubuntu-latest - needs: getBaseVersion - strategy: - fail-fast: false - matrix: - version: - - ${{ needs.getBaseVersion.outputs.maxVersion }} - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Install Python - uses: actions/setup-python@v2 - - name: Install Terraform v${{ matrix.version }} - uses: hashicorp/setup-terraform@v1 + - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 with: - terraform_version: ${{ matrix.version }} - - name: Install pre-commit dependencies - run: | - pip install pre-commit - curl -Lo ./terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v0.13.0/terraform-docs-v0.13.0-$(uname)-amd64.tar.gz && tar -xzf terraform-docs.tar.gz terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ - curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/ - - name: Execute pre-commit - # Run all pre-commit checks on max version supported - if: ${{ matrix.version == needs.getBaseVersion.outputs.maxVersion }} - run: pre-commit run --color=always --show-diff-on-failure --all-files + terraform-version: ${{ steps.minMax.outputs.maxVersion }} + terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..141937d8 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,32 @@ +name: Release + +on: + workflow_dispatch: + push: + branches: + - main + - master + paths: + - '**/*.py' + - '**/*.tf' + +jobs: + release: + name: Release + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + persist-credentials: false + fetch-depth: 0 + + - name: Release + uses: cycjimmy/semantic-release-action@v2 + with: + semantic_version: 18.0.0 + extra_plugins: | + @semantic-release/changelog@6.0.0 + @semantic-release/git@10.0.0 + env: + GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index daf979f4..b0e03fc8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,10 +1,12 @@ repos: - - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.50.0 + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.58.0 hooks: - id: terraform_fmt - id: terraform_validate - id: terraform_docs + args: + - '--args=--lockfile=false' - id: terraform_tflint args: - '--args=--only=terraform_deprecated_interpolation' @@ -20,7 +22,7 @@ repos: - '--args=--only=terraform_required_providers' - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - - repo: git://github.com/pre-commit/pre-commit-hooks + - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.0.1 hooks: - id: check-merge-conflict diff --git a/.releaserc.json b/.releaserc.json new file mode 100644 index 00000000..6e39031c --- /dev/null +++ b/.releaserc.json @@ -0,0 +1,36 @@ +{ + "branches": [ + "main", + "master" + ], + "ci": false, + "plugins": [ + "@semantic-release/commit-analyzer", + "@semantic-release/release-notes-generator", + [ + "@semantic-release/github", + { + "successComment": + "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:", + "labels": false, + "releasedLabels": false + } + ], + [ + "@semantic-release/changelog", + { + "changelogFile": "CHANGELOG.md", + "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file." + } + ], + [ + "@semantic-release/git", + { + "assets": [ + "CHANGELOG.md" + ], + "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}" + } + ] + ] +} diff --git a/CHANGELOG.md b/CHANGELOG.md index afb1c209..5f48b9d7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,12 +1,3 @@ -# Change Log - -All notable changes to this project will be documented in this file. - - -## [Unreleased] - - - ## [v2.27.0] - 2021-11-22 diff --git a/Makefile b/Makefile deleted file mode 100644 index 558dac5a..00000000 --- a/Makefile +++ /dev/null @@ -1,7 +0,0 @@ -.PHONY: changelog release - -changelog: - git-chglog -o CHANGELOG.md --next-tag `semtag final -s minor -o` - -release: - semtag final -s minor diff --git a/examples/alias/README.md b/examples/alias/README.md index 5c9a4b4f..950588b7 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -33,10 +33,10 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| -| [alias\_existing](#module\_alias\_existing) | ../../modules/alias | | -| [alias\_no\_refresh](#module\_alias\_no\_refresh) | ../../modules/alias | | -| [alias\_refresh](#module\_alias\_refresh) | ../../modules/alias | | -| [lambda\_function](#module\_lambda\_function) | ../../ | | +| [alias\_existing](#module\_alias\_existing) | ../../modules/alias | n/a | +| [alias\_no\_refresh](#module\_alias\_no\_refresh) | ../../modules/alias | n/a | +| [alias\_refresh](#module\_alias\_refresh) | ../../modules/alias | n/a | +| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | ## Resources diff --git a/examples/async/README.md b/examples/async/README.md index 2042b095..024f1237 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -34,7 +34,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| -| [lambda\_function](#module\_lambda\_function) | ../../ | | +| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | ## Resources diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 005d709c..dbfe7b3c 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -33,17 +33,17 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| -| [lambda\_function\_from\_package](#module\_lambda\_function\_from\_package) | ../../ | | -| [lambda\_layer](#module\_lambda\_layer) | ../../ | | -| [lambda\_layer\_pip\_requirements](#module\_lambda\_layer\_pip\_requirements) | ../.. | | -| [package\_dir](#module\_package\_dir) | ../../ | | -| [package\_dir\_without\_pip\_install](#module\_package\_dir\_without\_pip\_install) | ../../ | | -| [package\_file](#module\_package\_file) | ../../ | | -| [package\_file\_with\_pip\_requirements](#module\_package\_file\_with\_pip\_requirements) | ../../ | | -| [package\_with\_commands\_and\_patterns](#module\_package\_with\_commands\_and\_patterns) | ../../ | | -| [package\_with\_docker](#module\_package\_with\_docker) | ../../ | | -| [package\_with\_patterns](#module\_package\_with\_patterns) | ../../ | | -| [package\_with\_pip\_requirements\_in\_docker](#module\_package\_with\_pip\_requirements\_in\_docker) | ../../ | | +| [lambda\_function\_from\_package](#module\_lambda\_function\_from\_package) | ../../ | n/a | +| [lambda\_layer](#module\_lambda\_layer) | ../../ | n/a | +| [lambda\_layer\_pip\_requirements](#module\_lambda\_layer\_pip\_requirements) | ../.. | n/a | +| [package\_dir](#module\_package\_dir) | ../../ | n/a | +| [package\_dir\_without\_pip\_install](#module\_package\_dir\_without\_pip\_install) | ../../ | n/a | +| [package\_file](#module\_package\_file) | ../../ | n/a | +| [package\_file\_with\_pip\_requirements](#module\_package\_file\_with\_pip\_requirements) | ../../ | n/a | +| [package\_with\_commands\_and\_patterns](#module\_package\_with\_commands\_and\_patterns) | ../../ | n/a | +| [package\_with\_docker](#module\_package\_with\_docker) | ../../ | n/a | +| [package\_with\_patterns](#module\_package\_with\_patterns) | ../../ | n/a | +| [package\_with\_pip\_requirements\_in\_docker](#module\_package\_with\_pip\_requirements\_in\_docker) | ../../ | n/a | ## Resources diff --git a/examples/complete/README.md b/examples/complete/README.md index 12d89805..4c4f92f1 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -35,18 +35,18 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| -| [disabled\_lambda](#module\_disabled\_lambda) | ../../ | | -| [lambda\_at\_edge](#module\_lambda\_at\_edge) | ../../ | | -| [lambda\_function](#module\_lambda\_function) | ../../ | | -| [lambda\_function\_existing\_package\_local](#module\_lambda\_function\_existing\_package\_local) | ../../ | | -| [lambda\_function\_for\_each](#module\_lambda\_function\_for\_each) | ../../ | | -| [lambda\_function\_with\_package\_deploying\_externally](#module\_lambda\_function\_with\_package\_deploying\_externally) | ../../ | | -| [lambda\_layer\_local](#module\_lambda\_layer\_local) | ../../ | | -| [lambda\_layer\_s3](#module\_lambda\_layer\_s3) | ../../ | | -| [lambda\_layer\_with\_package\_deploying\_externally](#module\_lambda\_layer\_with\_package\_deploying\_externally) | ../../ | | -| [lambda\_with\_mixed\_trusted\_entities](#module\_lambda\_with\_mixed\_trusted\_entities) | ../../ | | -| [lambda\_with\_provisioned\_concurrency](#module\_lambda\_with\_provisioned\_concurrency) | ../../ | | -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | | +| [disabled\_lambda](#module\_disabled\_lambda) | ../../ | n/a | +| [lambda\_at\_edge](#module\_lambda\_at\_edge) | ../../ | n/a | +| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | +| [lambda\_function\_existing\_package\_local](#module\_lambda\_function\_existing\_package\_local) | ../../ | n/a | +| [lambda\_function\_for\_each](#module\_lambda\_function\_for\_each) | ../../ | n/a | +| [lambda\_function\_with\_package\_deploying\_externally](#module\_lambda\_function\_with\_package\_deploying\_externally) | ../../ | n/a | +| [lambda\_layer\_local](#module\_lambda\_layer\_local) | ../../ | n/a | +| [lambda\_layer\_s3](#module\_lambda\_layer\_s3) | ../../ | n/a | +| [lambda\_layer\_with\_package\_deploying\_externally](#module\_lambda\_layer\_with\_package\_deploying\_externally) | ../../ | n/a | +| [lambda\_with\_mixed\_trusted\_entities](#module\_lambda\_with\_mixed\_trusted\_entities) | ../../ | n/a | +| [lambda\_with\_provisioned\_concurrency](#module\_lambda\_with\_provisioned\_concurrency) | ../../ | n/a | +| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | n/a | ## Resources diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 5e3466d6..c44653c9 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -33,8 +33,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| -| [docker\_image](#module\_docker\_image) | ../../modules/docker-build | | -| [lambda\_function\_from\_container\_image](#module\_lambda\_function\_from\_container\_image) | ../../ | | +| [docker\_image](#module\_docker\_image) | ../../modules/docker-build | n/a | +| [lambda\_function\_from\_container\_image](#module\_lambda\_function\_from\_container\_image) | ../../ | n/a | ## Resources diff --git a/examples/deploy/README.md b/examples/deploy/README.md index 1c85de67..ada8f65a 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -34,9 +34,9 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| -| [alias\_refresh](#module\_alias\_refresh) | ../../modules/alias | | -| [deploy](#module\_deploy) | ../../modules/deploy | | -| [lambda\_function](#module\_lambda\_function) | ../../ | | +| [alias\_refresh](#module\_alias\_refresh) | ../../modules/alias | n/a | +| [deploy](#module\_deploy) | ../../modules/deploy | n/a | +| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | ## Resources diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 8fb3bde1..39ca75f6 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -36,8 +36,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| -| [lambda\_function](#module\_lambda\_function) | ../../ | | -| [lambda\_function\_another\_region](#module\_lambda\_function\_another\_region) | ../../ | | +| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | +| [lambda\_function\_another\_region](#module\_lambda\_function\_another\_region) | ../../ | n/a | ## Resources diff --git a/examples/simple/README.md b/examples/simple/README.md index b89473ef..fafada37 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -33,7 +33,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| -| [lambda\_function](#module\_lambda\_function) | ../../ | | +| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | ## Resources diff --git a/examples/triggers/README.md b/examples/triggers/README.md index 504cd0ce..8fc7adb8 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -35,7 +35,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| -| [lambda\_function](#module\_lambda\_function) | ../../ | | +| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | ## Resources diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index 8fca75d6..52135ffb 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -35,8 +35,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| -| [lambda\_function\_with\_efs](#module\_lambda\_function\_with\_efs) | ../../ | | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | | +| [lambda\_function\_with\_efs](#module\_lambda\_function\_with\_efs) | ../../ | n/a | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | n/a | ## Resources diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index b4d9c101..5c632d07 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -35,8 +35,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| -| [lambda\_function\_in\_vpc](#module\_lambda\_function\_in\_vpc) | ../../ | | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | | +| [lambda\_function\_in\_vpc](#module\_lambda\_function\_in\_vpc) | ../../ | n/a | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | n/a | ## Resources From b70acd2440e5023b7ad796045f13a608ee5df721 Mon Sep 17 00:00:00 2001 From: Pavlos Kleanthous <65065195+pkleanthous@users.noreply.github.com> Date: Sat, 27 Nov 2021 03:14:04 +0000 Subject: [PATCH 144/385] fix the sleep_time variable (#235) --- modules/deploy/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index 33a1907c..9982d557 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -61,7 +61,8 @@ while [[ $STATUS == "Created" || $STATUS == "InProgress" || $STATUS == "Pending" --output text \ --query '[deploymentInfo.status]') - SLEEP_TIME=$(( $RANDOM % 5 ) + ${var.get_deployment_sleep_timer}) + SLEEP_TIME=$((( $RANDOM % 5 ) + ${var.get_deployment_sleep_timer})) + echo "Sleeping for: $SLEEP_TIME Seconds" sleep $SLEEP_TIME done From 22270709d2c2baac1c6abcf419b4d70363cb3128 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 27 Nov 2021 03:14:54 +0000 Subject: [PATCH 145/385] chore(release): version 2.27.1 [skip ci] ## [2.27.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.27.0...v2.27.1) (2021-11-27) ### Bug Fixes * update CI/CD process to enable auto-release workflow ([#234](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/234)) ([e882a07](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/e882a072ff587d7271e0fdd647f180f9b61ceefc)) --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f48b9d7..3cc5a49a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +## [2.27.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.27.0...v2.27.1) (2021-11-27) + + +### Bug Fixes + +* update CI/CD process to enable auto-release workflow ([#234](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/234)) ([e882a07](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/e882a072ff587d7271e0fdd647f180f9b61ceefc)) + ## [v2.27.0] - 2021-11-22 From f5f86b593f6d72408464ae5124e34dc01f73387c Mon Sep 17 00:00:00 2001 From: Aidan <63606283+artificial-aidan@users.noreply.github.com> Date: Fri, 10 Dec 2021 12:12:34 -0800 Subject: [PATCH 146/385] feat: Add `pip_tmp_dir` to allow setting the location of the pip temporary directory (#230) --- README.md | 2 ++ examples/build-package/README.md | 1 + examples/build-package/main.tf | 14 ++++++++++++++ package.py | 21 +++++++++++---------- 4 files changed, 28 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 0e1b7da2..3f28e15a 100644 --- a/README.md +++ b/README.md @@ -391,6 +391,7 @@ source_path = [ }, { path = "src/python3.8-app1", pip_requirements = true, + pip_tmp_dir = "/tmp/dir/location" prefix_in_zip = "foo/bar1", }, { path = "src/python3.8-app2", @@ -442,6 +443,7 @@ Few notes: - `commands` - List of commands to run. If specified, this argument overrides `pip_requirements`. - `:zip [source] [destination]` is a special command which creates content of current working directory (first argument) and places it inside of path (second argument). - `pip_requirements` - Controls whether to execute `pip install`. Set to `false` to disable this feature, `true` to run `pip install` with `requirements.txt` found in `path`. Or set to another filename which you want to use instead. +- `pip_tmp_dir` - Set the base directory to make the temporary directory for pip installs. Can be useful for Docker in Docker builds. - `prefix_in_zip` - If specified, will be used as a prefix inside zip-archive. By default, everything installs into the root of zip-archive. ### Building in Docker diff --git a/examples/build-package/README.md b/examples/build-package/README.md index dbfe7b3c..7ee75c69 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -37,6 +37,7 @@ Note that this example may create resources which cost money. Run `terraform des | [lambda\_layer](#module\_lambda\_layer) | ../../ | n/a | | [lambda\_layer\_pip\_requirements](#module\_lambda\_layer\_pip\_requirements) | ../.. | n/a | | [package\_dir](#module\_package\_dir) | ../../ | n/a | +| [package\_dir\_pip\_dir](#module\_package\_dir\_pip\_dir) | ../../ | n/a | | [package\_dir\_without\_pip\_install](#module\_package\_dir\_without\_pip\_install) | ../../ | n/a | | [package\_file](#module\_package\_file) | ../../ | n/a | | [package\_file\_with\_pip\_requirements](#module\_package\_file\_with\_pip\_requirements) | ../../ | n/a | diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index d61cf8b4..636ac8d8 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -27,6 +27,20 @@ module "package_dir" { source_path = "${path.module}/../fixtures/python3.8-app1" } +# Create zip-archive of a single directory where "pip install" will also be executed (default for python runtime) and set temporary directory for pip install +module "package_dir_pip_dir" { + source = "../../" + + create_function = false + + runtime = "python3.8" + source_path = [{ + path = "${path.module}/../fixtures/python3.8-app1" + pip_tmp_dir = "${path.cwd}/../fixtures" + pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" + }] +} + # Create zip-archive of a single directory without running "pip install" (which is default for python runtime) module "package_dir_without_pip_install" { source = "../../" diff --git a/package.py b/package.py index 8b2c2ff9..53bb6c6d 100644 --- a/package.py +++ b/package.py @@ -118,10 +118,10 @@ def cd(path, silent=False): @contextmanager -def tempdir(): +def tempdir(dir=None): """Creates a temporary directory and then deletes it afterwards.""" prefix = 'terraform-aws-lambda-' - path = tempfile.mkdtemp(prefix=prefix) + path = tempfile.mkdtemp(prefix=prefix, dir=dir) cmd_log.info('mktemp -d %sXXXXXXXX # %s', prefix, shlex.quote(path)) try: yield path @@ -648,7 +648,7 @@ def plan(self, source_path, query): step = lambda *x: build_plan.append(x) hash = source_paths.append - def pip_requirements_step(path, prefix=None, required=False): + def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): requirements = path if os.path.isdir(path): requirements = os.path.join(path, 'requirements.txt') @@ -657,7 +657,7 @@ def pip_requirements_step(path, prefix=None, required=False): raise RuntimeError( 'File not found: {}'.format(requirements)) else: - step('pip', runtime, requirements, prefix) + step('pip', runtime, requirements, prefix, tmp_dir) hash(requirements) def commands_step(path, commands): @@ -735,10 +735,10 @@ def commands_step(path, commands): if pip_requirements and runtime.startswith('python'): if isinstance(pip_requirements, bool) and path: - pip_requirements_step(path, prefix, required=True) + pip_requirements_step(path, prefix, required=True, tmp_dir=claim.get('pip_tmp_dir')) else: pip_requirements_step(pip_requirements, prefix, - required=True) + required=True, tmp_dir=claim.get('pip_tmp_dir')) if path: step('zip', path, prefix) @@ -784,8 +784,8 @@ def execute(self, build_plan, zip_stream, query): else: zs.write_file(source_path, prefix=prefix, timestamp=ts) elif cmd == 'pip': - runtime, pip_requirements, prefix = action[1:] - with install_pip_requirements(query, pip_requirements) as rd: + runtime, pip_requirements, prefix, tmp_dir = action[1:] + with install_pip_requirements(query, pip_requirements, tmp_dir) as rd: if rd: if pf: self._zip_write_with_filter(zs, pf, rd, prefix, @@ -825,7 +825,7 @@ def _zip_write_with_filter(zip_stream, path_filter, source_path, prefix, @contextmanager -def install_pip_requirements(query, requirements_file): +def install_pip_requirements(query, requirements_file, tmp_dir): # TODO: # 1. Emit files instead of temp_dir @@ -836,6 +836,7 @@ def install_pip_requirements(query, requirements_file): runtime = query.runtime artifacts_dir = query.artifacts_dir docker = query.docker + temp_dir = query.temp_dir docker_image_tag_id = None if docker: @@ -868,7 +869,7 @@ def install_pip_requirements(query, requirements_file): working_dir = os.getcwd() log.info('Installing python requirements: %s', requirements_file) - with tempdir() as temp_dir: + with tempdir(tmp_dir) as temp_dir: requirements_filename = os.path.basename(requirements_file) target_file = os.path.join(temp_dir, requirements_filename) shutil.copyfile(requirements_file, target_file) From 258e82b50adc451f51544a2b57fd1f6f8f4a61e4 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 10 Dec 2021 20:13:06 +0000 Subject: [PATCH 147/385] chore(release): version 2.28.0 [skip ci] # [2.28.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.27.1...v2.28.0) (2021-12-10) ### Features * Add `pip_tmp_dir` to allow setting the location of the pip temporary directory ([#230](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/230)) ([f5f86b5](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/f5f86b593f6d72408464ae5124e34dc01f73387c)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3cc5a49a..a3a90851 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +# [2.28.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.27.1...v2.28.0) (2021-12-10) + + +### Features + +* Add `pip_tmp_dir` to allow setting the location of the pip temporary directory ([#230](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/230)) ([f5f86b5](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/f5f86b593f6d72408464ae5124e34dc01f73387c)) + ## [2.27.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.27.0...v2.27.1) (2021-11-27) From 577b07768be37c0c24ea16294e2a9760833762bf Mon Sep 17 00:00:00 2001 From: 1Mill <1Mill@users.noreply.github.com> Date: Wed, 5 Jan 2022 06:53:53 -0800 Subject: [PATCH 148/385] feat: Add ECR Lifecycle Policy Option to docker-build module (#243) --- examples/container-image/main.tf | 18 ++++++++++++++++++ modules/docker-build/README.md | 2 ++ modules/docker-build/main.tf | 7 +++++++ modules/docker-build/variables.tf | 6 ++++++ 4 files changed, 33 insertions(+) diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index f340192e..44928873 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -38,4 +38,22 @@ module "docker_image" { build_args = { FOO = "bar" } + ecr_repo_lifecycle_policy = < [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | | [ecr\_address](#input\_ecr\_address) | Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false` | `string` | `null` | no | | [ecr\_repo](#input\_ecr\_repo) | Name of ECR repository to use or to create | `string` | `null` | no | +| [ecr\_repo\_lifecycle\_policy](#input\_ecr\_repo\_lifecycle\_policy) | A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images. | `string` | `null` | no | | [ecr\_repo\_tags](#input\_ecr\_repo\_tags) | A map of tags to assign to ECR repository | `map(string)` | `{}` | no | | [image\_tag](#input\_image\_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | | [image\_tag\_mutability](#input\_image\_tag\_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index e4107f08..920aa0e4 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -41,3 +41,10 @@ resource "aws_ecr_repository" "this" { tags = var.ecr_repo_tags } + +resource "aws_ecr_lifecycle_policy" "this" { + count = var.ecr_repo_lifecycle_policy != null ? 1 : 0 + + policy = var.ecr_repo_lifecycle_policy + repository = local.ecr_repo +} diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf index a86402f7..fdfe1c44 100644 --- a/modules/docker-build/variables.tf +++ b/modules/docker-build/variables.tf @@ -58,3 +58,9 @@ variable "build_args" { type = map(string) default = {} } + +variable "ecr_repo_lifecycle_policy" { + description = "A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images." + type = string + default = null +} From b9684e40eafb155a6bed698fed27d330b69efb47 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 5 Jan 2022 14:54:27 +0000 Subject: [PATCH 149/385] chore(release): version 2.29.0 [skip ci] # [2.29.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.28.0...v2.29.0) (2022-01-05) ### Features * Add ECR Lifecycle Policy Option to docker-build module ([#243](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/243)) ([577b077](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/577b07768be37c0c24ea16294e2a9760833762bf)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a3a90851..75d7021c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +# [2.29.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.28.0...v2.29.0) (2022-01-05) + + +### Features + +* Add ECR Lifecycle Policy Option to docker-build module ([#243](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/243)) ([577b077](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/577b07768be37c0c24ea16294e2a9760833762bf)) + # [2.28.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.27.1...v2.28.0) (2021-12-10) From b9671e13d57823319e5b25900457dafcc81a4dbe Mon Sep 17 00:00:00 2001 From: absa-rsuarez <93920310+absa-rsuarez@users.noreply.github.com> Date: Thu, 6 Jan 2022 14:32:48 +0100 Subject: [PATCH 150/385] feat: Added support for skip_destroy in Lambda Layer Version (#244) Co-authored-by: Anton Babenko --- .pre-commit-config.yaml | 4 ++-- README.md | 5 +++-- main.tf | 1 + variables.tf | 6 ++++++ versions.tf | 2 +- 5 files changed, 13 insertions(+), 5 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b0e03fc8..f7f40520 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.58.0 + rev: v1.62.3 hooks: - id: terraform_fmt - id: terraform_validate @@ -23,6 +23,6 @@ repos: - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.0.1 + rev: v4.1.0 hooks: - id: check-merge-conflict diff --git a/README.md b/README.md index 3f28e15a..06ed52a8 100644 --- a/README.md +++ b/README.md @@ -592,7 +592,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.61 | +| [aws](#requirement\_aws) | >= 3.66 | | [external](#requirement\_external) | >= 1 | | [local](#requirement\_local) | >= 1 | | [null](#requirement\_null) | >= 2 | @@ -601,7 +601,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.61 | +| [aws](#provider\_aws) | >= 3.66 | | [external](#provider\_external) | >= 1 | | [local](#provider\_local) | >= 1 | | [null](#provider\_null) | >= 2 | @@ -715,6 +715,7 @@ No modules. | [lambda\_at\_edge](#input\_lambda\_at\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | | [lambda\_role](#input\_lambda\_role) | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | | [layer\_name](#input\_layer\_name) | Name of Lambda Layer to create | `string` | `""` | no | +| [layer\_skip\_destroy](#input\_layer\_skip\_destroy) | Whether to retain the old version of a previously deployed Lambda Layer. | `bool` | `false` | no | | [layers](#input\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `null` | no | | [license\_info](#input\_license\_info) | License info for your Lambda Layer. Eg, MIT or full url of a license. | `string` | `""` | no | | [local\_existing\_package](#input\_local\_existing\_package) | The absolute path to an existing zip-file to use | `string` | `null` | no | diff --git a/main.tf b/main.tf index 551d8f61..51a6b88b 100644 --- a/main.tf +++ b/main.tf @@ -105,6 +105,7 @@ resource "aws_lambda_layer_version" "this" { compatible_runtimes = length(var.compatible_runtimes) > 0 ? var.compatible_runtimes : [var.runtime] compatible_architectures = var.compatible_architectures + skip_destroy = var.layer_skip_destroy filename = local.filename source_code_hash = var.ignore_source_code_hash ? null : (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null diff --git a/variables.tf b/variables.tf index eb9fce5c..81df2d41 100644 --- a/variables.tf +++ b/variables.tf @@ -197,6 +197,12 @@ variable "layer_name" { default = "" } +variable "layer_skip_destroy" { + description = "Whether to retain the old version of a previously deployed Lambda Layer." + type = bool + default = false +} + variable "license_info" { description = "License info for your Lambda Layer. Eg, MIT or full url of a license." type = string diff --git a/versions.tf b/versions.tf index 509bccdf..39ba1570 100644 --- a/versions.tf +++ b/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.61" + aws = ">= 3.66" external = ">= 1" local = ">= 1" null = ">= 2" From 1c8c4a820e0ca5ec545a5f8c4ded6ce9d1ff538e Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 6 Jan 2022 13:33:23 +0000 Subject: [PATCH 151/385] chore(release): version 2.30.0 [skip ci] # [2.30.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.29.0...v2.30.0) (2022-01-06) ### Features * Added support for skip_destroy in Lambda Layer Version ([#244](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/244)) ([b9671e1](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/b9671e13d57823319e5b25900457dafcc81a4dbe)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 75d7021c..c6e360eb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +# [2.30.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.29.0...v2.30.0) (2022-01-06) + + +### Features + +* Added support for skip_destroy in Lambda Layer Version ([#244](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/244)) ([b9671e1](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/b9671e13d57823319e5b25900457dafcc81a4dbe)) + # [2.29.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.28.0...v2.29.0) (2022-01-05) From a57ce74c051d8825fa2bceca34199b91d4eb4ff7 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Mon, 10 Jan 2022 03:34:05 -0500 Subject: [PATCH 152/385] chore: Update release configuration files to correctly use conventional-commits (#246) --- .github/workflows/pr-title.yml | 52 +++++++++++++++++++ .github/workflows/release.yml | 5 ++ .github/workflows/stale-actions.yaml | 32 ++++++++++++ .pre-commit-config.yaml | 1 + .releaserc.json | 17 ++++-- examples/async/outputs.tf | 1 - examples/event-source-mapping/README.md | 1 - examples/event-source-mapping/versions.tf | 1 - .../fixtures/python3.8-app1/ignore_please.txt | 1 - 9 files changed, 103 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/pr-title.yml create mode 100644 .github/workflows/stale-actions.yaml diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml new file mode 100644 index 00000000..168011c4 --- /dev/null +++ b/.github/workflows/pr-title.yml @@ -0,0 +1,52 @@ +name: 'Validate PR title' + +on: + pull_request_target: + types: + - opened + - edited + - synchronize + +jobs: + main: + name: Validate PR title + runs-on: ubuntu-latest + steps: + # Please look up the latest version from + # https://github.com/amannn/action-semantic-pull-request/releases + - uses: amannn/action-semantic-pull-request@v3.4.6 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + # Configure which types are allowed. + # Default: https://github.com/commitizen/conventional-commit-types + types: | + fix + feat + docs + ci + chore + # Configure that a scope must always be provided. + requireScope: false + # Configure additional validation for the subject based on a regex. + # This example ensures the subject starts with an uppercase character. + subjectPattern: ^[A-Z].+$ + # If `subjectPattern` is configured, you can use this property to override + # the default error message that is shown when the pattern doesn't match. + # The variables `subject` and `title` can be used within the message. + subjectPatternError: | + The subject "{subject}" found in the pull request title "{title}" + didn't match the configured pattern. Please ensure that the subject + starts with an uppercase character. + # For work-in-progress PRs you can typically use draft pull requests + # from Github. However, private repositories on the free plan don't have + # this option and therefore this action allows you to opt-in to using the + # special "[WIP]" prefix to indicate this state. This will avoid the + # validation of the PR title and the pull request checks remain pending. + # Note that a second check will be reported if this is enabled. + wip: true + # When using "Squash and merge" on a PR with only one commit, GitHub + # will suggest using that commit message instead of the PR title for the + # merge commit, and it's easy to commit this by mistake. Enable this option + # to also validate the commit message for one commit PRs. + validateSingleCommit: false diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 141937d8..e8a26ca6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,13 +7,17 @@ on: - main - master paths: + - '**/*.tpl' - '**/*.py' - '**/*.tf' + - '.github/workflows/release.yml' jobs: release: name: Release runs-on: ubuntu-latest + # Skip running release workflow on forks + if: github.repository_owner == 'terraform-aws-modules' steps: - name: Checkout uses: actions/checkout@v2 @@ -28,5 +32,6 @@ jobs: extra_plugins: | @semantic-release/changelog@6.0.0 @semantic-release/git@10.0.0 + conventional-changelog-conventionalcommits@4.6.3 env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml new file mode 100644 index 00000000..c09ae1d5 --- /dev/null +++ b/.github/workflows/stale-actions.yaml @@ -0,0 +1,32 @@ +name: 'Mark or close stale issues and PRs' +on: + schedule: + - cron: '0 0 * * *' + +jobs: + stale: + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v4 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + # Staling issues and PR's + days-before-stale: 30 + stale-issue-label: stale + stale-pr-label: stale + stale-issue-message: | + This issue has been automatically marked as stale because it has been open 30 days + with no activity. Remove stale label or comment or this issue will be closed in 10 days + stale-pr-message: | + This PR has been automatically marked as stale because it has been open 30 days + with no activity. Remove stale label or comment or this PR will be closed in 10 days + # Not stale if have this labels or part of milestone + exempt-issue-labels: bug,wip,on-hold + exempt-pr-labels: bug,wip,on-hold + exempt-all-milestones: true + # Close issue operations + # Label will be automatically removed if the issues are no longer closed nor locked. + days-before-close: 10 + delete-branch: true + close-issue-message: This issue was automatically closed because of stale in 10 days + close-pr-message: This PR was automatically closed because of stale in 10 days diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f7f40520..093121e0 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -26,3 +26,4 @@ repos: rev: v4.1.0 hooks: - id: check-merge-conflict + - id: end-of-file-fixer diff --git a/.releaserc.json b/.releaserc.json index 6e39031c..66b3eefd 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -5,13 +5,22 @@ ], "ci": false, "plugins": [ - "@semantic-release/commit-analyzer", - "@semantic-release/release-notes-generator", + [ + "@semantic-release/commit-analyzer", + { + "preset": "conventionalcommits" + } + ], + [ + "@semantic-release/release-notes-generator", + { + "preset": "conventionalcommits" + } + ], [ "@semantic-release/github", { - "successComment": - "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:", + "successComment": "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:", "labels": false, "releasedLabels": false } diff --git a/examples/async/outputs.tf b/examples/async/outputs.tf index bf82a893..83dbee63 100644 --- a/examples/async/outputs.tf +++ b/examples/async/outputs.tf @@ -97,4 +97,3 @@ output "s3_object" { description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" value = module.lambda_function.s3_object } - diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md index 20e6fff8..0f34132e 100644 --- a/examples/event-source-mapping/README.md +++ b/examples/event-source-mapping/README.md @@ -13,4 +13,3 @@ $ terraform apply ``` Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 3c075fa3..5c46f38e 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -6,4 +6,3 @@ terraform { random = ">= 2" } } - diff --git a/examples/fixtures/python3.8-app1/ignore_please.txt b/examples/fixtures/python3.8-app1/ignore_please.txt index a7faedbc..30a2f668 100644 --- a/examples/fixtures/python3.8-app1/ignore_please.txt +++ b/examples/fixtures/python3.8-app1/ignore_please.txt @@ -1,2 +1 @@ This file should not be included in archive. - From 0a9793ec9f04d96a0ffa6abb3d920659fae654b1 Mon Sep 17 00:00:00 2001 From: Diego Pessanha Date: Mon, 10 Jan 2022 08:38:42 +0000 Subject: [PATCH 153/385] feat: Allow the use of third party images to build dependencies (#245) Co-authored-by: Anton Babenko --- package.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/package.py b/package.py index 53bb6c6d..b9fccf28 100644 --- a/package.py +++ b/package.py @@ -971,13 +971,15 @@ def docker_run_command(build_root, command, runtime, if platform.system() not in ('Linux', 'Darwin'): raise RuntimeError("Unsupported platform for docker building") - docker_cmd = ['docker', 'run', '--rm'] + workdir = '/var/task' + + docker_cmd = ['docker', 'run', '--rm', '-w', workdir] if interactive: docker_cmd.append('-it') bind_path = os.path.abspath(build_root) - docker_cmd.extend(['-v', "{}:/var/task:z".format(bind_path)]) + docker_cmd.extend(['-v', "{}:{}:z".format(bind_path, workdir)]) home = os.environ['HOME'] docker_cmd.extend([ From c3a1c38c54028adf55468c91e56a1bfbcd1ef515 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 10 Jan 2022 08:39:19 +0000 Subject: [PATCH 154/385] chore(release): version 2.31.0 [skip ci] ## [2.31.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.30.0...v2.31.0) (2022-01-10) ### Features * Allow the use of third party images to build dependencies ([#245](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/245)) ([0a9793e](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/0a9793ec9f04d96a0ffa6abb3d920659fae654b1)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c6e360eb..678f5837 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [2.31.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.30.0...v2.31.0) (2022-01-10) + + +### Features + +* Allow the use of third party images to build dependencies ([#245](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/245)) ([0a9793e](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/0a9793ec9f04d96a0ffa6abb3d920659fae654b1)) + # [2.30.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.29.0...v2.30.0) (2022-01-06) From a8a185cb85b794cae8c169522c12039077507f52 Mon Sep 17 00:00:00 2001 From: Kevin Brockhoff Date: Mon, 17 Jan 2022 14:16:15 -0600 Subject: [PATCH 155/385] feat: Added flag to exclude general tags from S3 Object tagging (#250) --- README.md | 1 + main.tf | 2 +- variables.tf | 6 ++++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 06ed52a8..416dac28 100644 --- a/README.md +++ b/README.md @@ -747,6 +747,7 @@ No modules. | [s3\_existing\_package](#input\_s3\_existing\_package) | The S3 bucket object with keys bucket, key, version pointing to an existing zip-file to use | `map(string)` | `null` | no | | [s3\_object\_storage\_class](#input\_s3\_object\_storage\_class) | Specifies the desired Storage Class for the artifact uploaded to S3. Can be either STANDARD, REDUCED\_REDUNDANCY, ONEZONE\_IA, INTELLIGENT\_TIERING, or STANDARD\_IA. | `string` | `"ONEZONE_IA"` | no | | [s3\_object\_tags](#input\_s3\_object\_tags) | A map of tags to assign to S3 bucket object. | `map(string)` | `{}` | no | +| [s3\_object\_tags\_only](#input\_s3\_object\_tags\_only) | Set to true to not merge tags with s3\_object\_tags. Useful to avoid breaching S3 Object 10 tag limit. | `bool` | `false` | no | | [s3\_prefix](#input\_s3\_prefix) | Directory name where artifacts should be stored in the S3 bucket. If unset, the path from `artifacts_dir` is used | `string` | `null` | no | | [s3\_server\_side\_encryption](#input\_s3\_server\_side\_encryption) | Specifies server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms". | `string` | `null` | no | | [source\_path](#input\_source\_path) | The absolute path to a local file or directory containing your Lambda source code | `any` | `null` | no | diff --git a/main.tf b/main.tf index 51a6b88b..ac2cd578 100644 --- a/main.tf +++ b/main.tf @@ -128,7 +128,7 @@ resource "aws_s3_bucket_object" "lambda_package" { server_side_encryption = var.s3_server_side_encryption - tags = merge(var.tags, var.s3_object_tags) + tags = var.s3_object_tags_only ? var.s3_object_tags : merge(var.tags, var.s3_object_tags) depends_on = [null_resource.archive] } diff --git a/variables.tf b/variables.tf index 81df2d41..db184297 100644 --- a/variables.tf +++ b/variables.tf @@ -157,6 +157,12 @@ variable "s3_object_tags" { default = {} } +variable "s3_object_tags_only" { + description = "Set to true to not merge tags with s3_object_tags. Useful to avoid breaching S3 Object 10 tag limit." + type = bool + default = false +} + variable "package_type" { description = "The Lambda deployment package type. Valid options: Zip or Image" type = string From 4a44eb90ea2e32edecc0aef0c29ce039b96788ee Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 17 Jan 2022 20:16:52 +0000 Subject: [PATCH 156/385] chore(release): version 2.32.0 [skip ci] ## [2.32.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.31.0...v2.32.0) (2022-01-17) ### Features * Added flag to exclude general tags from S3 Object tagging ([#250](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/250)) ([a8a185c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/a8a185cb85b794cae8c169522c12039077507f52)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 678f5837..71b366c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [2.32.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.31.0...v2.32.0) (2022-01-17) + + +### Features + +* Added flag to exclude general tags from S3 Object tagging ([#250](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/250)) ([a8a185c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/a8a185cb85b794cae8c169522c12039077507f52)) + ## [2.31.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.30.0...v2.31.0) (2022-01-10) From 1fda108d41a8b167007ecc43b78654a4a2fa9aa5 Mon Sep 17 00:00:00 2001 From: Kengo Miyakawa Date: Fri, 21 Jan 2022 20:44:13 +0900 Subject: [PATCH 157/385] feat: Accept new arguments `function_response_types` in `aws_lambda_event_source_mapping` (#255) --- README.md | 16 ++++++++-------- examples/event-source-mapping/main.tf | 3 ++- examples/event-source-mapping/versions.tf | 10 ++++++++-- main.tf | 1 + versions.tf | 20 ++++++++++++++++---- 5 files changed, 35 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 416dac28..1888ed9d 100644 --- a/README.md +++ b/README.md @@ -592,19 +592,19 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.66 | -| [external](#requirement\_external) | >= 1 | -| [local](#requirement\_local) | >= 1 | -| [null](#requirement\_null) | >= 2 | +| [aws](#requirement\_aws) | >= 3.69 | +| [external](#requirement\_external) | >= 1.0 | +| [local](#requirement\_local) | >= 1.0 | +| [null](#requirement\_null) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.66 | -| [external](#provider\_external) | >= 1 | -| [local](#provider\_local) | >= 1 | -| [null](#provider\_null) | >= 2 | +| [aws](#provider\_aws) | >= 3.69 | +| [external](#provider\_external) | >= 1.0 | +| [local](#provider\_local) | >= 1.0 | +| [null](#provider\_null) | >= 2.0 | ## Modules diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index 9c2f3f24..0b0b5cd7 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -24,7 +24,8 @@ module "lambda_function" { event_source_mapping = { sqs = { - event_source_arn = aws_sqs_queue.this.arn + event_source_arn = aws_sqs_queue.this.arn + function_response_types = ["ReportBatchItemFailures"] } dynamodb = { event_source_arn = aws_dynamodb_table.this.stream_arn diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 5c46f38e..d77dd0b7 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -2,7 +2,13 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.43" - random = ">= 2" + aws = { + source = "hashicorp/aws" + version = ">= 3.69" + } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } } } diff --git a/main.tf b/main.tf index ac2cd578..3dccfc68 100644 --- a/main.tf +++ b/main.tf @@ -237,6 +237,7 @@ resource "aws_lambda_event_source_mapping" "this" { bisect_batch_on_function_error = lookup(each.value, "bisect_batch_on_function_error", null) topics = lookup(each.value, "topics", null) queues = lookup(each.value, "queues", null) + function_response_types = lookup(each.value, "function_response_types", null) dynamic "destination_config" { for_each = lookup(each.value, "destination_arn_on_failure", null) != null ? [true] : [] diff --git a/versions.tf b/versions.tf index 39ba1570..3727a394 100644 --- a/versions.tf +++ b/versions.tf @@ -2,9 +2,21 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.66" - external = ">= 1" - local = ">= 1" - null = ">= 2" + aws = { + source = "hashicorp/aws" + version = ">= 3.69" + } + external = { + source = "hashicorp/external" + version = ">= 1.0" + } + local = { + source = "hashicorp/local" + version = ">= 1.0" + } + null = { + source = "hashicorp/null" + version = ">= 2.0" + } } } From 53c17e53f23656add86b19eb75288eb94100cdd7 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 21 Jan 2022 11:44:48 +0000 Subject: [PATCH 158/385] chore(release): version 2.33.0 [skip ci] ## [2.33.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.32.0...v2.33.0) (2022-01-21) ### Features * Accept new arguments `function_response_types` in `aws_lambda_event_source_mapping` ([#255](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/255)) ([1fda108](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/1fda108d41a8b167007ecc43b78654a4a2fa9aa5)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 71b366c3..f8942c6c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [2.33.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.32.0...v2.33.0) (2022-01-21) + + +### Features + +* Accept new arguments `function_response_types` in `aws_lambda_event_source_mapping` ([#255](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/255)) ([1fda108](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/1fda108d41a8b167007ecc43b78654a4a2fa9aa5)) + ## [2.32.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.31.0...v2.32.0) (2022-01-17) From e9aed29a45762ea2bc1675fa9e1ed7458703f86b Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 21 Jan 2022 16:01:54 +0100 Subject: [PATCH 159/385] fix: Updated code style to use `try()` (#256) Co-authored-by: Kevin Brockhoff --- iam.tf | 4 ++-- main.tf | 9 +++++---- modules/alias/main.tf | 2 +- modules/alias/outputs.tf | 10 +++++----- modules/deploy/main.tf | 14 +++++++------- modules/deploy/outputs.tf | 6 +++--- outputs.tf | 34 +++++++++++++++++----------------- 7 files changed, 40 insertions(+), 39 deletions(-) diff --git a/iam.tf b/iam.tf index 9d8b8021..d7ae9398 100644 --- a/iam.tf +++ b/iam.tf @@ -3,8 +3,8 @@ locals { # Lambda@Edge uses the Cloudwatch region closest to the location where the function is executed # The region part of the LogGroup ARN is then replaced with a wildcard (*) so Lambda@Edge is able to log in every region - log_group_arn_regional = element(concat(data.aws_cloudwatch_log_group.lambda.*.arn, aws_cloudwatch_log_group.lambda.*.arn, [""]), 0) - log_group_name = element(concat(data.aws_cloudwatch_log_group.lambda.*.name, aws_cloudwatch_log_group.lambda.*.name, [""]), 0) + log_group_arn_regional = try(data.aws_cloudwatch_log_group.lambda[0].arn, aws_cloudwatch_log_group.lambda[0].arn, "") + log_group_name = try(data.aws_cloudwatch_log_group.lambda[0].name, aws_cloudwatch_log_group.lambda[0].name, "") log_group_arn = local.create_role && var.lambda_at_edge ? format("arn:%s:%s:%s:%s:%s", data.aws_arn.log_group_arn[0].partition, data.aws_arn.log_group_arn[0].service, "*", data.aws_arn.log_group_arn[0].account, data.aws_arn.log_group_arn[0].resource) : local.log_group_arn_regional # Defaulting to "*" (an invalid character for an IAM Role name) will cause an error when diff --git a/main.tf b/main.tf index 3dccfc68..df436759 100644 --- a/main.tf +++ b/main.tf @@ -1,8 +1,9 @@ data "aws_partition" "current" {} locals { - archive_filename = element(concat(data.external.archive_prepare.*.result.filename, [null]), 0) - archive_was_missing = element(concat(data.external.archive_prepare.*.result.was_missing, [false]), 0) + archive_filename = try(data.external.archive_prepare[0].result.filename, null) + archive_filename_string = local.archive_filename != null ? local.archive_filename : "" + archive_was_missing = try(data.external.archive_prepare[0].result.was_missing, false) # Use a generated filename to determine when the source code has changed. # filename - to get package from local @@ -11,8 +12,8 @@ locals { # s3_* - to get package from S3 s3_bucket = var.s3_existing_package != null ? lookup(var.s3_existing_package, "bucket", null) : (var.store_on_s3 ? var.s3_bucket : null) - s3_key = var.s3_existing_package != null ? lookup(var.s3_existing_package, "key", null) : (var.store_on_s3 ? var.s3_prefix != null ? format("%s%s", var.s3_prefix, replace(local.archive_filename, "/^.*//", "")) : replace(local.archive_filename, "/^\\.//", "") : null) - s3_object_version = var.s3_existing_package != null ? lookup(var.s3_existing_package, "version_id", null) : (var.store_on_s3 ? element(concat(aws_s3_bucket_object.lambda_package.*.version_id, [null]), 0) : null) + s3_key = var.s3_existing_package != null ? lookup(var.s3_existing_package, "key", null) : (var.store_on_s3 ? var.s3_prefix != null ? format("%s%s", var.s3_prefix, replace(local.archive_filename_string, "/^.*//", "")) : replace(local.archive_filename_string, "/^\\.//", "") : null) + s3_object_version = var.s3_existing_package != null ? lookup(var.s3_existing_package, "version_id", null) : (var.store_on_s3 ? try(aws_s3_bucket_object.lambda_package[0].version_id, null) : null) } diff --git a/modules/alias/main.tf b/modules/alias/main.tf index 67ac548f..3ba9c537 100644 --- a/modules/alias/main.tf +++ b/modules/alias/main.tf @@ -1,5 +1,5 @@ locals { - version = element(concat(data.aws_lambda_alias.existing.*.function_version, aws_lambda_alias.with_refresh.*.function_version, aws_lambda_alias.no_refresh.*.function_version, [""]), 0) + version = try(data.aws_lambda_alias.existing[0].function_version, aws_lambda_alias.with_refresh[0].function_version, aws_lambda_alias.no_refresh[0].function_version, "") qualifiers = zipmap(["version", "qualified_alias"], [var.create_version_async_event_config ? true : null, var.create_qualified_alias_async_event_config ? true : null]) } diff --git a/modules/alias/outputs.tf b/modules/alias/outputs.tf index 7582b0be..4a774faf 100644 --- a/modules/alias/outputs.tf +++ b/modules/alias/outputs.tf @@ -1,25 +1,25 @@ # Lambda Alias output "lambda_alias_name" { description = "The name of the Lambda Function Alias" - value = element(concat(data.aws_lambda_alias.existing.*.name, aws_lambda_alias.with_refresh.*.name, aws_lambda_alias.no_refresh.*.name, [""]), 0) + value = try(data.aws_lambda_alias.existing[0].name, aws_lambda_alias.with_refresh[0].name, aws_lambda_alias.no_refresh[0].name, "") } output "lambda_alias_arn" { description = "The ARN of the Lambda Function Alias" - value = element(concat(data.aws_lambda_alias.existing.*.arn, aws_lambda_alias.with_refresh.*.arn, aws_lambda_alias.no_refresh.*.arn, [""]), 0) + value = try(data.aws_lambda_alias.existing[0].arn, aws_lambda_alias.with_refresh[0].arn, aws_lambda_alias.no_refresh[0].arn, "") } output "lambda_alias_invoke_arn" { description = "The ARN to be used for invoking Lambda Function from API Gateway" - value = element(concat(data.aws_lambda_alias.existing.*.invoke_arn, aws_lambda_alias.with_refresh.*.invoke_arn, aws_lambda_alias.no_refresh.*.invoke_arn, [""]), 0) + value = try(data.aws_lambda_alias.existing[0].invoke_arn, aws_lambda_alias.with_refresh[0].invoke_arn, aws_lambda_alias.no_refresh[0].invoke_arn, "") } output "lambda_alias_description" { description = "Description of alias" - value = element(concat(data.aws_lambda_alias.existing.*.description, aws_lambda_alias.with_refresh.*.description, aws_lambda_alias.no_refresh.*.description, [""]), 0) + value = try(data.aws_lambda_alias.existing[0].description, aws_lambda_alias.with_refresh[0].description, aws_lambda_alias.no_refresh[0].description, "") } output "lambda_alias_function_version" { description = "Lambda function version which the alias uses" - value = element(concat(data.aws_lambda_alias.existing.*.function_version, aws_lambda_alias.with_refresh.*.function_version, aws_lambda_alias.no_refresh.*.function_version, [""]), 0) + value = try(data.aws_lambda_alias.existing[0].function_version, aws_lambda_alias.with_refresh[0].function_version, aws_lambda_alias.no_refresh[0].function_version, "") } diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index 9982d557..f82ca372 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -1,10 +1,10 @@ locals { # AWS CodeDeploy can't deploy when CurrentVersion is "$LATEST" - qualifier = element(concat(data.aws_lambda_function.this.*.qualifier, [""]), 0) + qualifier = try(data.aws_lambda_function.this[0].qualifier, "") current_version = local.qualifier == "$LATEST" ? 1 : local.qualifier - app_name = element(concat(aws_codedeploy_app.this.*.name, [var.app_name]), 0) - deployment_group_name = element(concat(aws_codedeploy_deployment_group.this.*.deployment_group_name, [var.deployment_group_name]), 0) + app_name = try(aws_codedeploy_app.this[0].name, var.app_name) + deployment_group_name = try(aws_codedeploy_deployment_group.this[0].deployment_group_name, var.deployment_group_name) appspec = merge({ version = "0.0" @@ -140,7 +140,7 @@ resource "aws_codedeploy_deployment_group" "this" { app_name = local.app_name deployment_group_name = var.deployment_group_name - service_role_arn = element(concat(aws_iam_role.codedeploy.*.arn, data.aws_iam_role.codedeploy.*.arn, [""]), 0) + service_role_arn = try(aws_iam_role.codedeploy[0].arn, data.aws_iam_role.codedeploy[0].arn, "") deployment_config_name = var.deployment_config_name deployment_style { @@ -208,7 +208,7 @@ data "aws_iam_policy_document" "assume_role" { resource "aws_iam_role_policy_attachment" "codedeploy" { count = var.create && var.create_codedeploy_role ? 1 : 0 - role = element(concat(aws_iam_role.codedeploy.*.id, [""]), 0) + role = try(aws_iam_role.codedeploy[0].id, "") policy_arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda" } @@ -237,7 +237,7 @@ resource "aws_iam_policy" "hooks" { resource "aws_iam_role_policy_attachment" "hooks" { count = var.create && var.create_codedeploy_role && var.attach_hooks_policy && (var.before_allow_traffic_hook_arn != "" || var.after_allow_traffic_hook_arn != "") ? 1 : 0 - role = element(concat(aws_iam_role.codedeploy.*.id, [""]), 0) + role = try(aws_iam_role.codedeploy[0].id, "") policy_arn = aws_iam_policy.hooks[0].arn } @@ -265,7 +265,7 @@ resource "aws_iam_policy" "triggers" { resource "aws_iam_role_policy_attachment" "triggers" { count = var.create && var.create_codedeploy_role && var.attach_triggers_policy ? 1 : 0 - role = element(concat(aws_iam_role.codedeploy.*.id, [""]), 0) + role = try(aws_iam_role.codedeploy[0].id, "") policy_arn = aws_iam_policy.triggers[0].arn } diff --git a/modules/deploy/outputs.tf b/modules/deploy/outputs.tf index 30937ee4..964ed8be 100644 --- a/modules/deploy/outputs.tf +++ b/modules/deploy/outputs.tf @@ -10,12 +10,12 @@ output "codedeploy_deployment_group_name" { output "codedeploy_deployment_group_id" { description = "CodeDeploy deployment group id" - value = element(concat(aws_codedeploy_deployment_group.this.*.id, [""]), 0) + value = try(aws_codedeploy_deployment_group.this[0].id, "") } output "codedeploy_iam_role_name" { description = "Name of IAM role used by CodeDeploy" - value = element(concat(aws_iam_role.codedeploy.*.name, [""]), 0) + value = try(aws_iam_role.codedeploy[0].name, "") } output "appspec" { @@ -40,5 +40,5 @@ output "script" { output "deploy_script" { description = "Path to a deployment script" - value = element(concat(local_file.deploy_script.*.filename, [""]), 0) + value = try(local_file.deploy_script[0].filename, "") } diff --git a/outputs.tf b/outputs.tf index 7162a3de..53b6b8a3 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,73 +1,73 @@ # Lambda Function output "lambda_function_arn" { description = "The ARN of the Lambda Function" - value = element(concat(aws_lambda_function.this.*.arn, [""]), 0) + value = try(aws_lambda_function.this[0].arn, "") } output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" - value = element(concat(aws_lambda_function.this.*.invoke_arn, [""]), 0) + value = try(aws_lambda_function.this[0].invoke_arn, "") } output "lambda_function_name" { description = "The name of the Lambda Function" - value = element(concat(aws_lambda_function.this.*.function_name, [""]), 0) + value = try(aws_lambda_function.this[0].function_name, "") } output "lambda_function_qualified_arn" { description = "The ARN identifying your Lambda Function Version" - value = element(concat(aws_lambda_function.this.*.qualified_arn, [""]), 0) + value = try(aws_lambda_function.this[0].qualified_arn, "") } output "lambda_function_version" { description = "Latest published version of Lambda Function" - value = element(concat(aws_lambda_function.this.*.version, [""]), 0) + value = try(aws_lambda_function.this[0].version, "") } output "lambda_function_last_modified" { description = "The date Lambda Function resource was last modified" - value = element(concat(aws_lambda_function.this.*.last_modified, [""]), 0) + value = try(aws_lambda_function.this[0].last_modified, "") } output "lambda_function_kms_key_arn" { description = "The ARN for the KMS encryption key of Lambda Function" - value = element(concat(aws_lambda_function.this.*.kms_key_arn, [""]), 0) + value = try(aws_lambda_function.this[0].kms_key_arn, "") } output "lambda_function_source_code_hash" { description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = element(concat(aws_lambda_function.this.*.source_code_hash, [""]), 0) + value = try(aws_lambda_function.this[0].source_code_hash, "") } output "lambda_function_source_code_size" { description = "The size in bytes of the function .zip file" - value = element(concat(aws_lambda_function.this.*.source_code_size, [""]), 0) + value = try(aws_lambda_function.this[0].source_code_size, "") } # Lambda Layer output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" - value = element(concat(aws_lambda_layer_version.this.*.arn, [""]), 0) + value = try(aws_lambda_layer_version.this[0].arn, "") } output "lambda_layer_layer_arn" { description = "The ARN of the Lambda Layer without version" - value = element(concat(aws_lambda_layer_version.this.*.layer_arn, [""]), 0) + value = try(aws_lambda_layer_version.this[0].layer_arn, "") } output "lambda_layer_created_date" { description = "The date Lambda Layer resource was created" - value = element(concat(aws_lambda_layer_version.this.*.created_date, [""]), 0) + value = try(aws_lambda_layer_version.this[0].created_date, "") } output "lambda_layer_source_code_size" { description = "The size in bytes of the Lambda Layer .zip file" - value = element(concat(aws_lambda_layer_version.this.*.source_code_size, [""]), 0) + value = try(aws_lambda_layer_version.this[0].source_code_size, "") } output "lambda_layer_version" { description = "The Lambda Layer version" - value = element(concat(aws_lambda_layer_version.this.*.version, [""]), 0) + value = try(aws_lambda_layer_version.this[0].version, "") } # Lambda Event Source Mapping @@ -94,17 +94,17 @@ output "lambda_event_source_mapping_uuid" { # IAM Role output "lambda_role_arn" { description = "The ARN of the IAM role created for the Lambda Function" - value = element(concat(aws_iam_role.lambda.*.arn, [""]), 0) + value = try(aws_iam_role.lambda[0].arn, "") } output "lambda_role_name" { description = "The name of the IAM role created for the Lambda Function" - value = element(concat(aws_iam_role.lambda.*.name, [""]), 0) + value = try(aws_iam_role.lambda[0].name, "") } output "lambda_role_unique_id" { description = "The unique id of the IAM role created for the Lambda Function" - value = element(concat(aws_iam_role.lambda.*.unique_id, [""]), 0) + value = try(aws_iam_role.lambda[0].unique_id, "") } # CloudWatch Log Group From 29c3612cd6a7b265802edc856cdc626d185c5ffc Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 21 Jan 2022 15:02:29 +0000 Subject: [PATCH 160/385] chore(release): version 2.33.1 [skip ci] ### [2.33.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.33.0...v2.33.1) (2022-01-21) ### Bug Fixes * Updated code style to use `try()` ([#256](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/256)) ([e9aed29](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/e9aed29a45762ea2bc1675fa9e1ed7458703f86b)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f8942c6c..2df11aa8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [2.33.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.33.0...v2.33.1) (2022-01-21) + + +### Bug Fixes + +* Updated code style to use `try()` ([#256](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/256)) ([e9aed29](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/e9aed29a45762ea2bc1675fa9e1ed7458703f86b)) + ## [2.33.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.32.0...v2.33.0) (2022-01-21) From 2478baa167816af2dee477d7e88703efff8b713b Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 21 Jan 2022 16:27:40 +0100 Subject: [PATCH 161/385] fix: Fixed incorrect tomap() (#257) --- main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/main.tf b/main.tf index df436759..1f4e8271 100644 --- a/main.tf +++ b/main.tf @@ -164,7 +164,7 @@ locals { } resource "aws_lambda_function_event_invoke_config" "this" { - for_each = var.create && var.create_function && !var.create_layer && var.create_async_event_config ? local.qualifiers : {} + for_each = { for k, v in local.qualifiers : k => v if var.create && var.create_function && !var.create_layer && var.create_async_event_config } function_name = aws_lambda_function.this[0].function_name qualifier = each.key == "current_version" ? aws_lambda_function.this[0].version : null @@ -193,7 +193,7 @@ resource "aws_lambda_function_event_invoke_config" "this" { } resource "aws_lambda_permission" "current_version_triggers" { - for_each = var.create && var.create_function && !var.create_layer && var.create_current_version_allowed_triggers ? var.allowed_triggers : {} + for_each = { for k, v in var.allowed_triggers : k => v if var.create && var.create_function && !var.create_layer && var.create_current_version_allowed_triggers } function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version @@ -208,7 +208,7 @@ resource "aws_lambda_permission" "current_version_triggers" { # Error: Error adding new Lambda Permission for lambda: InvalidParameterValueException: We currently do not support adding policies for $LATEST. resource "aws_lambda_permission" "unqualified_alias_triggers" { - for_each = var.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers ? var.allowed_triggers : {} + for_each = { for k, v in var.allowed_triggers : k => v if var.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers } function_name = aws_lambda_function.this[0].function_name @@ -221,7 +221,7 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" { } resource "aws_lambda_event_source_mapping" "this" { - for_each = var.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers ? var.event_source_mapping : tomap({}) + for_each = { for k, v in var.event_source_mapping : k => v if var.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers } function_name = aws_lambda_function.this[0].arn From 62994788d50c3a6a705c908703b7f443e399d6b9 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 21 Jan 2022 15:28:16 +0000 Subject: [PATCH 162/385] chore(release): version 2.33.2 [skip ci] ### [2.33.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.33.1...v2.33.2) (2022-01-21) ### Bug Fixes * Fixed incorrect tomap() ([#257](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/257)) ([2478baa](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2478baa167816af2dee477d7e88703efff8b713b)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2df11aa8..c0107e62 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [2.33.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.33.1...v2.33.2) (2022-01-21) + + +### Bug Fixes + +* Fixed incorrect tomap() ([#257](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/257)) ([2478baa](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2478baa167816af2dee477d7e88703efff8b713b)) + ### [2.33.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.33.0...v2.33.1) (2022-01-21) From 159f57aede1173a41ab9ef362909f8fb3e67d8d4 Mon Sep 17 00:00:00 2001 From: Sven Lito <57947418+svenlito@users.noreply.github.com> Date: Mon, 31 Jan 2022 16:24:30 +0700 Subject: [PATCH 163/385] feat: Add event filter criteria capabilities (#242) Co-authored-by: Sven Lito --- examples/event-source-mapping/main.tf | 13 +++++++++++++ main.tf | 10 ++++++++++ 2 files changed, 23 insertions(+) diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index 0b0b5cd7..9266dfc9 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -31,10 +31,23 @@ module "lambda_function" { event_source_arn = aws_dynamodb_table.this.stream_arn starting_position = "LATEST" destination_arn_on_failure = aws_sqs_queue.failure.arn + filter_criteria = { + pattern = jsonencode({ + eventName : ["INSERT"] + }) + } } kinesis = { event_source_arn = aws_kinesis_stream.this.arn starting_position = "LATEST" + filter_criteria = { + pattern = jsonencode({ + data : { + Temperature : [{ numeric : [">", 0, "<=", 100] }] + Location : ["Oslo"] + } + }) + } } mq = { event_source_arn = aws_mq_broker.this.arn diff --git a/main.tf b/main.tf index 1f4e8271..dc509538 100644 --- a/main.tf +++ b/main.tf @@ -256,4 +256,14 @@ resource "aws_lambda_event_source_mapping" "this" { uri = source_access_configuration.value["uri"] } } + + dynamic "filter_criteria" { + for_each = lookup(each.value, "filter_criteria", null) != null ? [true] : [] + + content { + filter { + pattern = lookup(filter_criteria, "pattern", null) + } + } + } } From 086013837d18ead0fa84269faa66054b5a63f27f Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 31 Jan 2022 09:25:00 +0000 Subject: [PATCH 164/385] chore(release): version 2.34.0 [skip ci] ## [2.34.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.33.2...v2.34.0) (2022-01-31) ### Features * Add event filter criteria capabilities ([#242](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/242)) ([159f57a](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/159f57aede1173a41ab9ef362909f8fb3e67d8d4)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0107e62..5c3a3c53 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [2.34.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.33.2...v2.34.0) (2022-01-31) + + +### Features + +* Add event filter criteria capabilities ([#242](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/242)) ([159f57a](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/159f57aede1173a41ab9ef362909f8fb3e67d8d4)) + ### [2.33.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.33.1...v2.33.2) (2022-01-21) From a5c03fef2c5c332dc31b84030cbb63302ef8a23d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindri=20Gu=C3=B0mundsson?= Date: Wed, 23 Feb 2022 14:27:09 +0000 Subject: [PATCH 165/385] fix: Fixed event source mapping filter criteria (#272) --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index dc509538..1aeabd11 100644 --- a/main.tf +++ b/main.tf @@ -262,7 +262,7 @@ resource "aws_lambda_event_source_mapping" "this" { content { filter { - pattern = lookup(filter_criteria, "pattern", null) + pattern = lookup(each.value["filter_criteria"], "pattern", null) } } } From 72f14fbead407b464b6c524d0c14865133dbe948 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 23 Feb 2022 14:27:48 +0000 Subject: [PATCH 166/385] chore(release): version 2.34.1 [skip ci] ### [2.34.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.34.0...v2.34.1) (2022-02-23) ### Bug Fixes * Fixed event source mapping filter criteria ([#272](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/272)) ([a5c03fe](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/a5c03fef2c5c332dc31b84030cbb63302ef8a23d)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5c3a3c53..01d713c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [2.34.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.34.0...v2.34.1) (2022-02-23) + + +### Bug Fixes + +* Fixed event source mapping filter criteria ([#272](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/272)) ([a5c03fe](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/a5c03fef2c5c332dc31b84030cbb63302ef8a23d)) + ## [2.34.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.33.2...v2.34.0) (2022-01-31) From 2d32d84a3483bb2eb66f37b33cab13fba0d96adc Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sat, 12 Mar 2022 11:16:30 +0100 Subject: [PATCH 167/385] feat: Made it clear that we stand with Ukraine --- README.md | 10 ++++++++++ iam.tf | 2 +- main.tf | 22 ++++++++++++---------- variables.tf | 6 ++++++ 4 files changed, 29 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 1888ed9d..44050a22 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,8 @@ Terraform module, which creates almost all supported AWS Lambda resources as well as taking care of building and packaging of required Lambda dependencies for functions and layers. +[![SWUbanner](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner2-direct.svg)](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md) + This Terraform module is the part of [serverless.tf framework](https://github.com/antonbabenko/serverless.tf), which aims to simplify all operations when working with the serverless in Terraform: 1. Build and install dependencies - [read more](#build). Requires Python 3.6 or newer. @@ -733,6 +735,7 @@ No modules. | [policy\_statements](#input\_policy\_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | | [provisioned\_concurrent\_executions](#input\_provisioned\_concurrent\_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | | [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | +| [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | | [recreate\_missing\_package](#input\_recreate\_missing\_package) | Whether to recreate missing Lambda package if it is missing locally or not | `bool` | `true` | no | | [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | | [role\_description](#input\_role\_description) | Description of IAM role to use for Lambda Function | `string` | `null` | no | @@ -800,3 +803,10 @@ Please reach out to [Betajob](https://www.betajob.com/) if you are looking for c ## License Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/LICENSE) for full details. + +## Additional terms of use for users from Russia and Belarus + +By using the code provided in this repository you agree with the following: +* Russia has [illegally annexed Crimea in 2014](https://en.wikipedia.org/wiki/Annexation_of_Crimea_by_the_Russian_Federation) and [brought the war in Donbas](https://en.wikipedia.org/wiki/War_in_Donbas) followed by [full-scale invasion of Ukraine in 2022](https://en.wikipedia.org/wiki/2022_Russian_invasion_of_Ukraine). +* Russia has brought sorrow and devastations to millions of Ukrainians, killed hundreds of innocent people, damaged thousands of buildings, and forced several million people to flee. +* [Putin khuylo!](https://en.wikipedia.org/wiki/Putin_khuylo!) diff --git a/iam.tf b/iam.tf index d7ae9398..6102fc66 100644 --- a/iam.tf +++ b/iam.tf @@ -1,5 +1,5 @@ locals { - create_role = var.create && var.create_function && !var.create_layer && var.create_role + create_role = local.create && var.create_function && !var.create_layer && var.create_role # Lambda@Edge uses the Cloudwatch region closest to the location where the function is executed # The region part of the LogGroup ARN is then replaced with a wildcard (*) so Lambda@Edge is able to log in every region diff --git a/main.tf b/main.tf index 1aeabd11..24f81116 100644 --- a/main.tf +++ b/main.tf @@ -1,6 +1,8 @@ data "aws_partition" "current" {} locals { + create = var.create && var.putin_khuylo + archive_filename = try(data.external.archive_prepare[0].result.filename, null) archive_filename_string = local.archive_filename != null ? local.archive_filename : "" archive_was_missing = try(data.external.archive_prepare[0].result.was_missing, false) @@ -18,7 +20,7 @@ locals { } resource "aws_lambda_function" "this" { - count = var.create && var.create_function && !var.create_layer ? 1 : 0 + count = local.create && var.create_function && !var.create_layer ? 1 : 0 function_name = var.function_name description = var.description @@ -98,7 +100,7 @@ resource "aws_lambda_function" "this" { } resource "aws_lambda_layer_version" "this" { - count = var.create && var.create_layer ? 1 : 0 + count = local.create && var.create_layer ? 1 : 0 layer_name = var.layer_name description = var.description @@ -119,7 +121,7 @@ resource "aws_lambda_layer_version" "this" { } resource "aws_s3_bucket_object" "lambda_package" { - count = var.create && var.store_on_s3 && var.create_package ? 1 : 0 + count = local.create && var.store_on_s3 && var.create_package ? 1 : 0 bucket = var.s3_bucket acl = var.s3_acl @@ -135,13 +137,13 @@ resource "aws_s3_bucket_object" "lambda_package" { } data "aws_cloudwatch_log_group" "lambda" { - count = var.create && var.create_function && !var.create_layer && var.use_existing_cloudwatch_log_group ? 1 : 0 + count = local.create && var.create_function && !var.create_layer && var.use_existing_cloudwatch_log_group ? 1 : 0 name = "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}" } resource "aws_cloudwatch_log_group" "lambda" { - count = var.create && var.create_function && !var.create_layer && !var.use_existing_cloudwatch_log_group ? 1 : 0 + count = local.create && var.create_function && !var.create_layer && !var.use_existing_cloudwatch_log_group ? 1 : 0 name = "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}" retention_in_days = var.cloudwatch_logs_retention_in_days @@ -151,7 +153,7 @@ resource "aws_cloudwatch_log_group" "lambda" { } resource "aws_lambda_provisioned_concurrency_config" "current_version" { - count = var.create && var.create_function && !var.create_layer && var.provisioned_concurrent_executions > -1 ? 1 : 0 + count = local.create && var.create_function && !var.create_layer && var.provisioned_concurrent_executions > -1 ? 1 : 0 function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version @@ -164,7 +166,7 @@ locals { } resource "aws_lambda_function_event_invoke_config" "this" { - for_each = { for k, v in local.qualifiers : k => v if var.create && var.create_function && !var.create_layer && var.create_async_event_config } + for_each = { for k, v in local.qualifiers : k => v if local.create && var.create_function && !var.create_layer && var.create_async_event_config } function_name = aws_lambda_function.this[0].function_name qualifier = each.key == "current_version" ? aws_lambda_function.this[0].version : null @@ -193,7 +195,7 @@ resource "aws_lambda_function_event_invoke_config" "this" { } resource "aws_lambda_permission" "current_version_triggers" { - for_each = { for k, v in var.allowed_triggers : k => v if var.create && var.create_function && !var.create_layer && var.create_current_version_allowed_triggers } + for_each = { for k, v in var.allowed_triggers : k => v if local.create && var.create_function && !var.create_layer && var.create_current_version_allowed_triggers } function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version @@ -208,7 +210,7 @@ resource "aws_lambda_permission" "current_version_triggers" { # Error: Error adding new Lambda Permission for lambda: InvalidParameterValueException: We currently do not support adding policies for $LATEST. resource "aws_lambda_permission" "unqualified_alias_triggers" { - for_each = { for k, v in var.allowed_triggers : k => v if var.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers } + for_each = { for k, v in var.allowed_triggers : k => v if local.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers } function_name = aws_lambda_function.this[0].function_name @@ -221,7 +223,7 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" { } resource "aws_lambda_event_source_mapping" "this" { - for_each = { for k, v in var.event_source_mapping : k => v if var.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers } + for_each = { for k, v in var.event_source_mapping : k => v if local.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers } function_name = aws_lambda_function.this[0].arn diff --git a/variables.tf b/variables.tf index db184297..24243bfa 100644 --- a/variables.tf +++ b/variables.tf @@ -28,6 +28,12 @@ variable "create_role" { default = true } +variable "putin_khuylo" { + description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!" + type = bool + default = true +} + ########### # Function ########### From 382469ea1dd39ea3687c00050ad06f55a127ea91 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 12 Mar 2022 10:17:19 +0000 Subject: [PATCH 168/385] chore(release): version 2.35.0 [skip ci] ## [2.35.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.34.1...v2.35.0) (2022-03-12) ### Features * Made it clear that we stand with Ukraine ([2d32d84](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2d32d84a3483bb2eb66f37b33cab13fba0d96adc)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 01d713c5..9cf5d549 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [2.35.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.34.1...v2.35.0) (2022-03-12) + + +### Features + +* Made it clear that we stand with Ukraine ([2d32d84](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2d32d84a3483bb2eb66f37b33cab13fba0d96adc)) + ### [2.34.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.34.0...v2.34.1) (2022-02-23) From 5e5d5608483ebfd90617ecf5a5fdc0b1c566be2f Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 17 Mar 2022 16:46:41 +0100 Subject: [PATCH 169/385] chore: Updated information for users from Russia/Belarus --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 44050a22..1f89893f 100644 --- a/README.md +++ b/README.md @@ -804,9 +804,8 @@ Please reach out to [Betajob](https://www.betajob.com/) if you are looking for c Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/LICENSE) for full details. -## Additional terms of use for users from Russia and Belarus +## Additional information for users from Russia and Belarus -By using the code provided in this repository you agree with the following: * Russia has [illegally annexed Crimea in 2014](https://en.wikipedia.org/wiki/Annexation_of_Crimea_by_the_Russian_Federation) and [brought the war in Donbas](https://en.wikipedia.org/wiki/War_in_Donbas) followed by [full-scale invasion of Ukraine in 2022](https://en.wikipedia.org/wiki/2022_Russian_invasion_of_Ukraine). * Russia has brought sorrow and devastations to millions of Ukrainians, killed hundreds of innocent people, damaged thousands of buildings, and forced several million people to flee. * [Putin khuylo!](https://en.wikipedia.org/wiki/Putin_khuylo!) From db34260a1685333fa1f491b77f4564033c29729b Mon Sep 17 00:00:00 2001 From: Mike Helmick <352270+michaelhelmick@users.noreply.github.com> Date: Fri, 18 Mar 2022 04:47:36 -0400 Subject: [PATCH 170/385] fix: Added support for keep_remotely in docker-build submodule (#284) Co-authored-by: Anton Babenko --- modules/docker-build/README.md | 5 +++-- modules/docker-build/main.tf | 2 ++ modules/docker-build/variables.tf | 6 ++++++ modules/docker-build/versions.tf | 7 +++++-- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 018d4bf3..6ace9e78 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -44,14 +44,14 @@ module "docker_image" { |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.35 | -| [docker](#requirement\_docker) | >= 2.8.0 | +| [docker](#requirement\_docker) | >= 2.12 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.35 | -| [docker](#provider\_docker) | >= 2.8.0 | +| [docker](#provider\_docker) | >= 2.12 | ## Modules @@ -81,6 +81,7 @@ No modules. | [ecr\_repo\_tags](#input\_ecr\_repo\_tags) | A map of tags to assign to ECR repository | `map(string)` | `{}` | no | | [image\_tag](#input\_image\_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | | [image\_tag\_mutability](#input\_image\_tag\_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | +| [keep\_remotely](#input\_keep\_remotely) | Whether to keep Docker image in the remote registry on destroy operation. | `bool` | `false` | no | | [scan\_on\_push](#input\_scan\_on\_push) | Indicates whether images are scanned after being pushed to the repository | `bool` | `false` | no | | [source\_path](#input\_source\_path) | Path to folder containing application code | `string` | `null` | no | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index 920aa0e4..bfa2ae0e 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -27,6 +27,8 @@ resource "docker_registry_image" "this" { dockerfile = var.docker_file_path build_args = var.build_args } + + keep_remotely = var.keep_remotely } resource "aws_ecr_repository" "this" { diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf index fdfe1c44..f029958a 100644 --- a/modules/docker-build/variables.tf +++ b/modules/docker-build/variables.tf @@ -64,3 +64,9 @@ variable "ecr_repo_lifecycle_policy" { type = string default = null } + +variable "keep_remotely" { + description = "Whether to keep Docker image in the remote registry on destroy operation." + type = bool + default = false +} diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index 001ad6f0..87ea2d45 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -2,10 +2,13 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.35" + aws = { + source = "hashicorp/aws" + version = ">= 3.35" + } docker = { source = "kreuzwerker/docker" - version = ">= 2.8.0" + version = ">= 2.12" } } } From 1327243a3bba696c8357766077481783fd82d031 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 18 Mar 2022 08:48:09 +0000 Subject: [PATCH 171/385] chore(release): version 2.35.1 [skip ci] ### [2.35.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.35.0...v2.35.1) (2022-03-18) ### Bug Fixes * Added support for keep_remotely in docker-build submodule ([#284](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/284)) ([db34260](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/db34260a1685333fa1f491b77f4564033c29729b)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9cf5d549..8f883039 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [2.35.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.35.0...v2.35.1) (2022-03-18) + + +### Bug Fixes + +* Added support for keep_remotely in docker-build submodule ([#284](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/284)) ([db34260](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/db34260a1685333fa1f491b77f4564033c29729b)) + ## [2.35.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.34.1...v2.35.0) (2022-03-12) From ecb38076b0408982183ebb8070aff7c7e01c4b82 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sat, 26 Mar 2022 21:09:54 +0100 Subject: [PATCH 172/385] feat: Add support to build automatically npm dependencies (#293) Co-authored-by: Massimo Maino --- README.md | 14 +- examples/build-package/README.md | 3 + examples/build-package/main.tf | 41 +++++- examples/fixtures/nodejs14.x-app1/index.js | 16 +++ .../fixtures/nodejs14.x-app1/package.json | 8 ++ package.py | 120 +++++++++++++++++- 6 files changed, 196 insertions(+), 6 deletions(-) create mode 100644 examples/fixtures/nodejs14.x-app1/index.js create mode 100644 examples/fixtures/nodejs14.x-app1/package.json diff --git a/README.md b/README.md index 1f89893f..005c2a38 100644 --- a/README.md +++ b/README.md @@ -403,6 +403,11 @@ source_path = [ "!vendor/colorful-.+.dist-info/.*", "!vendor/colorful/__pycache__/?.*", ] + }, { + path = "src/nodejs14.x-app1", + npm_requirements = true, + npm_tmp_dir = "/tmp/dir/location" + prefix_in_zip = "foo/bar1", }, { path = "src/python3.8-app3", commands = [ @@ -424,8 +429,9 @@ source_path = [ ] ``` -Few notes: +*Few notes:* +- If you specify a source path as a string that references a folder and the runtime begins with `python` or `nodejs`, the build process will automatically build python and nodejs dependencies if `requirements.txt` or `package.json` file will be found in the source folder. If you want to customize this behavior, please use the object notation as explained below. - All arguments except `path` are optional. - `patterns` - List of Python regex filenames should satisfy. Default value is "include everything" which is equal to `patterns = [".*"]`. This can also be specified as multiline heredoc string (no comments allowed). Some examples of valid patterns: @@ -442,10 +448,12 @@ Few notes: !abc/def/hgk/.* # Filter out again in abc/def/hgk sub folder ``` -- `commands` - List of commands to run. If specified, this argument overrides `pip_requirements`. +- `commands` - List of commands to run. If specified, this argument overrides `pip_requirements` and `npm_requirements`. - `:zip [source] [destination]` is a special command which creates content of current working directory (first argument) and places it inside of path (second argument). - `pip_requirements` - Controls whether to execute `pip install`. Set to `false` to disable this feature, `true` to run `pip install` with `requirements.txt` found in `path`. Or set to another filename which you want to use instead. - `pip_tmp_dir` - Set the base directory to make the temporary directory for pip installs. Can be useful for Docker in Docker builds. +- `npm_requirements` - Controls whether to execute `npm install`. Set to `false` to disable this feature, `true` to run `npm install` with `package.json` found in `path`. Or set to another filename which you want to use instead. +- `npm_tmp_dir` - Set the base directory to make the temporary directory for npm installs. Can be useful for Docker in Docker builds. - `prefix_in_zip` - If specified, will be used as a prefix inside zip-archive. By default, everything installs into the root of zip-archive. ### Building in Docker @@ -455,7 +463,7 @@ If your Lambda Function or Layer uses some dependencies you can build them in Do build_in_docker = true docker_file = "src/python3.8-app1/docker/Dockerfile" docker_build_root = "src/python3.8-app1/docker" - docker_image = "lambci/lambda:build-python3.8" + docker_image = "public.ecr.aws/sam/build-python3.8" runtime = "python3.8" # Setting runtime is required when building package in Docker and Lambda Layer resource. Using this module you can install dependencies from private hosts. To do this, you need for forward SSH agent: diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 7ee75c69..0d1f4a4f 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -38,11 +38,14 @@ Note that this example may create resources which cost money. Run `terraform des | [lambda\_layer\_pip\_requirements](#module\_lambda\_layer\_pip\_requirements) | ../.. | n/a | | [package\_dir](#module\_package\_dir) | ../../ | n/a | | [package\_dir\_pip\_dir](#module\_package\_dir\_pip\_dir) | ../../ | n/a | +| [package\_dir\_with\_npm\_install](#module\_package\_dir\_with\_npm\_install) | ../../ | n/a | +| [package\_dir\_without\_npm\_install](#module\_package\_dir\_without\_npm\_install) | ../../ | n/a | | [package\_dir\_without\_pip\_install](#module\_package\_dir\_without\_pip\_install) | ../../ | n/a | | [package\_file](#module\_package\_file) | ../../ | n/a | | [package\_file\_with\_pip\_requirements](#module\_package\_file\_with\_pip\_requirements) | ../../ | n/a | | [package\_with\_commands\_and\_patterns](#module\_package\_with\_commands\_and\_patterns) | ../../ | n/a | | [package\_with\_docker](#module\_package\_with\_docker) | ../../ | n/a | +| [package\_with\_npm\_requirements\_in\_docker](#module\_package\_with\_npm\_requirements\_in\_docker) | ../../ | n/a | | [package\_with\_patterns](#module\_package\_with\_patterns) | ../../ | n/a | | [package\_with\_pip\_requirements\_in\_docker](#module\_package\_with\_pip\_requirements\_in\_docker) | ../../ | n/a | diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 636ac8d8..61dd0102 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -220,7 +220,45 @@ module "package_with_docker" { docker_with_ssh_agent = true # docker_file = "${path.module}/../fixtures/python3.8-app1/docker/Dockerfile" docker_build_root = "${path.module}/../../docker" - docker_image = "lambci/lambda:build-python3.8" + docker_image = "public.ecr.aws/sam/build-python3.8" +} + +# Create zip-archive of a single directory where "npm install" will also be executed (default for nodejs runtime) +module "package_dir_with_npm_install" { + source = "../../" + + create_function = false + + runtime = "nodejs14.x" + source_path = "${path.module}/../fixtures/nodejs14.x-app1" +} + +# Create zip-archive of a single directory without running "npm install" (which is the default for nodejs runtime) +module "package_dir_without_npm_install" { + source = "../../" + + create_function = false + + runtime = "nodejs14.x" + source_path = [ + { + path = "${path.module}/../fixtures/nodejs14.x-app1" + npm_requirements = false + # npm_requirements = true # Will run "npm install" with package.json + } + ] +} + +# Create zip-archive of a single directory where "npm install" will also be executed using docker +module "package_with_npm_requirements_in_docker" { + source = "../../" + + create_function = false + + runtime = "nodejs14.x" + source_path = "${path.module}/../fixtures/nodejs14.x-app1" + build_in_docker = true + hash_extra = "something-unique-to-not-conflict-with-module.package_dir_with_npm_install" } ################################ @@ -240,6 +278,7 @@ module "lambda_layer" { build_in_docker = true runtime = "python3.8" + docker_image = "public.ecr.aws/sam/build-python3.8" docker_file = "${path.module}/../fixtures/python3.8-app1/docker/Dockerfile" } diff --git a/examples/fixtures/nodejs14.x-app1/index.js b/examples/fixtures/nodejs14.x-app1/index.js new file mode 100644 index 00000000..97968e4a --- /dev/null +++ b/examples/fixtures/nodejs14.x-app1/index.js @@ -0,0 +1,16 @@ +'use strict'; + +module.exports.hello = async (event) => { + console.log(event); + return { + statusCode: 200, + body: JSON.stringify( + { + message: `Go Serverless.tf! Your Nodejs function executed successfully!`, + input: event, + }, + null, + 2 + ), + }; +}; diff --git a/examples/fixtures/nodejs14.x-app1/package.json b/examples/fixtures/nodejs14.x-app1/package.json new file mode 100644 index 00000000..89c23f36 --- /dev/null +++ b/examples/fixtures/nodejs14.x-app1/package.json @@ -0,0 +1,8 @@ +{ + "name": "nodejs14.x-app1", + "version": "1.0.0", + "main": "index.js", + "dependencies": { + "requests": "^0.3.0" + } +} diff --git a/package.py b/package.py index b9fccf28..7bd8dd2d 100644 --- a/package.py +++ b/package.py @@ -660,6 +660,18 @@ def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): step('pip', runtime, requirements, prefix, tmp_dir) hash(requirements) + def npm_requirements_step(path, prefix=None, required=False, tmp_dir=None): + requirements = path + if os.path.isdir(path): + requirements = os.path.join(path, 'package.json') + if not os.path.isfile(requirements): + if required: + raise RuntimeError( + 'File not found: {}'.format(requirements)) + else: + step('npm', runtime, requirements, prefix, tmp_dir) + hash(requirements) + def commands_step(path, commands): if not commands: return @@ -717,6 +729,9 @@ def commands_step(path, commands): if runtime.startswith('python'): pip_requirements_step( os.path.join(path, 'requirements.txt')) + elif runtime.startswith('nodejs'): + npm_requirements_step( + os.path.join(path, 'package.json')) step('zip', path, None) hash(path) @@ -731,6 +746,7 @@ def commands_step(path, commands): else: prefix = claim.get('prefix_in_zip') pip_requirements = claim.get('pip_requirements') + npm_requirements = claim.get('npm_package_json') runtime = claim.get('runtime', query.runtime) if pip_requirements and runtime.startswith('python'): @@ -740,6 +756,13 @@ def commands_step(path, commands): pip_requirements_step(pip_requirements, prefix, required=True, tmp_dir=claim.get('pip_tmp_dir')) + if npm_requirements and runtime.startswith('nodejs'): + if isinstance(npm_requirements, bool) and path: + npm_requirements_step(path, prefix, required=True, tmp_dir=claim.get('npm_tmp_dir')) + else: + npm_requirements_step(npm_requirements, prefix, + required=True, tmp_dir=claim.get('npm_tmp_dir')) + if path: step('zip', path, prefix) if patterns: @@ -793,6 +816,16 @@ def execute(self, build_plan, zip_stream, query): else: # XXX: timestamp=0 - what actually do with it? zs.write_dirs(rd, prefix=prefix, timestamp=0) + elif cmd == 'npm': + runtime, npm_requirements, prefix, tmp_dir = action[1:] + with install_npm_requirements(query, npm_requirements, tmp_dir) as rd: + if rd: + if pf: + self._zip_write_with_filter(zs, pf, rd, prefix, + timestamp=0) + else: + # XXX: timestamp=0 - what actually do with it? + zs.write_dirs(rd, prefix=prefix, timestamp=0) elif cmd == 'sh': r, w = os.pipe() side_ch = os.fdopen(r) @@ -934,6 +967,89 @@ def install_pip_requirements(query, requirements_file, tmp_dir): yield temp_dir +@contextmanager +def install_npm_requirements(query, requirements_file, tmp_dir): + # TODO: + # 1. Emit files instead of temp_dir + + if not os.path.exists(requirements_file): + yield + return + + runtime = query.runtime + artifacts_dir = query.artifacts_dir + temp_dir = query.temp_dir + docker = query.docker + docker_image_tag_id = None + + if docker: + docker_file = docker.docker_file + docker_image = docker.docker_image + docker_build_root = docker.docker_build_root + + if docker_image: + ok = False + while True: + output = check_output(docker_image_id_command(docker_image)) + if output: + docker_image_tag_id = output.decode().strip() + log.debug("DOCKER TAG ID: %s -> %s", + docker_image, docker_image_tag_id) + ok = True + if ok: + break + docker_cmd = docker_build_command( + build_root=docker_build_root, + docker_file=docker_file, + tag=docker_image, + ) + check_call(docker_cmd) + ok = True + elif docker_file or docker_build_root: + raise ValueError('docker_image must be specified ' + 'for a custom image future references') + + log.info('Installing npm requirements: %s', requirements_file) + with tempdir(tmp_dir) as temp_dir: + requirements_filename = os.path.basename(requirements_file) + target_file = os.path.join(temp_dir, requirements_filename) + shutil.copyfile(requirements_file, target_file) + + subproc_env = None + if not docker and OSX: + subproc_env = os.environ.copy() + + # Install dependencies into the temporary directory. + with cd(temp_dir): + npm_command = ['npm', 'install'] + if docker: + with_ssh_agent = docker.with_ssh_agent + chown_mask = '{}:{}'.format(os.getuid(), os.getgid()) + shell_command = [shlex_join(npm_command), '&&', + shlex_join(['chown', '-R', + chown_mask, '.'])] + shell_command = [' '.join(shell_command)] + check_call(docker_run_command( + '.', shell_command, runtime, + image=docker_image_tag_id, + shell=True, ssh_agent=with_ssh_agent + )) + else: + cmd_log.info(shlex_join(npm_command)) + log_handler and log_handler.flush() + try: + check_call(npm_command, env=subproc_env) + except FileNotFoundError as e: + raise RuntimeError( + "Nodejs interpreter version equal " + "to defined lambda runtime ({}) should be " + "available in system PATH".format(runtime) + ) from e + + os.remove(target_file) + yield temp_dir + + def docker_image_id_command(tag): """""" docker_cmd = ['docker', 'images', '--format={{.ID}}', tag] @@ -1011,7 +1127,7 @@ def docker_run_command(build_root, command, runtime, ]) if not image: - image = 'lambci/lambda:build-{}'.format(runtime) + image = 'public.ecr.aws/sam/build-{}'.format(runtime) docker_cmd.append(image) @@ -1128,7 +1244,7 @@ def prepare_command(args): def build_command(args): """ Builds a zip file from the source_dir or source_file. - Installs dependencies with pip automatically. + Installs dependencies with pip or npm automatically. """ log = logging.getLogger('build') From e85bba830428f6651317e4017ac3578dc37614b3 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 26 Mar 2022 20:10:29 +0000 Subject: [PATCH 173/385] chore(release): version 2.36.0 [skip ci] ## [2.36.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.35.1...v2.36.0) (2022-03-26) ### Features * Add support to build automatically npm dependencies ([#293](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/293)) ([ecb3807](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/ecb38076b0408982183ebb8070aff7c7e01c4b82)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f883039..ba9286f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [2.36.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.35.1...v2.36.0) (2022-03-26) + + +### Features + +* Add support to build automatically npm dependencies ([#293](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/293)) ([ecb3807](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/ecb38076b0408982183ebb8070aff7c7e01c4b82)) + ### [2.35.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.35.0...v2.35.1) (2022-03-18) From f191baea053e126fc6b83a2ea4d6988c4f47ebde Mon Sep 17 00:00:00 2001 From: liortct <38353773+liortct@users.noreply.github.com> Date: Sat, 26 Mar 2022 23:26:26 +0300 Subject: [PATCH 174/385] feat: Added support for ephemeral storage (requires AWS provider version 4.8.0) (#291) Co-authored-by: Anton Babenko --- README.md | 11 ++++++----- examples/complete/main.tf | 13 +++++++------ examples/complete/versions.tf | 2 +- main.tf | 12 ++++++++---- variables.tf | 6 ++++++ versions.tf | 2 +- 6 files changed, 29 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 005c2a38..64c74e36 100644 --- a/README.md +++ b/README.md @@ -148,7 +148,7 @@ resource "aws_s3_bucket" "builds" { acl = "private" } -resource "aws_s3_bucket_object" "my_function" { +resource "aws_s3_object" "my_function" { bucket = aws_s3_bucket.builds.id key = "${filemd5(local.my_function_source)}.zip" source = local.my_function_source @@ -165,7 +165,7 @@ module "lambda_function_existing_package_s3" { create_package = false s3_existing_package = { bucket = aws_s3_bucket.builds.id - key = aws_s3_bucket_object.my_function.id + key = aws_s3_object.my_function.id } } ``` @@ -602,7 +602,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.69 | +| [aws](#requirement\_aws) | >= 4.8.0 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -611,7 +611,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.69 | +| [aws](#provider\_aws) | >= 4.8.0 | | [external](#provider\_external) | >= 1.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | @@ -651,7 +651,7 @@ No modules. | [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | | [aws_lambda_permission.unqualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | | [aws_lambda_provisioned_concurrency_config.current_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_provisioned_concurrency_config) | resource | -| [aws_s3_bucket_object.lambda_package](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_object) | resource | +| [aws_s3_object.lambda_package](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource | | [local_file.archive_plan](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | | [null_resource.archive](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_arn.log_group_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | @@ -710,6 +710,7 @@ No modules. | [docker\_pip\_cache](#input\_docker\_pip\_cache) | Whether to mount a shared pip cache folder into docker environment or not | `any` | `null` | no | | [docker\_with\_ssh\_agent](#input\_docker\_with\_ssh\_agent) | Whether to pass SSH\_AUTH\_SOCK into docker environment or not | `bool` | `false` | no | | [environment\_variables](#input\_environment\_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no | +| [ephemeral\_storage\_size](#input\_ephemeral\_storage\_size) | Amount of ephemeral storage size (`/tmp`) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | `number` | `512` | no | | [event\_source\_mapping](#input\_event\_source\_mapping) | Map of event source mapping | `any` | `{}` | no | | [file\_system\_arn](#input\_file\_system\_arn) | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | `string` | `null` | no | | [file\_system\_local\_mount\_path](#input\_file\_system\_local\_mount\_path) | The path where the function can access the file system, starting with /mnt/. | `string` | `null` | no | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 4c4a0208..56bc0383 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -17,12 +17,13 @@ provider "aws" { module "lambda_function" { source = "../../" - function_name = "${random_pet.this.id}-lambda1" - description = "My awesome lambda function" - handler = "index.lambda_handler" - runtime = "python3.8" - architectures = ["x86_64"] - publish = true + function_name = "${random_pet.this.id}-lambda1" + description = "My awesome lambda function" + handler = "index.lambda_handler" + runtime = "python3.8" + ephemeral_storage_size = 10240 + architectures = ["x86_64"] + publish = true source_path = "${path.module}/../fixtures/python3.8-app1" diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index a32909ec..9e58d511 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 2.67" + aws = ">= 4.8.0" random = ">= 2" } } diff --git a/main.tf b/main.tf index 24f81116..5296554c 100644 --- a/main.tf +++ b/main.tf @@ -15,7 +15,7 @@ locals { # s3_* - to get package from S3 s3_bucket = var.s3_existing_package != null ? lookup(var.s3_existing_package, "bucket", null) : (var.store_on_s3 ? var.s3_bucket : null) s3_key = var.s3_existing_package != null ? lookup(var.s3_existing_package, "key", null) : (var.store_on_s3 ? var.s3_prefix != null ? format("%s%s", var.s3_prefix, replace(local.archive_filename_string, "/^.*//", "")) : replace(local.archive_filename_string, "/^\\.//", "") : null) - s3_object_version = var.s3_existing_package != null ? lookup(var.s3_existing_package, "version_id", null) : (var.store_on_s3 ? try(aws_s3_bucket_object.lambda_package[0].version_id, null) : null) + s3_object_version = var.s3_existing_package != null ? lookup(var.s3_existing_package, "version_id", null) : (var.store_on_s3 ? try(aws_s3_object.lambda_package[0].version_id, null) : null) } @@ -37,6 +37,10 @@ resource "aws_lambda_function" "this" { package_type = var.package_type architectures = var.architectures + ephemeral_storage { + size = var.ephemeral_storage_size + } + filename = local.filename source_code_hash = var.ignore_source_code_hash ? null : (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null @@ -96,7 +100,7 @@ resource "aws_lambda_function" "this" { # When a lambda function is invoked, AWS creates the log group automatically if it doesn't exist yet. # Without the dependency, this can result in a race condition if the lambda function is invoked before # Terraform can create the log group. - depends_on = [null_resource.archive, aws_s3_bucket_object.lambda_package, aws_cloudwatch_log_group.lambda] + depends_on = [null_resource.archive, aws_s3_object.lambda_package, aws_cloudwatch_log_group.lambda] } resource "aws_lambda_layer_version" "this" { @@ -117,10 +121,10 @@ resource "aws_lambda_layer_version" "this" { s3_key = local.s3_key s3_object_version = local.s3_object_version - depends_on = [null_resource.archive, aws_s3_bucket_object.lambda_package] + depends_on = [null_resource.archive, aws_s3_object.lambda_package] } -resource "aws_s3_bucket_object" "lambda_package" { +resource "aws_s3_object" "lambda_package" { count = local.create && var.store_on_s3 && var.create_package ? 1 : 0 bucket = var.s3_bucket diff --git a/variables.tf b/variables.tf index 24243bfa..b1751877 100644 --- a/variables.tf +++ b/variables.tf @@ -103,6 +103,12 @@ variable "memory_size" { default = 128 } +variable "ephemeral_storage_size" { + description = "Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB)." + type = number + default = 512 +} + variable "publish" { description = "Whether to publish creation/change as new Lambda Function Version." type = bool diff --git a/versions.tf b/versions.tf index 3727a394..e54af37b 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.69" + version = ">= 4.8.0" } external = { source = "hashicorp/external" From d4b55a8bb142a7124f4cd910d68a631d9658260e Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 28 Mar 2022 10:19:30 +0200 Subject: [PATCH 175/385] feat!: Updated AWS provider to version 4.8 (#296) This is the correction after #291 BREAKING CHANGES: - Yes --- README.md | 6 +-- examples/alias/README.md | 4 +- examples/alias/versions.tf | 10 ++++- examples/async/README.md | 4 +- examples/async/versions.tf | 10 ++++- examples/build-package/README.md | 4 +- examples/build-package/versions.tf | 10 ++++- examples/complete/README.md | 8 ++-- examples/complete/versions.tf | 10 ++++- examples/container-image/README.md | 4 +- examples/container-image/versions.tf | 10 ++++- examples/deploy/README.md | 4 +- examples/deploy/versions.tf | 10 ++++- examples/multiple-regions/README.md | 4 +- examples/multiple-regions/versions.tf | 10 ++++- examples/simple/README.md | 4 +- examples/simple/versions.tf | 10 ++++- examples/triggers/README.md | 4 +- examples/triggers/versions.tf | 10 ++++- examples/with-efs/README.md | 4 +- examples/with-efs/versions.tf | 10 ++++- examples/with-vpc/README.md | 4 +- examples/with-vpc/versions.tf | 10 ++++- iam.tf | 32 +++++++------- main.tf | 62 +++++++++++++-------------- modules/alias/main.tf | 24 +++++------ modules/alias/versions.tf | 5 ++- modules/deploy/README.md | 8 ++-- modules/deploy/versions.tf | 15 +++++-- versions.tf | 2 +- 30 files changed, 195 insertions(+), 117 deletions(-) diff --git a/README.md b/README.md index 64c74e36..86d97204 100644 --- a/README.md +++ b/README.md @@ -602,7 +602,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 4.8.0 | +| [aws](#requirement\_aws) | >= 4.8 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -611,7 +611,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.8.0 | +| [aws](#provider\_aws) | >= 4.8 | | [external](#provider\_external) | >= 1.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | @@ -710,7 +710,7 @@ No modules. | [docker\_pip\_cache](#input\_docker\_pip\_cache) | Whether to mount a shared pip cache folder into docker environment or not | `any` | `null` | no | | [docker\_with\_ssh\_agent](#input\_docker\_with\_ssh\_agent) | Whether to pass SSH\_AUTH\_SOCK into docker environment or not | `bool` | `false` | no | | [environment\_variables](#input\_environment\_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no | -| [ephemeral\_storage\_size](#input\_ephemeral\_storage\_size) | Amount of ephemeral storage size (`/tmp`) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | `number` | `512` | no | +| [ephemeral\_storage\_size](#input\_ephemeral\_storage\_size) | Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | `number` | `512` | no | | [event\_source\_mapping](#input\_event\_source\_mapping) | Map of event source mapping | `any` | `{}` | no | | [file\_system\_arn](#input\_file\_system\_arn) | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | `string` | `null` | no | | [file\_system\_local\_mount\_path](#input\_file\_system\_local\_mount\_path) | The path where the function can access the file system, starting with /mnt/. | `string` | `null` | no | diff --git a/examples/alias/README.md b/examples/alias/README.md index 950588b7..c57e10b8 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -21,13 +21,13 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 2 | +| [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [random](#provider\_random) | >= 2 | +| [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index d977ca64..6f0e3af3 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -2,7 +2,13 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.19" - random = ">= 2" + aws = { + source = "hashicorp/aws" + version = ">= 3.19" + } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } } } diff --git a/examples/async/README.md b/examples/async/README.md index 024f1237..326d1f7b 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.61 | -| [random](#requirement\_random) | >= 2 | +| [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.61 | -| [random](#provider\_random) | >= 2 | +| [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/async/versions.tf b/examples/async/versions.tf index 16aefdd0..2a88692a 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -2,7 +2,13 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.61" - random = ">= 2" + aws = { + source = "hashicorp/aws" + version = ">= 3.61" + } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } } } diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 0d1f4a4f..739e8b0a 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -21,13 +21,13 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 2 | +| [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [random](#provider\_random) | >= 2 | +| [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index d977ca64..6f0e3af3 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -2,7 +2,13 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.19" - random = ">= 2" + aws = { + source = "hashicorp/aws" + version = ">= 3.19" + } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } } } diff --git a/examples/complete/README.md b/examples/complete/README.md index 4c4f92f1..d4dc6595 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -21,15 +21,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 2.67 | -| [random](#requirement\_random) | >= 2 | +| [aws](#requirement\_aws) | >= 4.8 | +| [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.67 | -| [random](#provider\_random) | >= 2 | +| [aws](#provider\_aws) | >= 4.8 | +| [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 9e58d511..b19bca77 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -2,7 +2,13 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 4.8.0" - random = ">= 2" + aws = { + source = "hashicorp/aws" + version = ">= 4.8" + } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } } } diff --git a/examples/container-image/README.md b/examples/container-image/README.md index c44653c9..83ba91b5 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -21,13 +21,13 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 2 | +| [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [random](#provider\_random) | >= 2 | +| [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index d977ca64..6f0e3af3 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -2,7 +2,13 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.19" - random = ">= 2" + aws = { + source = "hashicorp/aws" + version = ">= 3.19" + } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } } } diff --git a/examples/deploy/README.md b/examples/deploy/README.md index ada8f65a..5b0846f0 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 2 | +| [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.19 | -| [random](#provider\_random) | >= 2 | +| [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index d977ca64..6f0e3af3 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -2,7 +2,13 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.19" - random = ">= 2" + aws = { + source = "hashicorp/aws" + version = ">= 3.19" + } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } } } diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 39ca75f6..3673cc1a 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 2 | +| [random](#requirement\_random) | >= 2.0 | ## Providers @@ -30,7 +30,7 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | [aws](#provider\_aws) | >= 3.19 | | [aws.us-east-1](#provider\_aws.us-east-1) | >= 3.19 | -| [random](#provider\_random) | >= 2 | +| [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index d977ca64..6f0e3af3 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -2,7 +2,13 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.19" - random = ">= 2" + aws = { + source = "hashicorp/aws" + version = ">= 3.19" + } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } } } diff --git a/examples/simple/README.md b/examples/simple/README.md index fafada37..6fe52aa2 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -21,13 +21,13 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 2 | +| [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [random](#provider\_random) | >= 2 | +| [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index d977ca64..6f0e3af3 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -2,7 +2,13 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.19" - random = ">= 2" + aws = { + source = "hashicorp/aws" + version = ">= 3.19" + } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } } } diff --git a/examples/triggers/README.md b/examples/triggers/README.md index 8fc7adb8..973963f5 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -22,14 +22,14 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 2.67 | -| [random](#requirement\_random) | >= 2 | +| [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 2.67 | -| [random](#provider\_random) | >= 2 | +| [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/triggers/versions.tf b/examples/triggers/versions.tf index a32909ec..13f523bb 100644 --- a/examples/triggers/versions.tf +++ b/examples/triggers/versions.tf @@ -2,7 +2,13 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 2.67" - random = ">= 2" + aws = { + source = "hashicorp/aws" + version = ">= 2.67" + } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } } } diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index 52135ffb..a923c6b7 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -22,14 +22,14 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 2 | +| [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.19 | -| [random](#provider\_random) | >= 2 | +| [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index d977ca64..6f0e3af3 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -2,7 +2,13 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.19" - random = ">= 2" + aws = { + source = "hashicorp/aws" + version = ">= 3.19" + } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } } } diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 5c632d07..2f7a7be8 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -23,13 +23,13 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 2 | +| [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [random](#provider\_random) | >= 2 | +| [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index d977ca64..6f0e3af3 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -2,7 +2,13 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.19" - random = ">= 2" + aws = { + source = "hashicorp/aws" + version = ">= 3.19" + } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } } } diff --git a/iam.tf b/iam.tf index 6102fc66..93d444a2 100644 --- a/iam.tf +++ b/iam.tf @@ -57,13 +57,13 @@ data "aws_iam_policy_document" "assume_role" { for_each = var.assume_role_policy_statements content { - sid = lookup(statement.value, "sid", replace(statement.key, "/[^0-9A-Za-z]*/", "")) - effect = lookup(statement.value, "effect", null) - actions = lookup(statement.value, "actions", null) - not_actions = lookup(statement.value, "not_actions", null) + sid = try(statement.value.sid, replace(statement.key, "/[^0-9A-Za-z]*/", "")) + effect = try(statement.value.effect, null) + actions = try(statement.value.actions, null) + not_actions = try(statement.value.not_actions, null) dynamic "principals" { - for_each = lookup(statement.value, "principals", []) + for_each = try(statement.value.principals, []) content { type = principals.value.type identifiers = principals.value.identifiers @@ -71,7 +71,7 @@ data "aws_iam_policy_document" "assume_role" { } dynamic "not_principals" { - for_each = lookup(statement.value, "not_principals", []) + for_each = try(statement.value.not_principals, []) content { type = not_principals.value.type identifiers = not_principals.value.identifiers @@ -79,7 +79,7 @@ data "aws_iam_policy_document" "assume_role" { } dynamic "condition" { - for_each = lookup(statement.value, "condition", []) + for_each = try(statement.value.condition, []) content { test = condition.value.test variable = condition.value.variable @@ -346,15 +346,15 @@ data "aws_iam_policy_document" "additional_inline" { for_each = var.policy_statements content { - sid = lookup(statement.value, "sid", replace(statement.key, "/[^0-9A-Za-z]*/", "")) - effect = lookup(statement.value, "effect", null) - actions = lookup(statement.value, "actions", null) - not_actions = lookup(statement.value, "not_actions", null) - resources = lookup(statement.value, "resources", null) - not_resources = lookup(statement.value, "not_resources", null) + sid = try(statement.value.sid, replace(statement.key, "/[^0-9A-Za-z]*/", "")) + effect = try(statement.value.effect, null) + actions = try(statement.value.actions, null) + not_actions = try(statement.value.not_actions, null) + resources = try(statement.value.resources, null) + not_resources = try(statement.value.not_resources, null) dynamic "principals" { - for_each = lookup(statement.value, "principals", []) + for_each = try(statement.value.principals, []) content { type = principals.value.type identifiers = principals.value.identifiers @@ -362,7 +362,7 @@ data "aws_iam_policy_document" "additional_inline" { } dynamic "not_principals" { - for_each = lookup(statement.value, "not_principals", []) + for_each = try(statement.value.not_principals, []) content { type = not_principals.value.type identifiers = not_principals.value.identifiers @@ -370,7 +370,7 @@ data "aws_iam_policy_document" "additional_inline" { } dynamic "condition" { - for_each = lookup(statement.value, "condition", []) + for_each = try(statement.value.condition, []) content { test = condition.value.test variable = condition.value.variable diff --git a/main.tf b/main.tf index 5296554c..fe32f7e0 100644 --- a/main.tf +++ b/main.tf @@ -13,9 +13,9 @@ locals { was_missing = var.local_existing_package != null ? !fileexists(var.local_existing_package) : local.archive_was_missing # s3_* - to get package from S3 - s3_bucket = var.s3_existing_package != null ? lookup(var.s3_existing_package, "bucket", null) : (var.store_on_s3 ? var.s3_bucket : null) - s3_key = var.s3_existing_package != null ? lookup(var.s3_existing_package, "key", null) : (var.store_on_s3 ? var.s3_prefix != null ? format("%s%s", var.s3_prefix, replace(local.archive_filename_string, "/^.*//", "")) : replace(local.archive_filename_string, "/^\\.//", "") : null) - s3_object_version = var.s3_existing_package != null ? lookup(var.s3_existing_package, "version_id", null) : (var.store_on_s3 ? try(aws_s3_object.lambda_package[0].version_id, null) : null) + s3_bucket = var.s3_existing_package != null ? try(var.s3_existing_package.bucket, null) : (var.store_on_s3 ? var.s3_bucket : null) + s3_key = var.s3_existing_package != null ? try(var.s3_existing_package.key, null) : (var.store_on_s3 ? var.s3_prefix != null ? format("%s%s", var.s3_prefix, replace(local.archive_filename_string, "/^.*//", "")) : replace(local.archive_filename_string, "/^\\.//", "") : null) + s3_object_version = var.s3_existing_package != null ? try(var.s3_existing_package.version_id, null) : (var.store_on_s3 ? try(aws_s3_object.lambda_package[0].version_id, null) : null) } @@ -204,12 +204,12 @@ resource "aws_lambda_permission" "current_version_triggers" { function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version - statement_id = lookup(each.value, "statement_id", each.key) - action = lookup(each.value, "action", "lambda:InvokeFunction") - principal = lookup(each.value, "principal", format("%s.amazonaws.com", lookup(each.value, "service", ""))) - source_arn = lookup(each.value, "source_arn", null) - source_account = lookup(each.value, "source_account", null) - event_source_token = lookup(each.value, "event_source_token", null) + statement_id = try(each.value.statement_id, each.key) + action = try(each.value.action, "lambda:InvokeFunction") + principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + source_arn = try(each.value.source_arn, null) + source_account = try(each.value.source_account, null) + event_source_token = try(each.value.event_source_token, null) } # Error: Error adding new Lambda Permission for lambda: InvalidParameterValueException: We currently do not support adding policies for $LATEST. @@ -218,12 +218,12 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" { function_name = aws_lambda_function.this[0].function_name - statement_id = lookup(each.value, "statement_id", each.key) - action = lookup(each.value, "action", "lambda:InvokeFunction") - principal = lookup(each.value, "principal", format("%s.amazonaws.com", lookup(each.value, "service", ""))) - source_arn = lookup(each.value, "source_arn", null) - source_account = lookup(each.value, "source_account", null) - event_source_token = lookup(each.value, "event_source_token", null) + statement_id = try(each.value.statement_id, each.key) + action = try(each.value.action, "lambda:InvokeFunction") + principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + source_arn = try(each.value.source_arn, null) + source_account = try(each.value.source_account, null) + event_source_token = try(each.value.event_source_token, null) } resource "aws_lambda_event_source_mapping" "this" { @@ -233,21 +233,21 @@ resource "aws_lambda_event_source_mapping" "this" { event_source_arn = each.value.event_source_arn - batch_size = lookup(each.value, "batch_size", null) - maximum_batching_window_in_seconds = lookup(each.value, "maximum_batching_window_in_seconds", null) - enabled = lookup(each.value, "enabled", null) - starting_position = lookup(each.value, "starting_position", null) - starting_position_timestamp = lookup(each.value, "starting_position_timestamp", null) - parallelization_factor = lookup(each.value, "parallelization_factor", null) - maximum_retry_attempts = lookup(each.value, "maximum_retry_attempts", null) - maximum_record_age_in_seconds = lookup(each.value, "maximum_record_age_in_seconds", null) - bisect_batch_on_function_error = lookup(each.value, "bisect_batch_on_function_error", null) - topics = lookup(each.value, "topics", null) - queues = lookup(each.value, "queues", null) - function_response_types = lookup(each.value, "function_response_types", null) + batch_size = try(each.value.batch_size, null) + maximum_batching_window_in_seconds = try(each.value.maximum_batching_window_in_seconds, null) + enabled = try(each.value.enabled, null) + starting_position = try(each.value.starting_position, null) + starting_position_timestamp = try(each.value.starting_position_timestamp, null) + parallelization_factor = try(each.value.parallelization_factor, null) + maximum_retry_attempts = try(each.value.maximum_retry_attempts, null) + maximum_record_age_in_seconds = try(each.value.maximum_record_age_in_seconds, null) + bisect_batch_on_function_error = try(each.value.bisect_batch_on_function_error, null) + topics = try(each.value.topics, null) + queues = try(each.value.queues, null) + function_response_types = try(each.value.function_response_types, null) dynamic "destination_config" { - for_each = lookup(each.value, "destination_arn_on_failure", null) != null ? [true] : [] + for_each = try(each.value.destination_arn_on_failure, null) != null ? [true] : [] content { on_failure { destination_arn = each.value["destination_arn_on_failure"] @@ -256,7 +256,7 @@ resource "aws_lambda_event_source_mapping" "this" { } dynamic "source_access_configuration" { - for_each = lookup(each.value, "source_access_configuration", []) + for_each = try(each.value.source_access_configuration, []) content { type = source_access_configuration.value["type"] uri = source_access_configuration.value["uri"] @@ -264,11 +264,11 @@ resource "aws_lambda_event_source_mapping" "this" { } dynamic "filter_criteria" { - for_each = lookup(each.value, "filter_criteria", null) != null ? [true] : [] + for_each = try(each.value.filter_criteria, null) != null ? [true] : [] content { filter { - pattern = lookup(each.value["filter_criteria"], "pattern", null) + pattern = try(each.value["filter_criteria"].pattern, null) } } } diff --git a/modules/alias/main.tf b/modules/alias/main.tf index 3ba9c537..859c125a 100644 --- a/modules/alias/main.tf +++ b/modules/alias/main.tf @@ -87,12 +87,12 @@ resource "aws_lambda_permission" "version_triggers" { # Error: Error adding new Lambda Permission for ... InvalidParameterValueException: We currently do not support adding policies for $LATEST. qualifier = local.version != "$LATEST" ? local.version : null - statement_id = lookup(each.value, "statement_id", each.key) - action = lookup(each.value, "action", "lambda:InvokeFunction") - principal = lookup(each.value, "principal", format("%s.amazonaws.com", lookup(each.value, "service", ""))) - source_arn = lookup(each.value, "source_arn", null) - source_account = lookup(each.value, "source_account", null) - event_source_token = lookup(each.value, "event_source_token", null) + statement_id = try(each.value.statement_id, each.key) + action = try(each.value.action, "lambda:InvokeFunction") + principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + source_arn = try(each.value.source_arn, null) + source_account = try(each.value.source_account, null) + event_source_token = try(each.value.event_source_token, null) } resource "aws_lambda_permission" "qualified_alias_triggers" { @@ -101,10 +101,10 @@ resource "aws_lambda_permission" "qualified_alias_triggers" { function_name = var.function_name qualifier = var.name - statement_id = lookup(each.value, "statement_id", each.key) - action = lookup(each.value, "action", "lambda:InvokeFunction") - principal = lookup(each.value, "principal", format("%s.amazonaws.com", lookup(each.value, "service", ""))) - source_arn = lookup(each.value, "source_arn", null) - source_account = lookup(each.value, "source_account", null) - event_source_token = lookup(each.value, "event_source_token", null) + statement_id = try(each.value.statement_id, each.key) + action = try(each.value.action, "lambda:InvokeFunction") + principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + source_arn = try(each.value.source_arn, null) + source_account = try(each.value.source_account, null) + event_source_token = try(each.value.event_source_token, null) } diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index 7c107841..d56fc0e8 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -2,6 +2,9 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.35" + aws = { + source = "hashicorp/aws" + version = ">= 3.35" + } } } diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 7a190794..7064c86f 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -102,16 +102,16 @@ module "lambda" { |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.35 | -| [local](#requirement\_local) | >= 1 | -| [null](#requirement\_null) | >= 2 | +| [local](#requirement\_local) | >= 1.0 | +| [null](#requirement\_null) | >= 2.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.35 | -| [local](#provider\_local) | >= 1 | -| [null](#provider\_null) | >= 2 | +| [local](#provider\_local) | >= 1.0 | +| [null](#provider\_null) | >= 2.0 | ## Modules diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index 232880f0..deb3cfd9 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -2,8 +2,17 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.35" - local = ">= 1" - null = ">= 2" + aws = { + source = "hashicorp/aws" + version = ">= 3.35" + } + local = { + source = "hashicorp/local" + version = ">= 1.0" + } + null = { + source = "hashicorp/null" + version = ">= 2.0" + } } } diff --git a/versions.tf b/versions.tf index e54af37b..74f13846 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.8.0" + version = ">= 4.8" } external = { source = "hashicorp/external" From 295956f4217b5812c4f6f8d5395acfbc0a50a2bd Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 28 Mar 2022 08:20:05 +0000 Subject: [PATCH 176/385] chore(release): version 3.0.0 [skip ci] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## [3.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.36.0...v3.0.0) (2022-03-28) ### ⚠ BREAKING CHANGES * Updated AWS provider to version 4.8 (#296) ### Features * Added support for ephemeral storage (requires AWS provider version 4.8.0) ([#291](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/291)) ([f191bae](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/f191baea053e126fc6b83a2ea4d6988c4f47ebde)) * Updated AWS provider to version 4.8 ([#296](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/296)) ([d4b55a8](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/d4b55a8bb142a7124f4cd910d68a631d9658260e)), closes [#291](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/291) --- CHANGELOG.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ba9286f7..1ea3668a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ All notable changes to this project will be documented in this file. +## [3.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.36.0...v3.0.0) (2022-03-28) + + +### ⚠ BREAKING CHANGES + +* Updated AWS provider to version 4.8 (#296) + +### Features + +* Added support for ephemeral storage (requires AWS provider version 4.8.0) ([#291](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/291)) ([f191bae](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/f191baea053e126fc6b83a2ea4d6988c4f47ebde)) +* Updated AWS provider to version 4.8 ([#296](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/296)) ([d4b55a8](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/d4b55a8bb142a7124f4cd910d68a631d9658260e)), closes [#291](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/291) + ## [2.36.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.35.1...v2.36.0) (2022-03-26) From 5ab1383042c1e73ea1a1f709c9a279815ae0cf1a Mon Sep 17 00:00:00 2001 From: Mukesh Sharma Date: Mon, 28 Mar 2022 21:38:59 +1300 Subject: [PATCH 177/385] fix: Removed hard-coded AWS account id in examples (#275) Co-authored-by: Anton Babenko --- examples/complete/main.tf | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 56bc0383..d644fc5f 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -9,6 +9,8 @@ provider "aws" { skip_requesting_account_id = true } +data "aws_caller_identity" "current" {} + #################################################### # Lambda Function (building locally, storing on S3, # set allowed triggers, set policies) @@ -52,15 +54,15 @@ module "lambda_function" { allowed_triggers = { APIGatewayAny = { service = "apigateway" - source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*" + source_arn = "arn:aws:execute-api:eu-west-1:${data.aws_caller_identity.current.account_id}:aqnku8akd0/*/*/*" }, APIGatewayDevPost = { service = "apigateway" - source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/dev/POST/*" + source_arn = "arn:aws:execute-api:eu-west-1:${data.aws_caller_identity.current.account_id}:aqnku8akd0/dev/POST/*" }, OneRule = { principal = "events.amazonaws.com" - source_arn = "arn:aws:events:eu-west-1:135367859851:rule/RunDaily" + source_arn = "arn:aws:events:eu-west-1:${data.aws_caller_identity.current.account_id}:rule/RunDaily" } } @@ -75,7 +77,7 @@ module "lambda_function" { principals = { account_principal = { type = "AWS", - identifiers = ["arn:aws:iam::135367859851:root"] + identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"] } } condition = { From 638485b3ed6bb24dedb940ac0f65d201887e9ecc Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 28 Mar 2022 08:39:31 +0000 Subject: [PATCH 178/385] chore(release): version 3.0.1 [skip ci] ### [3.0.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.0.0...v3.0.1) (2022-03-28) ### Bug Fixes * Removed hard-coded AWS account id in examples ([#275](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/275)) ([5ab1383](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/5ab1383042c1e73ea1a1f709c9a279815ae0cf1a)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ea3668a..a14a30dd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [3.0.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.0.0...v3.0.1) (2022-03-28) + + +### Bug Fixes + +* Removed hard-coded AWS account id in examples ([#275](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/275)) ([5ab1383](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/5ab1383042c1e73ea1a1f709c9a279815ae0cf1a)) + ## [3.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v2.36.0...v3.0.0) (2022-03-28) From ee41186b6e8bd04edfb1805b49820a7237f941a8 Mon Sep 17 00:00:00 2001 From: "Huy, Tae Young" Date: Mon, 28 Mar 2022 18:11:53 +0900 Subject: [PATCH 179/385] feat: Added support for self managed kafka in event source mapping (#278) --- examples/complete/README.md | 1 + examples/event-source-mapping/main.tf | 26 ++++++++++++++++++++++++++ main.tf | 9 ++++++++- 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/examples/complete/README.md b/examples/complete/README.md index d4dc6595..d0231c02 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -54,6 +54,7 @@ Note that this example may create resources which cost money. Run `terraform des |------|------| | [aws_sqs_queue.dlq](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | ## Inputs diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index 9266dfc9..62e57443 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -63,6 +63,32 @@ module "lambda_function" { } ] } + # self_managed_kafka = { + # batch_size = 1 + # starting_position = "TRIM_HORIZON" + # topics = ["topic1", "topic2"] + # self_managed_event_source = [ + # { + # endpoints = { + # KAFKA_BOOTSTRAP_SERVERS = "kafka1.example.com:9092,kafka2.example.com:9092" + # } + # } + # ] + # source_access_configuration = [ + # { + # type = "SASL_SCRAM_512_AUTH", + # uri = "SECRET_AUTH_INFO" + # }, + # { + # type = "VPC_SECURITY_GROUP", + # uri = "security_group:sg-12345678" + # }, + # { + # type = "VPC_SUBNET" + # uri = "subnet:subnet-12345678" + # } + # ] + # } } allowed_triggers = { diff --git a/main.tf b/main.tf index fe32f7e0..fa201996 100644 --- a/main.tf +++ b/main.tf @@ -231,7 +231,7 @@ resource "aws_lambda_event_source_mapping" "this" { function_name = aws_lambda_function.this[0].arn - event_source_arn = each.value.event_source_arn + event_source_arn = try(each.value.event_source_arn, null) batch_size = try(each.value.batch_size, null) maximum_batching_window_in_seconds = try(each.value.maximum_batching_window_in_seconds, null) @@ -255,6 +255,13 @@ resource "aws_lambda_event_source_mapping" "this" { } } + dynamic "self_managed_event_source" { + for_each = try(each.value.self_managed_event_source, []) + content { + endpoints = self_managed_event_source.value.endpoints + } + } + dynamic "source_access_configuration" { for_each = try(each.value.source_access_configuration, []) content { From de9052f305e4176615c114d6ad275fd385afd0b8 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 28 Mar 2022 09:12:35 +0000 Subject: [PATCH 180/385] chore(release): version 3.1.0 [skip ci] ## [3.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.0.1...v3.1.0) (2022-03-28) ### Features * Added support for self managed kafka in event source mapping ([#278](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/278)) ([ee41186](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/ee41186b6e8bd04edfb1805b49820a7237f941a8)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a14a30dd..c3c31bb8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [3.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.0.1...v3.1.0) (2022-03-28) + + +### Features + +* Added support for self managed kafka in event source mapping ([#278](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/278)) ([ee41186](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/ee41186b6e8bd04edfb1805b49820a7237f941a8)) + ### [3.0.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.0.0...v3.0.1) (2022-03-28) From 13c444905e18fa9eceffd07ee884251eb28a8fd5 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 13 Apr 2022 22:18:33 +0200 Subject: [PATCH 181/385] fix: Fixed ephemeral_storage in AWS govcloud region (#305) --- main.tf | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index fa201996..57f9a041 100644 --- a/main.tf +++ b/main.tf @@ -37,8 +37,13 @@ resource "aws_lambda_function" "this" { package_type = var.package_type architectures = var.architectures - ephemeral_storage { - size = var.ephemeral_storage_size + /* ephemeral_storage is not supported in gov-cloud region, so it should be set to `null` */ + dynamic "ephemeral_storage" { + for_each = var.ephemeral_storage_size == null ? [] : [true] + + content { + size = var.ephemeral_storage_size + } } filename = local.filename From 4bc9ef2349783ca912d5ac062cf4caa2a8923399 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 13 Apr 2022 20:19:06 +0000 Subject: [PATCH 182/385] chore(release): version 3.1.1 [skip ci] ### [3.1.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.1.0...v3.1.1) (2022-04-13) ### Bug Fixes * Fixed ephemeral_storage in AWS govcloud region ([#305](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/305)) ([13c4449](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/13c444905e18fa9eceffd07ee884251eb28a8fd5)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c3c31bb8..de46e2fe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [3.1.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.1.0...v3.1.1) (2022-04-13) + + +### Bug Fixes + +* Fixed ephemeral_storage in AWS govcloud region ([#305](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/305)) ([13c4449](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/13c444905e18fa9eceffd07ee884251eb28a8fd5)) + ## [3.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.0.1...v3.1.0) (2022-03-28) From c239f9d722c8c68cb5d43f96f108540c1b99f95b Mon Sep 17 00:00:00 2001 From: Chris Spitzenberger <43446469+spitzzz@users.noreply.github.com> Date: Wed, 27 Apr 2022 03:50:38 -0500 Subject: [PATCH 183/385] feat: Add support for Lambda Function URL resource (#308) --- .pre-commit-config.yaml | 4 ++-- README.md | 11 +++++++++-- examples/complete/README.md | 6 ++++-- examples/complete/main.tf | 14 ++++++++++++++ examples/complete/outputs.tf | 11 +++++++++++ examples/complete/versions.tf | 2 +- main.tf | 23 +++++++++++++++++++++++ outputs.tf | 11 +++++++++++ variables.tf | 28 ++++++++++++++++++++++++++++ versions.tf | 2 +- 10 files changed, 104 insertions(+), 8 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 093121e0..be3cc7aa 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.62.3 + rev: v1.69.0 hooks: - id: terraform_fmt - id: terraform_validate @@ -23,7 +23,7 @@ repos: - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.1.0 + rev: v4.2.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/README.md b/README.md index 86d97204..6f47a04f 100644 --- a/README.md +++ b/README.md @@ -602,7 +602,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 4.8 | +| [aws](#requirement\_aws) | >= 4.9 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -611,7 +611,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.8 | +| [aws](#provider\_aws) | >= 4.9 | | [external](#provider\_external) | >= 1.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | @@ -647,6 +647,7 @@ No modules. | [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | | [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | | [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | +| [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource | | [aws_lambda_layer_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_layer_version) | resource | | [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | | [aws_lambda_permission.unqualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | @@ -684,22 +685,26 @@ No modules. | [attach\_policy\_jsons](#input\_attach\_policy\_jsons) | Controls whether policy\_jsons should be added to IAM role for Lambda Function | `bool` | `false` | no | | [attach\_policy\_statements](#input\_attach\_policy\_statements) | Controls whether policy\_statements should be added to IAM role for Lambda Function | `bool` | `false` | no | | [attach\_tracing\_policy](#input\_attach\_tracing\_policy) | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | `bool` | `false` | no | +| [authorization\_type](#input\_authorization\_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS\_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no | | [build\_in\_docker](#input\_build\_in\_docker) | Whether to build dependencies in Docker | `bool` | `false` | no | | [cloudwatch\_logs\_kms\_key\_id](#input\_cloudwatch\_logs\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | | [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | | [cloudwatch\_logs\_tags](#input\_cloudwatch\_logs\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | | [compatible\_architectures](#input\_compatible\_architectures) | A list of Architectures Lambda layer is compatible with. Currently x86\_64 and arm64 can be specified. | `list(string)` | `null` | no | | [compatible\_runtimes](#input\_compatible\_runtimes) | A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified. | `list(string)` | `[]` | no | +| [cors](#input\_cors) | CORS settings to be used by the Lambda Function URL | `any` | `{}` | no | | [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | | [create\_async\_event\_config](#input\_create\_async\_event\_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no | | [create\_current\_version\_allowed\_triggers](#input\_create\_current\_version\_allowed\_triggers) | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | | [create\_current\_version\_async\_event\_config](#input\_create\_current\_version\_async\_event\_config) | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no | | [create\_function](#input\_create\_function) | Controls whether Lambda Function resource should be created | `bool` | `true` | no | +| [create\_lambda\_function\_url](#input\_create\_lambda\_function\_url) | Controls whether the Lambda Function URL resource should be created | `bool` | `false` | no | | [create\_layer](#input\_create\_layer) | Controls whether Lambda Layer resource should be created | `bool` | `false` | no | | [create\_package](#input\_create\_package) | Controls whether Lambda package should be created | `bool` | `true` | no | | [create\_role](#input\_create\_role) | Controls whether IAM role for Lambda Function should be created | `bool` | `true` | no | | [create\_unqualified\_alias\_allowed\_triggers](#input\_create\_unqualified\_alias\_allowed\_triggers) | Whether to allow triggers on unqualified alias pointing to $LATEST version | `bool` | `true` | no | | [create\_unqualified\_alias\_async\_event\_config](#input\_create\_unqualified\_alias\_async\_event\_config) | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | `bool` | `true` | no | +| [create\_unqualified\_alias\_lambda\_function\_url](#input\_create\_unqualified\_alias\_lambda\_function\_url) | Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL | `bool` | `true` | no | | [dead\_letter\_target\_arn](#input\_dead\_letter\_target\_arn) | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | `string` | `null` | no | | [description](#input\_description) | Description of your Lambda Function (or Layer) | `string` | `""` | no | | [destination\_on\_failure](#input\_destination\_on\_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | @@ -790,6 +795,8 @@ No modules. | [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | | [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | | [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_url](#output\_lambda\_function\_url) | The URL of the Lambda Function URL | +| [lambda\_function\_url\_id](#output\_lambda\_function\_url\_id) | The Lambda Function URL generated id | | [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | | [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | | [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | diff --git a/examples/complete/README.md b/examples/complete/README.md index d0231c02..1ed48636 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 4.8 | +| [aws](#requirement\_aws) | >= 4.9 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.8 | +| [aws](#provider\_aws) | >= 4.9 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -73,6 +73,8 @@ No inputs. | [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | | [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | | [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_url](#output\_lambda\_function\_url) | The URL of the Lambda Function URL | +| [lambda\_function\_url\_id](#output\_lambda\_function\_url\_id) | The Lambda Function URL generated id | | [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | | [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | | [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index d644fc5f..0d33d36c 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -66,6 +66,20 @@ module "lambda_function" { } } + ###################### + # Lambda Function URL + ###################### + create_lambda_function_url = true + authorization_type = "AWS_IAM" + cors = { + allow_credentials = true + allow_origins = ["*"] + allow_methods = ["*"] + allow_headers = ["date", "keep-alive"] + expose_headers = ["keep-alive", "date"] + max_age = 86400 + } + ###################### # Additional policies ###################### diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 83dbee63..91107b40 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -44,6 +44,17 @@ output "lambda_function_source_code_size" { value = module.lambda_function.lambda_function_source_code_size } +# Lambda Function URL +output "lambda_function_url" { + description = "The URL of the Lambda Function URL" + value = module.lambda_function.lambda_function_url +} + +output "lambda_function_url_id" { + description = "The Lambda Function URL generated id" + value = module.lambda_function.lambda_function_url_id +} + # Lambda Layer output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index b19bca77..629d346a 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.8" + version = ">= 4.9" } random = { source = "hashicorp/random" diff --git a/main.tf b/main.tf index 57f9a041..3c9e4c4e 100644 --- a/main.tf +++ b/main.tf @@ -285,3 +285,26 @@ resource "aws_lambda_event_source_mapping" "this" { } } } + +resource "aws_lambda_function_url" "this" { + count = local.create && var.create_function && !var.create_layer && var.create_lambda_function_url ? 1 : 0 + + function_name = aws_lambda_function.this[0].function_name + + # Error: error creating Lambda Function URL: ValidationException + qualifier = var.create_unqualified_alias_lambda_function_url ? null : aws_lambda_function.this[0].version + authorization_type = var.authorization_type + + dynamic "cors" { + for_each = length(keys(var.cors)) == 0 ? [] : [var.cors] + + content { + allow_credentials = try(cors.value.allow_credentials, null) + allow_headers = try(cors.value.allow_headers, null) + allow_methods = try(cors.value.allow_methods, null) + allow_origins = try(cors.value.allow_origins, null) + expose_headers = try(cors.value.expose_headers, null) + max_age = try(cors.value.max_age, null) + } + } +} diff --git a/outputs.tf b/outputs.tf index 53b6b8a3..f07a3450 100644 --- a/outputs.tf +++ b/outputs.tf @@ -44,6 +44,17 @@ output "lambda_function_source_code_size" { value = try(aws_lambda_function.this[0].source_code_size, "") } +# Lambda Function URL +output "lambda_function_url" { + description = "The URL of the Lambda Function URL" + value = try(aws_lambda_function_url.this[0].function_url, "") +} + +output "lambda_function_url_id" { + description = "The Lambda Function URL generated id" + value = try(aws_lambda_function_url.this[0].url_id, "") +} + # Lambda Layer output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" diff --git a/variables.tf b/variables.tf index b1751877..55f9f61d 100644 --- a/variables.tf +++ b/variables.tf @@ -28,6 +28,12 @@ variable "create_role" { default = true } +variable "create_lambda_function_url" { + description = "Controls whether the Lambda Function URL resource should be created" + type = bool + default = false +} + variable "putin_khuylo" { description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!" type = bool @@ -205,6 +211,28 @@ variable "image_config_working_directory" { default = null } +############### +# Function URL +############### + +variable "create_unqualified_alias_lambda_function_url" { + description = "Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL" + type = bool + default = true +} + +variable "authorization_type" { + description = "The type of authentication that the Lambda Function URL uses. Set to 'AWS_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint." + type = string + default = "NONE" +} + +variable "cors" { + description = "CORS settings to be used by the Lambda Function URL" + type = any + default = {} +} + ######## # Layer ######## diff --git a/versions.tf b/versions.tf index 74f13846..094732c8 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.8" + version = ">= 4.9" } external = { source = "hashicorp/external" From 19b9f11fc8ed04a34c02db553d3f463cab6b740a Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 27 Apr 2022 08:51:16 +0000 Subject: [PATCH 184/385] chore(release): version 3.2.0 [skip ci] ## [3.2.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.1.1...v3.2.0) (2022-04-27) ### Features * Add support for Lambda Function URL resource ([#308](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/308)) ([c239f9d](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/c239f9d722c8c68cb5d43f96f108540c1b99f95b)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index de46e2fe..7d4682e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [3.2.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.1.1...v3.2.0) (2022-04-27) + + +### Features + +* Add support for Lambda Function URL resource ([#308](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/308)) ([c239f9d](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/c239f9d722c8c68cb5d43f96f108540c1b99f95b)) + ### [3.1.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.1.0...v3.1.1) (2022-04-13) From 151a09a9b64a10cc8898becef245b7cdf96ee943 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 23 May 2022 21:19:12 +0200 Subject: [PATCH 185/385] fix: Removed docker provider block from docker-build submodule (#314) --- .pre-commit-config.yaml | 2 +- examples/container-image/README.md | 7 +++- examples/container-image/main.tf | 55 +++++++++++++++++----------- examples/container-image/versions.tf | 4 ++ modules/docker-build/README.md | 13 ++++++- modules/docker-build/main.tf | 10 ----- 6 files changed, 56 insertions(+), 35 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index be3cc7aa..19dda01a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.69.0 + rev: v1.71.0 hooks: - id: terraform_fmt - id: terraform_validate diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 83ba91b5..238f018d 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -1,4 +1,4 @@ -# AWS Lambda launched from Docker Container Image example +# AWS Lambda Function deployed from Docker Container Image example Configuration in this directory creates AWS Lambda Function deployed with a Container Image. @@ -21,12 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | +| [docker](#requirement\_docker) | >= 2.12 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| +| [aws](#provider\_aws) | >= 3.19 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -41,6 +43,9 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Type | |------|------| | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_ecr_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index 44928873..4f8928f5 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -1,3 +1,9 @@ +data "aws_region" "current" {} + +data "aws_caller_identity" "this" {} + +data "aws_ecr_authorization_token" "token" {} + provider "aws" { region = "eu-west-1" @@ -9,8 +15,12 @@ provider "aws" { skip_requesting_account_id = true } -resource "random_pet" "this" { - length = 2 +provider "docker" { + registry_auth { + address = format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.name) + username = data.aws_ecr_authorization_token.token.user_name + password = data.aws_ecr_authorization_token.token.password + } } module "lambda_function_from_container_image" { @@ -33,27 +43,30 @@ module "docker_image" { create_ecr_repo = true ecr_repo = random_pet.this.id - image_tag = "1.0" - source_path = "context" + ecr_repo_lifecycle_policy = jsonencode({ + "rules" : [ + { + "rulePriority" : 1, + "description" : "Keep only the last 2 images", + "selection" : { + "tagStatus" : "any", + "countType" : "imageCountMoreThan", + "countNumber" : 2 + }, + "action" : { + "type" : "expire" + } + } + ] + }) + + image_tag = "2.0" + source_path = "context" build_args = { FOO = "bar" } - ecr_repo_lifecycle_policy = < Date: Mon, 23 May 2022 19:19:45 +0000 Subject: [PATCH 186/385] chore(release): version 3.2.1 [skip ci] ### [3.2.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.2.0...v3.2.1) (2022-05-23) ### Bug Fixes * Removed docker provider block from docker-build submodule ([#314](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/314)) ([151a09a](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/151a09a9b64a10cc8898becef245b7cdf96ee943)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7d4682e5..dfeb6dea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [3.2.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.2.0...v3.2.1) (2022-05-23) + + +### Bug Fixes + +* Removed docker provider block from docker-build submodule ([#314](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/314)) ([151a09a](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/151a09a9b64a10cc8898becef245b7cdf96ee943)) + ## [3.2.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.1.1...v3.2.0) (2022-04-27) From af22d006c0b771809a0bf7a7a2bda49dafabb6a5 Mon Sep 17 00:00:00 2001 From: Matt Empson Date: Fri, 17 Jun 2022 05:38:50 +1000 Subject: [PATCH 187/385] feat: Added support for event source mapping in alias submodule (#320) --- examples/alias/README.md | 5 ++++ examples/alias/main.tf | 27 ++++++++++++++++++ examples/alias/outputs.tf | 20 ++++++++++++++ modules/alias/README.md | 6 ++++ modules/alias/main.tf | 56 ++++++++++++++++++++++++++++++++++++++ modules/alias/outputs.tf | 20 ++++++++++++++ modules/alias/variables.tf | 10 +++++++ 7 files changed, 144 insertions(+) diff --git a/examples/alias/README.md b/examples/alias/README.md index c57e10b8..115cbcb7 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -37,6 +37,7 @@ Note that this example may create resources which cost money. Run `terraform des | [alias\_no\_refresh](#module\_alias\_no\_refresh) | ../../modules/alias | n/a | | [alias\_refresh](#module\_alias\_refresh) | ../../modules/alias | n/a | | [lambda\_function](#module\_lambda\_function) | ../../ | n/a | +| [sqs\_events](#module\_sqs\_events) | terraform-aws-modules/sqs/aws | ~> 3.0 | ## Resources @@ -54,6 +55,10 @@ No inputs. |------|-------------| | [lambda\_alias\_arn](#output\_lambda\_alias\_arn) | The ARN of the Lambda Function Alias | | [lambda\_alias\_description](#output\_lambda\_alias\_description) | Description of alias | +| [lambda\_alias\_event\_source\_mapping\_function\_arn](#output\_lambda\_alias\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | +| [lambda\_alias\_event\_source\_mapping\_state](#output\_lambda\_alias\_event\_source\_mapping\_state) | The state of the event source mapping | +| [lambda\_alias\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_alias\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | +| [lambda\_alias\_event\_source\_mapping\_uuid](#output\_lambda\_alias\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | | [lambda\_alias\_function\_version](#output\_lambda\_alias\_function\_version) | Lambda function version which the alias uses | | [lambda\_alias\_invoke\_arn](#output\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | | [lambda\_alias\_name](#output\_lambda\_alias\_name) | The name of the Lambda Function Alias | diff --git a/examples/alias/main.tf b/examples/alias/main.tf index f429bdff..d39322de 100644 --- a/examples/alias/main.tf +++ b/examples/alias/main.tf @@ -13,6 +13,13 @@ resource "random_pet" "this" { length = 2 } +module "sqs_events" { + source = "terraform-aws-modules/sqs/aws" + version = "~> 3.0" + + name = "${random_pet.this.id}-events" +} + module "lambda_function" { source = "../../" @@ -29,6 +36,12 @@ module "lambda_function" { provisioned_concurrent_executions = 1 + attach_policies = true + policies = [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole", + ] + number_of_policies = 1 + allowed_triggers = { APIGatewayAny = { service = "apigateway" @@ -60,6 +73,13 @@ module "alias_no_refresh" { # create_async_event_config = true # maximum_event_age_in_seconds = 130 + event_source_mapping = { + sqs = { + service = "sqs" + event_source_arn = module.sqs_events.sqs_queue_arn + } + } + allowed_triggers = { AnotherAPIGatewayAny = { # keys should be unique service = "apigateway" @@ -92,6 +112,13 @@ module "alias_existing" { create_async_event_config = true maximum_event_age_in_seconds = 100 + event_source_mapping = { + sqs = { + service = "sqs" + event_source_arn = module.sqs_events.sqs_queue_arn + } + } + allowed_triggers = { ThirdAPIGatewayAny = { service = "apigateway" diff --git a/examples/alias/outputs.tf b/examples/alias/outputs.tf index a2b13ac9..30d33e80 100644 --- a/examples/alias/outputs.tf +++ b/examples/alias/outputs.tf @@ -119,3 +119,23 @@ output "lambda_alias_function_version" { description = "Lambda function version which the alias uses" value = module.alias_refresh.lambda_alias_function_version } + +output "lambda_alias_event_source_mapping_function_arn" { + description = "The the ARN of the Lambda function the event source mapping is sending events to" + value = module.alias_no_refresh.lambda_alias_event_source_mapping_function_arn +} + +output "lambda_alias_event_source_mapping_state" { + description = "The state of the event source mapping" + value = module.alias_no_refresh.lambda_alias_event_source_mapping_state +} + +output "lambda_alias_event_source_mapping_state_transition_reason" { + description = "The reason the event source mapping is in its current state" + value = module.alias_no_refresh.lambda_alias_event_source_mapping_state_transition_reason +} + +output "lambda_alias_event_source_mapping_uuid" { + description = "The UUID of the created event source mapping" + value = module.alias_no_refresh.lambda_alias_event_source_mapping_uuid +} diff --git a/modules/alias/README.md b/modules/alias/README.md index 303c314d..9466f51c 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -134,6 +134,7 @@ No modules. |------|------| | [aws_lambda_alias.no_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | | [aws_lambda_alias.with_refresh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_alias) | resource | +| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | | [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | | [aws_lambda_permission.qualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | | [aws_lambda_permission.version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | @@ -153,6 +154,7 @@ No modules. | [description](#input\_description) | Description of the alias. | `string` | `""` | no | | [destination\_on\_failure](#input\_destination\_on\_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | | [destination\_on\_success](#input\_destination\_on\_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | +| [event\_source\_mapping](#input\_event\_source\_mapping) | Map of event source mapping | `any` | `{}` | no | | [function\_name](#input\_function\_name) | The function ARN of the Lambda function for which you want to create an alias. | `string` | `""` | no | | [function\_version](#input\_function\_version) | Lambda function version for which you are creating the alias. Pattern: ($LATEST\|[0-9]+). | `string` | `""` | no | | [maximum\_event\_age\_in\_seconds](#input\_maximum\_event\_age\_in\_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | @@ -168,6 +170,10 @@ No modules. |------|-------------| | [lambda\_alias\_arn](#output\_lambda\_alias\_arn) | The ARN of the Lambda Function Alias | | [lambda\_alias\_description](#output\_lambda\_alias\_description) | Description of alias | +| [lambda\_alias\_event\_source\_mapping\_function\_arn](#output\_lambda\_alias\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | +| [lambda\_alias\_event\_source\_mapping\_state](#output\_lambda\_alias\_event\_source\_mapping\_state) | The state of the event source mapping | +| [lambda\_alias\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_alias\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | +| [lambda\_alias\_event\_source\_mapping\_uuid](#output\_lambda\_alias\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | | [lambda\_alias\_function\_version](#output\_lambda\_alias\_function\_version) | Lambda function version which the alias uses | | [lambda\_alias\_invoke\_arn](#output\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | | [lambda\_alias\_name](#output\_lambda\_alias\_name) | The name of the Lambda Function Alias | diff --git a/modules/alias/main.tf b/modules/alias/main.tf index 859c125a..823a4f7b 100644 --- a/modules/alias/main.tf +++ b/modules/alias/main.tf @@ -1,4 +1,5 @@ locals { + alias_arn = try(data.aws_lambda_alias.existing[0].arn, aws_lambda_alias.no_refresh[0].arn, aws_lambda_alias.with_refresh[0].arn, "") version = try(data.aws_lambda_alias.existing[0].function_version, aws_lambda_alias.with_refresh[0].function_version, aws_lambda_alias.no_refresh[0].function_version, "") qualifiers = zipmap(["version", "qualified_alias"], [var.create_version_async_event_config ? true : null, var.create_qualified_alias_async_event_config ? true : null]) } @@ -108,3 +109,58 @@ resource "aws_lambda_permission" "qualified_alias_triggers" { source_account = try(each.value.source_account, null) event_source_token = try(each.value.event_source_token, null) } + +resource "aws_lambda_event_source_mapping" "this" { + for_each = { for k, v in var.event_source_mapping : k => v if var.create } + + function_name = local.alias_arn + + event_source_arn = try(each.value.event_source_arn, null) + + batch_size = try(each.value.batch_size, null) + maximum_batching_window_in_seconds = try(each.value.maximum_batching_window_in_seconds, null) + enabled = try(each.value.enabled, null) + starting_position = try(each.value.starting_position, null) + starting_position_timestamp = try(each.value.starting_position_timestamp, null) + parallelization_factor = try(each.value.parallelization_factor, null) + maximum_retry_attempts = try(each.value.maximum_retry_attempts, null) + maximum_record_age_in_seconds = try(each.value.maximum_record_age_in_seconds, null) + bisect_batch_on_function_error = try(each.value.bisect_batch_on_function_error, null) + topics = try(each.value.topics, null) + queues = try(each.value.queues, null) + function_response_types = try(each.value.function_response_types, null) + + dynamic "destination_config" { + for_each = try(each.value.destination_arn_on_failure, null) != null ? [true] : [] + content { + on_failure { + destination_arn = each.value["destination_arn_on_failure"] + } + } + } + + dynamic "self_managed_event_source" { + for_each = try(each.value.self_managed_event_source, []) + content { + endpoints = self_managed_event_source.value.endpoints + } + } + + dynamic "source_access_configuration" { + for_each = try(each.value.source_access_configuration, []) + content { + type = source_access_configuration.value["type"] + uri = source_access_configuration.value["uri"] + } + } + + dynamic "filter_criteria" { + for_each = try(each.value.filter_criteria, null) != null ? [true] : [] + + content { + filter { + pattern = try(each.value["filter_criteria"].pattern, null) + } + } + } +} diff --git a/modules/alias/outputs.tf b/modules/alias/outputs.tf index 4a774faf..b1a29153 100644 --- a/modules/alias/outputs.tf +++ b/modules/alias/outputs.tf @@ -23,3 +23,23 @@ output "lambda_alias_function_version" { description = "Lambda function version which the alias uses" value = try(data.aws_lambda_alias.existing[0].function_version, aws_lambda_alias.with_refresh[0].function_version, aws_lambda_alias.no_refresh[0].function_version, "") } + +output "lambda_alias_event_source_mapping_function_arn" { + description = "The the ARN of the Lambda function the event source mapping is sending events to" + value = { for k, v in aws_lambda_event_source_mapping.this : k => v.function_arn } +} + +output "lambda_alias_event_source_mapping_state" { + description = "The state of the event source mapping" + value = { for k, v in aws_lambda_event_source_mapping.this : k => v.state } +} + +output "lambda_alias_event_source_mapping_state_transition_reason" { + description = "The reason the event source mapping is in its current state" + value = { for k, v in aws_lambda_event_source_mapping.this : k => v.state_transition_reason } +} + +output "lambda_alias_event_source_mapping_uuid" { + description = "The UUID of the created event source mapping" + value = { for k, v in aws_lambda_event_source_mapping.this : k => v.uuid } +} diff --git a/modules/alias/variables.tf b/modules/alias/variables.tf index d5601998..732067f6 100644 --- a/modules/alias/variables.tf +++ b/modules/alias/variables.tf @@ -117,3 +117,13 @@ variable "allowed_triggers" { type = map(any) default = {} } + +############################################ +# Lambda Event Source Mapping +############################################ + +variable "event_source_mapping" { + description = "Map of event source mapping" + type = any + default = {} +} From b75306ca457e462059a4907fe61c5af711c07219 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 16 Jun 2022 19:39:24 +0000 Subject: [PATCH 188/385] chore(release): version 3.3.0 [skip ci] ## [3.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.2.1...v3.3.0) (2022-06-16) ### Features * Added support for event source mapping in alias submodule ([#320](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/320)) ([af22d00](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/af22d006c0b771809a0bf7a7a2bda49dafabb6a5)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index dfeb6dea..57f2d3d0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [3.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.2.1...v3.3.0) (2022-06-16) + + +### Features + +* Added support for event source mapping in alias submodule ([#320](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/320)) ([af22d00](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/af22d006c0b771809a0bf7a7a2bda49dafabb6a5)) + ### [3.2.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.2.0...v3.2.1) (2022-05-23) From 779b368781f0bf14964c2f6e306c1c9ef4690bbb Mon Sep 17 00:00:00 2001 From: hussainbani <45973838+hussainbani@users.noreply.github.com> Date: Fri, 17 Jun 2022 15:48:31 +0200 Subject: [PATCH 189/385] fix: Fixed enabled attribute in Lambda Event Source Mapping by default (#321) --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 3c9e4c4e..e090e96e 100644 --- a/main.tf +++ b/main.tf @@ -240,7 +240,7 @@ resource "aws_lambda_event_source_mapping" "this" { batch_size = try(each.value.batch_size, null) maximum_batching_window_in_seconds = try(each.value.maximum_batching_window_in_seconds, null) - enabled = try(each.value.enabled, null) + enabled = try(each.value.enabled, true) starting_position = try(each.value.starting_position, null) starting_position_timestamp = try(each.value.starting_position_timestamp, null) parallelization_factor = try(each.value.parallelization_factor, null) From 9d164781174c441c724f86af5486db8fb368282c Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 17 Jun 2022 13:49:13 +0000 Subject: [PATCH 190/385] chore(release): version 3.3.1 [skip ci] ### [3.3.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.3.0...v3.3.1) (2022-06-17) ### Bug Fixes * Fixed enabled attribute in Lambda Event Source Mapping by default ([#321](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/321)) ([779b368](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/779b368781f0bf14964c2f6e306c1c9ef4690bbb)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 57f2d3d0..92f8eebc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [3.3.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.3.0...v3.3.1) (2022-06-17) + + +### Bug Fixes + +* Fixed enabled attribute in Lambda Event Source Mapping by default ([#321](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/321)) ([779b368](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/779b368781f0bf14964c2f6e306c1c9ef4690bbb)) + ## [3.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.2.1...v3.3.0) (2022-06-16) From 953ccee287135da9850818b2d7411bdb72f23ae5 Mon Sep 17 00:00:00 2001 From: 1Mill <1Mill@users.noreply.github.com> Date: Thu, 18 Aug 2022 01:42:32 -0700 Subject: [PATCH 191/385] feat!: Updated AWS provider to v4, added ECR repo force_delete argument in docker-build module (#337) --- modules/docker-build/README.md | 5 +++-- modules/docker-build/main.tf | 1 + modules/docker-build/variables.tf | 6 ++++++ modules/docker-build/versions.tf | 2 +- 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 07da548f..eafd6871 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -53,14 +53,14 @@ module "docker_image" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.35 | +| [aws](#requirement\_aws) | >= 4.22 | | [docker](#requirement\_docker) | >= 2.12 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.35 | +| [aws](#provider\_aws) | >= 4.22 | | [docker](#provider\_docker) | >= 2.12 | ## Modules @@ -85,6 +85,7 @@ No modules. | [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | | [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | | [ecr\_address](#input\_ecr\_address) | Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false` | `string` | `null` | no | +| [ecr\_force\_delete](#input\_ecr\_force\_delete) | If true, will delete the repository even if it contains images. | `bool` | `true` | no | | [ecr\_repo](#input\_ecr\_repo) | Name of ECR repository to use or to create | `string` | `null` | no | | [ecr\_repo\_lifecycle\_policy](#input\_ecr\_repo\_lifecycle\_policy) | A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images. | `string` | `null` | no | | [ecr\_repo\_tags](#input\_ecr\_repo\_tags) | A map of tags to assign to ECR repository | `map(string)` | `{}` | no | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index 6dd15cc4..9ff74152 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -24,6 +24,7 @@ resource "docker_registry_image" "this" { resource "aws_ecr_repository" "this" { count = var.create_ecr_repo ? 1 : 0 + force_delete = var.ecr_force_delete name = var.ecr_repo image_tag_mutability = var.image_tag_mutability diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf index f029958a..4fadbff1 100644 --- a/modules/docker-build/variables.tf +++ b/modules/docker-build/variables.tf @@ -47,6 +47,12 @@ variable "scan_on_push" { default = false } +variable "ecr_force_delete" { + description = "If true, will delete the repository even if it contains images." + default = true + type = bool +} + variable "ecr_repo_tags" { description = "A map of tags to assign to ECR repository" type = map(string) diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index 87ea2d45..9885459d 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.35" + version = ">= 4.22" } docker = { source = "kreuzwerker/docker" From bb43127e4d7113c924fcb671d8566b96e63baa57 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 18 Aug 2022 08:43:08 +0000 Subject: [PATCH 192/385] chore(release): version 4.0.0 [skip ci] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## [4.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.3.1...v4.0.0) (2022-08-18) ### ⚠ BREAKING CHANGES * Updated AWS provider to v4, added ECR repo force_delete argument in docker-build module (#337) ### Features * Updated AWS provider to v4, added ECR repo force_delete argument in docker-build module ([#337](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/337)) ([953ccee](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/953ccee287135da9850818b2d7411bdb72f23ae5)) --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 92f8eebc..58d13ba3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ All notable changes to this project will be documented in this file. +## [4.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.3.1...v4.0.0) (2022-08-18) + + +### ⚠ BREAKING CHANGES + +* Updated AWS provider to v4, added ECR repo force_delete argument in docker-build module (#337) + +### Features + +* Updated AWS provider to v4, added ECR repo force_delete argument in docker-build module ([#337](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/337)) ([953ccee](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/953ccee287135da9850818b2d7411bdb72f23ae5)) + ### [3.3.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.3.0...v3.3.1) (2022-06-17) From b1ad49f3b60d3eb895030ff5de8038e9b142b96e Mon Sep 17 00:00:00 2001 From: Andrew Gonzalez Date: Wed, 31 Aug 2022 01:57:20 -0500 Subject: [PATCH 193/385] chore: Added example for how to build container images with different architectures (#344) Co-authored-by: Anton Babenko --- README.md | 2 +- examples/container-image/context/Dockerfile | 3 ++- examples/container-image/main.tf | 5 +++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 6f47a04f..5ced4856 100644 --- a/README.md +++ b/README.md @@ -580,7 +580,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo ## Examples - [Complete](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/complete) - Create Lambda resources in various combinations with all supported features. -- [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Create Docker image (using [docker provider](https://registry.terraform.io/providers/kreuzwerker/docker)), push it to AWS ECR, and create Lambda function from it. +- [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Create a Docker image with a platform specified in the Dockerfile (using [docker provider](https://registry.terraform.io/providers/kreuzwerker/docker)), push it to AWS ECR, and create Lambda function from it. - [Build and Package](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) - Build and create deployment packages in various ways. - [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create static and dynamic aliases in various ways. - [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Complete end-to-end build/update/deploy process using AWS CodeDeploy. diff --git a/examples/container-image/context/Dockerfile b/examples/container-image/context/Dockerfile index 1f577e0e..d6e7662a 100644 --- a/examples/container-image/context/Dockerfile +++ b/examples/container-image/context/Dockerfile @@ -1,4 +1,5 @@ -FROM scratch +# `--platform` argument is used to be able to build docker images when using another platform (e.g. Apple M1) +FROM --platform=linux/x86_64 scratch ARG FOO diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index 4f8928f5..f00c7c12 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -34,8 +34,9 @@ module "lambda_function_from_container_image" { ################## # Container Image ################## - image_uri = module.docker_image.image_uri - package_type = "Image" + image_uri = module.docker_image.image_uri + package_type = "Image" + architectures = ["x86_64"] } module "docker_image" { From b4eef74b79e73928a11be36e4400cac8b5ad7227 Mon Sep 17 00:00:00 2001 From: x539 Date: Thu, 1 Sep 2022 11:22:56 +0200 Subject: [PATCH 194/385] fix: Lambda should depend on policy attachments (#327) Co-authored-by: Andreas Freimuth Co-authored-by: Anton Babenko --- main.tf | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/main.tf b/main.tf index e090e96e..93f85f96 100644 --- a/main.tf +++ b/main.tf @@ -101,11 +101,28 @@ resource "aws_lambda_function" "this" { tags = var.tags - # Depending on the log group is necessary to allow Terraform to create the log group before AWS can. - # When a lambda function is invoked, AWS creates the log group automatically if it doesn't exist yet. - # Without the dependency, this can result in a race condition if the lambda function is invoked before - # Terraform can create the log group. - depends_on = [null_resource.archive, aws_s3_object.lambda_package, aws_cloudwatch_log_group.lambda] + depends_on = [ + null_resource.archive, + aws_s3_object.lambda_package, + + # Depending on the log group is necessary to allow Terraform to create the log group before AWS can. + # When a lambda function is invoked, AWS creates the log group automatically if it doesn't exist yet. + # Without the dependency, this can result in a race condition if the lambda function is invoked before + # Terraform can create the log group. + aws_cloudwatch_log_group.lambda, + + # Before the lambda is created the execution role with all its policies should be ready + aws_iam_role_policy_attachment.additional_inline, + aws_iam_role_policy_attachment.additional_json, + aws_iam_role_policy_attachment.additional_jsons, + aws_iam_role_policy_attachment.additional_many, + aws_iam_role_policy_attachment.additional_one, + aws_iam_role_policy_attachment.async, + aws_iam_role_policy_attachment.logs, + aws_iam_role_policy_attachment.dead_letter, + aws_iam_role_policy_attachment.vpc, + aws_iam_role_policy_attachment.tracing, + ] } resource "aws_lambda_layer_version" "this" { From 2a7b5b461c940431dec5747a29e3e9cef061a198 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 1 Sep 2022 09:23:26 +0000 Subject: [PATCH 195/385] chore(release): version 4.0.1 [skip ci] ### [4.0.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.0.0...v4.0.1) (2022-09-01) ### Bug Fixes * Lambda should depend on policy attachments ([#327](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/327)) ([b4eef74](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/b4eef74b79e73928a11be36e4400cac8b5ad7227)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 58d13ba3..a927c29e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.0.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.0.0...v4.0.1) (2022-09-01) + + +### Bug Fixes + +* Lambda should depend on policy attachments ([#327](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/327)) ([b4eef74](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/b4eef74b79e73928a11be36e4400cac8b5ad7227)) + ## [4.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v3.3.1...v4.0.0) (2022-08-18) From 3bb7623e74f7cc6f45519cf162ea252b7d69c7bc Mon Sep 17 00:00:00 2001 From: micah5 <40206415+micah5@users.noreply.github.com> Date: Sat, 17 Sep 2022 19:35:55 +0200 Subject: [PATCH 196/385] fix: Override docker entrypoint when it exists (#316) Co-authored-by: Anton Babenko --- package.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/package.py b/package.py index 7bd8dd2d..1b966085 100644 --- a/package.py +++ b/package.py @@ -1129,6 +1129,8 @@ def docker_run_command(build_root, command, runtime, if not image: image = 'public.ecr.aws/sam/build-{}'.format(runtime) + docker_cmd.extend(['--entrypoint', '']) + docker_cmd.append(image) assert isinstance(command, list) From 8f99aaaf1af1155d71b49a377727af480af03df6 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 17 Sep 2022 17:36:30 +0000 Subject: [PATCH 197/385] chore(release): version 4.0.2 [skip ci] ### [4.0.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.0.1...v4.0.2) (2022-09-17) ### Bug Fixes * Override docker entrypoint when it exists ([#316](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/316)) ([3bb7623](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/3bb7623e74f7cc6f45519cf162ea252b7d69c7bc)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a927c29e..8745c7dc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.0.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.0.1...v4.0.2) (2022-09-17) + + +### Bug Fixes + +* Override docker entrypoint when it exists ([#316](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/316)) ([3bb7623](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/3bb7623e74f7cc6f45519cf162ea252b7d69c7bc)) + ### [4.0.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.0.0...v4.0.1) (2022-09-01) From 2ceb32fdbef85758305a59b2320bdd40e246290f Mon Sep 17 00:00:00 2001 From: Luigi Di Fraia <93160889+luigidifraiawork@users.noreply.github.com> Date: Fri, 14 Oct 2022 13:53:23 +0100 Subject: [PATCH 198/385] feat: Add example for S3 bucket access through VPC Endpoint (#349) Co-authored-by: Anton Babenko --- README.md | 1 + examples/fixtures/python3.8-app2/index.py | 26 +++ examples/with-vpc-s3-endpoint/README.md | 82 +++++++++ examples/with-vpc-s3-endpoint/main.tf | 196 +++++++++++++++++++++ examples/with-vpc-s3-endpoint/outputs.tf | 99 +++++++++++ examples/with-vpc-s3-endpoint/variables.tf | 0 examples/with-vpc-s3-endpoint/versions.tf | 14 ++ 7 files changed, 418 insertions(+) create mode 100644 examples/fixtures/python3.8-app2/index.py create mode 100644 examples/with-vpc-s3-endpoint/README.md create mode 100644 examples/with-vpc-s3-endpoint/main.tf create mode 100644 examples/with-vpc-s3-endpoint/outputs.tf create mode 100644 examples/with-vpc-s3-endpoint/variables.tf create mode 100644 examples/with-vpc-s3-endpoint/versions.tf diff --git a/README.md b/README.md index 5ced4856..d90105d1 100644 --- a/README.md +++ b/README.md @@ -586,6 +586,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo - [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Complete end-to-end build/update/deploy process using AWS CodeDeploy. - [Async Invocations](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/async) - Create Lambda Function with async event configuration (with SQS, SNS, and EventBridge integration). - [With VPC](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-vpc) - Create Lambda Function with VPC. +- [With VPC and VPC Endpoint for S3](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-vpc-s3-endpoint) - Create Lambda Function with VPC and VPC Endpoint for S3. - [With EFS](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-efs) - Create Lambda Function with Elastic File System attached (Terraform 0.13+ is recommended). - [Multiple regions](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/multiple-regions) - Create the same Lambda Function in multiple regions with non-conflicting IAM roles and policies. - [Event Source Mapping](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/event-source-mapping) - Create Lambda Function with event source mapping configuration (SQS, DynamoDB, Amazon MQ, and Kinesis). diff --git a/examples/fixtures/python3.8-app2/index.py b/examples/fixtures/python3.8-app2/index.py new file mode 100644 index 00000000..0ba33055 --- /dev/null +++ b/examples/fixtures/python3.8-app2/index.py @@ -0,0 +1,26 @@ +import logging +import boto3 +import os +from uuid import uuid4 + +# See https://docs.aws.amazon.com/lambda/latest/dg/python-logging.html +logger = logging.getLogger() +logger.setLevel(logging.INFO) + +logging.getLogger('boto3').setLevel(logging.DEBUG) +logging.getLogger('botocore').setLevel(logging.DEBUG) + +bucketName = os.environ['BUCKET_NAME'] +regionName = os.environ['REGION_NAME'] + +def lambda_handler(event, context): + client = boto3.client('s3', regionName) + response = client.put_object( + Bucket=bucketName, + Key=str(uuid4()), + Body=bytearray("Hello, World!", 'utf-8') + ) + + logger.info(response) + + return response diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md new file mode 100644 index 00000000..637c2e76 --- /dev/null +++ b/examples/with-vpc-s3-endpoint/README.md @@ -0,0 +1,82 @@ +# AWS Lambda with VPC and VPC Endpoint for S3 example + +The configuration in this directory creates an AWS Lambda Function deployed within a VPC with a VPC Endpoint for S3 and no Internet access. The Function writes a single object to an S3 bucket that is created as part of the supporting resources. + +Be aware, that deletion of AWS Lambda with VPC can take a long time (e.g., 10 minutes). + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.14 | +| [aws](#requirement\_aws) | >= 4.33 | +| [random](#requirement\_random) | >= 3.4 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 4.33 | +| [random](#provider\_random) | >= 3.4 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.0 | +| [lambda\_s3\_write](#module\_lambda\_s3\_write) | ../../ | n/a | +| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | +| [security\_group\_lambda](#module\_security\_group\_lambda) | terraform-aws-modules/security-group/aws | ~> 4.0 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | +| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | ~> 3.0 | + +## Resources + +| Name | Type | +|------|------| +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_iam_policy_document.bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.endpoint](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | +| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | +| [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version | +| [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created | +| [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version | +| [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file | +| [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | +| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | +| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | +| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | +| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | + diff --git a/examples/with-vpc-s3-endpoint/main.tf b/examples/with-vpc-s3-endpoint/main.tf new file mode 100644 index 00000000..009254ef --- /dev/null +++ b/examples/with-vpc-s3-endpoint/main.tf @@ -0,0 +1,196 @@ +provider "aws" { + region = "eu-west-1" + + # Make it faster by skipping something + skip_get_ec2_platforms = true + skip_metadata_api_check = true + skip_region_validation = true + skip_credentials_validation = true + skip_requesting_account_id = true +} + +data "aws_region" "current" {} + +################################################################################ +# Lambda Module +################################################################################ + +module "lambda_s3_write" { + source = "../../" + + description = "Lambda demonstrating writes to an S3 bucket from within a VPC without Internet access" + + function_name = random_pet.this.id + handler = "index.lambda_handler" + runtime = "python3.8" + + source_path = "${path.module}/../fixtures/python3.8-app2" + + environment_variables = { + BUCKET_NAME = module.s3_bucket.s3_bucket_id + REGION_NAME = data.aws_region.current.name + } + + # Let the module create a role for us + create_role = true + attach_cloudwatch_logs_policy = true + attach_network_policy = true + + # There's no need to attach any extra permission for S3 writes as that's added by the bucket policy when a session is created + # See https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html + + vpc_security_group_ids = [module.security_group_lambda.security_group_id] + vpc_subnet_ids = module.vpc.intra_subnets + + tags = { + Module = "lambda_s3_write" + } +} + +################################################################################ +# Extra Resources +################################################################################ + +resource "random_pet" "this" { + length = 2 +} + +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "~> 3.0" + + name = random_pet.this.id + cidr = "10.0.0.0/16" + + azs = ["${data.aws_region.current.name}a", "${data.aws_region.current.name}b", "${data.aws_region.current.name}c"] + + # Intra subnets are designed to have no Internet access via NAT Gateway. + intra_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] +} + +module "vpc_endpoints" { + source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints" + version = "~> 3.0" + + vpc_id = module.vpc.vpc_id + + endpoints = { + s3 = { + service = "s3" + service_type = "Gateway" + route_table_ids = module.vpc.intra_route_table_ids + policy = data.aws_iam_policy_document.endpoint.json + } + } +} + +data "aws_iam_policy_document" "endpoint" { + statement { + sid = "RestrictBucketAccessToIAMRole" + + principals { + type = "AWS" + identifiers = ["*"] + } + + actions = [ + "s3:PutObject", + ] + + resources = [ + "${module.s3_bucket.s3_bucket_arn}/*", + ] + + # See https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html#edit-vpc-endpoint-policy-s3 + condition { + test = "ArnEquals" + variable = "aws:PrincipalArn" + values = [module.lambda_s3_write.lambda_role_arn] + } + } +} + +module "kms" { + source = "terraform-aws-modules/kms/aws" + version = "~> 1.0" + + description = "S3 encryption key" + + # Grants + grants = { + lambda = { + grantee_principal = module.lambda_s3_write.lambda_role_arn + operations = [ + "GenerateDataKey", + ] + } + } +} + +module "s3_bucket" { + source = "terraform-aws-modules/s3-bucket/aws" + version = "~> 3.0" + + bucket_prefix = "${random_pet.this.id}-" + force_destroy = true + + # S3 bucket-level Public Access Block configuration + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true + + versioning = { + enabled = true + } + + # Bucket policy + attach_policy = true + policy = data.aws_iam_policy_document.bucket.json + + server_side_encryption_configuration = { + rule = { + apply_server_side_encryption_by_default = { + kms_master_key_id = module.kms.key_id + sse_algorithm = "aws:kms" + } + } + } +} + +data "aws_iam_policy_document" "bucket" { + statement { + sid = "RestrictBucketAccessToIAMRole" + + principals { + type = "AWS" + identifiers = [module.lambda_s3_write.lambda_role_arn] + } + + actions = [ + "s3:PutObject", + ] + + resources = [ + "${module.s3_bucket.s3_bucket_arn}/*", + ] + } +} + +module "security_group_lambda" { + source = "terraform-aws-modules/security-group/aws" + version = "~> 4.0" + + name = random_pet.this.id + description = "Security Group for Lambda Egress" + + vpc_id = module.vpc.vpc_id + + egress_cidr_blocks = [] + egress_ipv6_cidr_blocks = [] + + # Prefix list ids to use in all egress rules in this module + egress_prefix_list_ids = [module.vpc_endpoints.endpoints["s3"]["prefix_list_id"]] + + egress_rules = ["https-443-tcp"] +} diff --git a/examples/with-vpc-s3-endpoint/outputs.tf b/examples/with-vpc-s3-endpoint/outputs.tf new file mode 100644 index 00000000..a2cc4fba --- /dev/null +++ b/examples/with-vpc-s3-endpoint/outputs.tf @@ -0,0 +1,99 @@ +# Lambda Function +output "lambda_function_arn" { + description = "The ARN of the Lambda Function" + value = module.lambda_s3_write.lambda_function_arn +} + +output "lambda_function_invoke_arn" { + description = "The Invoke ARN of the Lambda Function" + value = module.lambda_s3_write.lambda_function_invoke_arn +} + +output "lambda_function_name" { + description = "The name of the Lambda Function" + value = module.lambda_s3_write.lambda_function_name +} + +output "lambda_function_qualified_arn" { + description = "The ARN identifying your Lambda Function Version" + value = module.lambda_s3_write.lambda_function_qualified_arn +} + +output "lambda_function_version" { + description = "Latest published version of Lambda Function" + value = module.lambda_s3_write.lambda_function_version +} + +output "lambda_function_last_modified" { + description = "The date Lambda Function resource was last modified" + value = module.lambda_s3_write.lambda_function_last_modified +} + +output "lambda_function_kms_key_arn" { + description = "The ARN for the KMS encryption key of Lambda Function" + value = module.lambda_s3_write.lambda_function_kms_key_arn +} + +output "lambda_function_source_code_hash" { + description = "Base64-encoded representation of raw SHA-256 sum of the zip file" + value = module.lambda_s3_write.lambda_function_source_code_hash +} + +output "lambda_function_source_code_size" { + description = "The size in bytes of the function .zip file" + value = module.lambda_s3_write.lambda_function_source_code_size +} + +# Lambda Layer +output "lambda_layer_arn" { + description = "The ARN of the Lambda Layer with version" + value = module.lambda_s3_write.lambda_layer_arn +} + +output "lambda_layer_layer_arn" { + description = "The ARN of the Lambda Layer without version" + value = module.lambda_s3_write.lambda_layer_layer_arn +} + +output "lambda_layer_created_date" { + description = "The date Lambda Layer resource was created" + value = module.lambda_s3_write.lambda_layer_created_date +} + +output "lambda_layer_source_code_size" { + description = "The size in bytes of the Lambda Layer .zip file" + value = module.lambda_s3_write.lambda_layer_source_code_size +} + +output "lambda_layer_version" { + description = "The Lambda Layer version" + value = module.lambda_s3_write.lambda_layer_version +} + +# IAM Role +output "lambda_role_arn" { + description = "The ARN of the IAM role created for the Lambda Function" + value = module.lambda_s3_write.lambda_role_arn +} + +output "lambda_role_name" { + description = "The name of the IAM role created for the Lambda Function" + value = module.lambda_s3_write.lambda_role_name +} + +# CloudWatch Log Group +output "lambda_cloudwatch_log_group_arn" { + description = "The ARN of the Cloudwatch Log Group" + value = module.lambda_s3_write.lambda_cloudwatch_log_group_arn +} + +# Deployment package +output "local_filename" { + description = "The filename of zip archive deployed (if deployment was from local)" + value = module.lambda_s3_write.local_filename +} + +output "s3_object" { + description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" + value = module.lambda_s3_write.s3_object +} diff --git a/examples/with-vpc-s3-endpoint/variables.tf b/examples/with-vpc-s3-endpoint/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/with-vpc-s3-endpoint/versions.tf b/examples/with-vpc-s3-endpoint/versions.tf new file mode 100644 index 00000000..6941462b --- /dev/null +++ b/examples/with-vpc-s3-endpoint/versions.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 0.14" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.33" + } + random = { + source = "hashicorp/random" + version = ">= 3.4" + } + } +} From 2b0d689d624850bd4768b7b10b543bae130a5178 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 14 Oct 2022 12:54:02 +0000 Subject: [PATCH 199/385] chore(release): version 4.1.0 [skip ci] ## [4.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.0.2...v4.1.0) (2022-10-14) ### Features * Add example for S3 bucket access through VPC Endpoint ([#349](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/349)) ([2ceb32f](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2ceb32fdbef85758305a59b2320bdd40e246290f)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8745c7dc..f54d2d5f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.0.2...v4.1.0) (2022-10-14) + + +### Features + +* Add example for S3 bucket access through VPC Endpoint ([#349](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/349)) ([2ceb32f](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2ceb32fdbef85758305a59b2320bdd40e246290f)) + ### [4.0.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.0.1...v4.0.2) (2022-09-17) From 745dc5359f45d15fe4201114c0f0ec0069c99fa1 Mon Sep 17 00:00:00 2001 From: Loren Gordon Date: Fri, 14 Oct 2022 11:49:20 -0700 Subject: [PATCH 200/385] fix: Forces the local_filename output to wait for the package to be built (#356) --- outputs.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/outputs.tf b/outputs.tf index f07a3450..e6a95644 100644 --- a/outputs.tf +++ b/outputs.tf @@ -133,6 +133,10 @@ output "lambda_cloudwatch_log_group_name" { output "local_filename" { description = "The filename of zip archive deployed (if deployment was from local)" value = local.filename + + depends_on = [ + null_resource.archive, + ] } output "s3_object" { From 0d26c6f3b275535964ed9c5bc149742448981955 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 14 Oct 2022 18:49:46 +0000 Subject: [PATCH 201/385] chore(release): version 4.1.1 [skip ci] ### [4.1.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.1.0...v4.1.1) (2022-10-14) ### Bug Fixes * Forces the local_filename output to wait for the package to be built ([#356](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/356)) ([745dc53](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/745dc5359f45d15fe4201114c0f0ec0069c99fa1)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f54d2d5f..e1899800 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.1.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.1.0...v4.1.1) (2022-10-14) + + +### Bug Fixes + +* Forces the local_filename output to wait for the package to be built ([#356](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/356)) ([745dc53](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/745dc5359f45d15fe4201114c0f0ec0069c99fa1)) + ## [4.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.0.2...v4.1.0) (2022-10-14) From f9bf21df9bef0730ed3efc174fc12a79e3a5268c Mon Sep 17 00:00:00 2001 From: Loren Gordon Date: Thu, 20 Oct 2022 07:18:56 -0700 Subject: [PATCH 202/385] fix: Generates error in plan phase if runtime is not available (#358) --- package.py | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/package.py b/package.py index 1b966085..969e465d 100644 --- a/package.py +++ b/package.py @@ -656,9 +656,14 @@ def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): if required: raise RuntimeError( 'File not found: {}'.format(requirements)) - else: - step('pip', runtime, requirements, prefix, tmp_dir) - hash(requirements) + if not shutil.which(runtime): + raise RuntimeError( + "Python interpreter version equal " + "to defined lambda runtime ({}) should be " + "available in system PATH".format(runtime)) + + step('pip', runtime, requirements, prefix, tmp_dir) + hash(requirements) def npm_requirements_step(path, prefix=None, required=False, tmp_dir=None): requirements = path @@ -668,9 +673,14 @@ def npm_requirements_step(path, prefix=None, required=False, tmp_dir=None): if required: raise RuntimeError( 'File not found: {}'.format(requirements)) - else: - step('npm', runtime, requirements, prefix, tmp_dir) - hash(requirements) + if not shutil.which(runtime): + raise RuntimeError( + "Nodejs interpreter version equal " + "to defined lambda runtime ({}) should be " + "available in system PATH".format(runtime)) + + step('npm', runtime, requirements, prefix, tmp_dir) + hash(requirements) def commands_step(path, commands): if not commands: From c83d201c9f4c95a69cd4dc345bd3f56a3abbcf21 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 20 Oct 2022 14:19:34 +0000 Subject: [PATCH 203/385] chore(release): version 4.1.2 [skip ci] ### [4.1.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.1.1...v4.1.2) (2022-10-20) ### Bug Fixes * Generates error in plan phase if runtime is not available ([#358](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/358)) ([f9bf21d](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/f9bf21df9bef0730ed3efc174fc12a79e3a5268c)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e1899800..8b4b250b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.1.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.1.1...v4.1.2) (2022-10-20) + + +### Bug Fixes + +* Generates error in plan phase if runtime is not available ([#358](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/358)) ([f9bf21d](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/f9bf21df9bef0730ed3efc174fc12a79e3a5268c)) + ### [4.1.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.1.0...v4.1.1) (2022-10-14) From dfc8934e907e5eb7f1820b838ec6e98f4011128a Mon Sep 17 00:00:00 2001 From: Loren Gordon Date: Thu, 20 Oct 2022 08:24:50 -0700 Subject: [PATCH 204/385] fix: Performs plan-phase runtime check only if building package (#359) --- package.py | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/package.py b/package.py index 969e465d..b378d44e 100644 --- a/package.py +++ b/package.py @@ -656,14 +656,15 @@ def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): if required: raise RuntimeError( 'File not found: {}'.format(requirements)) - if not shutil.which(runtime): - raise RuntimeError( - "Python interpreter version equal " - "to defined lambda runtime ({}) should be " - "available in system PATH".format(runtime)) + else: + if not shutil.which(runtime): + raise RuntimeError( + "Python interpreter version equal " + "to defined lambda runtime ({}) should be " + "available in system PATH".format(runtime)) - step('pip', runtime, requirements, prefix, tmp_dir) - hash(requirements) + step('pip', runtime, requirements, prefix, tmp_dir) + hash(requirements) def npm_requirements_step(path, prefix=None, required=False, tmp_dir=None): requirements = path @@ -673,14 +674,15 @@ def npm_requirements_step(path, prefix=None, required=False, tmp_dir=None): if required: raise RuntimeError( 'File not found: {}'.format(requirements)) - if not shutil.which(runtime): - raise RuntimeError( - "Nodejs interpreter version equal " - "to defined lambda runtime ({}) should be " - "available in system PATH".format(runtime)) - - step('npm', runtime, requirements, prefix, tmp_dir) - hash(requirements) + else: + if not shutil.which(runtime): + raise RuntimeError( + "Nodejs interpreter version equal " + "to defined lambda runtime ({}) should be " + "available in system PATH".format(runtime)) + + step('npm', runtime, requirements, prefix, tmp_dir) + hash(requirements) def commands_step(path, commands): if not commands: From adf6ea731d02a98509adad36376c0b125b225a17 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 20 Oct 2022 15:25:37 +0000 Subject: [PATCH 205/385] chore(release): version 4.1.3 [skip ci] ### [4.1.3](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.1.2...v4.1.3) (2022-10-20) ### Bug Fixes * Performs plan-phase runtime check only if building package ([#359](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/359)) ([dfc8934](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/dfc8934e907e5eb7f1820b838ec6e98f4011128a)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b4b250b..eb2d0053 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.1.3](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.1.2...v4.1.3) (2022-10-20) + + +### Bug Fixes + +* Performs plan-phase runtime check only if building package ([#359](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/359)) ([dfc8934](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/dfc8934e907e5eb7f1820b838ec6e98f4011128a)) + ### [4.1.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.1.1...v4.1.2) (2022-10-20) From 20552562aa80843fe5cb5e569b5e58daaf569741 Mon Sep 17 00:00:00 2001 From: Loren Gordon Date: Fri, 21 Oct 2022 11:03:10 -0700 Subject: [PATCH 206/385] fix: Skips the runtime test when building in docker (#362) Co-authored-by: Allan Benson <95691842+AllanBenson001@users.noreply.github.com> --- README.md | 4 ++++ package.py | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d90105d1..296b34ab 100644 --- a/README.md +++ b/README.md @@ -470,6 +470,10 @@ Using this module you can install dependencies from private hosts. To do this, y docker_with_ssh_agent = true +Note that by default, the `docker_image` used comes from the registry `public.ecr.aws/sam/`, and will be based on the `runtime` that you specify. In other words, if you specify a runtime of `python3.8` and do not specify `docker_image`, then the `docker_image` will resolve to `public.ecr.aws/sam/build-python3.8`. This ensures that by default the `runtime` is available in the docker container. + +If you override `docker_image`, be sure to keep the image in sync with your `runtime`. During the plan phase, when using docker, there is no check that the `runtime` is available to build the package. That means that if you use an image that does not have the runtime, the plan will still succeed, but then the apply will fail. + ## Deployment package - Create or use existing By default, this module creates deployment package and uses it to create or update Lambda Function or Lambda Layer. diff --git a/package.py b/package.py index b378d44e..79b2ea67 100644 --- a/package.py +++ b/package.py @@ -657,7 +657,7 @@ def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): raise RuntimeError( 'File not found: {}'.format(requirements)) else: - if not shutil.which(runtime): + if not query.docker and not shutil.which(runtime): raise RuntimeError( "Python interpreter version equal " "to defined lambda runtime ({}) should be " @@ -675,7 +675,7 @@ def npm_requirements_step(path, prefix=None, required=False, tmp_dir=None): raise RuntimeError( 'File not found: {}'.format(requirements)) else: - if not shutil.which(runtime): + if not query.docker and not shutil.which(runtime): raise RuntimeError( "Nodejs interpreter version equal " "to defined lambda runtime ({}) should be " From 62cdf748085d470fb8acb8e99020733bb094bd22 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 21 Oct 2022 18:03:39 +0000 Subject: [PATCH 207/385] chore(release): version 4.1.4 [skip ci] ### [4.1.4](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.1.3...v4.1.4) (2022-10-21) ### Bug Fixes * Skips the runtime test when building in docker ([#362](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/362)) ([2055256](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/20552562aa80843fe5cb5e569b5e58daaf569741)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index eb2d0053..966d6c92 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.1.4](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.1.3...v4.1.4) (2022-10-21) + + +### Bug Fixes + +* Skips the runtime test when building in docker ([#362](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/362)) ([2055256](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/20552562aa80843fe5cb5e569b5e58daaf569741)) + ### [4.1.3](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.1.2...v4.1.3) (2022-10-20) From dd40178f7534fa4fd341a8e9dbf645bbe4c279d0 Mon Sep 17 00:00:00 2001 From: Thiha Soe <8920329+tsoe77@users.noreply.github.com> Date: Sat, 22 Oct 2022 18:49:07 +0100 Subject: [PATCH 208/385] feat: Added support for Code Signing Configuration (#351) Co-authored-by: Bryant Biggs Co-authored-by: Anton Babenko --- .pre-commit-config.yaml | 4 +- README.md | 4 + examples/code-signing/README.md | 62 +++++++++++++++ examples/code-signing/main.tf | 120 +++++++++++++++++++++++++++++ examples/code-signing/outputs.tf | 19 +++++ examples/code-signing/variables.tf | 0 examples/code-signing/versions.tf | 14 ++++ examples/complete/README.md | 2 +- examples/complete/main.tf | 76 ++++++++++-------- main.tf | 1 + outputs.tf | 10 +++ variables.tf | 6 ++ 12 files changed, 281 insertions(+), 37 deletions(-) create mode 100644 examples/code-signing/README.md create mode 100644 examples/code-signing/main.tf create mode 100644 examples/code-signing/outputs.tf create mode 100644 examples/code-signing/variables.tf create mode 100644 examples/code-signing/versions.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 19dda01a..74f3751c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.71.0 + rev: v1.76.0 hooks: - id: terraform_fmt - id: terraform_validate @@ -23,7 +23,7 @@ repos: - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.2.0 + rev: v4.3.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/README.md b/README.md index 296b34ab..fcedb1c7 100644 --- a/README.md +++ b/README.md @@ -595,6 +595,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo - [Multiple regions](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/multiple-regions) - Create the same Lambda Function in multiple regions with non-conflicting IAM roles and policies. - [Event Source Mapping](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/event-source-mapping) - Create Lambda Function with event source mapping configuration (SQS, DynamoDB, Amazon MQ, and Kinesis). - [Triggers](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/triggers) - Create Lambda Function with some triggers (eg, Cloudwatch Events, EventBridge). +- [Code Signing](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/code-signing) - Create Lambda Function with code signing configuration. # Examples by the users of this module @@ -695,6 +696,7 @@ No modules. | [cloudwatch\_logs\_kms\_key\_id](#input\_cloudwatch\_logs\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | | [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | | [cloudwatch\_logs\_tags](#input\_cloudwatch\_logs\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | +| [code\_signing\_config\_arn](#input\_code\_signing\_config\_arn) | Amazon Resource Name (ARN) for a Code Signing Configuration | `string` | `null` | no | | [compatible\_architectures](#input\_compatible\_architectures) | A list of Architectures Lambda layer is compatible with. Currently x86\_64 and arm64 can be specified. | `list(string)` | `null` | no | | [compatible\_runtimes](#input\_compatible\_runtimes) | A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified. | `list(string)` | `[]` | no | | [cors](#input\_cors) | CORS settings to be used by the Lambda Function URL | `any` | `{}` | no | @@ -798,6 +800,8 @@ No modules. | [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | | [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | | [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_signing\_job\_arn](#output\_lambda\_function\_signing\_job\_arn) | ARN of the signing job | +| [lambda\_function\_signing\_profile\_version\_arn](#output\_lambda\_function\_signing\_profile\_version\_arn) | ARN of the signing profile version | | [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | | [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | | [lambda\_function\_url](#output\_lambda\_function\_url) | The URL of the Lambda Function URL | diff --git a/examples/code-signing/README.md b/examples/code-signing/README.md new file mode 100644 index 00000000..6e9357f2 --- /dev/null +++ b/examples/code-signing/README.md @@ -0,0 +1,62 @@ +# AWS Lambda Code Signing example + +Configuration in this directory creates AWS Lambda Function deployed with code signing profile and signed code. + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 4.9 | +| [random](#requirement\_random) | >= 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 4.9 | +| [random](#provider\_random) | >= 2.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [lambda](#module\_lambda) | ../../ | n/a | +| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | + +## Resources + +| Name | Type | +|------|------| +| [aws_lambda_code_signing_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_code_signing_config) | resource | +| [aws_s3_object.unsigned](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource | +| [aws_signer_signing_job.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/signer_signing_job) | resource | +| [aws_signer_signing_profile.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/signer_signing_profile) | resource | +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_signing\_job\_arn](#output\_lambda\_function\_signing\_job\_arn) | ARN of the signing job | +| [lambda\_function\_signing\_profile\_version\_arn](#output\_lambda\_function\_signing\_profile\_version\_arn) | ARN of the signing profile version | + diff --git a/examples/code-signing/main.tf b/examples/code-signing/main.tf new file mode 100644 index 00000000..0ba5f120 --- /dev/null +++ b/examples/code-signing/main.tf @@ -0,0 +1,120 @@ +provider "aws" { + region = "eu-west-1" + + # Make it faster by skipping something + skip_get_ec2_platforms = true + skip_metadata_api_check = true + skip_region_validation = true + skip_credentials_validation = true + skip_requesting_account_id = true +} + +################################################################################ +# Lambda Function +################################################################################ + +module "lambda" { + source = "../../" + + function_name = random_pet.this.id + handler = "index.lambda_handler" + runtime = "python3.8" + code_signing_config_arn = aws_lambda_code_signing_config.this.arn + create_package = false + + s3_existing_package = { + bucket = aws_signer_signing_job.this.signed_object[0].s3[0].bucket + key = aws_signer_signing_job.this.signed_object[0].s3[0].key + } +} + +################################################################################ +# Lambda Code Signing +################################################################################ + +resource "aws_s3_object" "unsigned" { + bucket = module.s3_bucket.s3_bucket_id + key = "unsigned/existing_package.zip" + source = "${path.module}/../fixtures/python3.8-zip/existing_package.zip" + + # Making sure that S3 versioning configuration is propagated properly + depends_on = [ + module.s3_bucket + ] +} + +resource "aws_signer_signing_profile" "this" { + platform_id = "AWSLambda-SHA384-ECDSA" + # invalid value for name (must be alphanumeric with max length of 64 characters) + name = replace(random_pet.this.id, "-", "") + + signature_validity_period { + value = 3 + type = "MONTHS" + } +} + +resource "aws_signer_signing_job" "this" { + profile_name = aws_signer_signing_profile.this.name + + source { + s3 { + bucket = module.s3_bucket.s3_bucket_id + key = aws_s3_object.unsigned.id + version = aws_s3_object.unsigned.version_id + } + } + + destination { + s3 { + bucket = module.s3_bucket.s3_bucket_id + prefix = "signed/" + } + } + + ignore_signing_job_failure = true +} + +resource "aws_lambda_code_signing_config" "this" { + allowed_publishers { + signing_profile_version_arns = [aws_signer_signing_profile.this.version_arn] + } + + policies { + untrusted_artifact_on_deployment = "Enforce" + } +} + +################################################################################ +# Supporting Resources +################################################################################ + +resource "random_pet" "this" { + length = 2 +} + +module "s3_bucket" { + source = "terraform-aws-modules/s3-bucket/aws" + version = "~> 3.0" + + bucket_prefix = "${random_pet.this.id}-" + force_destroy = true + + # S3 bucket-level Public Access Block configuration + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true + + versioning = { + enabled = true + } + + server_side_encryption_configuration = { + rule = { + apply_server_side_encryption_by_default = { + sse_algorithm = "AES256" + } + } + } +} diff --git a/examples/code-signing/outputs.tf b/examples/code-signing/outputs.tf new file mode 100644 index 00000000..de42ca30 --- /dev/null +++ b/examples/code-signing/outputs.tf @@ -0,0 +1,19 @@ +output "lambda_function_signing_job_arn" { + description = "ARN of the signing job" + value = module.lambda.lambda_function_signing_job_arn +} + +output "lambda_function_signing_profile_version_arn" { + description = "ARN of the signing profile version" + value = module.lambda.lambda_function_signing_profile_version_arn +} + +output "lambda_function_arn" { + description = "The ARN of the Lambda Function" + value = module.lambda.lambda_function_arn +} + +output "lambda_function_invoke_arn" { + description = "The Invoke ARN of the Lambda Function" + value = module.lambda.lambda_function_invoke_arn +} diff --git a/examples/code-signing/variables.tf b/examples/code-signing/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/code-signing/versions.tf b/examples/code-signing/versions.tf new file mode 100644 index 00000000..629d346a --- /dev/null +++ b/examples/code-signing/versions.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 0.13.1" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.9" + } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } + } +} diff --git a/examples/complete/README.md b/examples/complete/README.md index 1ed48636..bcbcc76b 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -46,7 +46,7 @@ Note that this example may create resources which cost money. Run `terraform des | [lambda\_layer\_with\_package\_deploying\_externally](#module\_lambda\_layer\_with\_package\_deploying\_externally) | ../../ | n/a | | [lambda\_with\_mixed\_trusted\_entities](#module\_lambda\_with\_mixed\_trusted\_entities) | ../../ | n/a | | [lambda\_with\_provisioned\_concurrency](#module\_lambda\_with\_provisioned\_concurrency) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | n/a | +| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | ## Resources diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 0d33d36c..a6ddd940 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -105,36 +105,37 @@ module "lambda_function" { } attach_policy_json = true - policy_json = < Date: Sat, 22 Oct 2022 17:49:35 +0000 Subject: [PATCH 209/385] chore(release): version 4.2.0 [skip ci] ## [4.2.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.1.4...v4.2.0) (2022-10-22) ### Features * Added support for Code Signing Configuration ([#351](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/351)) ([dd40178](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/dd40178f7534fa4fd341a8e9dbf645bbe4c279d0)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 966d6c92..ed2eac32 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.2.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.1.4...v4.2.0) (2022-10-22) + + +### Features + +* Added support for Code Signing Configuration ([#351](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/351)) ([dd40178](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/dd40178f7534fa4fd341a8e9dbf645bbe4c279d0)) + ### [4.1.4](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.1.3...v4.1.4) (2022-10-21) From 93e1dc3207105bd0620d3c3a952a0cce4d247972 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindri=20Gu=C3=B0mundsson?= Date: Thu, 27 Oct 2022 16:44:32 +0200 Subject: [PATCH 210/385] fix: Qualifiers in event invoke config (#368) --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 70a5d03d..eb2ac7a1 100644 --- a/main.tf +++ b/main.tf @@ -193,7 +193,7 @@ locals { } resource "aws_lambda_function_event_invoke_config" "this" { - for_each = { for k, v in local.qualifiers : k => v if local.create && var.create_function && !var.create_layer && var.create_async_event_config } + for_each = { for k, v in local.qualifiers : k => v if v != null && local.create && var.create_function && !var.create_layer && var.create_async_event_config } function_name = aws_lambda_function.this[0].function_name qualifier = each.key == "current_version" ? aws_lambda_function.this[0].version : null From eb4ca20f0829ad99d96a28d33df56304850a5d03 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 27 Oct 2022 14:45:04 +0000 Subject: [PATCH 211/385] chore(release): version 4.2.1 [skip ci] ### [4.2.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.2.0...v4.2.1) (2022-10-27) ### Bug Fixes * Qualifiers in event invoke config ([#368](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/368)) ([93e1dc3](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/93e1dc3207105bd0620d3c3a952a0cce4d247972)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ed2eac32..f0cd77c2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.2.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.2.0...v4.2.1) (2022-10-27) + + +### Bug Fixes + +* Qualifiers in event invoke config ([#368](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/368)) ([93e1dc3](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/93e1dc3207105bd0620d3c3a952a0cce4d247972)) + ## [4.2.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.1.4...v4.2.0) (2022-10-22) From 682052c516b70425cd89ebd4086f2ffcf5c96bae Mon Sep 17 00:00:00 2001 From: Loren Gordon Date: Mon, 31 Oct 2022 07:24:27 -0700 Subject: [PATCH 212/385] fix: Checks for `npm` instead of `runtime` when building nodejs packages (#364) Co-authored-by: Anton Babenko --- examples/build-package/main.tf | 6 +++--- package.py | 13 +++++++------ 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 61dd0102..42afe7ca 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -219,8 +219,8 @@ module "package_with_docker" { docker_pip_cache = true docker_with_ssh_agent = true # docker_file = "${path.module}/../fixtures/python3.8-app1/docker/Dockerfile" - docker_build_root = "${path.module}/../../docker" - docker_image = "public.ecr.aws/sam/build-python3.8" + docker_build_root = "${path.module}/../fixtures/python3.8-app1/docker" + docker_image = "public.ecr.aws/sam/build-python3.8:latest" } # Create zip-archive of a single directory where "npm install" will also be executed (default for nodejs runtime) @@ -278,7 +278,7 @@ module "lambda_layer" { build_in_docker = true runtime = "python3.8" - docker_image = "public.ecr.aws/sam/build-python3.8" + docker_image = "public.ecr.aws/sam/build-python3.8:latest" docker_file = "${path.module}/../fixtures/python3.8-app1/docker/Dockerfile" } diff --git a/package.py b/package.py index 79b2ea67..02b105cf 100644 --- a/package.py +++ b/package.py @@ -649,6 +649,7 @@ def plan(self, source_path, query): hash = source_paths.append def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): + command = runtime requirements = path if os.path.isdir(path): requirements = os.path.join(path, 'requirements.txt') @@ -657,16 +658,17 @@ def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): raise RuntimeError( 'File not found: {}'.format(requirements)) else: - if not query.docker and not shutil.which(runtime): + if not query.docker and not shutil.which(command): raise RuntimeError( "Python interpreter version equal " "to defined lambda runtime ({}) should be " - "available in system PATH".format(runtime)) + "available in system PATH".format(command)) step('pip', runtime, requirements, prefix, tmp_dir) hash(requirements) def npm_requirements_step(path, prefix=None, required=False, tmp_dir=None): + command = "npm" requirements = path if os.path.isdir(path): requirements = os.path.join(path, 'package.json') @@ -675,11 +677,10 @@ def npm_requirements_step(path, prefix=None, required=False, tmp_dir=None): raise RuntimeError( 'File not found: {}'.format(requirements)) else: - if not query.docker and not shutil.which(runtime): + if not query.docker and not shutil.which(command): raise RuntimeError( - "Nodejs interpreter version equal " - "to defined lambda runtime ({}) should be " - "available in system PATH".format(runtime)) + "Nodejs package manager ({}) should be " + "available in system PATH".format(command)) step('npm', runtime, requirements, prefix, tmp_dir) hash(requirements) From c231754377ca01d8fe5e2f49190b3a50669cae4d Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 31 Oct 2022 14:25:07 +0000 Subject: [PATCH 213/385] chore(release): version 4.2.2 [skip ci] ### [4.2.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.2.1...v4.2.2) (2022-10-31) ### Bug Fixes * Checks for `npm` instead of `runtime` when building nodejs packages ([#364](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/364)) ([682052c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/682052c516b70425cd89ebd4086f2ffcf5c96bae)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f0cd77c2..8675b7c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.2.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.2.1...v4.2.2) (2022-10-31) + + +### Bug Fixes + +* Checks for `npm` instead of `runtime` when building nodejs packages ([#364](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/364)) ([682052c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/682052c516b70425cd89ebd4086f2ffcf5c96bae)) + ### [4.2.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.2.0...v4.2.1) (2022-10-27) From 398ae5a9ace660bb3e7021824c0bffe1ee19f44c Mon Sep 17 00:00:00 2001 From: Patrick Decat Date: Mon, 31 Oct 2022 15:34:31 +0100 Subject: [PATCH 214/385] feat: Support installing poetry dependencies with pip (#311) Co-authored-by: Anton Babenko --- .github/workflows/test.yml | 37 +++ .gitignore | 3 + README.md | 23 ++ examples/build-package/README.md | 2 + examples/build-package/main.tf | 57 ++++- .../fixtures/python3.8-app1/docker/Dockerfile | 4 +- .../python3.9-app-poetry/docker/Dockerfile | 6 + .../python3.9-app-poetry/ignore_please.txt | 1 + .../fixtures/python3.9-app-poetry/index.py | 4 + .../fixtures/python3.9-app-poetry/poetry.lock | 33 +++ .../fixtures/python3.9-app-poetry/poetry.toml | 0 .../python3.9-app-poetry/pyproject.toml | 15 ++ examples/simple/main.tf | 2 +- package.py | 228 +++++++++++++++++- tests/fixtures/pyproject-unknown.toml | 2 + tests/test_package_toml.py | 23 ++ tox.ini | 8 + 17 files changed, 436 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/test.yml create mode 100644 examples/fixtures/python3.9-app-poetry/docker/Dockerfile create mode 100644 examples/fixtures/python3.9-app-poetry/ignore_please.txt create mode 100644 examples/fixtures/python3.9-app-poetry/index.py create mode 100644 examples/fixtures/python3.9-app-poetry/poetry.lock create mode 100644 examples/fixtures/python3.9-app-poetry/poetry.toml create mode 100644 examples/fixtures/python3.9-app-poetry/pyproject.toml create mode 100644 tests/fixtures/pyproject-unknown.toml create mode 100644 tests/test_package_toml.py create mode 100644 tox.ini diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..139774bf --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,37 @@ +name: Tests + +env: + PYTEST_VERSION: 7.1.3 + +on: + push: + branches: [master] + tags: ["*"] + pull_request: + branches: [master] + +jobs: + tests: + name: Test with Python ${{ matrix.python_version }} + runs-on: ubuntu-latest + strategy: + matrix: + python_version: ["3.7", "3.8", "3.9", "3.10"] + fail-fast: false + steps: + - uses: actions/checkout@v3 + + - name: Set up Python ${{ matrix.python_version }} + uses: actions/setup-python@v3 + with: + python-version: ${{ matrix.python_version }} + + - name: Install poetry and tox + shell: bash + run: | + pip install pytest==${PYTEST_VERSION} + + - name: Run tox + shell: bash + run: | + python -m pytest -vvv tests/ diff --git a/.gitignore b/.gitignore index 0da622ae..d5763d01 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,6 @@ terraform.rc # Lambda directories builds/ __pycache__/ + +# Test directories +.tox diff --git a/README.md b/README.md index fcedb1c7..f58e7384 100644 --- a/README.md +++ b/README.md @@ -819,6 +819,29 @@ No modules. | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | +## Development + +### Python + +During development involving modifying python files, use tox to run unit tests: + +``` +tox +``` + +This will try to run unit tests which each supported python version, reporting errors for python versions which are not installed locally. + +If you only want to test against your main python version: + +``` +tox -e py +``` + +You can also pass additional positional arguments to pytest which is used to run test, e.g. to make it verbose: +``` +tox -e py -- -vvv +``` + ## Authors Module managed by [Anton Babenko](https://github.com/antonbabenko). Check out [serverless.tf](https://serverless.tf) to learn more about doing serverless with Terraform. diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 739e8b0a..d7e5a84b 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -36,8 +36,10 @@ Note that this example may create resources which cost money. Run `terraform des | [lambda\_function\_from\_package](#module\_lambda\_function\_from\_package) | ../../ | n/a | | [lambda\_layer](#module\_lambda\_layer) | ../../ | n/a | | [lambda\_layer\_pip\_requirements](#module\_lambda\_layer\_pip\_requirements) | ../.. | n/a | +| [lambda\_layer\_poetry](#module\_lambda\_layer\_poetry) | ../../ | n/a | | [package\_dir](#module\_package\_dir) | ../../ | n/a | | [package\_dir\_pip\_dir](#module\_package\_dir\_pip\_dir) | ../../ | n/a | +| [package\_dir\_poetry](#module\_package\_dir\_poetry) | ../../ | n/a | | [package\_dir\_with\_npm\_install](#module\_package\_dir\_with\_npm\_install) | ../../ | n/a | | [package\_dir\_without\_npm\_install](#module\_package\_dir\_without\_npm\_install) | ../../ | n/a | | [package\_dir\_without\_pip\_install](#module\_package\_dir\_without\_pip\_install) | ../../ | n/a | diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 42afe7ca..42157a3f 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -17,28 +17,52 @@ resource "random_pet" "this" { # Build packages ################# -# Create zip-archive of a single directory where "pip install" will also be executed (default for python runtime) +# Create zip-archive of a single directory where "pip install" will also be executed (default for python runtime with requirements.txt present) module "package_dir" { source = "../../" create_function = false - runtime = "python3.8" - source_path = "${path.module}/../fixtures/python3.8-app1" + build_in_docker = true + runtime = "python3.8" + source_path = "${path.module}/../fixtures/python3.8-app1" + artifacts_dir = "${path.root}/builds/package_dir/" } -# Create zip-archive of a single directory where "pip install" will also be executed (default for python runtime) and set temporary directory for pip install +# Create zip-archive of a single directory where "pip install" will also be executed (default for python runtime with requirements.txt present) and set temporary directory for pip install module "package_dir_pip_dir" { source = "../../" create_function = false - runtime = "python3.8" + build_in_docker = true + runtime = "python3.8" source_path = [{ path = "${path.module}/../fixtures/python3.8-app1" pip_tmp_dir = "${path.cwd}/../fixtures" pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" }] + artifacts_dir = "${path.root}/builds/package_dir_pip_dir/" +} + +# Create zip-archive of a single directory where "poetry export" & "pip install --no-deps" will also be executed +module "package_dir_poetry" { + source = "../../" + + create_function = false + + build_in_docker = true + runtime = "python3.9" + docker_image = "build-python3.9-poetry" + docker_file = "${path.module}/../fixtures/python3.9-app-poetry/docker/Dockerfile" + + source_path = [ + { + path = "${path.module}/../fixtures/python3.9-app-poetry" + poetry_install = true + } + ] + artifacts_dir = "${path.root}/builds/package_dir_poetry/" } # Create zip-archive of a single directory without running "pip install" (which is default for python runtime) @@ -280,6 +304,29 @@ module "lambda_layer" { runtime = "python3.8" docker_image = "public.ecr.aws/sam/build-python3.8:latest" docker_file = "${path.module}/../fixtures/python3.8-app1/docker/Dockerfile" + artifacts_dir = "${path.root}/builds/lambda_layer/" +} + +module "lambda_layer_poetry" { + source = "../../" + + create_layer = true + layer_name = "${random_pet.this.id}-layer-poetry-dockerfile" + compatible_runtimes = ["python3.9"] + + source_path = [ + { + path = "${path.module}/../fixtures/python3.9-app-poetry" + poetry_install = true + } + ] + hash_extra = "extra-hash-to-prevent-conflicts-with-module.package_dir" + + build_in_docker = true + runtime = "python3.9" + docker_image = "build-python3.9-poetry" + docker_file = "${path.module}/../fixtures/python3.9-app-poetry/docker/Dockerfile" + artifacts_dir = "${path.root}/builds/lambda_layer_poetry/" } ####################### diff --git a/examples/fixtures/python3.8-app1/docker/Dockerfile b/examples/fixtures/python3.8-app1/docker/Dockerfile index 2b7d1fde..aeab9fee 100644 --- a/examples/fixtures/python3.8-app1/docker/Dockerfile +++ b/examples/fixtures/python3.8-app1/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM lambci/lambda:build-python3.8 as build +FROM public.ecr.aws/sam/build-python3.8 as build LABEL maintainer="Betajob AS" \ description="Patched AWS Lambda build container" @@ -20,7 +20,7 @@ RUN \ && rpmbuild -ba SPECS/automake.spec --nocheck \ && yum install -y RPMS/noarch/* -FROM lambci/lambda:build-python3.8 +FROM public.ecr.aws/sam/build-python3.8 COPY --from=build /root/rpmbuild/RPMS/noarch/*.rpm . RUN yum install -y *.rpm \ && rm *.rpm diff --git a/examples/fixtures/python3.9-app-poetry/docker/Dockerfile b/examples/fixtures/python3.9-app-poetry/docker/Dockerfile new file mode 100644 index 00000000..9d19957b --- /dev/null +++ b/examples/fixtures/python3.9-app-poetry/docker/Dockerfile @@ -0,0 +1,6 @@ +FROM public.ecr.aws/sam/build-python3.9 + +LABEL maintainer="Betajob AS" \ + description="Patched AWS Lambda build container" + +RUN pip install poetry==1.2.2 diff --git a/examples/fixtures/python3.9-app-poetry/ignore_please.txt b/examples/fixtures/python3.9-app-poetry/ignore_please.txt new file mode 100644 index 00000000..30a2f668 --- /dev/null +++ b/examples/fixtures/python3.9-app-poetry/ignore_please.txt @@ -0,0 +1 @@ +This file should not be included in archive. diff --git a/examples/fixtures/python3.9-app-poetry/index.py b/examples/fixtures/python3.9-app-poetry/index.py new file mode 100644 index 00000000..396c5054 --- /dev/null +++ b/examples/fixtures/python3.9-app-poetry/index.py @@ -0,0 +1,4 @@ +def lambda_handler(event, context): + print("Hello from app1!") + + return event diff --git a/examples/fixtures/python3.9-app-poetry/poetry.lock b/examples/fixtures/python3.9-app-poetry/poetry.lock new file mode 100644 index 00000000..a8da85ae --- /dev/null +++ b/examples/fixtures/python3.9-app-poetry/poetry.lock @@ -0,0 +1,33 @@ +[[package]] +name = "colorama" +version = "0.4.5" +description = "Cross-platform colored terminal text." +category = "main" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" + +[[package]] +name = "colorful" +version = "0.5.4" +description = "Terminal string styling done right, in Python." +category = "main" +optional = false +python-versions = "*" + +[package.dependencies] +colorama = {version = "*", markers = "platform_system == \"Windows\""} + +[metadata] +lock-version = "1.1" +python-versions = "^3.7" +content-hash = "31bbdf3fc3c5e491c372a8ac467cee0ca3dc43d344b42059cab09342e5c715c1" + +[metadata.files] +colorama = [ + {file = "colorama-0.4.5-py2.py3-none-any.whl", hash = "sha256:854bf444933e37f5824ae7bfc1e98d5bce2ebe4160d46b5edf346a89358e99da"}, + {file = "colorama-0.4.5.tar.gz", hash = "sha256:e6c6b4334fc50988a639d9b98aa429a0b57da6e17b9a44f0451f930b6967b7a4"}, +] +colorful = [ + {file = "colorful-0.5.4-py2.py3-none-any.whl", hash = "sha256:8d264b52a39aae4c0ba3e2a46afbaec81b0559a99be0d2cfe2aba4cf94531348"}, + {file = "colorful-0.5.4.tar.gz", hash = "sha256:86848ad4e2eda60cd2519d8698945d22f6f6551e23e95f3f14dfbb60997807ea"}, +] diff --git a/examples/fixtures/python3.9-app-poetry/poetry.toml b/examples/fixtures/python3.9-app-poetry/poetry.toml new file mode 100644 index 00000000..e69de29b diff --git a/examples/fixtures/python3.9-app-poetry/pyproject.toml b/examples/fixtures/python3.9-app-poetry/pyproject.toml new file mode 100644 index 00000000..c09d58aa --- /dev/null +++ b/examples/fixtures/python3.9-app-poetry/pyproject.toml @@ -0,0 +1,15 @@ +[tool.poetry] +name = "python3.9-app-poetry" +version = "0.1.0" +description = "" +authors = ["Your Name "] + +[tool.poetry.dependencies] +python = "^3.7" +colorful = "^0.5.4" + +[tool.poetry.dev-dependencies] + +[build-system] +requires = ["poetry-core>=1.0.0"] +build-backend = "poetry.core.masonry.api" diff --git a/examples/simple/main.tf b/examples/simple/main.tf index e64f2310..3bff4e4d 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -301,7 +301,7 @@ module "lambda_function" { # docker_with_ssh_agent = true # docker_file = "${path.module}/../fixtures/python3.8-app1/docker/Dockerfile" # docker_build_root = "${path.module}/../../docker" - # docker_image = "lambci/lambda:build-python3.8" + # docker_image = "public.ecr.aws/sam/build-python3.8" } #### diff --git a/package.py b/package.py index 02b105cf..f7c7b440 100644 --- a/package.py +++ b/package.py @@ -615,6 +615,19 @@ def emit_file(fpath, opath): yield from emit_file(f, o) +def get_build_system_from_pyproject_toml(pyproject_file): + # Implement a basic TOML parser because python stdlib does not provide toml support and we probably do not want to add external dependencies + if os.path.isfile(pyproject_file): + with open(pyproject_file) as f: + bs = False + for line in f.readlines(): + if line.startswith("[build-system]"): + bs = True + continue + if bs and line.startswith("build-backend") and "poetry" in line: + return "poetry" + + class BuildPlanManager: """""" @@ -667,6 +680,23 @@ def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): step('pip', runtime, requirements, prefix, tmp_dir) hash(requirements) + def poetry_install_step(path, prefix=None, required=False): + pyproject_file = path + if os.path.isdir(path): + pyproject_file = os.path.join(path, "pyproject.toml") + if get_build_system_from_pyproject_toml(pyproject_file) != "poetry": + if required: + raise RuntimeError("poetry configuration not found: {}".format(pyproject_file)) + else: + step("poetry", runtime, path, prefix) + hash(pyproject_file) + poetry_lock_file = os.path.join(path, "poetry.lock") + if os.path.isfile(poetry_lock_file): + hash(poetry_lock_file) + poetry_toml_file = os.path.join(path, "poetry.toml") + if os.path.isfile(poetry_toml_file): + hash(poetry_toml_file) + def npm_requirements_step(path, prefix=None, required=False, tmp_dir=None): command = "npm" requirements = path @@ -742,6 +772,7 @@ def commands_step(path, commands): if runtime.startswith('python'): pip_requirements_step( os.path.join(path, 'requirements.txt')) + poetry_install_step(path) elif runtime.startswith('nodejs'): npm_requirements_step( os.path.join(path, 'package.json')) @@ -759,6 +790,7 @@ def commands_step(path, commands): else: prefix = claim.get('prefix_in_zip') pip_requirements = claim.get('pip_requirements') + poetry_install = claim.get("poetry_install") npm_requirements = claim.get('npm_package_json') runtime = claim.get('runtime', query.runtime) @@ -769,13 +801,16 @@ def commands_step(path, commands): pip_requirements_step(pip_requirements, prefix, required=True, tmp_dir=claim.get('pip_tmp_dir')) + if poetry_install and runtime.startswith("python"): + if path: + poetry_install_step(path, prefix, required=True) + if npm_requirements and runtime.startswith('nodejs'): if isinstance(npm_requirements, bool) and path: npm_requirements_step(path, prefix, required=True, tmp_dir=claim.get('npm_tmp_dir')) else: npm_requirements_step(npm_requirements, prefix, required=True, tmp_dir=claim.get('npm_tmp_dir')) - if path: step('zip', path, prefix) if patterns: @@ -824,8 +859,16 @@ def execute(self, build_plan, zip_stream, query): with install_pip_requirements(query, pip_requirements, tmp_dir) as rd: if rd: if pf: - self._zip_write_with_filter(zs, pf, rd, prefix, - timestamp=0) + self._zip_write_with_filter(zs, pf, rd, prefix, timestamp=0) + else: + # XXX: timestamp=0 - what actually do with it? + zs.write_dirs(rd, prefix=prefix, timestamp=0) + elif cmd == "poetry": + runtime, path, prefix = action[1:] + with install_poetry_dependencies(query, path) as rd: + if rd: + if pf: + self._zip_write_with_filter(zs, pf, rd, prefix, timestamp=0) else: # XXX: timestamp=0 - what actually do with it? zs.write_dirs(rd, prefix=prefix, timestamp=0) @@ -980,6 +1023,178 @@ def install_pip_requirements(query, requirements_file, tmp_dir): yield temp_dir +@contextmanager +def install_poetry_dependencies(query, path): + # TODO: + # 1. Emit files instead of temp_dir + + # pyproject.toml is always required by poetry + pyproject_file = os.path.join(path, "pyproject.toml") + if not os.path.exists(pyproject_file): + yield + return + + # poetry.lock & poetry.toml are optional + poetry_lock_file = os.path.join(path, "poetry.lock") + poetry_toml_file = os.path.join(path, "poetry.toml") + + runtime = query.runtime + artifacts_dir = query.artifacts_dir + docker = query.docker + docker_image_tag_id = None + + if docker: + docker_file = docker.docker_file + docker_image = docker.docker_image + docker_build_root = docker.docker_build_root + + if docker_image: + ok = False + while True: + output = check_output(docker_image_id_command(docker_image)) + if output: + docker_image_tag_id = output.decode().strip() + log.debug( + "DOCKER TAG ID: %s -> %s", docker_image, docker_image_tag_id + ) + ok = True + if ok: + break + docker_cmd = docker_build_command( + build_root=docker_build_root, + docker_file=docker_file, + tag=docker_image, + ) + check_call(docker_cmd) + ok = True + elif docker_file or docker_build_root: + raise ValueError( + "docker_image must be specified for a custom image future references" + ) + + working_dir = os.getcwd() + + log.info("Installing python dependencies with poetry & pip: %s", poetry_lock_file) + with tempdir() as temp_dir: + def copy_file_to_target(file, temp_dir): + filename = os.path.basename(file) + target_file = os.path.join(temp_dir, filename) + shutil.copyfile(file, target_file) + return target_file + + pyproject_target_file = copy_file_to_target(pyproject_file, temp_dir) + + if os.path.isfile(poetry_lock_file): + log.info("Using poetry lock file: %s", poetry_lock_file) + poetry_lock_target_file = copy_file_to_target(poetry_lock_file, temp_dir) + else: + poetry_lock_target_file = None + + if os.path.isfile(poetry_toml_file): + log.info("Using poetry configuration file: %s", poetry_lock_file) + poetry_toml_target_file = copy_file_to_target(poetry_toml_file, temp_dir) + else: + poetry_toml_target_file = None + + poetry_exec = "poetry" + python_exec = runtime + subproc_env = None + + if not docker: + if WINDOWS: + poetry_exec = "poetry.bat" + + # Install dependencies into the temporary directory. + with cd(temp_dir): + # NOTE: poetry must be available in the build environment, which is the case with lambci/lambda:build-python* docker images but not public.ecr.aws/sam/build-python* docker images + # FIXME: poetry install does not currently allow to specify the target directory so we export the + # requirements then install them with "pip --no-deps" to avoid using pip dependency resolver + poetry_commands = [ + shlex_join( + [ + poetry_exec, + "config", + "--no-interaction", + "virtualenvs.create", + "true", + ] + ), + shlex_join( + [ + poetry_exec, + "config", + "--no-interaction", + "virtualenvs.in-project", + "true", + ] + ), + shlex_join( + [ + poetry_exec, + "export", + "--format", + "requirements.txt", + "--output", + "requirements.txt", + "--with-credentials", + ] + ), + shlex_join( + [ + python_exec, + "-m", + "pip", + "install", + "--no-compile", + "--no-deps", + "--prefix=", + "--target=.", + "--requirement=requirements.txt", + ] + ), + ] + if docker: + with_ssh_agent = docker.with_ssh_agent + poetry_cache_dir = docker.docker_poetry_cache + if poetry_cache_dir: + if isinstance(poetry_cache_dir, str): + poetry_cache_dir = os.path.abspath( + os.path.join(working_dir, poetry_cache_dir) + ) + else: + poetry_cache_dir = os.path.abspath( + os.path.join(working_dir, artifacts_dir, "cache/poetry") + ) + + chown_mask = "{}:{}".format(os.getuid(), os.getgid()) + shell_commands = poetry_commands + [shlex_join(["chown", "-R", chown_mask, "."])] + shell_command = [" && ".join(shell_commands)] + check_call( + docker_run_command( + ".", + shell_command, + runtime, + image=docker_image_tag_id, + shell=True, + ssh_agent=with_ssh_agent, + poetry_cache_dir=poetry_cache_dir, + ) + ) + else: + cmd_log.info(poetry_commands) + log_handler and log_handler.flush() + for poetry_command in poetry_commands: + check_call(poetry_command, env=subproc_env) + + os.remove(pyproject_target_file) + if poetry_lock_target_file: + os.remove(poetry_lock_target_file) + if poetry_toml_target_file: + os.remove(poetry_toml_target_file) + + yield temp_dir + + @contextmanager def install_npm_requirements(query, requirements_file, tmp_dir): # TODO: @@ -1095,7 +1310,7 @@ def docker_build_command(tag=None, docker_file=None, build_root=False): def docker_run_command(build_root, command, runtime, image=None, shell=None, ssh_agent=False, - interactive=False, pip_cache_dir=None): + interactive=False, pip_cache_dir=None, poetry_cache_dir=None): """""" if platform.system() not in ('Linux', 'Darwin'): raise RuntimeError("Unsupported platform for docker building") @@ -1138,6 +1353,11 @@ def docker_run_command(build_root, command, runtime, docker_cmd.extend([ '-v', '{}:/root/.cache/pip:z'.format(pip_cache_dir), ]) + if poetry_cache_dir: + poetry_cache_dir = os.path.abspath(poetry_cache_dir) + docker_cmd.extend([ + '-v', '{}:/root/.cache/pypoetry:z'.format(poetry_cache_dir), + ]) if not image: image = 'public.ecr.aws/sam/build-{}'.format(runtime) diff --git a/tests/fixtures/pyproject-unknown.toml b/tests/fixtures/pyproject-unknown.toml new file mode 100644 index 00000000..4f0e31e0 --- /dev/null +++ b/tests/fixtures/pyproject-unknown.toml @@ -0,0 +1,2 @@ +[build-system] +build-backend = "dummy" diff --git a/tests/test_package_toml.py b/tests/test_package_toml.py new file mode 100644 index 00000000..129ac588 --- /dev/null +++ b/tests/test_package_toml.py @@ -0,0 +1,23 @@ +from package import get_build_system_from_pyproject_toml + + +def test_get_build_system_from_pyproject_toml_inexistent(): + assert ( + get_build_system_from_pyproject_toml("fixtures/inexistent/pyproject.toml") + is None + ) + + +def test_get_build_system_from_pyproject_toml_unknown(): + assert ( + get_build_system_from_pyproject_toml("fixtures/pyproject-unknown.toml") is None + ) + + +def test_get_build_system_from_pyproject_toml_poetry(): + assert ( + get_build_system_from_pyproject_toml( + "examples/fixtures/python3.9-app-poetry/pyproject.toml" + ) + == "poetry" + ) diff --git a/tox.ini b/tox.ini new file mode 100644 index 00000000..f0297d3f --- /dev/null +++ b/tox.ini @@ -0,0 +1,8 @@ +[tox] +skipsdist=True + +[testenv] +deps = + pytest==7.1.3 +commands = + python -m pytest {posargs} tests/ From b36268c3fc42e22bb3d43a5aa540d27f5d8abbd3 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 31 Oct 2022 14:35:01 +0000 Subject: [PATCH 215/385] chore(release): version 4.3.0 [skip ci] ## [4.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.2.2...v4.3.0) (2022-10-31) ### Features * Support installing poetry dependencies with pip ([#311](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/311)) ([398ae5a](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/398ae5a9ace660bb3e7021824c0bffe1ee19f44c)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8675b7c5..a9da5771 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.2.2...v4.3.0) (2022-10-31) + + +### Features + +* Support installing poetry dependencies with pip ([#311](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/311)) ([398ae5a](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/398ae5a9ace660bb3e7021824c0bffe1ee19f44c)) + ### [4.2.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.2.1...v4.2.2) (2022-10-31) From 7df6bbffa3d7d87570d6858db770bf8059f20591 Mon Sep 17 00:00:00 2001 From: Alisson Ramos de Oliveira Date: Mon, 31 Oct 2022 17:22:05 +0000 Subject: [PATCH 216/385] feat: Add a way to define IAM policy name prefix (#354) Co-authored-by: Anton Babenko --- README.md | 1 + iam.tf | 19 ++++++++++--------- variables.tf | 6 ++++++ 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index f58e7384..eaf678f1 100644 --- a/README.md +++ b/README.md @@ -752,6 +752,7 @@ No modules. | [policy](#input\_policy) | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no | | [policy\_json](#input\_policy\_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | | [policy\_jsons](#input\_policy\_jsons) | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no | +| [policy\_name](#input\_policy\_name) | IAM policy name. It override the default value, which is the same as role\_name | `string` | `null` | no | | [policy\_path](#input\_policy\_path) | Path of policies to that should be added to IAM role for Lambda Function | `string` | `null` | no | | [policy\_statements](#input\_policy\_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | | [provisioned\_concurrent\_executions](#input\_provisioned\_concurrent\_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | diff --git a/iam.tf b/iam.tf index 93d444a2..5ffb5e36 100644 --- a/iam.tf +++ b/iam.tf @@ -11,7 +11,8 @@ locals { # attempting to plan if the role_name and function_name are not set. This is a workaround # for #83 that will allow one to import resources without receiving an error from coalesce. # @see https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/83 - role_name = local.create_role ? coalesce(var.role_name, var.function_name, "*") : null + role_name = local.create_role ? coalesce(var.role_name, var.function_name, "*") : null + policy_name = coalesce(var.policy_name, local.role_name) # IAM Role trusted entities is a list of any (allow strings (services) and maps (type+identifiers)) trusted_entities_services = distinct(compact(concat( @@ -132,7 +133,7 @@ data "aws_iam_policy_document" "logs" { resource "aws_iam_policy" "logs" { count = local.create_role && var.attach_cloudwatch_logs_policy ? 1 : 0 - name = "${local.role_name}-logs" + name = "${local.policy_name}-logs" path = var.policy_path policy = data.aws_iam_policy_document.logs[0].json tags = var.tags @@ -169,7 +170,7 @@ data "aws_iam_policy_document" "dead_letter" { resource "aws_iam_policy" "dead_letter" { count = local.create_role && var.attach_dead_letter_policy ? 1 : 0 - name = "${local.role_name}-dl" + name = "${local.policy_name}-dl" path = var.policy_path policy = data.aws_iam_policy_document.dead_letter[0].json tags = var.tags @@ -196,7 +197,7 @@ data "aws_iam_policy" "vpc" { resource "aws_iam_policy" "vpc" { count = local.create_role && var.attach_network_policy ? 1 : 0 - name = "${local.role_name}-vpc" + name = "${local.policy_name}-vpc" path = var.policy_path policy = data.aws_iam_policy.vpc[0].policy tags = var.tags @@ -223,7 +224,7 @@ data "aws_iam_policy" "tracing" { resource "aws_iam_policy" "tracing" { count = local.create_role && var.attach_tracing_policy ? 1 : 0 - name = "${local.role_name}-tracing" + name = "${local.policy_name}-tracing" path = var.policy_path policy = data.aws_iam_policy.tracing[0].policy tags = var.tags @@ -260,7 +261,7 @@ data "aws_iam_policy_document" "async" { resource "aws_iam_policy" "async" { count = local.create_role && var.attach_async_event_policy ? 1 : 0 - name = "${local.role_name}-async" + name = "${local.policy_name}-async" path = var.policy_path policy = data.aws_iam_policy_document.async[0].json tags = var.tags @@ -280,7 +281,7 @@ resource "aws_iam_role_policy_attachment" "async" { resource "aws_iam_policy" "additional_json" { count = local.create_role && var.attach_policy_json ? 1 : 0 - name = local.role_name + name = local.policy_name path = var.policy_path policy = var.policy_json tags = var.tags @@ -300,7 +301,7 @@ resource "aws_iam_role_policy_attachment" "additional_json" { resource "aws_iam_policy" "additional_jsons" { count = local.create_role && var.attach_policy_jsons ? var.number_of_policy_jsons : 0 - name = "${local.role_name}-${count.index}" + name = "${local.policy_name}-${count.index}" path = var.policy_path policy = var.policy_jsons[count.index] tags = var.tags @@ -384,7 +385,7 @@ data "aws_iam_policy_document" "additional_inline" { resource "aws_iam_policy" "additional_inline" { count = local.create_role && var.attach_policy_statements ? 1 : 0 - name = "${local.role_name}-inline" + name = "${local.policy_name}-inline" path = var.policy_path policy = data.aws_iam_policy_document.additional_inline[0].json tags = var.tags diff --git a/variables.tf b/variables.tf index e3abaaca..0413e557 100644 --- a/variables.tf +++ b/variables.tf @@ -433,6 +433,12 @@ variable "role_tags" { # Policies ########### +variable "policy_name" { + description = "IAM policy name. It override the default value, which is the same as role_name" + type = string + default = null +} + variable "attach_cloudwatch_logs_policy" { description = "Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function" type = bool From a6e4480560c202538aa2a0ce61d7dcbeab381795 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 31 Oct 2022 17:22:50 +0000 Subject: [PATCH 217/385] chore(release): version 4.4.0 [skip ci] ## [4.4.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.3.0...v4.4.0) (2022-10-31) ### Features * Add a way to define IAM policy name prefix ([#354](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/354)) ([7df6bbf](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/7df6bbffa3d7d87570d6858db770bf8059f20591)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a9da5771..575cd91b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.4.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.3.0...v4.4.0) (2022-10-31) + + +### Features + +* Add a way to define IAM policy name prefix ([#354](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/354)) ([7df6bbf](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/7df6bbffa3d7d87570d6858db770bf8059f20591)) + ## [4.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.2.2...v4.3.0) (2022-10-31) From c8bde3c336aa4cc886ff11da15f13764fc93bb43 Mon Sep 17 00:00:00 2001 From: Luigi Di Fraia <93160889+luigidifraiawork@users.noreply.github.com> Date: Mon, 31 Oct 2022 17:52:46 +0000 Subject: [PATCH 218/385] chore: Add dedicated NACL rules to intra subnets in example with VPC and S3 Gateway endpoint (#367) Co-authored-by: Anton Babenko --- examples/with-vpc-s3-endpoint/README.md | 1 + examples/with-vpc-s3-endpoint/main.tf | 33 +++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index 637c2e76..1341af8d 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -48,6 +48,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Type | |------|------| | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_ec2_managed_prefix_list.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_managed_prefix_list) | data source | | [aws_iam_policy_document.bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.endpoint](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | diff --git a/examples/with-vpc-s3-endpoint/main.tf b/examples/with-vpc-s3-endpoint/main.tf index 009254ef..e574a06a 100644 --- a/examples/with-vpc-s3-endpoint/main.tf +++ b/examples/with-vpc-s3-endpoint/main.tf @@ -55,6 +55,10 @@ resource "random_pet" "this" { length = 2 } +data "aws_ec2_managed_prefix_list" "this" { + name = "com.amazonaws.${data.aws_region.current.name}.s3" +} + module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "~> 3.0" @@ -66,6 +70,35 @@ module "vpc" { # Intra subnets are designed to have no Internet access via NAT Gateway. intra_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] + + intra_dedicated_network_acl = true + intra_inbound_acl_rules = concat( + # NACL rule for local traffic + [ + { + rule_number = 100 + rule_action = "allow" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_block = "10.0.0.0/16" + }, + ], + # NACL rules for the response traffic from addresses in the AWS S3 prefix list + [for k, v in zipmap( + range(length(data.aws_ec2_managed_prefix_list.this.entries[*].cidr)), + data.aws_ec2_managed_prefix_list.this.entries[*].cidr + ) : + { + rule_number = 200 + k + rule_action = "allow" + from_port = 1024 + to_port = 65535 + protocol = "tcp" + cidr_block = v + } + ] + ) } module "vpc_endpoints" { From da56fc56b9b98535f24db013a1d6e34c3fa3a066 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 31 Oct 2022 21:24:51 +0100 Subject: [PATCH 219/385] fix: Fixed policy name when create_role is false (#371) --- iam.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iam.tf b/iam.tf index 5ffb5e36..91feaa9e 100644 --- a/iam.tf +++ b/iam.tf @@ -12,7 +12,7 @@ locals { # for #83 that will allow one to import resources without receiving an error from coalesce. # @see https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/83 role_name = local.create_role ? coalesce(var.role_name, var.function_name, "*") : null - policy_name = coalesce(var.policy_name, local.role_name) + policy_name = coalesce(var.policy_name, local.role_name, "*") # IAM Role trusted entities is a list of any (allow strings (services) and maps (type+identifiers)) trusted_entities_services = distinct(compact(concat( From 61180bd080c17569eb5cce803e363503ef9d8a02 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 31 Oct 2022 20:25:28 +0000 Subject: [PATCH 220/385] chore(release): version 4.4.1 [skip ci] ### [4.4.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.4.0...v4.4.1) (2022-10-31) ### Bug Fixes * Fixed policy name when create_role is false ([#371](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/371)) ([da56fc5](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/da56fc56b9b98535f24db013a1d6e34c3fa3a066)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 575cd91b..426962b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.4.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.4.0...v4.4.1) (2022-10-31) + + +### Bug Fixes + +* Fixed policy name when create_role is false ([#371](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/371)) ([da56fc5](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/da56fc56b9b98535f24db013a1d6e34c3fa3a066)) + ## [4.4.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.3.0...v4.4.0) (2022-10-31) From dc4d00068dc1bb1cbcac8943541b6406abcecbf2 Mon Sep 17 00:00:00 2001 From: AllanBenson001 <95691842+AllanBenson001@users.noreply.github.com> Date: Mon, 31 Oct 2022 20:32:35 +0000 Subject: [PATCH 221/385] feat: Support additional arguments for docker and entrypoint override (#366) Co-authored-by: Anton Babenko --- README.md | 23 +++++++++++++++ examples/build-package/README.md | 1 + examples/build-package/main.tf | 29 +++++++++++++++++++ .../python3.8-app1/docker/entrypoint.sh | 11 +++++++ package.py | 16 +++++++--- package.tf | 12 ++++---- variables.tf | 12 ++++++++ 7 files changed, 95 insertions(+), 9 deletions(-) create mode 100755 examples/fixtures/python3.8-app1/docker/entrypoint.sh diff --git a/README.md b/README.md index eaf678f1..5fba379d 100644 --- a/README.md +++ b/README.md @@ -474,6 +474,27 @@ Note that by default, the `docker_image` used comes from the registry `public.ec If you override `docker_image`, be sure to keep the image in sync with your `runtime`. During the plan phase, when using docker, there is no check that the `runtime` is available to build the package. That means that if you use an image that does not have the runtime, the plan will still succeed, but then the apply will fail. +#### Passing additional Docker options + +To add flexibility when building in docker, you can pass any number of additional options that you require (see [Docker run reference](https://docs.docker.com/engine/reference/run/) for available options): + +```hcl + docker_additional_options = [ + "-e", "MY_ENV_VAR='My environment variable value'", + "-v", "/local:/docker-vol", + ] +``` + +#### Overriding Docker Entrypoint + +To override the docker entrypoint when building in docker, set `docker_entrypoint`: + +```hcl + docker_entrypoint = "/entrypoint/entrypoint.sh" +``` + +The entrypoint must map to a path within your container, so you need to either build your own image that contains the entrypoint or map it to a file on the host by mounting a volume (see [Passing additional Docker options](#passing-additional-docker-options)). + ## Deployment package - Create or use existing By default, this module creates deployment package and uses it to create or update Lambda Function or Lambda Layer. @@ -716,7 +737,9 @@ No modules. | [description](#input\_description) | Description of your Lambda Function (or Layer) | `string` | `""` | no | | [destination\_on\_failure](#input\_destination\_on\_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no | | [destination\_on\_success](#input\_destination\_on\_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no | +| [docker\_additional\_options](#input\_docker\_additional\_options) | Additional options to pass to the docker run command (e.g. to set environment variables, volumes, etc.) | `list(string)` | `[]` | no | | [docker\_build\_root](#input\_docker\_build\_root) | Root dir where to build in Docker | `string` | `""` | no | +| [docker\_entrypoint](#input\_docker\_entrypoint) | Path to the Docker entrypoint to use | `string` | `null` | no | | [docker\_file](#input\_docker\_file) | Path to a Dockerfile when building in Docker | `string` | `""` | no | | [docker\_image](#input\_docker\_image) | Docker image to use for the build | `string` | `""` | no | | [docker\_pip\_cache](#input\_docker\_pip\_cache) | Whether to mount a shared pip cache folder into docker environment or not | `any` | `null` | no | diff --git a/examples/build-package/README.md b/examples/build-package/README.md index d7e5a84b..ac20cd70 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -50,6 +50,7 @@ Note that this example may create resources which cost money. Run `terraform des | [package\_with\_npm\_requirements\_in\_docker](#module\_package\_with\_npm\_requirements\_in\_docker) | ../../ | n/a | | [package\_with\_patterns](#module\_package\_with\_patterns) | ../../ | n/a | | [package\_with\_pip\_requirements\_in\_docker](#module\_package\_with\_pip\_requirements\_in\_docker) | ../../ | n/a | +| [package\_with\_pip\_requirements\_in\_docker\_overriding\_entrypoint](#module\_package\_with\_pip\_requirements\_in\_docker\_overriding\_entrypoint) | ../../ | n/a | ## Resources diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 42157a3f..5ce7f9df 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -131,6 +131,35 @@ module "package_with_pip_requirements_in_docker" { build_in_docker = true } +# Create zip-archive which contains: +# 1. A single file - index.py +# 2. Content of directory "dir2" +# 3. Install pip requirements +# "pip install" is running in a Docker container for the specified runtime +# The docker entrypoint is overridden, allowing you to run additional commands within the container +module "package_with_pip_requirements_in_docker_overriding_entrypoint" { + source = "../../" + + create_function = false + + runtime = "python3.8" + source_path = [ + "${path.module}/../fixtures/python3.8-app1/index.py", + "${path.module}/../fixtures/python3.8-app1/dir1/dir2", + { + pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" + } + ] + hash_extra = "package_with_pip_requirements_in_docker_overriding_entrypoint" + + build_in_docker = true + docker_additional_options = [ + "-e", "MY_ENV_VAR='My environment variable value'", + "-v", "${abspath(path.module)}/../fixtures/python3.8-app1/docker/entrypoint.sh:/entrypoint/entrypoint.sh:ro", + ] + docker_entrypoint = "/entrypoint/entrypoint.sh" +} + # Create zip-archive which contains content of directory with commands and patterns applied. # # Notes: diff --git a/examples/fixtures/python3.8-app1/docker/entrypoint.sh b/examples/fixtures/python3.8-app1/docker/entrypoint.sh new file mode 100755 index 00000000..1fc166c7 --- /dev/null +++ b/examples/fixtures/python3.8-app1/docker/entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +echo in entrypoint +echo I can read $MY_ENV_VAR and my volume: +ls -la /entrypoint + +echo "running command $@" +"$@" + +echo finished running entrypoint diff --git a/package.py b/package.py index f7c7b440..48a3c4bd 100644 --- a/package.py +++ b/package.py @@ -1005,7 +1005,7 @@ def install_pip_requirements(query, requirements_file, tmp_dir): '.', shell_command, runtime, image=docker_image_tag_id, shell=True, ssh_agent=with_ssh_agent, - pip_cache_dir=pip_cache_dir, + pip_cache_dir=pip_cache_dir, docker=docker, )) else: cmd_log.info(shlex_join(pip_command)) @@ -1260,7 +1260,8 @@ def install_npm_requirements(query, requirements_file, tmp_dir): check_call(docker_run_command( '.', shell_command, runtime, image=docker_image_tag_id, - shell=True, ssh_agent=with_ssh_agent + shell=True, ssh_agent=with_ssh_agent, + docker=docker, )) else: cmd_log.info(shlex_join(npm_command)) @@ -1310,7 +1311,8 @@ def docker_build_command(tag=None, docker_file=None, build_root=False): def docker_run_command(build_root, command, runtime, image=None, shell=None, ssh_agent=False, - interactive=False, pip_cache_dir=None, poetry_cache_dir=None): + interactive=False, pip_cache_dir=None, poetry_cache_dir=None, + docker=None): """""" if platform.system() not in ('Linux', 'Darwin'): raise RuntimeError("Unsupported platform for docker building") @@ -1331,6 +1333,9 @@ def docker_run_command(build_root, command, runtime, '-v', '{}/.ssh/known_hosts:/root/.ssh/known_hosts:z'.format(home), ]) + if docker and docker.docker_additional_options: + docker_cmd.extend(docker.docker_additional_options) + if ssh_agent: if platform.system() == 'Darwin': # https://docs.docker.com/docker-for-mac/osxfs/#ssh-agent-forwarding @@ -1362,7 +1367,10 @@ def docker_run_command(build_root, command, runtime, if not image: image = 'public.ecr.aws/sam/build-{}'.format(runtime) - docker_cmd.extend(['--entrypoint', '']) + if docker and docker.docker_entrypoint: + docker_cmd.extend(['--entrypoint', docker.docker_entrypoint]) + else: + docker_cmd.extend(['--entrypoint', '']) docker_cmd.append(image) diff --git a/package.tf b/package.tf index ca473a48..b68dc89f 100644 --- a/package.tf +++ b/package.tf @@ -17,11 +17,13 @@ data "external" "archive_prepare" { }) docker = var.build_in_docker ? jsonencode({ - docker_pip_cache = var.docker_pip_cache - docker_build_root = var.docker_build_root - docker_file = var.docker_file - docker_image = var.docker_image - with_ssh_agent = var.docker_with_ssh_agent + docker_pip_cache = var.docker_pip_cache + docker_build_root = var.docker_build_root + docker_file = var.docker_file + docker_image = var.docker_image + with_ssh_agent = var.docker_with_ssh_agent + docker_additional_options = var.docker_additional_options + docker_entrypoint = var.docker_entrypoint }) : null artifacts_dir = var.artifacts_dir diff --git a/variables.tf b/variables.tf index 0413e557..c245db7a 100644 --- a/variables.tf +++ b/variables.tf @@ -683,6 +683,18 @@ variable "docker_pip_cache" { default = null } +variable "docker_additional_options" { + description = "Additional options to pass to the docker run command (e.g. to set environment variables, volumes, etc.)" + type = list(string) + default = [] +} + +variable "docker_entrypoint" { + description = "Path to the Docker entrypoint to use" + type = string + default = null +} + variable "recreate_missing_package" { description = "Whether to recreate missing Lambda package if it is missing locally or not" type = bool From 90bc484426905e0be1a3f965fc57281c1a0845e9 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 31 Oct 2022 20:33:14 +0000 Subject: [PATCH 222/385] chore(release): version 4.5.0 [skip ci] ## [4.5.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.4.1...v4.5.0) (2022-10-31) ### Features * Support additional arguments for docker and entrypoint override ([#366](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/366)) ([dc4d000](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/dc4d00068dc1bb1cbcac8943541b6406abcecbf2)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 426962b6..05cb3986 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.5.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.4.1...v4.5.0) (2022-10-31) + + +### Features + +* Support additional arguments for docker and entrypoint override ([#366](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/366)) ([dc4d000](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/dc4d00068dc1bb1cbcac8943541b6406abcecbf2)) + ### [4.4.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.4.0...v4.4.1) (2022-10-31) From bfcd34cfb21e4975990c807b85747f52b8601567 Mon Sep 17 00:00:00 2001 From: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> Date: Thu, 3 Nov 2022 03:44:49 -0700 Subject: [PATCH 223/385] feat: Add SAM Metadata resources to enable the integration with SAM CLI tool (#325) Co-authored-by: Anton Babenko --- README.md | 32 ++++++++++++++++++ main.tf | 56 ++++++++++++++++++++++++++++++++ modules/docker-build/README.md | 3 ++ modules/docker-build/main.tf | 16 +++++++++ modules/docker-build/versions.tf | 4 +++ 5 files changed, 111 insertions(+) diff --git a/README.md b/README.md index 5fba379d..f470ffe6 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,7 @@ This Terraform module is the part of [serverless.tf framework](https://github.co 3. Create, update, and publish AWS Lambda Function and Lambda Layer - [see usage](#usage). 4. Create static and dynamic aliases for AWS Lambda Function - [see usage](#usage), see [modules/alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/modules/alias). 5. Do complex deployments (eg, rolling, canary, rollbacks, triggers) - [read more](#deployment), see [modules/deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/modules/deploy). +6. Use AWS SAM CLI to test Lambda Function - [read more](#sam_cli_integration). ## Features @@ -551,6 +552,35 @@ module "lambda_function_existing_package_from_remote_url" { } ``` +## How to use AWS SAM CLI to test Lambda Function? +[AWS SAM CLI](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-command-reference.html) is an open source tool that help the developers to initiate, build, test, and deploy serverless +applications. Currently, SAM CLI tool only supports CFN applications, but SAM CLI team is working on a feature to extend the testing capabilities to support terraform applications (check this [Github issue](https://github.com/aws/aws-sam-cli/issues/3154) +to be updated about the incoming releases, and features included in each release for the Terraform support feature). + +SAM CLI provides two ways of testing: local testing and testing on-cloud (Accelerate). + +### Local Testing +Using SAM CLI, you can invoke the lambda functions defined in the terraform application locally using the [sam local invoke](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-local-invoke.html) +command, providing the function terraform address, or function name, and to set the `hook-package-id` to `terraform` to tell SAM CLI that the underlying project is a terraform application. + +You can execute the `sam local invoke` command from your terraform application root directory as following: +``` +sam local invoke --hook-package-id terraform module.hello_world_function.aws_lambda_function.this[0] +``` +You can also pass an event to your lambda function, or overwrite its environment variables. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-invoke.html) for more information. + +You can also invoke your lambda function in debugging mode, and step-through your lambda function source code locally in your preferred editor. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-debugging.html) for more information. + +### Testing on-cloud (Accelerate) +You can use AWS SAM CLI to quickly test your application on your AWS development account. Using SAM Accelerate, you will be able to develop your lambda functions locally, +and once you save your updates, SAM CLI will update your development account with the updated Lambda functions. So, you can test it on cloud, and if there is any bug, +you can quickly update the code, and SAM CLI will take care of pushing it to the cloud. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/accelerate.html) for more information about SAM Accelerate. + +You can execute the `sam sync` command from your terraform application root directory as following: +``` +sam sync --hook-package-id terraform --watch +``` + ## How to deploy and manage Lambda Functions? ### Simple deployments @@ -682,6 +712,8 @@ No modules. | [aws_s3_object.lambda_package](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource | | [local_file.archive_plan](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | | [null_resource.archive](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [null_resource.sam_metadata_aws_lambda_function](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [null_resource.sam_metadata_aws_lambda_layer_version](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_arn.log_group_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | | [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | data source | | [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | diff --git a/main.tf b/main.tf index eb2ac7a1..1264c2a7 100644 --- a/main.tf +++ b/main.tf @@ -326,3 +326,59 @@ resource "aws_lambda_function_url" "this" { } } } + +# This resource contains the extra information required by SAM CLI to provide the testing capabilities +# to the TF application. The required data is where SAM CLI can find the Lambda function source code +# and what are the resources that contain the building logic. +resource "null_resource" "sam_metadata_aws_lambda_function" { + count = local.create && var.create_package && var.create_function && !var.create_layer ? 1 : 0 + + triggers = { + # This is a way to let SAM CLI correlates between the Lambda function resource, and this metadata + # resource + resource_name = "aws_lambda_function.this[0]" + resource_type = "ZIP_LAMBDA_FUNCTION" + + # The Lambda function source code. + original_source_code = jsonencode(var.source_path) + + # a property to let SAM CLI knows where to find the Lambda function source code if the provided + # value for original_source_code attribute is map. + source_code_property = "path" + + # A property to let SAM CLI knows where to find the Lambda function built output + built_output_path = data.external.archive_prepare[0].result.filename + } + + # SAM CLI can run terraform apply -target metadata resource, and this will apply the building + # resources as well + depends_on = [data.external.archive_prepare, null_resource.archive] +} + +# This resource contains the extra information required by SAM CLI to provide the testing capabilities +# to the TF application. The required data is where SAM CLI can find the Lambda layer source code +# and what are the resources that contain the building logic. +resource "null_resource" "sam_metadata_aws_lambda_layer_version" { + count = local.create && var.create_package && var.create_layer ? 1 : 0 + + triggers = { + # This is a way to let SAM CLI correlates between the Lambda layer resource, and this metadata + # resource + resource_name = "aws_lambda_layer_version.this[0]" + resource_type = "LAMBDA_LAYER" + + # The Lambda layer source code. + original_source_code = jsonencode(var.source_path) + + # a property to let SAM CLI knows where to find the Lambda layer source code if the provided + # value for original_source_code attribute is map. + source_code_property = "path" + + # A property to let SAM CLI knows where to find the Lambda layer built output + built_output_path = data.external.archive_prepare[0].result.filename + } + + # SAM CLI can run terraform apply -target metadata resource, and this will apply the building + # resources as well + depends_on = [data.external.archive_prepare, null_resource.archive] +} diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index eafd6871..b835a325 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -55,6 +55,7 @@ module "docker_image" { | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 4.22 | | [docker](#requirement\_docker) | >= 2.12 | +| [null](#requirement\_null) | >= 2.0 | ## Providers @@ -62,6 +63,7 @@ module "docker_image" { |------|---------| | [aws](#provider\_aws) | >= 4.22 | | [docker](#provider\_docker) | >= 2.12 | +| [null](#provider\_null) | >= 2.0 | ## Modules @@ -74,6 +76,7 @@ No modules. | [aws_ecr_lifecycle_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource | | [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource | | [docker_registry_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/registry_image) | resource | +| [null_resource.sam_metadata_docker_registry_image](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index 9ff74152..c96cfbee 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -41,3 +41,19 @@ resource "aws_ecr_lifecycle_policy" "this" { policy = var.ecr_repo_lifecycle_policy repository = local.ecr_repo } + +# This resource contains the extra information required by SAM CLI to provide the testing capabilities +# to the TF application. This resource will maintain the metadata information about the image type lambda +# functions. It will contain the information required to build the docker image locally. +resource "null_resource" "sam_metadata_docker_registry_image" { + triggers = { + resource_type = "IMAGE_LAMBDA_FUNCTION" + docker_context = var.source_path + docker_file = var.docker_file_path + docker_build_args = jsonencode(var.build_args) + docker_tag = var.image_tag + built_image_uri = docker_registry_image.this.name + } + + depends_on = [docker_registry_image.this] +} diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index 9885459d..3bfde6d0 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -10,5 +10,9 @@ terraform { source = "kreuzwerker/docker" version = ">= 2.12" } + null = { + source = "hashicorp/null" + version = ">= 2.0" + } } } From be479458dbc16d0a03f44e4399a28967d6af9d92 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 3 Nov 2022 10:45:24 +0000 Subject: [PATCH 224/385] chore(release): version 4.6.0 [skip ci] ## [4.6.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.5.0...v4.6.0) (2022-11-03) ### Features * Add SAM Metadata resources to enable the integration with SAM CLI tool ([#325](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/325)) ([bfcd34c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/bfcd34cfb21e4975990c807b85747f52b8601567)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 05cb3986..0ec7e300 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.6.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.5.0...v4.6.0) (2022-11-03) + + +### Features + +* Add SAM Metadata resources to enable the integration with SAM CLI tool ([#325](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/325)) ([bfcd34c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/bfcd34cfb21e4975990c807b85747f52b8601567)) + ## [4.5.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.4.1...v4.5.0) (2022-10-31) From 4a75d95bc92e21227e901192143b29c11695124e Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Mon, 7 Nov 2022 14:34:04 -0500 Subject: [PATCH 225/385] fix: Update CI configuration files to use latest version (#374) --- .github/workflows/lock.yml | 21 +++++++++++++++++++++ .github/workflows/pr-title.yml | 2 +- .github/workflows/pre-commit.yml | 18 +++++++++--------- .github/workflows/release.yml | 2 +- .github/workflows/stale-actions.yaml | 2 +- 5 files changed, 33 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/lock.yml diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml new file mode 100644 index 00000000..d887a660 --- /dev/null +++ b/.github/workflows/lock.yml @@ -0,0 +1,21 @@ +name: 'Lock Threads' + +on: + schedule: + - cron: '50 1 * * *' + +jobs: + lock: + runs-on: ubuntu-latest + steps: + - uses: dessant/lock-threads@v3 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + issue-comment: > + I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues. + If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. + issue-inactive-days: '30' + pr-comment: > + I'm going to lock this pull request because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues. + If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. + pr-inactive-days: '30' diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 168011c4..cb32a0f8 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v3.4.6 + - uses: amannn/action-semantic-pull-request@v5.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index b8f1b8a5..06270c8a 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -17,11 +17,11 @@ jobs: directories: ${{ steps.dirs.outputs.directories }} steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.3.0 + uses: clowdhaus/terraform-composite-actions/directories@v1.8.0 preCommitMinVersions: name: Min TF pre-commit @@ -32,18 +32,18 @@ jobs: directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.0.3 + uses: clowdhaus/terraform-min-max@v1.2.0 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*' @@ -51,7 +51,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)' @@ -62,17 +62,17 @@ jobs: needs: collectInputs steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.0.3 + uses: clowdhaus/terraform-min-max@v1.2.0 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e8a26ca6..98c8b258 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,7 +20,7 @@ jobs: if: github.repository_owner == 'terraform-aws-modules' steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false fetch-depth: 0 diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml index c09ae1d5..50379957 100644 --- a/.github/workflows/stale-actions.yaml +++ b/.github/workflows/stale-actions.yaml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v4 + - uses: actions/stale@v6 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Staling issues and PR's From f1512a5b16201205b2a50aea53281848d2341b91 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 7 Nov 2022 19:34:43 +0000 Subject: [PATCH 226/385] chore(release): version 4.6.1 [skip ci] ### [4.6.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.6.0...v4.6.1) (2022-11-07) ### Bug Fixes * Update CI configuration files to use latest version ([#374](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/374)) ([4a75d95](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/4a75d95bc92e21227e901192143b29c11695124e)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ec7e300..d3254b56 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.6.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.6.0...v4.6.1) (2022-11-07) + + +### Bug Fixes + +* Update CI configuration files to use latest version ([#374](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/374)) ([4a75d95](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/4a75d95bc92e21227e901192143b29c11695124e)) + ## [4.6.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.5.0...v4.6.0) (2022-11-03) From da9b781dea7d9b52cdbad9f16bb5e22e21f1b790 Mon Sep 17 00:00:00 2001 From: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> Date: Tue, 8 Nov 2022 07:49:54 -0800 Subject: [PATCH 227/385] chore: Updated readme to reflect the new name of the sam cli `hook-package-id` option (#375) --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f470ffe6..90b30de7 100644 --- a/README.md +++ b/README.md @@ -561,11 +561,11 @@ SAM CLI provides two ways of testing: local testing and testing on-cloud (Accele ### Local Testing Using SAM CLI, you can invoke the lambda functions defined in the terraform application locally using the [sam local invoke](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-local-invoke.html) -command, providing the function terraform address, or function name, and to set the `hook-package-id` to `terraform` to tell SAM CLI that the underlying project is a terraform application. +command, providing the function terraform address, or function name, and to set the `hook-name` to `terraform` to tell SAM CLI that the underlying project is a terraform application. You can execute the `sam local invoke` command from your terraform application root directory as following: ``` -sam local invoke --hook-package-id terraform module.hello_world_function.aws_lambda_function.this[0] +sam local invoke --hook-name terraform module.hello_world_function.aws_lambda_function.this[0] ``` You can also pass an event to your lambda function, or overwrite its environment variables. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-invoke.html) for more information. @@ -578,7 +578,7 @@ you can quickly update the code, and SAM CLI will take care of pushing it to the You can execute the `sam sync` command from your terraform application root directory as following: ``` -sam sync --hook-package-id terraform --watch +sam sync --hook-name terraform --watch ``` ## How to deploy and manage Lambda Functions? From eed4f42cb53ec0186fcf26016e29442f635a5159 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 11 Nov 2022 14:07:18 +0100 Subject: [PATCH 228/385] feat: Added static/defined/computed ARN for the Lambda Function outputs (#376) --- README.md | 3 +++ examples/alias/README.md | 1 + examples/alias/outputs.tf | 5 +++++ examples/async/README.md | 1 + examples/async/outputs.tf | 5 +++++ examples/complete/README.md | 1 + examples/complete/outputs.tf | 5 +++++ examples/container-image/README.md | 1 + examples/container-image/outputs.tf | 5 +++++ examples/event-source-mapping/outputs.tf | 5 +++++ examples/multiple-regions/README.md | 1 + examples/multiple-regions/outputs.tf | 5 +++++ examples/simple/README.md | 1 + examples/simple/outputs.tf | 5 +++++ examples/triggers/README.md | 1 + examples/triggers/outputs.tf | 5 +++++ examples/with-efs/README.md | 1 + examples/with-efs/outputs.tf | 5 +++++ examples/with-vpc-s3-endpoint/README.md | 1 + examples/with-vpc-s3-endpoint/outputs.tf | 5 +++++ examples/with-vpc/README.md | 1 + examples/with-vpc/outputs.tf | 5 +++++ main.tf | 2 ++ outputs.tf | 5 +++++ 24 files changed, 75 insertions(+) diff --git a/README.md b/README.md index 90b30de7..be8fa241 100644 --- a/README.md +++ b/README.md @@ -715,6 +715,7 @@ No modules. | [null_resource.sam_metadata_aws_lambda_function](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [null_resource.sam_metadata_aws_lambda_layer_version](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_arn.log_group_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | data source | | [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | | [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | @@ -724,6 +725,7 @@ No modules. | [aws_iam_policy_document.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | | [external_external.archive_prepare](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | ## Inputs @@ -851,6 +853,7 @@ No modules. | [lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | | [lambda\_event\_source\_mapping\_uuid](#output\_lambda\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | | [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | | [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | | [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | | [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | diff --git a/examples/alias/README.md b/examples/alias/README.md index 115cbcb7..9f143789 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -63,6 +63,7 @@ No inputs. | [lambda\_alias\_invoke\_arn](#output\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | | [lambda\_alias\_name](#output\_lambda\_alias\_name) | The name of the Lambda Function Alias | | [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | | [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | | [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | | [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | diff --git a/examples/alias/outputs.tf b/examples/alias/outputs.tf index 30d33e80..8a3e2274 100644 --- a/examples/alias/outputs.tf +++ b/examples/alias/outputs.tf @@ -4,6 +4,11 @@ output "lambda_function_arn" { value = module.lambda_function.lambda_function_arn } +output "lambda_function_arn_static" { + description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" + value = module.lambda_function.lambda_function_arn_static +} + output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" value = module.lambda_function.lambda_function_invoke_arn diff --git a/examples/async/README.md b/examples/async/README.md index 326d1f7b..00c057be 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -54,6 +54,7 @@ No inputs. |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | | [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | | [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | | [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | | [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | diff --git a/examples/async/outputs.tf b/examples/async/outputs.tf index 83dbee63..00d490a9 100644 --- a/examples/async/outputs.tf +++ b/examples/async/outputs.tf @@ -4,6 +4,11 @@ output "lambda_function_arn" { value = module.lambda_function.lambda_function_arn } +output "lambda_function_arn_static" { + description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" + value = module.lambda_function.lambda_function_arn_static +} + output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" value = module.lambda_function.lambda_function_invoke_arn diff --git a/examples/complete/README.md b/examples/complete/README.md index bcbcc76b..c242b952 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -66,6 +66,7 @@ No inputs. |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | | [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | | [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | | [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | | [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 91107b40..5ac3d8ec 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -4,6 +4,11 @@ output "lambda_function_arn" { value = module.lambda_function.lambda_function_arn } +output "lambda_function_arn_static" { + description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" + value = module.lambda_function.lambda_function_arn_static +} + output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" value = module.lambda_function.lambda_function_invoke_arn diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 238f018d..784cb8eb 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -58,6 +58,7 @@ No inputs. | [docker\_image\_uri](#output\_docker\_image\_uri) | The ECR Docker image URI used to deploy Lambda Function | | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | | [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | | [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | | [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | | [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | diff --git a/examples/container-image/outputs.tf b/examples/container-image/outputs.tf index 64d7e82d..a71816f8 100644 --- a/examples/container-image/outputs.tf +++ b/examples/container-image/outputs.tf @@ -4,6 +4,11 @@ output "lambda_function_arn" { value = module.lambda_function_from_container_image.lambda_function_arn } +output "lambda_function_arn_static" { + description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" + value = module.lambda_function_from_container_image.lambda_function_arn_static +} + output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" value = module.lambda_function_from_container_image.lambda_function_invoke_arn diff --git a/examples/event-source-mapping/outputs.tf b/examples/event-source-mapping/outputs.tf index ad8a35c6..5b69eeb5 100644 --- a/examples/event-source-mapping/outputs.tf +++ b/examples/event-source-mapping/outputs.tf @@ -4,6 +4,11 @@ output "lambda_function_arn" { value = module.lambda_function.lambda_function_arn } +output "lambda_function_arn_static" { + description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" + value = module.lambda_function.lambda_function_arn_static +} + output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" value = module.lambda_function.lambda_function_invoke_arn diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 3673cc1a..6528a8db 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -57,6 +57,7 @@ No inputs. |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | | [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | | [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | | [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | | [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | diff --git a/examples/multiple-regions/outputs.tf b/examples/multiple-regions/outputs.tf index 83dbee63..00d490a9 100644 --- a/examples/multiple-regions/outputs.tf +++ b/examples/multiple-regions/outputs.tf @@ -4,6 +4,11 @@ output "lambda_function_arn" { value = module.lambda_function.lambda_function_arn } +output "lambda_function_arn_static" { + description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" + value = module.lambda_function.lambda_function_arn_static +} + output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" value = module.lambda_function.lambda_function_invoke_arn diff --git a/examples/simple/README.md b/examples/simple/README.md index 6fe52aa2..77e5c967 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -51,6 +51,7 @@ No inputs. |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | | [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | | [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | | [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | | [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | diff --git a/examples/simple/outputs.tf b/examples/simple/outputs.tf index 83dbee63..00d490a9 100644 --- a/examples/simple/outputs.tf +++ b/examples/simple/outputs.tf @@ -4,6 +4,11 @@ output "lambda_function_arn" { value = module.lambda_function.lambda_function_arn } +output "lambda_function_arn_static" { + description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" + value = module.lambda_function.lambda_function_arn_static +} + output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" value = module.lambda_function.lambda_function_invoke_arn diff --git a/examples/triggers/README.md b/examples/triggers/README.md index 973963f5..ef824812 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -55,6 +55,7 @@ No inputs. |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | | [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | | [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | | [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | | [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | diff --git a/examples/triggers/outputs.tf b/examples/triggers/outputs.tf index 83dbee63..00d490a9 100644 --- a/examples/triggers/outputs.tf +++ b/examples/triggers/outputs.tf @@ -4,6 +4,11 @@ output "lambda_function_arn" { value = module.lambda_function.lambda_function_arn } +output "lambda_function_arn_static" { + description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" + value = module.lambda_function.lambda_function_arn_static +} + output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" value = module.lambda_function.lambda_function_invoke_arn diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index a923c6b7..3b83e41f 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -57,6 +57,7 @@ No inputs. |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | | [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | | [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | | [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | | [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | diff --git a/examples/with-efs/outputs.tf b/examples/with-efs/outputs.tf index 1e6e0ac6..9b554a5a 100644 --- a/examples/with-efs/outputs.tf +++ b/examples/with-efs/outputs.tf @@ -4,6 +4,11 @@ output "lambda_function_arn" { value = module.lambda_function_with_efs.lambda_function_arn } +output "lambda_function_arn_static" { + description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" + value = module.lambda_function_with_efs.lambda_function_arn_static +} + output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" value = module.lambda_function_with_efs.lambda_function_invoke_arn diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index 1341af8d..e2e43a6e 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -63,6 +63,7 @@ No inputs. |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | | [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | | [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | | [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | | [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | diff --git a/examples/with-vpc-s3-endpoint/outputs.tf b/examples/with-vpc-s3-endpoint/outputs.tf index a2cc4fba..7218c63c 100644 --- a/examples/with-vpc-s3-endpoint/outputs.tf +++ b/examples/with-vpc-s3-endpoint/outputs.tf @@ -4,6 +4,11 @@ output "lambda_function_arn" { value = module.lambda_s3_write.lambda_function_arn } +output "lambda_function_arn_static" { + description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" + value = module.lambda_s3_write.lambda_function_arn_static +} + output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" value = module.lambda_s3_write.lambda_function_invoke_arn diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 2f7a7be8..af792807 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -54,6 +54,7 @@ No inputs. |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | | [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | | [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | | [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | | [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | diff --git a/examples/with-vpc/outputs.tf b/examples/with-vpc/outputs.tf index a77d28a7..546b0192 100644 --- a/examples/with-vpc/outputs.tf +++ b/examples/with-vpc/outputs.tf @@ -4,6 +4,11 @@ output "lambda_function_arn" { value = module.lambda_function_in_vpc.lambda_function_arn } +output "lambda_function_arn_static" { + description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" + value = module.lambda_function_in_vpc.lambda_function_arn_static +} + output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" value = module.lambda_function_in_vpc.lambda_function_invoke_arn diff --git a/main.tf b/main.tf index 1264c2a7..2223152c 100644 --- a/main.tf +++ b/main.tf @@ -1,4 +1,6 @@ data "aws_partition" "current" {} +data "aws_region" "current" {} +data "aws_caller_identity" "current" {} locals { create = var.create && var.putin_khuylo diff --git a/outputs.tf b/outputs.tf index e30bbfbe..cec0293b 100644 --- a/outputs.tf +++ b/outputs.tf @@ -4,6 +4,11 @@ output "lambda_function_arn" { value = try(aws_lambda_function.this[0].arn, "") } +output "lambda_function_arn_static" { + description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" + value = local.create && var.create_function && !var.create_layer ? "arn:aws:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:${var.function_name}" : "" +} + output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" value = try(aws_lambda_function.this[0].invoke_arn, "") From c7853f946ab84b73c572d920476495e5834160dd Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 11 Nov 2022 13:07:51 +0000 Subject: [PATCH 229/385] chore(release): version 4.7.0 [skip ci] ## [4.7.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.6.1...v4.7.0) (2022-11-11) ### Features * Added static/defined/computed ARN for the Lambda Function outputs ([#376](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/376)) ([eed4f42](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/eed4f42cb53ec0186fcf26016e29442f635a5159)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d3254b56..4e4507ea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.7.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.6.1...v4.7.0) (2022-11-11) + + +### Features + +* Added static/defined/computed ARN for the Lambda Function outputs ([#376](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/376)) ([eed4f42](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/eed4f42cb53ec0186fcf26016e29442f635a5159)) + ### [4.6.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.6.0...v4.6.1) (2022-11-07) From f7b2a3a5e4f9764dac26034b5909e755e1c05880 Mon Sep 17 00:00:00 2001 From: Satana Charuwichitratana Date: Fri, 11 Nov 2022 23:46:15 +0700 Subject: [PATCH 230/385] fix: Fixed opposite refresh_alias behavior in modules/alias (#372) --- examples/alias/main.tf | 2 -- modules/alias/main.tf | 8 ++++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/examples/alias/main.tf b/examples/alias/main.tf index d39322de..15cf4e9d 100644 --- a/examples/alias/main.tf +++ b/examples/alias/main.tf @@ -34,8 +34,6 @@ module "lambda_function" { create_async_event_config = true maximum_event_age_in_seconds = 100 - provisioned_concurrent_executions = 1 - attach_policies = true policies = [ "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole", diff --git a/modules/alias/main.tf b/modules/alias/main.tf index 823a4f7b..324d979b 100644 --- a/modules/alias/main.tf +++ b/modules/alias/main.tf @@ -27,6 +27,10 @@ resource "aws_lambda_alias" "no_refresh" { additional_version_weights = var.routing_additional_version_weights } } + + lifecycle { + ignore_changes = [function_version] + } } resource "aws_lambda_alias" "with_refresh" { @@ -45,10 +49,6 @@ resource "aws_lambda_alias" "with_refresh" { additional_version_weights = var.routing_additional_version_weights } } - - lifecycle { - ignore_changes = [function_version] - } } resource "aws_lambda_function_event_invoke_config" "this" { From 2e9aaa2d37d61299bfdaa8b919a75cb37f4726b7 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 11 Nov 2022 16:46:54 +0000 Subject: [PATCH 231/385] chore(release): version 4.7.1 [skip ci] ### [4.7.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.7.0...v4.7.1) (2022-11-11) ### Bug Fixes * Fixed opposite refresh_alias behavior in modules/alias ([#372](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/372)) ([f7b2a3a](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/f7b2a3a5e4f9764dac26034b5909e755e1c05880)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e4507ea..c4e80327 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.7.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.7.0...v4.7.1) (2022-11-11) + + +### Bug Fixes + +* Fixed opposite refresh_alias behavior in modules/alias ([#372](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/372)) ([f7b2a3a](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/f7b2a3a5e4f9764dac26034b5909e755e1c05880)) + ## [4.7.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.6.1...v4.7.0) (2022-11-11) From 54816948d469cc753adca5b9bbd28c690c25ee3a Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Tue, 3 Jan 2023 09:18:48 -0500 Subject: [PATCH 232/385] fix: Use a version for to avoid GitHub API rate limiting on CI workflows (#393) --- .github/workflows/pre-commit.yml | 17 +++++++++++------ .pre-commit-config.yaml | 4 ++-- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 06270c8a..cb826713 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -8,6 +8,7 @@ on: env: TERRAFORM_DOCS_VERSION: v0.16.0 + TFLINT_VERSION: v0.44.1 jobs: collectInputs: @@ -21,7 +22,7 @@ jobs: - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.8.0 + uses: clowdhaus/terraform-composite-actions/directories@v1.8.3 preCommitMinVersions: name: Min TF pre-commit @@ -36,24 +37,26 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.2.0 + uses: clowdhaus/terraform-min-max@v1.2.4 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} + tflint-version: ${{ env.TFLINT_VERSION }} args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*' - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} + tflint-version: ${{ env.TFLINT_VERSION }} args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)' preCommitMaxVersion: @@ -69,10 +72,12 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.2.0 + uses: clowdhaus/terraform-min-max@v1.2.4 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} + tflint-version: ${{ env.TFLINT_VERSION }} terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }} + install-hcledit: true diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 74f3751c..d5886a6d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.76.0 + rev: v1.77.0 hooks: - id: terraform_fmt - id: terraform_validate @@ -23,7 +23,7 @@ repos: - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.3.0 + rev: v4.4.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer From a4015c03f367e58a68444ffa68265dde2164667b Mon Sep 17 00:00:00 2001 From: Mark Beacom <7315957+mbeacom@users.noreply.github.com> Date: Tue, 10 Jan 2023 13:28:40 -0500 Subject: [PATCH 233/385] Expose platform argument to the docker-build module --- modules/docker-build/README.md | 1 + modules/docker-build/main.tf | 1 + modules/docker-build/variables.tf | 6 ++++++ 3 files changed, 8 insertions(+) diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index b835a325..9c87603a 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -95,6 +95,7 @@ No modules. | [image\_tag](#input\_image\_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | | [image\_tag\_mutability](#input\_image\_tag\_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | | [keep\_remotely](#input\_keep\_remotely) | Whether to keep Docker image in the remote registry on destroy operation. | `bool` | `false` | no | +| [platform](#input\_platform) | The target architecture platform to build the image for. | `string` | `null` | no | | [scan\_on\_push](#input\_scan\_on\_push) | Indicates whether images are scanned after being pushed to the repository | `bool` | `false` | no | | [source\_path](#input\_source\_path) | Path to folder containing application code | `string` | `null` | no | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index c96cfbee..3883314e 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -16,6 +16,7 @@ resource "docker_registry_image" "this" { context = var.source_path dockerfile = var.docker_file_path build_args = var.build_args + platform = var.platform } keep_remotely = var.keep_remotely diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf index 4fadbff1..9b8843f3 100644 --- a/modules/docker-build/variables.tf +++ b/modules/docker-build/variables.tf @@ -76,3 +76,9 @@ variable "keep_remotely" { type = bool default = false } + +variable "platform" { + description = "The target architecture platform to build the image for." + type = string + default = null +} From 470818836b2710cd1c5a2489d07f9a4c0007d1ec Mon Sep 17 00:00:00 2001 From: Mark Beacom <7315957+mbeacom@users.noreply.github.com> Date: Tue, 10 Jan 2023 13:43:16 -0500 Subject: [PATCH 234/385] Add platform to example container image --- examples/container-image/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index f00c7c12..670c6212 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -66,6 +66,7 @@ module "docker_image" { build_args = { FOO = "bar" } + platform = "linux/amd64" } resource "random_pet" "this" { From 8db66a5db7a42f38b4cf263968aad19cdbbf9196 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 10 Jan 2023 18:51:07 +0000 Subject: [PATCH 235/385] chore(release): version 4.7.2 [skip ci] ### [4.7.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.7.1...v4.7.2) (2023-01-10) ### Bug Fixes * Use a version for to avoid GitHub API rate limiting on CI workflows ([#393](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/393)) ([5481694](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/54816948d469cc753adca5b9bbd28c690c25ee3a)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c4e80327..8069a599 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.7.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.7.1...v4.7.2) (2023-01-10) + + +### Bug Fixes + +* Use a version for to avoid GitHub API rate limiting on CI workflows ([#393](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/393)) ([5481694](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/54816948d469cc753adca5b9bbd28c690c25ee3a)) + ### [4.7.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.7.0...v4.7.1) (2022-11-11) From fc2a39b3e81d3a86992deab198566500a7066fab Mon Sep 17 00:00:00 2001 From: Mark Beacom <7315957+mbeacom@users.noreply.github.com> Date: Wed, 18 Jan 2023 16:39:37 -0500 Subject: [PATCH 236/385] feat: Update docker provider pin to 2.x in docker-build submodule (#401) --- modules/docker-build/README.md | 4 ++-- modules/docker-build/versions.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 9c87603a..72597571 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -54,7 +54,7 @@ module "docker_image" { |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 4.22 | -| [docker](#requirement\_docker) | >= 2.12 | +| [docker](#requirement\_docker) | >= 2.12, < 3.0 | | [null](#requirement\_null) | >= 2.0 | ## Providers @@ -62,7 +62,7 @@ module "docker_image" { | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 4.22 | -| [docker](#provider\_docker) | >= 2.12 | +| [docker](#provider\_docker) | >= 2.12, < 3.0 | | [null](#provider\_null) | >= 2.0 | ## Modules diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index 3bfde6d0..d188451a 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -8,7 +8,7 @@ terraform { } docker = { source = "kreuzwerker/docker" - version = ">= 2.12" + version = ">= 2.12, < 3.0" } null = { source = "hashicorp/null" From df54dbe5b612605af5799130981c5894453a17d9 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 18 Jan 2023 21:40:35 +0000 Subject: [PATCH 237/385] chore(release): version 4.8.0 [skip ci] ## [4.8.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.7.2...v4.8.0) (2023-01-18) ### Features * Update docker provider pin to 2.x in docker-build submodule ([#401](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/401)) ([fc2a39b](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/fc2a39b3e81d3a86992deab198566500a7066fab)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8069a599..99aa1169 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.8.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.7.2...v4.8.0) (2023-01-18) + + +### Features + +* Update docker provider pin to 2.x in docker-build submodule ([#401](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/401)) ([fc2a39b](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/fc2a39b3e81d3a86992deab198566500a7066fab)) + ### [4.7.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.7.1...v4.7.2) (2023-01-10) From a802b6d8afdfd8c4a808b4fc76bcf01fbf5b2cd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A5l-Magnus=20Sl=C3=A5tto?= Date: Tue, 24 Jan 2023 22:41:43 +0100 Subject: [PATCH 238/385] chore: Upgrade CI workflows to use non-deprecated runtimes (#404) --- .github/workflows/lock.yml | 2 +- .github/workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index d887a660..6b6c9cec 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -8,7 +8,7 @@ jobs: lock: runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@v3 + - uses: dessant/lock-threads@v4 with: github-token: ${{ secrets.GITHUB_TOKEN }} issue-comment: > diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 98c8b258..81f67474 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ jobs: fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@v2 + uses: cycjimmy/semantic-release-action@v3 with: semantic_version: 18.0.0 extra_plugins: | From 91c811bfdf190f3eb1f4f2beaad3e401916d67b3 Mon Sep 17 00:00:00 2001 From: Darren <11090059+darrenswhite@users.noreply.github.com> Date: Mon, 30 Jan 2023 18:04:13 +0000 Subject: [PATCH 239/385] feat: Add snap_start functionality (#406) --- README.md | 5 +++-- examples/simple/main.tf | 2 ++ main.tf | 10 +++++++++- variables.tf | 6 ++++++ versions.tf | 2 +- 5 files changed, 21 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index be8fa241..d816c107 100644 --- a/README.md +++ b/README.md @@ -659,7 +659,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 4.9 | +| [aws](#requirement\_aws) | >= 4.44 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -668,7 +668,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.9 | +| [aws](#provider\_aws) | >= 4.44 | | [external](#provider\_external) | >= 1.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | @@ -832,6 +832,7 @@ No modules. | [s3\_object\_tags\_only](#input\_s3\_object\_tags\_only) | Set to true to not merge tags with s3\_object\_tags. Useful to avoid breaching S3 Object 10 tag limit. | `bool` | `false` | no | | [s3\_prefix](#input\_s3\_prefix) | Directory name where artifacts should be stored in the S3 bucket. If unset, the path from `artifacts_dir` is used | `string` | `null` | no | | [s3\_server\_side\_encryption](#input\_s3\_server\_side\_encryption) | Specifies server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms". | `string` | `null` | no | +| [snap\_start](#input\_snap\_start) | (Optional) Snap start settings for low-latency startups | `bool` | `false` | no | | [source\_path](#input\_source\_path) | The absolute path to a local file or directory containing your Lambda source code | `any` | `null` | no | | [store\_on\_s3](#input\_store\_on\_s3) | Whether to store produced artifacts on S3 or locally. | `bool` | `false` | no | | [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | diff --git a/examples/simple/main.tf b/examples/simple/main.tf index 3bff4e4d..142d1c65 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -54,6 +54,8 @@ module "lambda_function" { # create_package = false # local_existing_package = data.null_data_source.downloaded_package.outputs["filename"] + # snap_start = true + # policy_json = < Date: Mon, 30 Jan 2023 18:04:52 +0000 Subject: [PATCH 240/385] chore(release): version 4.9.0 [skip ci] ## [4.9.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.8.0...v4.9.0) (2023-01-30) ### Features * Add snap_start functionality ([#406](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/406)) ([91c811b](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/91c811bfdf190f3eb1f4f2beaad3e401916d67b3)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 99aa1169..07f0c81f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.9.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.8.0...v4.9.0) (2023-01-30) + + +### Features + +* Add snap_start functionality ([#406](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/406)) ([91c811b](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/91c811bfdf190f3eb1f4f2beaad3e401916d67b3)) + ## [4.8.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.7.2...v4.8.0) (2023-01-18) From 66eb330d4352a2bd95feded7f17f4c5046175aa5 Mon Sep 17 00:00:00 2001 From: Moritz Zimmer Date: Fri, 10 Feb 2023 12:39:37 +0100 Subject: [PATCH 241/385] feat: Allow multiple filters in event source mappings (#379) Co-authored-by: Anton Babenko --- examples/event-source-mapping/main.tf | 20 +++++++++++++++----- main.tf | 8 ++++++-- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index 62e57443..8e06e51f 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -31,11 +31,21 @@ module "lambda_function" { event_source_arn = aws_dynamodb_table.this.stream_arn starting_position = "LATEST" destination_arn_on_failure = aws_sqs_queue.failure.arn - filter_criteria = { - pattern = jsonencode({ - eventName : ["INSERT"] - }) - } + filter_criteria = [ + { + pattern = jsonencode({ + eventName : ["INSERT"] + }) + }, + { + pattern = jsonencode({ + data : { + Temperature : [{ numeric : [">", 0, "<=", 100] }] + Location : ["Oslo"] + } + }) + } + ] } kinesis = { event_source_arn = aws_kinesis_stream.this.arn diff --git a/main.tf b/main.tf index ed4ce598..3d9904eb 100644 --- a/main.tf +++ b/main.tf @@ -307,8 +307,12 @@ resource "aws_lambda_event_source_mapping" "this" { for_each = try(each.value.filter_criteria, null) != null ? [true] : [] content { - filter { - pattern = try(each.value["filter_criteria"].pattern, null) + dynamic "filter" { + for_each = try(flatten([each.value.filter_criteria]), []) + + content { + pattern = try(filter.value.pattern, null) + } } } } From eface07424982cea49edd4f6665e05741490b370 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 10 Feb 2023 11:40:16 +0000 Subject: [PATCH 242/385] chore(release): version 4.10.0 [skip ci] ## [4.10.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.9.0...v4.10.0) (2023-02-10) ### Features * Allow multiple filters in event source mappings ([#379](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/379)) ([66eb330](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/66eb330d4352a2bd95feded7f17f4c5046175aa5)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 07f0c81f..04bed8c4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.10.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.9.0...v4.10.0) (2023-02-10) + + +### Features + +* Allow multiple filters in event source mappings ([#379](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/379)) ([66eb330](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/66eb330d4352a2bd95feded7f17f4c5046175aa5)) + ## [4.9.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.8.0...v4.9.0) (2023-01-30) From 97b00d309a5b8e8c16f9790658db1fc411c124f4 Mon Sep 17 00:00:00 2001 From: Patrick Decat Date: Mon, 13 Feb 2023 15:05:36 +0100 Subject: [PATCH 243/385] fix: Properly construct poetry commands when not using docker for building package (#420) --- examples/build-package/README.md | 1 + examples/build-package/main.tf | 19 +++++++- package.py | 83 +++++++++++++++----------------- 3 files changed, 58 insertions(+), 45 deletions(-) diff --git a/examples/build-package/README.md b/examples/build-package/README.md index ac20cd70..eadf0245 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -40,6 +40,7 @@ Note that this example may create resources which cost money. Run `terraform des | [package\_dir](#module\_package\_dir) | ../../ | n/a | | [package\_dir\_pip\_dir](#module\_package\_dir\_pip\_dir) | ../../ | n/a | | [package\_dir\_poetry](#module\_package\_dir\_poetry) | ../../ | n/a | +| [package\_dir\_poetry\_no\_docker](#module\_package\_dir\_poetry\_no\_docker) | ../../ | n/a | | [package\_dir\_with\_npm\_install](#module\_package\_dir\_with\_npm\_install) | ../../ | n/a | | [package\_dir\_without\_npm\_install](#module\_package\_dir\_without\_npm\_install) | ../../ | n/a | | [package\_dir\_without\_pip\_install](#module\_package\_dir\_without\_pip\_install) | ../../ | n/a | diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 5ce7f9df..92035861 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -45,7 +45,7 @@ module "package_dir_pip_dir" { artifacts_dir = "${path.root}/builds/package_dir_pip_dir/" } -# Create zip-archive of a single directory where "poetry export" & "pip install --no-deps" will also be executed +# Create zip-archive of a single directory where "poetry export" & "pip install --no-deps" will also be executed (using docker) module "package_dir_poetry" { source = "../../" @@ -65,6 +65,23 @@ module "package_dir_poetry" { artifacts_dir = "${path.root}/builds/package_dir_poetry/" } +# Create zip-archive of a single directory where "poetry export" & "pip install --no-deps" will also be executed (not using docker) +module "package_dir_poetry_no_docker" { + source = "../../" + + create_function = false + + runtime = "python3.9" + + source_path = [ + { + path = "${path.module}/../fixtures/python3.9-app-poetry" + poetry_install = true + } + ] + artifacts_dir = "${path.root}/builds/package_dir_poetry/" +} + # Create zip-archive of a single directory without running "pip install" (which is default for python runtime) module "package_dir_without_pip_install" { source = "../../" diff --git a/package.py b/package.py index 48a3c4bd..9571caa5 100644 --- a/package.py +++ b/package.py @@ -1107,51 +1107,43 @@ def copy_file_to_target(file, temp_dir): # Install dependencies into the temporary directory. with cd(temp_dir): # NOTE: poetry must be available in the build environment, which is the case with lambci/lambda:build-python* docker images but not public.ecr.aws/sam/build-python* docker images - # FIXME: poetry install does not currently allow to specify the target directory so we export the + # FIXME: poetry install does not currently allow to specify the target directory so we export the # requirements then install them with "pip --no-deps" to avoid using pip dependency resolver poetry_commands = [ - shlex_join( - [ - poetry_exec, - "config", - "--no-interaction", - "virtualenvs.create", - "true", - ] - ), - shlex_join( - [ - poetry_exec, - "config", - "--no-interaction", - "virtualenvs.in-project", - "true", - ] - ), - shlex_join( - [ - poetry_exec, - "export", - "--format", - "requirements.txt", - "--output", - "requirements.txt", - "--with-credentials", - ] - ), - shlex_join( - [ - python_exec, - "-m", - "pip", - "install", - "--no-compile", - "--no-deps", - "--prefix=", - "--target=.", - "--requirement=requirements.txt", - ] - ), + [ + poetry_exec, + "config", + "--no-interaction", + "virtualenvs.create", + "true", + ], + [ + poetry_exec, + "config", + "--no-interaction", + "virtualenvs.in-project", + "true", + ], + [ + poetry_exec, + "export", + "--format", + "requirements.txt", + "--output", + "requirements.txt", + "--with-credentials", + ], + [ + python_exec, + "-m", + "pip", + "install", + "--no-compile", + "--no-deps", + "--prefix=", + "--target=.", + "--requirement=requirements.txt", + ], ] if docker: with_ssh_agent = docker.with_ssh_agent @@ -1167,7 +1159,10 @@ def copy_file_to_target(file, temp_dir): ) chown_mask = "{}:{}".format(os.getuid(), os.getgid()) - shell_commands = poetry_commands + [shlex_join(["chown", "-R", chown_mask, "."])] + poetry_commands += [["chown", "-R", chown_mask, "."]] + shell_commands = [ + shlex_join(poetry_command) for poetry_command in poetry_commands + ] shell_command = [" && ".join(shell_commands)] check_call( docker_run_command( From 1171025ea1e6d40bd7f37a63d130069b68ef8d5f Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 13 Feb 2023 14:06:10 +0000 Subject: [PATCH 244/385] chore(release): version 4.10.1 [skip ci] ### [4.10.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.10.0...v4.10.1) (2023-02-13) ### Bug Fixes * Properly construct poetry commands when not using docker for building package ([#420](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/420)) ([97b00d3](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/97b00d309a5b8e8c16f9790658db1fc411c124f4)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 04bed8c4..d1e0e5f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.10.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.10.0...v4.10.1) (2023-02-13) + + +### Bug Fixes + +* Properly construct poetry commands when not using docker for building package ([#420](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/420)) ([97b00d3](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/97b00d309a5b8e8c16f9790658db1fc411c124f4)) + ## [4.10.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.9.0...v4.10.0) (2023-02-10) From 7d7bb792ceb0ba97192a8f8fe5b4a232e3239af8 Mon Sep 17 00:00:00 2001 From: wilkejo <30616959+wilkejo@users.noreply.github.com> Date: Fri, 10 Mar 2023 13:11:52 +0100 Subject: [PATCH 245/385] feat: Add dynamic blocks for consumer group id config (#399) Co-authored-by: Anton Babenko --- examples/event-source-mapping/main.tf | 5 +++++ main.tf | 13 +++++++++++++ 2 files changed, 18 insertions(+) diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index 8e06e51f..5e33330d 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -84,6 +84,11 @@ module "lambda_function" { # } # } # ] + # self_managed_kafka_event_source_config = [ + # { + # consumer_group_id = "example-consumer-group" + # } + # ] # source_access_configuration = [ # { # type = "SASL_SCRAM_512_AUTH", diff --git a/main.tf b/main.tf index 3d9904eb..00e3c5dc 100644 --- a/main.tf +++ b/main.tf @@ -295,6 +295,19 @@ resource "aws_lambda_event_source_mapping" "this" { } } + dynamic "self_managed_kafka_event_source_config" { + for_each = try(each.value.self_managed_kafka_event_source_config, []) + content { + consumer_group_id = self_managed_kafka_event_source_config.value.consumer_group_id + } + } + dynamic "amazon_managed_kafka_event_source_config" { + for_each = try(each.value.amazon_managed_kafka_event_source_config, []) + content { + consumer_group_id = amazon_managed_kafka_event_source_config.value.consumer_group_id + } + } + dynamic "source_access_configuration" { for_each = try(each.value.source_access_configuration, []) content { From f0f16f191d39a72f334712a097bc2bb6236fbed2 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 10 Mar 2023 12:12:19 +0000 Subject: [PATCH 246/385] chore(release): version 4.11.0 [skip ci] ## [4.11.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.10.1...v4.11.0) (2023-03-10) ### Features * Add dynamic blocks for consumer group id config ([#399](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/399)) ([7d7bb79](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/7d7bb792ceb0ba97192a8f8fe5b4a232e3239af8)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d1e0e5f4..3b5fc23d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.11.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.10.1...v4.11.0) (2023-03-10) + + +### Features + +* Add dynamic blocks for consumer group id config ([#399](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/399)) ([7d7bb79](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/7d7bb792ceb0ba97192a8f8fe5b4a232e3239af8)) + ### [4.10.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.10.0...v4.10.1) (2023-02-13) From 2d92236245edf0f614fb949e6b5e84f2c0216dcd Mon Sep 17 00:00:00 2001 From: Ricardo Oliveira Date: Fri, 10 Mar 2023 13:04:13 +0000 Subject: [PATCH 247/385] feat: Added configuration options to replace security groups on destroy of Lambda function (#422) --- README.md | 6 ++++-- examples/with-vpc/main.tf | 8 +++++--- main.tf | 32 +++++++++++++++++--------------- variables.tf | 12 ++++++++++++ versions.tf | 2 +- 5 files changed, 39 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index d816c107..818d5a8e 100644 --- a/README.md +++ b/README.md @@ -659,7 +659,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 4.44 | +| [aws](#requirement\_aws) | >= 4.54 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -668,7 +668,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.44 | +| [aws](#provider\_aws) | >= 4.54 | | [external](#provider\_external) | >= 1.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | @@ -816,6 +816,8 @@ No modules. | [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | | [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | | [recreate\_missing\_package](#input\_recreate\_missing\_package) | Whether to recreate missing Lambda package if it is missing locally or not | `bool` | `true` | no | +| [replace\_security\_groups\_on\_destroy](#input\_replace\_security\_groups\_on\_destroy) | (Optional) When true, all security groups defined in vpc\_security\_group\_ids will be replaced with the default security group after the function is destroyed. Set the replacement\_security\_group\_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no | +| [replacement\_security\_group\_ids](#input\_replacement\_security\_group\_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace\_security\_groups\_on\_destroy must be set to true to use this attribute. | `list(string)` | `[]` | no | | [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | | [role\_description](#input\_role\_description) | Description of IAM role to use for Lambda Function | `string` | `null` | no | | [role\_force\_detach\_policies](#input\_role\_force\_detach\_policies) | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no | diff --git a/examples/with-vpc/main.tf b/examples/with-vpc/main.tf index b791fc5e..6b734d95 100644 --- a/examples/with-vpc/main.tf +++ b/examples/with-vpc/main.tf @@ -23,9 +23,11 @@ module "lambda_function_in_vpc" { source_path = "${path.module}/../fixtures/python3.8-app1" - vpc_subnet_ids = module.vpc.intra_subnets - vpc_security_group_ids = [module.vpc.default_security_group_id] - attach_network_policy = true + vpc_subnet_ids = module.vpc.intra_subnets + vpc_security_group_ids = [module.vpc.default_security_group_id] + attach_network_policy = true + replace_security_groups_on_destroy = true + replacement_security_group_ids = [module.vpc.default_security_group_id] } module "vpc" { diff --git a/main.tf b/main.tf index 00e3c5dc..d40ad990 100644 --- a/main.tf +++ b/main.tf @@ -24,21 +24,23 @@ locals { resource "aws_lambda_function" "this" { count = local.create && var.create_function && !var.create_layer ? 1 : 0 - function_name = var.function_name - description = var.description - role = var.create_role ? aws_iam_role.lambda[0].arn : var.lambda_role - handler = var.package_type != "Zip" ? null : var.handler - memory_size = var.memory_size - reserved_concurrent_executions = var.reserved_concurrent_executions - runtime = var.package_type != "Zip" ? null : var.runtime - layers = var.layers - timeout = var.lambda_at_edge ? min(var.timeout, 30) : var.timeout - publish = (var.lambda_at_edge || var.snap_start) ? true : var.publish - kms_key_arn = var.kms_key_arn - image_uri = var.image_uri - package_type = var.package_type - architectures = var.architectures - code_signing_config_arn = var.code_signing_config_arn + function_name = var.function_name + description = var.description + role = var.create_role ? aws_iam_role.lambda[0].arn : var.lambda_role + handler = var.package_type != "Zip" ? null : var.handler + memory_size = var.memory_size + reserved_concurrent_executions = var.reserved_concurrent_executions + runtime = var.package_type != "Zip" ? null : var.runtime + layers = var.layers + timeout = var.lambda_at_edge ? min(var.timeout, 30) : var.timeout + publish = (var.lambda_at_edge || var.snap_start) ? true : var.publish + kms_key_arn = var.kms_key_arn + image_uri = var.image_uri + package_type = var.package_type + architectures = var.architectures + code_signing_config_arn = var.code_signing_config_arn + replace_security_groups_on_destroy = var.replace_security_groups_on_destroy + replacement_security_group_ids = var.replacement_security_group_ids /* ephemeral_storage is not supported in gov-cloud region, so it should be set to `null` */ dynamic "ephemeral_storage" { diff --git a/variables.tf b/variables.tf index b4f747d8..848127a9 100644 --- a/variables.tf +++ b/variables.tf @@ -223,6 +223,18 @@ variable "snap_start" { default = false } +variable "replace_security_groups_on_destroy" { + description = "(Optional) When true, all security groups defined in vpc_security_group_ids will be replaced with the default security group after the function is destroyed. Set the replacement_security_group_ids variable to use a custom list of security groups for replacement instead." + type = bool + default = null +} + +variable "replacement_security_group_ids" { + description = "(Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace_security_groups_on_destroy must be set to true to use this attribute." + type = list(string) + default = [] +} + ############### # Function URL ############### diff --git a/versions.tf b/versions.tf index 2f89ad18..524eb312 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.44" + version = ">= 4.54" } external = { source = "hashicorp/external" From 54ca3a313f12977dd17d8ccb59d685ed368448f0 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 10 Mar 2023 13:04:50 +0000 Subject: [PATCH 248/385] chore(release): version 4.12.0 [skip ci] ## [4.12.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.11.0...v4.12.0) (2023-03-10) ### Features * Added configuration options to replace security groups on destroy of Lambda function ([#422](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/422)) ([2d92236](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2d92236245edf0f614fb949e6b5e84f2c0216dcd)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3b5fc23d..4ade6c5c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.12.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.11.0...v4.12.0) (2023-03-10) + + +### Features + +* Added configuration options to replace security groups on destroy of Lambda function ([#422](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/422)) ([2d92236](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2d92236245edf0f614fb949e6b5e84f2c0216dcd)) + ## [4.11.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.10.1...v4.11.0) (2023-03-10) From a2d9ff97d437670feb2f361cf4874e193eea8a12 Mon Sep 17 00:00:00 2001 From: Ricardo Oliveira Date: Fri, 10 Mar 2023 15:51:49 +0000 Subject: [PATCH 249/385] fix: Set the default value of replacement_security_group_ids to null (#434) --- README.md | 2 +- variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 818d5a8e..e6120fd7 100644 --- a/README.md +++ b/README.md @@ -817,7 +817,7 @@ No modules. | [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | | [recreate\_missing\_package](#input\_recreate\_missing\_package) | Whether to recreate missing Lambda package if it is missing locally or not | `bool` | `true` | no | | [replace\_security\_groups\_on\_destroy](#input\_replace\_security\_groups\_on\_destroy) | (Optional) When true, all security groups defined in vpc\_security\_group\_ids will be replaced with the default security group after the function is destroyed. Set the replacement\_security\_group\_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no | -| [replacement\_security\_group\_ids](#input\_replacement\_security\_group\_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace\_security\_groups\_on\_destroy must be set to true to use this attribute. | `list(string)` | `[]` | no | +| [replacement\_security\_group\_ids](#input\_replacement\_security\_group\_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace\_security\_groups\_on\_destroy must be set to true to use this attribute. | `list(string)` | `null` | no | | [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | | [role\_description](#input\_role\_description) | Description of IAM role to use for Lambda Function | `string` | `null` | no | | [role\_force\_detach\_policies](#input\_role\_force\_detach\_policies) | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no | diff --git a/variables.tf b/variables.tf index 848127a9..166f98da 100644 --- a/variables.tf +++ b/variables.tf @@ -232,7 +232,7 @@ variable "replace_security_groups_on_destroy" { variable "replacement_security_group_ids" { description = "(Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace_security_groups_on_destroy must be set to true to use this attribute." type = list(string) - default = [] + default = null } ############### From f157c4c27b37091e8ca3920f7966b0cc2b18b173 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 10 Mar 2023 15:52:26 +0000 Subject: [PATCH 250/385] chore(release): version 4.12.1 [skip ci] ### [4.12.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.12.0...v4.12.1) (2023-03-10) ### Bug Fixes * Set the default value of replacement_security_group_ids to null ([#434](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/434)) ([a2d9ff9](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/a2d9ff97d437670feb2f361cf4874e193eea8a12)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4ade6c5c..3d353c29 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.12.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.12.0...v4.12.1) (2023-03-10) + + +### Bug Fixes + +* Set the default value of replacement_security_group_ids to null ([#434](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/434)) ([a2d9ff9](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/a2d9ff97d437670feb2f361cf4874e193eea8a12)) + ## [4.12.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.11.0...v4.12.0) (2023-03-10) From 0003c43b6e456e3eb920e1018a3b24c66683a7b1 Mon Sep 17 00:00:00 2001 From: Patrick Decat Date: Thu, 30 Mar 2023 18:00:16 +0200 Subject: [PATCH 251/385] Pass docker object to docker_run_command to fix #427 (#443) --- package.py | 1 + 1 file changed, 1 insertion(+) diff --git a/package.py b/package.py index 9571caa5..e2bdadfd 100644 --- a/package.py +++ b/package.py @@ -1173,6 +1173,7 @@ def copy_file_to_target(file, temp_dir): shell=True, ssh_agent=with_ssh_agent, poetry_cache_dir=poetry_cache_dir, + docker=docker, ) ) else: From 268975c9e2224cb05bdad8d7c39f879610dedc53 Mon Sep 17 00:00:00 2001 From: Davide Giunchi Date: Mon, 3 Apr 2023 22:45:30 +0200 Subject: [PATCH 252/385] feat: Support maximum concurrency of Lambda with SQS as an event source (#402) Co-authored-by: Anton Babenko Co-authored-by: Bryant Biggs --- .pre-commit-config.yaml | 2 +- examples/alias/main.tf | 1 - examples/async/main.tf | 1 - examples/build-package/main.tf | 1 - examples/code-signing/main.tf | 1 - examples/complete/main.tf | 1 - examples/container-image/main.tf | 1 - examples/deploy/main.tf | 1 - examples/event-source-mapping/main.tf | 35 +++++++++++++++++++-------- examples/multiple-regions/main.tf | 2 -- examples/simple/main.tf | 1 - examples/triggers/main.tf | 1 - examples/with-efs/main.tf | 1 - examples/with-vpc-s3-endpoint/main.tf | 1 - examples/with-vpc/main.tf | 1 - main.tf | 8 ++++++ 16 files changed, 34 insertions(+), 25 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d5886a6d..071427d7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.77.0 + rev: v1.77.1 hooks: - id: terraform_fmt - id: terraform_validate diff --git a/examples/alias/main.tf b/examples/alias/main.tf index 15cf4e9d..138e83b5 100644 --- a/examples/alias/main.tf +++ b/examples/alias/main.tf @@ -2,7 +2,6 @@ provider "aws" { region = "eu-west-1" # Make it faster by skipping something - skip_get_ec2_platforms = true skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true diff --git a/examples/async/main.tf b/examples/async/main.tf index c2755359..095b249d 100644 --- a/examples/async/main.tf +++ b/examples/async/main.tf @@ -2,7 +2,6 @@ provider "aws" { region = "eu-west-1" # Make it faster by skipping something - skip_get_ec2_platforms = true skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 92035861..11c1ce06 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -2,7 +2,6 @@ provider "aws" { region = "eu-west-1" # Make it faster by skipping something - skip_get_ec2_platforms = true skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true diff --git a/examples/code-signing/main.tf b/examples/code-signing/main.tf index 0ba5f120..ba8bc6b1 100644 --- a/examples/code-signing/main.tf +++ b/examples/code-signing/main.tf @@ -2,7 +2,6 @@ provider "aws" { region = "eu-west-1" # Make it faster by skipping something - skip_get_ec2_platforms = true skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true diff --git a/examples/complete/main.tf b/examples/complete/main.tf index a6ddd940..1f05580c 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -2,7 +2,6 @@ provider "aws" { region = "eu-west-1" # Make it faster by skipping something - skip_get_ec2_platforms = true skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index 670c6212..9cc6e411 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -8,7 +8,6 @@ provider "aws" { region = "eu-west-1" # Make it faster by skipping something - skip_get_ec2_platforms = true skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true diff --git a/examples/deploy/main.tf b/examples/deploy/main.tf index f9007fd8..d356b500 100644 --- a/examples/deploy/main.tf +++ b/examples/deploy/main.tf @@ -2,7 +2,6 @@ provider "aws" { region = "eu-west-1" # Make it faster by skipping something - skip_get_ec2_platforms = true skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index 5e33330d..683960ba 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -2,13 +2,20 @@ provider "aws" { region = "eu-west-1" # Make it faster by skipping something - skip_get_ec2_platforms = true + skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true skip_requesting_account_id = true } +data "aws_availability_zones" "available" {} + +locals { + vpc_cidr = "10.0.0.0/16" + azs = slice(data.aws_availability_zones.available.names, 0, 3) +} + #################################################### # Lambda Function with event source mapping #################################################### @@ -20,12 +27,15 @@ module "lambda_function" { handler = "index.lambda_handler" runtime = "python3.8" - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python3.8-app1/index.py" event_source_mapping = { sqs = { event_source_arn = aws_sqs_queue.this.arn function_response_types = ["ReportBatchItemFailures"] + scaling_config = { + maximum_concurrency = 20 + } } dynamodb = { event_source_arn = aws_dynamodb_table.this.stream_arn @@ -216,21 +226,26 @@ resource "aws_kinesis_stream" "this" { } # Amazon MQ -data "aws_vpc" "default" { - default = true -} +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "~> 3.0" + + name = random_pet.this.id + cidr = local.vpc_cidr + + azs = local.azs + public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] -data "aws_security_group" "default" { - vpc_id = data.aws_vpc.default.id - name = "default" + enable_nat_gateway = false } resource "aws_mq_broker" "this" { broker_name = random_pet.this.id engine_type = "RabbitMQ" - engine_version = "3.8.11" + engine_version = "3.10.10" host_instance_type = "mq.t3.micro" - security_groups = [data.aws_security_group.default.id] + security_groups = [module.vpc.default_security_group_id] + subnet_ids = slice(module.vpc.public_subnets, 0, 1) user { username = random_pet.this.id diff --git a/examples/multiple-regions/main.tf b/examples/multiple-regions/main.tf index a5fb1dfb..4406c0c2 100644 --- a/examples/multiple-regions/main.tf +++ b/examples/multiple-regions/main.tf @@ -2,7 +2,6 @@ provider "aws" { region = "eu-west-1" # Make it faster by skipping something - skip_get_ec2_platforms = true skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true @@ -14,7 +13,6 @@ provider "aws" { alias = "us-east-1" # Make it faster by skipping something - skip_get_ec2_platforms = true skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true diff --git a/examples/simple/main.tf b/examples/simple/main.tf index 142d1c65..63cdcd86 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -3,7 +3,6 @@ provider "aws" { # region = "us-east-1" # Make it faster by skipping something - skip_get_ec2_platforms = true skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true diff --git a/examples/triggers/main.tf b/examples/triggers/main.tf index b207c075..9e9171ef 100644 --- a/examples/triggers/main.tf +++ b/examples/triggers/main.tf @@ -2,7 +2,6 @@ provider "aws" { region = "eu-west-1" # Make it faster by skipping something - skip_get_ec2_platforms = true skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true diff --git a/examples/with-efs/main.tf b/examples/with-efs/main.tf index 98d3a89a..c058eb84 100644 --- a/examples/with-efs/main.tf +++ b/examples/with-efs/main.tf @@ -2,7 +2,6 @@ provider "aws" { region = "eu-west-1" # Make it faster by skipping something - skip_get_ec2_platforms = true skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true diff --git a/examples/with-vpc-s3-endpoint/main.tf b/examples/with-vpc-s3-endpoint/main.tf index e574a06a..8913371c 100644 --- a/examples/with-vpc-s3-endpoint/main.tf +++ b/examples/with-vpc-s3-endpoint/main.tf @@ -2,7 +2,6 @@ provider "aws" { region = "eu-west-1" # Make it faster by skipping something - skip_get_ec2_platforms = true skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true diff --git a/examples/with-vpc/main.tf b/examples/with-vpc/main.tf index 6b734d95..78ef04fa 100644 --- a/examples/with-vpc/main.tf +++ b/examples/with-vpc/main.tf @@ -2,7 +2,6 @@ provider "aws" { region = "eu-west-1" # Make it faster by skipping something - skip_get_ec2_platforms = true skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true diff --git a/main.tf b/main.tf index d40ad990..06d2e79b 100644 --- a/main.tf +++ b/main.tf @@ -290,6 +290,14 @@ resource "aws_lambda_event_source_mapping" "this" { } } + dynamic "scaling_config" { + for_each = try([each.value.scaling_config], []) + content { + maximum_concurrency = try(scaling_config.value.maximum_concurrency, null) + } + } + + dynamic "self_managed_event_source" { for_each = try(each.value.self_managed_event_source, []) content { From 95e6a5778dcade3a733d5885f711aaed7ade5085 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 3 Apr 2023 20:46:04 +0000 Subject: [PATCH 253/385] chore(release): version 4.13.0 [skip ci] ## [4.13.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.12.1...v4.13.0) (2023-04-03) ### Features * Support maximum concurrency of Lambda with SQS as an event source ([#402](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/402)) ([268975c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/268975c9e2224cb05bdad8d7c39f879610dedc53)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3d353c29..135ad2b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.13.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.12.1...v4.13.0) (2023-04-03) + + +### Features + +* Support maximum concurrency of Lambda with SQS as an event source ([#402](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/402)) ([268975c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/268975c9e2224cb05bdad8d7c39f879610dedc53)) + ### [4.12.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.12.0...v4.12.1) (2023-03-10) From 3a21ac58bc5c4e1cb369a935a977246c10f31cf5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindri=20Gu=C3=B0mundsson?= Date: Fri, 14 Apr 2023 19:49:03 +0000 Subject: [PATCH 254/385] feat: Add max session duration for IAM role (#391) --- README.md | 1 + examples/simple/main.tf | 2 ++ examples/with-efs/README.md | 2 +- examples/with-efs/main.tf | 3 ++- examples/with-vpc/README.md | 2 +- examples/with-vpc/main.tf | 3 ++- iam.tf | 1 + variables.tf | 6 ++++++ 8 files changed, 16 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e6120fd7..4443afdc 100644 --- a/README.md +++ b/README.md @@ -821,6 +821,7 @@ No modules. | [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | | [role\_description](#input\_role\_description) | Description of IAM role to use for Lambda Function | `string` | `null` | no | | [role\_force\_detach\_policies](#input\_role\_force\_detach\_policies) | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no | +| [role\_maximum\_session\_duration](#input\_role\_maximum\_session\_duration) | Maximum session duration, in seconds, for the IAM role | `number` | `3600` | no | | [role\_name](#input\_role\_name) | Name of IAM role to use for Lambda Function | `string` | `null` | no | | [role\_path](#input\_role\_path) | Path of IAM role to use for Lambda Function | `string` | `null` | no | | [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | `string` | `null` | no | diff --git a/examples/simple/main.tf b/examples/simple/main.tf index 63cdcd86..010f7c76 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -39,6 +39,8 @@ module "lambda_function" { handler = "index.lambda_handler" runtime = "python3.8" + # role_maximum_session_duration = 7200 + # attach_cloudwatch_logs_policy = false # use_existing_cloudwatch_log_group = true diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index 3b83e41f..03fe9fc0 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -36,7 +36,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| | [lambda\_function\_with\_efs](#module\_lambda\_function\_with\_efs) | ../../ | n/a | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | n/a | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | ## Resources diff --git a/examples/with-efs/main.tf b/examples/with-efs/main.tf index c058eb84..10b7b90f 100644 --- a/examples/with-efs/main.tf +++ b/examples/with-efs/main.tf @@ -44,7 +44,8 @@ module "lambda_function_with_efs" { ###### module "vpc" { - source = "terraform-aws-modules/vpc/aws" + source = "terraform-aws-modules/vpc/aws" + version = "~> 3.0" name = random_pet.this.id cidr = "10.10.0.0/16" diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index af792807..500b626f 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -36,7 +36,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| | [lambda\_function\_in\_vpc](#module\_lambda\_function\_in\_vpc) | ../../ | n/a | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | n/a | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | ## Resources diff --git a/examples/with-vpc/main.tf b/examples/with-vpc/main.tf index 78ef04fa..99ef64b6 100644 --- a/examples/with-vpc/main.tf +++ b/examples/with-vpc/main.tf @@ -30,7 +30,8 @@ module "lambda_function_in_vpc" { } module "vpc" { - source = "terraform-aws-modules/vpc/aws" + source = "terraform-aws-modules/vpc/aws" + version = "~> 3.0" name = random_pet.this.id cidr = "10.10.0.0/16" diff --git a/iam.tf b/iam.tf index 91feaa9e..b146350b 100644 --- a/iam.tf +++ b/iam.tf @@ -100,6 +100,7 @@ resource "aws_iam_role" "lambda" { force_detach_policies = var.role_force_detach_policies permissions_boundary = var.role_permissions_boundary assume_role_policy = data.aws_iam_policy_document.assume_role[0].json + max_session_duration = var.role_maximum_session_duration tags = merge(var.tags, var.role_tags) } diff --git a/variables.tf b/variables.tf index 166f98da..f6d6cf91 100644 --- a/variables.tf +++ b/variables.tf @@ -447,6 +447,12 @@ variable "role_tags" { default = {} } +variable "role_maximum_session_duration" { + description = "Maximum session duration, in seconds, for the IAM role" + type = number + default = 3600 +} + ########### # Policies ########### From b2168c4d4ee021dd700d50087b0e47004b4b2f50 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 14 Apr 2023 19:49:28 +0000 Subject: [PATCH 255/385] chore(release): version 4.14.0 [skip ci] ## [4.14.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.13.0...v4.14.0) (2023-04-14) ### Features * Add max session duration for IAM role ([#391](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/391)) ([3a21ac5](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/3a21ac58bc5c4e1cb369a935a977246c10f31cf5)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 135ad2b6..cb738aac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.14.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.13.0...v4.14.0) (2023-04-14) + + +### Features + +* Add max session duration for IAM role ([#391](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/391)) ([3a21ac5](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/3a21ac58bc5c4e1cb369a935a977246c10f31cf5)) + ## [4.13.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.12.1...v4.13.0) (2023-04-03) From d7b3ac970b7f18be19c95ec43ce4d1fac9ae2572 Mon Sep 17 00:00:00 2001 From: Piotr Krawiec Date: Mon, 17 Apr 2023 17:16:38 +0200 Subject: [PATCH 256/385] feat: Add invoke_mode input (#446) --- README.md | 5 +++-- examples/complete/README.md | 4 ++-- examples/complete/main.tf | 1 + examples/complete/versions.tf | 2 +- main.tf | 1 + variables.tf | 6 ++++++ versions.tf | 2 +- 7 files changed, 15 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 4443afdc..14ec13ee 100644 --- a/README.md +++ b/README.md @@ -659,7 +659,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 4.54 | +| [aws](#requirement\_aws) | >= 4.63 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -668,7 +668,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.54 | +| [aws](#provider\_aws) | >= 4.63 | | [external](#provider\_external) | >= 1.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | @@ -791,6 +791,7 @@ No modules. | [image\_config\_entry\_point](#input\_image\_config\_entry\_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | | [image\_config\_working\_directory](#input\_image\_config\_working\_directory) | The working directory for the docker image | `string` | `null` | no | | [image\_uri](#input\_image\_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no | +| [invoke\_mode](#input\_invoke\_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE\_STREAM. | `string` | `null` | no | | [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | | [lambda\_at\_edge](#input\_lambda\_at\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | | [lambda\_role](#input\_lambda\_role) | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | diff --git a/examples/complete/README.md b/examples/complete/README.md index c242b952..968d88c9 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 4.9 | +| [aws](#requirement\_aws) | >= 4.63 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.9 | +| [aws](#provider\_aws) | >= 4.63 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 1f05580c..f7a55673 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -78,6 +78,7 @@ module "lambda_function" { expose_headers = ["keep-alive", "date"] max_age = 86400 } + invoke_mode = "RESPONSE_STREAM" ###################### # Additional policies diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 629d346a..f8d3b354 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.9" + version = ">= 4.63" } random = { source = "hashicorp/random" diff --git a/main.tf b/main.tf index 06d2e79b..5dd020e9 100644 --- a/main.tf +++ b/main.tf @@ -349,6 +349,7 @@ resource "aws_lambda_function_url" "this" { # Error: error creating Lambda Function URL: ValidationException qualifier = var.create_unqualified_alias_lambda_function_url ? null : aws_lambda_function.this[0].version authorization_type = var.authorization_type + invoke_mode = var.invoke_mode dynamic "cors" { for_each = length(keys(var.cors)) == 0 ? [] : [var.cors] diff --git a/variables.tf b/variables.tf index f6d6cf91..7e0d96db 100644 --- a/variables.tf +++ b/variables.tf @@ -257,6 +257,12 @@ variable "cors" { default = {} } +variable "invoke_mode" { + description = "Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE_STREAM." + type = string + default = null +} + ######## # Layer ######## diff --git a/versions.tf b/versions.tf index 524eb312..74502032 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.54" + version = ">= 4.63" } external = { source = "hashicorp/external" From 7a3e1ff64a8a119987337a5983b4597ae474de4a Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 17 Apr 2023 15:17:11 +0000 Subject: [PATCH 257/385] chore(release): version 4.15.0 [skip ci] ## [4.15.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.14.0...v4.15.0) (2023-04-17) ### Features * Add invoke_mode input ([#446](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/446)) ([d7b3ac9](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/d7b3ac970b7f18be19c95ec43ce4d1fac9ae2572)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cb738aac..0eaf6fce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.15.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.14.0...v4.15.0) (2023-04-17) + + +### Features + +* Add invoke_mode input ([#446](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/446)) ([d7b3ac9](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/d7b3ac970b7f18be19c95ec43ce4d1fac9ae2572)) + ## [4.14.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.13.0...v4.14.0) (2023-04-14) From ed2ea1d976b3d34877d2d3f868a8a59c3c84adc7 Mon Sep 17 00:00:00 2001 From: Patrick Decat Date: Tue, 18 Apr 2023 09:53:48 +0200 Subject: [PATCH 258/385] docs: Document poetry install (#447) Co-authored-by: Anton Babenko --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 14ec13ee..7efe85ed 100644 --- a/README.md +++ b/README.md @@ -451,8 +451,9 @@ source_path = [ - `commands` - List of commands to run. If specified, this argument overrides `pip_requirements` and `npm_requirements`. - `:zip [source] [destination]` is a special command which creates content of current working directory (first argument) and places it inside of path (second argument). -- `pip_requirements` - Controls whether to execute `pip install`. Set to `false` to disable this feature, `true` to run `pip install` with `requirements.txt` found in `path`. Or set to another filename which you want to use instead. +- `pip_requirements` - Controls whether to execute `pip install`. Set to `false` to disable this feature, `true` to run `pip install` with `requirements.txt` found in `path`. Or set to another filename which you want to use instead. When `source_path` is passed as a string containing a path (and not a list of maps), and `requirements.txt` is present, `pip install` is automatically executed. - `pip_tmp_dir` - Set the base directory to make the temporary directory for pip installs. Can be useful for Docker in Docker builds. +- `poetry_install` - Controls whether to execute `poetry export` and `pip install`. Set to `false` to disable this feature, `true` to run `poetry export` with `pyproject.toml` and `poetry.lock` found in `path`. When `source_path` is passed as a string containing a path (and not a list of maps), and `pyproject.toml` with a build system `poetry` is present, `poetry export` and `pip install` are automatically executed. - `npm_requirements` - Controls whether to execute `npm install`. Set to `false` to disable this feature, `true` to run `npm install` with `package.json` found in `path`. Or set to another filename which you want to use instead. - `npm_tmp_dir` - Set the base directory to make the temporary directory for npm installs. Can be useful for Docker in Docker builds. - `prefix_in_zip` - If specified, will be used as a prefix inside zip-archive. By default, everything installs into the root of zip-archive. From 31d75e7206d2816471fe828e86ef3f2a1ad1218d Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 18 Apr 2023 11:44:20 +0200 Subject: [PATCH 259/385] feat: Adding variable principal_org_id to resource aws_lambda_permission (#448) Co-authored-by: Tomasz Charewicz --- README.md | 4 ++++ examples/alias/README.md | 2 ++ examples/alias/main.tf | 10 ++++++++++ examples/complete/README.md | 1 + examples/complete/main.tf | 6 ++++++ examples/event-source-mapping/main.tf | 6 ++++++ main.tf | 2 ++ modules/alias/README.md | 4 ++-- modules/alias/main.tf | 2 ++ modules/alias/versions.tf | 2 +- 10 files changed, 36 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 7efe85ed..ff53534e 100644 --- a/README.md +++ b/README.md @@ -293,6 +293,10 @@ module "lambda_function" { # ...omitted for brevity allowed_triggers = { + Config = { + principal = "config.amazonaws.com" + principal_org_id = "o-abcdefghij" + } APIGatewayAny = { service = "apigateway" source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*" diff --git a/examples/alias/README.md b/examples/alias/README.md index 9f143789..cbc18c8c 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -27,6 +27,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| +| [aws](#provider\_aws) | >= 3.19 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -44,6 +45,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Type | |------|------| | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_organizations_organization.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source | ## Inputs diff --git a/examples/alias/main.tf b/examples/alias/main.tf index 138e83b5..53e32d1a 100644 --- a/examples/alias/main.tf +++ b/examples/alias/main.tf @@ -8,6 +8,8 @@ provider "aws" { skip_requesting_account_id = true } +data "aws_organizations_organization" "this" {} + resource "random_pet" "this" { length = 2 } @@ -78,6 +80,10 @@ module "alias_no_refresh" { } allowed_triggers = { + Config = { + principal = "config.amazonaws.com" + principal_org_id = data.aws_organizations_organization.this.id + } AnotherAPIGatewayAny = { # keys should be unique service = "apigateway" source_arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse/*/*/*" @@ -117,6 +123,10 @@ module "alias_existing" { } allowed_triggers = { + Config = { + principal = "config.amazonaws.com" + principal_org_id = data.aws_organizations_organization.this.id + } ThirdAPIGatewayAny = { service = "apigateway" source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*" diff --git a/examples/complete/README.md b/examples/complete/README.md index 968d88c9..dbed4f19 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -55,6 +55,7 @@ Note that this example may create resources which cost money. Run `terraform des | [aws_sqs_queue.dlq](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_organizations_organization.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source | ## Inputs diff --git a/examples/complete/main.tf b/examples/complete/main.tf index f7a55673..ce0c3f7e 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -10,6 +10,8 @@ provider "aws" { data "aws_caller_identity" "current" {} +data "aws_organizations_organization" "this" {} + #################################################### # Lambda Function (building locally, storing on S3, # set allowed triggers, set policies) @@ -51,6 +53,10 @@ module "lambda_function" { dead_letter_target_arn = aws_sqs_queue.dlq.arn allowed_triggers = { + Config = { + principal = "config.amazonaws.com" + principal_org_id = data.aws_organizations_organization.this.id + } APIGatewayAny = { service = "apigateway" source_arn = "arn:aws:execute-api:eu-west-1:${data.aws_caller_identity.current.account_id}:aqnku8akd0/*/*/*" diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index 683960ba..cf1c5307 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -11,6 +11,8 @@ provider "aws" { data "aws_availability_zones" "available" {} +data "aws_organizations_organization" "this" {} + locals { vpc_cidr = "10.0.0.0/16" azs = slice(data.aws_availability_zones.available.names, 0, 3) @@ -117,6 +119,10 @@ module "lambda_function" { } allowed_triggers = { + config = { + principal = "config.amazonaws.com" + principal_org_id = data.aws_organizations_organization.this.id + } sqs = { principal = "sqs.amazonaws.com" source_arn = aws_sqs_queue.this.arn diff --git a/main.tf b/main.tf index 5dd020e9..f91f52c2 100644 --- a/main.tf +++ b/main.tf @@ -242,6 +242,7 @@ resource "aws_lambda_permission" "current_version_triggers" { statement_id = try(each.value.statement_id, each.key) action = try(each.value.action, "lambda:InvokeFunction") principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + principal_org_id = try(each.value.principal_org_id, null) source_arn = try(each.value.source_arn, null) source_account = try(each.value.source_account, null) event_source_token = try(each.value.event_source_token, null) @@ -256,6 +257,7 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" { statement_id = try(each.value.statement_id, each.key) action = try(each.value.action, "lambda:InvokeFunction") principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + principal_org_id = try(each.value.principal_org_id, null) source_arn = try(each.value.source_arn, null) source_account = try(each.value.source_account, null) event_source_token = try(each.value.event_source_token, null) diff --git a/modules/alias/README.md b/modules/alias/README.md index 9466f51c..9f2521bf 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -116,13 +116,13 @@ module "lambda" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.35 | +| [aws](#requirement\_aws) | >= 4.9 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.35 | +| [aws](#provider\_aws) | >= 4.9 | ## Modules diff --git a/modules/alias/main.tf b/modules/alias/main.tf index 324d979b..841206cf 100644 --- a/modules/alias/main.tf +++ b/modules/alias/main.tf @@ -91,6 +91,7 @@ resource "aws_lambda_permission" "version_triggers" { statement_id = try(each.value.statement_id, each.key) action = try(each.value.action, "lambda:InvokeFunction") principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + principal_org_id = try(each.value.principal_org_id, null) source_arn = try(each.value.source_arn, null) source_account = try(each.value.source_account, null) event_source_token = try(each.value.event_source_token, null) @@ -105,6 +106,7 @@ resource "aws_lambda_permission" "qualified_alias_triggers" { statement_id = try(each.value.statement_id, each.key) action = try(each.value.action, "lambda:InvokeFunction") principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + principal_org_id = try(each.value.principal_org_id, null) source_arn = try(each.value.source_arn, null) source_account = try(each.value.source_account, null) event_source_token = try(each.value.event_source_token, null) diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index d56fc0e8..affc11e7 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.35" + version = ">= 4.9" } } } From 8ec492a1f10e9f3e244600068f34aa7948495600 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 18 Apr 2023 09:44:50 +0000 Subject: [PATCH 260/385] chore(release): version 4.16.0 [skip ci] ## [4.16.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.15.0...v4.16.0) (2023-04-18) ### Features * Adding variable principal_org_id to resource aws_lambda_permission ([#448](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/448)) ([31d75e7](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/31d75e7206d2816471fe828e86ef3f2a1ad1218d)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0eaf6fce..89f59650 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.16.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.15.0...v4.16.0) (2023-04-18) + + +### Features + +* Adding variable principal_org_id to resource aws_lambda_permission ([#448](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/448)) ([31d75e7](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/31d75e7206d2816471fe828e86ef3f2a1ad1218d)) + ## [4.15.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.14.0...v4.15.0) (2023-04-17) From dcd899b40bdeb4c7f607a5568e6f24dac81f26a0 Mon Sep 17 00:00:00 2001 From: Josh Beard Date: Thu, 4 May 2023 10:39:16 -0600 Subject: [PATCH 261/385] feat: add qualified invoke ARN output (#437) --- README.md | 1 + examples/complete/README.md | 1 + examples/complete/outputs.tf | 5 +++++ outputs.tf | 5 +++++ 4 files changed, 12 insertions(+) diff --git a/README.md b/README.md index ff53534e..cd545170 100644 --- a/README.md +++ b/README.md @@ -869,6 +869,7 @@ No modules. | [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | | [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | | [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_qualified\_invoke\_arn](#output\_lambda\_function\_qualified\_invoke\_arn) | The Invoke ARN identifying your Lambda Function Version | | [lambda\_function\_signing\_job\_arn](#output\_lambda\_function\_signing\_job\_arn) | ARN of the signing job | | [lambda\_function\_signing\_profile\_version\_arn](#output\_lambda\_function\_signing\_profile\_version\_arn) | ARN of the signing profile version | | [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | diff --git a/examples/complete/README.md b/examples/complete/README.md index dbed4f19..575ad523 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -73,6 +73,7 @@ No inputs. | [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | | [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | | [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_qualified\_invoke\_arn](#output\_lambda\_function\_qualified\_invoke\_arn) | The Invoke ARN identifying your Lambda Function Version | | [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | | [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | | [lambda\_function\_url](#output\_lambda\_function\_url) | The URL of the Lambda Function URL | diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 5ac3d8ec..77c78702 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -24,6 +24,11 @@ output "lambda_function_qualified_arn" { value = module.lambda_function.lambda_function_qualified_arn } +output "lambda_function_qualified_invoke_arn" { + description = "The Invoke ARN identifying your Lambda Function Version" + value = module.lambda_function.lambda_function_qualified_invoke_arn +} + output "lambda_function_version" { description = "Latest published version of Lambda Function" value = module.lambda_function.lambda_function_version diff --git a/outputs.tf b/outputs.tf index cec0293b..6d53a66c 100644 --- a/outputs.tf +++ b/outputs.tf @@ -24,6 +24,11 @@ output "lambda_function_qualified_arn" { value = try(aws_lambda_function.this[0].qualified_arn, "") } +output "lambda_function_qualified_invoke_arn" { + description = "The Invoke ARN identifying your Lambda Function Version" + value = try(aws_lambda_function.this[0].qualified_invoke_arn, "") +} + output "lambda_function_version" { description = "Latest published version of Lambda Function" value = try(aws_lambda_function.this[0].version, "") From 424ec17a4c4e35daac46b612d4ca6b7e60034396 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 4 May 2023 16:39:41 +0000 Subject: [PATCH 262/385] chore(release): version 4.17.0 [skip ci] ## [4.17.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.16.0...v4.17.0) (2023-05-04) ### Features * add qualified invoke ARN output ([#437](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/437)) ([dcd899b](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/dcd899b40bdeb4c7f607a5568e6f24dac81f26a0)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 89f59650..f0f9b5ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.17.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.16.0...v4.17.0) (2023-05-04) + + +### Features + +* add qualified invoke ARN output ([#437](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/437)) ([dcd899b](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/dcd899b40bdeb4c7f607a5568e6f24dac81f26a0)) + ## [4.16.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.15.0...v4.16.0) (2023-04-18) From 712d8ecb9a224be8ed36cb34eebf4b7e815d0565 Mon Sep 17 00:00:00 2001 From: rysi3k Date: Wed, 17 May 2023 17:00:27 +0200 Subject: [PATCH 263/385] feat: Added control to create logs by Lambda@Edge in all regions (#462) Co-authored-by: Tomasz Rychlewicz Co-authored-by: Anton Babenko --- README.md | 1 + iam.tf | 2 +- variables.tf | 6 ++++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index cd545170..b81a8d60 100644 --- a/README.md +++ b/README.md @@ -799,6 +799,7 @@ No modules. | [invoke\_mode](#input\_invoke\_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE\_STREAM. | `string` | `null` | no | | [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | | [lambda\_at\_edge](#input\_lambda\_at\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | +| [lambda\_at\_edge\_logs\_all\_regions](#input\_lambda\_at\_edge\_logs\_all\_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no | | [lambda\_role](#input\_lambda\_role) | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | | [layer\_name](#input\_layer\_name) | Name of Lambda Layer to create | `string` | `""` | no | | [layer\_skip\_destroy](#input\_layer\_skip\_destroy) | Whether to retain the old version of a previously deployed Lambda Layer. | `bool` | `false` | no | diff --git a/iam.tf b/iam.tf index b146350b..0436a4a4 100644 --- a/iam.tf +++ b/iam.tf @@ -5,7 +5,7 @@ locals { # The region part of the LogGroup ARN is then replaced with a wildcard (*) so Lambda@Edge is able to log in every region log_group_arn_regional = try(data.aws_cloudwatch_log_group.lambda[0].arn, aws_cloudwatch_log_group.lambda[0].arn, "") log_group_name = try(data.aws_cloudwatch_log_group.lambda[0].name, aws_cloudwatch_log_group.lambda[0].name, "") - log_group_arn = local.create_role && var.lambda_at_edge ? format("arn:%s:%s:%s:%s:%s", data.aws_arn.log_group_arn[0].partition, data.aws_arn.log_group_arn[0].service, "*", data.aws_arn.log_group_arn[0].account, data.aws_arn.log_group_arn[0].resource) : local.log_group_arn_regional + log_group_arn = local.create_role && var.lambda_at_edge ? format("arn:%s:%s:%s:%s:%s", data.aws_arn.log_group_arn[0].partition, data.aws_arn.log_group_arn[0].service, var.lambda_at_edge_logs_all_regions ? "*" : "us-east-1", data.aws_arn.log_group_arn[0].account, data.aws_arn.log_group_arn[0].resource) : local.log_group_arn_regional # Defaulting to "*" (an invalid character for an IAM Role name) will cause an error when # attempting to plan if the role_name and function_name are not set. This is a workaround diff --git a/variables.tf b/variables.tf index 7e0d96db..ea847f26 100644 --- a/variables.tf +++ b/variables.tf @@ -50,6 +50,12 @@ variable "lambda_at_edge" { default = false } +variable "lambda_at_edge_logs_all_regions" { + description = "Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions" + type = bool + default = true +} + variable "function_name" { description = "A unique name for your Lambda Function" type = string From e78cdf1f82944897ca6e30d6489f43cf24539374 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 17 May 2023 15:00:56 +0000 Subject: [PATCH 264/385] chore(release): version 4.18.0 [skip ci] ## [4.18.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.17.0...v4.18.0) (2023-05-17) ### Features * Added control to create logs by Lambda@Edge in all regions ([#462](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/462)) ([712d8ec](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/712d8ecb9a224be8ed36cb34eebf4b7e815d0565)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f0f9b5ac..0535bfc0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.18.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.17.0...v4.18.0) (2023-05-17) + + +### Features + +* Added control to create logs by Lambda@Edge in all regions ([#462](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/462)) ([712d8ec](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/712d8ecb9a224be8ed36cb34eebf4b7e815d0565)) + ## [4.17.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.16.0...v4.17.0) (2023-05-04) From 3f2044f0d6a5cad4b37100c26b2558d1acb9b982 Mon Sep 17 00:00:00 2001 From: Ben Moss Date: Mon, 5 Jun 2023 14:07:01 -0400 Subject: [PATCH 265/385] feat!: Bump versions of Terraform to 1.0, kreuzwerker/docker provider to 3.0 (#464) Co-authored-by: Ben Moss Co-authored-by: Anton Babenko --- .pre-commit-config.yaml | 2 +- README.md | 2 +- examples/alias/README.md | 2 +- examples/alias/versions.tf | 2 +- examples/async/README.md | 2 +- examples/async/versions.tf | 2 +- examples/build-package/README.md | 2 +- examples/build-package/versions.tf | 2 +- examples/code-signing/README.md | 2 +- examples/code-signing/versions.tf | 2 +- examples/complete/README.md | 2 +- examples/complete/versions.tf | 2 +- examples/container-image/README.md | 4 ++-- examples/container-image/versions.tf | 4 ++-- examples/deploy/README.md | 2 +- examples/deploy/versions.tf | 2 +- examples/event-source-mapping/main.tf | 2 +- examples/event-source-mapping/versions.tf | 2 +- examples/multiple-regions/README.md | 2 +- examples/multiple-regions/versions.tf | 2 +- examples/simple/README.md | 2 +- examples/simple/versions.tf | 2 +- examples/triggers/README.md | 2 +- examples/triggers/versions.tf | 2 +- examples/with-efs/README.md | 4 ++-- examples/with-efs/main.tf | 2 +- examples/with-efs/versions.tf | 2 +- examples/with-vpc-s3-endpoint/README.md | 6 +++--- examples/with-vpc-s3-endpoint/main.tf | 4 ++-- examples/with-vpc-s3-endpoint/versions.tf | 2 +- examples/with-vpc/README.md | 4 ++-- examples/with-vpc/main.tf | 2 +- examples/with-vpc/versions.tf | 2 +- modules/alias/README.md | 2 +- modules/alias/versions.tf | 2 +- modules/deploy/README.md | 2 +- modules/deploy/versions.tf | 2 +- modules/docker-build/README.md | 7 ++++--- modules/docker-build/main.tf | 6 +++++- modules/docker-build/versions.tf | 4 ++-- versions.tf | 2 +- 41 files changed, 56 insertions(+), 51 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 071427d7..dabb1508 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.77.1 + rev: v1.80.0 hooks: - id: terraform_fmt - id: terraform_validate diff --git a/README.md b/README.md index b81a8d60..37171dcc 100644 --- a/README.md +++ b/README.md @@ -663,7 +663,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 4.63 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | diff --git a/examples/alias/README.md b/examples/alias/README.md index cbc18c8c..ad8fd013 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index 6f0e3af3..c823dfe2 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { diff --git a/examples/async/README.md b/examples/async/README.md index 00c057be..742020fb 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 3.61 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/async/versions.tf b/examples/async/versions.tf index 2a88692a..d80dff9b 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { diff --git a/examples/build-package/README.md b/examples/build-package/README.md index eadf0245..e50dad8f 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index 6f0e3af3..c823dfe2 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { diff --git a/examples/code-signing/README.md b/examples/code-signing/README.md index 6e9357f2..d9d1f4bf 100644 --- a/examples/code-signing/README.md +++ b/examples/code-signing/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 4.9 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/code-signing/versions.tf b/examples/code-signing/versions.tf index 629d346a..011e2dbe 100644 --- a/examples/code-signing/versions.tf +++ b/examples/code-signing/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { diff --git a/examples/complete/README.md b/examples/complete/README.md index 575ad523..28e5b37a 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 4.63 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index f8d3b354..5afa48b5 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 784cb8eb..22e0d071 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -19,9 +19,9 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 3.19 | -| [docker](#requirement\_docker) | >= 2.12 | +| [docker](#requirement\_docker) | >= 3.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index 63a095cc..121e5fb2 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { @@ -8,7 +8,7 @@ terraform { } docker = { source = "kreuzwerker/docker" - version = ">= 2.12" + version = ">= 3.0" } random = { source = "hashicorp/random" diff --git a/examples/deploy/README.md b/examples/deploy/README.md index 5b0846f0..aa34691b 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index 6f0e3af3..c823dfe2 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index cf1c5307..46253c35 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -234,7 +234,7 @@ resource "aws_kinesis_stream" "this" { # Amazon MQ module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 5.0" name = random_pet.this.id cidr = local.vpc_cidr diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index d77dd0b7..8d7f35e0 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 6528a8db..63de0b55 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index 6f0e3af3..c823dfe2 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { diff --git a/examples/simple/README.md b/examples/simple/README.md index 77e5c967..186a2cb3 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index 6f0e3af3..c823dfe2 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { diff --git a/examples/triggers/README.md b/examples/triggers/README.md index ef824812..75634aec 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 2.67 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/triggers/versions.tf b/examples/triggers/versions.tf index 13f523bb..b06121e1 100644 --- a/examples/triggers/versions.tf +++ b/examples/triggers/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index 03fe9fc0..a1d479cb 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2.0 | @@ -36,7 +36,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| | [lambda\_function\_with\_efs](#module\_lambda\_function\_with\_efs) | ../../ | n/a | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | ## Resources diff --git a/examples/with-efs/main.tf b/examples/with-efs/main.tf index 10b7b90f..97c12569 100644 --- a/examples/with-efs/main.tf +++ b/examples/with-efs/main.tf @@ -45,7 +45,7 @@ module "lambda_function_with_efs" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 5.0" name = random_pet.this.id cidr = "10.10.0.0/16" diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index 6f0e3af3..c823dfe2 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index e2e43a6e..b11163d5 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.14 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 4.33 | | [random](#requirement\_random) | >= 3.4 | @@ -40,8 +40,8 @@ Note that this example may create resources which cost money. Run `terraform des | [lambda\_s3\_write](#module\_lambda\_s3\_write) | ../../ | n/a | | [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | | [security\_group\_lambda](#module\_security\_group\_lambda) | terraform-aws-modules/security-group/aws | ~> 4.0 | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | -| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | ~> 3.0 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | +| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | ~> 5.0 | ## Resources diff --git a/examples/with-vpc-s3-endpoint/main.tf b/examples/with-vpc-s3-endpoint/main.tf index 8913371c..939dc5ee 100644 --- a/examples/with-vpc-s3-endpoint/main.tf +++ b/examples/with-vpc-s3-endpoint/main.tf @@ -60,7 +60,7 @@ data "aws_ec2_managed_prefix_list" "this" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 5.0" name = random_pet.this.id cidr = "10.0.0.0/16" @@ -102,7 +102,7 @@ module "vpc" { module "vpc_endpoints" { source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints" - version = "~> 3.0" + version = "~> 5.0" vpc_id = module.vpc.vpc_id diff --git a/examples/with-vpc-s3-endpoint/versions.tf b/examples/with-vpc-s3-endpoint/versions.tf index 6941462b..00032cb7 100644 --- a/examples/with-vpc-s3-endpoint/versions.tf +++ b/examples/with-vpc-s3-endpoint/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.14" + required_version = ">= 1.0" required_providers { aws = { diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 500b626f..2d0034ed 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 3.19 | | [random](#requirement\_random) | >= 2.0 | @@ -36,7 +36,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| | [lambda\_function\_in\_vpc](#module\_lambda\_function\_in\_vpc) | ../../ | n/a | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | ## Resources diff --git a/examples/with-vpc/main.tf b/examples/with-vpc/main.tf index 99ef64b6..42cde394 100644 --- a/examples/with-vpc/main.tf +++ b/examples/with-vpc/main.tf @@ -31,7 +31,7 @@ module "lambda_function_in_vpc" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 5.0" name = random_pet.this.id cidr = "10.10.0.0/16" diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index 6f0e3af3..c823dfe2 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { diff --git a/modules/alias/README.md b/modules/alias/README.md index 9f2521bf..ec1df03b 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -115,7 +115,7 @@ module "lambda" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 4.9 | ## Providers diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index affc11e7..dbc484ad 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 7064c86f..61afceac 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -100,7 +100,7 @@ module "lambda" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 3.35 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index deb3cfd9..5a82f93b 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 72597571..bfd753bb 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -52,9 +52,9 @@ module "docker_image" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 4.22 | -| [docker](#requirement\_docker) | >= 2.12, < 3.0 | +| [docker](#requirement\_docker) | >= 3.0 | | [null](#requirement\_null) | >= 2.0 | ## Providers @@ -62,7 +62,7 @@ module "docker_image" { | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 4.22 | -| [docker](#provider\_docker) | >= 2.12, < 3.0 | +| [docker](#provider\_docker) | >= 3.0 | | [null](#provider\_null) | >= 2.0 | ## Modules @@ -75,6 +75,7 @@ No modules. |------|------| | [aws_ecr_lifecycle_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource | | [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource | +| [docker_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/image) | resource | | [docker_registry_image.this](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/registry_image) | resource | | [null_resource.sam_metadata_docker_registry_image](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index 3883314e..b02e094b 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -9,7 +9,7 @@ locals { ecr_image_name = format("%v/%v:%v", local.ecr_address, local.ecr_repo, local.image_tag) } -resource "docker_registry_image" "this" { +resource "docker_image" "this" { name = local.ecr_image_name build { @@ -18,6 +18,10 @@ resource "docker_registry_image" "this" { build_args = var.build_args platform = var.platform } +} + +resource "docker_registry_image" "this" { + name = docker_image.this.name keep_remotely = var.keep_remotely } diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index d188451a..93aadf1a 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { @@ -8,7 +8,7 @@ terraform { } docker = { source = "kreuzwerker/docker" - version = ">= 2.12, < 3.0" + version = ">= 3.0" } null = { source = "hashicorp/null" diff --git a/versions.tf b/versions.tf index 74502032..595ff834 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { From dc9356a4804b98894c5d1bf651e88f5eacdb90d8 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 5 Jun 2023 18:07:38 +0000 Subject: [PATCH 266/385] chore(release): version 5.0.0 [skip ci] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## [5.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.18.0...v5.0.0) (2023-06-05) ### ⚠ BREAKING CHANGES * Bump versions of Terraform to 1.0, kreuzwerker/docker provider to 3.0 (#464) ### Features * Bump versions of Terraform to 1.0, kreuzwerker/docker provider to 3.0 ([#464](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/464)) ([3f2044f](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/3f2044f0d6a5cad4b37100c26b2558d1acb9b982)) --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0535bfc0..95d66dbe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ All notable changes to this project will be documented in this file. +## [5.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.18.0...v5.0.0) (2023-06-05) + + +### ⚠ BREAKING CHANGES + +* Bump versions of Terraform to 1.0, kreuzwerker/docker provider to 3.0 (#464) + +### Features + +* Bump versions of Terraform to 1.0, kreuzwerker/docker provider to 3.0 ([#464](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/464)) ([3f2044f](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/3f2044f0d6a5cad4b37100c26b2558d1acb9b982)) + ## [4.18.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.17.0...v4.18.0) (2023-05-17) From 24bd26e8d598d183a995e2742713e122ecc607a5 Mon Sep 17 00:00:00 2001 From: Lucas Fauchille Date: Tue, 4 Jul 2023 18:17:24 +0200 Subject: [PATCH 267/385] feat: Support maximum concurrency of Lambda Alias with SQS as an event source (#457) Co-authored-by: Anton Babenko --- examples/alias/main.tf | 5 +++-- modules/alias/main.tf | 7 +++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/examples/alias/main.tf b/examples/alias/main.tf index 53e32d1a..5a37e057 100644 --- a/examples/alias/main.tf +++ b/examples/alias/main.tf @@ -74,8 +74,9 @@ module "alias_no_refresh" { event_source_mapping = { sqs = { - service = "sqs" - event_source_arn = module.sqs_events.sqs_queue_arn + service = "sqs" + event_source_arn = module.sqs_events.sqs_queue_arn + maximum_concurrency = 10 } } diff --git a/modules/alias/main.tf b/modules/alias/main.tf index 841206cf..c2151c9f 100644 --- a/modules/alias/main.tf +++ b/modules/alias/main.tf @@ -141,6 +141,13 @@ resource "aws_lambda_event_source_mapping" "this" { } } + dynamic "scaling_config" { + for_each = try([each.value.scaling_config], []) + content { + maximum_concurrency = try(scaling_config.value.maximum_concurrency, null) + } + } + dynamic "self_managed_event_source" { for_each = try(each.value.self_managed_event_source, []) content { From 0236678bfb9245e3e415544b0f72e6ca5a69a99b Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 4 Jul 2023 16:17:59 +0000 Subject: [PATCH 268/385] chore(release): version 5.1.0 [skip ci] ## [5.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v5.0.0...v5.1.0) (2023-07-04) ### Features * Support maximum concurrency of Lambda Alias with SQS as an event source ([#457](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/457)) ([24bd26e](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/24bd26e8d598d183a995e2742713e122ecc607a5)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95d66dbe..cd844069 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [5.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v5.0.0...v5.1.0) (2023-07-04) + + +### Features + +* Support maximum concurrency of Lambda Alias with SQS as an event source ([#457](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/457)) ([24bd26e](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/24bd26e8d598d183a995e2742713e122ecc607a5)) + ## [5.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v4.18.0...v5.0.0) (2023-06-05) From b5e9346de58bff16a63b63f76209bdb59534105e Mon Sep 17 00:00:00 2001 From: Matheus Mazzoni <54732019+matheusmazzoni@users.noreply.github.com> Date: Wed, 5 Jul 2023 11:35:13 -0300 Subject: [PATCH 269/385] feat: Add module wrappers (#479) --- wrappers/README.md | 106 +++++++++++++++++++++++ wrappers/alias/README.md | 103 ++++++++++++++++++++++ wrappers/alias/main.tf | 26 ++++++ wrappers/alias/outputs.tf | 5 ++ wrappers/alias/variables.tf | 11 +++ wrappers/alias/versions.tf | 3 + wrappers/deploy/README.md | 134 +++++++++++++++++++++++++++++ wrappers/deploy/main.tf | 41 +++++++++ wrappers/deploy/outputs.tf | 5 ++ wrappers/deploy/variables.tf | 11 +++ wrappers/deploy/versions.tf | 3 + wrappers/docker-build/README.md | 109 +++++++++++++++++++++++ wrappers/docker-build/main.tf | 20 +++++ wrappers/docker-build/outputs.tf | 5 ++ wrappers/docker-build/variables.tf | 11 +++ wrappers/docker-build/versions.tf | 3 + wrappers/main.tf | 121 ++++++++++++++++++++++++++ wrappers/outputs.tf | 5 ++ wrappers/variables.tf | 11 +++ wrappers/versions.tf | 3 + 20 files changed, 736 insertions(+) create mode 100644 wrappers/README.md create mode 100644 wrappers/alias/README.md create mode 100644 wrappers/alias/main.tf create mode 100644 wrappers/alias/outputs.tf create mode 100644 wrappers/alias/variables.tf create mode 100644 wrappers/alias/versions.tf create mode 100644 wrappers/deploy/README.md create mode 100644 wrappers/deploy/main.tf create mode 100644 wrappers/deploy/outputs.tf create mode 100644 wrappers/deploy/variables.tf create mode 100644 wrappers/deploy/versions.tf create mode 100644 wrappers/docker-build/README.md create mode 100644 wrappers/docker-build/main.tf create mode 100644 wrappers/docker-build/outputs.tf create mode 100644 wrappers/docker-build/variables.tf create mode 100644 wrappers/docker-build/versions.tf create mode 100644 wrappers/main.tf create mode 100644 wrappers/outputs.tf create mode 100644 wrappers/variables.tf create mode 100644 wrappers/versions.tf diff --git a/wrappers/README.md b/wrappers/README.md new file mode 100644 index 00000000..9100f135 --- /dev/null +++ b/wrappers/README.md @@ -0,0 +1,106 @@ +# Wrapper for the root module + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/lambda/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + handler = "index.lambda_handler" + runtime = "python3.8" + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/lambda/aws//wrappers" + + defaults = { # Default values + create = true + handler = "index.lambda_handler" + runtime = "python3.8" + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple Lambdas in one Terragrunt layer + +`eu-west-1/lambdas/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/lambda/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers?ref=master" +} + +inputs = { + defaults = { + create = true + handler = "index.lambda_handler" + runtime = "python3.8" + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + lambda1 = { + function_name = "my-lambda1" + description = "My awesome lambda function"\ + source_path = "../src/lambda-function1" + } + lambda2 = { + function_name = "my-lambda2" + description = "My second awesome lambda function" + source_path = "../src/lambda-function2" + } + } +} +``` diff --git a/wrappers/alias/README.md b/wrappers/alias/README.md new file mode 100644 index 00000000..3f2b5013 --- /dev/null +++ b/wrappers/alias/README.md @@ -0,0 +1,103 @@ +# Wrapper for module: `modules/alias` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/lambda/aws" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers/alias?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + refresh_alias = true + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/lambda/aws//wrappers/alias" + + defaults = { # Default values + create = true + refresh_alias = true + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple aliases in one Terragrunt layer + +`eu-west-1/lambda-aliases/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/lambda/aws//wrappers/alias" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers/alias?ref=master" +} + +dependency "lambda1" { + config_path = "../lambdas/lambda1" +} +dependency "lambda2" { + config_path = "../lambdas/lambda2" +} + +inputs = { + defaults = { + refresh_alias = true + allowed_triggers = { + AnotherAPIGatewayAny = { + service = "apigateway" + source_arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse/*/*/*" + } + } + } + + items = { + alias1 = { + name = "my-random-alias-1" + function_name = dependency.lambda1.outputs.lambda_function_name + function_version = dependency.lambda1.outputs.lambda_function_version + } + alias2 = { + name = "my-random-alias-2" + function_name = dependency.lambda2.outputs.lambda_function_name + function_version = dependency.lambda2.outputs.lambda_function_version + } + } +} +``` diff --git a/wrappers/alias/main.tf b/wrappers/alias/main.tf new file mode 100644 index 00000000..983e3797 --- /dev/null +++ b/wrappers/alias/main.tf @@ -0,0 +1,26 @@ +module "wrapper" { + source = "../../modules/alias" + + for_each = var.items + + create = try(each.value.create, var.defaults.create, true) + use_existing_alias = try(each.value.use_existing_alias, var.defaults.use_existing_alias, false) + refresh_alias = try(each.value.refresh_alias, var.defaults.refresh_alias, true) + create_async_event_config = try(each.value.create_async_event_config, var.defaults.create_async_event_config, false) + create_version_async_event_config = try(each.value.create_version_async_event_config, var.defaults.create_version_async_event_config, true) + create_qualified_alias_async_event_config = try(each.value.create_qualified_alias_async_event_config, var.defaults.create_qualified_alias_async_event_config, true) + create_version_allowed_triggers = try(each.value.create_version_allowed_triggers, var.defaults.create_version_allowed_triggers, true) + create_qualified_alias_allowed_triggers = try(each.value.create_qualified_alias_allowed_triggers, var.defaults.create_qualified_alias_allowed_triggers, true) + name = try(each.value.name, var.defaults.name, null) + description = try(each.value.description, var.defaults.description, null) + function_name = try(each.value.function_name, var.defaults.function_name, null) + function_version = try(each.value.function_version, var.defaults.function_version, null) + routing_additional_version_weights = try(each.value.routing_additional_version_weights, var.defaults.routing_additional_version_weights, {}) + maximum_event_age_in_seconds = try(each.value.maximum_event_age_in_seconds, var.defaults.maximum_event_age_in_seconds, null) + maximum_retry_attempts = try(each.value.maximum_retry_attempts, var.defaults.maximum_retry_attempts, null) + destination_on_failure = try(each.value.destination_on_failure, var.defaults.destination_on_failure, null) + destination_on_success = try(each.value.destination_on_success, var.defaults.destination_on_success, null) + allowed_triggers = try(each.value.allowed_triggers, var.defaults.allowed_triggers, {}) + event_source_mapping = try(each.value.event_source_mapping, var.defaults.event_source_mapping, {}) + +} diff --git a/wrappers/alias/outputs.tf b/wrappers/alias/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/alias/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/alias/variables.tf b/wrappers/alias/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/alias/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/alias/versions.tf b/wrappers/alias/versions.tf new file mode 100644 index 00000000..6b6318de --- /dev/null +++ b/wrappers/alias/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13" +} diff --git a/wrappers/deploy/README.md b/wrappers/deploy/README.md new file mode 100644 index 00000000..699ae062 --- /dev/null +++ b/wrappers/deploy/README.md @@ -0,0 +1,134 @@ +# Wrapper for module: `modules/deploy` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/lambda/aws//wrappers/deploy" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers/deploy?ref=master" +} + +inputs = { + defaults = { # Default values + create_app = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/lambda/aws//wrappers/deploy" + + defaults = { # Default values + create_app = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple deployment via AWS CodeDeploy in one Terragrunt layer + +`eu-west-1/lambda-deploys/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/lambda/aws//wrappers/deploy" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers/deploy?ref=master" +} + +dependency "aliases" { + config_path = "../lambdas-aliases/" +} +dependency "lambda1" { + config_path = "../lambdas/lambda1" +} +dependency "lambda2" { + config_path = "../lambdas/lambda2" +} + +inputs = { + defaults = { + create_app = true + reate_deployment_group = true + create_deployment = true + run_deployment = true + wait_deployment_completion = true + + triggers = { + start = { + events = ["DeploymentStart"] + name = "DeploymentStart" + target_arn = "arn:aws:sns:eu-west-1:135367859851:sns1" + } + success = { + events = ["DeploymentSuccess"] + name = "DeploymentSuccess" + target_arn = "arn:aws:sns:eu-west-1:135367859851:sns2" + } + } + + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + deploy1 = { + app_name = "my-random-app-1" + deployment_group_name = "something1" + + alias_name = dependency.aliases.outputs.wrapper.alias1.lambda_alias_name + function_name = dependency.lambda1.outputs.lambda_function_name + target_version = dependency.lambda1.outputs.lambda_function_version + } + deploy2 = { + app_name = "my-random-app-2" + deployment_group_name = "something2" + + alias_name = dependency.aliases.outputs.wrapper.alias2.lambda_alias_name + function_name = dependency.lambda2.outputs.lambda_function_name + target_version = dependency.lambda2.outputs.lambda_function_version + } + } +} +``` diff --git a/wrappers/deploy/main.tf b/wrappers/deploy/main.tf new file mode 100644 index 00000000..cf6c773a --- /dev/null +++ b/wrappers/deploy/main.tf @@ -0,0 +1,41 @@ +module "wrapper" { + source = "../../modules/deploy" + + for_each = var.items + create = try(each.value.create, var.defaults.create, true) + tags = try(each.value.tags, var.defaults.tags, {}) + alias_name = try(each.value.alias_name, var.defaults.alias_name, null) + function_name = try(each.value.function_name, var.defaults.function_name, null) + current_version = try(each.value.current_version, var.defaults.current_version, null) + target_version = try(each.value.target_version, var.defaults.target_version, null) + before_allow_traffic_hook_arn = try(each.value.before_allow_traffic_hook_arn, var.defaults.before_allow_traffic_hook_arn, null) + after_allow_traffic_hook_arn = try(each.value.after_allow_traffic_hook_arn, var.defaults.after_allow_traffic_hook_arn, null) + interpreter = try(each.value.interpreter, var.defaults.interpreter, ["/bin/bash", "-c"]) + description = try(each.value.description, var.defaults.description, null) + create_app = try(each.value.create_app, var.defaults.create_app, false) + use_existing_app = try(each.value.use_existing_app, var.defaults.use_existing_app, false) + app_name = try(each.value.app_name, var.defaults.app_name, null) + create_deployment_group = try(each.value.create_deployment_group, var.defaults.create_deployment_group, false) + use_existing_deployment_group = try(each.value.use_existing_deployment_group, var.defaults.use_existing_deployment_group, false) + deployment_group_name = try(each.value.deployment_group_name, var.defaults.deployment_group_name, null) + deployment_config_name = try(each.value.deployment_config_name, var.defaults.deployment_config_name, "CodeDeployDefault.LambdaAllAtOnce") + auto_rollback_enabled = try(each.value.auto_rollback_enabled, var.defaults.auto_rollback_enabled, true) + auto_rollback_events = try(each.value.auto_rollback_events, var.defaults.auto_rollback_events, ["DEPLOYMENT_STOP_ON_ALARM"]) + alarm_enabled = try(each.value.alarm_enabled, var.defaults.alarm_enabled, false) + alarms = try(each.value.alarms, var.defaults.alarms, []) + alarm_ignore_poll_alarm_failure = try(each.value.alarm_ignore_poll_alarm_failure, var.defaults.alarm_ignore_poll_alarm_failure, false) + triggers = try(each.value.triggers, var.defaults.triggers, {}) + aws_cli_command = try(each.value.aws_cli_command, var.defaults.aws_cli_command, "aws") + save_deploy_script = try(each.value.save_deploy_script, var.defaults.save_deploy_script, false) + create_deployment = try(each.value.create_deployment, var.defaults.create_deployment, false) + run_deployment = try(each.value.run_deployment, var.defaults.run_deployment, false) + force_deploy = try(each.value.force_deploy, var.defaults.force_deploy, false) + wait_deployment_completion = try(each.value.wait_deployment_completion, var.defaults.wait_deployment_completion, false) + create_codedeploy_role = try(each.value.create_codedeploy_role, var.defaults.create_codedeploy_role, true) + codedeploy_role_name = try(each.value.codedeploy_role_name, var.defaults.codedeploy_role_name, null) + codedeploy_principals = try(each.value.codedeploy_principals, var.defaults.codedeploy_principals, ["codedeploy.amazonaws.com"]) + attach_hooks_policy = try(each.value.attach_hooks_policy, var.defaults.attach_hooks_policy, true) + attach_triggers_policy = try(each.value.attach_triggers_policy, var.defaults.attach_triggers_policy, false) + get_deployment_sleep_timer = try(each.value.get_deployment_sleep_timer, var.defaults.get_deployment_sleep_timer, 5) + +} diff --git a/wrappers/deploy/outputs.tf b/wrappers/deploy/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/deploy/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/deploy/variables.tf b/wrappers/deploy/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/deploy/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/deploy/versions.tf b/wrappers/deploy/versions.tf new file mode 100644 index 00000000..6b6318de --- /dev/null +++ b/wrappers/deploy/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13" +} diff --git a/wrappers/docker-build/README.md b/wrappers/docker-build/README.md new file mode 100644 index 00000000..8d55dd6a --- /dev/null +++ b/wrappers/docker-build/README.md @@ -0,0 +1,109 @@ +# Wrapper for module: `modules/docker-build` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/lambda/aws//wrappers/docker-build" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers/docker-build?ref=master" +} + +inputs = { + defaults = { # Default values + create_ecr_repo = true + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/lambda/aws//wrappers/docker-build" + + defaults = { # Default values + create_ecr_repo = true + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple Docker Container Image in one Terragrunt layer + +`eu-west-1/docker-builds/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/lambda/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers?ref=master" +} + +# Generate an Docker provider block +generate "provider" { + path = "provider.tf" + if_exists = "overwrite" + contents = < Date: Wed, 5 Jul 2023 14:35:45 +0000 Subject: [PATCH 270/385] chore(release): version 5.2.0 [skip ci] ## [5.2.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v5.1.0...v5.2.0) (2023-07-05) ### Features * Add module wrappers ([#479](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/479)) ([b5e9346](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/b5e9346de58bff16a63b63f76209bdb59534105e)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cd844069..02187b72 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [5.2.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v5.1.0...v5.2.0) (2023-07-05) + + +### Features + +* Add module wrappers ([#479](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/479)) ([b5e9346](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/b5e9346de58bff16a63b63f76209bdb59534105e)) + ## [5.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v5.0.0...v5.1.0) (2023-07-04) From 2a59ba2948fa22dd7cb7a1c8a721fa826c3832e8 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 17 Jul 2023 11:45:54 +0200 Subject: [PATCH 271/385] feat: Added timeouts for Lambda Functions (#485) --- .pre-commit-config.yaml | 2 +- README.md | 1 + examples/complete/main.tf | 6 ++++++ main.tf | 6 ++++++ variables.tf | 11 ++++++----- 5 files changed, 20 insertions(+), 6 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index dabb1508..0f342838 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.80.0 + rev: v1.81.0 hooks: - id: terraform_fmt - id: terraform_validate diff --git a/README.md b/README.md index 37171dcc..661ea54e 100644 --- a/README.md +++ b/README.md @@ -847,6 +847,7 @@ No modules. | [store\_on\_s3](#input\_store\_on\_s3) | Whether to store produced artifacts on S3 or locally. | `bool` | `false` | no | | [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | | [timeout](#input\_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no | +| [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting Lambda Function resources | `map(string)` | `{}` | no | | [tracing\_mode](#input\_tracing\_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no | | [trusted\_entities](#input\_trusted\_entities) | List of additional trusted entities for assuming Lambda Function role (trust relationship) | `any` | `[]` | no | | [use\_existing\_cloudwatch\_log\_group](#input\_use\_existing\_cloudwatch\_log\_group) | Whether to use an existing CloudWatch log group or create new | `bool` | `false` | no | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index ce0c3f7e..ec7b56d1 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -166,6 +166,12 @@ module "lambda_function" { } } + timeouts = { + create = "20m" + update = "20m" + delete = "20m" + } + tags = { Module = "lambda1" } diff --git a/main.tf b/main.tf index f91f52c2..e300c8bf 100644 --- a/main.tf +++ b/main.tf @@ -112,6 +112,12 @@ resource "aws_lambda_function" "this" { } } + timeouts { + create = try(var.timeouts.create, null) + update = try(var.timeouts.update, null) + delete = try(var.timeouts.delete, null) + } + tags = var.tags depends_on = [ diff --git a/variables.tf b/variables.tf index ea847f26..3aa8b0a3 100644 --- a/variables.tf +++ b/variables.tf @@ -72,11 +72,6 @@ variable "runtime" { description = "Lambda Function runtime" type = string default = "" - - # validation { - # condition = can(var.create && contains(["nodejs10.x", "nodejs12.x", "java8", "java11", "python2.7", " python3.6", "python3.7", "python3.8", "dotnetcore2.1", "dotnetcore3.1", "go1.x", "ruby2.5", "ruby2.7", "provided"], var.runtime)) - # error_message = "The runtime value must be one of supported by AWS Lambda." - # } } variable "lambda_role" { @@ -241,6 +236,12 @@ variable "replacement_security_group_ids" { default = null } +variable "timeouts" { + description = "Define maximum timeout for creating, updating, and deleting Lambda Function resources" + type = map(string) + default = {} +} + ############### # Function URL ############### From 5b2eb57af40980ed9d7165ab04fb1ed4f44ec206 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 17 Jul 2023 09:46:20 +0000 Subject: [PATCH 272/385] chore(release): version 5.3.0 [skip ci] ## [5.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v5.2.0...v5.3.0) (2023-07-17) ### Features * Added timeouts for Lambda Functions ([#485](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/485)) ([2a59ba2](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2a59ba2948fa22dd7cb7a1c8a721fa826c3832e8)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 02187b72..d37c9270 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [5.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v5.2.0...v5.3.0) (2023-07-17) + + +### Features + +* Added timeouts for Lambda Functions ([#485](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/485)) ([2a59ba2](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2a59ba2948fa22dd7cb7a1c8a721fa826c3832e8)) + ## [5.2.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v5.1.0...v5.2.0) (2023-07-05) From 9c9603cbb889a2cda1555deaed908d320e013515 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 9 Aug 2023 14:13:09 +0200 Subject: [PATCH 273/385] feat!: Disable creation of SAM metadata null-resources by default (#494) --- .pre-commit-config.yaml | 1 + README.md | 1 + main.tf | 4 +- variables.tf | 6 +++ wrappers/README.md | 44 +++++++++---------- wrappers/alias/README.md | 59 +++++++++++++------------- wrappers/alias/main.tf | 9 ++-- wrappers/alias/versions.tf | 2 +- wrappers/deploy/README.md | 70 ++++++++----------------------- wrappers/deploy/main.tf | 24 +++++------ wrappers/deploy/versions.tf | 2 +- wrappers/docker-build/README.md | 61 ++++++++++++--------------- wrappers/docker-build/versions.tf | 2 +- wrappers/main.tf | 24 ++++++----- wrappers/versions.tf | 2 +- 15 files changed, 134 insertions(+), 177 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0f342838..e79e67b2 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -3,6 +3,7 @@ repos: rev: v1.81.0 hooks: - id: terraform_fmt + - id: terraform_wrapper_module_for_each - id: terraform_validate - id: terraform_docs args: diff --git a/README.md b/README.md index 661ea54e..54af9e60 100644 --- a/README.md +++ b/README.md @@ -769,6 +769,7 @@ No modules. | [create\_layer](#input\_create\_layer) | Controls whether Lambda Layer resource should be created | `bool` | `false` | no | | [create\_package](#input\_create\_package) | Controls whether Lambda package should be created | `bool` | `true` | no | | [create\_role](#input\_create\_role) | Controls whether IAM role for Lambda Function should be created | `bool` | `true` | no | +| [create\_sam\_metadata](#input\_create\_sam\_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no | | [create\_unqualified\_alias\_allowed\_triggers](#input\_create\_unqualified\_alias\_allowed\_triggers) | Whether to allow triggers on unqualified alias pointing to $LATEST version | `bool` | `true` | no | | [create\_unqualified\_alias\_async\_event\_config](#input\_create\_unqualified\_alias\_async\_event\_config) | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | `bool` | `true` | no | | [create\_unqualified\_alias\_lambda\_function\_url](#input\_create\_unqualified\_alias\_lambda\_function\_url) | Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL | `bool` | `true` | no | diff --git a/main.tf b/main.tf index e300c8bf..78ec8df3 100644 --- a/main.tf +++ b/main.tf @@ -377,7 +377,7 @@ resource "aws_lambda_function_url" "this" { # to the TF application. The required data is where SAM CLI can find the Lambda function source code # and what are the resources that contain the building logic. resource "null_resource" "sam_metadata_aws_lambda_function" { - count = local.create && var.create_package && var.create_function && !var.create_layer ? 1 : 0 + count = local.create && var.create_sam_metadata && var.create_package && var.create_function && !var.create_layer ? 1 : 0 triggers = { # This is a way to let SAM CLI correlates between the Lambda function resource, and this metadata @@ -405,7 +405,7 @@ resource "null_resource" "sam_metadata_aws_lambda_function" { # to the TF application. The required data is where SAM CLI can find the Lambda layer source code # and what are the resources that contain the building logic. resource "null_resource" "sam_metadata_aws_lambda_layer_version" { - count = local.create && var.create_package && var.create_layer ? 1 : 0 + count = local.create && var.create_sam_metadata && var.create_package && var.create_layer ? 1 : 0 triggers = { # This is a way to let SAM CLI correlates between the Lambda layer resource, and this metadata diff --git a/variables.tf b/variables.tf index 3aa8b0a3..a3215394 100644 --- a/variables.tf +++ b/variables.tf @@ -34,6 +34,12 @@ variable "create_lambda_function_url" { default = false } +variable "create_sam_metadata" { + description = "Controls whether the SAM metadata null resource should be created" + type = bool + default = false +} + variable "putin_khuylo" { description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!" type = bool diff --git a/wrappers/README.md b/wrappers/README.md index 9100f135..954ea7d1 100644 --- a/wrappers/README.md +++ b/wrappers/README.md @@ -19,9 +19,7 @@ terraform { inputs = { defaults = { # Default values - create = true - handler = "index.lambda_handler" - runtime = "python3.8" + create = true tags = { Terraform = "true" Environment = "dev" @@ -47,9 +45,7 @@ module "wrapper" { source = "terraform-aws-modules/lambda/aws//wrappers" defaults = { # Default values - create = true - handler = "index.lambda_handler" - runtime = "python3.8" + create = true tags = { Terraform = "true" Environment = "dev" @@ -68,38 +64,36 @@ module "wrapper" { } ``` -## Example: Manage multiple Lambdas in one Terragrunt layer +## Example: Manage multiple S3 buckets in one Terragrunt layer -`eu-west-1/lambdas/terragrunt.hcl`: +`eu-west-1/s3-buckets/terragrunt.hcl`: ```hcl terraform { - source = "tfr:///terraform-aws-modules/lambda/aws//wrappers" + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" # Alternative source: - # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers?ref=master" + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" } inputs = { defaults = { - create = true - handler = "index.lambda_handler" - runtime = "python3.8" - tags = { - Terraform = "true" - Environment = "dev" - } + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true } items = { - lambda1 = { - function_name = "my-lambda1" - description = "My awesome lambda function"\ - source_path = "../src/lambda-function1" + bucket1 = { + bucket = "my-random-bucket-1" } - lambda2 = { - function_name = "my-lambda2" - description = "My second awesome lambda function" - source_path = "../src/lambda-function2" + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } } } } diff --git a/wrappers/alias/README.md b/wrappers/alias/README.md index 3f2b5013..a296ced7 100644 --- a/wrappers/alias/README.md +++ b/wrappers/alias/README.md @@ -12,15 +12,18 @@ This wrapper does not implement any extra functionality. ```hcl terraform { - source = "tfr:///terraform-aws-modules/lambda/aws" + source = "tfr:///terraform-aws-modules/lambda/aws//wrappers/alias" # Alternative source: # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers/alias?ref=master" } inputs = { defaults = { # Default values - create = true - refresh_alias = true + create = true + tags = { + Terraform = "true" + Environment = "dev" + } } items = { @@ -42,8 +45,11 @@ module "wrapper" { source = "terraform-aws-modules/lambda/aws//wrappers/alias" defaults = { # Default values - create = true - refresh_alias = true + create = true + tags = { + Terraform = "true" + Environment = "dev" + } } items = { @@ -58,45 +64,36 @@ module "wrapper" { } ``` -## Example: Manage multiple aliases in one Terragrunt layer +## Example: Manage multiple S3 buckets in one Terragrunt layer -`eu-west-1/lambda-aliases/terragrunt.hcl`: +`eu-west-1/s3-buckets/terragrunt.hcl`: ```hcl terraform { - source = "tfr:///terraform-aws-modules/lambda/aws//wrappers/alias" + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" # Alternative source: - # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers/alias?ref=master" -} - -dependency "lambda1" { - config_path = "../lambdas/lambda1" -} -dependency "lambda2" { - config_path = "../lambdas/lambda2" + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" } inputs = { defaults = { - refresh_alias = true - allowed_triggers = { - AnotherAPIGatewayAny = { - service = "apigateway" - source_arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse/*/*/*" - } - } + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true } items = { - alias1 = { - name = "my-random-alias-1" - function_name = dependency.lambda1.outputs.lambda_function_name - function_version = dependency.lambda1.outputs.lambda_function_version + bucket1 = { + bucket = "my-random-bucket-1" } - alias2 = { - name = "my-random-alias-2" - function_name = dependency.lambda2.outputs.lambda_function_name - function_version = dependency.lambda2.outputs.lambda_function_version + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } } } } diff --git a/wrappers/alias/main.tf b/wrappers/alias/main.tf index 983e3797..81d3aad9 100644 --- a/wrappers/alias/main.tf +++ b/wrappers/alias/main.tf @@ -11,10 +11,10 @@ module "wrapper" { create_qualified_alias_async_event_config = try(each.value.create_qualified_alias_async_event_config, var.defaults.create_qualified_alias_async_event_config, true) create_version_allowed_triggers = try(each.value.create_version_allowed_triggers, var.defaults.create_version_allowed_triggers, true) create_qualified_alias_allowed_triggers = try(each.value.create_qualified_alias_allowed_triggers, var.defaults.create_qualified_alias_allowed_triggers, true) - name = try(each.value.name, var.defaults.name, null) - description = try(each.value.description, var.defaults.description, null) - function_name = try(each.value.function_name, var.defaults.function_name, null) - function_version = try(each.value.function_version, var.defaults.function_version, null) + name = try(each.value.name, var.defaults.name, "") + description = try(each.value.description, var.defaults.description, "") + function_name = try(each.value.function_name, var.defaults.function_name, "") + function_version = try(each.value.function_version, var.defaults.function_version, "") routing_additional_version_weights = try(each.value.routing_additional_version_weights, var.defaults.routing_additional_version_weights, {}) maximum_event_age_in_seconds = try(each.value.maximum_event_age_in_seconds, var.defaults.maximum_event_age_in_seconds, null) maximum_retry_attempts = try(each.value.maximum_retry_attempts, var.defaults.maximum_retry_attempts, null) @@ -22,5 +22,4 @@ module "wrapper" { destination_on_success = try(each.value.destination_on_success, var.defaults.destination_on_success, null) allowed_triggers = try(each.value.allowed_triggers, var.defaults.allowed_triggers, {}) event_source_mapping = try(each.value.event_source_mapping, var.defaults.event_source_mapping, {}) - } diff --git a/wrappers/alias/versions.tf b/wrappers/alias/versions.tf index 6b6318de..51cad108 100644 --- a/wrappers/alias/versions.tf +++ b/wrappers/alias/versions.tf @@ -1,3 +1,3 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.13.1" } diff --git a/wrappers/deploy/README.md b/wrappers/deploy/README.md index 699ae062..5d24d8b2 100644 --- a/wrappers/deploy/README.md +++ b/wrappers/deploy/README.md @@ -19,7 +19,7 @@ terraform { inputs = { defaults = { # Default values - create_app = true + create = true tags = { Terraform = "true" Environment = "dev" @@ -45,7 +45,7 @@ module "wrapper" { source = "terraform-aws-modules/lambda/aws//wrappers/deploy" defaults = { # Default values - create_app = true + create = true tags = { Terraform = "true" Environment = "dev" @@ -64,70 +64,36 @@ module "wrapper" { } ``` -## Example: Manage multiple deployment via AWS CodeDeploy in one Terragrunt layer +## Example: Manage multiple S3 buckets in one Terragrunt layer -`eu-west-1/lambda-deploys/terragrunt.hcl`: +`eu-west-1/s3-buckets/terragrunt.hcl`: ```hcl terraform { - source = "tfr:///terraform-aws-modules/lambda/aws//wrappers/deploy" + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" # Alternative source: - # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers/deploy?ref=master" -} - -dependency "aliases" { - config_path = "../lambdas-aliases/" -} -dependency "lambda1" { - config_path = "../lambdas/lambda1" -} -dependency "lambda2" { - config_path = "../lambdas/lambda2" + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" } inputs = { defaults = { - create_app = true - reate_deployment_group = true - create_deployment = true - run_deployment = true - wait_deployment_completion = true - - triggers = { - start = { - events = ["DeploymentStart"] - name = "DeploymentStart" - target_arn = "arn:aws:sns:eu-west-1:135367859851:sns1" - } - success = { - events = ["DeploymentSuccess"] - name = "DeploymentSuccess" - target_arn = "arn:aws:sns:eu-west-1:135367859851:sns2" - } - } + force_destroy = true - tags = { - Terraform = "true" - Environment = "dev" - } + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true } items = { - deploy1 = { - app_name = "my-random-app-1" - deployment_group_name = "something1" - - alias_name = dependency.aliases.outputs.wrapper.alias1.lambda_alias_name - function_name = dependency.lambda1.outputs.lambda_function_name - target_version = dependency.lambda1.outputs.lambda_function_version + bucket1 = { + bucket = "my-random-bucket-1" } - deploy2 = { - app_name = "my-random-app-2" - deployment_group_name = "something2" - - alias_name = dependency.aliases.outputs.wrapper.alias2.lambda_alias_name - function_name = dependency.lambda2.outputs.lambda_function_name - target_version = dependency.lambda2.outputs.lambda_function_version + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } } } } diff --git a/wrappers/deploy/main.tf b/wrappers/deploy/main.tf index cf6c773a..e09fa0f1 100644 --- a/wrappers/deploy/main.tf +++ b/wrappers/deploy/main.tf @@ -1,23 +1,24 @@ module "wrapper" { source = "../../modules/deploy" - for_each = var.items + for_each = var.items + create = try(each.value.create, var.defaults.create, true) tags = try(each.value.tags, var.defaults.tags, {}) - alias_name = try(each.value.alias_name, var.defaults.alias_name, null) - function_name = try(each.value.function_name, var.defaults.function_name, null) - current_version = try(each.value.current_version, var.defaults.current_version, null) - target_version = try(each.value.target_version, var.defaults.target_version, null) - before_allow_traffic_hook_arn = try(each.value.before_allow_traffic_hook_arn, var.defaults.before_allow_traffic_hook_arn, null) - after_allow_traffic_hook_arn = try(each.value.after_allow_traffic_hook_arn, var.defaults.after_allow_traffic_hook_arn, null) + alias_name = try(each.value.alias_name, var.defaults.alias_name, "") + function_name = try(each.value.function_name, var.defaults.function_name, "") + current_version = try(each.value.current_version, var.defaults.current_version, "") + target_version = try(each.value.target_version, var.defaults.target_version, "") + before_allow_traffic_hook_arn = try(each.value.before_allow_traffic_hook_arn, var.defaults.before_allow_traffic_hook_arn, "") + after_allow_traffic_hook_arn = try(each.value.after_allow_traffic_hook_arn, var.defaults.after_allow_traffic_hook_arn, "") interpreter = try(each.value.interpreter, var.defaults.interpreter, ["/bin/bash", "-c"]) - description = try(each.value.description, var.defaults.description, null) + description = try(each.value.description, var.defaults.description, "") create_app = try(each.value.create_app, var.defaults.create_app, false) use_existing_app = try(each.value.use_existing_app, var.defaults.use_existing_app, false) - app_name = try(each.value.app_name, var.defaults.app_name, null) + app_name = try(each.value.app_name, var.defaults.app_name, "") create_deployment_group = try(each.value.create_deployment_group, var.defaults.create_deployment_group, false) use_existing_deployment_group = try(each.value.use_existing_deployment_group, var.defaults.use_existing_deployment_group, false) - deployment_group_name = try(each.value.deployment_group_name, var.defaults.deployment_group_name, null) + deployment_group_name = try(each.value.deployment_group_name, var.defaults.deployment_group_name, "") deployment_config_name = try(each.value.deployment_config_name, var.defaults.deployment_config_name, "CodeDeployDefault.LambdaAllAtOnce") auto_rollback_enabled = try(each.value.auto_rollback_enabled, var.defaults.auto_rollback_enabled, true) auto_rollback_events = try(each.value.auto_rollback_events, var.defaults.auto_rollback_events, ["DEPLOYMENT_STOP_ON_ALARM"]) @@ -32,10 +33,9 @@ module "wrapper" { force_deploy = try(each.value.force_deploy, var.defaults.force_deploy, false) wait_deployment_completion = try(each.value.wait_deployment_completion, var.defaults.wait_deployment_completion, false) create_codedeploy_role = try(each.value.create_codedeploy_role, var.defaults.create_codedeploy_role, true) - codedeploy_role_name = try(each.value.codedeploy_role_name, var.defaults.codedeploy_role_name, null) + codedeploy_role_name = try(each.value.codedeploy_role_name, var.defaults.codedeploy_role_name, "") codedeploy_principals = try(each.value.codedeploy_principals, var.defaults.codedeploy_principals, ["codedeploy.amazonaws.com"]) attach_hooks_policy = try(each.value.attach_hooks_policy, var.defaults.attach_hooks_policy, true) attach_triggers_policy = try(each.value.attach_triggers_policy, var.defaults.attach_triggers_policy, false) get_deployment_sleep_timer = try(each.value.get_deployment_sleep_timer, var.defaults.get_deployment_sleep_timer, 5) - } diff --git a/wrappers/deploy/versions.tf b/wrappers/deploy/versions.tf index 6b6318de..51cad108 100644 --- a/wrappers/deploy/versions.tf +++ b/wrappers/deploy/versions.tf @@ -1,3 +1,3 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.13.1" } diff --git a/wrappers/docker-build/README.md b/wrappers/docker-build/README.md index 8d55dd6a..093f989b 100644 --- a/wrappers/docker-build/README.md +++ b/wrappers/docker-build/README.md @@ -19,7 +19,11 @@ terraform { inputs = { defaults = { # Default values - create_ecr_repo = true + create = true + tags = { + Terraform = "true" + Environment = "dev" + } } items = { @@ -41,7 +45,11 @@ module "wrapper" { source = "terraform-aws-modules/lambda/aws//wrappers/docker-build" defaults = { # Default values - create_ecr_repo = true + create = true + tags = { + Terraform = "true" + Environment = "dev" + } } items = { @@ -56,52 +64,35 @@ module "wrapper" { } ``` -## Example: Manage multiple Docker Container Image in one Terragrunt layer +## Example: Manage multiple S3 buckets in one Terragrunt layer -`eu-west-1/docker-builds/terragrunt.hcl`: +`eu-west-1/s3-buckets/terragrunt.hcl`: ```hcl terraform { - source = "tfr:///terraform-aws-modules/lambda/aws//wrappers" + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" # Alternative source: - # source = "git::git@github.com:terraform-aws-modules/terraform-aws-lambda.git//wrappers?ref=master" -} - -# Generate an Docker provider block -generate "provider" { - path = "provider.tf" - if_exists = "overwrite" - contents = < Date: Wed, 9 Aug 2023 12:13:53 +0000 Subject: [PATCH 274/385] chore(release): version 6.0.0 [skip ci] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## [6.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v5.3.0...v6.0.0) (2023-08-09) ### ⚠ BREAKING CHANGES * Disable creation of SAM metadata null-resources by default (#494) ### Features * Disable creation of SAM metadata null-resources by default ([#494](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/494)) ([9c9603c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/9c9603cbb889a2cda1555deaed908d320e013515)) --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d37c9270..4ddeae12 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ All notable changes to this project will be documented in this file. +## [6.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v5.3.0...v6.0.0) (2023-08-09) + + +### ⚠ BREAKING CHANGES + +* Disable creation of SAM metadata null-resources by default (#494) + +### Features + +* Disable creation of SAM metadata null-resources by default ([#494](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/494)) ([9c9603c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/9c9603cbb889a2cda1555deaed908d320e013515)) + ## [5.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v5.2.0...v5.3.0) (2023-07-17) From 754fa22752596d0e7b33cda4767a5298f4ad926d Mon Sep 17 00:00:00 2001 From: Connor Adams Date: Tue, 19 Sep 2023 10:23:31 +0100 Subject: [PATCH 275/385] docs: SAM Terraform support is now GA (#499) --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 54af9e60..c3514c78 100644 --- a/README.md +++ b/README.md @@ -559,8 +559,7 @@ module "lambda_function_existing_package_from_remote_url" { ## How to use AWS SAM CLI to test Lambda Function? [AWS SAM CLI](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-command-reference.html) is an open source tool that help the developers to initiate, build, test, and deploy serverless -applications. Currently, SAM CLI tool only supports CFN applications, but SAM CLI team is working on a feature to extend the testing capabilities to support terraform applications (check this [Github issue](https://github.com/aws/aws-sam-cli/issues/3154) -to be updated about the incoming releases, and features included in each release for the Terraform support feature). +applications. SAM CLI tool [supports Terraform applications](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/what-is-terraform-support.html). SAM CLI provides two ways of testing: local testing and testing on-cloud (Accelerate). From ffa56e896d7c5e5c8cbc851f0c453b70e4ec100f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Eickvonder?= Date: Thu, 5 Oct 2023 17:21:40 +0200 Subject: [PATCH 276/385] fix: Fixed npm install on Windows without having to use wsl (#502) --- package.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/package.py b/package.py index e2bdadfd..20ba4fdf 100644 --- a/package.py +++ b/package.py @@ -1240,12 +1240,16 @@ def install_npm_requirements(query, requirements_file, tmp_dir): shutil.copyfile(requirements_file, target_file) subproc_env = None - if not docker and OSX: - subproc_env = os.environ.copy() + npm_exec = 'npm' + if not docker: + if WINDOWS: + npm_exec = 'npm.cmd' + elif OSX: + subproc_env = os.environ.copy() # Install dependencies into the temporary directory. with cd(temp_dir): - npm_command = ['npm', 'install'] + npm_command = [npm_exec, 'install'] if docker: with_ssh_agent = docker.with_ssh_agent chown_mask = '{}:{}'.format(os.getuid(), os.getgid()) From e2500c0d4698bc81801ecf18c2cfa41d6bf8e087 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 5 Oct 2023 15:22:21 +0000 Subject: [PATCH 277/385] chore(release): version 6.0.1 [skip ci] ### [6.0.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.0.0...v6.0.1) (2023-10-05) ### Bug Fixes * Fixed npm install on Windows without having to use wsl ([#502](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/502)) ([ffa56e8](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/ffa56e896d7c5e5c8cbc851f0c453b70e4ec100f)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4ddeae12..c59a789e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [6.0.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.0.0...v6.0.1) (2023-10-05) + + +### Bug Fixes + +* Fixed npm install on Windows without having to use wsl ([#502](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/502)) ([ffa56e8](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/ffa56e896d7c5e5c8cbc851f0c453b70e4ec100f)) + ## [6.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v5.3.0...v6.0.0) (2023-08-09) From 610d602bb2038d3c2719c14d938b303cefcccac9 Mon Sep 17 00:00:00 2001 From: Mike Carey <32496966+mike-carey@users.noreply.github.com> Date: Fri, 27 Oct 2023 12:08:58 -0500 Subject: [PATCH 278/385] feat: Allows tags to be provided only to the function (#508) Co-authored-by: Mike Carey --- README.md | 1 + examples/complete/main.tf | 4 ++++ main.tf | 2 +- variables.tf | 6 ++++++ wrappers/main.tf | 1 + 5 files changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c3514c78..7ff45dff 100644 --- a/README.md +++ b/README.md @@ -789,6 +789,7 @@ No modules. | [file\_system\_arn](#input\_file\_system\_arn) | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | `string` | `null` | no | | [file\_system\_local\_mount\_path](#input\_file\_system\_local\_mount\_path) | The path where the function can access the file system, starting with /mnt/. | `string` | `null` | no | | [function\_name](#input\_function\_name) | A unique name for your Lambda Function | `string` | `""` | no | +| [function\_tags](#input\_function\_tags) | A map of tags to assign only to the lambda function | `map(string)` | `{}` | no | | [handler](#input\_handler) | Lambda Function entrypoint in your code | `string` | `""` | no | | [hash\_extra](#input\_hash\_extra) | The string to add into hashing function. Useful when building same source path for different functions. | `string` | `""` | no | | [ignore\_source\_code\_hash](#input\_ignore\_source\_code\_hash) | Whether to ignore changes to the function's source code hash. Set to true if you manage infrastructure and code deployments separately. | `bool` | `false` | no | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index ec7b56d1..ef487199 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -172,6 +172,10 @@ module "lambda_function" { delete = "20m" } + function_tags = { + Language = "python" + } + tags = { Module = "lambda1" } diff --git a/main.tf b/main.tf index 78ec8df3..f8433369 100644 --- a/main.tf +++ b/main.tf @@ -118,7 +118,7 @@ resource "aws_lambda_function" "this" { delete = try(var.timeouts.delete, null) } - tags = var.tags + tags = merge(var.tags, var.function_tags) depends_on = [ null_resource.archive, diff --git a/variables.tf b/variables.tf index a3215394..b085b895 100644 --- a/variables.tf +++ b/variables.tf @@ -182,6 +182,12 @@ variable "tags" { default = {} } +variable "function_tags" { + description = "A map of tags to assign only to the lambda function" + type = map(string) + default = {} +} + variable "s3_object_tags" { description = "A map of tags to assign to S3 bucket object." type = map(string) diff --git a/wrappers/main.tf b/wrappers/main.tf index f4a520bf..4a101cd2 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -33,6 +33,7 @@ module "wrapper" { vpc_subnet_ids = try(each.value.vpc_subnet_ids, var.defaults.vpc_subnet_ids, null) vpc_security_group_ids = try(each.value.vpc_security_group_ids, var.defaults.vpc_security_group_ids, null) tags = try(each.value.tags, var.defaults.tags, {}) + function_tags = try(each.value.function_tags, var.defaults.function_tags, {}) s3_object_tags = try(each.value.s3_object_tags, var.defaults.s3_object_tags, {}) s3_object_tags_only = try(each.value.s3_object_tags_only, var.defaults.s3_object_tags_only, false) package_type = try(each.value.package_type, var.defaults.package_type, "Zip") From 9e2fff8bc4117fcc0d077c0a30a7cbf840a60478 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 27 Oct 2023 17:09:26 +0000 Subject: [PATCH 279/385] chore(release): version 6.1.0 [skip ci] ## [6.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.0.1...v6.1.0) (2023-10-27) ### Features * Allows tags to be provided only to the function ([#508](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/508)) ([610d602](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/610d602bb2038d3c2719c14d938b303cefcccac9)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c59a789e..4313cb26 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [6.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.0.1...v6.1.0) (2023-10-27) + + +### Features + +* Allows tags to be provided only to the function ([#508](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/508)) ([610d602](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/610d602bb2038d3c2719c14d938b303cefcccac9)) + ### [6.0.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.0.0...v6.0.1) (2023-10-05) From 180da4cb0a720f7138e6504700ddfe8d9c63abfd Mon Sep 17 00:00:00 2001 From: AJ Schmidt Date: Fri, 27 Oct 2023 14:00:25 -0400 Subject: [PATCH 280/385] feat: Make `compatible_runtimes` optional, added sam metadata control (#493) Co-authored-by: Anton Babenko Co-authored-by: semantic-release-bot --- examples/alias/main.tf | 1 - examples/async/main.tf | 1 - examples/build-package/main.tf | 1 - examples/code-signing/main.tf | 1 - examples/complete/main.tf | 1 - examples/container-image/main.tf | 1 - examples/deploy/main.tf | 1 - examples/event-source-mapping/main.tf | 1 - examples/multiple-regions/main.tf | 2 -- examples/simple/main.tf | 1 - examples/triggers/main.tf | 1 - examples/with-efs/main.tf | 1 - examples/with-vpc-s3-endpoint/main.tf | 1 - examples/with-vpc/main.tf | 1 - main.tf | 2 +- modules/docker-build/README.md | 1 + modules/docker-build/main.tf | 2 ++ modules/docker-build/variables.tf | 6 ++++++ wrappers/docker-build/main.tf | 1 + 19 files changed, 11 insertions(+), 16 deletions(-) diff --git a/examples/alias/main.tf b/examples/alias/main.tf index 5a37e057..1dc58511 100644 --- a/examples/alias/main.tf +++ b/examples/alias/main.tf @@ -5,7 +5,6 @@ provider "aws" { skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true - skip_requesting_account_id = true } data "aws_organizations_organization" "this" {} diff --git a/examples/async/main.tf b/examples/async/main.tf index 095b249d..8c234026 100644 --- a/examples/async/main.tf +++ b/examples/async/main.tf @@ -5,7 +5,6 @@ provider "aws" { skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true - skip_requesting_account_id = true } resource "random_pet" "this" { diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 11c1ce06..ddee6eb8 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -5,7 +5,6 @@ provider "aws" { skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true - skip_requesting_account_id = true } resource "random_pet" "this" { diff --git a/examples/code-signing/main.tf b/examples/code-signing/main.tf index ba8bc6b1..7ce74e1b 100644 --- a/examples/code-signing/main.tf +++ b/examples/code-signing/main.tf @@ -5,7 +5,6 @@ provider "aws" { skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true - skip_requesting_account_id = true } ################################################################################ diff --git a/examples/complete/main.tf b/examples/complete/main.tf index ef487199..0f2d0a8c 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -5,7 +5,6 @@ provider "aws" { skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true - skip_requesting_account_id = true } data "aws_caller_identity" "current" {} diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index 9cc6e411..d19be410 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -11,7 +11,6 @@ provider "aws" { skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true - skip_requesting_account_id = true } provider "docker" { diff --git a/examples/deploy/main.tf b/examples/deploy/main.tf index d356b500..96269036 100644 --- a/examples/deploy/main.tf +++ b/examples/deploy/main.tf @@ -5,7 +5,6 @@ provider "aws" { skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true - skip_requesting_account_id = true } resource "random_pet" "this" { diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index 46253c35..977ace23 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -6,7 +6,6 @@ provider "aws" { skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true - skip_requesting_account_id = true } data "aws_availability_zones" "available" {} diff --git a/examples/multiple-regions/main.tf b/examples/multiple-regions/main.tf index 4406c0c2..dd2e229c 100644 --- a/examples/multiple-regions/main.tf +++ b/examples/multiple-regions/main.tf @@ -5,7 +5,6 @@ provider "aws" { skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true - skip_requesting_account_id = true } provider "aws" { @@ -16,7 +15,6 @@ provider "aws" { skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true - skip_requesting_account_id = true } ################################ diff --git a/examples/simple/main.tf b/examples/simple/main.tf index 010f7c76..ab9aba1a 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -6,7 +6,6 @@ provider "aws" { skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true - skip_requesting_account_id = true } resource "random_pet" "this" { diff --git a/examples/triggers/main.tf b/examples/triggers/main.tf index 9e9171ef..06627afd 100644 --- a/examples/triggers/main.tf +++ b/examples/triggers/main.tf @@ -5,7 +5,6 @@ provider "aws" { skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true - skip_requesting_account_id = true } ########################################## diff --git a/examples/with-efs/main.tf b/examples/with-efs/main.tf index 97c12569..8fcd8787 100644 --- a/examples/with-efs/main.tf +++ b/examples/with-efs/main.tf @@ -5,7 +5,6 @@ provider "aws" { skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true - skip_requesting_account_id = true } resource "random_pet" "this" { diff --git a/examples/with-vpc-s3-endpoint/main.tf b/examples/with-vpc-s3-endpoint/main.tf index 939dc5ee..3c37db51 100644 --- a/examples/with-vpc-s3-endpoint/main.tf +++ b/examples/with-vpc-s3-endpoint/main.tf @@ -5,7 +5,6 @@ provider "aws" { skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true - skip_requesting_account_id = true } data "aws_region" "current" {} diff --git a/examples/with-vpc/main.tf b/examples/with-vpc/main.tf index 42cde394..1d4b6179 100644 --- a/examples/with-vpc/main.tf +++ b/examples/with-vpc/main.tf @@ -5,7 +5,6 @@ provider "aws" { skip_metadata_api_check = true skip_region_validation = true skip_credentials_validation = true - skip_requesting_account_id = true } resource "random_pet" "this" { diff --git a/main.tf b/main.tf index f8433369..a7bbf09b 100644 --- a/main.tf +++ b/main.tf @@ -151,7 +151,7 @@ resource "aws_lambda_layer_version" "this" { description = var.description license_info = var.license_info - compatible_runtimes = length(var.compatible_runtimes) > 0 ? var.compatible_runtimes : [var.runtime] + compatible_runtimes = length(var.compatible_runtimes) > 0 ? var.compatible_runtimes : (var.runtime == "" ? null : [var.runtime]) compatible_architectures = var.compatible_architectures skip_destroy = var.layer_skip_destroy diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index bfd753bb..0cf1cc81 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -87,6 +87,7 @@ No modules. |------|-------------|------|---------|:--------:| | [build\_args](#input\_build\_args) | A map of Docker build arguments. | `map(string)` | `{}` | no | | [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | +| [create\_sam\_metadata](#input\_create\_sam\_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no | | [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | | [ecr\_address](#input\_ecr\_address) | Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false` | `string` | `null` | no | | [ecr\_force\_delete](#input\_ecr\_force\_delete) | If true, will delete the repository even if it contains images. | `bool` | `true` | no | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index b02e094b..dc9ad310 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -51,6 +51,8 @@ resource "aws_ecr_lifecycle_policy" "this" { # to the TF application. This resource will maintain the metadata information about the image type lambda # functions. It will contain the information required to build the docker image locally. resource "null_resource" "sam_metadata_docker_registry_image" { + count = var.create_sam_metadata ? 1 : 0 + triggers = { resource_type = "IMAGE_LAMBDA_FUNCTION" docker_context = var.source_path diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf index 9b8843f3..a59548a8 100644 --- a/modules/docker-build/variables.tf +++ b/modules/docker-build/variables.tf @@ -4,6 +4,12 @@ variable "create_ecr_repo" { default = false } +variable "create_sam_metadata" { + description = "Controls whether the SAM metadata null resource should be created" + type = bool + default = false +} + variable "ecr_address" { description = "Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false`" type = string diff --git a/wrappers/docker-build/main.tf b/wrappers/docker-build/main.tf index e92cd2b6..c53be636 100644 --- a/wrappers/docker-build/main.tf +++ b/wrappers/docker-build/main.tf @@ -4,6 +4,7 @@ module "wrapper" { for_each = var.items create_ecr_repo = try(each.value.create_ecr_repo, var.defaults.create_ecr_repo, false) + create_sam_metadata = try(each.value.create_sam_metadata, var.defaults.create_sam_metadata, false) ecr_address = try(each.value.ecr_address, var.defaults.ecr_address, null) ecr_repo = try(each.value.ecr_repo, var.defaults.ecr_repo, null) image_tag = try(each.value.image_tag, var.defaults.image_tag, null) From d4bc88a96e799f272ea58587e7d80d8a7e3d4a2e Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 27 Oct 2023 18:00:51 +0000 Subject: [PATCH 281/385] chore(release): version 6.2.0 [skip ci] ## [6.2.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.1.0...v6.2.0) (2023-10-27) ### Features * Make `compatible_runtimes` optional, added sam metadata control ([#493](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/493)) ([180da4c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/180da4cb0a720f7138e6504700ddfe8d9c63abfd)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4313cb26..30e6db25 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [6.2.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.1.0...v6.2.0) (2023-10-27) + + +### Features + +* Make `compatible_runtimes` optional, added sam metadata control ([#493](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/493)) ([180da4c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/180da4cb0a720f7138e6504700ddfe8d9c63abfd)) + ## [6.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.0.1...v6.1.0) (2023-10-27) From eb339d658c232d0afa0a7f4f7902becab2a2a2e9 Mon Sep 17 00:00:00 2001 From: Joscha Nassenstein <44116079+joschna@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:26:59 +0100 Subject: [PATCH 282/385] feat: Allow to specify custom KMS key for S3 object (#505) Co-authored-by: Anton Babenko --- .pre-commit-config.yaml | 4 +- README.md | 11 +- main.tf | 1 + variables.tf | 6 ++ wrappers/alias/main.tf | 20 ++-- wrappers/deploy/main.tf | 54 +++++----- wrappers/docker-build/main.tf | 14 +-- wrappers/main.tf | 187 +++++++++++++++++----------------- 8 files changed, 153 insertions(+), 144 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e79e67b2..e809a4e4 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.81.0 + rev: v1.83.5 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each @@ -24,7 +24,7 @@ repos: - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v4.5.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/README.md b/README.md index 7ff45dff..6f6f7a19 100644 --- a/README.md +++ b/README.md @@ -558,31 +558,31 @@ module "lambda_function_existing_package_from_remote_url" { ``` ## How to use AWS SAM CLI to test Lambda Function? -[AWS SAM CLI](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-command-reference.html) is an open source tool that help the developers to initiate, build, test, and deploy serverless +[AWS SAM CLI](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-command-reference.html) is an open source tool that help the developers to initiate, build, test, and deploy serverless applications. SAM CLI tool [supports Terraform applications](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/what-is-terraform-support.html). SAM CLI provides two ways of testing: local testing and testing on-cloud (Accelerate). ### Local Testing Using SAM CLI, you can invoke the lambda functions defined in the terraform application locally using the [sam local invoke](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-local-invoke.html) -command, providing the function terraform address, or function name, and to set the `hook-name` to `terraform` to tell SAM CLI that the underlying project is a terraform application. +command, providing the function terraform address, or function name, and to set the `hook-name` to `terraform` to tell SAM CLI that the underlying project is a terraform application. You can execute the `sam local invoke` command from your terraform application root directory as following: ``` -sam local invoke --hook-name terraform module.hello_world_function.aws_lambda_function.this[0] +sam local invoke --hook-name terraform module.hello_world_function.aws_lambda_function.this[0] ``` You can also pass an event to your lambda function, or overwrite its environment variables. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-invoke.html) for more information. You can also invoke your lambda function in debugging mode, and step-through your lambda function source code locally in your preferred editor. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-debugging.html) for more information. ### Testing on-cloud (Accelerate) -You can use AWS SAM CLI to quickly test your application on your AWS development account. Using SAM Accelerate, you will be able to develop your lambda functions locally, +You can use AWS SAM CLI to quickly test your application on your AWS development account. Using SAM Accelerate, you will be able to develop your lambda functions locally, and once you save your updates, SAM CLI will update your development account with the updated Lambda functions. So, you can test it on cloud, and if there is any bug, you can quickly update the code, and SAM CLI will take care of pushing it to the cloud. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/accelerate.html) for more information about SAM Accelerate. You can execute the `sam sync` command from your terraform application root directory as following: ``` -sam sync --hook-name terraform --watch +sam sync --hook-name terraform --watch ``` ## How to deploy and manage Lambda Functions? @@ -838,6 +838,7 @@ No modules. | [s3\_acl](#input\_s3\_acl) | The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, and bucket-owner-full-control. Defaults to private. | `string` | `"private"` | no | | [s3\_bucket](#input\_s3\_bucket) | S3 bucket to store artifacts | `string` | `null` | no | | [s3\_existing\_package](#input\_s3\_existing\_package) | The S3 bucket object with keys bucket, key, version pointing to an existing zip-file to use | `map(string)` | `null` | no | +| [s3\_kms\_key\_id](#input\_s3\_kms\_key\_id) | Specifies a custom KMS key to use for S3 object encryption. | `string` | `null` | no | | [s3\_object\_storage\_class](#input\_s3\_object\_storage\_class) | Specifies the desired Storage Class for the artifact uploaded to S3. Can be either STANDARD, REDUCED\_REDUNDANCY, ONEZONE\_IA, INTELLIGENT\_TIERING, or STANDARD\_IA. | `string` | `"ONEZONE_IA"` | no | | [s3\_object\_tags](#input\_s3\_object\_tags) | A map of tags to assign to S3 bucket object. | `map(string)` | `{}` | no | | [s3\_object\_tags\_only](#input\_s3\_object\_tags\_only) | Set to true to not merge tags with s3\_object\_tags. Useful to avoid breaching S3 Object 10 tag limit. | `bool` | `false` | no | diff --git a/main.tf b/main.tf index a7bbf09b..76ce118d 100644 --- a/main.tf +++ b/main.tf @@ -175,6 +175,7 @@ resource "aws_s3_object" "lambda_package" { storage_class = var.s3_object_storage_class server_side_encryption = var.s3_server_side_encryption + kms_key_id = var.s3_kms_key_id tags = var.s3_object_tags_only ? var.s3_object_tags : merge(var.tags, var.s3_object_tags) diff --git a/variables.tf b/variables.tf index b085b895..b1713c82 100644 --- a/variables.tf +++ b/variables.tf @@ -684,6 +684,12 @@ variable "s3_server_side_encryption" { default = null } +variable "s3_kms_key_id" { + description = "Specifies a custom KMS key to use for S3 object encryption." + type = string + default = null +} + variable "source_path" { description = "The absolute path to a local file or directory containing your Lambda source code" type = any # string | list(string | map(any)) diff --git a/wrappers/alias/main.tf b/wrappers/alias/main.tf index 81d3aad9..7729dd06 100644 --- a/wrappers/alias/main.tf +++ b/wrappers/alias/main.tf @@ -3,23 +3,23 @@ module "wrapper" { for_each = var.items + allowed_triggers = try(each.value.allowed_triggers, var.defaults.allowed_triggers, {}) create = try(each.value.create, var.defaults.create, true) - use_existing_alias = try(each.value.use_existing_alias, var.defaults.use_existing_alias, false) - refresh_alias = try(each.value.refresh_alias, var.defaults.refresh_alias, true) create_async_event_config = try(each.value.create_async_event_config, var.defaults.create_async_event_config, false) - create_version_async_event_config = try(each.value.create_version_async_event_config, var.defaults.create_version_async_event_config, true) + create_qualified_alias_allowed_triggers = try(each.value.create_qualified_alias_allowed_triggers, var.defaults.create_qualified_alias_allowed_triggers, true) create_qualified_alias_async_event_config = try(each.value.create_qualified_alias_async_event_config, var.defaults.create_qualified_alias_async_event_config, true) create_version_allowed_triggers = try(each.value.create_version_allowed_triggers, var.defaults.create_version_allowed_triggers, true) - create_qualified_alias_allowed_triggers = try(each.value.create_qualified_alias_allowed_triggers, var.defaults.create_qualified_alias_allowed_triggers, true) - name = try(each.value.name, var.defaults.name, "") + create_version_async_event_config = try(each.value.create_version_async_event_config, var.defaults.create_version_async_event_config, true) description = try(each.value.description, var.defaults.description, "") + destination_on_failure = try(each.value.destination_on_failure, var.defaults.destination_on_failure, null) + destination_on_success = try(each.value.destination_on_success, var.defaults.destination_on_success, null) + event_source_mapping = try(each.value.event_source_mapping, var.defaults.event_source_mapping, {}) function_name = try(each.value.function_name, var.defaults.function_name, "") function_version = try(each.value.function_version, var.defaults.function_version, "") - routing_additional_version_weights = try(each.value.routing_additional_version_weights, var.defaults.routing_additional_version_weights, {}) maximum_event_age_in_seconds = try(each.value.maximum_event_age_in_seconds, var.defaults.maximum_event_age_in_seconds, null) maximum_retry_attempts = try(each.value.maximum_retry_attempts, var.defaults.maximum_retry_attempts, null) - destination_on_failure = try(each.value.destination_on_failure, var.defaults.destination_on_failure, null) - destination_on_success = try(each.value.destination_on_success, var.defaults.destination_on_success, null) - allowed_triggers = try(each.value.allowed_triggers, var.defaults.allowed_triggers, {}) - event_source_mapping = try(each.value.event_source_mapping, var.defaults.event_source_mapping, {}) + name = try(each.value.name, var.defaults.name, "") + refresh_alias = try(each.value.refresh_alias, var.defaults.refresh_alias, true) + routing_additional_version_weights = try(each.value.routing_additional_version_weights, var.defaults.routing_additional_version_weights, {}) + use_existing_alias = try(each.value.use_existing_alias, var.defaults.use_existing_alias, false) } diff --git a/wrappers/deploy/main.tf b/wrappers/deploy/main.tf index e09fa0f1..47cc3d8b 100644 --- a/wrappers/deploy/main.tf +++ b/wrappers/deploy/main.tf @@ -3,39 +3,39 @@ module "wrapper" { for_each = var.items - create = try(each.value.create, var.defaults.create, true) - tags = try(each.value.tags, var.defaults.tags, {}) - alias_name = try(each.value.alias_name, var.defaults.alias_name, "") - function_name = try(each.value.function_name, var.defaults.function_name, "") - current_version = try(each.value.current_version, var.defaults.current_version, "") - target_version = try(each.value.target_version, var.defaults.target_version, "") - before_allow_traffic_hook_arn = try(each.value.before_allow_traffic_hook_arn, var.defaults.before_allow_traffic_hook_arn, "") after_allow_traffic_hook_arn = try(each.value.after_allow_traffic_hook_arn, var.defaults.after_allow_traffic_hook_arn, "") - interpreter = try(each.value.interpreter, var.defaults.interpreter, ["/bin/bash", "-c"]) - description = try(each.value.description, var.defaults.description, "") - create_app = try(each.value.create_app, var.defaults.create_app, false) - use_existing_app = try(each.value.use_existing_app, var.defaults.use_existing_app, false) + alarm_enabled = try(each.value.alarm_enabled, var.defaults.alarm_enabled, false) + alarm_ignore_poll_alarm_failure = try(each.value.alarm_ignore_poll_alarm_failure, var.defaults.alarm_ignore_poll_alarm_failure, false) + alarms = try(each.value.alarms, var.defaults.alarms, []) + alias_name = try(each.value.alias_name, var.defaults.alias_name, "") app_name = try(each.value.app_name, var.defaults.app_name, "") - create_deployment_group = try(each.value.create_deployment_group, var.defaults.create_deployment_group, false) - use_existing_deployment_group = try(each.value.use_existing_deployment_group, var.defaults.use_existing_deployment_group, false) - deployment_group_name = try(each.value.deployment_group_name, var.defaults.deployment_group_name, "") - deployment_config_name = try(each.value.deployment_config_name, var.defaults.deployment_config_name, "CodeDeployDefault.LambdaAllAtOnce") + attach_hooks_policy = try(each.value.attach_hooks_policy, var.defaults.attach_hooks_policy, true) + attach_triggers_policy = try(each.value.attach_triggers_policy, var.defaults.attach_triggers_policy, false) auto_rollback_enabled = try(each.value.auto_rollback_enabled, var.defaults.auto_rollback_enabled, true) auto_rollback_events = try(each.value.auto_rollback_events, var.defaults.auto_rollback_events, ["DEPLOYMENT_STOP_ON_ALARM"]) - alarm_enabled = try(each.value.alarm_enabled, var.defaults.alarm_enabled, false) - alarms = try(each.value.alarms, var.defaults.alarms, []) - alarm_ignore_poll_alarm_failure = try(each.value.alarm_ignore_poll_alarm_failure, var.defaults.alarm_ignore_poll_alarm_failure, false) - triggers = try(each.value.triggers, var.defaults.triggers, {}) aws_cli_command = try(each.value.aws_cli_command, var.defaults.aws_cli_command, "aws") - save_deploy_script = try(each.value.save_deploy_script, var.defaults.save_deploy_script, false) + before_allow_traffic_hook_arn = try(each.value.before_allow_traffic_hook_arn, var.defaults.before_allow_traffic_hook_arn, "") + codedeploy_principals = try(each.value.codedeploy_principals, var.defaults.codedeploy_principals, ["codedeploy.amazonaws.com"]) + codedeploy_role_name = try(each.value.codedeploy_role_name, var.defaults.codedeploy_role_name, "") + create = try(each.value.create, var.defaults.create, true) + create_app = try(each.value.create_app, var.defaults.create_app, false) + create_codedeploy_role = try(each.value.create_codedeploy_role, var.defaults.create_codedeploy_role, true) create_deployment = try(each.value.create_deployment, var.defaults.create_deployment, false) - run_deployment = try(each.value.run_deployment, var.defaults.run_deployment, false) + create_deployment_group = try(each.value.create_deployment_group, var.defaults.create_deployment_group, false) + current_version = try(each.value.current_version, var.defaults.current_version, "") + deployment_config_name = try(each.value.deployment_config_name, var.defaults.deployment_config_name, "CodeDeployDefault.LambdaAllAtOnce") + deployment_group_name = try(each.value.deployment_group_name, var.defaults.deployment_group_name, "") + description = try(each.value.description, var.defaults.description, "") force_deploy = try(each.value.force_deploy, var.defaults.force_deploy, false) - wait_deployment_completion = try(each.value.wait_deployment_completion, var.defaults.wait_deployment_completion, false) - create_codedeploy_role = try(each.value.create_codedeploy_role, var.defaults.create_codedeploy_role, true) - codedeploy_role_name = try(each.value.codedeploy_role_name, var.defaults.codedeploy_role_name, "") - codedeploy_principals = try(each.value.codedeploy_principals, var.defaults.codedeploy_principals, ["codedeploy.amazonaws.com"]) - attach_hooks_policy = try(each.value.attach_hooks_policy, var.defaults.attach_hooks_policy, true) - attach_triggers_policy = try(each.value.attach_triggers_policy, var.defaults.attach_triggers_policy, false) + function_name = try(each.value.function_name, var.defaults.function_name, "") get_deployment_sleep_timer = try(each.value.get_deployment_sleep_timer, var.defaults.get_deployment_sleep_timer, 5) + interpreter = try(each.value.interpreter, var.defaults.interpreter, ["/bin/bash", "-c"]) + run_deployment = try(each.value.run_deployment, var.defaults.run_deployment, false) + save_deploy_script = try(each.value.save_deploy_script, var.defaults.save_deploy_script, false) + tags = try(each.value.tags, var.defaults.tags, {}) + target_version = try(each.value.target_version, var.defaults.target_version, "") + triggers = try(each.value.triggers, var.defaults.triggers, {}) + use_existing_app = try(each.value.use_existing_app, var.defaults.use_existing_app, false) + use_existing_deployment_group = try(each.value.use_existing_deployment_group, var.defaults.use_existing_deployment_group, false) + wait_deployment_completion = try(each.value.wait_deployment_completion, var.defaults.wait_deployment_completion, false) } diff --git a/wrappers/docker-build/main.tf b/wrappers/docker-build/main.tf index c53be636..81afa562 100644 --- a/wrappers/docker-build/main.tf +++ b/wrappers/docker-build/main.tf @@ -3,19 +3,19 @@ module "wrapper" { for_each = var.items + build_args = try(each.value.build_args, var.defaults.build_args, {}) create_ecr_repo = try(each.value.create_ecr_repo, var.defaults.create_ecr_repo, false) create_sam_metadata = try(each.value.create_sam_metadata, var.defaults.create_sam_metadata, false) + docker_file_path = try(each.value.docker_file_path, var.defaults.docker_file_path, "Dockerfile") ecr_address = try(each.value.ecr_address, var.defaults.ecr_address, null) + ecr_force_delete = try(each.value.ecr_force_delete, var.defaults.ecr_force_delete, true) ecr_repo = try(each.value.ecr_repo, var.defaults.ecr_repo, null) + ecr_repo_lifecycle_policy = try(each.value.ecr_repo_lifecycle_policy, var.defaults.ecr_repo_lifecycle_policy, null) + ecr_repo_tags = try(each.value.ecr_repo_tags, var.defaults.ecr_repo_tags, {}) image_tag = try(each.value.image_tag, var.defaults.image_tag, null) - source_path = try(each.value.source_path, var.defaults.source_path, null) - docker_file_path = try(each.value.docker_file_path, var.defaults.docker_file_path, "Dockerfile") image_tag_mutability = try(each.value.image_tag_mutability, var.defaults.image_tag_mutability, "MUTABLE") - scan_on_push = try(each.value.scan_on_push, var.defaults.scan_on_push, false) - ecr_force_delete = try(each.value.ecr_force_delete, var.defaults.ecr_force_delete, true) - ecr_repo_tags = try(each.value.ecr_repo_tags, var.defaults.ecr_repo_tags, {}) - build_args = try(each.value.build_args, var.defaults.build_args, {}) - ecr_repo_lifecycle_policy = try(each.value.ecr_repo_lifecycle_policy, var.defaults.ecr_repo_lifecycle_policy, null) keep_remotely = try(each.value.keep_remotely, var.defaults.keep_remotely, false) platform = try(each.value.platform, var.defaults.platform, null) + scan_on_push = try(each.value.scan_on_push, var.defaults.scan_on_push, false) + source_path = try(each.value.source_path, var.defaults.source_path, null) } diff --git a/wrappers/main.tf b/wrappers/main.tf index 4a101cd2..d842223d 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -3,122 +3,123 @@ module "wrapper" { for_each = var.items + allowed_triggers = try(each.value.allowed_triggers, var.defaults.allowed_triggers, {}) + architectures = try(each.value.architectures, var.defaults.architectures, null) + artifacts_dir = try(each.value.artifacts_dir, var.defaults.artifacts_dir, "builds") + assume_role_policy_statements = try(each.value.assume_role_policy_statements, var.defaults.assume_role_policy_statements, {}) + attach_async_event_policy = try(each.value.attach_async_event_policy, var.defaults.attach_async_event_policy, false) + attach_cloudwatch_logs_policy = try(each.value.attach_cloudwatch_logs_policy, var.defaults.attach_cloudwatch_logs_policy, true) + attach_dead_letter_policy = try(each.value.attach_dead_letter_policy, var.defaults.attach_dead_letter_policy, false) + attach_network_policy = try(each.value.attach_network_policy, var.defaults.attach_network_policy, false) + attach_policies = try(each.value.attach_policies, var.defaults.attach_policies, false) + attach_policy = try(each.value.attach_policy, var.defaults.attach_policy, false) + attach_policy_json = try(each.value.attach_policy_json, var.defaults.attach_policy_json, false) + attach_policy_jsons = try(each.value.attach_policy_jsons, var.defaults.attach_policy_jsons, false) + attach_policy_statements = try(each.value.attach_policy_statements, var.defaults.attach_policy_statements, false) + attach_tracing_policy = try(each.value.attach_tracing_policy, var.defaults.attach_tracing_policy, false) + authorization_type = try(each.value.authorization_type, var.defaults.authorization_type, "NONE") + build_in_docker = try(each.value.build_in_docker, var.defaults.build_in_docker, false) + cloudwatch_logs_kms_key_id = try(each.value.cloudwatch_logs_kms_key_id, var.defaults.cloudwatch_logs_kms_key_id, null) + cloudwatch_logs_retention_in_days = try(each.value.cloudwatch_logs_retention_in_days, var.defaults.cloudwatch_logs_retention_in_days, null) + cloudwatch_logs_tags = try(each.value.cloudwatch_logs_tags, var.defaults.cloudwatch_logs_tags, {}) + code_signing_config_arn = try(each.value.code_signing_config_arn, var.defaults.code_signing_config_arn, null) + compatible_architectures = try(each.value.compatible_architectures, var.defaults.compatible_architectures, null) + compatible_runtimes = try(each.value.compatible_runtimes, var.defaults.compatible_runtimes, []) + cors = try(each.value.cors, var.defaults.cors, {}) create = try(each.value.create, var.defaults.create, true) - create_package = try(each.value.create_package, var.defaults.create_package, true) + create_async_event_config = try(each.value.create_async_event_config, var.defaults.create_async_event_config, false) + create_current_version_allowed_triggers = try(each.value.create_current_version_allowed_triggers, var.defaults.create_current_version_allowed_triggers, true) + create_current_version_async_event_config = try(each.value.create_current_version_async_event_config, var.defaults.create_current_version_async_event_config, true) create_function = try(each.value.create_function, var.defaults.create_function, true) + create_lambda_function_url = try(each.value.create_lambda_function_url, var.defaults.create_lambda_function_url, false) create_layer = try(each.value.create_layer, var.defaults.create_layer, false) + create_package = try(each.value.create_package, var.defaults.create_package, true) create_role = try(each.value.create_role, var.defaults.create_role, true) - create_lambda_function_url = try(each.value.create_lambda_function_url, var.defaults.create_lambda_function_url, false) create_sam_metadata = try(each.value.create_sam_metadata, var.defaults.create_sam_metadata, false) - putin_khuylo = try(each.value.putin_khuylo, var.defaults.putin_khuylo, true) - lambda_at_edge = try(each.value.lambda_at_edge, var.defaults.lambda_at_edge, false) - lambda_at_edge_logs_all_regions = try(each.value.lambda_at_edge_logs_all_regions, var.defaults.lambda_at_edge_logs_all_regions, true) - function_name = try(each.value.function_name, var.defaults.function_name, "") - handler = try(each.value.handler, var.defaults.handler, "") - runtime = try(each.value.runtime, var.defaults.runtime, "") - lambda_role = try(each.value.lambda_role, var.defaults.lambda_role, "") - description = try(each.value.description, var.defaults.description, "") - code_signing_config_arn = try(each.value.code_signing_config_arn, var.defaults.code_signing_config_arn, null) - layers = try(each.value.layers, var.defaults.layers, null) - architectures = try(each.value.architectures, var.defaults.architectures, null) - kms_key_arn = try(each.value.kms_key_arn, var.defaults.kms_key_arn, null) - memory_size = try(each.value.memory_size, var.defaults.memory_size, 128) - ephemeral_storage_size = try(each.value.ephemeral_storage_size, var.defaults.ephemeral_storage_size, 512) - publish = try(each.value.publish, var.defaults.publish, false) - reserved_concurrent_executions = try(each.value.reserved_concurrent_executions, var.defaults.reserved_concurrent_executions, -1) - timeout = try(each.value.timeout, var.defaults.timeout, 3) + create_unqualified_alias_allowed_triggers = try(each.value.create_unqualified_alias_allowed_triggers, var.defaults.create_unqualified_alias_allowed_triggers, true) + create_unqualified_alias_async_event_config = try(each.value.create_unqualified_alias_async_event_config, var.defaults.create_unqualified_alias_async_event_config, true) + create_unqualified_alias_lambda_function_url = try(each.value.create_unqualified_alias_lambda_function_url, var.defaults.create_unqualified_alias_lambda_function_url, true) dead_letter_target_arn = try(each.value.dead_letter_target_arn, var.defaults.dead_letter_target_arn, null) + description = try(each.value.description, var.defaults.description, "") + destination_on_failure = try(each.value.destination_on_failure, var.defaults.destination_on_failure, null) + destination_on_success = try(each.value.destination_on_success, var.defaults.destination_on_success, null) + docker_additional_options = try(each.value.docker_additional_options, var.defaults.docker_additional_options, []) + docker_build_root = try(each.value.docker_build_root, var.defaults.docker_build_root, "") + docker_entrypoint = try(each.value.docker_entrypoint, var.defaults.docker_entrypoint, null) + docker_file = try(each.value.docker_file, var.defaults.docker_file, "") + docker_image = try(each.value.docker_image, var.defaults.docker_image, "") + docker_pip_cache = try(each.value.docker_pip_cache, var.defaults.docker_pip_cache, null) + docker_with_ssh_agent = try(each.value.docker_with_ssh_agent, var.defaults.docker_with_ssh_agent, false) environment_variables = try(each.value.environment_variables, var.defaults.environment_variables, {}) - tracing_mode = try(each.value.tracing_mode, var.defaults.tracing_mode, null) - vpc_subnet_ids = try(each.value.vpc_subnet_ids, var.defaults.vpc_subnet_ids, null) - vpc_security_group_ids = try(each.value.vpc_security_group_ids, var.defaults.vpc_security_group_ids, null) - tags = try(each.value.tags, var.defaults.tags, {}) + ephemeral_storage_size = try(each.value.ephemeral_storage_size, var.defaults.ephemeral_storage_size, 512) + event_source_mapping = try(each.value.event_source_mapping, var.defaults.event_source_mapping, {}) + file_system_arn = try(each.value.file_system_arn, var.defaults.file_system_arn, null) + file_system_local_mount_path = try(each.value.file_system_local_mount_path, var.defaults.file_system_local_mount_path, null) + function_name = try(each.value.function_name, var.defaults.function_name, "") function_tags = try(each.value.function_tags, var.defaults.function_tags, {}) - s3_object_tags = try(each.value.s3_object_tags, var.defaults.s3_object_tags, {}) - s3_object_tags_only = try(each.value.s3_object_tags_only, var.defaults.s3_object_tags_only, false) - package_type = try(each.value.package_type, var.defaults.package_type, "Zip") - image_uri = try(each.value.image_uri, var.defaults.image_uri, null) - image_config_entry_point = try(each.value.image_config_entry_point, var.defaults.image_config_entry_point, []) + handler = try(each.value.handler, var.defaults.handler, "") + hash_extra = try(each.value.hash_extra, var.defaults.hash_extra, "") + ignore_source_code_hash = try(each.value.ignore_source_code_hash, var.defaults.ignore_source_code_hash, false) image_config_command = try(each.value.image_config_command, var.defaults.image_config_command, []) + image_config_entry_point = try(each.value.image_config_entry_point, var.defaults.image_config_entry_point, []) image_config_working_directory = try(each.value.image_config_working_directory, var.defaults.image_config_working_directory, null) - snap_start = try(each.value.snap_start, var.defaults.snap_start, false) - replace_security_groups_on_destroy = try(each.value.replace_security_groups_on_destroy, var.defaults.replace_security_groups_on_destroy, null) - replacement_security_group_ids = try(each.value.replacement_security_group_ids, var.defaults.replacement_security_group_ids, null) - timeouts = try(each.value.timeouts, var.defaults.timeouts, {}) - create_unqualified_alias_lambda_function_url = try(each.value.create_unqualified_alias_lambda_function_url, var.defaults.create_unqualified_alias_lambda_function_url, true) - authorization_type = try(each.value.authorization_type, var.defaults.authorization_type, "NONE") - cors = try(each.value.cors, var.defaults.cors, {}) + image_uri = try(each.value.image_uri, var.defaults.image_uri, null) invoke_mode = try(each.value.invoke_mode, var.defaults.invoke_mode, null) + kms_key_arn = try(each.value.kms_key_arn, var.defaults.kms_key_arn, null) + lambda_at_edge = try(each.value.lambda_at_edge, var.defaults.lambda_at_edge, false) + lambda_at_edge_logs_all_regions = try(each.value.lambda_at_edge_logs_all_regions, var.defaults.lambda_at_edge_logs_all_regions, true) + lambda_role = try(each.value.lambda_role, var.defaults.lambda_role, "") layer_name = try(each.value.layer_name, var.defaults.layer_name, "") layer_skip_destroy = try(each.value.layer_skip_destroy, var.defaults.layer_skip_destroy, false) + layers = try(each.value.layers, var.defaults.layers, null) license_info = try(each.value.license_info, var.defaults.license_info, "") - compatible_runtimes = try(each.value.compatible_runtimes, var.defaults.compatible_runtimes, []) - compatible_architectures = try(each.value.compatible_architectures, var.defaults.compatible_architectures, null) - create_async_event_config = try(each.value.create_async_event_config, var.defaults.create_async_event_config, false) - create_current_version_async_event_config = try(each.value.create_current_version_async_event_config, var.defaults.create_current_version_async_event_config, true) - create_unqualified_alias_async_event_config = try(each.value.create_unqualified_alias_async_event_config, var.defaults.create_unqualified_alias_async_event_config, true) + local_existing_package = try(each.value.local_existing_package, var.defaults.local_existing_package, null) maximum_event_age_in_seconds = try(each.value.maximum_event_age_in_seconds, var.defaults.maximum_event_age_in_seconds, null) maximum_retry_attempts = try(each.value.maximum_retry_attempts, var.defaults.maximum_retry_attempts, null) - destination_on_failure = try(each.value.destination_on_failure, var.defaults.destination_on_failure, null) - destination_on_success = try(each.value.destination_on_success, var.defaults.destination_on_success, null) + memory_size = try(each.value.memory_size, var.defaults.memory_size, 128) + number_of_policies = try(each.value.number_of_policies, var.defaults.number_of_policies, 0) + number_of_policy_jsons = try(each.value.number_of_policy_jsons, var.defaults.number_of_policy_jsons, 0) + package_type = try(each.value.package_type, var.defaults.package_type, "Zip") + policies = try(each.value.policies, var.defaults.policies, []) + policy = try(each.value.policy, var.defaults.policy, null) + policy_json = try(each.value.policy_json, var.defaults.policy_json, null) + policy_jsons = try(each.value.policy_jsons, var.defaults.policy_jsons, []) + policy_name = try(each.value.policy_name, var.defaults.policy_name, null) + policy_path = try(each.value.policy_path, var.defaults.policy_path, null) + policy_statements = try(each.value.policy_statements, var.defaults.policy_statements, {}) provisioned_concurrent_executions = try(each.value.provisioned_concurrent_executions, var.defaults.provisioned_concurrent_executions, -1) - create_current_version_allowed_triggers = try(each.value.create_current_version_allowed_triggers, var.defaults.create_current_version_allowed_triggers, true) - create_unqualified_alias_allowed_triggers = try(each.value.create_unqualified_alias_allowed_triggers, var.defaults.create_unqualified_alias_allowed_triggers, true) - allowed_triggers = try(each.value.allowed_triggers, var.defaults.allowed_triggers, {}) - event_source_mapping = try(each.value.event_source_mapping, var.defaults.event_source_mapping, {}) - use_existing_cloudwatch_log_group = try(each.value.use_existing_cloudwatch_log_group, var.defaults.use_existing_cloudwatch_log_group, false) - cloudwatch_logs_retention_in_days = try(each.value.cloudwatch_logs_retention_in_days, var.defaults.cloudwatch_logs_retention_in_days, null) - cloudwatch_logs_kms_key_id = try(each.value.cloudwatch_logs_kms_key_id, var.defaults.cloudwatch_logs_kms_key_id, null) - cloudwatch_logs_tags = try(each.value.cloudwatch_logs_tags, var.defaults.cloudwatch_logs_tags, {}) - role_name = try(each.value.role_name, var.defaults.role_name, null) + publish = try(each.value.publish, var.defaults.publish, false) + putin_khuylo = try(each.value.putin_khuylo, var.defaults.putin_khuylo, true) + recreate_missing_package = try(each.value.recreate_missing_package, var.defaults.recreate_missing_package, true) + replace_security_groups_on_destroy = try(each.value.replace_security_groups_on_destroy, var.defaults.replace_security_groups_on_destroy, null) + replacement_security_group_ids = try(each.value.replacement_security_group_ids, var.defaults.replacement_security_group_ids, null) + reserved_concurrent_executions = try(each.value.reserved_concurrent_executions, var.defaults.reserved_concurrent_executions, -1) role_description = try(each.value.role_description, var.defaults.role_description, null) - role_path = try(each.value.role_path, var.defaults.role_path, null) role_force_detach_policies = try(each.value.role_force_detach_policies, var.defaults.role_force_detach_policies, true) + role_maximum_session_duration = try(each.value.role_maximum_session_duration, var.defaults.role_maximum_session_duration, 3600) + role_name = try(each.value.role_name, var.defaults.role_name, null) + role_path = try(each.value.role_path, var.defaults.role_path, null) role_permissions_boundary = try(each.value.role_permissions_boundary, var.defaults.role_permissions_boundary, null) role_tags = try(each.value.role_tags, var.defaults.role_tags, {}) - role_maximum_session_duration = try(each.value.role_maximum_session_duration, var.defaults.role_maximum_session_duration, 3600) - policy_name = try(each.value.policy_name, var.defaults.policy_name, null) - attach_cloudwatch_logs_policy = try(each.value.attach_cloudwatch_logs_policy, var.defaults.attach_cloudwatch_logs_policy, true) - attach_dead_letter_policy = try(each.value.attach_dead_letter_policy, var.defaults.attach_dead_letter_policy, false) - attach_network_policy = try(each.value.attach_network_policy, var.defaults.attach_network_policy, false) - attach_tracing_policy = try(each.value.attach_tracing_policy, var.defaults.attach_tracing_policy, false) - attach_async_event_policy = try(each.value.attach_async_event_policy, var.defaults.attach_async_event_policy, false) - attach_policy_json = try(each.value.attach_policy_json, var.defaults.attach_policy_json, false) - attach_policy_jsons = try(each.value.attach_policy_jsons, var.defaults.attach_policy_jsons, false) - attach_policy = try(each.value.attach_policy, var.defaults.attach_policy, false) - attach_policies = try(each.value.attach_policies, var.defaults.attach_policies, false) - policy_path = try(each.value.policy_path, var.defaults.policy_path, null) - number_of_policy_jsons = try(each.value.number_of_policy_jsons, var.defaults.number_of_policy_jsons, 0) - number_of_policies = try(each.value.number_of_policies, var.defaults.number_of_policies, 0) - attach_policy_statements = try(each.value.attach_policy_statements, var.defaults.attach_policy_statements, false) - trusted_entities = try(each.value.trusted_entities, var.defaults.trusted_entities, []) - assume_role_policy_statements = try(each.value.assume_role_policy_statements, var.defaults.assume_role_policy_statements, {}) - policy_json = try(each.value.policy_json, var.defaults.policy_json, null) - policy_jsons = try(each.value.policy_jsons, var.defaults.policy_jsons, []) - policy = try(each.value.policy, var.defaults.policy, null) - policies = try(each.value.policies, var.defaults.policies, []) - policy_statements = try(each.value.policy_statements, var.defaults.policy_statements, {}) - file_system_arn = try(each.value.file_system_arn, var.defaults.file_system_arn, null) - file_system_local_mount_path = try(each.value.file_system_local_mount_path, var.defaults.file_system_local_mount_path, null) - artifacts_dir = try(each.value.artifacts_dir, var.defaults.artifacts_dir, "builds") - s3_prefix = try(each.value.s3_prefix, var.defaults.s3_prefix, null) - ignore_source_code_hash = try(each.value.ignore_source_code_hash, var.defaults.ignore_source_code_hash, false) - local_existing_package = try(each.value.local_existing_package, var.defaults.local_existing_package, null) + runtime = try(each.value.runtime, var.defaults.runtime, "") + s3_acl = try(each.value.s3_acl, var.defaults.s3_acl, "private") + s3_bucket = try(each.value.s3_bucket, var.defaults.s3_bucket, null) s3_existing_package = try(each.value.s3_existing_package, var.defaults.s3_existing_package, null) - store_on_s3 = try(each.value.store_on_s3, var.defaults.store_on_s3, false) + s3_kms_key_id = try(each.value.s3_kms_key_id, var.defaults.s3_kms_key_id, null) s3_object_storage_class = try(each.value.s3_object_storage_class, var.defaults.s3_object_storage_class, "ONEZONE_IA") - s3_bucket = try(each.value.s3_bucket, var.defaults.s3_bucket, null) - s3_acl = try(each.value.s3_acl, var.defaults.s3_acl, "private") + s3_object_tags = try(each.value.s3_object_tags, var.defaults.s3_object_tags, {}) + s3_object_tags_only = try(each.value.s3_object_tags_only, var.defaults.s3_object_tags_only, false) + s3_prefix = try(each.value.s3_prefix, var.defaults.s3_prefix, null) s3_server_side_encryption = try(each.value.s3_server_side_encryption, var.defaults.s3_server_side_encryption, null) + snap_start = try(each.value.snap_start, var.defaults.snap_start, false) source_path = try(each.value.source_path, var.defaults.source_path, null) - hash_extra = try(each.value.hash_extra, var.defaults.hash_extra, "") - build_in_docker = try(each.value.build_in_docker, var.defaults.build_in_docker, false) - docker_file = try(each.value.docker_file, var.defaults.docker_file, "") - docker_build_root = try(each.value.docker_build_root, var.defaults.docker_build_root, "") - docker_image = try(each.value.docker_image, var.defaults.docker_image, "") - docker_with_ssh_agent = try(each.value.docker_with_ssh_agent, var.defaults.docker_with_ssh_agent, false) - docker_pip_cache = try(each.value.docker_pip_cache, var.defaults.docker_pip_cache, null) - docker_additional_options = try(each.value.docker_additional_options, var.defaults.docker_additional_options, []) - docker_entrypoint = try(each.value.docker_entrypoint, var.defaults.docker_entrypoint, null) - recreate_missing_package = try(each.value.recreate_missing_package, var.defaults.recreate_missing_package, true) + store_on_s3 = try(each.value.store_on_s3, var.defaults.store_on_s3, false) + tags = try(each.value.tags, var.defaults.tags, {}) + timeout = try(each.value.timeout, var.defaults.timeout, 3) + timeouts = try(each.value.timeouts, var.defaults.timeouts, {}) + tracing_mode = try(each.value.tracing_mode, var.defaults.tracing_mode, null) + trusted_entities = try(each.value.trusted_entities, var.defaults.trusted_entities, []) + use_existing_cloudwatch_log_group = try(each.value.use_existing_cloudwatch_log_group, var.defaults.use_existing_cloudwatch_log_group, false) + vpc_security_group_ids = try(each.value.vpc_security_group_ids, var.defaults.vpc_security_group_ids, null) + vpc_subnet_ids = try(each.value.vpc_subnet_ids, var.defaults.vpc_subnet_ids, null) } From 04e034977f86ab177f809df475a856a3a0fcb4e5 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 3 Nov 2023 12:27:39 +0000 Subject: [PATCH 283/385] chore(release): version 6.3.0 [skip ci] ## [6.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.2.0...v6.3.0) (2023-11-03) ### Features * Allow to specify custom KMS key for S3 object ([#505](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/505)) ([eb339d6](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/eb339d658c232d0afa0a7f4f7902becab2a2a2e9)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 30e6db25..c95037d8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [6.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.2.0...v6.3.0) (2023-11-03) + + +### Features + +* Allow to specify custom KMS key for S3 object ([#505](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/505)) ([eb339d6](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/eb339d658c232d0afa0a7f4f7902becab2a2a2e9)) + ## [6.2.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.1.0...v6.2.0) (2023-10-27) From 41d8db71ad4fc9f56bb55c314133ce007f587e33 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 7 Nov 2023 14:36:50 +0100 Subject: [PATCH 284/385] feat: Added support for triggers in docker-build module when hash changes (#510) --- examples/container-image/README.md | 2 ++ examples/container-image/main.tf | 30 ++++++++++++++++++++++++----- examples/container-image/outputs.tf | 10 ++++++++++ modules/docker-build/README.md | 10 +++++++++- modules/docker-build/main.tf | 12 ++++++++++-- modules/docker-build/outputs.tf | 7 ++++++- modules/docker-build/variables.tf | 24 +++++++++++++++++++++++ wrappers/docker-build/main.tf | 4 ++++ 8 files changed, 90 insertions(+), 9 deletions(-) diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 22e0d071..af9c7e86 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -55,6 +55,8 @@ No inputs. | Name | Description | |------|-------------| +| [docker\_image\_files\_to\_hash](#output\_docker\_image\_files\_to\_hash) | List of files used to hash the docker image tag | +| [docker\_image\_id](#output\_docker\_image\_id) | The ID of the Docker image | | [docker\_image\_uri](#output\_docker\_image\_uri) | The ECR Docker image URI used to deploy Lambda Function | | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | | [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index d19be410..46c1bf77 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -4,6 +4,17 @@ data "aws_caller_identity" "this" {} data "aws_ecr_authorization_token" "token" {} +locals { + source_path = "context" + path_include = ["**"] + path_exclude = ["**/__pycache__/**"] + files_include = setunion([for f in local.path_include : fileset(local.source_path, f)]...) + files_exclude = setunion([for f in local.path_exclude : fileset(local.source_path, f)]...) + files = sort(setsubtract(local.files_include, local.files_exclude)) + + dir_sha = sha1(join("", [for f in local.files : filesha1("${local.source_path}/${f}")])) +} + provider "aws" { region = "eu-west-1" @@ -32,9 +43,10 @@ module "lambda_function_from_container_image" { ################## # Container Image ################## - image_uri = module.docker_image.image_uri package_type = "Image" - architectures = ["x86_64"] + architectures = ["arm64"] # ["x86_64"] + + image_uri = module.docker_image.image_uri } module "docker_image" { @@ -59,12 +71,20 @@ module "docker_image" { ] }) - image_tag = "2.0" - source_path = "context" + use_image_tag = false # If false, sha of the image will be used + + # use_image_tag = true + # image_tag = "2.0" + + source_path = local.source_path + platform = "linux/amd64" build_args = { FOO = "bar" } - platform = "linux/amd64" + + triggers = { + dir_sha = local.dir_sha + } } resource "random_pet" "this" { diff --git a/examples/container-image/outputs.tf b/examples/container-image/outputs.tf index a71816f8..34755681 100644 --- a/examples/container-image/outputs.tf +++ b/examples/container-image/outputs.tf @@ -97,3 +97,13 @@ output "docker_image_uri" { description = "The ECR Docker image URI used to deploy Lambda Function" value = module.docker_image.image_uri } + +output "docker_image_id" { + description = "The ID of the Docker image" + value = module.docker_image.image_id +} + +output "docker_image_files_to_hash" { + description = "List of files used to hash the docker image tag" + value = local.files +} diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 0cf1cc81..44464404 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -34,7 +34,10 @@ module "docker_image" { create_ecr_repo = true ecr_repo = "my-cool-ecr-repo" - image_tag = "1.0" + + use_image_tag = true + image_tag = "1.0" + source_path = "context" build_args = { FOO = "bar" @@ -94,17 +97,22 @@ No modules. | [ecr\_repo](#input\_ecr\_repo) | Name of ECR repository to use or to create | `string` | `null` | no | | [ecr\_repo\_lifecycle\_policy](#input\_ecr\_repo\_lifecycle\_policy) | A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images. | `string` | `null` | no | | [ecr\_repo\_tags](#input\_ecr\_repo\_tags) | A map of tags to assign to ECR repository | `map(string)` | `{}` | no | +| [force\_remove](#input\_force\_remove) | Whether to remove image forcibly when the resource is destroyed. | `bool` | `false` | no | | [image\_tag](#input\_image\_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | | [image\_tag\_mutability](#input\_image\_tag\_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | +| [keep\_locally](#input\_keep\_locally) | Whether to delete the Docker image locally on destroy operation. | `bool` | `false` | no | | [keep\_remotely](#input\_keep\_remotely) | Whether to keep Docker image in the remote registry on destroy operation. | `bool` | `false` | no | | [platform](#input\_platform) | The target architecture platform to build the image for. | `string` | `null` | no | | [scan\_on\_push](#input\_scan\_on\_push) | Indicates whether images are scanned after being pushed to the repository | `bool` | `false` | no | | [source\_path](#input\_source\_path) | Path to folder containing application code | `string` | `null` | no | +| [triggers](#input\_triggers) | A map of arbitrary strings that, when changed, will force the docker\_image resource to be replaced. This can be used to rebuild an image when contents of source code folders change | `map(string)` | `{}` | no | +| [use\_image\_tag](#input\_use\_image\_tag) | Controls whether to use image tag in ECR repository URI or not. Disable this to deploy latest image using ID (sha256:...) | `bool` | `true` | no | ## Outputs | Name | Description | |------|-------------| +| [image\_id](#output\_image\_id) | The ID of the Docker image | | [image\_uri](#output\_image\_uri) | The ECR image URI for deploying lambda | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index dc9ad310..b75ae05c 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -5,8 +5,8 @@ data "aws_caller_identity" "this" {} locals { ecr_address = coalesce(var.ecr_address, format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.name)) ecr_repo = var.create_ecr_repo ? aws_ecr_repository.this[0].id : var.ecr_repo - image_tag = coalesce(var.image_tag, formatdate("YYYYMMDDhhmmss", timestamp())) - ecr_image_name = format("%v/%v:%v", local.ecr_address, local.ecr_repo, local.image_tag) + image_tag = var.use_image_tag ? coalesce(var.image_tag, formatdate("YYYYMMDDhhmmss", timestamp())) : null + ecr_image_name = var.use_image_tag ? format("%v/%v:%v", local.ecr_address, local.ecr_repo, local.image_tag) : format("%v/%v", local.ecr_address, local.ecr_repo) } resource "docker_image" "this" { @@ -18,12 +18,20 @@ resource "docker_image" "this" { build_args = var.build_args platform = var.platform } + + force_remove = var.force_remove + keep_locally = var.keep_locally + triggers = var.triggers } resource "docker_registry_image" "this" { name = docker_image.this.name keep_remotely = var.keep_remotely + + triggers = { + image_id = docker_image.this.image_id + } } resource "aws_ecr_repository" "this" { diff --git a/modules/docker-build/outputs.tf b/modules/docker-build/outputs.tf index 05c9063a..5b268b54 100644 --- a/modules/docker-build/outputs.tf +++ b/modules/docker-build/outputs.tf @@ -1,4 +1,9 @@ output "image_uri" { description = "The ECR image URI for deploying lambda" - value = docker_registry_image.this.name + value = var.use_image_tag ? docker_registry_image.this.name : format("%v@%v", docker_registry_image.this.name, docker_registry_image.this.id) +} + +output "image_id" { + description = "The ID of the Docker image" + value = docker_registry_image.this.id } diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf index a59548a8..509f35f3 100644 --- a/modules/docker-build/variables.tf +++ b/modules/docker-build/variables.tf @@ -10,6 +10,12 @@ variable "create_sam_metadata" { default = false } +variable "use_image_tag" { + description = "Controls whether to use image tag in ECR repository URI or not. Disable this to deploy latest image using ID (sha256:...)" + type = bool + default = true +} + variable "ecr_address" { description = "Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false`" type = string @@ -88,3 +94,21 @@ variable "platform" { type = string default = null } + +variable "force_remove" { + description = "Whether to remove image forcibly when the resource is destroyed." + type = bool + default = false +} + +variable "keep_locally" { + description = "Whether to delete the Docker image locally on destroy operation." + type = bool + default = false +} + +variable "triggers" { + description = "A map of arbitrary strings that, when changed, will force the docker_image resource to be replaced. This can be used to rebuild an image when contents of source code folders change" + type = map(string) + default = {} +} diff --git a/wrappers/docker-build/main.tf b/wrappers/docker-build/main.tf index 81afa562..0375d4eb 100644 --- a/wrappers/docker-build/main.tf +++ b/wrappers/docker-build/main.tf @@ -12,10 +12,14 @@ module "wrapper" { ecr_repo = try(each.value.ecr_repo, var.defaults.ecr_repo, null) ecr_repo_lifecycle_policy = try(each.value.ecr_repo_lifecycle_policy, var.defaults.ecr_repo_lifecycle_policy, null) ecr_repo_tags = try(each.value.ecr_repo_tags, var.defaults.ecr_repo_tags, {}) + force_remove = try(each.value.force_remove, var.defaults.force_remove, false) image_tag = try(each.value.image_tag, var.defaults.image_tag, null) image_tag_mutability = try(each.value.image_tag_mutability, var.defaults.image_tag_mutability, "MUTABLE") + keep_locally = try(each.value.keep_locally, var.defaults.keep_locally, false) keep_remotely = try(each.value.keep_remotely, var.defaults.keep_remotely, false) platform = try(each.value.platform, var.defaults.platform, null) scan_on_push = try(each.value.scan_on_push, var.defaults.scan_on_push, false) source_path = try(each.value.source_path, var.defaults.source_path, null) + triggers = try(each.value.triggers, var.defaults.triggers, {}) + use_image_tag = try(each.value.use_image_tag, var.defaults.use_image_tag, true) } From 9562536a76f939f70cb0d60f6f514f365dafbb4d Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 7 Nov 2023 13:37:17 +0000 Subject: [PATCH 285/385] chore(release): version 6.4.0 [skip ci] ## [6.4.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.3.0...v6.4.0) (2023-11-07) ### Features * Added support for triggers in docker-build module when hash changes ([#510](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/510)) ([41d8db7](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/41d8db71ad4fc9f56bb55c314133ce007f587e33)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c95037d8..270d79eb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [6.4.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.3.0...v6.4.0) (2023-11-07) + + +### Features + +* Added support for triggers in docker-build module when hash changes ([#510](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/510)) ([41d8db7](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/41d8db71ad4fc9f56bb55c314133ce007f587e33)) + ## [6.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.2.0...v6.3.0) (2023-11-03) From c173c27fb57969da85967f2896b858c4654b0bba Mon Sep 17 00:00:00 2001 From: Jake Naughton <97202100+jake-naughton@users.noreply.github.com> Date: Wed, 22 Nov 2023 18:56:58 +1000 Subject: [PATCH 286/385] feat: Added variable to control the create log group permission (#514) --- README.md | 1 + examples/complete/README.md | 1 + examples/complete/main.tf | 17 +++++++++++++++++ iam.tf | 2 +- variables.tf | 6 ++++++ wrappers/main.tf | 1 + 6 files changed, 27 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6f6f7a19..bf847486 100644 --- a/README.md +++ b/README.md @@ -742,6 +742,7 @@ No modules. | [assume\_role\_policy\_statements](#input\_assume\_role\_policy\_statements) | Map of dynamic policy statements for assuming Lambda Function role (trust relationship) | `any` | `{}` | no | | [attach\_async\_event\_policy](#input\_attach\_async\_event\_policy) | Controls whether async event policy should be added to IAM role for Lambda Function | `bool` | `false` | no | | [attach\_cloudwatch\_logs\_policy](#input\_attach\_cloudwatch\_logs\_policy) | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | `bool` | `true` | no | +| [attach\_create\_log\_group\_permission](#input\_attach\_create\_log\_group\_permission) | Controls whether to add the create log group permission to the CloudWatch logs policy | `bool` | `true` | no | | [attach\_dead\_letter\_policy](#input\_attach\_dead\_letter\_policy) | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | `bool` | `false` | no | | [attach\_network\_policy](#input\_attach\_network\_policy) | Controls whether VPC/network policy should be added to IAM role for Lambda Function | `bool` | `false` | no | | [attach\_policies](#input\_attach\_policies) | Controls whether list of policies should be added to IAM role for Lambda Function | `bool` | `false` | no | diff --git a/examples/complete/README.md b/examples/complete/README.md index 28e5b37a..0fa68c62 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -40,6 +40,7 @@ Note that this example may create resources which cost money. Run `terraform des | [lambda\_function](#module\_lambda\_function) | ../../ | n/a | | [lambda\_function\_existing\_package\_local](#module\_lambda\_function\_existing\_package\_local) | ../../ | n/a | | [lambda\_function\_for\_each](#module\_lambda\_function\_for\_each) | ../../ | n/a | +| [lambda\_function\_no\_create\_log\_group\_permission](#module\_lambda\_function\_no\_create\_log\_group\_permission) | ../../ | n/a | | [lambda\_function\_with\_package\_deploying\_externally](#module\_lambda\_function\_with\_package\_deploying\_externally) | ../../ | n/a | | [lambda\_layer\_local](#module\_lambda\_layer\_local) | ../../ | n/a | | [lambda\_layer\_s3](#module\_lambda\_layer\_s3) | ../../ | n/a | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 0f2d0a8c..62e51084 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -372,6 +372,23 @@ module "lambda_function_with_package_deploying_externally" { ignore_source_code_hash = true } +#################################################### +# Lambda Function no create log group permission +#################################################### + +module "lambda_function_no_create_log_group_permission" { + source = "../../" + + function_name = "${random_pet.this.id}-lambda-no-create-log-group-permission" + handler = "index.lambda_handler" + runtime = "python3.8" + + create_package = false + local_existing_package = "../fixtures/python3.8-zip/existing_package.zip" + + attach_create_log_group_permission = false +} + ########### # Disabled ########### diff --git a/iam.tf b/iam.tf index 0436a4a4..436a4398 100644 --- a/iam.tf +++ b/iam.tf @@ -122,7 +122,7 @@ data "aws_iam_policy_document" "logs" { effect = "Allow" actions = compact([ - !var.use_existing_cloudwatch_log_group ? "logs:CreateLogGroup" : "", + !var.use_existing_cloudwatch_log_group && var.attach_create_log_group_permission ? "logs:CreateLogGroup" : "", "logs:CreateLogStream", "logs:PutLogEvents" ]) diff --git a/variables.tf b/variables.tf index b1713c82..61198bea 100644 --- a/variables.tf +++ b/variables.tf @@ -494,6 +494,12 @@ variable "attach_cloudwatch_logs_policy" { default = true } +variable "attach_create_log_group_permission" { + description = "Controls whether to add the create log group permission to the CloudWatch logs policy" + type = bool + default = true +} + variable "attach_dead_letter_policy" { description = "Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function" type = bool diff --git a/wrappers/main.tf b/wrappers/main.tf index d842223d..1ae65252 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -9,6 +9,7 @@ module "wrapper" { assume_role_policy_statements = try(each.value.assume_role_policy_statements, var.defaults.assume_role_policy_statements, {}) attach_async_event_policy = try(each.value.attach_async_event_policy, var.defaults.attach_async_event_policy, false) attach_cloudwatch_logs_policy = try(each.value.attach_cloudwatch_logs_policy, var.defaults.attach_cloudwatch_logs_policy, true) + attach_create_log_group_permission = try(each.value.attach_create_log_group_permission, var.defaults.attach_create_log_group_permission, true) attach_dead_letter_policy = try(each.value.attach_dead_letter_policy, var.defaults.attach_dead_letter_policy, false) attach_network_policy = try(each.value.attach_network_policy, var.defaults.attach_network_policy, false) attach_policies = try(each.value.attach_policies, var.defaults.attach_policies, false) From 9633abb6b6d275d3a28604dbfa755098470420d4 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 22 Nov 2023 08:57:24 +0000 Subject: [PATCH 287/385] chore(release): version 6.5.0 [skip ci] ## [6.5.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.4.0...v6.5.0) (2023-11-22) ### Features * Added variable to control the create log group permission ([#514](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/514)) ([c173c27](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/c173c27fb57969da85967f2896b858c4654b0bba)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 270d79eb..f23da5c6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [6.5.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.4.0...v6.5.0) (2023-11-22) + + +### Features + +* Added variable to control the create log group permission ([#514](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/514)) ([c173c27](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/c173c27fb57969da85967f2896b858c4654b0bba)) + ## [6.4.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.3.0...v6.4.0) (2023-11-07) From be31ada3e1330ea3bf7d784edd559980b07eb2c2 Mon Sep 17 00:00:00 2001 From: Duy Tran <3896985+sleepwithcoffee@users.noreply.github.com> Date: Thu, 30 Nov 2023 13:10:01 +0800 Subject: [PATCH 288/385] minor syntatical fix (#516) --- modules/deploy/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index f82ca372..4504f099 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -16,7 +16,7 @@ locals { Name = var.function_name Alias = var.alias_name CurrentVersion = var.current_version != "" ? var.current_version : local.current_version - TargetVersion : var.target_version + TargetVersion = var.target_version } } } From 4ed7d196dc26ca80daf6d04416e2a9fa91af6c1b Mon Sep 17 00:00:00 2001 From: IlyesDemineExtVeolia Date: Fri, 12 Jan 2024 18:13:59 +0100 Subject: [PATCH 289/385] feat: Added support for triggers on docker_registry_image resource (#518) Co-authored-by: Anton Babenko --- .pre-commit-config.yaml | 2 +- modules/docker-build/main.tf | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e809a4e4..61ef1782 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.83.5 + rev: v1.86.0 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index b75ae05c..6ed24831 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -29,9 +29,7 @@ resource "docker_registry_image" "this" { keep_remotely = var.keep_remotely - triggers = { - image_id = docker_image.this.image_id - } + triggers = length(var.triggers) == 0 ? { image_id = docker_image.this.image_id } : var.triggers } resource "aws_ecr_repository" "this" { From fd5a4c810bd6025ebdabcb9fdac37cef5833d622 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 12 Jan 2024 17:14:26 +0000 Subject: [PATCH 290/385] chore(release): version 6.6.0 [skip ci] ## [6.6.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.5.0...v6.6.0) (2024-01-12) ### Features * Added support for triggers on docker_registry_image resource ([#518](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/518)) ([4ed7d19](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/4ed7d196dc26ca80daf6d04416e2a9fa91af6c1b)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f23da5c6..713d0546 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [6.6.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.5.0...v6.6.0) (2024-01-12) + + +### Features + +* Added support for triggers on docker_registry_image resource ([#518](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/518)) ([4ed7d19](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/4ed7d196dc26ca80daf6d04416e2a9fa91af6c1b)) + ## [6.5.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.4.0...v6.5.0) (2023-11-22) From 57dbfc1909206bd6034b0d36883029a953c199db Mon Sep 17 00:00:00 2001 From: Samuel Phan Date: Sun, 14 Jan 2024 19:28:38 +0100 Subject: [PATCH 291/385] feat: Add control to use timestamp to trigger the package creation or not (useful for CI/CD) (#521) Co-authored-by: Samuel Phan Co-authored-by: Anton Babenko --- README.md | 4 +- examples/fixtures/python3.10-app1/index.py | 4 + examples/simple-cicd/.gitignore | 1 + examples/simple-cicd/README.md | 53 +++++++++ examples/simple-cicd/main.tf | 26 +++++ examples/simple-cicd/outputs.tf | 0 examples/simple-cicd/test.sh | 126 +++++++++++++++++++++ examples/simple-cicd/variables.tf | 0 examples/simple-cicd/versions.tf | 14 +++ package.tf | 2 +- variables.tf | 6 + wrappers/main.tf | 1 + 12 files changed, 235 insertions(+), 2 deletions(-) create mode 100644 examples/fixtures/python3.10-app1/index.py create mode 100644 examples/simple-cicd/.gitignore create mode 100644 examples/simple-cicd/README.md create mode 100644 examples/simple-cicd/main.tf create mode 100644 examples/simple-cicd/outputs.tf create mode 100755 examples/simple-cicd/test.sh create mode 100644 examples/simple-cicd/variables.tf create mode 100644 examples/simple-cicd/versions.tf diff --git a/README.md b/README.md index bf847486..fc110287 100644 --- a/README.md +++ b/README.md @@ -621,7 +621,7 @@ Q2: How to force recreate deployment package? Q3: `null_resource.archive[0] must be replaced` -> Answer: This probably mean that zip-archive has been deployed, but is currently absent locally, and it has to be recreated locally. When you run into this issue during CI/CD process (where workspace is clean) or from multiple workspaces, you can set environment variable `TF_RECREATE_MISSING_LAMBDA_PACKAGE=false` or pass `recreate_missing_package = false` as a parameter to the module and run `terraform apply`. +> Answer: This probably mean that zip-archive has been deployed, but is currently absent locally, and it has to be recreated locally. When you run into this issue during CI/CD process (where workspace is clean) or from multiple workspaces, you can set environment variable `TF_RECREATE_MISSING_LAMBDA_PACKAGE=false` or pass `recreate_missing_package = false` as a parameter to the module and run `terraform apply`. Alternatively, you can pass `trigger_on_package_timestamp = false` as a parameter to ignore the file timestamp when deciding to create the archive or not. Q4: What does this error mean - `"We currently do not support adding policies for $LATEST."` ? @@ -651,6 +651,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo - [Event Source Mapping](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/event-source-mapping) - Create Lambda Function with event source mapping configuration (SQS, DynamoDB, Amazon MQ, and Kinesis). - [Triggers](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/triggers) - Create Lambda Function with some triggers (eg, Cloudwatch Events, EventBridge). - [Code Signing](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/code-signing) - Create Lambda Function with code signing configuration. +- [Simple CI/CD](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/simple-cicd) - Create Lambda Function as if it runs on CI/CD platform where `builds` directory is often absent. # Examples by the users of this module @@ -852,6 +853,7 @@ No modules. | [timeout](#input\_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no | | [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting Lambda Function resources | `map(string)` | `{}` | no | | [tracing\_mode](#input\_tracing\_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no | +| [trigger\_on\_package\_timestamp](#input\_trigger\_on\_package\_timestamp) | Whether to recreate the Lambda package if the timestamp changes | `bool` | `true` | no | | [trusted\_entities](#input\_trusted\_entities) | List of additional trusted entities for assuming Lambda Function role (trust relationship) | `any` | `[]` | no | | [use\_existing\_cloudwatch\_log\_group](#input\_use\_existing\_cloudwatch\_log\_group) | Whether to use an existing CloudWatch log group or create new | `bool` | `false` | no | | [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no | diff --git a/examples/fixtures/python3.10-app1/index.py b/examples/fixtures/python3.10-app1/index.py new file mode 100644 index 00000000..396c5054 --- /dev/null +++ b/examples/fixtures/python3.10-app1/index.py @@ -0,0 +1,4 @@ +def lambda_handler(event, context): + print("Hello from app1!") + + return event diff --git a/examples/simple-cicd/.gitignore b/examples/simple-cicd/.gitignore new file mode 100644 index 00000000..a57582cc --- /dev/null +++ b/examples/simple-cicd/.gitignore @@ -0,0 +1 @@ +/src diff --git a/examples/simple-cicd/README.md b/examples/simple-cicd/README.md new file mode 100644 index 00000000..05f93a51 --- /dev/null +++ b/examples/simple-cicd/README.md @@ -0,0 +1,53 @@ +# Simple CI/CD example + +Configuration in this directory creates AWS Lambda Function as it would run in a context of CICD executions, where the Terraform working directory is empty and there is no `builds` directory, that: + +- `terraform plan` doesn't trigger a diff if the source code of the lambda function didn't change. +- `terraform plan` does trigger a diff if the source code of the lambda function has changed. +- `terraform apply` works if the code has changed. + +## Usage + +To run this example you need to execute: + +```bash +./test.sh +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 4.63 | +| [random](#requirement\_random) | >= 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| [random](#provider\_random) | >= 2.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | + +## Resources + +| Name | Type | +|------|------| +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | + +## Inputs + +No inputs. + +## Outputs + +No outputs. + diff --git a/examples/simple-cicd/main.tf b/examples/simple-cicd/main.tf new file mode 100644 index 00000000..66afc150 --- /dev/null +++ b/examples/simple-cicd/main.tf @@ -0,0 +1,26 @@ +provider "aws" { + region = "eu-west-1" + # region = "us-east-1" + + # Make it faster by skipping something + skip_metadata_api_check = true + skip_region_validation = true + skip_credentials_validation = true +} + +resource "random_pet" "this" { + length = 2 +} + +module "lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-lambda-simple" + handler = "index.lambda_handler" + runtime = "python3.10" + + source_path = [ + "${path.module}/src/python3.10-app1", + ] + trigger_on_package_timestamp = false +} diff --git a/examples/simple-cicd/outputs.tf b/examples/simple-cicd/outputs.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/simple-cicd/test.sh b/examples/simple-cicd/test.sh new file mode 100755 index 00000000..90ce9804 --- /dev/null +++ b/examples/simple-cicd/test.sh @@ -0,0 +1,126 @@ +#!/usr/bin/env bash +# vim:ts=4:sw=4:noet + +set -eo pipefail + +trap ctrl_c INT + +ctrl_c() { + echo "** Trapped CTRL-C" + exit 1 +} + +failed=0 + +:echo() { + local color=${2:-"33;1"} + echo -e "\e[${color}m$1\e[0m" +} + +:note() { + :echo "$1" "35;1" +} + +:case() { + if [ $? -ne 0 ] + then failed=1 + fi + + if [ "$failed" -eq 1 ] + then :echo "SKIPPED: $1"; return 1 + else echo; :echo "CASE: $1" + fi +} + +:check_diff() { + expected="$1" + + set +e + terraform plan -detailed-exitcode + status=$? + set -e + # ${status} possible values: + # 0 - Succeeded, diff is empty (no changes) + # 1 - Errored + # 2 - Succeeded, there is a diff + if [ "${status}" -ne "${expected}" ]; then + case "${expected}" in + 0) + :echo "Error: we don't expect any diff here!" + return 1 + ;; + 2) + echo "Error: we DO expect some diff here!" + return 1 + ;; + esac + fi +} + +terraform=$(which terraform) +terraform() { + $terraform "$@" < <(yes yes) +} + +:note "Preparing ..." +rm -rf src +mkdir -p src +cp -r "../fixtures/python3.10-app1" src +terraform init +:echo "Destroy / Remove ZIP files" +terraform destroy +rm -rf builds 2>/dev/null || true + +############################################################# +# Part 1: Check that CICD environment won't detect any diff # +############################################################# + +:echo +:note "Starting Part 1: Check that CICD environment won't detect any diff" + +:case "Apply / No diff" && { + terraform apply + :check_diff 0 +} + +:case "Remove 'builds' dir / No diff" && { + rm -rf builds + :check_diff 0 +} + +############################################################################### +# Part 2: Check that CICD environment will detect diff if lambda code changes # +############################################################################### + +:echo +:note "Starting Part 2: Check that CICD environment will detect diff if lambda code changes" + +:note "Change the source code / Remove 'builds' dir" +echo "" >> src/python3.10-app1/index.py +rm -rf builds + +:case "Plan / Expect diff" && { + terraform plan + :check_diff 2 +} + +:case "Apply / No diff" && { + terraform apply + :check_diff 0 +} + +:note "Remove 'builds' dir" +rm -rf builds + +:case "Plan / No diff" && { + terraform plan + :check_diff 0 +} + +#:case "Destroy / Remove ZIP files" && { +# terraform plan -destroy +# terraform destroy -auto-approve +# rm builds/*.zip +#} + +:note "All tests have passed successfully." diff --git a/examples/simple-cicd/variables.tf b/examples/simple-cicd/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/simple-cicd/versions.tf b/examples/simple-cicd/versions.tf new file mode 100644 index 00000000..5afa48b5 --- /dev/null +++ b/examples/simple-cicd/versions.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.63" + } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } + } +} diff --git a/package.tf b/package.tf index b68dc89f..34322514 100644 --- a/package.tf +++ b/package.tf @@ -61,7 +61,7 @@ resource "null_resource" "archive" { triggers = { filename = data.external.archive_prepare[0].result.filename - timestamp = data.external.archive_prepare[0].result.timestamp + timestamp = var.trigger_on_package_timestamp ? data.external.archive_prepare[0].result.timestamp : null } provisioner "local-exec" { diff --git a/variables.tf b/variables.tf index 61198bea..28a2b82e 100644 --- a/variables.tf +++ b/variables.tf @@ -761,3 +761,9 @@ variable "recreate_missing_package" { type = bool default = true } + +variable "trigger_on_package_timestamp" { + description = "Whether to recreate the Lambda package if the timestamp changes" + type = bool + default = true +} diff --git a/wrappers/main.tf b/wrappers/main.tf index 1ae65252..a5f8683c 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -119,6 +119,7 @@ module "wrapper" { timeout = try(each.value.timeout, var.defaults.timeout, 3) timeouts = try(each.value.timeouts, var.defaults.timeouts, {}) tracing_mode = try(each.value.tracing_mode, var.defaults.tracing_mode, null) + trigger_on_package_timestamp = try(each.value.trigger_on_package_timestamp, var.defaults.trigger_on_package_timestamp, true) trusted_entities = try(each.value.trusted_entities, var.defaults.trusted_entities, []) use_existing_cloudwatch_log_group = try(each.value.use_existing_cloudwatch_log_group, var.defaults.use_existing_cloudwatch_log_group, false) vpc_security_group_ids = try(each.value.vpc_security_group_ids, var.defaults.vpc_security_group_ids, null) From a729331518fec8adf232e9a2ad520a5bbc815b26 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sun, 14 Jan 2024 18:29:02 +0000 Subject: [PATCH 292/385] chore(release): version 6.7.0 [skip ci] ## [6.7.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.6.0...v6.7.0) (2024-01-14) ### Features * Add control to use timestamp to trigger the package creation or not (useful for CI/CD) ([#521](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/521)) ([57dbfc1](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/57dbfc1909206bd6034b0d36883029a953c199db)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 713d0546..131be088 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [6.7.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.6.0...v6.7.0) (2024-01-14) + + +### Features + +* Add control to use timestamp to trigger the package creation or not (useful for CI/CD) ([#521](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/521)) ([57dbfc1](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/57dbfc1909206bd6034b0d36883029a953c199db)) + ## [6.6.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.5.0...v6.6.0) (2024-01-12) From b4bfe39fab2a53607dc770bed18599a0fca5a694 Mon Sep 17 00:00:00 2001 From: Daniel Bast <2790401+dbast@users.noreply.github.com> Date: Mon, 15 Jan 2024 12:25:58 +0100 Subject: [PATCH 293/385] fix: Set timeouts only when values are given (#522) --- main.tf | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/main.tf b/main.tf index 76ce118d..ad208d7b 100644 --- a/main.tf +++ b/main.tf @@ -112,10 +112,14 @@ resource "aws_lambda_function" "this" { } } - timeouts { - create = try(var.timeouts.create, null) - update = try(var.timeouts.update, null) - delete = try(var.timeouts.delete, null) + dynamic "timeouts" { + for_each = length(var.timeouts) > 0 ? [true] : [] + + content { + create = try(var.timeouts.create, null) + update = try(var.timeouts.update, null) + delete = try(var.timeouts.delete, null) + } } tags = merge(var.tags, var.function_tags) From 91c49f6c1657b92dce0bdf2a1a927f56fff81044 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 15 Jan 2024 11:26:26 +0000 Subject: [PATCH 294/385] chore(release): version 6.7.1 [skip ci] ### [6.7.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.7.0...v6.7.1) (2024-01-15) ### Bug Fixes * Set timeouts only when values are given ([#522](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/522)) ([b4bfe39](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/b4bfe39fab2a53607dc770bed18599a0fca5a694)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 131be088..1ae923ae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [6.7.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.7.0...v6.7.1) (2024-01-15) + + +### Bug Fixes + +* Set timeouts only when values are given ([#522](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/522)) ([b4bfe39](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/b4bfe39fab2a53607dc770bed18599a0fca5a694)) + ## [6.7.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.6.0...v6.7.0) (2024-01-14) From dcb087d610a294d9c5a29930d8a11a7ab8d4d07e Mon Sep 17 00:00:00 2001 From: Nate Felton Date: Mon, 15 Jan 2024 10:13:28 -0500 Subject: [PATCH 295/385] chore: Update to supported versions of Python and bump pytest (#526) Co-authored-by: Anton Babenko --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 139774bf..d522947b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,7 +1,7 @@ name: Tests env: - PYTEST_VERSION: 7.1.3 + PYTEST_VERSION: 7.4.4 on: push: @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - python_version: ["3.7", "3.8", "3.9", "3.10"] + python_version: ["3.8", "3.9", "3.10", "3.11", "3.12"] fail-fast: false steps: - uses: actions/checkout@v3 From d33b722d30e346b3966fe8f6e5d92ee554c2011d Mon Sep 17 00:00:00 2001 From: Nate Felton Date: Wed, 17 Jan 2024 04:05:33 -0500 Subject: [PATCH 296/385] feat: Allow defining direct path to pyproject.toml (#525) Co-authored-by: Patrick Decat --- examples/build-package/README.md | 2 + examples/build-package/main.tf | 39 +++++++++++++++++++ .../python3.9-app-src-poetry/README.md | 0 .../python3.9-app-src-poetry/poetry.lock | 31 +++++++++++++++ .../python3.9-app-src-poetry/pyproject.toml | 16 ++++++++ .../src/python39_app_src_poetry/__init__.py | 0 .../tests/__init__.py | 0 package.py | 18 +++++---- 8 files changed, 99 insertions(+), 7 deletions(-) create mode 100644 examples/fixtures/python3.9-app-src-poetry/README.md create mode 100644 examples/fixtures/python3.9-app-src-poetry/poetry.lock create mode 100644 examples/fixtures/python3.9-app-src-poetry/pyproject.toml create mode 100644 examples/fixtures/python3.9-app-src-poetry/src/python39_app_src_poetry/__init__.py create mode 100644 examples/fixtures/python3.9-app-src-poetry/tests/__init__.py diff --git a/examples/build-package/README.md b/examples/build-package/README.md index e50dad8f..8aedf045 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -46,6 +46,8 @@ Note that this example may create resources which cost money. Run `terraform des | [package\_dir\_without\_pip\_install](#module\_package\_dir\_without\_pip\_install) | ../../ | n/a | | [package\_file](#module\_package\_file) | ../../ | n/a | | [package\_file\_with\_pip\_requirements](#module\_package\_file\_with\_pip\_requirements) | ../../ | n/a | +| [package\_src\_poetry](#module\_package\_src\_poetry) | ../../ | n/a | +| [package\_src\_poetry2](#module\_package\_src\_poetry2) | ../../ | n/a | | [package\_with\_commands\_and\_patterns](#module\_package\_with\_commands\_and\_patterns) | ../../ | n/a | | [package\_with\_docker](#module\_package\_with\_docker) | ../../ | n/a | | [package\_with\_npm\_requirements\_in\_docker](#module\_package\_with\_npm\_requirements\_in\_docker) | ../../ | n/a | diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index ddee6eb8..869d4428 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -63,6 +63,45 @@ module "package_dir_poetry" { artifacts_dir = "${path.root}/builds/package_dir_poetry/" } +# Create zip-archive of a src directory where "poetry export" & "pip install --no-deps" will also be executed (using docker) +module "package_src_poetry" { + source = "../../" + + create_function = false + + build_in_docker = true + runtime = "python3.9" + docker_image = "build-python3.9-poetry" + docker_file = "${path.module}/../fixtures/python3.9-app-src-poetry/docker/Dockerfile" + + source_path = [ + "${path.module}/../fixtures/python3.9-app-src-poetry/src", + { + path = "${path.module}/../fixtures/python3.9-app-src-poetry/pyproject.toml" + poetry_install = true + } + ] + artifacts_dir = "${path.root}/builds/package_src_poetry/" +} + +# Create zip-archive of a src directory where "poetry export" & "pip install --no-deps" will also be executed (using docker) +module "package_src_poetry2" { + source = "../../" + + create_function = false + + build_in_docker = true + runtime = "python3.9" + docker_image = "build-python3.9-poetry" + docker_file = "${path.module}/../fixtures/python3.9-app-src-poetry/docker/Dockerfile" + + source_path = [ + "${path.module}/../fixtures/python3.9-app-src-poetry/src", + "${path.module}/../fixtures/python3.9-app-src-poetry/pyproject.toml" + ] + artifacts_dir = "${path.root}/builds/package_src_poetry2/" +} + # Create zip-archive of a single directory where "poetry export" & "pip install --no-deps" will also be executed (not using docker) module "package_dir_poetry_no_docker" { source = "../../" diff --git a/examples/fixtures/python3.9-app-src-poetry/README.md b/examples/fixtures/python3.9-app-src-poetry/README.md new file mode 100644 index 00000000..e69de29b diff --git a/examples/fixtures/python3.9-app-src-poetry/poetry.lock b/examples/fixtures/python3.9-app-src-poetry/poetry.lock new file mode 100644 index 00000000..5db627a1 --- /dev/null +++ b/examples/fixtures/python3.9-app-src-poetry/poetry.lock @@ -0,0 +1,31 @@ +# This file is automatically @generated by Poetry 1.6.1 and should not be changed by hand. + +[[package]] +name = "colorama" +version = "0.4.6" +description = "Cross-platform colored terminal text." +optional = false +python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7" +files = [ + {file = "colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6"}, + {file = "colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44"}, +] + +[[package]] +name = "colorful" +version = "0.5.5" +description = "Terminal string styling done right, in Python." +optional = false +python-versions = "*" +files = [ + {file = "colorful-0.5.5-py2.py3-none-any.whl", hash = "sha256:62c187e27c1433db9463ff93b1451898d1e7e23a7e553583fd9daeb6325182e4"}, + {file = "colorful-0.5.5.tar.gz", hash = "sha256:66f8c1264b2a26f7293b96a03bb7a76c4bc8b9634369a0bffdcd12d618056a1d"}, +] + +[package.dependencies] +colorama = {version = "*", markers = "platform_system == \"Windows\""} + +[metadata] +lock-version = "2.0" +python-versions = "^3.9" +content-hash = "fdeeb736094152bb24127be160ee7e572f919f877d43589ad98e1e885dc6427d" diff --git a/examples/fixtures/python3.9-app-src-poetry/pyproject.toml b/examples/fixtures/python3.9-app-src-poetry/pyproject.toml new file mode 100644 index 00000000..2b890b79 --- /dev/null +++ b/examples/fixtures/python3.9-app-src-poetry/pyproject.toml @@ -0,0 +1,16 @@ +[tool.poetry] +name = "python3-9-app-src-poetry" +version = "0.1.0" +description = "" +authors = ["Your Name "] +readme = "README.md" +packages = [{include = "python39_app_src_poetry", from = "src"}] + +[tool.poetry.dependencies] +python = "^3.9" +colorful = "^0.5.5" + + +[build-system] +requires = ["poetry-core"] +build-backend = "poetry.core.masonry.api" diff --git a/examples/fixtures/python3.9-app-src-poetry/src/python39_app_src_poetry/__init__.py b/examples/fixtures/python3.9-app-src-poetry/src/python39_app_src_poetry/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/examples/fixtures/python3.9-app-src-poetry/tests/__init__.py b/examples/fixtures/python3.9-app-src-poetry/tests/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/package.py b/package.py index 20ba4fdf..c00eba63 100644 --- a/package.py +++ b/package.py @@ -690,10 +690,11 @@ def poetry_install_step(path, prefix=None, required=False): else: step("poetry", runtime, path, prefix) hash(pyproject_file) - poetry_lock_file = os.path.join(path, "poetry.lock") + pyproject_path = os.path.dirname(pyproject_file) + poetry_lock_file = os.path.join(pyproject_path, "poetry.lock") if os.path.isfile(poetry_lock_file): hash(poetry_lock_file) - poetry_toml_file = os.path.join(path, "poetry.toml") + poetry_toml_file = os.path.join(pyproject_path, "poetry.toml") if os.path.isfile(poetry_toml_file): hash(poetry_toml_file) @@ -1029,14 +1030,17 @@ def install_poetry_dependencies(query, path): # 1. Emit files instead of temp_dir # pyproject.toml is always required by poetry - pyproject_file = os.path.join(path, "pyproject.toml") + pyproject_file = path + if os.path.isdir(path): + pyproject_file = os.path.join(path, "pyproject.toml") if not os.path.exists(pyproject_file): yield return # poetry.lock & poetry.toml are optional - poetry_lock_file = os.path.join(path, "poetry.lock") - poetry_toml_file = os.path.join(path, "poetry.toml") + pyproject_path = os.path.dirname(pyproject_file) + poetry_lock_file = os.path.join(pyproject_path, "poetry.lock") + poetry_toml_file = os.path.join(pyproject_path, "poetry.toml") runtime = query.runtime artifacts_dir = query.artifacts_dir @@ -1085,13 +1089,13 @@ def copy_file_to_target(file, temp_dir): pyproject_target_file = copy_file_to_target(pyproject_file, temp_dir) if os.path.isfile(poetry_lock_file): - log.info("Using poetry lock file: %s", poetry_lock_file) + log.info("Using poetry.lock file: %s", poetry_lock_file) poetry_lock_target_file = copy_file_to_target(poetry_lock_file, temp_dir) else: poetry_lock_target_file = None if os.path.isfile(poetry_toml_file): - log.info("Using poetry configuration file: %s", poetry_lock_file) + log.info("Using poetry.toml configuration file: %s", poetry_toml_file) poetry_toml_target_file = copy_file_to_target(poetry_toml_file, temp_dir) else: poetry_toml_target_file = None From 20f6aaea11a3f5d6d3aa30691eb747ea27b6babf Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 17 Jan 2024 09:06:03 +0000 Subject: [PATCH 297/385] chore(release): version 6.8.0 [skip ci] ## [6.8.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.7.1...v6.8.0) (2024-01-17) ### Features * Allow defining direct path to pyproject.toml ([#525](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/525)) ([d33b722](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/d33b722d30e346b3966fe8f6e5d92ee554c2011d)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ae923ae..9e1eaa34 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [6.8.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.7.1...v6.8.0) (2024-01-17) + + +### Features + +* Allow defining direct path to pyproject.toml ([#525](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/525)) ([d33b722](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/d33b722d30e346b3966fe8f6e5d92ee554c2011d)) + ### [6.7.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.7.0...v6.7.1) (2024-01-15) From 0c094151c9d35fdc954c07e161d8bdb36f47d7e0 Mon Sep 17 00:00:00 2001 From: Fran R Date: Thu, 18 Jan 2024 17:40:37 +0000 Subject: [PATCH 298/385] chore: Added Ruff (Python code formatter) (#536) --- .github/workflows/test.yml | 33 +- examples/fixtures/python3.8-app2/index.py | 15 +- package.py | 727 +++++++++++++--------- 3 files changed, 458 insertions(+), 317 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d522947b..ab145451 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,6 +2,8 @@ name: Tests env: PYTEST_VERSION: 7.4.4 + RUFF_VERSION: 0.1.13 + RUFF_PY_VERSION: 3.12 on: push: @@ -19,19 +21,40 @@ jobs: python_version: ["3.8", "3.9", "3.10", "3.11", "3.12"] fail-fast: false steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4.1.1 - name: Set up Python ${{ matrix.python_version }} - uses: actions/setup-python@v3 + uses: actions/setup-python@v5.0.0 with: python-version: ${{ matrix.python_version }} - - name: Install poetry and tox + - name: Install poetry shell: bash run: | - pip install pytest==${PYTEST_VERSION} + pip install pytest==${{ env.PYTEST_VERSION }} - - name: Run tox + - name: Run pytest shell: bash run: | python -m pytest -vvv tests/ + + format: + name: Ruff Format check + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4.1.1 + + - name: Set up Python + uses: actions/setup-python@v5.0.0 + with: + python-version: ${{ env.RUFF_PY_VERSION }} + + - name: Install ruff + shell: bash + run: | + pip install ruff==${{ env.RUFF_VERSION }} + + - name: Run ruff format check + shell: bash + run: | + ruff format --check . diff --git a/examples/fixtures/python3.8-app2/index.py b/examples/fixtures/python3.8-app2/index.py index 0ba33055..3ec1af75 100644 --- a/examples/fixtures/python3.8-app2/index.py +++ b/examples/fixtures/python3.8-app2/index.py @@ -7,18 +7,17 @@ logger = logging.getLogger() logger.setLevel(logging.INFO) -logging.getLogger('boto3').setLevel(logging.DEBUG) -logging.getLogger('botocore').setLevel(logging.DEBUG) +logging.getLogger("boto3").setLevel(logging.DEBUG) +logging.getLogger("botocore").setLevel(logging.DEBUG) + +bucketName = os.environ["BUCKET_NAME"] +regionName = os.environ["REGION_NAME"] -bucketName = os.environ['BUCKET_NAME'] -regionName = os.environ['REGION_NAME'] def lambda_handler(event, context): - client = boto3.client('s3', regionName) + client = boto3.client("s3", regionName) response = client.put_object( - Bucket=bucketName, - Key=str(uuid4()), - Body=bytearray("Hello, World!", 'utf-8') + Bucket=bucketName, Key=str(uuid4()), Body=bytearray("Hello, World!", "utf-8") ) logger.info(response) diff --git a/package.py b/package.py index c00eba63..e554b9cd 100644 --- a/package.py +++ b/package.py @@ -29,8 +29,8 @@ PY37 = sys.version_info >= (3, 7) PY36 = sys.version_info >= (3, 6) -WINDOWS = platform.system() == 'Windows' -OSX = platform.system() == 'Darwin' +WINDOWS = platform.system() == "Windows" +OSX = platform.system() == "Darwin" ################################################################################ # Logging @@ -41,29 +41,29 @@ log_handler = None log = logging.getLogger() -cmd_log = logging.getLogger('cmd') +cmd_log = logging.getLogger("cmd") def configure_logging(use_tf_stderr=False): global log_handler - logging.addLevelName(DEBUG2, 'DEBUG2') - logging.addLevelName(DEBUG3, 'DEBUG3') - logging.addLevelName(DUMP_ENV, 'DUMP_ENV') + logging.addLevelName(DEBUG2, "DEBUG2") + logging.addLevelName(DEBUG3, "DEBUG3") + logging.addLevelName(DUMP_ENV, "DUMP_ENV") class LogFormatter(logging.Formatter): - default_format = '%(message)s' + default_format = "%(message)s" formats = { - 'root': default_format, - 'build': default_format, - 'prepare': '[{}] %(name)s: %(message)s'.format(os.getpid()), - 'cmd': '> %(message)s', - '': '%(name)s: %(message)s' + "root": default_format, + "build": default_format, + "prepare": "[{}] %(name)s: %(message)s".format(os.getpid()), + "cmd": "> %(message)s", + "": "%(name)s: %(message)s", } def formatMessage(self, record): - prefix = record.name.rsplit('.') - self._style._fmt = self.formats.get(prefix[0], self.formats['']) + prefix = record.name.rsplit(".") + self._style._fmt = self.formats.get(prefix[0], self.formats[""]) return super().formatMessage(record) tf_stderr_fd = 5 @@ -71,7 +71,7 @@ def formatMessage(self, record): if use_tf_stderr: try: if os.isatty(tf_stderr_fd): - log_stream = os.fdopen(tf_stderr_fd, mode='w') + log_stream = os.fdopen(tf_stderr_fd, mode="w") except OSError: pass @@ -84,20 +84,22 @@ def formatMessage(self, record): def dump_env(): if log.isEnabledFor(DUMP_ENV): - log.debug('ENV: %s', json.dumps(dict(os.environ), indent=2)) + log.debug("ENV: %s", json.dumps(dict(os.environ), indent=2)) ################################################################################ # Backports + def shlex_join(split_command): """Return a shell-escaped string from *split_command*.""" - return ' '.join(shlex.quote(arg) for arg in split_command) + return " ".join(shlex.quote(arg) for arg in split_command) ################################################################################ # Common functions + def abort(message): """Exits with an error message.""" log.error(message) @@ -109,7 +111,7 @@ def cd(path, silent=False): """Changes the working directory.""" cwd = os.getcwd() if not silent: - cmd_log.info('cd %s', shlex.quote(path)) + cmd_log.info("cd %s", shlex.quote(path)) try: os.chdir(path) yield @@ -120,9 +122,9 @@ def cd(path, silent=False): @contextmanager def tempdir(dir=None): """Creates a temporary directory and then deletes it afterwards.""" - prefix = 'terraform-aws-lambda-' + prefix = "terraform-aws-lambda-" path = tempfile.mkdtemp(prefix=prefix, dir=dir) - cmd_log.info('mktemp -d %sXXXXXXXX # %s', prefix, shlex.quote(path)) + cmd_log.info("mktemp -d %sXXXXXXXX # %s", prefix, shlex.quote(path)) try: yield path finally: @@ -135,7 +137,7 @@ def list_files(top_path, log=None): """ if log: - log = log.getChild('ls') + log = log.getChild("ls") results = [] @@ -155,10 +157,14 @@ def list_files(top_path, log=None): def dataclass(name): - typ = type(name, (dict,), { - '__getattr__': lambda self, x: self.get(x), - '__init__': lambda self, **k: self.update(k), - }) + typ = type( + name, + (dict,), + { + "__getattr__": lambda self, x: self.get(x), + "__init__": lambda self, **k: self.update(k), + }, + ) return typ @@ -174,14 +180,19 @@ def decode_json(k, v): pass return v - return dataclass(name)(**dict((( - k, datatree(k, **v) if isinstance(v, dict) else decode_json(k, v)) - for k, v in fields.items()))) + return dataclass(name)( + **dict( + ( + (k, datatree(k, **v) if isinstance(v, dict) else decode_json(k, v)) + for k, v in fields.items() + ) + ) + ) def timestamp_now_ns(): timestamp = datetime.datetime.now().timestamp() - timestamp = int(timestamp * 10 ** 7) * 10 ** 2 + timestamp = int(timestamp * 10**7) * 10**2 return timestamp @@ -200,9 +211,9 @@ def yesno_bool(val): if val.isnumeric(): return bool(int(val)) val = val.lower() - if val in ('true', 'yes', 'y'): + if val in ("true", "yes", "y"): return True - elif val in ('false', 'no', 'n'): + elif val in ("false", "no", "n"): return False else: raise ValueError("Unsupported value: %s" % val) @@ -212,6 +223,7 @@ def yesno_bool(val): ################################################################################ # Packaging functions + def emit_dir_content(base_dir): for root, dirs, files in os.walk(base_dir, followlinks=True): # Sort directories and files to ensure they are always processed in the same order @@ -223,14 +235,13 @@ def emit_dir_content(base_dir): yield os.path.normpath(os.path.join(root, name)) -def generate_content_hash(source_paths, - hash_func=hashlib.sha256, log=None): +def generate_content_hash(source_paths, hash_func=hashlib.sha256, log=None): """ Generate a content hash of the source paths. """ if log: - log = log.getChild('hash') + log = log.getChild("hash") hash_obj = hash_func() @@ -260,7 +271,7 @@ def update_hash(hash_obj, file_root, file_path): relative_path = os.path.join(file_root, file_path) hash_obj.update(relative_path.encode()) - with open(relative_path, 'rb') as open_file: + with open(relative_path, "rb") as open_file: while True: data = open_file.read(1024 * 8) if not data: @@ -271,32 +282,33 @@ def update_hash(hash_obj, file_root, file_path): class ZipWriteStream: """""" - def __init__(self, zip_filename, - compress_type=zipfile.ZIP_DEFLATED, - compresslevel=None, - timestamp=None): - + def __init__( + self, + zip_filename, + compress_type=zipfile.ZIP_DEFLATED, + compresslevel=None, + timestamp=None, + ): self.timestamp = timestamp self.filename = zip_filename if not (self.filename and isinstance(self.filename, str)): - raise ValueError('Zip file path must be provided') + raise ValueError("Zip file path must be provided") self._tmp_filename = None self._compress_type = compress_type self._compresslevel = compresslevel self._zip = None - self._log = logging.getLogger('zip') + self._log = logging.getLogger("zip") def open(self): if self._tmp_filename: raise zipfile.BadZipFile("ZipStream object can't be reused") self._ensure_base_path(self.filename) - self._tmp_filename = '{}.tmp'.format(self.filename) + self._tmp_filename = "{}.tmp".format(self.filename) self._log.info("creating '%s' archive", self.filename) - self._zip = zipfile.ZipFile(self._tmp_filename, "w", - self._compress_type) + self._zip = zipfile.ZipFile(self._tmp_filename, "w", self._compress_type) return self def close(self, failed=False): @@ -322,7 +334,7 @@ def _ensure_open(self): return True if self._tmp_filename: raise zipfile.BadZipFile("ZipWriteStream object can't be reused") - raise zipfile.BadZipFile('ZipWriteStream should be opened first') + raise zipfile.BadZipFile("ZipWriteStream should be opened first") def _ensure_base_path(self, zip_filename): archive_dir = os.path.dirname(zip_filename) @@ -381,15 +393,13 @@ def write_file_obj(self, file_path, data, prefix=None, timestamp=None): self._ensure_open() raise NotImplementedError - def _write_zinfo(self, zinfo, filename, - compress_type=None, compresslevel=None): + def _write_zinfo(self, zinfo, filename, compress_type=None, compresslevel=None): self._ensure_open() zip = self._zip if not zip.fp: - raise ValueError( - "Attempt to write to ZIP archive that was already closed") + raise ValueError("Attempt to write to ZIP archive that was already closed") if zip._writing: raise ValueError( "Can't write to ZIP archive while an open writing handle exists" @@ -427,7 +437,7 @@ def _write_zinfo(self, zinfo, filename, zip.fp.write(zinfo.FileHeader(False)) zip.start_dir = zip.fp.tell() else: - with open(filename, "rb") as src, zip.open(zinfo, 'w') as dest: + with open(filename, "rb") as src, zip.open(zinfo, "w") as dest: shutil.copyfileobj(src, dest, 1024 * 8) def _make_zinfo_from_file(self, filename, arcname=None): @@ -438,8 +448,7 @@ def _make_zinfo_from_file(self, filename, arcname=None): zinfo_func = self._zinfo_from_file strict_timestamps = True - return zinfo_func(filename, arcname, - strict_timestamps=strict_timestamps) + return zinfo_func(filename, arcname, strict_timestamps=strict_timestamps) @staticmethod def _update_zinfo(zinfo, date_time): @@ -474,7 +483,7 @@ def _zinfo_from_file(filename, arcname=None, *, strict_timestamps=True): while arcname[0] in (os.sep, os.altsep): arcname = arcname[1:] if isdir: - arcname += '/' + arcname += "/" zinfo = zipfile.ZipInfo(arcname, date_time) zinfo.external_attr = (st.st_mode & 0xFFFF) << 16 # Unix attributes if isdir: @@ -494,7 +503,7 @@ def str_int_to_timestamp(s): return min_zip_ts deg = len(str(int(s))) - 9 if deg < 0: - ts = ts * 10 ** deg + ts = ts * 10**deg return ts date_time = None @@ -510,23 +519,26 @@ def str_int_to_timestamp(s): date_time = datetime.datetime.fromtimestamp(timestamp).timetuple() date_time = date_time[:6] if date_time[0] < 1980: - raise ValueError('ZIP does not support timestamps before 1980') + raise ValueError("ZIP does not support timestamps before 1980") return date_time ################################################################################ # Building + def patterns_list(args, patterns): _filter = str.strip if args.pattern_comments: + def _filter(x): x = x.strip() p = re.search("^(.*?)[ \t]*(?:[ \t]{2}#.*)?$", x).group(1).rstrip() - if p.startswith('#'): + if p.startswith("#"): return if p: return p + if isinstance(patterns, str): return list(filter(None, map(_filter, patterns.splitlines()))) return patterns @@ -539,13 +551,13 @@ def __init__(self, args): self._args = args self._rules = None self._excludes = set() - self._log = logging.getLogger('zip') + self._log = logging.getLogger("zip") def compile(self, patterns): rules = [] for p in patterns_list(self._args, patterns): self._log.debug("filter pattern: %s", p) - if p.startswith('!'): + if p.startswith("!"): r = re.compile(p[1:]) rules.append((operator.not_, r)) else: @@ -586,13 +598,13 @@ def emit_dir(dpath, opath): if apply(dpath): yield opath else: - self._log.debug('skip: %s', dpath) + self._log.debug("skip: %s", dpath) def emit_file(fpath, opath): if apply(fpath): yield opath else: - self._log.debug('skip: %s', fpath) + self._log.debug("skip: %s", fpath) if os.path.isfile(path): name = os.path.basename(path) @@ -638,7 +650,7 @@ def __init__(self, args, log=None): def hash(self, extra_paths): if not self._source_paths: - raise ValueError('BuildPlanManager.plan() should be called first') + raise ValueError("BuildPlanManager.plan() should be called first") content_hash_paths = self._source_paths + extra_paths @@ -646,8 +658,7 @@ def hash(self, extra_paths): # runtime value, build command, and content of the build paths # because they can have an effect on the resulting archive. self._log.debug("Computing content hash on files...") - content_hash = generate_content_hash(content_hash_paths, - log=self._log) + content_hash = generate_content_hash(content_hash_paths, log=self._log) return content_hash def plan(self, source_path, query): @@ -665,19 +676,19 @@ def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): command = runtime requirements = path if os.path.isdir(path): - requirements = os.path.join(path, 'requirements.txt') + requirements = os.path.join(path, "requirements.txt") if not os.path.isfile(requirements): if required: - raise RuntimeError( - 'File not found: {}'.format(requirements)) + raise RuntimeError("File not found: {}".format(requirements)) else: if not query.docker and not shutil.which(command): raise RuntimeError( "Python interpreter version equal " "to defined lambda runtime ({}) should be " - "available in system PATH".format(command)) + "available in system PATH".format(command) + ) - step('pip', runtime, requirements, prefix, tmp_dir) + step("pip", runtime, requirements, prefix, tmp_dir) hash(requirements) def poetry_install_step(path, prefix=None, required=False): @@ -686,7 +697,9 @@ def poetry_install_step(path, prefix=None, required=False): pyproject_file = os.path.join(path, "pyproject.toml") if get_build_system_from_pyproject_toml(pyproject_file) != "poetry": if required: - raise RuntimeError("poetry configuration not found: {}".format(pyproject_file)) + raise RuntimeError( + "poetry configuration not found: {}".format(pyproject_file) + ) else: step("poetry", runtime, path, prefix) hash(pyproject_file) @@ -702,18 +715,18 @@ def npm_requirements_step(path, prefix=None, required=False, tmp_dir=None): command = "npm" requirements = path if os.path.isdir(path): - requirements = os.path.join(path, 'package.json') + requirements = os.path.join(path, "package.json") if not os.path.isfile(requirements): if required: - raise RuntimeError( - 'File not found: {}'.format(requirements)) + raise RuntimeError("File not found: {}".format(requirements)) else: if not query.docker and not shutil.which(command): raise RuntimeError( "Nodejs package manager ({}) should be " - "available in system PATH".format(command)) + "available in system PATH".format(command) + ) - step('npm', runtime, requirements, prefix, tmp_dir) + step("npm", runtime, requirements, prefix, tmp_dir) hash(requirements) def commands_step(path, commands): @@ -728,7 +741,7 @@ def commands_step(path, commands): batch = [] for c in commands: if isinstance(c, str): - if c.startswith(':zip'): + if c.startswith(":zip"): if path: hash(path) else: @@ -739,25 +752,26 @@ def commands_step(path, commands): # `terraform -chdir=...` path = query.paths.cwd if batch: - step('sh', path, '\n'.join(batch)) + step("sh", path, "\n".join(batch)) batch.clear() c = shlex.split(c) if len(c) == 3: _, _path, prefix = c prefix = prefix.strip() _path = os.path.normpath(os.path.join(path, _path)) - step('zip:embedded', _path, prefix) + step("zip:embedded", _path, prefix) elif len(c) == 2: prefix = None _, _path = c - step('zip:embedded', _path, prefix) + step("zip:embedded", _path, prefix) elif len(c) == 1: prefix = None - step('zip:embedded', path, prefix) + step("zip:embedded", path, prefix) else: raise ValueError( ":zip invalid call signature, use: " - "':zip [path [prefix_in_zip]]'") + "':zip [path [prefix_in_zip]]'" + ) else: batch.append(c) @@ -765,55 +779,72 @@ def commands_step(path, commands): if isinstance(claim, str): path = claim if not os.path.exists(path): - abort('Could not locate source_path "{path}". Paths are relative to directory where `terraform plan` is being run ("{pwd}")'.format( - path=path, - pwd=os.getcwd() - )) + abort( + 'Could not locate source_path "{path}". Paths are relative to directory where `terraform plan` is being run ("{pwd}")'.format( + path=path, pwd=os.getcwd() + ) + ) runtime = query.runtime - if runtime.startswith('python'): - pip_requirements_step( - os.path.join(path, 'requirements.txt')) + if runtime.startswith("python"): + pip_requirements_step(os.path.join(path, "requirements.txt")) poetry_install_step(path) - elif runtime.startswith('nodejs'): - npm_requirements_step( - os.path.join(path, 'package.json')) - step('zip', path, None) + elif runtime.startswith("nodejs"): + npm_requirements_step(os.path.join(path, "package.json")) + step("zip", path, None) hash(path) elif isinstance(claim, dict): - path = claim.get('path') - patterns = claim.get('patterns') - commands = claim.get('commands') + path = claim.get("path") + patterns = claim.get("patterns") + commands = claim.get("commands") if patterns: - step('set:filter', patterns_list(self._args, patterns)) + step("set:filter", patterns_list(self._args, patterns)) if commands: commands_step(path, commands) else: - prefix = claim.get('prefix_in_zip') - pip_requirements = claim.get('pip_requirements') + prefix = claim.get("prefix_in_zip") + pip_requirements = claim.get("pip_requirements") poetry_install = claim.get("poetry_install") - npm_requirements = claim.get('npm_package_json') - runtime = claim.get('runtime', query.runtime) + npm_requirements = claim.get("npm_package_json") + runtime = claim.get("runtime", query.runtime) - if pip_requirements and runtime.startswith('python'): + if pip_requirements and runtime.startswith("python"): if isinstance(pip_requirements, bool) and path: - pip_requirements_step(path, prefix, required=True, tmp_dir=claim.get('pip_tmp_dir')) + pip_requirements_step( + path, + prefix, + required=True, + tmp_dir=claim.get("pip_tmp_dir"), + ) else: - pip_requirements_step(pip_requirements, prefix, - required=True, tmp_dir=claim.get('pip_tmp_dir')) + pip_requirements_step( + pip_requirements, + prefix, + required=True, + tmp_dir=claim.get("pip_tmp_dir"), + ) if poetry_install and runtime.startswith("python"): if path: poetry_install_step(path, prefix, required=True) - if npm_requirements and runtime.startswith('nodejs'): + if npm_requirements and runtime.startswith("nodejs"): if isinstance(npm_requirements, bool) and path: - npm_requirements_step(path, prefix, required=True, tmp_dir=claim.get('npm_tmp_dir')) + npm_requirements_step( + path, + prefix, + required=True, + tmp_dir=claim.get("npm_tmp_dir"), + ) else: - npm_requirements_step(npm_requirements, prefix, - required=True, tmp_dir=claim.get('npm_tmp_dir')) + npm_requirements_step( + npm_requirements, + prefix, + required=True, + tmp_dir=claim.get("npm_tmp_dir"), + ) if path: - step('zip', path, prefix) + step("zip", path, prefix) if patterns: # Take patterns into account when computing hash pf = ZipContentFilter(args=self._args) @@ -825,10 +856,9 @@ def commands_step(path, commands): hash(path) if patterns: - step('clear:filter') + step("clear:filter") else: - raise ValueError( - 'Unsupported source_path item: {}'.format(claim)) + raise ValueError("Unsupported source_path item: {}".format(claim)) self._source_paths = source_paths return build_plan @@ -840,8 +870,8 @@ def execute(self, build_plan, zip_stream, query): for action in build_plan: cmd = action[0] - if cmd.startswith('zip'): - ts = 0 if cmd == 'zip:embedded' else None + if cmd.startswith("zip"): + ts = 0 if cmd == "zip:embedded" else None source_path, prefix = action[1:] if sh_work_dir: if source_path != sh_work_dir: @@ -849,13 +879,14 @@ def execute(self, build_plan, zip_stream, query): source_path = sh_work_dir if os.path.isdir(source_path): if pf: - self._zip_write_with_filter(zs, pf, source_path, prefix, - timestamp=ts) + self._zip_write_with_filter( + zs, pf, source_path, prefix, timestamp=ts + ) else: zs.write_dirs(source_path, prefix=prefix, timestamp=ts) else: zs.write_file(source_path, prefix=prefix, timestamp=ts) - elif cmd == 'pip': + elif cmd == "pip": runtime, pip_requirements, prefix, tmp_dir = action[1:] with install_pip_requirements(query, pip_requirements, tmp_dir) as rd: if rd: @@ -873,39 +904,38 @@ def execute(self, build_plan, zip_stream, query): else: # XXX: timestamp=0 - what actually do with it? zs.write_dirs(rd, prefix=prefix, timestamp=0) - elif cmd == 'npm': + elif cmd == "npm": runtime, npm_requirements, prefix, tmp_dir = action[1:] with install_npm_requirements(query, npm_requirements, tmp_dir) as rd: if rd: if pf: - self._zip_write_with_filter(zs, pf, rd, prefix, - timestamp=0) + self._zip_write_with_filter(zs, pf, rd, prefix, timestamp=0) else: # XXX: timestamp=0 - what actually do with it? zs.write_dirs(rd, prefix=prefix, timestamp=0) - elif cmd == 'sh': + elif cmd == "sh": r, w = os.pipe() side_ch = os.fdopen(r) path, script = action[1:] script = "{}\npwd >&{}".format(script, w) - p = subprocess.Popen(script, shell=True, cwd=path, - pass_fds=(w,)) + p = subprocess.Popen(script, shell=True, cwd=path, pass_fds=(w,)) os.close(w) sh_work_dir = side_ch.read().strip() p.wait() - log.info('WD: %s', sh_work_dir) + log.info("WD: %s", sh_work_dir) side_ch.close() - elif cmd == 'set:filter': + elif cmd == "set:filter": patterns = action[1] pf = ZipContentFilter(args=self._args) pf.compile(patterns) - elif cmd == 'clear:filter': + elif cmd == "clear:filter": pf = None @staticmethod - def _zip_write_with_filter(zip_stream, path_filter, source_path, prefix, - timestamp=None): + def _zip_write_with_filter( + zip_stream, path_filter, source_path, prefix, timestamp=None + ): for path in path_filter.filter(source_path, prefix): if os.path.isdir(source_path): arcname = os.path.relpath(path, source_path) @@ -940,8 +970,9 @@ def install_pip_requirements(query, requirements_file, tmp_dir): output = check_output(docker_image_id_command(docker_image)) if output: docker_image_tag_id = output.decode().strip() - log.debug("DOCKER TAG ID: %s -> %s", - docker_image, docker_image_tag_id) + log.debug( + "DOCKER TAG ID: %s -> %s", docker_image, docker_image_tag_id + ) ok = True if ok: break @@ -953,12 +984,13 @@ def install_pip_requirements(query, requirements_file, tmp_dir): check_call(docker_cmd) ok = True elif docker_file or docker_build_root: - raise ValueError('docker_image must be specified ' - 'for a custom image future references') + raise ValueError( + "docker_image must be specified " "for a custom image future references" + ) working_dir = os.getcwd() - log.info('Installing python requirements: %s', requirements_file) + log.info("Installing python requirements: %s", requirements_file) with tempdir(tmp_dir) as temp_dir: requirements_filename = os.path.basename(requirements_file) target_file = os.path.join(temp_dir, requirements_filename) @@ -969,22 +1001,27 @@ def install_pip_requirements(query, requirements_file, tmp_dir): if not docker: if WINDOWS: - python_exec = 'python.exe' + python_exec = "python.exe" elif OSX: # Workaround for OSX when XCode command line tools' # python becomes the main system python interpreter - os_path = '{}:/Library/Developer/CommandLineTools' \ - '/usr/bin'.format(os.environ['PATH']) + os_path = "{}:/Library/Developer/CommandLineTools" "/usr/bin".format( + os.environ["PATH"] + ) subproc_env = os.environ.copy() - subproc_env['PATH'] = os_path + subproc_env["PATH"] = os_path # Install dependencies into the temporary directory. with cd(temp_dir): pip_command = [ - python_exec, '-m', 'pip', - 'install', '--no-compile', - '--prefix=', '--target=.', - '--requirement={}'.format(requirements_filename), + python_exec, + "-m", + "pip", + "install", + "--no-compile", + "--prefix=", + "--target=.", + "--requirement={}".format(requirements_filename), ] if docker: with_ssh_agent = docker.with_ssh_agent @@ -992,22 +1029,32 @@ def install_pip_requirements(query, requirements_file, tmp_dir): if pip_cache_dir: if isinstance(pip_cache_dir, str): pip_cache_dir = os.path.abspath( - os.path.join(working_dir, pip_cache_dir)) + os.path.join(working_dir, pip_cache_dir) + ) else: - pip_cache_dir = os.path.abspath(os.path.join( - working_dir, artifacts_dir, 'cache/pip')) - - chown_mask = '{}:{}'.format(os.getuid(), os.getgid()) - shell_command = [shlex_join(pip_command), '&&', - shlex_join(['chown', '-R', - chown_mask, '.'])] - shell_command = [' '.join(shell_command)] - check_call(docker_run_command( - '.', shell_command, runtime, - image=docker_image_tag_id, - shell=True, ssh_agent=with_ssh_agent, - pip_cache_dir=pip_cache_dir, docker=docker, - )) + pip_cache_dir = os.path.abspath( + os.path.join(working_dir, artifacts_dir, "cache/pip") + ) + + chown_mask = "{}:{}".format(os.getuid(), os.getgid()) + shell_command = [ + shlex_join(pip_command), + "&&", + shlex_join(["chown", "-R", chown_mask, "."]), + ] + shell_command = [" ".join(shell_command)] + check_call( + docker_run_command( + ".", + shell_command, + runtime, + image=docker_image_tag_id, + shell=True, + ssh_agent=with_ssh_agent, + pip_cache_dir=pip_cache_dir, + docker=docker, + ) + ) else: cmd_log.info(shlex_join(pip_command)) log_handler and log_handler.flush() @@ -1080,6 +1127,7 @@ def install_poetry_dependencies(query, path): log.info("Installing python dependencies with poetry & pip: %s", poetry_lock_file) with tempdir() as temp_dir: + def copy_file_to_target(file, temp_dir): filename = os.path.basename(file) target_file = os.path.join(temp_dir, filename) @@ -1221,8 +1269,9 @@ def install_npm_requirements(query, requirements_file, tmp_dir): output = check_output(docker_image_id_command(docker_image)) if output: docker_image_tag_id = output.decode().strip() - log.debug("DOCKER TAG ID: %s -> %s", - docker_image, docker_image_tag_id) + log.debug( + "DOCKER TAG ID: %s -> %s", docker_image, docker_image_tag_id + ) ok = True if ok: break @@ -1234,39 +1283,47 @@ def install_npm_requirements(query, requirements_file, tmp_dir): check_call(docker_cmd) ok = True elif docker_file or docker_build_root: - raise ValueError('docker_image must be specified ' - 'for a custom image future references') + raise ValueError( + "docker_image must be specified " "for a custom image future references" + ) - log.info('Installing npm requirements: %s', requirements_file) + log.info("Installing npm requirements: %s", requirements_file) with tempdir(tmp_dir) as temp_dir: requirements_filename = os.path.basename(requirements_file) target_file = os.path.join(temp_dir, requirements_filename) shutil.copyfile(requirements_file, target_file) subproc_env = None - npm_exec = 'npm' + npm_exec = "npm" if not docker: if WINDOWS: - npm_exec = 'npm.cmd' + npm_exec = "npm.cmd" elif OSX: subproc_env = os.environ.copy() # Install dependencies into the temporary directory. with cd(temp_dir): - npm_command = [npm_exec, 'install'] + npm_command = [npm_exec, "install"] if docker: with_ssh_agent = docker.with_ssh_agent - chown_mask = '{}:{}'.format(os.getuid(), os.getgid()) - shell_command = [shlex_join(npm_command), '&&', - shlex_join(['chown', '-R', - chown_mask, '.'])] - shell_command = [' '.join(shell_command)] - check_call(docker_run_command( - '.', shell_command, runtime, - image=docker_image_tag_id, - shell=True, ssh_agent=with_ssh_agent, - docker=docker, - )) + chown_mask = "{}:{}".format(os.getuid(), os.getgid()) + shell_command = [ + shlex_join(npm_command), + "&&", + shlex_join(["chown", "-R", chown_mask, "."]), + ] + shell_command = [" ".join(shell_command)] + check_call( + docker_run_command( + ".", + shell_command, + runtime, + image=docker_image_tag_id, + shell=True, + ssh_agent=with_ssh_agent, + docker=docker, + ) + ) else: cmd_log.info(shlex_join(npm_command)) log_handler and log_handler.flush() @@ -1285,7 +1342,7 @@ def install_npm_requirements(query, requirements_file, tmp_dir): def docker_image_id_command(tag): """""" - docker_cmd = ['docker', 'images', '--format={{.ID}}', tag] + docker_cmd = ["docker", "images", "--format={{.ID}}", tag] cmd_log.info(shlex_join(docker_cmd)) log_handler and log_handler.flush() return docker_cmd @@ -1294,18 +1351,18 @@ def docker_image_id_command(tag): def docker_build_command(tag=None, docker_file=None, build_root=False): """""" if not (build_root or docker_file): - raise ValueError('docker_build_root or docker_file must be provided') + raise ValueError("docker_build_root or docker_file must be provided") - docker_cmd = ['docker', 'build'] + docker_cmd = ["docker", "build"] if tag: - docker_cmd.extend(['--tag', tag]) + docker_cmd.extend(["--tag", tag]) else: - raise ValueError('docker_image must be specified') + raise ValueError("docker_image must be specified") if not build_root: build_root = os.path.dirname(docker_file) if docker_file: - docker_cmd.extend(['--file', docker_file]) + docker_cmd.extend(["--file", docker_file]) docker_cmd.append(build_root) cmd_log.info(shlex_join(docker_cmd)) @@ -1313,76 +1370,101 @@ def docker_build_command(tag=None, docker_file=None, build_root=False): return docker_cmd -def docker_run_command(build_root, command, runtime, - image=None, shell=None, ssh_agent=False, - interactive=False, pip_cache_dir=None, poetry_cache_dir=None, - docker=None): +def docker_run_command( + build_root, + command, + runtime, + image=None, + shell=None, + ssh_agent=False, + interactive=False, + pip_cache_dir=None, + poetry_cache_dir=None, + docker=None, +): """""" - if platform.system() not in ('Linux', 'Darwin'): + if platform.system() not in ("Linux", "Darwin"): raise RuntimeError("Unsupported platform for docker building") - workdir = '/var/task' + workdir = "/var/task" - docker_cmd = ['docker', 'run', '--rm', '-w', workdir] + docker_cmd = ["docker", "run", "--rm", "-w", workdir] if interactive: - docker_cmd.append('-it') + docker_cmd.append("-it") bind_path = os.path.abspath(build_root) - docker_cmd.extend(['-v', "{}:{}:z".format(bind_path, workdir)]) - - home = os.environ['HOME'] - docker_cmd.extend([ - # '-v', '{}/.ssh/id_rsa:/root/.ssh/id_rsa:z'.format(home), - '-v', '{}/.ssh/known_hosts:/root/.ssh/known_hosts:z'.format(home), - ]) + docker_cmd.extend(["-v", "{}:{}:z".format(bind_path, workdir)]) + + home = os.environ["HOME"] + docker_cmd.extend( + [ + # '-v', '{}/.ssh/id_rsa:/root/.ssh/id_rsa:z'.format(home), + "-v", + "{}/.ssh/known_hosts:/root/.ssh/known_hosts:z".format(home), + ] + ) if docker and docker.docker_additional_options: docker_cmd.extend(docker.docker_additional_options) if ssh_agent: - if platform.system() == 'Darwin': + if platform.system() == "Darwin": # https://docs.docker.com/docker-for-mac/osxfs/#ssh-agent-forwarding - docker_cmd.extend([ - '--mount', 'type=bind,' - 'src=/run/host-services/ssh-auth.sock,' - 'target=/run/host-services/ssh-auth.sock', - '-e', 'SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock', - ]) - elif platform.system() == 'Linux': - sock = os.environ['SSH_AUTH_SOCK'] # TODO: Handle missing env var - docker_cmd.extend([ - '-v', '{}:/tmp/ssh_sock:z'.format(sock), - '-e', 'SSH_AUTH_SOCK=/tmp/ssh_sock', - ]) - - if platform.system() in ('Linux', 'Darwin'): + docker_cmd.extend( + [ + "--mount", + "type=bind," + "src=/run/host-services/ssh-auth.sock," + "target=/run/host-services/ssh-auth.sock", + "-e", + "SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock", + ] + ) + elif platform.system() == "Linux": + sock = os.environ["SSH_AUTH_SOCK"] # TODO: Handle missing env var + docker_cmd.extend( + [ + "-v", + "{}:/tmp/ssh_sock:z".format(sock), + "-e", + "SSH_AUTH_SOCK=/tmp/ssh_sock", + ] + ) + + if platform.system() in ("Linux", "Darwin"): if pip_cache_dir: pip_cache_dir = os.path.abspath(pip_cache_dir) - docker_cmd.extend([ - '-v', '{}:/root/.cache/pip:z'.format(pip_cache_dir), - ]) + docker_cmd.extend( + [ + "-v", + "{}:/root/.cache/pip:z".format(pip_cache_dir), + ] + ) if poetry_cache_dir: poetry_cache_dir = os.path.abspath(poetry_cache_dir) - docker_cmd.extend([ - '-v', '{}:/root/.cache/pypoetry:z'.format(poetry_cache_dir), - ]) + docker_cmd.extend( + [ + "-v", + "{}:/root/.cache/pypoetry:z".format(poetry_cache_dir), + ] + ) if not image: - image = 'public.ecr.aws/sam/build-{}'.format(runtime) + image = "public.ecr.aws/sam/build-{}".format(runtime) if docker and docker.docker_entrypoint: - docker_cmd.extend(['--entrypoint', docker.docker_entrypoint]) + docker_cmd.extend(["--entrypoint", docker.docker_entrypoint]) else: - docker_cmd.extend(['--entrypoint', '']) + docker_cmd.extend(["--entrypoint", ""]) docker_cmd.append(image) assert isinstance(command, list) if shell: if not isinstance(shell, str): - shell = '/bin/sh' - docker_cmd.extend([shell, '-c']) + shell = "/bin/sh" + docker_cmd.extend([shell, "-c"]) docker_cmd.extend(command) cmd_log.info(shlex_join(docker_cmd)) @@ -1393,6 +1475,7 @@ def docker_run_command(build_root, command, runtime, ################################################################################ # Commands + def prepare_command(args): """ Generates a content hash of the source_path, which is used to determine if @@ -1401,7 +1484,7 @@ def prepare_command(args): Outputs a filename and a command to run if the archive needs to be built. """ - log = logging.getLogger('prepare') + log = logging.getLogger("prepare") # Load the query. query_data = json.load(sys.stdin) @@ -1409,13 +1492,13 @@ def prepare_command(args): dump_env() if log.isEnabledFor(DEBUG2): if log.isEnabledFor(DEBUG3): - log.debug('QUERY: %s', json.dumps(query_data, indent=2)) + log.debug("QUERY: %s", json.dumps(query_data, indent=2)) else: - log_excludes = ('source_path', 'hash_extra_paths', 'paths') + log_excludes = ("source_path", "hash_extra_paths", "paths") qd = {k: v for k, v in query_data.items() if k not in log_excludes} - log.debug('QUERY (excerpt): %s', json.dumps(qd, indent=2)) + log.debug("QUERY (excerpt): %s", json.dumps(qd, indent=2)) - query = datatree('prepare_query', **query_data) + query = datatree("prepare_query", **query_data) tf_paths = query.paths runtime = query.runtime @@ -1424,14 +1507,18 @@ def prepare_command(args): hash_extra_paths = query.hash_extra_paths source_path = query.source_path hash_extra = query.hash_extra - recreate_missing_package = yesno_bool(args.recreate_missing_package if args.recreate_missing_package is not None else query.recreate_missing_package) + recreate_missing_package = yesno_bool( + args.recreate_missing_package + if args.recreate_missing_package is not None + else query.recreate_missing_package + ) docker = query.docker bpm = BuildPlanManager(args, log=log) build_plan = bpm.plan(source_path, query) if log.isEnabledFor(DEBUG2): - log.debug('BUILD_PLAN: %s', json.dumps(build_plan, indent=2)) + log.debug("BUILD_PLAN: %s", json.dumps(build_plan, indent=2)) # Expand a Terraform path. references hash_extra_paths = [p.format(path=tf_paths) for p in hash_extra_paths] @@ -1443,7 +1530,7 @@ def prepare_command(args): content_hash = content_hash.hexdigest() # Generate a unique filename based on the hash. - filename = os.path.join(artifacts_dir, '{}.zip'.format(content_hash)) + filename = os.path.join(artifacts_dir, "{}.zip".format(content_hash)) # Compute timestamp trigger was_missing = False @@ -1456,36 +1543,40 @@ def prepare_command(args): timestamp = timestamp_now_ns() was_missing = True else: - timestamp = "" + timestamp = "" # Replace variables in the build command with calculated values. build_data = { - 'filename': filename, - 'runtime': runtime, - 'artifacts_dir': artifacts_dir, - 'build_plan': build_plan, + "filename": filename, + "runtime": runtime, + "artifacts_dir": artifacts_dir, + "build_plan": build_plan, } if docker: - build_data['docker'] = docker + build_data["docker"] = docker build_plan = json.dumps(build_data) - build_plan_filename = os.path.join(artifacts_dir, - '{}.plan.json'.format(content_hash)) + build_plan_filename = os.path.join( + artifacts_dir, "{}.plan.json".format(content_hash) + ) if not os.path.exists(artifacts_dir): os.makedirs(artifacts_dir, exist_ok=True) - with open(build_plan_filename, 'w') as f: + with open(build_plan_filename, "w") as f: f.write(build_plan) # Output the result to Terraform. - json.dump({ - 'filename': filename, - 'build_plan': build_plan, - 'build_plan_filename': build_plan_filename, - 'timestamp': str(timestamp), - 'was_missing': 'true' if was_missing else 'false', - }, sys.stdout, indent=2) - sys.stdout.write('\n') + json.dump( + { + "filename": filename, + "build_plan": build_plan, + "build_plan_filename": build_plan_filename, + "timestamp": str(timestamp), + "was_missing": "true" if was_missing else "false", + }, + sys.stdout, + indent=2, + ) + sys.stdout.write("\n") def build_command(args): @@ -1494,15 +1585,15 @@ def build_command(args): Installs dependencies with pip or npm automatically. """ - log = logging.getLogger('build') + log = logging.getLogger("build") dump_env() if log.isEnabledFor(DEBUG2): - log.debug('CMD: python3 %s', shlex_join(sys.argv)) + log.debug("CMD: python3 %s", shlex_join(sys.argv)) with open(args.build_plan_file) as f: query_data = json.load(f) - query = datatree('build_query', **query_data) + query = datatree("build_query", **query_data) runtime = query.runtime filename = query.filename @@ -1514,7 +1605,7 @@ def build_command(args): timestamp = int(_timestamp) if os.path.exists(filename) and not args.force: - log.info('Reused: %s', shlex.quote(filename)) + log.info("Reused: %s", shlex.quote(filename)) return # Zip up the build plan and write it to the target filename. @@ -1524,10 +1615,10 @@ def build_command(args): bpm.execute(build_plan, zs, query) os.utime(filename, ns=(timestamp, timestamp)) - log.info('Created: %s', shlex.quote(filename)) + log.info("Created: %s", shlex.quote(filename)) if log.isEnabledFor(logging.DEBUG): - with open(filename, 'rb') as f: - log.info('Base64sha256: %s', source_code_hash(f.read())) + with open(filename, "rb") as f: + log.info("Base64sha256: %s", source_code_hash(f.read())) def add_hidden_commands(sub_parsers): @@ -1538,22 +1629,34 @@ def hidden_parser(name, **kwargs): sp._choices_actions.pop() # XXX: help=argparse.SUPPRESS - doesn't work return p - p = hidden_parser('docker', help='Run docker build') - p.set_defaults(command=lambda args: subprocess.call(docker_run_command( - args.build_root, args.docker_command, args.runtime, interactive=True))) - p.add_argument('build_root', help='A docker build root folder') - p.add_argument('docker_command', help='A docker container command', - metavar='command', nargs=argparse.REMAINDER) - p.add_argument('-r', '--runtime', help='A docker image runtime', - default='python3.8') - - p = hidden_parser('docker-image', help='Run docker build') - p.set_defaults(command=lambda args: subprocess.call(docker_build_command( - args.build_root, args.docker_file, args.tag))) - p.add_argument('-t', '--tag', help='A docker image tag') - p.add_argument('build_root', help='A docker build root folder') - p.add_argument('docker_file', help='A docker file path', - nargs=argparse.OPTIONAL) + p = hidden_parser("docker", help="Run docker build") + p.set_defaults( + command=lambda args: subprocess.call( + docker_run_command( + args.build_root, args.docker_command, args.runtime, interactive=True + ) + ) + ) + p.add_argument("build_root", help="A docker build root folder") + p.add_argument( + "docker_command", + help="A docker container command", + metavar="command", + nargs=argparse.REMAINDER, + ) + p.add_argument( + "-r", "--runtime", help="A docker image runtime", default="python3.8" + ) + + p = hidden_parser("docker-image", help="Run docker build") + p.set_defaults( + command=lambda args: subprocess.call( + docker_build_command(args.build_root, args.docker_file, args.tag) + ) + ) + p.add_argument("-t", "--tag", help="A docker image tag") + p.add_argument("build_root", help="A docker build root folder") + p.add_argument("docker_file", help="A docker file path", nargs=argparse.OPTIONAL) def zip_cmd(args): if args.verbose: @@ -1561,27 +1664,33 @@ def zip_cmd(args): with ZipWriteStream(args.zipfile) as zs: zs.write_dirs(*args.dir, timestamp=args.timestamp) if log.isEnabledFor(logging.DEBUG): - zipinfo = shutil.which('zipinfo') + zipinfo = shutil.which("zipinfo") if zipinfo: - log.debug('-' * 80) + log.debug("-" * 80) subprocess.call([zipinfo, args.zipfile]) - log.debug('-' * 80) - log.debug('Source code hash: %s', - source_code_hash(open(args.zipfile, 'rb').read())) + log.debug("-" * 80) + log.debug( + "Source code hash: %s", + source_code_hash(open(args.zipfile, "rb").read()), + ) - p = hidden_parser('zip', help='Zip folder with provided files timestamp') + p = hidden_parser("zip", help="Zip folder with provided files timestamp") p.set_defaults(command=zip_cmd) - p.add_argument('zipfile', help='Path to a zip file') - p.add_argument('dir', nargs=argparse.ONE_OR_MORE, - help='Path to a directory for packaging') - p.add_argument('-t', '--timestamp', type=int, - help='A timestamp to override for all zip members') - p.add_argument('-v', '--verbose', action='store_true') - - p = hidden_parser('hash', help='Generate content hash for a file') - p.set_defaults( - command=lambda args: print(source_code_hash(args.file.read()))) - p.add_argument('file', help='Path to a file', type=argparse.FileType('rb')) + p.add_argument("zipfile", help="Path to a zip file") + p.add_argument( + "dir", nargs=argparse.ONE_OR_MORE, help="Path to a directory for packaging" + ) + p.add_argument( + "-t", + "--timestamp", + type=int, + help="A timestamp to override for all zip members", + ) + p.add_argument("-v", "--verbose", action="store_true") + + p = hidden_parser("hash", help="Generate content hash for a file") + p.set_defaults(command=lambda args: print(source_code_hash(args.file.read()))) + p.add_argument("file", help="Path to a file", type=argparse.FileType("rb")) def args_parser(): @@ -1589,31 +1698,41 @@ def args_parser(): ap.set_defaults(command=lambda _: ap.print_usage()) sp = ap.add_subparsers(metavar="COMMAND") - p = sp.add_parser('prepare', - help='compute a filename hash for a zip archive') + p = sp.add_parser("prepare", help="compute a filename hash for a zip archive") p.set_defaults(command=prepare_command) - p = sp.add_parser('build', - help='build and pack to a zip archive') + p = sp.add_parser("build", help="build and pack to a zip archive") p.set_defaults(command=build_command) - p.add_argument('--force', action='store_true', - help='Force rebuilding even if a zip artifact exists') - p.add_argument('-t', '--timestamp', - dest='zip_file_timestamp', required=True, - help='A zip file timestamp generated by the prepare command') - p.add_argument('build_plan_file', metavar='PLAN_FILE', - help='A build plan file provided by the prepare command') + p.add_argument( + "--force", + action="store_true", + help="Force rebuilding even if a zip artifact exists", + ) + p.add_argument( + "-t", + "--timestamp", + dest="zip_file_timestamp", + required=True, + help="A zip file timestamp generated by the prepare command", + ) + p.add_argument( + "build_plan_file", + metavar="PLAN_FILE", + help="A build plan file provided by the prepare command", + ) add_hidden_commands(sp) return ap def main(): ns = argparse.Namespace( - pattern_comments=yesno_bool(os.environ.get( - 'TF_LAMBDA_PACKAGE_PATTERN_COMMENTS', False)), + pattern_comments=yesno_bool( + os.environ.get("TF_LAMBDA_PACKAGE_PATTERN_COMMENTS", False) + ), recreate_missing_package=os.environ.get( - 'TF_RECREATE_MISSING_LAMBDA_PACKAGE', None), - log_level=os.environ.get('TF_LAMBDA_PACKAGE_LOG_LEVEL', 'INFO'), + "TF_RECREATE_MISSING_LAMBDA_PACKAGE", None + ), + log_level=os.environ.get("TF_LAMBDA_PACKAGE_LOG_LEVEL", "INFO"), ) p = args_parser() @@ -1632,5 +1751,5 @@ def main(): exit(args.command(args)) -if __name__ == '__main__': +if __name__ == "__main__": main() From 259b40300f0719179a0e5c5a0143795597329ae8 Mon Sep 17 00:00:00 2001 From: JoshuaLicense Date: Fri, 19 Jan 2024 12:30:59 +0000 Subject: [PATCH 299/385] feat!: Added advanced logging configuration. Bump version of AWS provider to 5.32 (#531) Co-authored-by: Anton Babenko --- README.md | 8 +++- examples/alias/README.md | 4 +- examples/alias/versions.tf | 2 +- examples/async/README.md | 4 +- examples/async/versions.tf | 2 +- examples/build-package/README.md | 2 +- examples/build-package/versions.tf | 2 +- examples/code-signing/README.md | 4 +- examples/code-signing/versions.tf | 2 +- examples/complete/README.md | 7 +++- examples/complete/main.tf | 47 +++++++++++++++++++++++ examples/complete/versions.tf | 2 +- examples/container-image/README.md | 4 +- examples/container-image/versions.tf | 2 +- examples/deploy/README.md | 4 +- examples/deploy/versions.tf | 2 +- examples/event-source-mapping/versions.tf | 2 +- examples/multiple-regions/README.md | 6 +-- examples/multiple-regions/versions.tf | 2 +- examples/simple-cicd/README.md | 2 +- examples/simple-cicd/versions.tf | 2 +- examples/simple/README.md | 2 +- examples/simple/versions.tf | 2 +- examples/triggers/README.md | 4 +- examples/triggers/versions.tf | 2 +- examples/with-efs/README.md | 4 +- examples/with-efs/versions.tf | 2 +- examples/with-vpc-s3-endpoint/README.md | 4 +- examples/with-vpc-s3-endpoint/versions.tf | 2 +- examples/with-vpc/README.md | 2 +- examples/with-vpc/versions.tf | 2 +- main.tf | 11 +++++- variables.tf | 28 ++++++++++++++ versions.tf | 2 +- wrappers/main.tf | 4 ++ 35 files changed, 138 insertions(+), 45 deletions(-) diff --git a/README.md b/README.md index fc110287..e34ade5a 100644 --- a/README.md +++ b/README.md @@ -664,7 +664,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.63 | +| [aws](#requirement\_aws) | >= 5.32 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -673,7 +673,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.63 | +| [aws](#provider\_aws) | >= 5.32 | | [external](#provider\_external) | >= 1.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | @@ -809,6 +809,10 @@ No modules. | [layers](#input\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `null` | no | | [license\_info](#input\_license\_info) | License info for your Lambda Layer. Eg, MIT or full url of a license. | `string` | `""` | no | | [local\_existing\_package](#input\_local\_existing\_package) | The absolute path to an existing zip-file to use | `string` | `null` | no | +| [logging\_application\_log\_level](#input\_logging\_application\_log\_level) | The application log level of the Lambda Function. Valid values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", or "FATAL". | `string` | `null` | no | +| [logging\_log\_format](#input\_logging\_log\_format) | The log format of the Lambda Function. Valid values are "JSON" or "Text". | `string` | `"Text"` | no | +| [logging\_log\_group](#input\_logging\_log\_group) | The CloudWatch log group to send logs to. | `string` | `null` | no | +| [logging\_system\_log\_level](#input\_logging\_system\_log\_level) | The system log level of the Lambda Function. Valid values are "DEBUG", "INFO", or "WARN". | `string` | `null` | no | | [maximum\_event\_age\_in\_seconds](#input\_maximum\_event\_age\_in\_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | | [maximum\_retry\_attempts](#input\_maximum\_retry\_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | | [memory\_size](#input\_memory\_size) | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | `number` | `128` | no | diff --git a/examples/alias/README.md b/examples/alias/README.md index ad8fd013..6326614c 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 3.19 | +| [aws](#requirement\_aws) | >= 5.32 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.19 | +| [aws](#provider\_aws) | >= 5.32 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index c823dfe2..55278d04 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.19" + version = ">= 5.32" } random = { source = "hashicorp/random" diff --git a/examples/async/README.md b/examples/async/README.md index 742020fb..40c6fbb9 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 3.61 | +| [aws](#requirement\_aws) | >= 5.32 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.61 | +| [aws](#provider\_aws) | >= 5.32 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/async/versions.tf b/examples/async/versions.tf index d80dff9b..55278d04 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.61" + version = ">= 5.32" } random = { source = "hashicorp/random" diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 8aedf045..671fa45c 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 3.19 | +| [aws](#requirement\_aws) | >= 5.32 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index c823dfe2..55278d04 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.19" + version = ">= 5.32" } random = { source = "hashicorp/random" diff --git a/examples/code-signing/README.md b/examples/code-signing/README.md index d9d1f4bf..feaa1b38 100644 --- a/examples/code-signing/README.md +++ b/examples/code-signing/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.9 | +| [aws](#requirement\_aws) | >= 5.32 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.9 | +| [aws](#provider\_aws) | >= 5.32 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/code-signing/versions.tf b/examples/code-signing/versions.tf index 011e2dbe..55278d04 100644 --- a/examples/code-signing/versions.tf +++ b/examples/code-signing/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.9" + version = ">= 5.32" } random = { source = "hashicorp/random" diff --git a/examples/complete/README.md b/examples/complete/README.md index 0fa68c62..92c3256b 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.63 | +| [aws](#requirement\_aws) | >= 5.32 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.63 | +| [aws](#provider\_aws) | >= 5.32 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -41,6 +41,8 @@ Note that this example may create resources which cost money. Run `terraform des | [lambda\_function\_existing\_package\_local](#module\_lambda\_function\_existing\_package\_local) | ../../ | n/a | | [lambda\_function\_for\_each](#module\_lambda\_function\_for\_each) | ../../ | n/a | | [lambda\_function\_no\_create\_log\_group\_permission](#module\_lambda\_function\_no\_create\_log\_group\_permission) | ../../ | n/a | +| [lambda\_function\_with\_custom\_auto\_log\_group](#module\_lambda\_function\_with\_custom\_auto\_log\_group) | ../../ | n/a | +| [lambda\_function\_with\_custom\_log\_group](#module\_lambda\_function\_with\_custom\_log\_group) | ../../ | n/a | | [lambda\_function\_with\_package\_deploying\_externally](#module\_lambda\_function\_with\_package\_deploying\_externally) | ../../ | n/a | | [lambda\_layer\_local](#module\_lambda\_layer\_local) | ../../ | n/a | | [lambda\_layer\_s3](#module\_lambda\_layer\_s3) | ../../ | n/a | @@ -53,6 +55,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Type | |------|------| +| [aws_cloudwatch_log_group.custom](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | | [aws_sqs_queue.dlq](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 62e51084..5773b7dd 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -389,6 +389,48 @@ module "lambda_function_no_create_log_group_permission" { attach_create_log_group_permission = false } +#################################################### +# Lambda Function with custom log group (existing) +#################################################### + +module "lambda_function_with_custom_log_group" { + source = "../../" + + function_name = "${random_pet.this.id}-lambda-with-custom-log-group" + handler = "index.lambda_handler" + runtime = "python3.8" + + create_package = false + local_existing_package = "../fixtures/python3.8-zip/existing_package.zip" + + use_existing_cloudwatch_log_group = true + + logging_log_group = aws_cloudwatch_log_group.custom.name + logging_log_format = "JSON" + logging_application_log_level = "INFO" + logging_system_log_level = "DEBUG" +} + +#################################################################### +# Lambda Function with custom log group (automatically provisioned) +#################################################################### + +module "lambda_function_with_custom_auto_log_group" { + source = "../../" + + function_name = "${random_pet.this.id}-lambda-with-custom-auto-log-group" + handler = "index.lambda_handler" + runtime = "python3.8" + + create_package = false + local_existing_package = "../fixtures/python3.8-zip/existing_package.zip" + + logging_log_group = "/example-auto/${random_pet.this.id}" + logging_log_format = "JSON" + logging_application_log_level = "INFO" + logging_system_log_level = "DEBUG" +} + ########### # Disabled ########### @@ -428,3 +470,8 @@ module "s3_bucket" { resource "aws_sqs_queue" "dlq" { name = random_pet.this.id } + +resource "aws_cloudwatch_log_group" "custom" { + name = "/example/${random_pet.this.id}" + retention_in_days = 1 +} diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 5afa48b5..55278d04 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.63" + version = ">= 5.32" } random = { source = "hashicorp/random" diff --git a/examples/container-image/README.md b/examples/container-image/README.md index af9c7e86..0733612f 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 3.19 | +| [aws](#requirement\_aws) | >= 5.32 | | [docker](#requirement\_docker) | >= 3.0 | | [random](#requirement\_random) | >= 2.0 | @@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.19 | +| [aws](#provider\_aws) | >= 5.32 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index 121e5fb2..a774c835 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.19" + version = ">= 5.32" } docker = { source = "kreuzwerker/docker" diff --git a/examples/deploy/README.md b/examples/deploy/README.md index aa34691b..b900c919 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 3.19 | +| [aws](#requirement\_aws) | >= 5.32 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.19 | +| [aws](#provider\_aws) | >= 5.32 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index c823dfe2..55278d04 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.19" + version = ">= 5.32" } random = { source = "hashicorp/random" diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 8d7f35e0..55278d04 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.69" + version = ">= 5.32" } random = { source = "hashicorp/random" diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 63de0b55..af982fc8 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -21,15 +21,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 3.19 | +| [aws](#requirement\_aws) | >= 5.32 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.19 | -| [aws.us-east-1](#provider\_aws.us-east-1) | >= 3.19 | +| [aws](#provider\_aws) | >= 5.32 | +| [aws.us-east-1](#provider\_aws.us-east-1) | >= 5.32 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index c823dfe2..55278d04 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.19" + version = ">= 5.32" } random = { source = "hashicorp/random" diff --git a/examples/simple-cicd/README.md b/examples/simple-cicd/README.md index 05f93a51..93d1e4c5 100644 --- a/examples/simple-cicd/README.md +++ b/examples/simple-cicd/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.63 | +| [aws](#requirement\_aws) | >= 5.32 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/simple-cicd/versions.tf b/examples/simple-cicd/versions.tf index 5afa48b5..55278d04 100644 --- a/examples/simple-cicd/versions.tf +++ b/examples/simple-cicd/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.63" + version = ">= 5.32" } random = { source = "hashicorp/random" diff --git a/examples/simple/README.md b/examples/simple/README.md index 186a2cb3..4c093861 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 3.19 | +| [aws](#requirement\_aws) | >= 5.32 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index c823dfe2..55278d04 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.19" + version = ">= 5.32" } random = { source = "hashicorp/random" diff --git a/examples/triggers/README.md b/examples/triggers/README.md index 75634aec..0bfc0a69 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 2.67 | +| [aws](#requirement\_aws) | >= 5.32 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.67 | +| [aws](#provider\_aws) | >= 5.32 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/triggers/versions.tf b/examples/triggers/versions.tf index b06121e1..55278d04 100644 --- a/examples/triggers/versions.tf +++ b/examples/triggers/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.67" + version = ">= 5.32" } random = { source = "hashicorp/random" diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index a1d479cb..f835445d 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 3.19 | +| [aws](#requirement\_aws) | >= 5.32 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.19 | +| [aws](#provider\_aws) | >= 5.32 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index c823dfe2..55278d04 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.19" + version = ">= 5.32" } random = { source = "hashicorp/random" diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index b11163d5..d84f6bdc 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -22,14 +22,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.33 | +| [aws](#requirement\_aws) | >= 5.32 | | [random](#requirement\_random) | >= 3.4 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.33 | +| [aws](#provider\_aws) | >= 5.32 | | [random](#provider\_random) | >= 3.4 | ## Modules diff --git a/examples/with-vpc-s3-endpoint/versions.tf b/examples/with-vpc-s3-endpoint/versions.tf index 00032cb7..fd604c66 100644 --- a/examples/with-vpc-s3-endpoint/versions.tf +++ b/examples/with-vpc-s3-endpoint/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.33" + version = ">= 5.32" } random = { source = "hashicorp/random" diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 2d0034ed..28844bbd 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 3.19 | +| [aws](#requirement\_aws) | >= 5.32 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index c823dfe2..55278d04 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.19" + version = ">= 5.32" } random = { source = "hashicorp/random" diff --git a/main.tf b/main.tf index ad208d7b..a2d045df 100644 --- a/main.tf +++ b/main.tf @@ -112,6 +112,13 @@ resource "aws_lambda_function" "this" { } } + logging_config { + log_group = var.logging_log_group + log_format = var.logging_log_format + application_log_level = var.logging_application_log_level + system_log_level = var.logging_system_log_level + } + dynamic "timeouts" { for_each = length(var.timeouts) > 0 ? [true] : [] @@ -189,13 +196,13 @@ resource "aws_s3_object" "lambda_package" { data "aws_cloudwatch_log_group" "lambda" { count = local.create && var.create_function && !var.create_layer && var.use_existing_cloudwatch_log_group ? 1 : 0 - name = "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}" + name = coalesce(var.logging_log_group, "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}") } resource "aws_cloudwatch_log_group" "lambda" { count = local.create && var.create_function && !var.create_layer && !var.use_existing_cloudwatch_log_group ? 1 : 0 - name = "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}" + name = coalesce(var.logging_log_group, "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}") retention_in_days = var.cloudwatch_logs_retention_in_days kms_key_id = var.cloudwatch_logs_kms_key_id diff --git a/variables.tf b/variables.tf index 28a2b82e..861ce789 100644 --- a/variables.tf +++ b/variables.tf @@ -767,3 +767,31 @@ variable "trigger_on_package_timestamp" { type = bool default = true } + +############################################ +# Lambda Advanced Logging Settings +############################################ + +variable "logging_log_format" { + description = "The log format of the Lambda Function. Valid values are \"JSON\" or \"Text\"." + type = string + default = "Text" +} + +variable "logging_application_log_level" { + description = "The application log level of the Lambda Function. Valid values are \"TRACE\", \"DEBUG\", \"INFO\", \"WARN\", \"ERROR\", or \"FATAL\"." + type = string + default = null +} + +variable "logging_system_log_level" { + description = "The system log level of the Lambda Function. Valid values are \"DEBUG\", \"INFO\", or \"WARN\"." + type = string + default = null +} + +variable "logging_log_group" { + description = "The CloudWatch log group to send logs to." + type = string + default = null +} diff --git a/versions.tf b/versions.tf index 595ff834..6c511ac4 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.63" + version = ">= 5.32" } external = { source = "hashicorp/external" diff --git a/wrappers/main.tf b/wrappers/main.tf index a5f8683c..8a51d37f 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -75,6 +75,10 @@ module "wrapper" { layers = try(each.value.layers, var.defaults.layers, null) license_info = try(each.value.license_info, var.defaults.license_info, "") local_existing_package = try(each.value.local_existing_package, var.defaults.local_existing_package, null) + logging_application_log_level = try(each.value.logging_application_log_level, var.defaults.logging_application_log_level, null) + logging_log_format = try(each.value.logging_log_format, var.defaults.logging_log_format, "Text") + logging_log_group = try(each.value.logging_log_group, var.defaults.logging_log_group, null) + logging_system_log_level = try(each.value.logging_system_log_level, var.defaults.logging_system_log_level, null) maximum_event_age_in_seconds = try(each.value.maximum_event_age_in_seconds, var.defaults.maximum_event_age_in_seconds, null) maximum_retry_attempts = try(each.value.maximum_retry_attempts, var.defaults.maximum_retry_attempts, null) memory_size = try(each.value.memory_size, var.defaults.memory_size, 128) From 52a230b39d57408e4744ed708d7c64ffe39658d3 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 19 Jan 2024 12:31:27 +0000 Subject: [PATCH 300/385] chore(release): version 7.0.0 [skip ci] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## [7.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.8.0...v7.0.0) (2024-01-19) ### ⚠ BREAKING CHANGES * Added advanced logging configuration. Bump version of AWS provider to 5.32 (#531) ### Features * Added advanced logging configuration. Bump version of AWS provider to 5.32 ([#531](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/531)) ([259b403](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/259b40300f0719179a0e5c5a0143795597329ae8)) --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e1eaa34..6e66db9b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ All notable changes to this project will be documented in this file. +## [7.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.8.0...v7.0.0) (2024-01-19) + + +### ⚠ BREAKING CHANGES + +* Added advanced logging configuration. Bump version of AWS provider to 5.32 (#531) + +### Features + +* Added advanced logging configuration. Bump version of AWS provider to 5.32 ([#531](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/531)) ([259b403](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/259b40300f0719179a0e5c5a0143795597329ae8)) + ## [6.8.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.7.1...v6.8.0) (2024-01-17) From eebfc3618ae290683456dc4e2fc7136857a95c57 Mon Sep 17 00:00:00 2001 From: Fran R Date: Mon, 22 Jan 2024 17:47:26 +0000 Subject: [PATCH 301/385] feat: Commands should fail the build if their exit code is not zero (#534) --- README.md | 1 + package.py | 26 ++++++++++++++++++-------- tests/test_package_toml.py | 20 +++++++++++++++++++- 3 files changed, 38 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index e34ade5a..e6619e30 100644 --- a/README.md +++ b/README.md @@ -439,6 +439,7 @@ source_path = [ - If you specify a source path as a string that references a folder and the runtime begins with `python` or `nodejs`, the build process will automatically build python and nodejs dependencies if `requirements.txt` or `package.json` file will be found in the source folder. If you want to customize this behavior, please use the object notation as explained below. - All arguments except `path` are optional. - `patterns` - List of Python regex filenames should satisfy. Default value is "include everything" which is equal to `patterns = [".*"]`. This can also be specified as multiline heredoc string (no comments allowed). Some examples of valid patterns: +- If you use the `commands` option and chain multiple commands, only the exit code of last command will be checked for success. If you prefer to fail fast, start the commands with the bash option `set -e` or powershell option `$ErrorActionPreference="Stop"` ```txt !.*/.*\.txt # Filter all txt files recursively diff --git a/package.py b/package.py index e554b9cd..a4e6b736 100644 --- a/package.py +++ b/package.py @@ -914,17 +914,27 @@ def execute(self, build_plan, zip_stream, query): # XXX: timestamp=0 - what actually do with it? zs.write_dirs(rd, prefix=prefix, timestamp=0) elif cmd == "sh": - r, w = os.pipe() - side_ch = os.fdopen(r) path, script = action[1:] - script = "{}\npwd >&{}".format(script, w) + p = subprocess.Popen( + script, + shell=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + cwd=path, + ) - p = subprocess.Popen(script, shell=True, cwd=path, pass_fds=(w,)) - os.close(w) - sh_work_dir = side_ch.read().strip() p.wait() - log.info("WD: %s", sh_work_dir) - side_ch.close() + call_stdout, call_stderr = p.communicate() + exit_code = p.returncode + log.info("exit_code: %s", exit_code) + if exit_code != 0: + raise RuntimeError( + "Script did not run successfully, exit code {}: {} - {}".format( + exit_code, + call_stdout.decode("utf-8").strip(), + call_stderr.decode("utf-8").strip(), + ) + ) elif cmd == "set:filter": patterns = action[1] pf = ZipContentFilter(args=self._args) diff --git a/tests/test_package_toml.py b/tests/test_package_toml.py index 129ac588..4861c6f4 100644 --- a/tests/test_package_toml.py +++ b/tests/test_package_toml.py @@ -1,4 +1,6 @@ -from package import get_build_system_from_pyproject_toml +from package import get_build_system_from_pyproject_toml, BuildPlanManager +from pytest import raises +from unittest.mock import Mock def test_get_build_system_from_pyproject_toml_inexistent(): @@ -14,6 +16,22 @@ def test_get_build_system_from_pyproject_toml_unknown(): ) +def test_build_manager_sucess_command(): + bpm = BuildPlanManager(args=Mock()) + # Should not have exception raised + bpm.execute(build_plan=[["sh", "/tmp", "pwd"]], zip_stream=None, query=None) + + +def test_build_manager_failing_command(): + bpm = BuildPlanManager(args=Mock()) + with raises(Exception): + bpm.execute( + build_plan=[["sh", "/tmp", "NOTACOMMAND"]], + zip_stream=None, + query=None, + ) + + def test_get_build_system_from_pyproject_toml_poetry(): assert ( get_build_system_from_pyproject_toml( From cff94611d6936d74b161a86e8927cf51f201dd62 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 22 Jan 2024 17:47:57 +0000 Subject: [PATCH 302/385] chore(release): version 7.1.0 [skip ci] ## [7.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.0.0...v7.1.0) (2024-01-22) ### Features * Commands should fail the build if their exit code is not zero ([#534](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/534)) ([eebfc36](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/eebfc3618ae290683456dc4e2fc7136857a95c57)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e66db9b..01b86f96 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.0.0...v7.1.0) (2024-01-22) + + +### Features + +* Commands should fail the build if their exit code is not zero ([#534](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/534)) ([eebfc36](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/eebfc3618ae290683456dc4e2fc7136857a95c57)) + ## [7.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v6.8.0...v7.0.0) (2024-01-19) From e33a1a1ad214d1c1e5aa0adb0d40c50cfd21d135 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 26 Jan 2024 13:27:36 +0100 Subject: [PATCH 303/385] feat: Added support to override default tags of provider in S3 object (#538) --- README.md | 1 + examples/complete/main.tf | 6 ++++++ main.tf | 10 ++++++++++ variables.tf | 6 ++++++ wrappers/main.tf | 1 + 5 files changed, 24 insertions(+) diff --git a/README.md b/README.md index e6619e30..21f2884a 100644 --- a/README.md +++ b/README.md @@ -846,6 +846,7 @@ No modules. | [s3\_bucket](#input\_s3\_bucket) | S3 bucket to store artifacts | `string` | `null` | no | | [s3\_existing\_package](#input\_s3\_existing\_package) | The S3 bucket object with keys bucket, key, version pointing to an existing zip-file to use | `map(string)` | `null` | no | | [s3\_kms\_key\_id](#input\_s3\_kms\_key\_id) | Specifies a custom KMS key to use for S3 object encryption. | `string` | `null` | no | +| [s3\_object\_override\_default\_tags](#input\_s3\_object\_override\_default\_tags) | Whether to override the default\_tags from provider? NB: S3 objects support a maximum of 10 tags. | `bool` | `false` | no | | [s3\_object\_storage\_class](#input\_s3\_object\_storage\_class) | Specifies the desired Storage Class for the artifact uploaded to S3. Can be either STANDARD, REDUCED\_REDUNDANCY, ONEZONE\_IA, INTELLIGENT\_TIERING, or STANDARD\_IA. | `string` | `"ONEZONE_IA"` | no | | [s3\_object\_tags](#input\_s3\_object\_tags) | A map of tags to assign to S3 bucket object. | `map(string)` | `{}` | no | | [s3\_object\_tags\_only](#input\_s3\_object\_tags\_only) | Set to true to not merge tags with s3\_object\_tags. Useful to avoid breaching S3 Object 10 tag limit. | `bool` | `false` | no | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 5773b7dd..7f16007b 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -33,6 +33,12 @@ module "lambda_function" { s3_bucket = module.s3_bucket.s3_bucket_id s3_prefix = "lambda-builds/" + s3_object_override_default_tags = true + s3_object_tags = { + S3ObjectName = "lambda1" + Override = "true" + } + artifacts_dir = "${path.root}/.terraform/lambda-builds/" layers = [ diff --git a/main.tf b/main.tf index a2d045df..e9a35e75 100644 --- a/main.tf +++ b/main.tf @@ -190,6 +190,16 @@ resource "aws_s3_object" "lambda_package" { tags = var.s3_object_tags_only ? var.s3_object_tags : merge(var.tags, var.s3_object_tags) + dynamic "override_provider" { + for_each = var.s3_object_override_default_tags ? [true] : [] + + content { + default_tags { + tags = {} + } + } + } + depends_on = [null_resource.archive] } diff --git a/variables.tf b/variables.tf index 861ce789..55816734 100644 --- a/variables.tf +++ b/variables.tf @@ -282,6 +282,12 @@ variable "invoke_mode" { default = null } +variable "s3_object_override_default_tags" { + description = "Whether to override the default_tags from provider? NB: S3 objects support a maximum of 10 tags." + type = bool + default = false +} + ######## # Layer ######## diff --git a/wrappers/main.tf b/wrappers/main.tf index 8a51d37f..85b9e38c 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -111,6 +111,7 @@ module "wrapper" { s3_bucket = try(each.value.s3_bucket, var.defaults.s3_bucket, null) s3_existing_package = try(each.value.s3_existing_package, var.defaults.s3_existing_package, null) s3_kms_key_id = try(each.value.s3_kms_key_id, var.defaults.s3_kms_key_id, null) + s3_object_override_default_tags = try(each.value.s3_object_override_default_tags, var.defaults.s3_object_override_default_tags, false) s3_object_storage_class = try(each.value.s3_object_storage_class, var.defaults.s3_object_storage_class, "ONEZONE_IA") s3_object_tags = try(each.value.s3_object_tags, var.defaults.s3_object_tags, {}) s3_object_tags_only = try(each.value.s3_object_tags_only, var.defaults.s3_object_tags_only, false) From 9e3798ed4c2db0216369d27c1c02891ec9fcec7d Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 26 Jan 2024 12:28:03 +0000 Subject: [PATCH 304/385] chore(release): version 7.2.0 [skip ci] ## [7.2.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.1.0...v7.2.0) (2024-01-26) ### Features * Added support to override default tags of provider in S3 object ([#538](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/538)) ([e33a1a1](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/e33a1a1ad214d1c1e5aa0adb0d40c50cfd21d135)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 01b86f96..c6cca4c0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.2.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.1.0...v7.2.0) (2024-01-26) + + +### Features + +* Added support to override default tags of provider in S3 object ([#538](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/538)) ([e33a1a1](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/e33a1a1ad214d1c1e5aa0adb0d40c50cfd21d135)) + ## [7.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.0.0...v7.1.0) (2024-01-22) From b9a6ea18aa5b060d9d1b6e1bddfa50f60954da0d Mon Sep 17 00:00:00 2001 From: Andrew Hay <39sumer3939@gmail.com> Date: Wed, 31 Jan 2024 01:40:54 -0600 Subject: [PATCH 305/385] fix: Dynamic logging config for Gov Cloud (#541) --- main.tf | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/main.tf b/main.tf index e9a35e75..62a1fcab 100644 --- a/main.tf +++ b/main.tf @@ -112,11 +112,17 @@ resource "aws_lambda_function" "this" { } } - logging_config { - log_group = var.logging_log_group - log_format = var.logging_log_format - application_log_level = var.logging_application_log_level - system_log_level = var.logging_system_log_level + dynamic "logging_config" { + # Dont create logging config on gov cloud as it is not avaible. + # See https://github.com/hashicorp/terraform-provider-aws/issues/34810 + for_each = data.aws_partition.current.partition == "aws" ? [true] : [] + + content { + log_group = var.logging_log_group + log_format = var.logging_log_format + application_log_level = var.logging_application_log_level + system_log_level = var.logging_system_log_level + } } dynamic "timeouts" { From dc7c19b3f93b059eede1f9d5378793fdb5cfdf70 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 31 Jan 2024 07:41:26 +0000 Subject: [PATCH 306/385] chore(release): version 7.2.1 [skip ci] ### [7.2.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.0...v7.2.1) (2024-01-31) ### Bug Fixes * Dynamic logging config for Gov Cloud ([#541](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/541)) ([b9a6ea1](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/b9a6ea18aa5b060d9d1b6e1bddfa50f60954da0d)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c6cca4c0..797e6aad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [7.2.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.0...v7.2.1) (2024-01-31) + + +### Bug Fixes + +* Dynamic logging config for Gov Cloud ([#541](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/541)) ([b9a6ea1](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/b9a6ea18aa5b060d9d1b6e1bddfa50f60954da0d)) + ## [7.2.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.1.0...v7.2.0) (2024-01-26) From cfe47e63e906658dd4e8a5162ebac290b6a2cdf8 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Wed, 13 Mar 2024 09:07:12 -0400 Subject: [PATCH 307/385] fix: Update CI workflow versions to remove deprecated runtime warnings (#549) --- .github/workflows/lock.yml | 2 +- .github/workflows/pr-title.yml | 2 +- .github/workflows/pre-commit.yml | 36 ++++++++++++++++++++-------- .github/workflows/release.yml | 12 +++++----- .github/workflows/stale-actions.yaml | 2 +- .pre-commit-config.yaml | 6 +++-- modules/docker-build/README.md | 2 +- 7 files changed, 40 insertions(+), 22 deletions(-) diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index 6b6c9cec..bd5f2df7 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -8,7 +8,7 @@ jobs: lock: runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@v4 + - uses: dessant/lock-threads@v5 with: github-token: ${{ secrets.GITHUB_TOKEN }} issue-comment: > diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index cb32a0f8..3973df44 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5.0.2 + - uses: amannn/action-semantic-pull-request@v5.4.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index cb826713..c2632d1a 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -8,7 +8,7 @@ on: env: TERRAFORM_DOCS_VERSION: v0.16.0 - TFLINT_VERSION: v0.44.1 + TFLINT_VERSION: v0.50.3 jobs: collectInputs: @@ -18,11 +18,11 @@ jobs: directories: ${{ steps.dirs.outputs.directories }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.8.3 + uses: clowdhaus/terraform-composite-actions/directories@v1.9.0 preCommitMinVersions: name: Min TF pre-commit @@ -32,19 +32,27 @@ jobs: matrix: directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} steps: + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 + - name: Delete huge unnecessary tools folder + run: | + rm -rf /opt/hostedtoolcache/CodeQL + rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk + rm -rf /opt/hostedtoolcache/Ruby + rm -rf /opt/hostedtoolcache/go + - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.2.4 + uses: clowdhaus/terraform-min-max@v1.3.0 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -53,7 +61,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -64,18 +72,26 @@ jobs: runs-on: ubuntu-latest needs: collectInputs steps: + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 + - name: Delete huge unnecessary tools folder + run: | + rm -rf /opt/hostedtoolcache/CodeQL + rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk + rm -rf /opt/hostedtoolcache/Ruby + rm -rf /opt/hostedtoolcache/go + - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.2.4 + uses: clowdhaus/terraform-min-max@v1.3.0 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 81f67474..4a942261 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,18 +20,18 @@ jobs: if: github.repository_owner == 'terraform-aws-modules' steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@v3 + uses: cycjimmy/semantic-release-action@v4 with: - semantic_version: 18.0.0 + semantic_version: 23.0.2 extra_plugins: | - @semantic-release/changelog@6.0.0 - @semantic-release/git@10.0.0 - conventional-changelog-conventionalcommits@4.6.3 + @semantic-release/changelog@6.0.3 + @semantic-release/git@10.0.1 + conventional-changelog-conventionalcommits@7.0.2 env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml index 50379957..6ccd0ed8 100644 --- a/.github/workflows/stale-actions.yaml +++ b/.github/workflows/stale-actions.yaml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v6 + - uses: actions/stale@v9 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Staling issues and PR's diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 61ef1782..7c0a310c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,10 +1,9 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.86.0 + rev: v1.88.0 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each - - id: terraform_validate - id: terraform_docs args: - '--args=--lockfile=false' @@ -23,8 +22,11 @@ repos: - '--args=--only=terraform_required_providers' - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' + - '--args=--only=terraform_unused_required_providers' + - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.5.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer + - id: trailing-whitespace diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 44464404..4588ee8c 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -37,7 +37,7 @@ module "docker_image" { use_image_tag = true image_tag = "1.0" - + source_path = "context" build_args = { FOO = "bar" From 685e52386e9e241b33b7e33b249f36164a54c91f Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 13 Mar 2024 13:07:45 +0000 Subject: [PATCH 308/385] chore(release): version 7.2.2 [skip ci] ## [7.2.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.1...v7.2.2) (2024-03-13) ### Bug Fixes * Update CI workflow versions to remove deprecated runtime warnings ([#549](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/549)) ([cfe47e6](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/cfe47e63e906658dd4e8a5162ebac290b6a2cdf8)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 797e6aad..eb24edab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.2.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.1...v7.2.2) (2024-03-13) + + +### Bug Fixes + +* Update CI workflow versions to remove deprecated runtime warnings ([#549](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/549)) ([cfe47e6](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/cfe47e63e906658dd4e8a5162ebac290b6a2cdf8)) + ### [7.2.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.0...v7.2.1) (2024-01-31) From 8f97707f6ea9aa3d382106a4917a0ddd1c3ec3e2 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 22 Mar 2024 12:54:59 +0100 Subject: [PATCH 309/385] fix: Fixed constant drift with Lambda logging configuration (#551) --- .pre-commit-config.yaml | 31 +++++++++++++++---------------- README.md | 4 ++-- main.tf | 4 ++-- variables.tf | 4 ++-- wrappers/main.tf | 4 ++-- 5 files changed, 23 insertions(+), 24 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7c0a310c..299504fd 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,28 +1,27 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.88.0 + rev: v1.88.2 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each - id: terraform_docs args: - - '--args=--lockfile=false' + - "--args=--lockfile=false" - id: terraform_tflint args: - - '--args=--only=terraform_deprecated_interpolation' - - '--args=--only=terraform_deprecated_index' - - '--args=--only=terraform_unused_declarations' - - '--args=--only=terraform_comment_syntax' - - '--args=--only=terraform_documented_outputs' - - '--args=--only=terraform_documented_variables' - - '--args=--only=terraform_typed_variables' - - '--args=--only=terraform_module_pinned_source' - - '--args=--only=terraform_naming_convention' - - '--args=--only=terraform_required_version' - - '--args=--only=terraform_required_providers' - - '--args=--only=terraform_standard_module_structure' - - '--args=--only=terraform_workspace_remote' - - '--args=--only=terraform_unused_required_providers' + - "--args=--only=terraform_deprecated_interpolation" + - "--args=--only=terraform_deprecated_index" + - "--args=--only=terraform_unused_declarations" + - "--args=--only=terraform_comment_syntax" + - "--args=--only=terraform_documented_outputs" + - "--args=--only=terraform_documented_variables" + - "--args=--only=terraform_typed_variables" + - "--args=--only=terraform_module_pinned_source" + - "--args=--only=terraform_naming_convention" + - "--args=--only=terraform_required_version" + - "--args=--only=terraform_required_providers" + - "--args=--only=terraform_standard_module_structure" + - "--args=--only=terraform_workspace_remote" - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.5.0 diff --git a/README.md b/README.md index 21f2884a..90640480 100644 --- a/README.md +++ b/README.md @@ -810,10 +810,10 @@ No modules. | [layers](#input\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `null` | no | | [license\_info](#input\_license\_info) | License info for your Lambda Layer. Eg, MIT or full url of a license. | `string` | `""` | no | | [local\_existing\_package](#input\_local\_existing\_package) | The absolute path to an existing zip-file to use | `string` | `null` | no | -| [logging\_application\_log\_level](#input\_logging\_application\_log\_level) | The application log level of the Lambda Function. Valid values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", or "FATAL". | `string` | `null` | no | +| [logging\_application\_log\_level](#input\_logging\_application\_log\_level) | The application log level of the Lambda Function. Valid values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", or "FATAL". | `string` | `"INFO"` | no | | [logging\_log\_format](#input\_logging\_log\_format) | The log format of the Lambda Function. Valid values are "JSON" or "Text". | `string` | `"Text"` | no | | [logging\_log\_group](#input\_logging\_log\_group) | The CloudWatch log group to send logs to. | `string` | `null` | no | -| [logging\_system\_log\_level](#input\_logging\_system\_log\_level) | The system log level of the Lambda Function. Valid values are "DEBUG", "INFO", or "WARN". | `string` | `null` | no | +| [logging\_system\_log\_level](#input\_logging\_system\_log\_level) | The system log level of the Lambda Function. Valid values are "DEBUG", "INFO", or "WARN". | `string` | `"INFO"` | no | | [maximum\_event\_age\_in\_seconds](#input\_maximum\_event\_age\_in\_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no | | [maximum\_retry\_attempts](#input\_maximum\_retry\_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no | | [memory\_size](#input\_memory\_size) | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | `number` | `128` | no | diff --git a/main.tf b/main.tf index 62a1fcab..68c2f9b6 100644 --- a/main.tf +++ b/main.tf @@ -120,8 +120,8 @@ resource "aws_lambda_function" "this" { content { log_group = var.logging_log_group log_format = var.logging_log_format - application_log_level = var.logging_application_log_level - system_log_level = var.logging_system_log_level + application_log_level = var.logging_log_format == "Text" ? null : var.logging_application_log_level + system_log_level = var.logging_log_format == "Text" ? null : var.logging_system_log_level } } diff --git a/variables.tf b/variables.tf index 55816734..c5c10395 100644 --- a/variables.tf +++ b/variables.tf @@ -787,13 +787,13 @@ variable "logging_log_format" { variable "logging_application_log_level" { description = "The application log level of the Lambda Function. Valid values are \"TRACE\", \"DEBUG\", \"INFO\", \"WARN\", \"ERROR\", or \"FATAL\"." type = string - default = null + default = "INFO" } variable "logging_system_log_level" { description = "The system log level of the Lambda Function. Valid values are \"DEBUG\", \"INFO\", or \"WARN\"." type = string - default = null + default = "INFO" } variable "logging_log_group" { diff --git a/wrappers/main.tf b/wrappers/main.tf index 85b9e38c..b719de05 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -75,10 +75,10 @@ module "wrapper" { layers = try(each.value.layers, var.defaults.layers, null) license_info = try(each.value.license_info, var.defaults.license_info, "") local_existing_package = try(each.value.local_existing_package, var.defaults.local_existing_package, null) - logging_application_log_level = try(each.value.logging_application_log_level, var.defaults.logging_application_log_level, null) + logging_application_log_level = try(each.value.logging_application_log_level, var.defaults.logging_application_log_level, "INFO") logging_log_format = try(each.value.logging_log_format, var.defaults.logging_log_format, "Text") logging_log_group = try(each.value.logging_log_group, var.defaults.logging_log_group, null) - logging_system_log_level = try(each.value.logging_system_log_level, var.defaults.logging_system_log_level, null) + logging_system_log_level = try(each.value.logging_system_log_level, var.defaults.logging_system_log_level, "INFO") maximum_event_age_in_seconds = try(each.value.maximum_event_age_in_seconds, var.defaults.maximum_event_age_in_seconds, null) maximum_retry_attempts = try(each.value.maximum_retry_attempts, var.defaults.maximum_retry_attempts, null) memory_size = try(each.value.memory_size, var.defaults.memory_size, 128) From 4cf383ea0b3d71c0c044326f69e1827f0d114ea9 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 22 Mar 2024 11:55:40 +0000 Subject: [PATCH 310/385] chore(release): version 7.2.3 [skip ci] ## [7.2.3](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.2...v7.2.3) (2024-03-22) ### Bug Fixes * Fixed constant drift with Lambda logging configuration ([#551](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/551)) ([8f97707](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/8f97707f6ea9aa3d382106a4917a0ddd1c3ec3e2)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index eb24edab..ef313a74 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.2.3](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.2...v7.2.3) (2024-03-22) + + +### Bug Fixes + +* Fixed constant drift with Lambda logging configuration ([#551](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/551)) ([8f97707](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/8f97707f6ea9aa3d382106a4917a0ddd1c3ec3e2)) + ## [7.2.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.1...v7.2.2) (2024-03-13) From 58ba987a07710957abce30b4bba6587873f9b0e1 Mon Sep 17 00:00:00 2001 From: jjinno Date: Fri, 29 Mar 2024 01:32:25 -0700 Subject: [PATCH 311/385] fix: Dont raise FileNotFoundError from close() on tmpfile rename (#550) --- package.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/package.py b/package.py index a4e6b736..9b5d7fa5 100644 --- a/package.py +++ b/package.py @@ -314,6 +314,8 @@ def open(self): def close(self, failed=False): self._zip.close() self._zip = None + if not os.exists(self._tmp_filename): + return if failed: os.unlink(self._tmp_filename) else: From 8ad61a63b93a944c4d4e4781fa73f387662ce431 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 29 Mar 2024 08:32:55 +0000 Subject: [PATCH 312/385] chore(release): version 7.2.4 [skip ci] ## [7.2.4](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.3...v7.2.4) (2024-03-29) ### Bug Fixes * Dont raise FileNotFoundError from close() on tmpfile rename ([#550](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/550)) ([58ba987](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/58ba987a07710957abce30b4bba6587873f9b0e1)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ef313a74..5f72cfdf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.2.4](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.3...v7.2.4) (2024-03-29) + + +### Bug Fixes + +* Dont raise FileNotFoundError from close() on tmpfile rename ([#550](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/550)) ([58ba987](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/58ba987a07710957abce30b4bba6587873f9b0e1)) + ## [7.2.3](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.2...v7.2.3) (2024-03-22) From 2202912af9c6e02313e24bd15e3923079addeedc Mon Sep 17 00:00:00 2001 From: VS Date: Fri, 29 Mar 2024 16:01:36 +0200 Subject: [PATCH 313/385] Fix AttributeError os.exists is not valid python attribute. (#554) --- package.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.py b/package.py index 9b5d7fa5..d5ae6703 100644 --- a/package.py +++ b/package.py @@ -314,7 +314,7 @@ def open(self): def close(self, failed=False): self._zip.close() self._zip = None - if not os.exists(self._tmp_filename): + if not os.path.exists(self._tmp_filename): return if failed: os.unlink(self._tmp_filename) From 8bb79de2733503aeb5824423b1a5f573ac25004d Mon Sep 17 00:00:00 2001 From: Patrick Decat Date: Fri, 29 Mar 2024 15:59:05 +0100 Subject: [PATCH 314/385] fix: Run pre-commit autoupdate (trigger patch release) (#555) --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 299504fd..1e10e593 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.88.2 + rev: v1.88.4 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each From c42e75877ec6eed0e2142f7724aa661cffbb5cb8 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 29 Mar 2024 15:05:57 +0000 Subject: [PATCH 315/385] chore(release): version 7.2.5 [skip ci] ## [7.2.5](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.4...v7.2.5) (2024-03-29) ### Bug Fixes * Run pre-commit autoupdate (trigger patch release) ([#555](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/555)) ([8bb79de](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/8bb79de2733503aeb5824423b1a5f573ac25004d)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f72cfdf..5ba3465d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.2.5](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.4...v7.2.5) (2024-03-29) + + +### Bug Fixes + +* Run pre-commit autoupdate (trigger patch release) ([#555](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/555)) ([8bb79de](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/8bb79de2733503aeb5824423b1a5f573ac25004d)) + ## [7.2.4](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.3...v7.2.4) (2024-03-29) From 54b825648913efee0b5e2085a93e86c7eceabc82 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 5 Apr 2024 13:40:33 +0200 Subject: [PATCH 316/385] chore: Added example for container-image with ECR module (#559) --- examples/container-image/README.md | 9 +++-- examples/container-image/main.tf | 63 ++++++++++++++++++++++++++--- examples/container-image/outputs.tf | 42 +++++++++---------- modules/docker-build/README.md | 4 +- 4 files changed, 88 insertions(+), 30 deletions(-) diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 0733612f..4ee6505a 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -1,6 +1,6 @@ # AWS Lambda Function deployed from Docker Container Image example -Configuration in this directory creates AWS Lambda Function deployed with a Container Image. +Configuration in this directory creates several AWS Lambda Functions deployed from Container Images (using `modules/docker-build` and `terraform-aws-modules/terraform-aws-ecr`). ## Usage @@ -35,8 +35,11 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| -| [docker\_image](#module\_docker\_image) | ../../modules/docker-build | n/a | -| [lambda\_function\_from\_container\_image](#module\_lambda\_function\_from\_container\_image) | ../../ | n/a | +| [docker\_build](#module\_docker\_build) | ../../modules/docker-build | n/a | +| [docker\_build\_from\_ecr](#module\_docker\_build\_from\_ecr) | ../../modules/docker-build | n/a | +| [ecr](#module\_ecr) | terraform-aws-modules/ecr/aws | n/a | +| [lambda\_function\_with\_docker\_build](#module\_lambda\_function\_with\_docker\_build) | ../../ | n/a | +| [lambda\_function\_with\_docker\_build\_from\_ecr](#module\_lambda\_function\_with\_docker\_build\_from\_ecr) | ../../ | n/a | ## Resources diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index 46c1bf77..3258960f 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -32,11 +32,11 @@ provider "docker" { } } -module "lambda_function_from_container_image" { +module "lambda_function_with_docker_build" { source = "../../" - function_name = "${random_pet.this.id}-lambda-from-container-image" - description = "My awesome lambda function from container image" + function_name = "${random_pet.this.id}-lambda-with-docker-build" + description = "My awesome lambda function with container image by modules/docker-build" create_package = false @@ -46,10 +46,27 @@ module "lambda_function_from_container_image" { package_type = "Image" architectures = ["arm64"] # ["x86_64"] - image_uri = module.docker_image.image_uri + image_uri = module.docker_build.image_uri } -module "docker_image" { +module "lambda_function_with_docker_build_from_ecr" { + source = "../../" + + function_name = "${random_pet.this.id}-lambda-with-docker-build-from-ecr" + description = "My awesome lambda function with container image by modules/docker-build and ECR repository created by terraform-aws-ecr module" + + create_package = false + + ################## + # Container Image + ################## + package_type = "Image" + architectures = ["arm64"] # ["x86_64"] + + image_uri = module.docker_build_from_ecr.image_uri +} + +module "docker_build" { source = "../../modules/docker-build" create_ecr_repo = true @@ -87,6 +104,42 @@ module "docker_image" { } } +############################################ +# Docker Image and ECR by terraform-aws-ecr +############################################ + +module "docker_build_from_ecr" { + source = "../../modules/docker-build" + + ecr_repo = module.ecr.repository_name + + use_image_tag = false # If false, sha of the image will be used + + # use_image_tag = true + # image_tag = "2.0" + + source_path = local.source_path + platform = "linux/amd64" + build_args = { + FOO = "bar" + } + + triggers = { + dir_sha = local.dir_sha + } +} + +module "ecr" { + source = "terraform-aws-modules/ecr/aws" + + repository_name = "${random_pet.this.id}-ecr" + repository_force_delete = true + + create_lifecycle_policy = false + + repository_lambda_read_access_arns = [module.lambda_function_with_docker_build_from_ecr.lambda_function_arn] +} + resource "random_pet" "this" { length = 2 } diff --git a/examples/container-image/outputs.tf b/examples/container-image/outputs.tf index 34755681..7e6f0d2c 100644 --- a/examples/container-image/outputs.tf +++ b/examples/container-image/outputs.tf @@ -1,106 +1,106 @@ # Lambda Function output "lambda_function_arn" { description = "The ARN of the Lambda Function" - value = module.lambda_function_from_container_image.lambda_function_arn + value = module.lambda_function_with_docker_build.lambda_function_arn } output "lambda_function_arn_static" { description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" - value = module.lambda_function_from_container_image.lambda_function_arn_static + value = module.lambda_function_with_docker_build.lambda_function_arn_static } output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function_from_container_image.lambda_function_invoke_arn + value = module.lambda_function_with_docker_build.lambda_function_invoke_arn } output "lambda_function_name" { description = "The name of the Lambda Function" - value = module.lambda_function_from_container_image.lambda_function_name + value = module.lambda_function_with_docker_build.lambda_function_name } output "lambda_function_qualified_arn" { description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function_from_container_image.lambda_function_qualified_arn + value = module.lambda_function_with_docker_build.lambda_function_qualified_arn } output "lambda_function_version" { description = "Latest published version of Lambda Function" - value = module.lambda_function_from_container_image.lambda_function_version + value = module.lambda_function_with_docker_build.lambda_function_version } output "lambda_function_last_modified" { description = "The date Lambda Function resource was last modified" - value = module.lambda_function_from_container_image.lambda_function_last_modified + value = module.lambda_function_with_docker_build.lambda_function_last_modified } output "lambda_function_kms_key_arn" { description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function_from_container_image.lambda_function_kms_key_arn + value = module.lambda_function_with_docker_build.lambda_function_kms_key_arn } output "lambda_function_source_code_hash" { description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function_from_container_image.lambda_function_source_code_hash + value = module.lambda_function_with_docker_build.lambda_function_source_code_hash } output "lambda_function_source_code_size" { description = "The size in bytes of the function .zip file" - value = module.lambda_function_from_container_image.lambda_function_source_code_size + value = module.lambda_function_with_docker_build.lambda_function_source_code_size } # Lambda Layer output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" - value = module.lambda_function_from_container_image.lambda_layer_arn + value = module.lambda_function_with_docker_build.lambda_layer_arn } output "lambda_layer_layer_arn" { description = "The ARN of the Lambda Layer without version" - value = module.lambda_function_from_container_image.lambda_layer_layer_arn + value = module.lambda_function_with_docker_build.lambda_layer_layer_arn } output "lambda_layer_created_date" { description = "The date Lambda Layer resource was created" - value = module.lambda_function_from_container_image.lambda_layer_created_date + value = module.lambda_function_with_docker_build.lambda_layer_created_date } output "lambda_layer_source_code_size" { description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function_from_container_image.lambda_layer_source_code_size + value = module.lambda_function_with_docker_build.lambda_layer_source_code_size } output "lambda_layer_version" { description = "The Lambda Layer version" - value = module.lambda_function_from_container_image.lambda_layer_version + value = module.lambda_function_with_docker_build.lambda_layer_version } # IAM Role output "lambda_role_arn" { description = "The ARN of the IAM role created for the Lambda Function" - value = module.lambda_function_from_container_image.lambda_role_arn + value = module.lambda_function_with_docker_build.lambda_role_arn } output "lambda_role_name" { description = "The name of the IAM role created for the Lambda Function" - value = module.lambda_function_from_container_image.lambda_role_name + value = module.lambda_function_with_docker_build.lambda_role_name } # CloudWatch Log Group output "lambda_cloudwatch_log_group_arn" { description = "The ARN of the Cloudwatch Log Group" - value = module.lambda_function_from_container_image.lambda_cloudwatch_log_group_arn + value = module.lambda_function_with_docker_build.lambda_cloudwatch_log_group_arn } -# Docker Image +# Docker Image by modules/docker-build output "docker_image_uri" { description = "The ECR Docker image URI used to deploy Lambda Function" - value = module.docker_image.image_uri + value = module.docker_build.image_uri } output "docker_image_id" { description = "The ID of the Docker image" - value = module.docker_image.image_id + value = module.docker_build.image_id } output "docker_image_files_to_hash" { diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 4588ee8c..d2c0aef8 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -2,6 +2,8 @@ Terraform module that builds Docker image from `Dockerfile` and pushes it to ECR repository. Lambda can deploy container images from private ECR. +If you need to create ECR resources in flexible way, you should use [terraform-aws-ecr module](https://github.com/terraform-aws-modules/terraform-aws-ecr/). See `examples/container-image` for related examples. + This Terraform module is the part of [serverless.tf framework](https://github.com/antonbabenko/serverless.tf), which aims to simplify all operations when working with the serverless in Terraform. ## Usage @@ -47,7 +49,7 @@ module "docker_image" { ## Examples -* [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Creates Docker Image and deploy Lambda Function using it. +* [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Creates Docker Image, ECR resository and deploys it Lambda Function. From f7866811bc1429ce224bf6a35448cb44aa5155e7 Mon Sep 17 00:00:00 2001 From: ANGkeith Date: Fri, 12 Apr 2024 17:04:07 +0800 Subject: [PATCH 317/385] fix: Zip source directory should read from sh_work_dir (#560) * fix: :zip:embedded source directory should read from sh_work_dir Signed-off-by: ANGkeith * refactor: write to a tempfile instead of using fd * refactor: move tests out to own file * docs: add comments to explain code --------- Signed-off-by: ANGkeith --- package.py | 48 ++++++++++++++++++++++++---------------- tests/test_zip_source.py | 46 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 19 deletions(-) create mode 100644 tests/test_zip_source.py diff --git a/package.py b/package.py index d5ae6703..e1c5c910 100644 --- a/package.py +++ b/package.py @@ -916,27 +916,37 @@ def execute(self, build_plan, zip_stream, query): # XXX: timestamp=0 - what actually do with it? zs.write_dirs(rd, prefix=prefix, timestamp=0) elif cmd == "sh": - path, script = action[1:] - p = subprocess.Popen( - script, - shell=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - cwd=path, - ) + with tempfile.NamedTemporaryFile(mode="w+t", delete=True) as temp_file: + path, script = action[1:] + # NOTE: Execute `pwd` to determine the subprocess shell's working directory after having executed all other commands. + script = f"{script} && pwd >{temp_file.name}" + p = subprocess.Popen( + script, + shell=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + cwd=path, + ) - p.wait() - call_stdout, call_stderr = p.communicate() - exit_code = p.returncode - log.info("exit_code: %s", exit_code) - if exit_code != 0: - raise RuntimeError( - "Script did not run successfully, exit code {}: {} - {}".format( - exit_code, - call_stdout.decode("utf-8").strip(), - call_stderr.decode("utf-8").strip(), + p.wait() + temp_file.seek(0) + + # NOTE: This var `sh_work_dir` is consumed in cmd == "zip" loop + sh_work_dir = temp_file.read().strip() + + log.info("WD: %s", sh_work_dir) + + call_stdout, call_stderr = p.communicate() + exit_code = p.returncode + log.info("exit_code: %s", exit_code) + if exit_code != 0: + raise RuntimeError( + "Script did not run successfully, exit code {}: {} - {}".format( + exit_code, + call_stdout.decode("utf-8").strip(), + call_stderr.decode("utf-8").strip(), + ) ) - ) elif cmd == "set:filter": patterns = action[1] pf = ZipContentFilter(args=self._args) diff --git a/tests/test_zip_source.py b/tests/test_zip_source.py new file mode 100644 index 00000000..f46466e1 --- /dev/null +++ b/tests/test_zip_source.py @@ -0,0 +1,46 @@ +import os +from unittest.mock import MagicMock, Mock + +from package import BuildPlanManager + + +def test_zip_source_path_sh_work_dir(): + zs = Mock() + zs.write_dirs = MagicMock() + + bpm = BuildPlanManager(args=Mock()) + + bpm.execute( + build_plan=[ + ["sh", ".", "cd $(mktemp -d)\n echo pip install"], + ["zip:embedded", ".", "./python"], + ], + zip_stream=zs, + query=None, + ) + + zs.write_dirs.assert_called_once() + + zip_source_path = zs.write_dirs.call_args_list[0][0][0] + assert zip_source_path != f"{os.getcwd()}" + + +def test_zip_source_path(): + zs = Mock() + zs.write_dirs = MagicMock() + + bpm = BuildPlanManager(args=Mock()) + + bpm.execute( + build_plan=[ + ["sh", ".", "echo pip install"], + ["zip:embedded", ".", "./python"], + ], + zip_stream=zs, + query=None, + ) + + zs.write_dirs.assert_called_once() + + zip_source_path = zs.write_dirs.call_args_list[0][0][0] + assert zip_source_path == f"{os.getcwd()}" From 2e3dc9566520072450a9fe358d2855682358ddc4 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 12 Apr 2024 09:04:38 +0000 Subject: [PATCH 318/385] chore(release): version 7.2.6 [skip ci] ## [7.2.6](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.5...v7.2.6) (2024-04-12) ### Bug Fixes * Zip source directory should read from sh_work_dir ([#560](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/560)) ([f786681](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/f7866811bc1429ce224bf6a35448cb44aa5155e7)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ba3465d..01f8181a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.2.6](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.5...v7.2.6) (2024-04-12) + + +### Bug Fixes + +* Zip source directory should read from sh_work_dir ([#560](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/560)) ([f786681](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/f7866811bc1429ce224bf6a35448cb44aa5155e7)) + ## [7.2.5](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.4...v7.2.5) (2024-03-29) From e9c467688de057a454646d5f947f3d4527f78a19 Mon Sep 17 00:00:00 2001 From: Jinn Koriech Date: Fri, 3 May 2024 11:39:34 +0100 Subject: [PATCH 319/385] feat: Added create before destroy on aws_lambda_permission (#561) --- main.tf | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/main.tf b/main.tf index 68c2f9b6..c479bc9a 100644 --- a/main.tf +++ b/main.tf @@ -273,13 +273,17 @@ resource "aws_lambda_permission" "current_version_triggers" { function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version - statement_id = try(each.value.statement_id, each.key) - action = try(each.value.action, "lambda:InvokeFunction") - principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) - principal_org_id = try(each.value.principal_org_id, null) - source_arn = try(each.value.source_arn, null) - source_account = try(each.value.source_account, null) - event_source_token = try(each.value.event_source_token, null) + statement_id_prefix = try(each.value.statement_id, each.key) + action = try(each.value.action, "lambda:InvokeFunction") + principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + principal_org_id = try(each.value.principal_org_id, null) + source_arn = try(each.value.source_arn, null) + source_account = try(each.value.source_account, null) + event_source_token = try(each.value.event_source_token, null) + + lifecycle { + create_before_destroy = true + } } # Error: Error adding new Lambda Permission for lambda: InvalidParameterValueException: We currently do not support adding policies for $LATEST. @@ -288,13 +292,17 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" { function_name = aws_lambda_function.this[0].function_name - statement_id = try(each.value.statement_id, each.key) - action = try(each.value.action, "lambda:InvokeFunction") - principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) - principal_org_id = try(each.value.principal_org_id, null) - source_arn = try(each.value.source_arn, null) - source_account = try(each.value.source_account, null) - event_source_token = try(each.value.event_source_token, null) + statement_id_prefix = try(each.value.statement_id, each.key) + action = try(each.value.action, "lambda:InvokeFunction") + principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + principal_org_id = try(each.value.principal_org_id, null) + source_arn = try(each.value.source_arn, null) + source_account = try(each.value.source_account, null) + event_source_token = try(each.value.event_source_token, null) + + lifecycle { + create_before_destroy = true + } } resource "aws_lambda_event_source_mapping" "this" { From 73cd5bd98540778f85bd7d9deecf555d6622690d Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 3 May 2024 10:40:02 +0000 Subject: [PATCH 320/385] chore(release): version 7.3.0 [skip ci] ## [7.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.6...v7.3.0) (2024-05-03) ### Features * Added create before destroy on aws_lambda_permission ([#561](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/561)) ([e9c4676](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/e9c467688de057a454646d5f947f3d4527f78a19)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 01f8181a..6f3d9553 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.6...v7.3.0) (2024-05-03) + + +### Features + +* Added create before destroy on aws_lambda_permission ([#561](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/561)) ([e9c4676](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/e9c467688de057a454646d5f947f3d4527f78a19)) + ## [7.2.6](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.5...v7.2.6) (2024-04-12) From 7256f7c226adf294bb6280f1fc4326d015e78d83 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 3 May 2024 13:04:36 +0200 Subject: [PATCH 321/385] feat: Added support for CW log_group_class and skip_destroy (#565) --- .pre-commit-config.yaml | 4 ++-- README.md | 2 ++ examples/complete/main.tf | 2 ++ main.tf | 2 ++ variables.tf | 12 ++++++++++++ wrappers/alias/versions.tf | 9 ++++++++- wrappers/deploy/versions.tf | 17 ++++++++++++++++- wrappers/docker-build/versions.tf | 17 ++++++++++++++++- wrappers/main.tf | 2 ++ wrappers/versions.tf | 21 ++++++++++++++++++++- 10 files changed, 82 insertions(+), 6 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 1e10e593..936a1c28 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.88.4 + rev: v1.89.1 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each @@ -24,7 +24,7 @@ repos: - "--args=--only=terraform_workspace_remote" - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 + rev: v4.6.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/README.md b/README.md index 90640480..8387b1ca 100644 --- a/README.md +++ b/README.md @@ -756,7 +756,9 @@ No modules. | [authorization\_type](#input\_authorization\_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS\_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no | | [build\_in\_docker](#input\_build\_in\_docker) | Whether to build dependencies in Docker | `bool` | `false` | no | | [cloudwatch\_logs\_kms\_key\_id](#input\_cloudwatch\_logs\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | +| [cloudwatch\_logs\_log\_group\_class](#input\_cloudwatch\_logs\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no | | [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | +| [cloudwatch\_logs\_skip\_destroy](#input\_cloudwatch\_logs\_skip\_destroy) | Whether to keep the log group (and any logs it may contain) at destroy time. | `bool` | `false` | no | | [cloudwatch\_logs\_tags](#input\_cloudwatch\_logs\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | | [code\_signing\_config\_arn](#input\_code\_signing\_config\_arn) | Amazon Resource Name (ARN) for a Code Signing Configuration | `string` | `null` | no | | [compatible\_architectures](#input\_compatible\_architectures) | A list of Architectures Lambda layer is compatible with. Currently x86\_64 and arm64 can be specified. | `list(string)` | `null` | no | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 7f16007b..a8c6ff66 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -51,6 +51,8 @@ module "lambda_function" { Serverless = "Terraform" } + cloudwatch_logs_log_group_class = "INFREQUENT_ACCESS" + role_path = "/tf-managed/" policy_path = "/tf-managed/" diff --git a/main.tf b/main.tf index c479bc9a..eb5b5a8b 100644 --- a/main.tf +++ b/main.tf @@ -221,6 +221,8 @@ resource "aws_cloudwatch_log_group" "lambda" { name = coalesce(var.logging_log_group, "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}") retention_in_days = var.cloudwatch_logs_retention_in_days kms_key_id = var.cloudwatch_logs_kms_key_id + skip_destroy = var.cloudwatch_logs_skip_destroy + log_group_class = var.cloudwatch_logs_log_group_class tags = merge(var.tags, var.cloudwatch_logs_tags) } diff --git a/variables.tf b/variables.tf index c5c10395..42a18fe5 100644 --- a/variables.tf +++ b/variables.tf @@ -432,6 +432,18 @@ variable "cloudwatch_logs_kms_key_id" { default = null } +variable "cloudwatch_logs_skip_destroy" { + description = "Whether to keep the log group (and any logs it may contain) at destroy time." + type = bool + default = false +} + +variable "cloudwatch_logs_log_group_class" { + description = "Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS`" + type = string + default = null +} + variable "cloudwatch_logs_tags" { description = "A map of tags to assign to the resource." type = map(string) diff --git a/wrappers/alias/versions.tf b/wrappers/alias/versions.tf index 51cad108..dbc484ad 100644 --- a/wrappers/alias/versions.tf +++ b/wrappers/alias/versions.tf @@ -1,3 +1,10 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.9" + } + } } diff --git a/wrappers/deploy/versions.tf b/wrappers/deploy/versions.tf index 51cad108..5a82f93b 100644 --- a/wrappers/deploy/versions.tf +++ b/wrappers/deploy/versions.tf @@ -1,3 +1,18 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.35" + } + local = { + source = "hashicorp/local" + version = ">= 1.0" + } + null = { + source = "hashicorp/null" + version = ">= 2.0" + } + } } diff --git a/wrappers/docker-build/versions.tf b/wrappers/docker-build/versions.tf index 51cad108..93aadf1a 100644 --- a/wrappers/docker-build/versions.tf +++ b/wrappers/docker-build/versions.tf @@ -1,3 +1,18 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.22" + } + docker = { + source = "kreuzwerker/docker" + version = ">= 3.0" + } + null = { + source = "hashicorp/null" + version = ">= 2.0" + } + } } diff --git a/wrappers/main.tf b/wrappers/main.tf index b719de05..6816a5e1 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -21,7 +21,9 @@ module "wrapper" { authorization_type = try(each.value.authorization_type, var.defaults.authorization_type, "NONE") build_in_docker = try(each.value.build_in_docker, var.defaults.build_in_docker, false) cloudwatch_logs_kms_key_id = try(each.value.cloudwatch_logs_kms_key_id, var.defaults.cloudwatch_logs_kms_key_id, null) + cloudwatch_logs_log_group_class = try(each.value.cloudwatch_logs_log_group_class, var.defaults.cloudwatch_logs_log_group_class, null) cloudwatch_logs_retention_in_days = try(each.value.cloudwatch_logs_retention_in_days, var.defaults.cloudwatch_logs_retention_in_days, null) + cloudwatch_logs_skip_destroy = try(each.value.cloudwatch_logs_skip_destroy, var.defaults.cloudwatch_logs_skip_destroy, false) cloudwatch_logs_tags = try(each.value.cloudwatch_logs_tags, var.defaults.cloudwatch_logs_tags, {}) code_signing_config_arn = try(each.value.code_signing_config_arn, var.defaults.code_signing_config_arn, null) compatible_architectures = try(each.value.compatible_architectures, var.defaults.compatible_architectures, null) diff --git a/wrappers/versions.tf b/wrappers/versions.tf index 51cad108..6c511ac4 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -1,3 +1,22 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.32" + } + external = { + source = "hashicorp/external" + version = ">= 1.0" + } + local = { + source = "hashicorp/local" + version = ">= 1.0" + } + null = { + source = "hashicorp/null" + version = ">= 2.0" + } + } } From 8a370bab3e5eb6425ee6b8fbb8fbde00ab300f7a Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 3 May 2024 11:05:03 +0000 Subject: [PATCH 322/385] chore(release): version 7.4.0 [skip ci] ## [7.4.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.3.0...v7.4.0) (2024-05-03) ### Features * Added support for CW log_group_class and skip_destroy ([#565](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/565)) ([7256f7c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/7256f7c226adf294bb6280f1fc4326d015e78d83)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f3d9553..de1304e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.4.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.3.0...v7.4.0) (2024-05-03) + + +### Features + +* Added support for CW log_group_class and skip_destroy ([#565](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/565)) ([7256f7c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/7256f7c226adf294bb6280f1fc4326d015e78d83)) + ## [7.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.6...v7.3.0) (2024-05-03) From 4f77bfcd4083857d6aefccb5a891ee00ffd559b0 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Mon, 20 May 2024 17:37:21 -0400 Subject: [PATCH 323/385] chore: Add Python zip archive that is agnostic of a specific Python runtime version (#573) --- examples/fixtures/python-function.zip | Bin 0 -> 348 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 examples/fixtures/python-function.zip diff --git a/examples/fixtures/python-function.zip b/examples/fixtures/python-function.zip new file mode 100644 index 0000000000000000000000000000000000000000..d713a91254d967fb6e5e8b58f854a700a88306ec GIT binary patch literal 348 zcmWIWW@Zs#U|`^2xSq8;z@k;!#}CL00gEs&Wag!$R_GN}dVBf?pYS~6>*d*V-s6n- zNl)EN9=hIVwJ!#GoI9`WxmM%imPbJhO-+l=>=EKs?Y}Z-PEG5UMSo&ik2EnkyQ=!? zZ72!M^2`jJ#}uJ0&JX~%Q*Y(YfP+gPFVh3s2f~6toSB}NUz8eOkdvBNoT^t+QNn%l zgie^p=`)_88s|>vpY;qpaaupn!z=W}8SitNzMj5}Mj}GplZ=f{2YubK186uSlL#|z uF9B@;gC&h13g$s%UDzB2(Zj&7q_G5~3*CtU-mGjOB}_nA3ZyTBI1B*cYGn2R literal 0 HcmV?d00001 From 02ab668458c87792861a54f54fd1b00e97afcc68 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 7 Jun 2024 23:20:53 +0200 Subject: [PATCH 324/385] feat: Renamed python3.8-11 to python3.12 in examples, added tag to resources (#583) --- .pre-commit-config.yaml | 2 +- README.md | 50 +++---- examples/alias/main.tf | 4 +- examples/async/main.tf | 4 +- examples/build-package/main.tf | 130 +++++++++--------- examples/code-signing/main.tf | 4 +- examples/complete/main.tf | 52 +++---- examples/deploy/main.tf | 4 +- examples/event-source-mapping/main.tf | 4 +- .../docker/Dockerfile | 2 +- .../ignore_please.txt | 0 .../index.py | 0 .../poetry.lock | 0 .../poetry.toml | 0 .../pyproject.toml | 2 +- .../README.md | 0 .../poetry.lock | 0 .../pyproject.toml | 4 +- .../src/python_app_src_poetry}/__init__.py | 0 .../tests/__init__.py | 0 .../dir1/dir2/ignore2.txt | 0 .../docker/Dockerfile | 4 +- .../docker/automake-1.13-to-1.16-spec.patch | 0 .../docker/entrypoint.sh | 0 .../ignore_please.txt | 0 .../{python3.8-app1 => python-app1}/index.py | 0 .../requirements.txt | 0 .../{python3.8-app2 => python-app2}/index.py | 0 .../fixtures/python-zip/existing_package.zip | Bin 0 -> 348 bytes .../fixtures/python3.9-app-poetry/index.py | 4 - examples/multiple-regions/main.tf | 8 +- examples/simple-cicd/main.tf | 5 +- examples/simple-cicd/test.sh | 4 +- examples/simple/main.tf | 56 ++++---- examples/triggers/main.tf | 4 +- examples/with-efs/main.tf | 4 +- examples/with-vpc-s3-endpoint/main.tf | 4 +- examples/with-vpc/main.tf | 4 +- main.tf | 6 +- modules/alias/README.md | 2 +- modules/deploy/README.md | 2 +- package.py | 2 +- tests/test_package_toml.py | 2 +- 43 files changed, 186 insertions(+), 187 deletions(-) rename examples/fixtures/{python3.9-app-poetry => python-app-poetry}/docker/Dockerfile (74%) rename examples/fixtures/{python3.8-app1 => python-app-poetry}/ignore_please.txt (100%) rename examples/fixtures/{python3.10-app1 => python-app-poetry}/index.py (100%) rename examples/fixtures/{python3.9-app-poetry => python-app-poetry}/poetry.lock (100%) rename examples/fixtures/{python3.9-app-poetry => python-app-poetry}/poetry.toml (100%) rename examples/fixtures/{python3.9-app-poetry => python-app-poetry}/pyproject.toml (90%) rename examples/fixtures/{python3.9-app-src-poetry => python-app-src-poetry}/README.md (100%) rename examples/fixtures/{python3.9-app-src-poetry => python-app-src-poetry}/poetry.lock (100%) rename examples/fixtures/{python3.9-app-src-poetry => python-app-src-poetry}/pyproject.toml (72%) rename examples/fixtures/{python3.9-app-src-poetry/src/python39_app_src_poetry => python-app-src-poetry/src/python_app_src_poetry}/__init__.py (100%) rename examples/fixtures/{python3.9-app-src-poetry => python-app-src-poetry}/tests/__init__.py (100%) rename examples/fixtures/{python3.8-app1 => python-app1}/dir1/dir2/ignore2.txt (100%) rename examples/fixtures/{python3.8-app1 => python-app1}/docker/Dockerfile (87%) rename examples/fixtures/{python3.8-app1 => python-app1}/docker/automake-1.13-to-1.16-spec.patch (100%) rename examples/fixtures/{python3.8-app1 => python-app1}/docker/entrypoint.sh (100%) rename examples/fixtures/{python3.9-app-poetry => python-app1}/ignore_please.txt (100%) rename examples/fixtures/{python3.8-app1 => python-app1}/index.py (100%) rename examples/fixtures/{python3.8-app1 => python-app1}/requirements.txt (100%) rename examples/fixtures/{python3.8-app2 => python-app2}/index.py (100%) create mode 100644 examples/fixtures/python-zip/existing_package.zip delete mode 100644 examples/fixtures/python3.9-app-poetry/index.py diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 936a1c28..74e21201 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.89.1 + rev: v1.91.0 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/README.md b/README.md index 8387b1ca..d28a8b57 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ module "lambda_function" { function_name = "my-lambda1" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" source_path = "../src/lambda-function1" @@ -56,7 +56,7 @@ module "lambda_function" { function_name = "lambda-with-layer" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" publish = true source_path = "../src/lambda-function1" @@ -84,7 +84,7 @@ module "lambda_layer_s3" { layer_name = "lambda-layer-s3" description = "My amazing lambda layer (deployed from S3)" - compatible_runtimes = ["python3.8"] + compatible_runtimes = ["python3.12"] source_path = "../src/lambda-layer" @@ -102,7 +102,7 @@ module "lambda_function_existing_package_local" { function_name = "my-lambda-existing-package-local" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" create_package = false local_existing_package = "../existing_package.zip" @@ -126,7 +126,7 @@ module "lambda_function_externally_managed_package" { function_name = "my-lambda-externally-managed-package" description = "My lambda function code is deployed separately" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" create_package = false local_existing_package = "./lambda_functions/code.zip" @@ -161,7 +161,7 @@ module "lambda_function_existing_package_s3" { function_name = "my-lambda-existing-package-local" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" create_package = false s3_existing_package = { @@ -197,9 +197,9 @@ module "lambda_layer_local" { layer_name = "my-layer-local" description = "My amazing lambda layer (deployed from local)" - compatible_runtimes = ["python3.8"] + compatible_runtimes = ["python3.12"] - source_path = "../fixtures/python3.8-app1" + source_path = "../fixtures/python-app1" } module "lambda_layer_s3" { @@ -209,9 +209,9 @@ module "lambda_layer_s3" { layer_name = "my-layer-s3" description = "My amazing lambda layer (deployed from S3)" - compatible_runtimes = ["python3.8"] + compatible_runtimes = ["python3.12"] - source_path = "../fixtures/python3.8-app1" + source_path = "../fixtures/python-app1" store_on_s3 = true s3_bucket = "my-bucket-id-with-lambda-builds" @@ -231,9 +231,9 @@ module "lambda_at_edge" { function_name = "my-lambda-at-edge" description = "My awesome lambda@edge function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" - source_path = "../fixtures/python3.8-app1" + source_path = "../fixtures/python-app1" tags = { Module = "lambda-at-edge" @@ -250,9 +250,9 @@ module "lambda_function_in_vpc" { function_name = "my-lambda-in-vpc" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" - source_path = "../fixtures/python3.8-app1" + source_path = "../fixtures/python-app1" vpc_subnet_ids = module.vpc.intra_subnets vpc_security_group_ids = [module.vpc.default_security_group_id] @@ -396,12 +396,12 @@ source_path = [ "!.*/.*\\.txt", # Skip all txt files recursively ] }, { - path = "src/python3.8-app1", + path = "src/python-app1", pip_requirements = true, pip_tmp_dir = "/tmp/dir/location" prefix_in_zip = "foo/bar1", }, { - path = "src/python3.8-app2", + path = "src/python-app2", pip_requirements = "requirements-large.txt", patterns = [ "!vendor/colorful-0.5.4.dist-info/RECORD", @@ -414,7 +414,7 @@ source_path = [ npm_tmp_dir = "/tmp/dir/location" prefix_in_zip = "foo/bar1", }, { - path = "src/python3.8-app3", + path = "src/python-app3", commands = [ "npm install", ":zip" @@ -424,7 +424,7 @@ source_path = [ "node_modules/.+", # Include all node_modules ], }, { - path = "src/python3.8-app3", + path = "src/python-app3", commands = ["go build"], patterns = <"] diff --git a/examples/fixtures/python3.9-app-src-poetry/README.md b/examples/fixtures/python-app-src-poetry/README.md similarity index 100% rename from examples/fixtures/python3.9-app-src-poetry/README.md rename to examples/fixtures/python-app-src-poetry/README.md diff --git a/examples/fixtures/python3.9-app-src-poetry/poetry.lock b/examples/fixtures/python-app-src-poetry/poetry.lock similarity index 100% rename from examples/fixtures/python3.9-app-src-poetry/poetry.lock rename to examples/fixtures/python-app-src-poetry/poetry.lock diff --git a/examples/fixtures/python3.9-app-src-poetry/pyproject.toml b/examples/fixtures/python-app-src-poetry/pyproject.toml similarity index 72% rename from examples/fixtures/python3.9-app-src-poetry/pyproject.toml rename to examples/fixtures/python-app-src-poetry/pyproject.toml index 2b890b79..7ceca4c4 100644 --- a/examples/fixtures/python3.9-app-src-poetry/pyproject.toml +++ b/examples/fixtures/python-app-src-poetry/pyproject.toml @@ -1,10 +1,10 @@ [tool.poetry] -name = "python3-9-app-src-poetry" +name = "python-app-src-poetry" version = "0.1.0" description = "" authors = ["Your Name "] readme = "README.md" -packages = [{include = "python39_app_src_poetry", from = "src"}] +packages = [{include = "python_app_src_poetry", from = "src"}] [tool.poetry.dependencies] python = "^3.9" diff --git a/examples/fixtures/python3.9-app-src-poetry/src/python39_app_src_poetry/__init__.py b/examples/fixtures/python-app-src-poetry/src/python_app_src_poetry/__init__.py similarity index 100% rename from examples/fixtures/python3.9-app-src-poetry/src/python39_app_src_poetry/__init__.py rename to examples/fixtures/python-app-src-poetry/src/python_app_src_poetry/__init__.py diff --git a/examples/fixtures/python3.9-app-src-poetry/tests/__init__.py b/examples/fixtures/python-app-src-poetry/tests/__init__.py similarity index 100% rename from examples/fixtures/python3.9-app-src-poetry/tests/__init__.py rename to examples/fixtures/python-app-src-poetry/tests/__init__.py diff --git a/examples/fixtures/python3.8-app1/dir1/dir2/ignore2.txt b/examples/fixtures/python-app1/dir1/dir2/ignore2.txt similarity index 100% rename from examples/fixtures/python3.8-app1/dir1/dir2/ignore2.txt rename to examples/fixtures/python-app1/dir1/dir2/ignore2.txt diff --git a/examples/fixtures/python3.8-app1/docker/Dockerfile b/examples/fixtures/python-app1/docker/Dockerfile similarity index 87% rename from examples/fixtures/python3.8-app1/docker/Dockerfile rename to examples/fixtures/python-app1/docker/Dockerfile index aeab9fee..fa0eb25f 100644 --- a/examples/fixtures/python3.8-app1/docker/Dockerfile +++ b/examples/fixtures/python-app1/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM public.ecr.aws/sam/build-python3.8 as build +FROM public.ecr.aws/sam/build-python3.12 as build LABEL maintainer="Betajob AS" \ description="Patched AWS Lambda build container" @@ -20,7 +20,7 @@ RUN \ && rpmbuild -ba SPECS/automake.spec --nocheck \ && yum install -y RPMS/noarch/* -FROM public.ecr.aws/sam/build-python3.8 +FROM public.ecr.aws/sam/build-python3.12 COPY --from=build /root/rpmbuild/RPMS/noarch/*.rpm . RUN yum install -y *.rpm \ && rm *.rpm diff --git a/examples/fixtures/python3.8-app1/docker/automake-1.13-to-1.16-spec.patch b/examples/fixtures/python-app1/docker/automake-1.13-to-1.16-spec.patch similarity index 100% rename from examples/fixtures/python3.8-app1/docker/automake-1.13-to-1.16-spec.patch rename to examples/fixtures/python-app1/docker/automake-1.13-to-1.16-spec.patch diff --git a/examples/fixtures/python3.8-app1/docker/entrypoint.sh b/examples/fixtures/python-app1/docker/entrypoint.sh similarity index 100% rename from examples/fixtures/python3.8-app1/docker/entrypoint.sh rename to examples/fixtures/python-app1/docker/entrypoint.sh diff --git a/examples/fixtures/python3.9-app-poetry/ignore_please.txt b/examples/fixtures/python-app1/ignore_please.txt similarity index 100% rename from examples/fixtures/python3.9-app-poetry/ignore_please.txt rename to examples/fixtures/python-app1/ignore_please.txt diff --git a/examples/fixtures/python3.8-app1/index.py b/examples/fixtures/python-app1/index.py similarity index 100% rename from examples/fixtures/python3.8-app1/index.py rename to examples/fixtures/python-app1/index.py diff --git a/examples/fixtures/python3.8-app1/requirements.txt b/examples/fixtures/python-app1/requirements.txt similarity index 100% rename from examples/fixtures/python3.8-app1/requirements.txt rename to examples/fixtures/python-app1/requirements.txt diff --git a/examples/fixtures/python3.8-app2/index.py b/examples/fixtures/python-app2/index.py similarity index 100% rename from examples/fixtures/python3.8-app2/index.py rename to examples/fixtures/python-app2/index.py diff --git a/examples/fixtures/python-zip/existing_package.zip b/examples/fixtures/python-zip/existing_package.zip new file mode 100644 index 0000000000000000000000000000000000000000..d713a91254d967fb6e5e8b58f854a700a88306ec GIT binary patch literal 348 zcmWIWW@Zs#U|`^2xSq8;z@k;!#}CL00gEs&Wag!$R_GN}dVBf?pYS~6>*d*V-s6n- zNl)EN9=hIVwJ!#GoI9`WxmM%imPbJhO-+l=>=EKs?Y}Z-PEG5UMSo&ik2EnkyQ=!? zZ72!M^2`jJ#}uJ0&JX~%Q*Y(YfP+gPFVh3s2f~6toSB}NUz8eOkdvBNoT^t+QNn%l zgie^p=`)_88s|>vpY;qpaaupn!z=W}8SitNzMj5}Mj}GplZ=f{2YubK186uSlL#|z uF9B@;gC&h13g$s%UDzB2(Zj&7q_G5~3*CtU-mGjOB}_nA3ZyTBI1B*cYGn2R literal 0 HcmV?d00001 diff --git a/examples/fixtures/python3.9-app-poetry/index.py b/examples/fixtures/python3.9-app-poetry/index.py deleted file mode 100644 index 396c5054..00000000 --- a/examples/fixtures/python3.9-app-poetry/index.py +++ /dev/null @@ -1,4 +0,0 @@ -def lambda_handler(event, context): - print("Hello from app1!") - - return event diff --git a/examples/multiple-regions/main.tf b/examples/multiple-regions/main.tf index dd2e229c..d30e1c2a 100644 --- a/examples/multiple-regions/main.tf +++ b/examples/multiple-regions/main.tf @@ -27,10 +27,10 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda1" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" publish = true - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" attach_dead_letter_policy = true dead_letter_target_arn = aws_sqs_queue.dlq.arn @@ -124,10 +124,10 @@ module "lambda_function_another_region" { function_name = "${random_pet.this.id}-lambda1" description = "Copy of my awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" publish = true - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" attach_dead_letter_policy = true dead_letter_target_arn = aws_sqs_queue.dlq_us_east_1.arn diff --git a/examples/simple-cicd/main.tf b/examples/simple-cicd/main.tf index 66afc150..deefc9aa 100644 --- a/examples/simple-cicd/main.tf +++ b/examples/simple-cicd/main.tf @@ -1,6 +1,5 @@ provider "aws" { region = "eu-west-1" - # region = "us-east-1" # Make it faster by skipping something skip_metadata_api_check = true @@ -17,10 +16,10 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda-simple" handler = "index.lambda_handler" - runtime = "python3.10" + runtime = "python3.12" source_path = [ - "${path.module}/src/python3.10-app1", + "${path.module}/src/python-app1", ] trigger_on_package_timestamp = false } diff --git a/examples/simple-cicd/test.sh b/examples/simple-cicd/test.sh index 90ce9804..64cfbf57 100755 --- a/examples/simple-cicd/test.sh +++ b/examples/simple-cicd/test.sh @@ -65,7 +65,7 @@ terraform() { :note "Preparing ..." rm -rf src mkdir -p src -cp -r "../fixtures/python3.10-app1" src +cp -r "../fixtures/python-app1" src terraform init :echo "Destroy / Remove ZIP files" terraform destroy @@ -96,7 +96,7 @@ rm -rf builds 2>/dev/null || true :note "Starting Part 2: Check that CICD environment will detect diff if lambda code changes" :note "Change the source code / Remove 'builds' dir" -echo "" >> src/python3.10-app1/index.py +echo "" >> src/python-app1/index.py rm -rf builds :case "Plan / Expect diff" && { diff --git a/examples/simple/main.tf b/examples/simple/main.tf index ab9aba1a..20c51910 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -17,12 +17,12 @@ resource "random_pet" "this" { # # function_name = "${random_pet.this.id}-lambda-edge" # handler = "index.lambda_handler" -# runtime = "python3.8" +# runtime = "python3.12" # lambda_at_edge = true # # attach_cloudwatch_logs_policy = true # -# source_path = "${path.module}/../fixtures/python3.8-app1/" +# source_path = "${path.module}/../fixtures/python-app1/" #} #resource "aws_cloudwatch_log_group" "this" { @@ -36,7 +36,7 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda-simple" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" # role_maximum_session_duration = 7200 @@ -87,51 +87,51 @@ module "lambda_function" { # } # } - # source_path = "${path.module}/../fixtures/python3.8-app1/" + # source_path = "${path.module}/../fixtures/python-app1/" # source_path = [ - # "${path.module}/../fixtures/python3.8-app1/index.py", + # "${path.module}/../fixtures/python-app1/index.py", # { - # pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" + # pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" # prefix_in_zip = "vendor" # } # ] # source_path = [ - # "${path.module}/../fixtures/python3.8-app1/index.py", - # "${path.module}/../fixtures/python3.8-app1/dir1/dir2", + # "${path.module}/../fixtures/python-app1/index.py", + # "${path.module}/../fixtures/python-app1/dir1/dir2", # { - # pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" + # pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" # } # ] # source_path = [ # { - # path = "${path.module}/../fixtures/python3.8-app1" + # path = "${path.module}/../fixtures/python-app1" # } # ] # source_path = [ # { - # path = "${path.module}/../fixtures/python3.8-app1" + # path = "${path.module}/../fixtures/python-app1" # pip_requirements = false # } # ] # source_path = [ # { - # path = "${path.module}/../fixtures/python3.8-app1" + # path = "${path.module}/../fixtures/python-app1" # pip_requirements = true # } # ] # source_path = [ # { - # path = "${path.module}/../fixtures/python3.8-app1" + # path = "${path.module}/../fixtures/python-app1" # commands = [ # ":zip", # "cd `mktemp -d`", - # "pip install --target=. -r ${path.module}/../fixtures/python3.8-app1/requirements.txt", + # "pip install --target=. -r ${path.module}/../fixtures/python-app1/requirements.txt", # ":zip . vendor/", # ] # patterns = [ @@ -144,12 +144,12 @@ module "lambda_function" { source_path = [ # { - # pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" + # pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" # pip_requirements = "${path.module}/../deploy/requirements.txt" # }, - "${path.module}/../fixtures/python3.8-app1/index.py", + "${path.module}/../fixtures/python-app1/index.py", # { - # path = "${path.module}/../fixtures/python3.8-app1/index.py" + # path = "${path.module}/../fixtures/python-app1/index.py" # patterns = < Date: Fri, 7 Jun 2024 21:21:22 +0000 Subject: [PATCH 325/385] chore(release): version 7.5.0 [skip ci] ## [7.5.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.4.0...v7.5.0) (2024-06-07) ### Features * Renamed python3.8-11 to python3.12 in examples, added tag to resources ([#583](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/583)) ([02ab668](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/02ab668458c87792861a54f54fd1b00e97afcc68)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index de1304e2..fc0d1019 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.5.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.4.0...v7.5.0) (2024-06-07) + + +### Features + +* Renamed python3.8-11 to python3.12 in examples, added tag to resources ([#583](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/583)) ([02ab668](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/02ab668458c87792861a54f54fd1b00e97afcc68)) + ## [7.4.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.3.0...v7.4.0) (2024-05-03) From 3aa288fee324e64a8db409e5a32abaeebe38e6c2 Mon Sep 17 00:00:00 2001 From: Morgan Chorlton <32246773+morganchorlton3@users.noreply.github.com> Date: Wed, 12 Jun 2024 09:03:57 +0100 Subject: [PATCH 326/385] feat: Support passing extra args to poetry export (#584) --- README.md | 1 + package.py | 49 ++++++++++++++++++++++++++++++++++--------------- 2 files changed, 35 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index d28a8b57..7fdbe539 100644 --- a/README.md +++ b/README.md @@ -459,6 +459,7 @@ source_path = [ - `pip_requirements` - Controls whether to execute `pip install`. Set to `false` to disable this feature, `true` to run `pip install` with `requirements.txt` found in `path`. Or set to another filename which you want to use instead. When `source_path` is passed as a string containing a path (and not a list of maps), and `requirements.txt` is present, `pip install` is automatically executed. - `pip_tmp_dir` - Set the base directory to make the temporary directory for pip installs. Can be useful for Docker in Docker builds. - `poetry_install` - Controls whether to execute `poetry export` and `pip install`. Set to `false` to disable this feature, `true` to run `poetry export` with `pyproject.toml` and `poetry.lock` found in `path`. When `source_path` is passed as a string containing a path (and not a list of maps), and `pyproject.toml` with a build system `poetry` is present, `poetry export` and `pip install` are automatically executed. +- `poetry_export_extra_args` - A list of additional poetry arguments to add to the poetry export command - `npm_requirements` - Controls whether to execute `npm install`. Set to `false` to disable this feature, `true` to run `npm install` with `package.json` found in `path`. Or set to another filename which you want to use instead. - `npm_tmp_dir` - Set the base directory to make the temporary directory for npm installs. Can be useful for Docker in Docker builds. - `prefix_in_zip` - If specified, will be used as a prefix inside zip-archive. By default, everything installs into the root of zip-archive. diff --git a/package.py b/package.py index 7e96d784..1552e8e2 100644 --- a/package.py +++ b/package.py @@ -693,7 +693,9 @@ def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): step("pip", runtime, requirements, prefix, tmp_dir) hash(requirements) - def poetry_install_step(path, prefix=None, required=False): + def poetry_install_step( + path, poetry_export_extra_args=[], prefix=None, required=False + ): pyproject_file = path if os.path.isdir(path): pyproject_file = os.path.join(path, "pyproject.toml") @@ -703,7 +705,7 @@ def poetry_install_step(path, prefix=None, required=False): "poetry configuration not found: {}".format(pyproject_file) ) else: - step("poetry", runtime, path, prefix) + step("poetry", runtime, path, poetry_export_extra_args, prefix) hash(pyproject_file) pyproject_path = os.path.dirname(pyproject_file) poetry_lock_file = os.path.join(pyproject_path, "poetry.lock") @@ -807,6 +809,7 @@ def commands_step(path, commands): prefix = claim.get("prefix_in_zip") pip_requirements = claim.get("pip_requirements") poetry_install = claim.get("poetry_install") + poetry_export_extra_args = claim.get("poetry_export_extra_args", []) npm_requirements = claim.get("npm_package_json") runtime = claim.get("runtime", query.runtime) @@ -828,7 +831,12 @@ def commands_step(path, commands): if poetry_install and runtime.startswith("python"): if path: - poetry_install_step(path, prefix, required=True) + poetry_install_step( + path, + prefix=prefix, + poetry_export_extra_args=poetry_export_extra_args, + required=True, + ) if npm_requirements and runtime.startswith("nodejs"): if isinstance(npm_requirements, bool) and path: @@ -898,8 +906,16 @@ def execute(self, build_plan, zip_stream, query): # XXX: timestamp=0 - what actually do with it? zs.write_dirs(rd, prefix=prefix, timestamp=0) elif cmd == "poetry": - runtime, path, prefix = action[1:] - with install_poetry_dependencies(query, path) as rd: + ( + runtime, + path, + poetry_export_extra_args, + prefix, + ) = action[1:] + log.info("poetry_export_extra_args: %s", poetry_export_extra_args) + with install_poetry_dependencies( + query, path, poetry_export_extra_args + ) as rd: if rd: if pf: self._zip_write_with_filter(zs, pf, rd, prefix, timestamp=0) @@ -1094,7 +1110,7 @@ def install_pip_requirements(query, requirements_file, tmp_dir): @contextmanager -def install_poetry_dependencies(query, path): +def install_poetry_dependencies(query, path, poetry_export_extra_args): # TODO: # 1. Emit files instead of temp_dir @@ -1183,6 +1199,17 @@ def copy_file_to_target(file, temp_dir): # NOTE: poetry must be available in the build environment, which is the case with lambci/lambda:build-python* docker images but not public.ecr.aws/sam/build-python* docker images # FIXME: poetry install does not currently allow to specify the target directory so we export the # requirements then install them with "pip --no-deps" to avoid using pip dependency resolver + + poetry_export = [ + poetry_exec, + "export", + "--format", + "requirements.txt", + "--output", + "requirements.txt", + "--with-credentials", + ] + poetry_export_extra_args + poetry_commands = [ [ poetry_exec, @@ -1198,15 +1225,7 @@ def copy_file_to_target(file, temp_dir): "virtualenvs.in-project", "true", ], - [ - poetry_exec, - "export", - "--format", - "requirements.txt", - "--output", - "requirements.txt", - "--with-credentials", - ], + poetry_export, [ python_exec, "-m", From 3aa5b7ef58095ab1217c81a756f54501dd21d9e1 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 12 Jun 2024 08:04:33 +0000 Subject: [PATCH 327/385] chore(release): version 7.6.0 [skip ci] ## [7.6.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.5.0...v7.6.0) (2024-06-12) ### Features * Support passing extra args to poetry export ([#584](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/584)) ([3aa288f](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/3aa288fee324e64a8db409e5a32abaeebe38e6c2)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fc0d1019..0a859646 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.6.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.5.0...v7.6.0) (2024-06-12) + + +### Features + +* Support passing extra args to poetry export ([#584](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/584)) ([3aa288f](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/3aa288fee324e64a8db409e5a32abaeebe38e6c2)) + ## [7.5.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.4.0...v7.5.0) (2024-06-07) From 6549ca1301c74880e41440aa314e732739283e8a Mon Sep 17 00:00:00 2001 From: Alexandra Boarna <69867920+aleboarna@users.noreply.github.com> Date: Tue, 18 Jun 2024 10:41:41 +0300 Subject: [PATCH 328/385] feat: Added support for alias to have multiple filter criteria same as function (#585) --- modules/alias/main.tf | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/alias/main.tf b/modules/alias/main.tf index c2151c9f..b5f24f0f 100644 --- a/modules/alias/main.tf +++ b/modules/alias/main.tf @@ -167,8 +167,12 @@ resource "aws_lambda_event_source_mapping" "this" { for_each = try(each.value.filter_criteria, null) != null ? [true] : [] content { - filter { - pattern = try(each.value["filter_criteria"].pattern, null) + dynamic "filter" { + for_each = try(flatten([each.value.filter_criteria]), []) + + content { + pattern = try(filter.value.pattern, null) + } } } } From b88a85627c84a4e9d1ad2a655455d10b386bc63f Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 18 Jun 2024 07:42:24 +0000 Subject: [PATCH 329/385] chore(release): version 7.7.0 [skip ci] ## [7.7.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.6.0...v7.7.0) (2024-06-18) ### Features * Added support for alias to have multiple filter criteria same as function ([#585](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/585)) ([6549ca1](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/6549ca1301c74880e41440aa314e732739283e8a)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0a859646..378fed3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.7.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.6.0...v7.7.0) (2024-06-18) + + +### Features + +* Added support for alias to have multiple filter criteria same as function ([#585](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/585)) ([6549ca1](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/6549ca1301c74880e41440aa314e732739283e8a)) + ## [7.6.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.5.0...v7.6.0) (2024-06-12) From a058372431c552a0cb740a76beffe77285edeb91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sass=20D=C3=A1vid?= <51000212+sassdavid@users.noreply.github.com> Date: Thu, 25 Jul 2024 11:36:25 +0200 Subject: [PATCH 330/385] fix: Always use absolute path to temp folders (#599) --- package.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/package.py b/package.py index 1552e8e2..ded4056e 100644 --- a/package.py +++ b/package.py @@ -124,11 +124,12 @@ def tempdir(dir=None): """Creates a temporary directory and then deletes it afterwards.""" prefix = "terraform-aws-lambda-" path = tempfile.mkdtemp(prefix=prefix, dir=dir) - cmd_log.info("mktemp -d %sXXXXXXXX # %s", prefix, shlex.quote(path)) + abs_path = os.path.abspath(path) + cmd_log.info("mktemp -d %sXXXXXXXX # %s", prefix, shlex.quote(abs_path)) try: - yield path + yield abs_path finally: - shutil.rmtree(path) + shutil.rmtree(abs_path) def list_files(top_path, log=None): From f48be17ec03a53b85b7da1f2ad8787792f2425ee Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 25 Jul 2024 09:36:53 +0000 Subject: [PATCH 331/385] chore(release): version 7.7.1 [skip ci] ## [7.7.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.7.0...v7.7.1) (2024-07-25) ### Bug Fixes * Always use absolute path to temp folders ([#599](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/599)) ([a058372](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/a058372431c552a0cb740a76beffe77285edeb91)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 378fed3f..2e64b424 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.7.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.7.0...v7.7.1) (2024-07-25) + + +### Bug Fixes + +* Always use absolute path to temp folders ([#599](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/599)) ([a058372](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/a058372431c552a0cb740a76beffe77285edeb91)) + ## [7.7.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.6.0...v7.7.0) (2024-06-18) From 36c61093dbb6114f9880d40b225e7f00f83493f9 Mon Sep 17 00:00:00 2001 From: catrielg <122532038+catrielg@users.noreply.github.com> Date: Fri, 23 Aug 2024 22:46:35 +0300 Subject: [PATCH 332/385] feat: Added the skip_destroy argument for functions (#600) Co-authored-by: Anton Babenko --- .pre-commit-config.yaml | 2 +- README.md | 1 + main.tf | 1 + variables.tf | 6 ++++++ wrappers/main.tf | 1 + 5 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 74e21201..3ae4b8ba 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.91.0 + rev: v1.92.2 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/README.md b/README.md index 7fdbe539..dbbf0fb1 100644 --- a/README.md +++ b/README.md @@ -855,6 +855,7 @@ No modules. | [s3\_object\_tags\_only](#input\_s3\_object\_tags\_only) | Set to true to not merge tags with s3\_object\_tags. Useful to avoid breaching S3 Object 10 tag limit. | `bool` | `false` | no | | [s3\_prefix](#input\_s3\_prefix) | Directory name where artifacts should be stored in the S3 bucket. If unset, the path from `artifacts_dir` is used | `string` | `null` | no | | [s3\_server\_side\_encryption](#input\_s3\_server\_side\_encryption) | Specifies server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms". | `string` | `null` | no | +| [skip\_destroy](#input\_skip\_destroy) | Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. Useful for Lambda@Edge functions attached to CloudFront distributions. | `bool` | `null` | no | | [snap\_start](#input\_snap\_start) | (Optional) Snap start settings for low-latency startups | `bool` | `false` | no | | [source\_path](#input\_source\_path) | The absolute path to a local file or directory containing your Lambda source code | `any` | `null` | no | | [store\_on\_s3](#input\_store\_on\_s3) | Whether to store produced artifacts on S3 or locally. | `bool` | `false` | no | diff --git a/main.tf b/main.tf index 855da1a4..fc231abe 100644 --- a/main.tf +++ b/main.tf @@ -41,6 +41,7 @@ resource "aws_lambda_function" "this" { code_signing_config_arn = var.code_signing_config_arn replace_security_groups_on_destroy = var.replace_security_groups_on_destroy replacement_security_group_ids = var.replacement_security_group_ids + skip_destroy = var.skip_destroy /* ephemeral_storage is not supported in gov-cloud region, so it should be set to `null` */ dynamic "ephemeral_storage" { diff --git a/variables.tf b/variables.tf index 42a18fe5..829019c7 100644 --- a/variables.tf +++ b/variables.tf @@ -254,6 +254,12 @@ variable "timeouts" { default = {} } +variable "skip_destroy" { + description = "Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. Useful for Lambda@Edge functions attached to CloudFront distributions." + type = bool + default = null +} + ############### # Function URL ############### diff --git a/wrappers/main.tf b/wrappers/main.tf index 6816a5e1..72695c41 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -119,6 +119,7 @@ module "wrapper" { s3_object_tags_only = try(each.value.s3_object_tags_only, var.defaults.s3_object_tags_only, false) s3_prefix = try(each.value.s3_prefix, var.defaults.s3_prefix, null) s3_server_side_encryption = try(each.value.s3_server_side_encryption, var.defaults.s3_server_side_encryption, null) + skip_destroy = try(each.value.skip_destroy, var.defaults.skip_destroy, null) snap_start = try(each.value.snap_start, var.defaults.snap_start, false) source_path = try(each.value.source_path, var.defaults.source_path, null) store_on_s3 = try(each.value.store_on_s3, var.defaults.store_on_s3, false) From a84d8af737ed7b5a23e241a8bba46011b8b5743b Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 23 Aug 2024 19:47:02 +0000 Subject: [PATCH 333/385] chore(release): version 7.8.0 [skip ci] ## [7.8.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.7.1...v7.8.0) (2024-08-23) ### Features * Added the skip_destroy argument for functions ([#600](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/600)) ([36c6109](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/36c61093dbb6114f9880d40b225e7f00f83493f9)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2e64b424..115c6b0a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.8.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.7.1...v7.8.0) (2024-08-23) + + +### Features + +* Added the skip_destroy argument for functions ([#600](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/600)) ([36c6109](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/36c61093dbb6114f9880d40b225e7f00f83493f9)) + ## [7.7.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.7.0...v7.7.1) (2024-07-25) From 801e69c08b74217e7f1319b128d5efd264162aaf Mon Sep 17 00:00:00 2001 From: PaC#man Date: Fri, 23 Aug 2024 15:02:24 -0500 Subject: [PATCH 334/385] fix: Fix package.py commands after :zip not being executed (#606) Co-authored-by: Anton Babenko --- examples/build-package/README.md | 1 + examples/build-package/main.tf | 25 +++++++++++++++++++++++++ package.py | 3 +++ tests/fixtures/node-app/index.js | 1 + tests/fixtures/node-app/package.json | 16 ++++++++++++++++ 5 files changed, 46 insertions(+) create mode 100644 tests/fixtures/node-app/index.js create mode 100644 tests/fixtures/node-app/package.json diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 671fa45c..e77c0c59 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -37,6 +37,7 @@ Note that this example may create resources which cost money. Run `terraform des | [lambda\_layer](#module\_lambda\_layer) | ../../ | n/a | | [lambda\_layer\_pip\_requirements](#module\_lambda\_layer\_pip\_requirements) | ../.. | n/a | | [lambda\_layer\_poetry](#module\_lambda\_layer\_poetry) | ../../ | n/a | +| [npm\_package\_with\_commands\_and\_patterns](#module\_npm\_package\_with\_commands\_and\_patterns) | ../../ | n/a | | [package\_dir](#module\_package\_dir) | ../../ | n/a | | [package\_dir\_pip\_dir](#module\_package\_dir\_pip\_dir) | ../../ | n/a | | [package\_dir\_poetry](#module\_package\_dir\_poetry) | ../../ | n/a | diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 4c4ecb71..7119a5d5 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -244,6 +244,31 @@ module "package_with_commands_and_patterns" { ] } +# Some use cases might require the production packages are deployed while maintaining local node_modules folder +# This example saves the node_modules folder by moving it to an ignored directory +# After the zip file is created with production node_modules, the dev node_modules folder is restored +module "npm_package_with_commands_and_patterns" { + source = "../../" + + create_function = false + + runtime = "nodejs18.x" + source_path = [ + { + path = "${path.module}/../fixtures/node-app" + commands = [ + "[ ! -d node_modules ] || mv node_modules node_modules_temp", + "npm install --production", + ":zip", + "rm -rf node_modules", + "[ ! -d node_modules_temp ] || mv node_modules_temp node_modules", + ] + patterns = [ + "!node_modules_temp/.*" + ] + } + ] +} # Create zip-archive with various sources and patterns. # Note, that it is possible to write comments in patterns. module "package_with_patterns" { diff --git a/package.py b/package.py index ded4056e..620be347 100644 --- a/package.py +++ b/package.py @@ -779,6 +779,9 @@ def commands_step(path, commands): ) else: batch.append(c) + if batch: + step("sh", path, "\n".join(batch)) + batch.clear() for claim in claims: if isinstance(claim, str): diff --git a/tests/fixtures/node-app/index.js b/tests/fixtures/node-app/index.js new file mode 100644 index 00000000..09d4352e --- /dev/null +++ b/tests/fixtures/node-app/index.js @@ -0,0 +1 @@ +// test diff --git a/tests/fixtures/node-app/package.json b/tests/fixtures/node-app/package.json new file mode 100644 index 00000000..1bd4d69d --- /dev/null +++ b/tests/fixtures/node-app/package.json @@ -0,0 +1,16 @@ +{ + "name": "app", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "ISC", + "dependencies": { + }, + "devDependencies": { + "axios": "^1.7.3" + } +} From 1d122404c2a3834ce39a7c5a319a3e754d5b0c29 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 23 Aug 2024 20:02:55 +0000 Subject: [PATCH 335/385] chore(release): version 7.8.1 [skip ci] ## [7.8.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.8.0...v7.8.1) (2024-08-23) ### Bug Fixes * Fix package.py commands after :zip not being executed ([#606](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/606)) ([801e69c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/801e69c08b74217e7f1319b128d5efd264162aaf)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 115c6b0a..230339a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.8.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.8.0...v7.8.1) (2024-08-23) + + +### Bug Fixes + +* Fix package.py commands after :zip not being executed ([#606](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/606)) ([801e69c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/801e69c08b74217e7f1319b128d5efd264162aaf)) + ## [7.8.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.7.1...v7.8.0) (2024-08-23) From a6fe4115ac96592ecbda27f72d42536da6518add Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 10 Sep 2024 14:39:20 -0700 Subject: [PATCH 336/385] feat: Added more examples for Rust, Go, Java runtimes (#612) Co-authored-by: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com> --- .pre-commit-config.yaml | 4 +- README.md | 9 +- examples/alias/README.md | 4 +- examples/async/README.md | 4 +- examples/build-package/README.md | 6 +- examples/code-signing/README.md | 4 +- examples/complete/README.md | 4 +- examples/container-image/README.md | 4 +- examples/deploy/README.md | 4 +- examples/event-source-mapping/README.md | 63 ++++++++++++ examples/fixtures/runtimes/go/.gitignore | 2 + examples/fixtures/runtimes/go/go.mod | 5 + examples/fixtures/runtimes/go/main.go | 23 +++++ examples/fixtures/runtimes/java21/.gitignore | 2 + .../fixtures/runtimes/java21/build.gradle | 40 ++++++++ .../java21/src/main/java/example/Handler.java | 19 ++++ examples/fixtures/runtimes/rust/.gitignore | 2 + examples/fixtures/runtimes/rust/Cargo.toml | 20 ++++ examples/fixtures/runtimes/rust/src/main.rs | 30 ++++++ examples/multiple-regions/README.md | 4 +- examples/runtimes/README.md | 68 +++++++++++++ examples/runtimes/checks.tf | 37 +++++++ examples/runtimes/main.tf | 98 +++++++++++++++++++ examples/runtimes/outputs.tf | 24 +++++ examples/runtimes/variables.tf | 0 examples/runtimes/versions.tf | 18 ++++ examples/simple-cicd/README.md | 4 +- examples/simple/README.md | 4 +- examples/triggers/README.md | 4 +- examples/with-efs/README.md | 4 +- examples/with-vpc-s3-endpoint/README.md | 4 +- examples/with-vpc/README.md | 4 +- modules/alias/README.md | 4 +- modules/deploy/README.md | 4 +- modules/docker-build/README.md | 4 +- 35 files changed, 495 insertions(+), 39 deletions(-) create mode 100644 examples/fixtures/runtimes/go/.gitignore create mode 100644 examples/fixtures/runtimes/go/go.mod create mode 100644 examples/fixtures/runtimes/go/main.go create mode 100644 examples/fixtures/runtimes/java21/.gitignore create mode 100644 examples/fixtures/runtimes/java21/build.gradle create mode 100644 examples/fixtures/runtimes/java21/src/main/java/example/Handler.java create mode 100644 examples/fixtures/runtimes/rust/.gitignore create mode 100644 examples/fixtures/runtimes/rust/Cargo.toml create mode 100644 examples/fixtures/runtimes/rust/src/main.rs create mode 100644 examples/runtimes/README.md create mode 100644 examples/runtimes/checks.tf create mode 100644 examples/runtimes/main.tf create mode 100644 examples/runtimes/outputs.tf create mode 100644 examples/runtimes/variables.tf create mode 100644 examples/runtimes/versions.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3ae4b8ba..7523e5a5 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.92.2 + rev: v1.94.3 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each @@ -29,3 +29,5 @@ repos: - id: check-merge-conflict - id: end-of-file-fixer - id: trailing-whitespace + - id: mixed-line-ending + args: [--fix=lf] diff --git a/README.md b/README.md index dbbf0fb1..8661d7ee 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ This Terraform module is the part of [serverless.tf framework](https://github.co ## Features - Build dependencies for your Lambda Function and Layer. -- Support builds locally and in Docker (with or without SSH agent support for private builds). +- Support builds locally and in Docker (with or without SSH agent support for private builds) for any runtime and architecture supported by AWS Lambda. - Create deployment package or deploy existing (previously built package) from local, from S3, from URL, or from AWS ECR repository. - Store deployment packages locally or in the S3 bucket. - Support almost all features of Lambda resources (function, layer, alias, etc.) @@ -384,7 +384,7 @@ When `source_path` is set to a list of directories the content of each will be t ### Combine various options for extreme flexibility -This is the most complete way of creating a deployment package from multiple sources with multiple dependencies. This example is showing some of the available options (see [examples/build-package](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) for more): +This is the most complete way of creating a deployment package from multiple sources with multiple dependencies. This example is showing some of the available options (see [examples/build-package](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) and [examples/runtimes](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/runtimes) for more): ```hcl source_path = [ @@ -643,6 +643,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo - [Complete](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/complete) - Create Lambda resources in various combinations with all supported features. - [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Create a Docker image with a platform specified in the Dockerfile (using [docker provider](https://registry.terraform.io/providers/kreuzwerker/docker)), push it to AWS ECR, and create Lambda function from it. - [Build and Package](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) - Build and create deployment packages in various ways. +- [Runtimes](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) - Build and create deployment packages for various runtimes (such as Rust, Go, Java). - [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create static and dynamic aliases in various ways. - [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Complete end-to-end build/update/deploy process using AWS CodeDeploy. - [Async Invocations](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/async) - Create Lambda Function with async event configuration (with SQS, SNS, and EventBridge integration). @@ -660,7 +661,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo - [1Mill/serverless-tf-examples](https://github.com/1Mill/serverless-tf-examples/tree/main/src) - + ## Requirements | Name | Version | @@ -904,7 +905,7 @@ No modules. | [lambda\_role\_unique\_id](#output\_lambda\_role\_unique\_id) | The unique id of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + ## Development diff --git a/examples/alias/README.md b/examples/alias/README.md index 6326614c..bc734f66 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -14,7 +14,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -83,4 +83,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/async/README.md b/examples/async/README.md index 40c6fbb9..5223af96 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -14,7 +14,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -72,4 +72,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/build-package/README.md b/examples/build-package/README.md index e77c0c59..f4856320 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -2,6 +2,8 @@ Configuration in this directory creates deployment packages in a variety of combinations. +Look into [Runtimes Examples](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/runtimes) for more ways to build and deploy AWS Lambda Functions using supported runtimes (Rust, Go, Java). + ## Usage To run this example you need to execute: @@ -14,7 +16,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -69,4 +71,4 @@ No inputs. ## Outputs No outputs. - + diff --git a/examples/code-signing/README.md b/examples/code-signing/README.md index feaa1b38..e1a5a692 100644 --- a/examples/code-signing/README.md +++ b/examples/code-signing/README.md @@ -14,7 +14,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -59,4 +59,4 @@ No inputs. | [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | | [lambda\_function\_signing\_job\_arn](#output\_lambda\_function\_signing\_job\_arn) | ARN of the signing job | | [lambda\_function\_signing\_profile\_version\_arn](#output\_lambda\_function\_signing\_profile\_version\_arn) | ARN of the signing profile version | - + diff --git a/examples/complete/README.md b/examples/complete/README.md index 92c3256b..eba6ef49 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -15,7 +15,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -92,4 +92,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 4ee6505a..4053da3a 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -14,7 +14,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -79,4 +79,4 @@ No inputs. | [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | | [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | - + diff --git a/examples/deploy/README.md b/examples/deploy/README.md index b900c919..198f5cf4 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -14,7 +14,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -63,4 +63,4 @@ No inputs. | [codedeploy\_iam\_role\_name](#output\_codedeploy\_iam\_role\_name) | Name of IAM role used by CodeDeploy | | [deploy\_script](#output\_deploy\_script) | Path to a deployment script | | [script](#output\_script) | Deployment script | - + diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md index 0f34132e..fcf53677 100644 --- a/examples/event-source-mapping/README.md +++ b/examples/event-source-mapping/README.md @@ -13,3 +13,66 @@ $ terraform apply ``` Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 5.32 | +| [random](#requirement\_random) | >= 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 5.32 | +| [random](#provider\_random) | >= 2.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | + +## Resources + +| Name | Type | +|------|------| +| [aws_dynamodb_table.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource | +| [aws_kinesis_stream.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_stream) | resource | +| [aws_mq_broker.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker) | resource | +| [aws_secretsmanager_secret.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource | +| [aws_secretsmanager_secret_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource | +| [aws_sqs_queue.failure](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | +| [aws_sqs_queue.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | +| [random_password.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | +| [aws_organizations_organization.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [lambda\_event\_source\_mapping\_function\_arn](#output\_lambda\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | +| [lambda\_event\_source\_mapping\_state](#output\_lambda\_event\_source\_mapping\_state) | The state of the event source mapping | +| [lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | +| [lambda\_event\_source\_mapping\_uuid](#output\_lambda\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | +| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | + diff --git a/examples/fixtures/runtimes/go/.gitignore b/examples/fixtures/runtimes/go/.gitignore new file mode 100644 index 00000000..2da3a426 --- /dev/null +++ b/examples/fixtures/runtimes/go/.gitignore @@ -0,0 +1,2 @@ +go.sum +bootstrap diff --git a/examples/fixtures/runtimes/go/go.mod b/examples/fixtures/runtimes/go/go.mod new file mode 100644 index 00000000..c572c2e4 --- /dev/null +++ b/examples/fixtures/runtimes/go/go.mod @@ -0,0 +1,5 @@ +module main + +go 1.22.6 + +require github.com/aws/aws-lambda-go v1.47.0 // indirect diff --git a/examples/fixtures/runtimes/go/main.go b/examples/fixtures/runtimes/go/main.go new file mode 100644 index 00000000..6a5defa1 --- /dev/null +++ b/examples/fixtures/runtimes/go/main.go @@ -0,0 +1,23 @@ +package main + +import ( + "context" + "fmt" + "github.com/aws/aws-lambda-go/lambda" +) + +type MyEvent struct { + Name string `json:"name"` +} + +func HandleRequest(ctx context.Context, event *MyEvent) (*string, error) { + if event == nil { + return nil, fmt.Errorf("received nil event") + } + message := fmt.Sprintf("Hello %s! serverless.tf was here!", event.Name) + return &message, nil +} + +func main() { + lambda.Start(HandleRequest) +} diff --git a/examples/fixtures/runtimes/java21/.gitignore b/examples/fixtures/runtimes/java21/.gitignore new file mode 100644 index 00000000..67bcc2f7 --- /dev/null +++ b/examples/fixtures/runtimes/java21/.gitignore @@ -0,0 +1,2 @@ +.gradle/ +build/ diff --git a/examples/fixtures/runtimes/java21/build.gradle b/examples/fixtures/runtimes/java21/build.gradle new file mode 100644 index 00000000..53f6f6ee --- /dev/null +++ b/examples/fixtures/runtimes/java21/build.gradle @@ -0,0 +1,40 @@ +plugins { + id 'java' +} + +repositories { + mavenCentral() +} + +dependencies { + implementation 'com.amazonaws:aws-lambda-java-core:1.2.1' + implementation 'org.slf4j:slf4j-nop:2.0.6' + implementation 'com.fasterxml.jackson.core:jackson-databind:2.17.0' + testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.2' + testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.8.2' +} + +test { + useJUnitPlatform() +} + +// Using terraform-aws-lambda module, there is no need to make Zip archive by Gradle. Terraform AWS module will make it for you. +// task buildZip(type: Zip) { +// from compileJava +// from processResources +// into('lib') { +// from configurations.runtimeClasspath +// } +// } + +task copyFiles(type: Copy) { + into("$buildDir/output") + + from sourceSets.main.output + + into('lib') { + from configurations.runtimeClasspath + } +} + +build.dependsOn copyFiles diff --git a/examples/fixtures/runtimes/java21/src/main/java/example/Handler.java b/examples/fixtures/runtimes/java21/src/main/java/example/Handler.java new file mode 100644 index 00000000..08b14d81 --- /dev/null +++ b/examples/fixtures/runtimes/java21/src/main/java/example/Handler.java @@ -0,0 +1,19 @@ +package example; + +import com.amazonaws.services.lambda.runtime.Context; +import com.amazonaws.services.lambda.runtime.LambdaLogger; +import com.amazonaws.services.lambda.runtime.RequestHandler; + +import java.util.Map; + +// Handler value: example.Handler +public class Handler implements RequestHandler, String>{ + + @Override + public String handleRequest(Map event, Context context) + { + LambdaLogger logger = context.getLogger(); + logger.log("EVENT TYPE: " + event.getClass()); + return "Hello from serverless.tf!!!"; + } +} diff --git a/examples/fixtures/runtimes/rust/.gitignore b/examples/fixtures/runtimes/rust/.gitignore new file mode 100644 index 00000000..96ef6c0b --- /dev/null +++ b/examples/fixtures/runtimes/rust/.gitignore @@ -0,0 +1,2 @@ +/target +Cargo.lock diff --git a/examples/fixtures/runtimes/rust/Cargo.toml b/examples/fixtures/runtimes/rust/Cargo.toml new file mode 100644 index 00000000..781f306b --- /dev/null +++ b/examples/fixtures/runtimes/rust/Cargo.toml @@ -0,0 +1,20 @@ +[package] +name = "rust-app1" +version = "0.1.0" +edition = "2021" + +# Starting in Rust 1.62 you can use `cargo add` to add dependencies +# to your project. +# +# If you're using an older Rust version, +# download cargo-edit(https://github.com/killercup/cargo-edit#installation) +# to install the `add` subcommand. +# +# Running `cargo add DEPENDENCY_NAME` will +# add the latest version of a dependency to the list, +# and it will keep the alphabetic ordering for you. + +[dependencies] +lambda_http = "0.13.0" + +tokio = { version = "1", features = ["macros"] } diff --git a/examples/fixtures/runtimes/rust/src/main.rs b/examples/fixtures/runtimes/rust/src/main.rs new file mode 100644 index 00000000..4432a31c --- /dev/null +++ b/examples/fixtures/runtimes/rust/src/main.rs @@ -0,0 +1,30 @@ +use lambda_http::{run, service_fn, tracing, Body, Error, Request, RequestExt, Response}; + +/// This is the main body for the function. +/// Write your code inside it. +/// There are some code example in the following URLs: +/// - https://github.com/awslabs/aws-lambda-rust-runtime/tree/main/examples +async fn function_handler(event: Request) -> Result, Error> { + // Extract some useful information from the request + let who = event + .query_string_parameters_ref() + .and_then(|params| params.first("name")) + .unwrap_or("world"); + let message = format!("Hello {who}, this is an AWS Lambda HTTP request. serverless.tf was here!"); + + // Return something that implements IntoResponse. + // It will be serialized to the right response event automatically by the runtime + let resp = Response::builder() + .status(200) + .header("content-type", "text/html") + .body(message.into()) + .map_err(Box::new)?; + Ok(resp) +} + +#[tokio::main] +async fn main() -> Result<(), Error> { + tracing::init_default_subscriber(); + + run(service_fn(function_handler)).await +} diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index af982fc8..52da31c0 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -15,7 +15,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -75,4 +75,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/runtimes/README.md b/examples/runtimes/README.md new file mode 100644 index 00000000..7455299d --- /dev/null +++ b/examples/runtimes/README.md @@ -0,0 +1,68 @@ +# Runtimes Examples + +Configuration in this directory creates deployment packages for [various runtimes and programming languages (Rust, Go, Java)](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). + +Each runtime is executable by calling created Lambda Functions at the end. + +Look into [Build Package Examples](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) for more ways to build package (regardless of the runtime). + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.2 | +| [aws](#requirement\_aws) | >= 5.32 | +| [http](#requirement\_http) | >= 3.0 | +| [random](#requirement\_random) | >= 3.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 5.32 | +| [http](#provider\_http) | >= 3.0 | +| [random](#provider\_random) | >= 3.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [go\_lambda\_function](#module\_go\_lambda\_function) | ../../ | n/a | +| [java21\_lambda\_function](#module\_java21\_lambda\_function) | ../../ | n/a | +| [rust\_lambda\_function](#module\_rust\_lambda\_function) | ../../ | n/a | + +## Resources + +| Name | Type | +|------|------| +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_lambda_invocation.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_invocation) | data source | +| [http_http.this](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [go\_lambda\_function\_url](#output\_go\_lambda\_function\_url) | The URL of the Lambda Function in Go | +| [java21\_lambda\_function\_arn](#output\_java21\_lambda\_function\_arn) | The ARN of the Lambda Function in Java 21 | +| [lambda\_function\_result](#output\_lambda\_function\_result) | The results of the Lambda Function calls | +| [lambda\_function\_status\_codes](#output\_lambda\_function\_status\_codes) | The status codes of the Lambda Function calls | +| [rust\_lambda\_function\_url](#output\_rust\_lambda\_function\_url) | The URL of the Lambda Function in Rust | + diff --git a/examples/runtimes/checks.tf b/examples/runtimes/checks.tf new file mode 100644 index 00000000..cbf0f2b8 --- /dev/null +++ b/examples/runtimes/checks.tf @@ -0,0 +1,37 @@ +locals { + successful_response_keyword = "serverless.tf" +} + +data "http" "this" { + for_each = { + rust = module.rust_lambda_function.lambda_function_url, + go = module.go_lambda_function.lambda_function_url, + } + + url = each.value + + lifecycle { + postcondition { + condition = length(regexall(local.successful_response_keyword, self.response_body)) > 0 + error_message = "${each.key}: ${local.successful_response_keyword} should be in the response." + } + } +} + +# I don't know how to make Java21 example to work with Lambda Function URL, so using Lambda Function invocation instead +data "aws_lambda_invocation" "this" { + for_each = { + java21 = module.java21_lambda_function.lambda_function_name, + } + + function_name = each.value + + input = jsonencode({}) + + lifecycle { + postcondition { + condition = length(regexall(local.successful_response_keyword, jsondecode(self.result))) > 0 + error_message = "${each.key}: ${local.successful_response_keyword} should be in the response." + } + } +} diff --git a/examples/runtimes/main.tf b/examples/runtimes/main.tf new file mode 100644 index 00000000..b9bd61a9 --- /dev/null +++ b/examples/runtimes/main.tf @@ -0,0 +1,98 @@ +provider "aws" { + region = "eu-west-1" +} + +module "rust_lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-rust" + + attach_cloudwatch_logs_policy = false + cloudwatch_logs_retention_in_days = 1 + + create_lambda_function_url = true + + handler = "bootstrap" + runtime = "provided.al2023" + architectures = ["arm64"] # x86_64 (empty); arm64 (cargo lambda build --arm64) + + trigger_on_package_timestamp = false + + source_path = [ + { + path = "${path.module}/../fixtures/runtimes/rust" + commands = [ + # https://www.cargo-lambda.info/ + "cargo lambda build --release --arm64", + "cd target/lambda/rust-app1", + ":zip", + ] + patterns = [ + "!.*", + "bootstrap", + ] + } + ] +} + +module "go_lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-go" + + attach_cloudwatch_logs_policy = false + cloudwatch_logs_retention_in_days = 1 + + create_lambda_function_url = true + + handler = "bootstrap" + runtime = "provided.al2023" + architectures = ["arm64"] # x86_64 (GOARCH=amd64); arm64 (GOARCH=arm64) + + trigger_on_package_timestamp = false + + source_path = [ + { + path = "${path.module}/../fixtures/runtimes/go" + commands = [ + "GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -o bootstrap main.go", + ":zip", + ] + patterns = [ + "!.*", + "bootstrap", + ] + } + ] +} + +module "java21_lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-java21" + + attach_cloudwatch_logs_policy = false + cloudwatch_logs_retention_in_days = 1 + + handler = "example.Handler" + runtime = "java21" + architectures = ["arm64"] # x86_64 or arm64 + timeout = 30 + + trigger_on_package_timestamp = false + + source_path = [ + { + path = "${path.module}/../fixtures/runtimes/java21" + commands = [ + "gradle build -i", + "cd build/output", + ":zip", + ] + } + ] +} + +resource "random_pet" "this" { + length = 2 +} diff --git a/examples/runtimes/outputs.tf b/examples/runtimes/outputs.tf new file mode 100644 index 00000000..9c12c1d6 --- /dev/null +++ b/examples/runtimes/outputs.tf @@ -0,0 +1,24 @@ +output "rust_lambda_function_url" { + description = "The URL of the Lambda Function in Rust" + value = module.rust_lambda_function.lambda_function_url +} + +output "go_lambda_function_url" { + description = "The URL of the Lambda Function in Go" + value = module.go_lambda_function.lambda_function_url +} + +output "java21_lambda_function_arn" { + description = "The ARN of the Lambda Function in Java 21" + value = module.java21_lambda_function.lambda_function_arn +} + +output "lambda_function_result" { + description = "The results of the Lambda Function calls" + value = { for k, v in data.aws_lambda_invocation.this : k => jsondecode(v.result) } +} + +output "lambda_function_status_codes" { + description = "The status codes of the Lambda Function calls" + value = { for k, v in data.http.this : k => v.status_code } +} diff --git a/examples/runtimes/variables.tf b/examples/runtimes/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/runtimes/versions.tf b/examples/runtimes/versions.tf new file mode 100644 index 00000000..74bf322c --- /dev/null +++ b/examples/runtimes/versions.tf @@ -0,0 +1,18 @@ +terraform { + required_version = ">= 1.2" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.32" + } + random = { + source = "hashicorp/random" + version = ">= 3.0" + } + http = { + source = "hashicorp/http" + version = ">= 3.0" + } + } +} diff --git a/examples/simple-cicd/README.md b/examples/simple-cicd/README.md index 93d1e4c5..c9ba9046 100644 --- a/examples/simple-cicd/README.md +++ b/examples/simple-cicd/README.md @@ -16,7 +16,7 @@ To run this example you need to execute: Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -50,4 +50,4 @@ No inputs. ## Outputs No outputs. - + diff --git a/examples/simple/README.md b/examples/simple/README.md index 4c093861..f57d2c72 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -14,7 +14,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -69,4 +69,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/triggers/README.md b/examples/triggers/README.md index 0bfc0a69..ca40c3aa 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -15,7 +15,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -73,4 +73,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index f835445d..0e008c4b 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -15,7 +15,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -75,4 +75,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index d84f6bdc..1eebf085 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -16,7 +16,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -81,4 +81,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 28844bbd..b1237350 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -16,7 +16,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -72,4 +72,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/modules/alias/README.md b/modules/alias/README.md index 7744bbcc..4d1871d3 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -110,7 +110,7 @@ module "lambda" { * [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create Lambda function and aliases in various combinations with all supported features. - + ## Requirements | Name | Version | @@ -177,7 +177,7 @@ No modules. | [lambda\_alias\_function\_version](#output\_lambda\_alias\_function\_version) | Lambda function version which the alias uses | | [lambda\_alias\_invoke\_arn](#output\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | | [lambda\_alias\_name](#output\_lambda\_alias\_name) | The name of the Lambda Function Alias | - + ## Authors diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 26f2b00f..f5f5d8ec 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -95,7 +95,7 @@ module "lambda" { * [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Creates Lambda Function, Alias, and all resources required to create deployments using AWS CodeDeploy. - + ## Requirements | Name | Version | @@ -191,7 +191,7 @@ No modules. | [codedeploy\_iam\_role\_name](#output\_codedeploy\_iam\_role\_name) | Name of IAM role used by CodeDeploy | | [deploy\_script](#output\_deploy\_script) | Path to a deployment script | | [script](#output\_script) | Deployment script | - + ## Authors diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index d2c0aef8..bd223aaf 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -52,7 +52,7 @@ module "docker_image" { * [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Creates Docker Image, ECR resository and deploys it Lambda Function. - + ## Requirements | Name | Version | @@ -116,7 +116,7 @@ No modules. |------|-------------| | [image\_id](#output\_image\_id) | The ID of the Docker image | | [image\_uri](#output\_image\_uri) | The ECR image URI for deploying lambda | - + ## Authors From 4b643eb08539bdb8ca3beb94867a38fc92e5a433 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 10 Sep 2024 21:39:49 +0000 Subject: [PATCH 337/385] chore(release): version 7.9.0 [skip ci] ## [7.9.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.8.1...v7.9.0) (2024-09-10) ### Features * Added more examples for Rust, Go, Java runtimes ([#612](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/612)) ([a6fe411](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/a6fe4115ac96592ecbda27f72d42536da6518add)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 230339a5..3fda0b24 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.9.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.8.1...v7.9.0) (2024-09-10) + + +### Features + +* Added more examples for Rust, Go, Java runtimes ([#612](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/612)) ([a6fe411](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/a6fe4115ac96592ecbda27f72d42536da6518add)) + ## [7.8.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.8.0...v7.8.1) (2024-08-23) From eedacffef287cb02f776da4950e8345d9ec0200f Mon Sep 17 00:00:00 2001 From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com> Date: Sun, 29 Sep 2024 01:33:35 -0700 Subject: [PATCH 338/385] feat: Add `tumbling_window_in_seconds` (#623) --- examples/event-source-mapping/main.tf | 2 +- main.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index fd3d29bf..5c2c20ce 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -247,7 +247,7 @@ module "vpc" { resource "aws_mq_broker" "this" { broker_name = random_pet.this.id engine_type = "RabbitMQ" - engine_version = "3.10.10" + engine_version = "3.12.13" host_instance_type = "mq.t3.micro" security_groups = [module.vpc.default_security_group_id] subnet_ids = slice(module.vpc.public_subnets, 0, 1) diff --git a/main.tf b/main.tf index fc231abe..2c8a1559 100644 --- a/main.tf +++ b/main.tf @@ -331,6 +331,7 @@ resource "aws_lambda_event_source_mapping" "this" { topics = try(each.value.topics, null) queues = try(each.value.queues, null) function_response_types = try(each.value.function_response_types, null) + tumbling_window_in_seconds = try(each.value.tumbling_window_in_seconds, null) dynamic "destination_config" { for_each = try(each.value.destination_arn_on_failure, null) != null ? [true] : [] From 520c8455ebc8d80f9f602f27e677bec8f54decc9 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sun, 29 Sep 2024 08:34:01 +0000 Subject: [PATCH 339/385] chore(release): version 7.10.0 [skip ci] ## [7.10.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.9.0...v7.10.0) (2024-09-29) ### Features * Add `tumbling_window_in_seconds` ([#623](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/623)) ([eedacff](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/eedacffef287cb02f776da4950e8345d9ec0200f)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3fda0b24..2a281a3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.10.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.9.0...v7.10.0) (2024-09-29) + + +### Features + +* Add `tumbling_window_in_seconds` ([#623](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/623)) ([eedacff](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/eedacffef287cb02f776da4950e8345d9ec0200f)) + ## [7.9.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.8.1...v7.9.0) (2024-09-10) From 9f13397f20467e660eba0ae5fcf98c66c75187ba Mon Sep 17 00:00:00 2001 From: Marcos M M Rocha <43329254+mmurilo@users.noreply.github.com> Date: Tue, 1 Oct 2024 13:28:08 -0700 Subject: [PATCH 340/385] feat: Add function_url_auth_type option to aws_lambda_permission (#625) --- main.tf | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/main.tf b/main.tf index 2c8a1559..fe8ae9e1 100644 --- a/main.tf +++ b/main.tf @@ -280,13 +280,14 @@ resource "aws_lambda_permission" "current_version_triggers" { function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version - statement_id_prefix = try(each.value.statement_id, each.key) - action = try(each.value.action, "lambda:InvokeFunction") - principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) - principal_org_id = try(each.value.principal_org_id, null) - source_arn = try(each.value.source_arn, null) - source_account = try(each.value.source_account, null) - event_source_token = try(each.value.event_source_token, null) + statement_id_prefix = try(each.value.statement_id, each.key) + action = try(each.value.action, "lambda:InvokeFunction") + principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + principal_org_id = try(each.value.principal_org_id, null) + source_arn = try(each.value.source_arn, null) + source_account = try(each.value.source_account, null) + event_source_token = try(each.value.event_source_token, null) + function_url_auth_type = try(each.value.function_url_auth_type, null) lifecycle { create_before_destroy = true @@ -299,13 +300,14 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" { function_name = aws_lambda_function.this[0].function_name - statement_id_prefix = try(each.value.statement_id, each.key) - action = try(each.value.action, "lambda:InvokeFunction") - principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) - principal_org_id = try(each.value.principal_org_id, null) - source_arn = try(each.value.source_arn, null) - source_account = try(each.value.source_account, null) - event_source_token = try(each.value.event_source_token, null) + statement_id_prefix = try(each.value.statement_id, each.key) + action = try(each.value.action, "lambda:InvokeFunction") + principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + principal_org_id = try(each.value.principal_org_id, null) + source_arn = try(each.value.source_arn, null) + source_account = try(each.value.source_account, null) + event_source_token = try(each.value.event_source_token, null) + function_url_auth_type = try(each.value.function_url_auth_type, null) lifecycle { create_before_destroy = true From aa94b91d9ef5a33efb159663c41cc021832b7791 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 1 Oct 2024 20:28:35 +0000 Subject: [PATCH 341/385] chore(release): version 7.11.0 [skip ci] ## [7.11.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.10.0...v7.11.0) (2024-10-01) ### Features * Add function_url_auth_type option to aws_lambda_permission ([#625](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/625)) ([9f13397](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/9f13397f20467e660eba0ae5fcf98c66c75187ba)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2a281a3f..a9b191da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.11.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.10.0...v7.11.0) (2024-10-01) + + +### Features + +* Add function_url_auth_type option to aws_lambda_permission ([#625](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/625)) ([9f13397](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/9f13397f20467e660eba0ae5fcf98c66c75187ba)) + ## [7.10.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.9.0...v7.10.0) (2024-09-29) From 2c077cb1450af76cf44b56bfeba796ee9d9d9a00 Mon Sep 17 00:00:00 2001 From: Sergio Correa Date: Sat, 5 Oct 2024 09:44:02 +0100 Subject: [PATCH 342/385] feat: Add support for kafka event source config (#617) Co-authored-by: Sergio Correa Co-authored-by: Anton Babenko --- modules/alias/main.tf | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/modules/alias/main.tf b/modules/alias/main.tf index b5f24f0f..e57079a2 100644 --- a/modules/alias/main.tf +++ b/modules/alias/main.tf @@ -155,6 +155,20 @@ resource "aws_lambda_event_source_mapping" "this" { } } + dynamic "self_managed_kafka_event_source_config" { + for_each = try(each.value.self_managed_kafka_event_source_config, []) + content { + consumer_group_id = try(self_managed_kafka_event_source_config.value.consumer_group_id, null) + } + } + + dynamic "amazon_managed_kafka_event_source_config" { + for_each = try(each.value.amazon_managed_kafka_event_source_config, []) + content { + consumer_group_id = try(amazon_managed_kafka_event_source_config.value.consumer_group_id, null) + } + } + dynamic "source_access_configuration" { for_each = try(each.value.source_access_configuration, []) content { From 9be9b1a48d4698cbb2b8e53b85e042612f5bc70f Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 5 Oct 2024 08:44:28 +0000 Subject: [PATCH 343/385] chore(release): version 7.12.0 [skip ci] ## [7.12.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.11.0...v7.12.0) (2024-10-05) ### Features * Add support for kafka event source config ([#617](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/617)) ([2c077cb](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2c077cb1450af76cf44b56bfeba796ee9d9d9a00)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a9b191da..c0660871 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.12.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.11.0...v7.12.0) (2024-10-05) + + +### Features + +* Add support for kafka event source config ([#617](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/617)) ([2c077cb](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2c077cb1450af76cf44b56bfeba796ee9d9d9a00)) + ## [7.11.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.10.0...v7.11.0) (2024-10-01) From 5d481996ed6ef5ce784847b7e5bae1bae1ee8bfd Mon Sep 17 00:00:00 2001 From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com> Date: Sat, 5 Oct 2024 04:45:52 -0400 Subject: [PATCH 344/385] feat: Support `aws_lambda_event_source_mapping.document_db_event_source_config` (#626) Co-authored-by: Anton Babenko --- main.tf | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/main.tf b/main.tf index fe8ae9e1..e3eab113 100644 --- a/main.tf +++ b/main.tf @@ -393,6 +393,16 @@ resource "aws_lambda_event_source_mapping" "this" { } } } + + dynamic "document_db_event_source_config" { + for_each = try(each.value.document_db_event_source_config, []) + + content { + database_name = document_db_event_source_config.value.database_name + collection_name = try(document_db_event_source_config.value.collection_name, null) + full_document = try(document_db_event_source_config.value.full_document, null) + } + } } resource "aws_lambda_function_url" "this" { From 7bd028b18432d86c7184b14eca1c59b40d43b4f6 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 5 Oct 2024 08:46:19 +0000 Subject: [PATCH 345/385] chore(release): version 7.13.0 [skip ci] ## [7.13.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.12.0...v7.13.0) (2024-10-05) ### Features * Support `aws_lambda_event_source_mapping.document_db_event_source_config` ([#626](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/626)) ([5d48199](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/5d481996ed6ef5ce784847b7e5bae1bae1ee8bfd)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0660871..e3931388 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.13.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.12.0...v7.13.0) (2024-10-05) + + +### Features + +* Support `aws_lambda_event_source_mapping.document_db_event_source_config` ([#626](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/626)) ([5d48199](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/5d481996ed6ef5ce784847b7e5bae1bae1ee8bfd)) + ## [7.12.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.11.0...v7.12.0) (2024-10-05) From d06718f605294f59a42ae6e3db70bfd7b9fa35f3 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 11 Oct 2024 16:09:57 +0000 Subject: [PATCH 346/385] fix: Update CI workflow versions to latest (#631) --- .github/workflows/pr-title.yml | 2 +- .github/workflows/pre-commit.yml | 14 +++++++------- .pre-commit-config.yaml | 4 ++-- modules/deploy/README.md | 6 +++--- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 3973df44..1e50760e 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5.4.0 + - uses: amannn/action-semantic-pull-request@v5.5.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index c2632d1a..a19ff831 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,8 +7,8 @@ on: - master env: - TERRAFORM_DOCS_VERSION: v0.16.0 - TFLINT_VERSION: v0.50.3 + TERRAFORM_DOCS_VERSION: v0.19.0 + TFLINT_VERSION: v0.53.0 jobs: collectInputs: @@ -45,14 +45,14 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.0 + uses: clowdhaus/terraform-min-max@v1.3.1 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -61,7 +61,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -88,10 +88,10 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.0 + uses: clowdhaus/terraform-min-max@v1.3.1 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7523e5a5..38f92f23 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.94.3 + rev: v1.96.1 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each @@ -24,7 +24,7 @@ repos: - "--args=--only=terraform_workspace_remote" - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.6.0 + rev: v5.0.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/modules/deploy/README.md b/modules/deploy/README.md index f5f5d8ec..6da1f6e8 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -151,10 +151,10 @@ No modules. | [attach\_hooks\_policy](#input\_attach\_hooks\_policy) | Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined. | `bool` | `true` | no | | [attach\_triggers\_policy](#input\_attach\_triggers\_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | | [auto\_rollback\_enabled](#input\_auto\_rollback\_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | -| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | +| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | | [aws\_cli\_command](#input\_aws\_cli\_command) | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | | [before\_allow\_traffic\_hook\_arn](#input\_before\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | +| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | | [codedeploy\_role\_name](#input\_codedeploy\_role\_name) | IAM role name to create or use by CodeDeploy | `string` | `""` | no | | [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | | [create\_app](#input\_create\_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | @@ -168,7 +168,7 @@ No modules. | [force\_deploy](#input\_force\_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | | [function\_name](#input\_function\_name) | The name of the Lambda function to deploy | `string` | `""` | no | | [get\_deployment\_sleep\_timer](#input\_get\_deployment\_sleep\_timer) | Adds additional sleep time to get-deployment command to avoid the service throttling | `number` | `5` | no | -| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | +| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | | [run\_deployment](#input\_run\_deployment) | Run AWS CLI command to start the deployment | `bool` | `false` | no | | [save\_deploy\_script](#input\_save\_deploy\_script) | Save deploy script locally | `bool` | `false` | no | | [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | From 2a602f9a4f76d11005d1dba56d9c966a87553f4e Mon Sep 17 00:00:00 2001 From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com> Date: Fri, 11 Oct 2024 12:13:05 -0400 Subject: [PATCH 347/385] feat: Support lambda function `vpc_config.ipv6_allowed_for_dual_stack` and event source mapping `tags` (#628) Co-authored-by: Anton Babenko --- README.md | 6 ++++-- examples/alias/README.md | 4 ++-- examples/alias/versions.tf | 2 +- examples/async/README.md | 4 ++-- examples/async/versions.tf | 2 +- examples/build-package/README.md | 2 +- examples/build-package/versions.tf | 2 +- examples/code-signing/README.md | 4 ++-- examples/code-signing/versions.tf | 2 +- examples/complete/README.md | 4 ++-- examples/complete/versions.tf | 2 +- examples/container-image/README.md | 4 ++-- examples/container-image/versions.tf | 2 +- examples/deploy/README.md | 4 ++-- examples/deploy/versions.tf | 2 +- examples/event-source-mapping/README.md | 5 +++-- examples/event-source-mapping/main.tf | 5 +++++ examples/event-source-mapping/outputs.tf | 5 +++++ examples/event-source-mapping/versions.tf | 2 +- examples/multiple-regions/README.md | 6 +++--- examples/multiple-regions/versions.tf | 2 +- examples/runtimes/README.md | 4 ++-- examples/runtimes/versions.tf | 2 +- examples/simple-cicd/README.md | 2 +- examples/simple-cicd/versions.tf | 2 +- examples/simple/README.md | 2 +- examples/simple/versions.tf | 2 +- examples/triggers/README.md | 4 ++-- examples/triggers/versions.tf | 2 +- examples/with-efs/README.md | 4 ++-- examples/with-efs/versions.tf | 2 +- examples/with-vpc-s3-endpoint/README.md | 4 ++-- examples/with-vpc-s3-endpoint/versions.tf | 2 +- examples/with-vpc/README.md | 2 +- examples/with-vpc/versions.tf | 2 +- main.tf | 7 +++++-- outputs.tf | 5 +++++ variables.tf | 6 ++++++ versions.tf | 2 +- wrappers/main.tf | 1 + wrappers/versions.tf | 2 +- 41 files changed, 79 insertions(+), 51 deletions(-) diff --git a/README.md b/README.md index 8661d7ee..441726e3 100644 --- a/README.md +++ b/README.md @@ -667,7 +667,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -676,7 +676,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [external](#provider\_external) | >= 1.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | @@ -805,6 +805,7 @@ No modules. | [image\_config\_working\_directory](#input\_image\_config\_working\_directory) | The working directory for the docker image | `string` | `null` | no | | [image\_uri](#input\_image\_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no | | [invoke\_mode](#input\_invoke\_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE\_STREAM. | `string` | `null` | no | +| [ipv6\_allowed\_for\_dual\_stack](#input\_ipv6\_allowed\_for\_dual\_stack) | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets | `bool` | `null` | no | | [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | | [lambda\_at\_edge](#input\_lambda\_at\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | | [lambda\_at\_edge\_logs\_all\_regions](#input\_lambda\_at\_edge\_logs\_all\_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no | @@ -876,6 +877,7 @@ No modules. |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | | [lambda\_cloudwatch\_log\_group\_name](#output\_lambda\_cloudwatch\_log\_group\_name) | The name of the Cloudwatch Log Group | +| [lambda\_event\_source\_mapping\_arn](#output\_lambda\_event\_source\_mapping\_arn) | The event source mapping ARN | | [lambda\_event\_source\_mapping\_function\_arn](#output\_lambda\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | | [lambda\_event\_source\_mapping\_state](#output\_lambda\_event\_source\_mapping\_state) | The state of the event source mapping | | [lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | diff --git a/examples/alias/README.md b/examples/alias/README.md index bc734f66..eea4262c 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/async/README.md b/examples/async/README.md index 5223af96..370ec6aa 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/async/versions.tf b/examples/async/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/build-package/README.md b/examples/build-package/README.md index f4856320..bfb77c4c 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/code-signing/README.md b/examples/code-signing/README.md index e1a5a692..cebebfc7 100644 --- a/examples/code-signing/README.md +++ b/examples/code-signing/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/code-signing/versions.tf b/examples/code-signing/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/code-signing/versions.tf +++ b/examples/code-signing/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/complete/README.md b/examples/complete/README.md index eba6ef49..c82da9aa 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 4053da3a..114eaba4 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [docker](#requirement\_docker) | >= 3.0 | | [random](#requirement\_random) | >= 2.0 | @@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index a774c835..b3e66a3f 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } docker = { source = "kreuzwerker/docker" diff --git a/examples/deploy/README.md b/examples/deploy/README.md index 198f5cf4..040e3354 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md index fcf53677..857b018f 100644 --- a/examples/event-source-mapping/README.md +++ b/examples/event-source-mapping/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -61,6 +61,7 @@ No inputs. | Name | Description | |------|-------------| +| [lambda\_event\_source\_mapping\_arn](#output\_lambda\_event\_source\_mapping\_arn) | The event source mapping ARN | | [lambda\_event\_source\_mapping\_function\_arn](#output\_lambda\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | | [lambda\_event\_source\_mapping\_state](#output\_lambda\_event\_source\_mapping\_state) | The state of the event source mapping | | [lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index 5c2c20ce..b7a714cc 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -83,6 +83,7 @@ module "lambda_function" { uri = "/" } ] + tags = { mapping = "amq" } } # self_managed_kafka = { # batch_size = 1 @@ -179,6 +180,10 @@ module "lambda_function" { "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole", "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole", ] + + tags = { + example = "event-source-mapping" + } } ################## diff --git a/examples/event-source-mapping/outputs.tf b/examples/event-source-mapping/outputs.tf index 5b69eeb5..764a91c5 100644 --- a/examples/event-source-mapping/outputs.tf +++ b/examples/event-source-mapping/outputs.tf @@ -69,3 +69,8 @@ output "lambda_event_source_mapping_uuid" { description = "The UUID of the created event source mapping" value = module.lambda_function.lambda_event_source_mapping_uuid } + +output "lambda_event_source_mapping_arn" { + description = "The event source mapping ARN" + value = module.lambda_function.lambda_event_source_mapping_arn +} diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 52da31c0..41bed35c 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -21,15 +21,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | -| [aws.us-east-1](#provider\_aws.us-east-1) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | +| [aws.us-east-1](#provider\_aws.us-east-1) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/runtimes/README.md b/examples/runtimes/README.md index 7455299d..9487e0a1 100644 --- a/examples/runtimes/README.md +++ b/examples/runtimes/README.md @@ -24,7 +24,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.2 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [http](#requirement\_http) | >= 3.0 | | [random](#requirement\_random) | >= 3.0 | @@ -32,7 +32,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [http](#provider\_http) | >= 3.0 | | [random](#provider\_random) | >= 3.0 | diff --git a/examples/runtimes/versions.tf b/examples/runtimes/versions.tf index 74bf322c..6d7b7626 100644 --- a/examples/runtimes/versions.tf +++ b/examples/runtimes/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/simple-cicd/README.md b/examples/simple-cicd/README.md index c9ba9046..dff217d9 100644 --- a/examples/simple-cicd/README.md +++ b/examples/simple-cicd/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/simple-cicd/versions.tf b/examples/simple-cicd/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/simple-cicd/versions.tf +++ b/examples/simple-cicd/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/simple/README.md b/examples/simple/README.md index f57d2c72..3d408a17 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/triggers/README.md b/examples/triggers/README.md index ca40c3aa..58e28d8e 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/triggers/versions.tf b/examples/triggers/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/triggers/versions.tf +++ b/examples/triggers/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index 0e008c4b..6a2c5983 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index 1eebf085..33fe46cd 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -22,14 +22,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 3.4 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 3.4 | ## Modules diff --git a/examples/with-vpc-s3-endpoint/versions.tf b/examples/with-vpc-s3-endpoint/versions.tf index fd604c66..c07ee92d 100644 --- a/examples/with-vpc-s3-endpoint/versions.tf +++ b/examples/with-vpc-s3-endpoint/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index b1237350..2fe7760d 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/main.tf b/main.tf index e3eab113..5e3ed5de 100644 --- a/main.tf +++ b/main.tf @@ -92,8 +92,9 @@ resource "aws_lambda_function" "this" { dynamic "vpc_config" { for_each = var.vpc_subnet_ids != null && var.vpc_security_group_ids != null ? [true] : [] content { - security_group_ids = var.vpc_security_group_ids - subnet_ids = var.vpc_subnet_ids + security_group_ids = var.vpc_security_group_ids + subnet_ids = var.vpc_subnet_ids + ipv6_allowed_for_dual_stack = var.ipv6_allowed_for_dual_stack } } @@ -403,6 +404,8 @@ resource "aws_lambda_event_source_mapping" "this" { full_document = try(document_db_event_source_config.value.full_document, null) } } + + tags = merge(var.tags, try(each.value.tags, {})) } resource "aws_lambda_function_url" "this" { diff --git a/outputs.tf b/outputs.tf index 6d53a66c..59197585 100644 --- a/outputs.tf +++ b/outputs.tf @@ -102,6 +102,11 @@ output "lambda_layer_version" { } # Lambda Event Source Mapping +output "lambda_event_source_mapping_arn" { + description = "The event source mapping ARN" + value = { for k, v in aws_lambda_event_source_mapping.this : k => v.arn } +} + output "lambda_event_source_mapping_function_arn" { description = "The the ARN of the Lambda function the event source mapping is sending events to" value = { for k, v in aws_lambda_event_source_mapping.this : k => v.function_arn } diff --git a/variables.tf b/variables.tf index 829019c7..ae55c936 100644 --- a/variables.tf +++ b/variables.tf @@ -176,6 +176,12 @@ variable "vpc_security_group_ids" { default = null } +variable "ipv6_allowed_for_dual_stack" { + description = "Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets" + type = bool + default = null +} + variable "tags" { description = "A map of tags to assign to resources." type = map(string) diff --git a/versions.tf b/versions.tf index 6c511ac4..303bc003 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } external = { source = "hashicorp/external" diff --git a/wrappers/main.tf b/wrappers/main.tf index 72695c41..bd3e58f2 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -68,6 +68,7 @@ module "wrapper" { image_config_working_directory = try(each.value.image_config_working_directory, var.defaults.image_config_working_directory, null) image_uri = try(each.value.image_uri, var.defaults.image_uri, null) invoke_mode = try(each.value.invoke_mode, var.defaults.invoke_mode, null) + ipv6_allowed_for_dual_stack = try(each.value.ipv6_allowed_for_dual_stack, var.defaults.ipv6_allowed_for_dual_stack, null) kms_key_arn = try(each.value.kms_key_arn, var.defaults.kms_key_arn, null) lambda_at_edge = try(each.value.lambda_at_edge, var.defaults.lambda_at_edge, false) lambda_at_edge_logs_all_regions = try(each.value.lambda_at_edge_logs_all_regions, var.defaults.lambda_at_edge_logs_all_regions, true) diff --git a/wrappers/versions.tf b/wrappers/versions.tf index 6c511ac4..303bc003 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } external = { source = "hashicorp/external" From 00a71723bbefb191c3fb622b3e34c693a2ca4930 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 11 Oct 2024 16:13:30 +0000 Subject: [PATCH 348/385] chore(release): version 7.14.0 [skip ci] ## [7.14.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.13.0...v7.14.0) (2024-10-11) ### Features * Support lambda function `vpc_config.ipv6_allowed_for_dual_stack` and event source mapping `tags` ([#628](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/628)) ([2a602f9](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2a602f9a4f76d11005d1dba56d9c966a87553f4e)) ### Bug Fixes * Update CI workflow versions to latest ([#631](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/631)) ([d06718f](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/d06718f605294f59a42ae6e3db70bfd7b9fa35f3)) --- CHANGELOG.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e3931388..a60fd513 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ All notable changes to this project will be documented in this file. +## [7.14.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.13.0...v7.14.0) (2024-10-11) + + +### Features + +* Support lambda function `vpc_config.ipv6_allowed_for_dual_stack` and event source mapping `tags` ([#628](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/628)) ([2a602f9](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2a602f9a4f76d11005d1dba56d9c966a87553f4e)) + + +### Bug Fixes + +* Update CI workflow versions to latest ([#631](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/631)) ([d06718f](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/d06718f605294f59a42ae6e3db70bfd7b9fa35f3)) + ## [7.13.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.12.0...v7.13.0) (2024-10-05) From c28b940c8b8a8ea8b423728e05883942f5eaf661 Mon Sep 17 00:00:00 2001 From: Andrew Hlynskyi Date: Sun, 17 Nov 2024 23:17:37 +0200 Subject: [PATCH 349/385] fix: Skip broken symlinks on hash computing (#639) --- package.py | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/package.py b/package.py index 620be347..dfdbb65b 100644 --- a/package.py +++ b/package.py @@ -272,12 +272,16 @@ def update_hash(hash_obj, file_root, file_path): relative_path = os.path.join(file_root, file_path) hash_obj.update(relative_path.encode()) - with open(relative_path, "rb") as open_file: - while True: - data = open_file.read(1024 * 8) - if not data: - break - hash_obj.update(data) + try: + with open(relative_path, "rb") as open_file: + while True: + data = open_file.read(1024 * 8) + if not data: + break + hash_obj.update(data) + # ignore broken symlinks content to don't fail on `terraform destroy` command + except FileNotFoundError: + pass class ZipWriteStream: @@ -939,7 +943,15 @@ def execute(self, build_plan, zip_stream, query): with tempfile.NamedTemporaryFile(mode="w+t", delete=True) as temp_file: path, script = action[1:] # NOTE: Execute `pwd` to determine the subprocess shell's working directory after having executed all other commands. - script = f"{script} && pwd >{temp_file.name}" + script = "\n".join( + ( + script, + "retcode=$?", + f"pwd >{temp_file.name}", + "exit $retcode", + ) + ) + p = subprocess.Popen( script, shell=True, From ce8417e042d20282a94bfed845849017c39efe01 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sun, 17 Nov 2024 21:18:03 +0000 Subject: [PATCH 350/385] chore(release): version 7.14.1 [skip ci] ## [7.14.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.14.0...v7.14.1) (2024-11-17) ### Bug Fixes * Skip broken symlinks on hash computing ([#639](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/639)) ([c28b940](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/c28b940c8b8a8ea8b423728e05883942f5eaf661)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a60fd513..6f63a333 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.14.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.14.0...v7.14.1) (2024-11-17) + + +### Bug Fixes + +* Skip broken symlinks on hash computing ([#639](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/639)) ([c28b940](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/c28b940c8b8a8ea8b423728e05883942f5eaf661)) + ## [7.14.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.13.0...v7.14.0) (2024-10-11) From 0fdac2ec54fdcd5fd34787f348803000c1e21eb6 Mon Sep 17 00:00:00 2001 From: Andrew Hlynskyi Date: Mon, 18 Nov 2024 09:36:24 +0200 Subject: [PATCH 351/385] feat: Make `source_path` blocks independent (#640) --- package.py | 79 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 54 insertions(+), 25 deletions(-) diff --git a/package.py b/package.py index dfdbb65b..8cbeba30 100644 --- a/package.py +++ b/package.py @@ -572,6 +572,10 @@ def compile(self, patterns): rules.append((None, r)) self._rules = rules + def reset(self): + self._log.debug("reset filter patterns") + self._rules = None + def filter(self, path, prefix=None): path = os.path.normpath(path) if prefix: @@ -676,8 +680,11 @@ def plan(self, source_path, query): source_paths = [] build_plan = [] - step = lambda *x: build_plan.append(x) - hash = source_paths.append + def step(*x): + build_plan.append(x) + + def hash(path): + source_paths.append(path) def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): command = runtime @@ -753,13 +760,6 @@ def commands_step(path, commands): if c.startswith(":zip"): if path: hash(path) - else: - # If path doesn't defined for a block with - # commands it will be set to Terraform's - # current working directory - # NB: cwd may vary when using Terraform 0.14+ like: - # `terraform -chdir=...` - path = query.paths.cwd if batch: step("sh", path, "\n".join(batch)) batch.clear() @@ -770,12 +770,14 @@ def commands_step(path, commands): _path = os.path.normpath(os.path.join(path, _path)) step("zip:embedded", _path, prefix) elif len(c) == 2: - prefix = None _, _path = c + prefix = None + _path = os.path.normpath(_path) step("zip:embedded", _path, prefix) elif len(c) == 1: prefix = None - step("zip:embedded", path, prefix) + _path = None + step("zip:embedded", _path, prefix) else: raise ValueError( ":zip invalid call signature, use: " @@ -787,6 +789,8 @@ def commands_step(path, commands): step("sh", path, "\n".join(batch)) batch.clear() + step("reset:workdir") + for claim in claims: if isinstance(claim, str): path = claim @@ -862,6 +866,7 @@ def commands_step(path, commands): tmp_dir=claim.get("npm_tmp_dir"), ) if path: + path = os.path.normpath(path) step("zip", path, prefix) if patterns: # Take patterns into account when computing hash @@ -882,6 +887,10 @@ def commands_step(path, commands): return build_plan def execute(self, build_plan, zip_stream, query): + sh_log = logging.getLogger("sh") + + tf_work_dir = os.getcwd() + zs = zip_stream sh_work_dir = None pf = None @@ -891,10 +900,16 @@ def execute(self, build_plan, zip_stream, query): if cmd.startswith("zip"): ts = 0 if cmd == "zip:embedded" else None source_path, prefix = action[1:] - if sh_work_dir: - if source_path != sh_work_dir: - if not os.path.isfile(source_path): - source_path = sh_work_dir + if not sh_work_dir: + sh_work_dir = tf_work_dir + log.debug("WORKDIR: %s", sh_work_dir) + if source_path: + if not os.path.isabs(source_path): + source_path = os.path.normpath( + os.path.join(sh_work_dir, source_path) + ) + else: + source_path = sh_work_dir if os.path.isdir(source_path): if pf: self._zip_write_with_filter( @@ -942,10 +957,22 @@ def execute(self, build_plan, zip_stream, query): elif cmd == "sh": with tempfile.NamedTemporaryFile(mode="w+t", delete=True) as temp_file: path, script = action[1:] - # NOTE: Execute `pwd` to determine the subprocess shell's working directory after having executed all other commands. + + if not path: + path = tf_work_dir + if not os.path.isabs(path): + path = os.path.normpath(os.path.join(tf_work_dir, path)) + + if log.isEnabledFor(DEBUG2): + log.debug("exec shell script ...") + for line in script.splitlines(): + sh_log.debug(line) + script = "\n".join( ( script, + # NOTE: Execute `pwd` to determine the subprocess shell's + # working directory after having executed all other commands. "retcode=$?", f"pwd >{temp_file.name}", "exit $retcode", @@ -960,17 +987,9 @@ def execute(self, build_plan, zip_stream, query): cwd=path, ) - p.wait() - temp_file.seek(0) - - # NOTE: This var `sh_work_dir` is consumed in cmd == "zip" loop - sh_work_dir = temp_file.read().strip() - - log.info("WD: %s", sh_work_dir) - call_stdout, call_stderr = p.communicate() exit_code = p.returncode - log.info("exit_code: %s", exit_code) + log.debug("exit_code: %s", exit_code) if exit_code != 0: raise RuntimeError( "Script did not run successfully, exit code {}: {} - {}".format( @@ -979,11 +998,21 @@ def execute(self, build_plan, zip_stream, query): call_stderr.decode("utf-8").strip(), ) ) + + temp_file.seek(0) + # NOTE: This var `sh_work_dir` is consumed in cmd == "zip" loop + sh_work_dir = temp_file.read().strip() + log.debug("WORKDIR: %s", sh_work_dir) + + elif cmd == "reset:workdir": + sh_work_dir = tf_work_dir + log.debug("WORKDIR: %s", sh_work_dir) elif cmd == "set:filter": patterns = action[1] pf = ZipContentFilter(args=self._args) pf.compile(patterns) elif cmd == "clear:filter": + pf.reset() pf = None @staticmethod From 1fe3e4ac2552ac4fd20126aac874186f27de8edb Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 18 Nov 2024 07:36:50 +0000 Subject: [PATCH 352/385] chore(release): version 7.15.0 [skip ci] ## [7.15.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.14.1...v7.15.0) (2024-11-18) ### Features * Make `source_path` blocks independent ([#640](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/640)) ([0fdac2e](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/0fdac2ec54fdcd5fd34787f348803000c1e21eb6)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f63a333..8fc4ea8f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.15.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.14.1...v7.15.0) (2024-11-18) + + +### Features + +* Make `source_path` blocks independent ([#640](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/640)) ([0fdac2e](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/0fdac2ec54fdcd5fd34787f348803000c1e21eb6)) + ## [7.14.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.14.0...v7.14.1) (2024-11-17) From 32d8d060a660b0ec5702403da1b970118f62a314 Mon Sep 17 00:00:00 2001 From: Andrew Hlynskyi Date: Tue, 26 Nov 2024 21:56:04 +0200 Subject: [PATCH 353/385] feat: Radically redesign the build plan form (#646) --- package.py | 280 ++++++++++++++++++++----------------- tests/test_package_toml.py | 2 +- tests/test_zip_source.py | 12 +- 3 files changed, 159 insertions(+), 135 deletions(-) diff --git a/package.py b/package.py index 8cbeba30..09bc23e6 100644 --- a/package.py +++ b/package.py @@ -679,9 +679,10 @@ def plan(self, source_path, query): source_paths = [] build_plan = [] + build_step = [] def step(*x): - build_plan.append(x) + build_step.append(x) def hash(path): source_paths.append(path) @@ -754,6 +755,8 @@ def commands_step(path, commands): if path: path = os.path.normpath(path) + step("set:workdir", path) + batch = [] for c in commands: if isinstance(c, str): @@ -761,23 +764,21 @@ def commands_step(path, commands): if path: hash(path) if batch: - step("sh", path, "\n".join(batch)) + step("sh", "\n".join(batch)) batch.clear() c = shlex.split(c) - if len(c) == 3: + n = len(c) + if n == 3: _, _path, prefix = c prefix = prefix.strip() - _path = os.path.normpath(os.path.join(path, _path)) + _path = os.path.normpath(_path) step("zip:embedded", _path, prefix) - elif len(c) == 2: + elif n == 2: _, _path = c - prefix = None _path = os.path.normpath(_path) - step("zip:embedded", _path, prefix) - elif len(c) == 1: - prefix = None - _path = None - step("zip:embedded", _path, prefix) + step("zip:embedded", _path) + elif n == 1: + step("zip:embedded") else: raise ValueError( ":zip invalid call signature, use: " @@ -786,11 +787,9 @@ def commands_step(path, commands): else: batch.append(c) if batch: - step("sh", path, "\n".join(batch)) + step("sh", "\n".join(batch)) batch.clear() - step("reset:workdir") - for claim in claims: if isinstance(claim, str): path = claim @@ -877,12 +876,13 @@ def commands_step(path, commands): hash(path_from_pattern) else: hash(path) - - if patterns: - step("clear:filter") else: raise ValueError("Unsupported source_path item: {}".format(claim)) + if build_step: + build_plan.append(build_step) + build_step = [] + self._source_paths = source_paths return build_plan @@ -895,125 +895,145 @@ def execute(self, build_plan, zip_stream, query): sh_work_dir = None pf = None - for action in build_plan: - cmd = action[0] - if cmd.startswith("zip"): - ts = 0 if cmd == "zip:embedded" else None - source_path, prefix = action[1:] - if not sh_work_dir: - sh_work_dir = tf_work_dir - log.debug("WORKDIR: %s", sh_work_dir) - if source_path: - if not os.path.isabs(source_path): - source_path = os.path.normpath( - os.path.join(sh_work_dir, source_path) - ) - else: - source_path = sh_work_dir - if os.path.isdir(source_path): - if pf: - self._zip_write_with_filter( - zs, pf, source_path, prefix, timestamp=ts - ) + for step in build_plan: + # init step + sh_work_dir = tf_work_dir + if pf: + pf.reset() + pf = None + + log.debug("STEPDIR: %s", sh_work_dir) + + # execute step actions + for action in step: + cmd = action[0] + if cmd.startswith("zip"): + ts = 0 if cmd == "zip:embedded" else None + + source_path, prefix = None, None + n = len(action) + if n == 2: + source_path = action[1] + elif n == 3: + source_path, prefix = action[1:] + + if source_path: + if not os.path.isabs(source_path): + source_path = os.path.normpath( + os.path.join(sh_work_dir, source_path) + ) else: - zs.write_dirs(source_path, prefix=prefix, timestamp=ts) - else: - zs.write_file(source_path, prefix=prefix, timestamp=ts) - elif cmd == "pip": - runtime, pip_requirements, prefix, tmp_dir = action[1:] - with install_pip_requirements(query, pip_requirements, tmp_dir) as rd: - if rd: + source_path = sh_work_dir + if os.path.isdir(source_path): if pf: - self._zip_write_with_filter(zs, pf, rd, prefix, timestamp=0) - else: - # XXX: timestamp=0 - what actually do with it? - zs.write_dirs(rd, prefix=prefix, timestamp=0) - elif cmd == "poetry": - ( - runtime, - path, - poetry_export_extra_args, - prefix, - ) = action[1:] - log.info("poetry_export_extra_args: %s", poetry_export_extra_args) - with install_poetry_dependencies( - query, path, poetry_export_extra_args - ) as rd: - if rd: - if pf: - self._zip_write_with_filter(zs, pf, rd, prefix, timestamp=0) - else: - # XXX: timestamp=0 - what actually do with it? - zs.write_dirs(rd, prefix=prefix, timestamp=0) - elif cmd == "npm": - runtime, npm_requirements, prefix, tmp_dir = action[1:] - with install_npm_requirements(query, npm_requirements, tmp_dir) as rd: - if rd: - if pf: - self._zip_write_with_filter(zs, pf, rd, prefix, timestamp=0) + self._zip_write_with_filter( + zs, pf, source_path, prefix, timestamp=ts + ) else: - # XXX: timestamp=0 - what actually do with it? - zs.write_dirs(rd, prefix=prefix, timestamp=0) - elif cmd == "sh": - with tempfile.NamedTemporaryFile(mode="w+t", delete=True) as temp_file: - path, script = action[1:] - - if not path: - path = tf_work_dir - if not os.path.isabs(path): - path = os.path.normpath(os.path.join(tf_work_dir, path)) - - if log.isEnabledFor(DEBUG2): - log.debug("exec shell script ...") - for line in script.splitlines(): - sh_log.debug(line) - - script = "\n".join( - ( - script, - # NOTE: Execute `pwd` to determine the subprocess shell's - # working directory after having executed all other commands. - "retcode=$?", - f"pwd >{temp_file.name}", - "exit $retcode", + zs.write_dirs(source_path, prefix=prefix, timestamp=ts) + else: + zs.write_file(source_path, prefix=prefix, timestamp=ts) + elif cmd == "pip": + runtime, pip_requirements, prefix, tmp_dir = action[1:] + with install_pip_requirements( + query, pip_requirements, tmp_dir + ) as rd: + if rd: + if pf: + self._zip_write_with_filter( + zs, pf, rd, prefix, timestamp=0 + ) + else: + # XXX: timestamp=0 - what actually do with it? + zs.write_dirs(rd, prefix=prefix, timestamp=0) + elif cmd == "poetry": + ( + runtime, + path, + poetry_export_extra_args, + prefix, + ) = action[1:] + log.info("poetry_export_extra_args: %s", poetry_export_extra_args) + with install_poetry_dependencies( + query, path, poetry_export_extra_args + ) as rd: + if rd: + if pf: + self._zip_write_with_filter( + zs, pf, rd, prefix, timestamp=0 + ) + else: + # XXX: timestamp=0 - what actually do with it? + zs.write_dirs(rd, prefix=prefix, timestamp=0) + elif cmd == "npm": + runtime, npm_requirements, prefix, tmp_dir = action[1:] + with install_npm_requirements( + query, npm_requirements, tmp_dir + ) as rd: + if rd: + if pf: + self._zip_write_with_filter( + zs, pf, rd, prefix, timestamp=0 + ) + else: + # XXX: timestamp=0 - what actually do with it? + zs.write_dirs(rd, prefix=prefix, timestamp=0) + elif cmd == "sh": + with tempfile.NamedTemporaryFile( + mode="w+t", delete=True + ) as temp_file: + script = action[1] + + if log.isEnabledFor(DEBUG2): + log.debug("exec shell script ...") + for line in script.splitlines(): + sh_log.debug(line) + + script = "\n".join( + ( + script, + # NOTE: Execute `pwd` to determine the subprocess shell's + # working directory after having executed all other commands. + "retcode=$?", + f"pwd >{temp_file.name}", + "exit $retcode", + ) ) - ) - p = subprocess.Popen( - script, - shell=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - cwd=path, - ) + p = subprocess.Popen( + script, + shell=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + cwd=sh_work_dir, + ) - call_stdout, call_stderr = p.communicate() - exit_code = p.returncode - log.debug("exit_code: %s", exit_code) - if exit_code != 0: - raise RuntimeError( - "Script did not run successfully, exit code {}: {} - {}".format( - exit_code, - call_stdout.decode("utf-8").strip(), - call_stderr.decode("utf-8").strip(), + call_stdout, call_stderr = p.communicate() + exit_code = p.returncode + log.debug("exit_code: %s", exit_code) + if exit_code != 0: + raise RuntimeError( + "Script did not run successfully, exit code {}: {} - {}".format( + exit_code, + call_stdout.decode("utf-8").strip(), + call_stderr.decode("utf-8").strip(), + ) ) - ) - temp_file.seek(0) - # NOTE: This var `sh_work_dir` is consumed in cmd == "zip" loop - sh_work_dir = temp_file.read().strip() + temp_file.seek(0) + # NOTE: This var `sh_work_dir` is consumed in cmd == "zip" loop + sh_work_dir = temp_file.read().strip() + log.debug("WORKDIR: %s", sh_work_dir) + + elif cmd == "set:workdir": + path = action[1] + sh_work_dir = os.path.normpath(os.path.join(tf_work_dir, path)) log.debug("WORKDIR: %s", sh_work_dir) - elif cmd == "reset:workdir": - sh_work_dir = tf_work_dir - log.debug("WORKDIR: %s", sh_work_dir) - elif cmd == "set:filter": - patterns = action[1] - pf = ZipContentFilter(args=self._args) - pf.compile(patterns) - elif cmd == "clear:filter": - pf.reset() - pf = None + elif cmd == "set:filter": + patterns = action[1] + pf = ZipContentFilter(args=self._args) + pf.compile(patterns) @staticmethod def _zip_write_with_filter( @@ -1616,11 +1636,11 @@ def prepare_command(args): content_hash = content_hash.hexdigest() # Generate a unique filename based on the hash. - filename = os.path.join(artifacts_dir, "{}.zip".format(content_hash)) + zip_filename = os.path.join(artifacts_dir, "{}.zip".format(content_hash)) # Compute timestamp trigger was_missing = False - filename_path = os.path.join(os.getcwd(), filename) + filename_path = os.path.join(os.getcwd(), zip_filename) if recreate_missing_package: if os.path.exists(filename_path): st = os.stat(filename_path) @@ -1633,7 +1653,7 @@ def prepare_command(args): # Replace variables in the build command with calculated values. build_data = { - "filename": filename, + "filename": zip_filename, "runtime": runtime, "artifacts_dir": artifacts_dir, "build_plan": build_plan, @@ -1653,7 +1673,7 @@ def prepare_command(args): # Output the result to Terraform. json.dump( { - "filename": filename, + "filename": zip_filename, "build_plan": build_plan, "build_plan_filename": build_plan_filename, "timestamp": str(timestamp), diff --git a/tests/test_package_toml.py b/tests/test_package_toml.py index b60550a4..9eba3f4a 100644 --- a/tests/test_package_toml.py +++ b/tests/test_package_toml.py @@ -26,7 +26,7 @@ def test_build_manager_failing_command(): bpm = BuildPlanManager(args=Mock()) with raises(Exception): bpm.execute( - build_plan=[["sh", "/tmp", "NOTACOMMAND"]], + build_plan=[[["sh", "/tmp", "NOTACOMMAND"]]], zip_stream=None, query=None, ) diff --git a/tests/test_zip_source.py b/tests/test_zip_source.py index f46466e1..dd6750ca 100644 --- a/tests/test_zip_source.py +++ b/tests/test_zip_source.py @@ -12,8 +12,10 @@ def test_zip_source_path_sh_work_dir(): bpm.execute( build_plan=[ - ["sh", ".", "cd $(mktemp -d)\n echo pip install"], - ["zip:embedded", ".", "./python"], + [ + ["sh", "cd $(mktemp -d)\n echo pip install"], + ["zip:embedded", ".", "./python"], + ] ], zip_stream=zs, query=None, @@ -33,8 +35,10 @@ def test_zip_source_path(): bpm.execute( build_plan=[ - ["sh", ".", "echo pip install"], - ["zip:embedded", ".", "./python"], + [ + ["sh", "echo pip install"], + ["zip:embedded", ".", "./python"], + ] ], zip_stream=zs, query=None, From abd5a15fd73ddd6ed36569b94f5f7667d73d5f4a Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 26 Nov 2024 19:56:33 +0000 Subject: [PATCH 354/385] chore(release): version 7.16.0 [skip ci] ## [7.16.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.15.0...v7.16.0) (2024-11-26) ### Features * Radically redesign the build plan form ([#646](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/646)) ([32d8d06](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/32d8d060a660b0ec5702403da1b970118f62a314)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8fc4ea8f..68a68c17 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.16.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.15.0...v7.16.0) (2024-11-26) + + +### Features + +* Radically redesign the build plan form ([#646](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/646)) ([32d8d06](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/32d8d060a660b0ec5702403da1b970118f62a314)) + ## [7.15.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.14.1...v7.15.0) (2024-11-18) From 002d7ec3c9bc3e7a44fac536c3443ba640ff9828 Mon Sep 17 00:00:00 2001 From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com> Date: Sun, 8 Dec 2024 16:48:09 -0500 Subject: [PATCH 355/385] feat: Support Event Source Mapping `metrics_config`, `provisioned_poller_config`, and Lambda Recursion Loop (#649) Co-authored-by: Anton Babenko --- README.md | 6 ++++-- examples/alias/README.md | 4 ++-- examples/alias/versions.tf | 2 +- examples/async/README.md | 4 ++-- examples/async/versions.tf | 2 +- examples/build-package/README.md | 2 +- examples/build-package/versions.tf | 2 +- examples/code-signing/README.md | 4 ++-- examples/code-signing/versions.tf | 2 +- examples/complete/README.md | 4 ++-- examples/complete/main.tf | 1 + examples/complete/versions.tf | 2 +- examples/container-image/README.md | 4 ++-- examples/container-image/versions.tf | 2 +- examples/deploy/README.md | 4 ++-- examples/deploy/versions.tf | 2 +- examples/event-source-mapping/README.md | 4 ++-- examples/event-source-mapping/main.tf | 3 +++ examples/event-source-mapping/versions.tf | 2 +- examples/multiple-regions/README.md | 6 +++--- examples/multiple-regions/versions.tf | 2 +- examples/runtimes/README.md | 4 ++-- examples/runtimes/versions.tf | 2 +- examples/simple-cicd/README.md | 2 +- examples/simple-cicd/versions.tf | 2 +- examples/simple/README.md | 2 +- examples/simple/versions.tf | 2 +- examples/triggers/README.md | 4 ++-- examples/triggers/versions.tf | 2 +- examples/with-efs/README.md | 4 ++-- examples/with-efs/versions.tf | 2 +- examples/with-vpc-s3-endpoint/README.md | 4 ++-- examples/with-vpc-s3-endpoint/versions.tf | 2 +- examples/with-vpc/README.md | 2 +- examples/with-vpc/versions.tf | 2 +- main.tf | 23 +++++++++++++++++++++++ variables.tf | 10 ++++++++++ versions.tf | 2 +- wrappers/main.tf | 1 + wrappers/versions.tf | 2 +- 40 files changed, 89 insertions(+), 49 deletions(-) diff --git a/README.md b/README.md index 441726e3..928224cd 100644 --- a/README.md +++ b/README.md @@ -667,7 +667,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -676,7 +676,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [external](#provider\_external) | >= 1.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | @@ -712,6 +712,7 @@ No modules. | [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | | [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | | [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | +| [aws_lambda_function_recursion_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_recursion_config) | resource | | [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource | | [aws_lambda_layer_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_layer_version) | resource | | [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | @@ -836,6 +837,7 @@ No modules. | [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | | [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | | [recreate\_missing\_package](#input\_recreate\_missing\_package) | Whether to recreate missing Lambda package if it is missing locally or not | `bool` | `true` | no | +| [recursive\_loop](#input\_recursive\_loop) | Lambda function recursion configuration. Valid values are Allow or Terminate. | `string` | `null` | no | | [replace\_security\_groups\_on\_destroy](#input\_replace\_security\_groups\_on\_destroy) | (Optional) When true, all security groups defined in vpc\_security\_group\_ids will be replaced with the default security group after the function is destroyed. Set the replacement\_security\_group\_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no | | [replacement\_security\_group\_ids](#input\_replacement\_security\_group\_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace\_security\_groups\_on\_destroy must be set to true to use this attribute. | `list(string)` | `null` | no | | [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | diff --git a/examples/alias/README.md b/examples/alias/README.md index eea4262c..c4037dd6 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/async/README.md b/examples/async/README.md index 370ec6aa..bfc7647b 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/async/versions.tf b/examples/async/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/build-package/README.md b/examples/build-package/README.md index bfb77c4c..d26739dd 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/code-signing/README.md b/examples/code-signing/README.md index cebebfc7..6d4317d8 100644 --- a/examples/code-signing/README.md +++ b/examples/code-signing/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/code-signing/versions.tf b/examples/code-signing/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/code-signing/versions.tf +++ b/examples/code-signing/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/complete/README.md b/examples/complete/README.md index c82da9aa..edebc13a 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/complete/main.tf b/examples/complete/main.tf index fbb97cc3..0d87f3c1 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -26,6 +26,7 @@ module "lambda_function" { ephemeral_storage_size = 10240 architectures = ["x86_64"] publish = true + # recursive_loop = "Allow" source_path = "${path.module}/../fixtures/python-app1" diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 114eaba4..d7d83e0d 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [docker](#requirement\_docker) | >= 3.0 | | [random](#requirement\_random) | >= 2.0 | @@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index b3e66a3f..5b04c7cd 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } docker = { source = "kreuzwerker/docker" diff --git a/examples/deploy/README.md b/examples/deploy/README.md index 040e3354..86d5e5a5 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md index 857b018f..60c28525 100644 --- a/examples/event-source-mapping/README.md +++ b/examples/event-source-mapping/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index b7a714cc..f76d30c8 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -37,6 +37,9 @@ module "lambda_function" { scaling_config = { maximum_concurrency = 20 } + metrics_config = { + metrics = ["EventCount"] + } } dynamodb = { event_source_arn = aws_dynamodb_table.this.stream_arn diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 41bed35c..7c09e0b0 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -21,15 +21,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | -| [aws.us-east-1](#provider\_aws.us-east-1) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | +| [aws.us-east-1](#provider\_aws.us-east-1) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/runtimes/README.md b/examples/runtimes/README.md index 9487e0a1..9e67eeb7 100644 --- a/examples/runtimes/README.md +++ b/examples/runtimes/README.md @@ -24,7 +24,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.2 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [http](#requirement\_http) | >= 3.0 | | [random](#requirement\_random) | >= 3.0 | @@ -32,7 +32,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [http](#provider\_http) | >= 3.0 | | [random](#provider\_random) | >= 3.0 | diff --git a/examples/runtimes/versions.tf b/examples/runtimes/versions.tf index 6d7b7626..6c4e77fa 100644 --- a/examples/runtimes/versions.tf +++ b/examples/runtimes/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/simple-cicd/README.md b/examples/simple-cicd/README.md index dff217d9..2edb2e51 100644 --- a/examples/simple-cicd/README.md +++ b/examples/simple-cicd/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/simple-cicd/versions.tf b/examples/simple-cicd/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/simple-cicd/versions.tf +++ b/examples/simple-cicd/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/simple/README.md b/examples/simple/README.md index 3d408a17..bee54ded 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/triggers/README.md b/examples/triggers/README.md index 58e28d8e..c6a6fde9 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/triggers/versions.tf b/examples/triggers/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/triggers/versions.tf +++ b/examples/triggers/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index 6a2c5983..742816ba 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index 33fe46cd..60a93661 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -22,14 +22,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 3.4 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 3.4 | ## Modules diff --git a/examples/with-vpc-s3-endpoint/versions.tf b/examples/with-vpc-s3-endpoint/versions.tf index c07ee92d..7a4d860b 100644 --- a/examples/with-vpc-s3-endpoint/versions.tf +++ b/examples/with-vpc-s3-endpoint/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 2fe7760d..a29f0bb3 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/main.tf b/main.tf index 5e3ed5de..c37d445c 100644 --- a/main.tf +++ b/main.tf @@ -405,6 +405,22 @@ resource "aws_lambda_event_source_mapping" "this" { } } + dynamic "metrics_config" { + for_each = try([each.value.metrics_config], []) + + content { + metrics = metrics_config.value.metrics + } + } + + dynamic "provisioned_poller_config" { + for_each = try([each.value.provisioned_poller_config], []) + content { + maximum_pollers = try(provisioned_poller_config.value.maximum_pollers, null) + minimum_pollers = try(provisioned_poller_config.value.minimum_pollers, null) + } + } + tags = merge(var.tags, try(each.value.tags, {})) } @@ -432,6 +448,13 @@ resource "aws_lambda_function_url" "this" { } } +resource "aws_lambda_function_recursion_config" "this" { + count = local.create && var.create_function && !var.create_layer && var.recursive_loop == "Allow" ? 1 : 0 + + function_name = aws_lambda_function.this[0].function_name + recursive_loop = var.recursive_loop +} + # This resource contains the extra information required by SAM CLI to provide the testing capabilities # to the TF application. The required data is where SAM CLI can find the Lambda function source code # and what are the resources that contain the building logic. diff --git a/variables.tf b/variables.tf index ae55c936..91ff6961 100644 --- a/variables.tf +++ b/variables.tf @@ -825,3 +825,13 @@ variable "logging_log_group" { type = string default = null } + +############################################ +# Lambda Recursive Loop Settings +############################################ + +variable "recursive_loop" { + description = "Lambda function recursion configuration. Valid values are Allow or Terminate." + type = string + default = null +} diff --git a/versions.tf b/versions.tf index 303bc003..bf462c65 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } external = { source = "hashicorp/external" diff --git a/wrappers/main.tf b/wrappers/main.tf index bd3e58f2..d1acc1cf 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -99,6 +99,7 @@ module "wrapper" { publish = try(each.value.publish, var.defaults.publish, false) putin_khuylo = try(each.value.putin_khuylo, var.defaults.putin_khuylo, true) recreate_missing_package = try(each.value.recreate_missing_package, var.defaults.recreate_missing_package, true) + recursive_loop = try(each.value.recursive_loop, var.defaults.recursive_loop, null) replace_security_groups_on_destroy = try(each.value.replace_security_groups_on_destroy, var.defaults.replace_security_groups_on_destroy, null) replacement_security_group_ids = try(each.value.replacement_security_group_ids, var.defaults.replacement_security_group_ids, null) reserved_concurrent_executions = try(each.value.reserved_concurrent_executions, var.defaults.reserved_concurrent_executions, -1) diff --git a/wrappers/versions.tf b/wrappers/versions.tf index 303bc003..bf462c65 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } external = { source = "hashicorp/external" From 5da19e5827002cd7155d83178e7e5c906e2d0c19 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sun, 8 Dec 2024 21:48:34 +0000 Subject: [PATCH 356/385] chore(release): version 7.17.0 [skip ci] ## [7.17.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.16.0...v7.17.0) (2024-12-08) ### Features * Support Event Source Mapping `metrics_config`, `provisioned_poller_config`, and Lambda Recursion Loop ([#649](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/649)) ([002d7ec](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/002d7ec3c9bc3e7a44fac536c3443ba640ff9828)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 68a68c17..47cc6eeb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.17.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.16.0...v7.17.0) (2024-12-08) + + +### Features + +* Support Event Source Mapping `metrics_config`, `provisioned_poller_config`, and Lambda Recursion Loop ([#649](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/649)) ([002d7ec](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/002d7ec3c9bc3e7a44fac536c3443ba640ff9828)) + ## [7.16.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.15.0...v7.16.0) (2024-11-26) From 4bc61eb58005e149dc1ca87ba79f42b0cba944fd Mon Sep 17 00:00:00 2001 From: Zadkiel AHARONIAN Date: Wed, 8 Jan 2025 00:44:59 +0100 Subject: [PATCH 357/385] fix: Rename npm_package_json to npm_requirements (#621) --- package.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/package.py b/package.py index 09bc23e6..a0944342 100644 --- a/package.py +++ b/package.py @@ -821,7 +821,9 @@ def commands_step(path, commands): pip_requirements = claim.get("pip_requirements") poetry_install = claim.get("poetry_install") poetry_export_extra_args = claim.get("poetry_export_extra_args", []) - npm_requirements = claim.get("npm_package_json") + npm_requirements = claim.get( + "npm_requirements", claim.get("npm_package_json") + ) runtime = claim.get("runtime", query.runtime) if pip_requirements and runtime.startswith("python"): From 9bbe65dc9a6183ef6de204b1afce92c0e9b543a1 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 7 Jan 2025 23:45:29 +0000 Subject: [PATCH 358/385] chore(release): version 7.17.1 [skip ci] ## [7.17.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.17.0...v7.17.1) (2025-01-07) ### Bug Fixes * Rename npm_package_json to npm_requirements ([#621](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/621)) ([4bc61eb](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/4bc61eb58005e149dc1ca87ba79f42b0cba944fd)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 47cc6eeb..77515096 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.17.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.17.0...v7.17.1) (2025-01-07) + + +### Bug Fixes + +* Rename npm_package_json to npm_requirements ([#621](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/621)) ([4bc61eb](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/4bc61eb58005e149dc1ca87ba79f42b0cba944fd)) + ## [7.17.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.16.0...v7.17.0) (2024-12-08) From 65ffea2cfd99a27b6be3fc3e48482cf0fb821f2f Mon Sep 17 00:00:00 2001 From: Richard Gilmore Date: Wed, 8 Jan 2025 01:05:06 +0000 Subject: [PATCH 359/385] feat: Allow temp dir for poetry docker builds (#638) Co-authored-by: Anton Babenko --- examples/build-package/main.tf | 1 + package.py | 20 +++++++++----------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 7119a5d5..2afce855 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -426,6 +426,7 @@ module "lambda_layer_poetry" { { path = "${path.module}/../fixtures/python-app-poetry" poetry_install = true + poetry_tmp_dir = "${path.cwd}/../fixtures" } ] hash_extra = "extra-hash-to-prevent-conflicts-with-module.package_dir" diff --git a/package.py b/package.py index a0944342..6e19846c 100644 --- a/package.py +++ b/package.py @@ -707,7 +707,7 @@ def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): hash(requirements) def poetry_install_step( - path, poetry_export_extra_args=[], prefix=None, required=False + path, poetry_export_extra_args=[], prefix=None, required=False, tmp_dir=None ): pyproject_file = path if os.path.isdir(path): @@ -718,7 +718,7 @@ def poetry_install_step( "poetry configuration not found: {}".format(pyproject_file) ) else: - step("poetry", runtime, path, poetry_export_extra_args, prefix) + step("poetry", runtime, path, poetry_export_extra_args, prefix, tmp_dir) hash(pyproject_file) pyproject_path = os.path.dirname(pyproject_file) poetry_lock_file = os.path.join(pyproject_path, "poetry.lock") @@ -849,6 +849,7 @@ def commands_step(path, commands): prefix=prefix, poetry_export_extra_args=poetry_export_extra_args, required=True, + tmp_dir=claim.get("poetry_tmp_dir"), ) if npm_requirements and runtime.startswith("nodejs"): @@ -949,15 +950,12 @@ def execute(self, build_plan, zip_stream, query): # XXX: timestamp=0 - what actually do with it? zs.write_dirs(rd, prefix=prefix, timestamp=0) elif cmd == "poetry": - ( - runtime, - path, - poetry_export_extra_args, - prefix, - ) = action[1:] + (runtime, path, poetry_export_extra_args, prefix, tmp_dir) = action[ + 1: + ] log.info("poetry_export_extra_args: %s", poetry_export_extra_args) with install_poetry_dependencies( - query, path, poetry_export_extra_args + query, path, poetry_export_extra_args, tmp_dir ) as rd: if rd: if pf: @@ -1177,7 +1175,7 @@ def install_pip_requirements(query, requirements_file, tmp_dir): @contextmanager -def install_poetry_dependencies(query, path, poetry_export_extra_args): +def install_poetry_dependencies(query, path, poetry_export_extra_args, tmp_dir): # TODO: # 1. Emit files instead of temp_dir @@ -1231,7 +1229,7 @@ def install_poetry_dependencies(query, path, poetry_export_extra_args): working_dir = os.getcwd() log.info("Installing python dependencies with poetry & pip: %s", poetry_lock_file) - with tempdir() as temp_dir: + with tempdir(tmp_dir) as temp_dir: def copy_file_to_target(file, temp_dir): filename = os.path.basename(file) From 3e553e95b14b498788badae654dd317e1d7427f6 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 8 Jan 2025 01:05:31 +0000 Subject: [PATCH 360/385] chore(release): version 7.18.0 [skip ci] ## [7.18.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.17.1...v7.18.0) (2025-01-08) ### Features * Allow temp dir for poetry docker builds ([#638](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/638)) ([65ffea2](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/65ffea2cfd99a27b6be3fc3e48482cf0fb821f2f)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 77515096..0913782d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.18.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.17.1...v7.18.0) (2025-01-08) + + +### Features + +* Allow temp dir for poetry docker builds ([#638](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/638)) ([65ffea2](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/65ffea2cfd99a27b6be3fc3e48482cf0fb821f2f)) + ## [7.17.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.17.0...v7.17.1) (2025-01-07) From 55cdaa68a63413f4ae5724c8b3a09a6b10d72f12 Mon Sep 17 00:00:00 2001 From: Jean-Simon Barry <156705104+jean-simon-barry1@users.noreply.github.com> Date: Tue, 7 Jan 2025 20:18:12 -0500 Subject: [PATCH 361/385] feat: Add `cache_from` option in the docker-build module (#641) Co-authored-by: Anton Babenko --- examples/container-image/main.tf | 2 ++ modules/docker-build/README.md | 1 + modules/docker-build/main.tf | 1 + modules/docker-build/variables.tf | 6 ++++++ wrappers/docker-build/main.tf | 1 + 5 files changed, 11 insertions(+) diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index 3258960f..75a36ffc 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -127,6 +127,8 @@ module "docker_build_from_ecr" { triggers = { dir_sha = local.dir_sha } + + cache_from = ["${module.ecr.repository_url}:latest"] } module "ecr" { diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index bd223aaf..0bfb506c 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -91,6 +91,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [build\_args](#input\_build\_args) | A map of Docker build arguments. | `map(string)` | `{}` | no | +| [cache\_from](#input\_cache\_from) | List of images to consider as cache sources when building the image. | `list(string)` | `[]` | no | | [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | | [create\_sam\_metadata](#input\_create\_sam\_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no | | [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index 6ed24831..1bf27a1f 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -17,6 +17,7 @@ resource "docker_image" "this" { dockerfile = var.docker_file_path build_args = var.build_args platform = var.platform + cache_from = var.cache_from } force_remove = var.force_remove diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf index 509f35f3..e153fa7f 100644 --- a/modules/docker-build/variables.tf +++ b/modules/docker-build/variables.tf @@ -112,3 +112,9 @@ variable "triggers" { type = map(string) default = {} } + +variable "cache_from" { + description = "List of images to consider as cache sources when building the image." + type = list(string) + default = [] +} diff --git a/wrappers/docker-build/main.tf b/wrappers/docker-build/main.tf index 0375d4eb..7d7614cf 100644 --- a/wrappers/docker-build/main.tf +++ b/wrappers/docker-build/main.tf @@ -4,6 +4,7 @@ module "wrapper" { for_each = var.items build_args = try(each.value.build_args, var.defaults.build_args, {}) + cache_from = try(each.value.cache_from, var.defaults.cache_from, []) create_ecr_repo = try(each.value.create_ecr_repo, var.defaults.create_ecr_repo, false) create_sam_metadata = try(each.value.create_sam_metadata, var.defaults.create_sam_metadata, false) docker_file_path = try(each.value.docker_file_path, var.defaults.docker_file_path, "Dockerfile") From 45c67201eec499893c4496c01daf383b1feccff1 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 8 Jan 2025 01:18:39 +0000 Subject: [PATCH 362/385] chore(release): version 7.19.0 [skip ci] ## [7.19.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.18.0...v7.19.0) (2025-01-08) ### Features * Add `cache_from` option in the docker-build module ([#641](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/641)) ([55cdaa6](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/55cdaa68a63413f4ae5724c8b3a09a6b10d72f12)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0913782d..c0096f6a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.19.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.18.0...v7.19.0) (2025-01-08) + + +### Features + +* Add `cache_from` option in the docker-build module ([#641](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/641)) ([55cdaa6](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/55cdaa68a63413f4ae5724c8b3a09a6b10d72f12)) + ## [7.18.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.17.1...v7.18.0) (2025-01-08) From 394d337450d88aa877ec560cd49080bb8b9a45ba Mon Sep 17 00:00:00 2001 From: RafaelWO <38643099+RafaelWO@users.noreply.github.com> Date: Wed, 8 Jan 2025 21:43:57 +0100 Subject: [PATCH 363/385] feat: Use inline instead of managed policies (#615) Co-authored-by: Anton Babenko --- .pre-commit-config.yaml | 2 +- README.md | 24 ++++------ examples/complete/main.tf | 3 +- iam.tf | 96 +++++++-------------------------------- main.tf | 16 +++---- variables.tf | 2 + 6 files changed, 36 insertions(+), 107 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 38f92f23..2fb09edb 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.96.1 + rev: v1.96.3 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/README.md b/README.md index 928224cd..ed1f32c8 100644 --- a/README.md +++ b/README.md @@ -690,25 +690,17 @@ No modules. | Name | Type | |------|------| | [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | -| [aws_iam_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | | [aws_iam_role_policy_attachment.additional_many](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_role_policy_attachment.additional_one](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | | [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | | [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 0d87f3c1..d0ae09c8 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -54,8 +54,7 @@ module "lambda_function" { cloudwatch_logs_log_group_class = "INFREQUENT_ACCESS" - role_path = "/tf-managed/" - policy_path = "/tf-managed/" + role_path = "/tf-managed/" attach_dead_letter_policy = true dead_letter_target_arn = aws_sqs_queue.dlq.arn diff --git a/iam.tf b/iam.tf index 436a4398..8b0440e1 100644 --- a/iam.tf +++ b/iam.tf @@ -131,20 +131,12 @@ data "aws_iam_policy_document" "logs" { } } -resource "aws_iam_policy" "logs" { +resource "aws_iam_role_policy" "logs" { count = local.create_role && var.attach_cloudwatch_logs_policy ? 1 : 0 name = "${local.policy_name}-logs" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy_document.logs[0].json - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "logs" { - count = local.create_role && var.attach_cloudwatch_logs_policy ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.logs[0].arn } ##################### @@ -168,20 +160,12 @@ data "aws_iam_policy_document" "dead_letter" { } } -resource "aws_iam_policy" "dead_letter" { +resource "aws_iam_role_policy" "dead_letter" { count = local.create_role && var.attach_dead_letter_policy ? 1 : 0 name = "${local.policy_name}-dl" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy_document.dead_letter[0].json - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "dead_letter" { - count = local.create_role && var.attach_dead_letter_policy ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.dead_letter[0].arn } ###### @@ -195,20 +179,12 @@ data "aws_iam_policy" "vpc" { arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSLambdaENIManagementAccess" } -resource "aws_iam_policy" "vpc" { +resource "aws_iam_role_policy" "vpc" { count = local.create_role && var.attach_network_policy ? 1 : 0 name = "${local.policy_name}-vpc" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy.vpc[0].policy - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "vpc" { - count = local.create_role && var.attach_network_policy ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.vpc[0].arn } ##################### @@ -222,20 +198,12 @@ data "aws_iam_policy" "tracing" { arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AWSXRayDaemonWriteAccess" } -resource "aws_iam_policy" "tracing" { +resource "aws_iam_role_policy" "tracing" { count = local.create_role && var.attach_tracing_policy ? 1 : 0 name = "${local.policy_name}-tracing" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy.tracing[0].policy - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "tracing" { - count = local.create_role && var.attach_tracing_policy ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.tracing[0].arn } ############################### @@ -259,60 +227,36 @@ data "aws_iam_policy_document" "async" { } } -resource "aws_iam_policy" "async" { +resource "aws_iam_role_policy" "async" { count = local.create_role && var.attach_async_event_policy ? 1 : 0 name = "${local.policy_name}-async" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy_document.async[0].json - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "async" { - count = local.create_role && var.attach_async_event_policy ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.async[0].arn } ########################### # Additional policy (JSON) ########################### -resource "aws_iam_policy" "additional_json" { +resource "aws_iam_role_policy" "additional_json" { count = local.create_role && var.attach_policy_json ? 1 : 0 name = local.policy_name - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = var.policy_json - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "additional_json" { - count = local.create_role && var.attach_policy_json ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.additional_json[0].arn } ##################################### # Additional policies (list of JSON) ##################################### -resource "aws_iam_policy" "additional_jsons" { +resource "aws_iam_role_policy" "additional_jsons" { count = local.create_role && var.attach_policy_jsons ? var.number_of_policy_jsons : 0 name = "${local.policy_name}-${count.index}" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = var.policy_jsons[count.index] - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "additional_jsons" { - count = local.create_role && var.attach_policy_jsons ? var.number_of_policy_jsons : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.additional_jsons[count.index].arn } ########################### @@ -383,18 +327,10 @@ data "aws_iam_policy_document" "additional_inline" { } } -resource "aws_iam_policy" "additional_inline" { +resource "aws_iam_role_policy" "additional_inline" { count = local.create_role && var.attach_policy_statements ? 1 : 0 name = "${local.policy_name}-inline" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy_document.additional_inline[0].json - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "additional_inline" { - count = local.create_role && var.attach_policy_statements ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.additional_inline[0].arn } diff --git a/main.tf b/main.tf index c37d445c..6c3f0940 100644 --- a/main.tf +++ b/main.tf @@ -154,16 +154,16 @@ resource "aws_lambda_function" "this" { aws_cloudwatch_log_group.lambda, # Before the lambda is created the execution role with all its policies should be ready - aws_iam_role_policy_attachment.additional_inline, - aws_iam_role_policy_attachment.additional_json, - aws_iam_role_policy_attachment.additional_jsons, + aws_iam_role_policy.additional_inline, + aws_iam_role_policy.additional_json, + aws_iam_role_policy.additional_jsons, + aws_iam_role_policy.async, + aws_iam_role_policy.dead_letter, + aws_iam_role_policy.logs, + aws_iam_role_policy.tracing, + aws_iam_role_policy.vpc, aws_iam_role_policy_attachment.additional_many, aws_iam_role_policy_attachment.additional_one, - aws_iam_role_policy_attachment.async, - aws_iam_role_policy_attachment.logs, - aws_iam_role_policy_attachment.dead_letter, - aws_iam_role_policy_attachment.vpc, - aws_iam_role_policy_attachment.tracing, ] } diff --git a/variables.tf b/variables.tf index 91ff6961..c4aac208 100644 --- a/variables.tf +++ b/variables.tf @@ -578,6 +578,8 @@ variable "attach_policies" { default = false } +# TODO: DEPRECATED: Remove this variable in the next major version +# tflint-ignore: all variable "policy_path" { description = "Path of policies to that should be added to IAM role for Lambda Function" type = string From de6ae344e72819ac57f06096538b21849decc16e Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 8 Jan 2025 20:44:22 +0000 Subject: [PATCH 364/385] chore(release): version 7.20.0 [skip ci] ## [7.20.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.19.0...v7.20.0) (2025-01-08) ### Features * Use inline instead of managed policies ([#615](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/615)) ([394d337](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/394d337450d88aa877ec560cd49080bb8b9a45ba)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0096f6a..867f2939 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.20.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.19.0...v7.20.0) (2025-01-08) + + +### Features + +* Use inline instead of managed policies ([#615](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/615)) ([394d337](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/394d337450d88aa877ec560cd49080bb8b9a45ba)) + ## [7.19.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.18.0...v7.19.0) (2025-01-08) From 685af5370e580a89cee68aeae06bb40dc3257892 Mon Sep 17 00:00:00 2001 From: Sebastian Czech Date: Sun, 26 Jan 2025 07:23:30 +0100 Subject: [PATCH 365/385] fix: Make default tag `terraform-aws-modules` optional (#657) Co-authored-by: Anton Babenko --- README.md | 1 + main.tf | 2 +- variables.tf | 6 ++++++ wrappers/main.tf | 1 + 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ed1f32c8..10cdbe39 100644 --- a/README.md +++ b/README.md @@ -797,6 +797,7 @@ No modules. | [image\_config\_entry\_point](#input\_image\_config\_entry\_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | | [image\_config\_working\_directory](#input\_image\_config\_working\_directory) | The working directory for the docker image | `string` | `null` | no | | [image\_uri](#input\_image\_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no | +| [include\_default\_tag](#input\_include\_default\_tag) | Set to false to not include the default tag in the tags map. | `bool` | `true` | no | | [invoke\_mode](#input\_invoke\_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE\_STREAM. | `string` | `null` | no | | [ipv6\_allowed\_for\_dual\_stack](#input\_ipv6\_allowed\_for\_dual\_stack) | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets | `bool` | `null` | no | | [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | diff --git a/main.tf b/main.tf index 6c3f0940..c67f1bbb 100644 --- a/main.tf +++ b/main.tf @@ -138,7 +138,7 @@ resource "aws_lambda_function" "this" { } tags = merge( - { terraform-aws-modules = "lambda" }, + var.include_default_tag ? { terraform-aws-modules = "lambda" } : {}, var.tags, var.function_tags ) diff --git a/variables.tf b/variables.tf index c4aac208..c71f68ae 100644 --- a/variables.tf +++ b/variables.tf @@ -188,6 +188,12 @@ variable "tags" { default = {} } +variable "include_default_tag" { + description = "Set to false to not include the default tag in the tags map." + type = bool + default = true +} + variable "function_tags" { description = "A map of tags to assign only to the lambda function" type = map(string) diff --git a/wrappers/main.tf b/wrappers/main.tf index d1acc1cf..1092b4d3 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -67,6 +67,7 @@ module "wrapper" { image_config_entry_point = try(each.value.image_config_entry_point, var.defaults.image_config_entry_point, []) image_config_working_directory = try(each.value.image_config_working_directory, var.defaults.image_config_working_directory, null) image_uri = try(each.value.image_uri, var.defaults.image_uri, null) + include_default_tag = try(each.value.include_default_tag, var.defaults.include_default_tag, true) invoke_mode = try(each.value.invoke_mode, var.defaults.invoke_mode, null) ipv6_allowed_for_dual_stack = try(each.value.ipv6_allowed_for_dual_stack, var.defaults.ipv6_allowed_for_dual_stack, null) kms_key_arn = try(each.value.kms_key_arn, var.defaults.kms_key_arn, null) From 84dfbfddf9483bc56afa0aff516177c03652f0c7 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sun, 26 Jan 2025 06:24:00 +0000 Subject: [PATCH 366/385] chore(release): version 7.20.1 [skip ci] ## [7.20.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.0...v7.20.1) (2025-01-26) ### Bug Fixes * Make default tag `terraform-aws-modules` optional ([#657](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/657)) ([685af53](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/685af5370e580a89cee68aeae06bb40dc3257892)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 867f2939..dd782fb7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.20.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.0...v7.20.1) (2025-01-26) + + +### Bug Fixes + +* Make default tag `terraform-aws-modules` optional ([#657](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/657)) ([685af53](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/685af5370e580a89cee68aeae06bb40dc3257892)) + ## [7.20.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.19.0...v7.20.0) (2025-01-08) From 64433c096e690b767a8b106b67383edfe8263ba7 Mon Sep 17 00:00:00 2001 From: Uladzislau Orlovskiy Date: Fri, 4 Apr 2025 14:27:54 +0200 Subject: [PATCH 367/385] fix: Add aws_partition to support usage of this module in aws-cn and gov --- modules/deploy/README.md | 7 ++++--- modules/deploy/main.tf | 4 +++- outputs.tf | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 6da1f6e8..c1a60861 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -137,6 +137,7 @@ No modules. | [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | | [aws_lambda_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | | [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_function) | data source | +| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | ## Inputs @@ -151,10 +152,10 @@ No modules. | [attach\_hooks\_policy](#input\_attach\_hooks\_policy) | Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined. | `bool` | `true` | no | | [attach\_triggers\_policy](#input\_attach\_triggers\_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | | [auto\_rollback\_enabled](#input\_auto\_rollback\_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | -| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | +| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | | [aws\_cli\_command](#input\_aws\_cli\_command) | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | | [before\_allow\_traffic\_hook\_arn](#input\_before\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | +| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | | [codedeploy\_role\_name](#input\_codedeploy\_role\_name) | IAM role name to create or use by CodeDeploy | `string` | `""` | no | | [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | | [create\_app](#input\_create\_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | @@ -168,7 +169,7 @@ No modules. | [force\_deploy](#input\_force\_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | | [function\_name](#input\_function\_name) | The name of the Lambda function to deploy | `string` | `""` | no | | [get\_deployment\_sleep\_timer](#input\_get\_deployment\_sleep\_timer) | Adds additional sleep time to get-deployment command to avoid the service throttling | `number` | `5` | no | -| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | +| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | | [run\_deployment](#input\_run\_deployment) | Run AWS CLI command to start the deployment | `bool` | `false` | no | | [save\_deploy\_script](#input\_save\_deploy\_script) | Save deploy script locally | `bool` | `false` | no | | [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index 4504f099..d88c0894 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -86,6 +86,8 @@ EOF } +data "aws_partition" "current" {} + data "aws_lambda_alias" "this" { count = var.create && var.create_deployment ? 1 : 0 @@ -209,7 +211,7 @@ resource "aws_iam_role_policy_attachment" "codedeploy" { count = var.create && var.create_codedeploy_role ? 1 : 0 role = try(aws_iam_role.codedeploy[0].id, "") - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda" + policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda" } data "aws_iam_policy_document" "hooks" { diff --git a/outputs.tf b/outputs.tf index 59197585..29c47fe1 100644 --- a/outputs.tf +++ b/outputs.tf @@ -6,7 +6,7 @@ output "lambda_function_arn" { output "lambda_function_arn_static" { description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" - value = local.create && var.create_function && !var.create_layer ? "arn:aws:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:${var.function_name}" : "" + value = local.create && var.create_function && !var.create_layer ? "arn:${data.aws_partition.current.partition}:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:${var.function_name}" : "" } output "lambda_function_invoke_arn" { From 7305b7484fc03e30dc05f9fab6f8f37ea35e21fc Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 8 Apr 2025 19:15:03 -0700 Subject: [PATCH 368/385] Fixed docs --- .pre-commit-config.yaml | 2 +- modules/deploy/README.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2fb09edb..b362de29 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.96.3 + rev: v1.98.1 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/modules/deploy/README.md b/modules/deploy/README.md index c1a60861..3addc40b 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -152,10 +152,10 @@ No modules. | [attach\_hooks\_policy](#input\_attach\_hooks\_policy) | Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined. | `bool` | `true` | no | | [attach\_triggers\_policy](#input\_attach\_triggers\_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | | [auto\_rollback\_enabled](#input\_auto\_rollback\_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | -| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | +| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | | [aws\_cli\_command](#input\_aws\_cli\_command) | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | | [before\_allow\_traffic\_hook\_arn](#input\_before\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | +| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | | [codedeploy\_role\_name](#input\_codedeploy\_role\_name) | IAM role name to create or use by CodeDeploy | `string` | `""` | no | | [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | | [create\_app](#input\_create\_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | @@ -169,7 +169,7 @@ No modules. | [force\_deploy](#input\_force\_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | | [function\_name](#input\_function\_name) | The name of the Lambda function to deploy | `string` | `""` | no | | [get\_deployment\_sleep\_timer](#input\_get\_deployment\_sleep\_timer) | Adds additional sleep time to get-deployment command to avoid the service throttling | `number` | `5` | no | -| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | +| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | | [run\_deployment](#input\_run\_deployment) | Run AWS CLI command to start the deployment | `bool` | `false` | no | | [save\_deploy\_script](#input\_save\_deploy\_script) | Save deploy script locally | `bool` | `false` | no | | [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | From dedc7369e53cb5926475ab03536d08fe8d52f4a9 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 9 Apr 2025 02:16:12 +0000 Subject: [PATCH 369/385] chore(release): version 7.20.2 [skip ci] ## [7.20.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.1...v7.20.2) (2025-04-09) ### Bug Fixes * Add aws_partition to support usage of this module in aws-cn and gov ([64433c0](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/64433c096e690b767a8b106b67383edfe8263ba7)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index dd782fb7..37355ef2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.20.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.1...v7.20.2) (2025-04-09) + + +### Bug Fixes + +* Add aws_partition to support usage of this module in aws-cn and gov ([64433c0](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/64433c096e690b767a8b106b67383edfe8263ba7)) + ## [7.20.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.0...v7.20.1) (2025-01-26) From 75ee97d184231a45bdb8d8398ecccb6f2558d0a5 Mon Sep 17 00:00:00 2001 From: pawelpesz <81652898+pawelpesz@users.noreply.github.com> Date: Fri, 16 May 2025 12:05:17 +0100 Subject: [PATCH 370/385] fix: Do not expose output from build command in Docker (#677) --- package.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.tf b/package.tf index 34322514..bbff086c 100644 --- a/package.tf +++ b/package.tf @@ -49,7 +49,7 @@ data "external" "archive_prepare" { resource "local_file" "archive_plan" { count = var.create && var.create_package ? 1 : 0 - content = data.external.archive_prepare[0].result.build_plan + content = var.build_in_docker ? sensitive(data.external.archive_prepare[0].result.build_plan) : data.external.archive_prepare[0].result.build_plan filename = data.external.archive_prepare[0].result.build_plan_filename directory_permission = "0755" file_permission = "0644" From c7ee15f48dbc5c3553ac3ccbb408c2838dc48d39 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 16 May 2025 11:05:47 +0000 Subject: [PATCH 371/385] chore(release): version 7.20.3 [skip ci] ## [7.20.3](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.2...v7.20.3) (2025-05-16) ### Bug Fixes * Do not expose output from build command in Docker ([#677](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/677)) ([75ee97d](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/75ee97d184231a45bdb8d8398ecccb6f2558d0a5)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 37355ef2..6c9b1efc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.20.3](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.2...v7.20.3) (2025-05-16) + + +### Bug Fixes + +* Do not expose output from build command in Docker ([#677](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/677)) ([75ee97d](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/75ee97d184231a45bdb8d8398ecccb6f2558d0a5)) + ## [7.20.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.1...v7.20.2) (2025-04-09) From 29893ab17086b6ec45955f1f5d2f1be4f7cf2285 Mon Sep 17 00:00:00 2001 From: Sami Jawhar Date: Fri, 16 May 2025 04:18:25 -0700 Subject: [PATCH 372/385] feat: Add buildx and multi-stage build support to docker-build module (#679) --- examples/container-image/README.md | 1 + examples/container-image/context/Dockerfile | 6 ++++- examples/container-image/main.tf | 29 +++++++++++++++++++++ modules/docker-build/README.md | 6 +++-- modules/docker-build/main.tf | 2 ++ modules/docker-build/variables.tf | 12 +++++++++ modules/docker-build/versions.tf | 2 +- wrappers/docker-build/main.tf | 2 ++ wrappers/docker-build/versions.tf | 2 +- 9 files changed, 57 insertions(+), 5 deletions(-) diff --git a/examples/container-image/README.md b/examples/container-image/README.md index d7d83e0d..3a0a4f47 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -37,6 +37,7 @@ Note that this example may create resources which cost money. Run `terraform des |------|--------|---------| | [docker\_build](#module\_docker\_build) | ../../modules/docker-build | n/a | | [docker\_build\_from\_ecr](#module\_docker\_build\_from\_ecr) | ../../modules/docker-build | n/a | +| [docker\_build\_multistage](#module\_docker\_build\_multistage) | ../../modules/docker-build | n/a | | [ecr](#module\_ecr) | terraform-aws-modules/ecr/aws | n/a | | [lambda\_function\_with\_docker\_build](#module\_lambda\_function\_with\_docker\_build) | ../../ | n/a | | [lambda\_function\_with\_docker\_build\_from\_ecr](#module\_lambda\_function\_with\_docker\_build\_from\_ecr) | ../../ | n/a | diff --git a/examples/container-image/context/Dockerfile b/examples/container-image/context/Dockerfile index d6e7662a..64350ec5 100644 --- a/examples/container-image/context/Dockerfile +++ b/examples/container-image/context/Dockerfile @@ -1,8 +1,12 @@ # `--platform` argument is used to be able to build docker images when using another platform (e.g. Apple M1) -FROM --platform=linux/x86_64 scratch +FROM --platform=linux/x86_64 scratch AS first_stage ARG FOO ENV FOO $FOO COPY empty /empty + +FROM first_stage AS second_stage + +COPY empty /empty_two diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index 75a36ffc..4db21302 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -123,6 +123,35 @@ module "docker_build_from_ecr" { build_args = { FOO = "bar" } + # Can also use buildx + builder = "default" + docker_file_path = "${local.source_path}/Dockerfile" + + triggers = { + dir_sha = local.dir_sha + } + + cache_from = ["${module.ecr.repository_url}:latest"] +} + +module "docker_build_multistage" { + source = "../../modules/docker-build" + + ecr_repo = module.ecr.repository_name + + use_image_tag = true + image_tag = "first_stage" + + source_path = local.source_path + platform = "linux/amd64" + build_args = { + FOO = "bar" + } + builder = "default" + docker_file_path = "${local.source_path}/Dockerfile" + + # multi-stage builds + build_target = "first_stage" triggers = { dir_sha = local.dir_sha diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 0bfb506c..17e6c972 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -59,7 +59,7 @@ module "docker_image" { |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 4.22 | -| [docker](#requirement\_docker) | >= 3.0 | +| [docker](#requirement\_docker) | >= 3.5.0 | | [null](#requirement\_null) | >= 2.0 | ## Providers @@ -67,7 +67,7 @@ module "docker_image" { | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 4.22 | -| [docker](#provider\_docker) | >= 3.0 | +| [docker](#provider\_docker) | >= 3.5.0 | | [null](#provider\_null) | >= 2.0 | ## Modules @@ -91,6 +91,8 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [build\_args](#input\_build\_args) | A map of Docker build arguments. | `map(string)` | `{}` | no | +| [build\_target](#input\_build\_target) | Set the target build stage to build | `string` | `null` | no | +| [builder](#input\_builder) | The buildx builder to use for the Docker build. | `string` | `null` | no | | [cache\_from](#input\_cache\_from) | List of images to consider as cache sources when building the image. | `list(string)` | `[]` | no | | [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | | [create\_sam\_metadata](#input\_create\_sam\_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index 1bf27a1f..565027f4 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -16,6 +16,8 @@ resource "docker_image" "this" { context = var.source_path dockerfile = var.docker_file_path build_args = var.build_args + builder = var.builder + target = var.build_target platform = var.platform cache_from = var.cache_from } diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf index e153fa7f..110ce554 100644 --- a/modules/docker-build/variables.tf +++ b/modules/docker-build/variables.tf @@ -71,12 +71,24 @@ variable "ecr_repo_tags" { default = {} } +variable "builder" { + description = "The buildx builder to use for the Docker build." + type = string + default = null +} + variable "build_args" { description = "A map of Docker build arguments." type = map(string) default = {} } +variable "build_target" { + description = "Set the target build stage to build" + type = string + default = null +} + variable "ecr_repo_lifecycle_policy" { description = "A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images." type = string diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index 93aadf1a..454fc7ae 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -8,7 +8,7 @@ terraform { } docker = { source = "kreuzwerker/docker" - version = ">= 3.0" + version = ">= 3.5.0" } null = { source = "hashicorp/null" diff --git a/wrappers/docker-build/main.tf b/wrappers/docker-build/main.tf index 7d7614cf..61a99a93 100644 --- a/wrappers/docker-build/main.tf +++ b/wrappers/docker-build/main.tf @@ -4,6 +4,8 @@ module "wrapper" { for_each = var.items build_args = try(each.value.build_args, var.defaults.build_args, {}) + build_target = try(each.value.build_target, var.defaults.build_target, null) + builder = try(each.value.builder, var.defaults.builder, null) cache_from = try(each.value.cache_from, var.defaults.cache_from, []) create_ecr_repo = try(each.value.create_ecr_repo, var.defaults.create_ecr_repo, false) create_sam_metadata = try(each.value.create_sam_metadata, var.defaults.create_sam_metadata, false) diff --git a/wrappers/docker-build/versions.tf b/wrappers/docker-build/versions.tf index 93aadf1a..454fc7ae 100644 --- a/wrappers/docker-build/versions.tf +++ b/wrappers/docker-build/versions.tf @@ -8,7 +8,7 @@ terraform { } docker = { source = "kreuzwerker/docker" - version = ">= 3.0" + version = ">= 3.5.0" } null = { source = "hashicorp/null" From f1f06ed88f567ec75815bd37897d612092e7941c Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 16 May 2025 11:18:51 +0000 Subject: [PATCH 373/385] chore(release): version 7.21.0 [skip ci] ## [7.21.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.3...v7.21.0) (2025-05-16) ### Features * Add buildx and multi-stage build support to docker-build module ([#679](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/679)) ([29893ab](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/29893ab17086b6ec45955f1f5d2f1be4f7cf2285)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c9b1efc..f1a3108c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.21.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.3...v7.21.0) (2025-05-16) + + +### Features + +* Add buildx and multi-stage build support to docker-build module ([#679](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/679)) ([29893ab](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/29893ab17086b6ec45955f1f5d2f1be4f7cf2285)) + ## [7.20.3](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.2...v7.20.3) (2025-05-16) From d5c657c96234b1ee352af418243690c297f3f3b2 Mon Sep 17 00:00:00 2001 From: Vlad Ionescu Date: Thu, 19 Jun 2025 20:38:06 +0300 Subject: [PATCH 374/385] fix: Add .NET 8 runtime example (#685) --- examples/fixtures/runtimes/dotnet8/.gitignore | 484 ++++++++++++++++++ examples/fixtures/runtimes/dotnet8/Program.cs | 16 + .../fixtures/runtimes/dotnet8/Program.csproj | 18 + examples/runtimes/README.md | 4 +- examples/runtimes/checks.tf | 5 +- examples/runtimes/main.tf | 29 ++ examples/runtimes/outputs.tf | 5 + 7 files changed, 558 insertions(+), 3 deletions(-) create mode 100644 examples/fixtures/runtimes/dotnet8/.gitignore create mode 100644 examples/fixtures/runtimes/dotnet8/Program.cs create mode 100644 examples/fixtures/runtimes/dotnet8/Program.csproj diff --git a/examples/fixtures/runtimes/dotnet8/.gitignore b/examples/fixtures/runtimes/dotnet8/.gitignore new file mode 100644 index 00000000..bc78471d --- /dev/null +++ b/examples/fixtures/runtimes/dotnet8/.gitignore @@ -0,0 +1,484 @@ +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. +## +## Get latest from `dotnet new gitignore` + +# dotenv files +.env + +# User-specific files +*.rsuser +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Mono auto generated files +mono_crash.* + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +x64/ +x86/ +[Ww][Ii][Nn]32/ +[Aa][Rr][Mm]/ +[Aa][Rr][Mm]64/ +bld/ +[Bb]in/ +[Oo]bj/ +[Ll]og/ +[Ll]ogs/ + +# Visual Studio 2015/2017 cache/options directory +.vs/ +# Uncomment if you have tasks that create the project's static files in wwwroot +#wwwroot/ + +# Visual Studio 2017 auto generated files +Generated\ Files/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUnit +*.VisualState.xml +TestResult.xml +nunit-*.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# Benchmark Results +BenchmarkDotNet.Artifacts/ + +# .NET +project.lock.json +project.fragment.lock.json +artifacts/ + +# Tye +.tye/ + +# ASP.NET Scaffolding +ScaffoldingReadMe.txt + +# StyleCop +StyleCopReport.xml + +# Files built by Visual Studio +*_i.c +*_p.c +*_h.h +*.ilk +*.meta +*.obj +*.iobj +*.pch +*.pdb +*.ipdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*_wpftmp.csproj +*.log +*.tlog +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opendb +*.opensdf +*.sdf +*.cachefile +*.VC.db +*.VC.VC.opendb + +# Visual Studio profiler +*.psess +*.vsp +*.vspx +*.sap + +# Visual Studio Trace Files +*.e2e + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# AxoCover is a Code Coverage Tool +.axoCover/* +!.axoCover/settings.json + +# Coverlet is a free, cross platform Code Coverage Tool +coverage*.json +coverage*.xml +coverage*.info + +# Visual Studio code coverage results +*.coverage +*.coveragexml + +# NCrunch +_NCrunch_* +.*crunch*.local.xml +nCrunchTemp_* + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml +# Note: Comment the next line if you want to checkin your web deploy settings, +# but database connection strings (with potential passwords) will be unencrypted +*.pubxml +*.publishproj + +# Microsoft Azure Web App publish settings. Comment the next line if you want to +# checkin your Azure Web App publish settings, but sensitive information contained +# in these scripts will be unencrypted +PublishScripts/ + +# NuGet Packages +*.nupkg +# NuGet Symbol Packages +*.snupkg +# The packages folder can be ignored because of Package Restore +**/[Pp]ackages/* +# except build/, which is used as an MSBuild target. +!**/[Pp]ackages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/[Pp]ackages/repositories.config +# NuGet v3's project.json files produces more ignorable files +*.nuget.props +*.nuget.targets + +# Microsoft Azure Build Output +csx/ +*.build.csdef + +# Microsoft Azure Emulator +ecf/ +rcf/ + +# Windows Store app package directories and files +AppPackages/ +BundleArtifacts/ +Package.StoreAssociation.xml +_pkginfo.txt +*.appx +*.appxbundle +*.appxupload + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!?*.[Cc]ache/ + +# Others +ClientBin/ +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.jfm +*.pfx +*.publishsettings +orleans.codegen.cs + +# Including strong name files can present a security risk +# (https://github.com/github/gitignore/pull/2483#issue-259490424) +#*.snk + +# Since there are multiple workflows, uncomment next line to ignore bower_components +# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) +#bower_components/ + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm +ServiceFabricBackup/ +*.rptproj.bak + +# SQL Server files +*.mdf +*.ldf +*.ndf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings +*.rptproj.rsuser +*- [Bb]ackup.rdl +*- [Bb]ackup ([0-9]).rdl +*- [Bb]ackup ([0-9][0-9]).rdl + +# Microsoft Fakes +FakesAssemblies/ + +# GhostDoc plugin setting file +*.GhostDoc.xml + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat +node_modules/ + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt + +# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) +*.vbw + +# Visual Studio 6 auto-generated project file (contains which files were open etc.) +*.vbp + +# Visual Studio 6 workspace and project file (working project files containing files to include in project) +*.dsw +*.dsp + +# Visual Studio 6 technical files +*.ncb +*.aps + +# Visual Studio LightSwitch build output +**/*.HTMLClient/GeneratedArtifacts +**/*.DesktopClient/GeneratedArtifacts +**/*.DesktopClient/ModelManifest.xml +**/*.Server/GeneratedArtifacts +**/*.Server/ModelManifest.xml +_Pvt_Extensions + +# Paket dependency manager +.paket/paket.exe +paket-files/ + +# FAKE - F# Make +.fake/ + +# CodeRush personal settings +.cr/personal + +# Python Tools for Visual Studio (PTVS) +__pycache__/ +*.pyc + +# Cake - Uncomment if you are using it +# tools/** +# !tools/packages.config + +# Tabs Studio +*.tss + +# Telerik's JustMock configuration file +*.jmconfig + +# BizTalk build output +*.btp.cs +*.btm.cs +*.odx.cs +*.xsd.cs + +# OpenCover UI analysis results +OpenCover/ + +# Azure Stream Analytics local run output +ASALocalRun/ + +# MSBuild Binary and Structured Log +*.binlog + +# NVidia Nsight GPU debugger configuration file +*.nvuser + +# MFractors (Xamarin productivity tool) working folder +.mfractor/ + +# Local History for Visual Studio +.localhistory/ + +# Visual Studio History (VSHistory) files +.vshistory/ + +# BeatPulse healthcheck temp database +healthchecksdb + +# Backup folder for Package Reference Convert tool in Visual Studio 2017 +MigrationBackup/ + +# Ionide (cross platform F# VS Code tools) working folder +.ionide/ + +# Fody - auto-generated XML schema +FodyWeavers.xsd + +# VS Code files for those working on multiple tools +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +*.code-workspace + +# Local History for Visual Studio Code +.history/ + +# Windows Installer files from build outputs +*.cab +*.msi +*.msix +*.msm +*.msp + +# JetBrains Rider +*.sln.iml +.idea/ + +## +## Visual studio for Mac +## + + +# globs +Makefile.in +*.userprefs +*.usertasks +config.make +config.status +aclocal.m4 +install-sh +autom4te.cache/ +*.tar.gz +tarballs/ +test-results/ + +# Mac bundle stuff +*.dmg +*.app + +# content below from: https://github.com/github/gitignore/blob/main/Global/macOS.gitignore +# General +.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon + + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +# content below from: https://github.com/github/gitignore/blob/main/Global/Windows.gitignore +# Windows thumbnail cache files +Thumbs.db +ehthumbs.db +ehthumbs_vista.db + +# Dump file +*.stackdump + +# Folder config file +[Dd]esktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msix +*.msm +*.msp + +# Windows shortcuts +*.lnk + +# Vim temporary swap files +*.swp diff --git a/examples/fixtures/runtimes/dotnet8/Program.cs b/examples/fixtures/runtimes/dotnet8/Program.cs new file mode 100644 index 00000000..0b1448d7 --- /dev/null +++ b/examples/fixtures/runtimes/dotnet8/Program.cs @@ -0,0 +1,16 @@ +using System.Text.Json; +using Amazon.Lambda.Core; +using Amazon.Lambda.RuntimeSupport; +using Amazon.Lambda.Serialization.SystemTextJson; + +[assembly: LambdaSerializer(typeof(DefaultLambdaJsonSerializer))] + +var handler = (JsonElement input, ILambdaContext context) => +{ + context.Logger.LogInformation($"Processing input: {input}"); + return "Hello from serverless.tf!!!"; +}; + +await LambdaBootstrapBuilder.Create(handler, new DefaultLambdaJsonSerializer()) + .Build() + .RunAsync(); diff --git a/examples/fixtures/runtimes/dotnet8/Program.csproj b/examples/fixtures/runtimes/dotnet8/Program.csproj new file mode 100644 index 00000000..a1f71466 --- /dev/null +++ b/examples/fixtures/runtimes/dotnet8/Program.csproj @@ -0,0 +1,18 @@ + + + net8.0 + bootstrap + Exe + true + false + enable + enable + true + + + + + + + + diff --git a/examples/runtimes/README.md b/examples/runtimes/README.md index 9e67eeb7..fde279e2 100644 --- a/examples/runtimes/README.md +++ b/examples/runtimes/README.md @@ -1,6 +1,6 @@ # Runtimes Examples -Configuration in this directory creates deployment packages for [various runtimes and programming languages (Rust, Go, Java)](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). +Configuration in this directory creates deployment packages for [various runtimes and programming languages (Rust, Go, Java, .NET)](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). Each runtime is executable by calling created Lambda Functions at the end. @@ -40,6 +40,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| +| [dotnet8\_lambda\_function](#module\_dotnet8\_lambda\_function) | ../../ | n/a | | [go\_lambda\_function](#module\_go\_lambda\_function) | ../../ | n/a | | [java21\_lambda\_function](#module\_java21\_lambda\_function) | ../../ | n/a | | [rust\_lambda\_function](#module\_rust\_lambda\_function) | ../../ | n/a | @@ -60,6 +61,7 @@ No inputs. | Name | Description | |------|-------------| +| [dotnet8\_lambda\_function\_url](#output\_dotnet8\_lambda\_function\_url) | The URL of the Lambda Function in .NET 8 | | [go\_lambda\_function\_url](#output\_go\_lambda\_function\_url) | The URL of the Lambda Function in Go | | [java21\_lambda\_function\_arn](#output\_java21\_lambda\_function\_arn) | The ARN of the Lambda Function in Java 21 | | [lambda\_function\_result](#output\_lambda\_function\_result) | The results of the Lambda Function calls | diff --git a/examples/runtimes/checks.tf b/examples/runtimes/checks.tf index cbf0f2b8..ce95562f 100644 --- a/examples/runtimes/checks.tf +++ b/examples/runtimes/checks.tf @@ -4,8 +4,9 @@ locals { data "http" "this" { for_each = { - rust = module.rust_lambda_function.lambda_function_url, - go = module.go_lambda_function.lambda_function_url, + rust = module.rust_lambda_function.lambda_function_url, + go = module.go_lambda_function.lambda_function_url, + dotnet8 = module.dotnet8_lambda_function.lambda_function_url, } url = each.value diff --git a/examples/runtimes/main.tf b/examples/runtimes/main.tf index b9bd61a9..960b0375 100644 --- a/examples/runtimes/main.tf +++ b/examples/runtimes/main.tf @@ -93,6 +93,35 @@ module "java21_lambda_function" { ] } +module "dotnet8_lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-dotnet8" + + attach_cloudwatch_logs_policy = false + cloudwatch_logs_retention_in_days = 1 + + create_lambda_function_url = true + + handler = "bootstrap" + runtime = "dotnet8" + architectures = ["arm64"] # x86_64 (--runtime linux-x64) or arm64 (--runtime linux-arm64) + timeout = 30 + + trigger_on_package_timestamp = false + + source_path = [ + { + path = "${path.module}/../fixtures/runtimes/dotnet8" + commands = [ + "dotnet publish --framework net8.0 --configuration Relesase --runtime linux-arm64 --output ./publish", + "cd publish", + ":zip", + ] + } + ] +} + resource "random_pet" "this" { length = 2 } diff --git a/examples/runtimes/outputs.tf b/examples/runtimes/outputs.tf index 9c12c1d6..f3583367 100644 --- a/examples/runtimes/outputs.tf +++ b/examples/runtimes/outputs.tf @@ -13,6 +13,11 @@ output "java21_lambda_function_arn" { value = module.java21_lambda_function.lambda_function_arn } +output "dotnet8_lambda_function_url" { + description = "The URL of the Lambda Function in .NET 8" + value = module.dotnet8_lambda_function.lambda_function_url +} + output "lambda_function_result" { description = "The results of the Lambda Function calls" value = { for k, v in data.aws_lambda_invocation.this : k => jsondecode(v.result) } From 2fea1c09a7ae0b5b93bdf8af48713ab7f2780f7c Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 19 Jun 2025 17:38:32 +0000 Subject: [PATCH 375/385] chore(release): version 7.21.1 [skip ci] ## [7.21.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.21.0...v7.21.1) (2025-06-19) ### Bug Fixes * Add .NET 8 runtime example ([#685](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/685)) ([d5c657c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/d5c657c96234b1ee352af418243690c297f3f3b2)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f1a3108c..742e6d57 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.21.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.21.0...v7.21.1) (2025-06-19) + + +### Bug Fixes + +* Add .NET 8 runtime example ([#685](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/685)) ([d5c657c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/d5c657c96234b1ee352af418243690c297f3f3b2)) + ## [7.21.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.3...v7.21.0) (2025-05-16) From 367e9a2c5c7e6a4335fcc7c13c14e54f8e347f9c Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 25 Jun 2025 13:22:21 +0200 Subject: [PATCH 376/385] feat!: Upgrade AWS provider and min required Terraform version to 6.0 and 1.10 respectively (#687) --- .pre-commit-config.yaml | 2 +- README.md | 9 +++++---- examples/alias/README.md | 6 +++--- examples/alias/versions.tf | 4 ++-- examples/async/README.md | 6 +++--- examples/async/versions.tf | 4 ++-- examples/build-package/README.md | 4 ++-- examples/build-package/versions.tf | 4 ++-- examples/code-signing/README.md | 8 ++++---- examples/code-signing/main.tf | 2 +- examples/code-signing/versions.tf | 4 ++-- examples/complete/README.md | 8 ++++---- examples/complete/main.tf | 4 +++- examples/complete/versions.tf | 4 ++-- examples/container-image/README.md | 6 +++--- examples/container-image/main.tf | 2 +- examples/container-image/versions.tf | 4 ++-- examples/deploy/README.md | 6 +++--- examples/deploy/versions.tf | 4 ++-- examples/event-source-mapping/README.md | 6 +++--- examples/event-source-mapping/versions.tf | 4 ++-- examples/multiple-regions/README.md | 8 ++++---- examples/multiple-regions/versions.tf | 4 ++-- examples/runtimes/README.md | 6 +++--- examples/runtimes/versions.tf | 4 ++-- examples/simple-cicd/README.md | 4 ++-- examples/simple-cicd/versions.tf | 4 ++-- examples/simple/README.md | 4 ++-- examples/simple/versions.tf | 4 ++-- examples/triggers/README.md | 6 +++--- examples/triggers/versions.tf | 4 ++-- examples/with-efs/README.md | 6 +++--- examples/with-efs/versions.tf | 4 ++-- examples/with-vpc-s3-endpoint/README.md | 8 ++++---- examples/with-vpc-s3-endpoint/main.tf | 8 ++++---- examples/with-vpc-s3-endpoint/versions.tf | 4 ++-- examples/with-vpc/README.md | 4 ++-- examples/with-vpc/versions.tf | 4 ++-- main.tf | 24 +++++++++++++++++++++++ modules/alias/README.md | 6 +++--- modules/alias/versions.tf | 4 ++-- modules/deploy/README.md | 6 +++--- modules/deploy/versions.tf | 4 ++-- modules/docker-build/README.md | 6 +++--- modules/docker-build/main.tf | 2 +- modules/docker-build/versions.tf | 4 ++-- outputs.tf | 2 +- package.tf | 1 + variables.tf | 20 +++++++++++-------- versions.tf | 4 ++-- wrappers/alias/versions.tf | 4 ++-- wrappers/deploy/versions.tf | 4 ++-- wrappers/docker-build/versions.tf | 4 ++-- wrappers/main.tf | 3 ++- wrappers/versions.tf | 4 ++-- 55 files changed, 161 insertions(+), 128 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b362de29..7b4e83b2 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.98.1 + rev: v1.99.4 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/README.md b/README.md index 10cdbe39..825feb28 100644 --- a/README.md +++ b/README.md @@ -666,8 +666,8 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -676,7 +676,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [external](#provider\_external) | >= 1.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | @@ -824,13 +824,14 @@ No modules. | [policy\_json](#input\_policy\_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | | [policy\_jsons](#input\_policy\_jsons) | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no | | [policy\_name](#input\_policy\_name) | IAM policy name. It override the default value, which is the same as role\_name | `string` | `null` | no | -| [policy\_path](#input\_policy\_path) | Path of policies to that should be added to IAM role for Lambda Function | `string` | `null` | no | | [policy\_statements](#input\_policy\_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | | [provisioned\_concurrent\_executions](#input\_provisioned\_concurrent\_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | | [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | | [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | +| [quiet\_archive\_local\_exec](#input\_quiet\_archive\_local\_exec) | Whether to disable archive local execution output | `bool` | `true` | no | | [recreate\_missing\_package](#input\_recreate\_missing\_package) | Whether to recreate missing Lambda package if it is missing locally or not | `bool` | `true` | no | | [recursive\_loop](#input\_recursive\_loop) | Lambda function recursion configuration. Valid values are Allow or Terminate. | `string` | `null` | no | +| [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no | | [replace\_security\_groups\_on\_destroy](#input\_replace\_security\_groups\_on\_destroy) | (Optional) When true, all security groups defined in vpc\_security\_group\_ids will be replaced with the default security group after the function is destroyed. Set the replacement\_security\_group\_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no | | [replacement\_security\_group\_ids](#input\_replacement\_security\_group\_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace\_security\_groups\_on\_destroy must be set to true to use this attribute. | `list(string)` | `null` | no | | [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | diff --git a/examples/alias/README.md b/examples/alias/README.md index c4037dd6..cb8ce50a 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -19,15 +19,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/async/README.md b/examples/async/README.md index bfc7647b..b2e53fd3 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -19,15 +19,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/async/versions.tf b/examples/async/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/build-package/README.md b/examples/build-package/README.md index d26739dd..8f558bc1 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -21,8 +21,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/code-signing/README.md b/examples/code-signing/README.md index 6d4317d8..dfa7bfac 100644 --- a/examples/code-signing/README.md +++ b/examples/code-signing/README.md @@ -19,15 +19,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -35,7 +35,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| | [lambda](#module\_lambda) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | +| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 | ## Resources diff --git a/examples/code-signing/main.tf b/examples/code-signing/main.tf index b899a401..8b8e9e3e 100644 --- a/examples/code-signing/main.tf +++ b/examples/code-signing/main.tf @@ -93,7 +93,7 @@ resource "random_pet" "this" { module "s3_bucket" { source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 3.0" + version = "~> 5.0" bucket_prefix = "${random_pet.this.id}-" force_destroy = true diff --git a/examples/code-signing/versions.tf b/examples/code-signing/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/code-signing/versions.tf +++ b/examples/code-signing/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/complete/README.md b/examples/complete/README.md index edebc13a..ee0b620e 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -20,15 +20,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -49,7 +49,7 @@ Note that this example may create resources which cost money. Run `terraform des | [lambda\_layer\_with\_package\_deploying\_externally](#module\_lambda\_layer\_with\_package\_deploying\_externally) | ../../ | n/a | | [lambda\_with\_mixed\_trusted\_entities](#module\_lambda\_with\_mixed\_trusted\_entities) | ../../ | n/a | | [lambda\_with\_provisioned\_concurrency](#module\_lambda\_with\_provisioned\_concurrency) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | +| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 | ## Resources diff --git a/examples/complete/main.tf b/examples/complete/main.tf index d0ae09c8..356d9f3e 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -352,6 +352,8 @@ module "lambda_function_for_each" { for_each = toset(["dev", "staging", "prod"]) + region = "us-east-1" + function_name = "my-${each.value}" description = "My awesome lambda function" handler = "index.lambda_handler" @@ -459,7 +461,7 @@ resource "random_pet" "this" { module "s3_bucket" { source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 3.0" + version = "~> 5.0" bucket_prefix = "${random_pet.this.id}-" force_destroy = true diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 3a0a4f47..ecc3e4d3 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [docker](#requirement\_docker) | >= 3.0 | | [random](#requirement\_random) | >= 2.0 | @@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index 4db21302..9e0ee33d 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -26,7 +26,7 @@ provider "aws" { provider "docker" { registry_auth { - address = format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.name) + address = format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.region) username = data.aws_ecr_authorization_token.token.user_name password = data.aws_ecr_authorization_token.token.password } diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index 5b04c7cd..ea997b2d 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } docker = { source = "kreuzwerker/docker" diff --git a/examples/deploy/README.md b/examples/deploy/README.md index 86d5e5a5..0e1b52db 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -19,15 +19,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md index 60c28525..5575a9ca 100644 --- a/examples/event-source-mapping/README.md +++ b/examples/event-source-mapping/README.md @@ -19,15 +19,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 7c09e0b0..4340822a 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -20,16 +20,16 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | -| [aws.us-east-1](#provider\_aws.us-east-1) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | +| [aws.us-east-1](#provider\_aws.us-east-1) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/runtimes/README.md b/examples/runtimes/README.md index fde279e2..58660bc1 100644 --- a/examples/runtimes/README.md +++ b/examples/runtimes/README.md @@ -23,8 +23,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.2 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [http](#requirement\_http) | >= 3.0 | | [random](#requirement\_random) | >= 3.0 | @@ -32,7 +32,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [http](#provider\_http) | >= 3.0 | | [random](#provider\_random) | >= 3.0 | diff --git a/examples/runtimes/versions.tf b/examples/runtimes/versions.tf index 6c4e77fa..1ef908d3 100644 --- a/examples/runtimes/versions.tf +++ b/examples/runtimes/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.2" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/simple-cicd/README.md b/examples/simple-cicd/README.md index 2edb2e51..c2b31ea5 100644 --- a/examples/simple-cicd/README.md +++ b/examples/simple-cicd/README.md @@ -21,8 +21,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/simple-cicd/versions.tf b/examples/simple-cicd/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/simple-cicd/versions.tf +++ b/examples/simple-cicd/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/simple/README.md b/examples/simple/README.md index bee54ded..5277ac26 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/triggers/README.md b/examples/triggers/README.md index c6a6fde9..a3cd6a62 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -20,15 +20,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/triggers/versions.tf b/examples/triggers/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/triggers/versions.tf +++ b/examples/triggers/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index 742816ba..b8d43ac6 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -20,15 +20,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index 60a93661..8d12d182 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -21,15 +21,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 3.4 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 3.4 | ## Modules @@ -38,7 +38,7 @@ Note that this example may create resources which cost money. Run `terraform des |------|--------|---------| | [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.0 | | [lambda\_s3\_write](#module\_lambda\_s3\_write) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | +| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 | | [security\_group\_lambda](#module\_security\_group\_lambda) | terraform-aws-modules/security-group/aws | ~> 4.0 | | [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | | [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | ~> 5.0 | diff --git a/examples/with-vpc-s3-endpoint/main.tf b/examples/with-vpc-s3-endpoint/main.tf index 50faeb21..29de6eba 100644 --- a/examples/with-vpc-s3-endpoint/main.tf +++ b/examples/with-vpc-s3-endpoint/main.tf @@ -26,7 +26,7 @@ module "lambda_s3_write" { environment_variables = { BUCKET_NAME = module.s3_bucket.s3_bucket_id - REGION_NAME = data.aws_region.current.name + REGION_NAME = data.aws_region.current.region } # Let the module create a role for us @@ -54,7 +54,7 @@ resource "random_pet" "this" { } data "aws_ec2_managed_prefix_list" "this" { - name = "com.amazonaws.${data.aws_region.current.name}.s3" + name = "com.amazonaws.${data.aws_region.current.region}.s3" } module "vpc" { @@ -64,7 +64,7 @@ module "vpc" { name = random_pet.this.id cidr = "10.0.0.0/16" - azs = ["${data.aws_region.current.name}a", "${data.aws_region.current.name}b", "${data.aws_region.current.name}c"] + azs = ["${data.aws_region.current.region}a", "${data.aws_region.current.region}b", "${data.aws_region.current.region}c"] # Intra subnets are designed to have no Internet access via NAT Gateway. intra_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] @@ -160,7 +160,7 @@ module "kms" { module "s3_bucket" { source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 3.0" + version = "~> 5.0" bucket_prefix = "${random_pet.this.id}-" force_destroy = true diff --git a/examples/with-vpc-s3-endpoint/versions.tf b/examples/with-vpc-s3-endpoint/versions.tf index 7a4d860b..9344b2c9 100644 --- a/examples/with-vpc-s3-endpoint/versions.tf +++ b/examples/with-vpc-s3-endpoint/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index a29f0bb3..0a3bf423 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -21,8 +21,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/main.tf b/main.tf index c67f1bbb..cc7d011a 100644 --- a/main.tf +++ b/main.tf @@ -24,6 +24,8 @@ locals { resource "aws_lambda_function" "this" { count = local.create && var.create_function && !var.create_layer ? 1 : 0 + region = var.region + function_name = var.function_name description = var.description role = var.create_role ? aws_iam_role.lambda[0].arn : var.lambda_role @@ -170,6 +172,8 @@ resource "aws_lambda_function" "this" { resource "aws_lambda_layer_version" "this" { count = local.create && var.create_layer ? 1 : 0 + region = var.region + layer_name = var.layer_name description = var.description license_info = var.license_info @@ -191,6 +195,8 @@ resource "aws_lambda_layer_version" "this" { resource "aws_s3_object" "lambda_package" { count = local.create && var.store_on_s3 && var.create_package ? 1 : 0 + region = var.region + bucket = var.s3_bucket acl = var.s3_acl key = local.s3_key @@ -218,12 +224,16 @@ resource "aws_s3_object" "lambda_package" { data "aws_cloudwatch_log_group" "lambda" { count = local.create && var.create_function && !var.create_layer && var.use_existing_cloudwatch_log_group ? 1 : 0 + region = var.region + name = coalesce(var.logging_log_group, "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}") } resource "aws_cloudwatch_log_group" "lambda" { count = local.create && var.create_function && !var.create_layer && !var.use_existing_cloudwatch_log_group ? 1 : 0 + region = var.region + name = coalesce(var.logging_log_group, "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}") retention_in_days = var.cloudwatch_logs_retention_in_days kms_key_id = var.cloudwatch_logs_kms_key_id @@ -236,6 +246,8 @@ resource "aws_cloudwatch_log_group" "lambda" { resource "aws_lambda_provisioned_concurrency_config" "current_version" { count = local.create && var.create_function && !var.create_layer && var.provisioned_concurrent_executions > -1 ? 1 : 0 + region = var.region + function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version @@ -249,6 +261,8 @@ locals { resource "aws_lambda_function_event_invoke_config" "this" { for_each = { for k, v in local.qualifiers : k => v if v != null && local.create && var.create_function && !var.create_layer && var.create_async_event_config } + region = var.region + function_name = aws_lambda_function.this[0].function_name qualifier = each.key == "current_version" ? aws_lambda_function.this[0].version : null @@ -278,6 +292,8 @@ resource "aws_lambda_function_event_invoke_config" "this" { resource "aws_lambda_permission" "current_version_triggers" { for_each = { for k, v in var.allowed_triggers : k => v if local.create && var.create_function && !var.create_layer && var.create_current_version_allowed_triggers } + region = var.region + function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version @@ -299,6 +315,8 @@ resource "aws_lambda_permission" "current_version_triggers" { resource "aws_lambda_permission" "unqualified_alias_triggers" { for_each = { for k, v in var.allowed_triggers : k => v if local.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers } + region = var.region + function_name = aws_lambda_function.this[0].function_name statement_id_prefix = try(each.value.statement_id, each.key) @@ -318,6 +336,8 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" { resource "aws_lambda_event_source_mapping" "this" { for_each = { for k, v in var.event_source_mapping : k => v if local.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers } + region = var.region + function_name = aws_lambda_function.this[0].arn event_source_arn = try(each.value.event_source_arn, null) @@ -427,6 +447,8 @@ resource "aws_lambda_event_source_mapping" "this" { resource "aws_lambda_function_url" "this" { count = local.create && var.create_function && !var.create_layer && var.create_lambda_function_url ? 1 : 0 + region = var.region + function_name = aws_lambda_function.this[0].function_name # Error: error creating Lambda Function URL: ValidationException @@ -451,6 +473,8 @@ resource "aws_lambda_function_url" "this" { resource "aws_lambda_function_recursion_config" "this" { count = local.create && var.create_function && !var.create_layer && var.recursive_loop == "Allow" ? 1 : 0 + region = var.region + function_name = aws_lambda_function.this[0].function_name recursive_loop = var.recursive_loop } diff --git a/modules/alias/README.md b/modules/alias/README.md index 4d1871d3..837f8552 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -115,14 +115,14 @@ module "lambda" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.9 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.9 | +| [aws](#provider\_aws) | >= 6.0 | ## Modules diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index dbc484ad..f648e20c 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.9" + version = ">= 6.0" } } } diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 3addc40b..7840572e 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -100,8 +100,8 @@ module "lambda" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 3.35 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -109,7 +109,7 @@ module "lambda" { | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.35 | +| [aws](#provider\_aws) | >= 6.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index 5a82f93b..e7881b92 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.35" + version = ">= 6.0" } local = { source = "hashicorp/local" diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 17e6c972..61476b07 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -57,8 +57,8 @@ module "docker_image" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.22 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [docker](#requirement\_docker) | >= 3.5.0 | | [null](#requirement\_null) | >= 2.0 | @@ -66,7 +66,7 @@ module "docker_image" { | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.22 | +| [aws](#provider\_aws) | >= 6.0 | | [docker](#provider\_docker) | >= 3.5.0 | | [null](#provider\_null) | >= 2.0 | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index 565027f4..559060cb 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -3,7 +3,7 @@ data "aws_region" "current" {} data "aws_caller_identity" "this" {} locals { - ecr_address = coalesce(var.ecr_address, format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.name)) + ecr_address = coalesce(var.ecr_address, format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.region)) ecr_repo = var.create_ecr_repo ? aws_ecr_repository.this[0].id : var.ecr_repo image_tag = var.use_image_tag ? coalesce(var.image_tag, formatdate("YYYYMMDDhhmmss", timestamp())) : null ecr_image_name = var.use_image_tag ? format("%v/%v:%v", local.ecr_address, local.ecr_repo, local.image_tag) : format("%v/%v", local.ecr_address, local.ecr_repo) diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index 454fc7ae..8b20e477 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.22" + version = ">= 6.0" } docker = { source = "kreuzwerker/docker" diff --git a/outputs.tf b/outputs.tf index 29c47fe1..93624833 100644 --- a/outputs.tf +++ b/outputs.tf @@ -6,7 +6,7 @@ output "lambda_function_arn" { output "lambda_function_arn_static" { description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" - value = local.create && var.create_function && !var.create_layer ? "arn:${data.aws_partition.current.partition}:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:${var.function_name}" : "" + value = local.create && var.create_function && !var.create_layer ? "arn:${data.aws_partition.current.partition}:lambda:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:function:${var.function_name}" : "" } output "lambda_function_invoke_arn" { diff --git a/package.tf b/package.tf index bbff086c..7f761ef9 100644 --- a/package.tf +++ b/package.tf @@ -70,6 +70,7 @@ resource "null_resource" "archive" { "--timestamp", data.external.archive_prepare[0].result.timestamp ] command = data.external.archive_prepare[0].result.build_plan_filename + quiet = var.quiet_archive_local_exec } depends_on = [local_file.archive_plan] diff --git a/variables.tf b/variables.tf index c71f68ae..6ea454f6 100644 --- a/variables.tf +++ b/variables.tf @@ -46,6 +46,12 @@ variable "putin_khuylo" { default = true } +variable "region" { + description = "Region where the resource(s) will be managed. Defaults to the region set in the provider configuration" + type = string + default = null +} + ########### # Function ########### @@ -584,14 +590,6 @@ variable "attach_policies" { default = false } -# TODO: DEPRECATED: Remove this variable in the next major version -# tflint-ignore: all -variable "policy_path" { - description = "Path of policies to that should be added to IAM role for Lambda Function" - type = string - default = null -} - variable "number_of_policy_jsons" { description = "Number of policies JSON to attach to IAM role for Lambda Function" type = number @@ -806,6 +804,12 @@ variable "trigger_on_package_timestamp" { default = true } +variable "quiet_archive_local_exec" { + description = "Whether to disable archive local execution output" + type = bool + default = true +} + ############################################ # Lambda Advanced Logging Settings ############################################ diff --git a/versions.tf b/versions.tf index bf462c65..a80f6eb3 100644 --- a/versions.tf +++ b/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } external = { source = "hashicorp/external" diff --git a/wrappers/alias/versions.tf b/wrappers/alias/versions.tf index dbc484ad..f648e20c 100644 --- a/wrappers/alias/versions.tf +++ b/wrappers/alias/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.9" + version = ">= 6.0" } } } diff --git a/wrappers/deploy/versions.tf b/wrappers/deploy/versions.tf index 5a82f93b..e7881b92 100644 --- a/wrappers/deploy/versions.tf +++ b/wrappers/deploy/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.35" + version = ">= 6.0" } local = { source = "hashicorp/local" diff --git a/wrappers/docker-build/versions.tf b/wrappers/docker-build/versions.tf index 454fc7ae..8b20e477 100644 --- a/wrappers/docker-build/versions.tf +++ b/wrappers/docker-build/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.22" + version = ">= 6.0" } docker = { source = "kreuzwerker/docker" diff --git a/wrappers/main.tf b/wrappers/main.tf index 1092b4d3..eb78bb41 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -94,13 +94,14 @@ module "wrapper" { policy_json = try(each.value.policy_json, var.defaults.policy_json, null) policy_jsons = try(each.value.policy_jsons, var.defaults.policy_jsons, []) policy_name = try(each.value.policy_name, var.defaults.policy_name, null) - policy_path = try(each.value.policy_path, var.defaults.policy_path, null) policy_statements = try(each.value.policy_statements, var.defaults.policy_statements, {}) provisioned_concurrent_executions = try(each.value.provisioned_concurrent_executions, var.defaults.provisioned_concurrent_executions, -1) publish = try(each.value.publish, var.defaults.publish, false) putin_khuylo = try(each.value.putin_khuylo, var.defaults.putin_khuylo, true) + quiet_archive_local_exec = try(each.value.quiet_archive_local_exec, var.defaults.quiet_archive_local_exec, true) recreate_missing_package = try(each.value.recreate_missing_package, var.defaults.recreate_missing_package, true) recursive_loop = try(each.value.recursive_loop, var.defaults.recursive_loop, null) + region = try(each.value.region, var.defaults.region, null) replace_security_groups_on_destroy = try(each.value.replace_security_groups_on_destroy, var.defaults.replace_security_groups_on_destroy, null) replacement_security_group_ids = try(each.value.replacement_security_group_ids, var.defaults.replacement_security_group_ids, null) reserved_concurrent_executions = try(each.value.reserved_concurrent_executions, var.defaults.reserved_concurrent_executions, -1) diff --git a/wrappers/versions.tf b/wrappers/versions.tf index bf462c65..a80f6eb3 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } external = { source = "hashicorp/external" From 47971243d52b67e44597e6fbcb8811b9ee4f57d0 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 25 Jun 2025 11:22:48 +0000 Subject: [PATCH 377/385] chore(release): version 8.0.0 [skip ci] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## [8.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.21.1...v8.0.0) (2025-06-25) ### ⚠ BREAKING CHANGES * Upgrade AWS provider and min required Terraform version to 6.0 and 1.10 respectively (#687) ### Features * Upgrade AWS provider and min required Terraform version to 6.0 and 1.10 respectively ([#687](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/687)) ([367e9a2](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/367e9a2c5c7e6a4335fcc7c13c14e54f8e347f9c)) --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 742e6d57..66963786 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ All notable changes to this project will be documented in this file. +## [8.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.21.1...v8.0.0) (2025-06-25) + + +### ⚠ BREAKING CHANGES + +* Upgrade AWS provider and min required Terraform version to 6.0 and 1.10 respectively (#687) + +### Features + +* Upgrade AWS provider and min required Terraform version to 6.0 and 1.10 respectively ([#687](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/687)) ([367e9a2](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/367e9a2c5c7e6a4335fcc7c13c14e54f8e347f9c)) + ## [7.21.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.21.0...v7.21.1) (2025-06-19) From ab606514be095d7ad55ebd920069cb090fa39cd5 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 25 Jun 2025 19:18:36 +0200 Subject: [PATCH 378/385] fix: Lower minimum Terraform version to 1.5.7 (#688) --- README.md | 2 +- examples/alias/README.md | 2 +- examples/alias/versions.tf | 2 +- examples/async/README.md | 2 +- examples/async/versions.tf | 2 +- examples/build-package/README.md | 2 +- examples/build-package/versions.tf | 2 +- examples/code-signing/README.md | 2 +- examples/code-signing/versions.tf | 2 +- examples/complete/README.md | 2 +- examples/complete/versions.tf | 2 +- examples/container-image/README.md | 2 +- examples/container-image/versions.tf | 2 +- examples/deploy/README.md | 2 +- examples/deploy/versions.tf | 2 +- examples/event-source-mapping/README.md | 2 +- examples/event-source-mapping/versions.tf | 2 +- examples/multiple-regions/README.md | 2 +- examples/multiple-regions/versions.tf | 2 +- examples/runtimes/README.md | 2 +- examples/runtimes/versions.tf | 2 +- examples/simple-cicd/README.md | 2 +- examples/simple-cicd/versions.tf | 2 +- examples/simple/README.md | 2 +- examples/simple/versions.tf | 2 +- examples/triggers/README.md | 2 +- examples/triggers/versions.tf | 2 +- examples/with-efs/README.md | 2 +- examples/with-efs/versions.tf | 2 +- examples/with-vpc-s3-endpoint/README.md | 2 +- examples/with-vpc-s3-endpoint/versions.tf | 2 +- examples/with-vpc/README.md | 2 +- examples/with-vpc/versions.tf | 2 +- modules/alias/README.md | 2 +- modules/alias/versions.tf | 2 +- modules/deploy/README.md | 2 +- modules/deploy/versions.tf | 2 +- modules/docker-build/README.md | 2 +- modules/docker-build/versions.tf | 2 +- versions.tf | 2 +- wrappers/alias/versions.tf | 2 +- wrappers/deploy/versions.tf | 2 +- wrappers/docker-build/versions.tf | 2 +- wrappers/versions.tf | 2 +- 44 files changed, 44 insertions(+), 44 deletions(-) diff --git a/README.md b/README.md index 825feb28..3d045ce0 100644 --- a/README.md +++ b/README.md @@ -666,7 +666,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | diff --git a/examples/alias/README.md b/examples/alias/README.md index cb8ce50a..6bcb2530 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/async/README.md b/examples/async/README.md index b2e53fd3..3bca0e68 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/async/versions.tf b/examples/async/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 8f558bc1..7263ca6d 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/code-signing/README.md b/examples/code-signing/README.md index dfa7bfac..74d1062f 100644 --- a/examples/code-signing/README.md +++ b/examples/code-signing/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/code-signing/versions.tf b/examples/code-signing/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/code-signing/versions.tf +++ b/examples/code-signing/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/complete/README.md b/examples/complete/README.md index ee0b620e..552ea09c 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/container-image/README.md b/examples/container-image/README.md index ecc3e4d3..8c2bf290 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [docker](#requirement\_docker) | >= 3.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index ea997b2d..dbb8009c 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/deploy/README.md b/examples/deploy/README.md index 0e1b52db..829a0468 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md index 5575a9ca..49d4fa75 100644 --- a/examples/event-source-mapping/README.md +++ b/examples/event-source-mapping/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 4340822a..ed4c573a 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/runtimes/README.md b/examples/runtimes/README.md index 58660bc1..95a28a08 100644 --- a/examples/runtimes/README.md +++ b/examples/runtimes/README.md @@ -23,7 +23,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [http](#requirement\_http) | >= 3.0 | | [random](#requirement\_random) | >= 3.0 | diff --git a/examples/runtimes/versions.tf b/examples/runtimes/versions.tf index 1ef908d3..36f51034 100644 --- a/examples/runtimes/versions.tf +++ b/examples/runtimes/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/simple-cicd/README.md b/examples/simple-cicd/README.md index c2b31ea5..8afef1be 100644 --- a/examples/simple-cicd/README.md +++ b/examples/simple-cicd/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/simple-cicd/versions.tf b/examples/simple-cicd/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/simple-cicd/versions.tf +++ b/examples/simple-cicd/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/simple/README.md b/examples/simple/README.md index 5277ac26..b9a4f785 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/triggers/README.md b/examples/triggers/README.md index a3cd6a62..aa6fb08f 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/triggers/versions.tf b/examples/triggers/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/triggers/versions.tf +++ b/examples/triggers/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index b8d43ac6..ce9cc15e 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index 8d12d182..f84ba32c 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 3.4 | diff --git a/examples/with-vpc-s3-endpoint/versions.tf b/examples/with-vpc-s3-endpoint/versions.tf index 9344b2c9..7f27783c 100644 --- a/examples/with-vpc-s3-endpoint/versions.tf +++ b/examples/with-vpc-s3-endpoint/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 0a3bf423..e1808811 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/modules/alias/README.md b/modules/alias/README.md index 837f8552..5ee31171 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -115,7 +115,7 @@ module "lambda" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | ## Providers diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index f648e20c..db13b0a8 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 7840572e..b5d535c9 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -100,7 +100,7 @@ module "lambda" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index e7881b92..ddb64c76 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 61476b07..8d9d8315 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -57,7 +57,7 @@ module "docker_image" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [docker](#requirement\_docker) | >= 3.5.0 | | [null](#requirement\_null) | >= 2.0 | diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index 8b20e477..b203b635 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/versions.tf b/versions.tf index a80f6eb3..8dea461c 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/wrappers/alias/versions.tf b/wrappers/alias/versions.tf index f648e20c..db13b0a8 100644 --- a/wrappers/alias/versions.tf +++ b/wrappers/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/wrappers/deploy/versions.tf b/wrappers/deploy/versions.tf index e7881b92..ddb64c76 100644 --- a/wrappers/deploy/versions.tf +++ b/wrappers/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/wrappers/docker-build/versions.tf b/wrappers/docker-build/versions.tf index 8b20e477..b203b635 100644 --- a/wrappers/docker-build/versions.tf +++ b/wrappers/docker-build/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/wrappers/versions.tf b/wrappers/versions.tf index a80f6eb3..8dea461c 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { From a5433c0e08a8cb294c1ede5c45066d4aa9364107 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 25 Jun 2025 17:19:04 +0000 Subject: [PATCH 379/385] chore(release): version 8.0.1 [skip ci] ## [8.0.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.0.0...v8.0.1) (2025-06-25) ### Bug Fixes * Lower minimum Terraform version to 1.5.7 ([#688](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/688)) ([ab60651](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/ab606514be095d7ad55ebd920069cb090fa39cd5)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 66963786..c0f52f38 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [8.0.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.0.0...v8.0.1) (2025-06-25) + + +### Bug Fixes + +* Lower minimum Terraform version to 1.5.7 ([#688](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/688)) ([ab60651](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/ab606514be095d7ad55ebd920069cb090fa39cd5)) + ## [8.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.21.1...v8.0.0) (2025-06-25) From 5e4391c55605d11ac98655a2fd2d6a8f2583d3b6 Mon Sep 17 00:00:00 2001 From: az-wegift <34541726+az-wegift@users.noreply.github.com> Date: Fri, 22 Aug 2025 12:09:37 +0100 Subject: [PATCH 380/385] feat: Respect the package-lock.json for a NodeJS Lambda function (#681) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Amadeusz Żołnowski Co-authored-by: Anton Babenko <393243+antonbabenko@users.noreply.github.com> --- examples/build-package/README.md | 2 + examples/build-package/main.tf | 26 ++++++ examples/fixtures/nodejs14.x-app2/index.js | 16 ++++ .../nodejs14.x-app2/package-lock.json | 83 +++++++++++++++++++ .../fixtures/nodejs14.x-app2/package.json | 8 ++ package.py | 78 +++++++++++++++-- 6 files changed, 205 insertions(+), 8 deletions(-) create mode 100644 examples/fixtures/nodejs14.x-app2/index.js create mode 100644 examples/fixtures/nodejs14.x-app2/package-lock.json create mode 100644 examples/fixtures/nodejs14.x-app2/package.json diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 7263ca6d..7c354473 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -45,6 +45,7 @@ Note that this example may create resources which cost money. Run `terraform des | [package\_dir\_poetry](#module\_package\_dir\_poetry) | ../../ | n/a | | [package\_dir\_poetry\_no\_docker](#module\_package\_dir\_poetry\_no\_docker) | ../../ | n/a | | [package\_dir\_with\_npm\_install](#module\_package\_dir\_with\_npm\_install) | ../../ | n/a | +| [package\_dir\_with\_npm\_install\_lock\_file](#module\_package\_dir\_with\_npm\_install\_lock\_file) | ../../ | n/a | | [package\_dir\_without\_npm\_install](#module\_package\_dir\_without\_npm\_install) | ../../ | n/a | | [package\_dir\_without\_pip\_install](#module\_package\_dir\_without\_pip\_install) | ../../ | n/a | | [package\_file](#module\_package\_file) | ../../ | n/a | @@ -53,6 +54,7 @@ Note that this example may create resources which cost money. Run `terraform des | [package\_src\_poetry2](#module\_package\_src\_poetry2) | ../../ | n/a | | [package\_with\_commands\_and\_patterns](#module\_package\_with\_commands\_and\_patterns) | ../../ | n/a | | [package\_with\_docker](#module\_package\_with\_docker) | ../../ | n/a | +| [package\_with\_npm\_lock\_in\_docker](#module\_package\_with\_npm\_lock\_in\_docker) | ../../ | n/a | | [package\_with\_npm\_requirements\_in\_docker](#module\_package\_with\_npm\_requirements\_in\_docker) | ../../ | n/a | | [package\_with\_patterns](#module\_package\_with\_patterns) | ../../ | n/a | | [package\_with\_pip\_requirements\_in\_docker](#module\_package\_with\_pip\_requirements\_in\_docker) | ../../ | n/a | diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 2afce855..48f7bc8c 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -365,6 +365,18 @@ module "package_dir_with_npm_install" { source_path = "${path.module}/../fixtures/nodejs14.x-app1" } +# Create zip-archive of a single directory where "npm install" will also be +# executed (default for nodejs runtime). This example has package-lock.json which +# is respected when installing dependencies. +module "package_dir_with_npm_install_lock_file" { + source = "../../" + + create_function = false + + runtime = "nodejs14.x" + source_path = "${path.module}/../fixtures/nodejs14.x-app2" +} + # Create zip-archive of a single directory without running "npm install" (which is the default for nodejs runtime) module "package_dir_without_npm_install" { source = "../../" @@ -393,6 +405,20 @@ module "package_with_npm_requirements_in_docker" { hash_extra = "something-unique-to-not-conflict-with-module.package_dir_with_npm_install" } +# Create zip-archive of a single directory where "npm install" will also be +# executed using docker. This example has package-lock.json which is respected +# when installing dependencies. +module "package_with_npm_lock_in_docker" { + source = "../../" + + create_function = false + + runtime = "nodejs14.x" + source_path = "${path.module}/../fixtures/nodejs14.x-app2" + build_in_docker = true + hash_extra = "something-unique-to-not-conflict-with-module.package_dir_with_npm_install" +} + ################################ # Build package in Docker and # use it to deploy Lambda Layer diff --git a/examples/fixtures/nodejs14.x-app2/index.js b/examples/fixtures/nodejs14.x-app2/index.js new file mode 100644 index 00000000..97968e4a --- /dev/null +++ b/examples/fixtures/nodejs14.x-app2/index.js @@ -0,0 +1,16 @@ +'use strict'; + +module.exports.hello = async (event) => { + console.log(event); + return { + statusCode: 200, + body: JSON.stringify( + { + message: `Go Serverless.tf! Your Nodejs function executed successfully!`, + input: event, + }, + null, + 2 + ), + }; +}; diff --git a/examples/fixtures/nodejs14.x-app2/package-lock.json b/examples/fixtures/nodejs14.x-app2/package-lock.json new file mode 100644 index 00000000..adf88ca6 --- /dev/null +++ b/examples/fixtures/nodejs14.x-app2/package-lock.json @@ -0,0 +1,83 @@ +{ + "name": "nodejs14.x-app1", + "version": "1.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "axo": { + "version": "0.0.2", + "resolved": "https://registry.npmjs.org/axo/-/axo-0.0.2.tgz", + "integrity": "sha512-8CC4Mb+OhK97UEng0PgiqUDNZjzVcWDsV+G2vLYCQn1jEL7y6VqiRVlZlRu+aA/ckSznmNzW6X1I6nj2As/haQ==" + }, + "eventemitter3": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-2.0.3.tgz", + "integrity": "sha512-jLN68Dx5kyFHaePoXWPsCGW5qdyZQtLYHkxkg02/Mz6g0kYpDx4FyP6XfArhQdlOC4b8Mv+EMxPo/8La7Tzghg==" + }, + "extendible": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/extendible/-/extendible-0.1.1.tgz", + "integrity": "sha512-AglckQA0TJV8/ZmhQcNmaaFcFFPXFIoZbfuoQOlGDK7Jh/roWotYzJ7ik1FBBCHBr8n7CgTR8lXXPAN8Rfb7rw==" + }, + "failure": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/failure/-/failure-1.1.1.tgz", + "integrity": "sha512-lzrrk0NUfjVeU3jLmfU01zP5bfg4XVFxHREYGvgJowaCqHLSQtqIGENH/CU+oSs6yfYObdSM7b9UY/3p2VJOSg==" + }, + "hang": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/hang/-/hang-1.0.0.tgz", + "integrity": "sha512-vtBz98Bt/Tbm03cZO5Ymc7ZL8ead/jIx9T5Wg/xuz+9BXPAJNJSdGQW63LoaesogUQKTpHyal339hxTaTf/APg==" + }, + "loads": { + "version": "0.0.4", + "resolved": "https://registry.npmjs.org/loads/-/loads-0.0.4.tgz", + "integrity": "sha512-XjPzzYIHkuMNqYyvh6AECQAHi682nyKO9TMdMYnaz7QbPDI/KIeSIjRhAlXIbRMPYAgtLUYgPlD3mtKZ4Q8SYA==", + "requires": { + "failure": "1.1.x", + "one-time": "0.0.x", + "xhr-response": "1.0.x", + "xhr-status": "1.0.x" + } + }, + "node-http-xhr": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/node-http-xhr/-/node-http-xhr-1.2.1.tgz", + "integrity": "sha512-eRKOQNY8V2BNp/P8A2A+eVwprVFI64ciunsBimQ4WBb1m841vn7ksDRGlmWBCyE/tLRoPwvH/sUig9krKMehwA==" + }, + "one-time": { + "version": "0.0.4", + "resolved": "https://registry.npmjs.org/one-time/-/one-time-0.0.4.tgz", + "integrity": "sha512-qAMrwuk2xLEutlASoiPiAMW3EN3K96Ka/ilSXYr6qR1zSVXw2j7+yDSqGTC4T9apfLYxM3tLLjKvgPdAUK7kYQ==" + }, + "requests": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/requests/-/requests-0.2.1.tgz", + "integrity": "sha512-SlvQm7cl4z285qs5ZrthHjr4TI0Ngb0pzX4jLzSOr7rsA4AlFj+0qhkzF3zKsVBFuU+HseU+iUz4qBA6bV087Q==", + "requires": { + "axo": "0.0.x", + "eventemitter3": "~2.0.2", + "extendible": "0.1.x", + "hang": "1.0.x", + "loads": "0.0.x", + "node-http-xhr": "~1.2.1", + "xhr-send": "1.0.x" + } + }, + "xhr-response": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/xhr-response/-/xhr-response-1.0.1.tgz", + "integrity": "sha512-m2FlVRCl3VqDcpc8UaWZJpwuHpFR2vYeXv6ipXU2Uuu4vNKFYVEFI0emuJN370Fge+JCbiAnS+JJmSoWVmWrjQ==" + }, + "xhr-send": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/xhr-send/-/xhr-send-1.0.0.tgz", + "integrity": "sha512-789EG4qW6Z0nPvG74AV3WWQCnBG5HxJXNiBsnEivZ8OpbvVA0amH0+g+MNT99o5kt/XLdRezm5KS1wJzcGJztw==" + }, + "xhr-status": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/xhr-status/-/xhr-status-1.0.1.tgz", + "integrity": "sha512-VF0WSqtmkf56OmF26LCWsWvRb1a+WYGdHDoQnPPCVUQTM8CVUAOBcUDsm7nP7SQcgEEdrvF4DmhEADuXdGieyw==" + } + } +} diff --git a/examples/fixtures/nodejs14.x-app2/package.json b/examples/fixtures/nodejs14.x-app2/package.json new file mode 100644 index 00000000..b332ac7e --- /dev/null +++ b/examples/fixtures/nodejs14.x-app2/package.json @@ -0,0 +1,8 @@ +{ + "name": "nodejs14.x-app1", + "version": "1.0.0", + "main": "index.js", + "dependencies": { + "requests": "^0.2.0" + } +} diff --git a/package.py b/package.py index 6e19846c..74af6e7c 100644 --- a/package.py +++ b/package.py @@ -733,6 +733,14 @@ def npm_requirements_step(path, prefix=None, required=False, tmp_dir=None): requirements = path if os.path.isdir(path): requirements = os.path.join(path, "package.json") + npm_lock_file = os.path.join(path, "package-lock.json") + else: + npm_lock_file = os.path.join(os.path.dirname(path), "package-lock.json") + + if os.path.isfile(npm_lock_file): + hash(npm_lock_file) + log.info("Added npm lock file: %s", npm_lock_file) + if not os.path.isfile(requirements): if required: raise RuntimeError("File not found: {}".format(requirements)) @@ -1088,7 +1096,7 @@ def install_pip_requirements(query, requirements_file, tmp_dir): ok = True elif docker_file or docker_build_root: raise ValueError( - "docker_image must be specified " "for a custom image future references" + "docker_image must be specified for a custom image future references" ) working_dir = os.getcwd() @@ -1108,7 +1116,7 @@ def install_pip_requirements(query, requirements_file, tmp_dir): elif OSX: # Workaround for OSX when XCode command line tools' # python becomes the main system python interpreter - os_path = "{}:/Library/Developer/CommandLineTools" "/usr/bin".format( + os_path = "{}:/Library/Developer/CommandLineTools/usr/bin".format( os.environ["PATH"] ) subproc_env = os.environ.copy() @@ -1390,14 +1398,15 @@ def install_npm_requirements(query, requirements_file, tmp_dir): ok = True elif docker_file or docker_build_root: raise ValueError( - "docker_image must be specified " "for a custom image future references" + "docker_image must be specified for a custom image future references" ) log.info("Installing npm requirements: %s", requirements_file) with tempdir(tmp_dir) as temp_dir: - requirements_filename = os.path.basename(requirements_file) - target_file = os.path.join(temp_dir, requirements_filename) - shutil.copyfile(requirements_file, target_file) + temp_copy = TemporaryCopy(os.path.dirname(requirements_file), temp_dir, log) + temp_copy.add(os.path.basename(requirements_file)) + temp_copy.add("package-lock.json", required=False) + temp_copy.copy_to_target_dir() subproc_env = None npm_exec = "npm" @@ -1442,10 +1451,63 @@ def install_npm_requirements(query, requirements_file, tmp_dir): "available in system PATH".format(runtime) ) from e - os.remove(target_file) + temp_copy.remove_from_target_dir() yield temp_dir +class TemporaryCopy: + """Temporarily copy files to a specified location and remove them when + not needed. + """ + + def __init__(self, source_dir_path, target_dir_path, logger=None): + """Initialise with a target and a source directories.""" + self.source_dir_path = source_dir_path + self.target_dir_path = target_dir_path + self._filenames = [] + self._logger = logger + + def _make_source_path(self, filename): + return os.path.join(self.source_dir_path, filename) + + def _make_target_path(self, filename): + return os.path.join(self.target_dir_path, filename) + + def add(self, filename, *, required=True): + """Add a file to be copied from from source to target directory + when `TemporaryCopy.copy_to_target_dir()` is called. + + By default, the file must exist in the source directory. Set `required` + to `False` if the file is optional. + """ + if os.path.exists(self._make_source_path(filename)): + self._filenames.append(filename) + elif required: + raise RuntimeError("File not found: {}".format(filename)) + + def copy_to_target_dir(self): + """Copy files (added so far) to the target directory.""" + for filename in self._filenames: + if self._logger: + self._logger.info("Copying temporarily '%s'", filename) + + shutil.copyfile( + self._make_source_path(filename), + self._make_target_path(filename), + ) + + def remove_from_target_dir(self): + """Remove files (added so far) from the target directory.""" + for filename in self._filenames: + if self._logger: + self._logger.info("Removing temporarily copied '%s'", filename) + + try: + os.remove(self._make_target_path(filename)) + except FileNotFoundError: + pass + + def docker_image_id_command(tag): """""" docker_cmd = ["docker", "images", "--format={{.ID}}", tag] @@ -1649,7 +1711,7 @@ def prepare_command(args): timestamp = timestamp_now_ns() was_missing = True else: - timestamp = "" + timestamp = "" # Replace variables in the build command with calculated values. build_data = { From 1c3b16a8d9ee8944ba33f5327bdf011c6639cceb Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 22 Aug 2025 11:10:06 +0000 Subject: [PATCH 381/385] chore(release): version 8.1.0 [skip ci] ## [8.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.0.1...v8.1.0) (2025-08-22) ### Features * Respect the package-lock.json for a NodeJS Lambda function ([#681](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/681)) ([5e4391c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/5e4391c55605d11ac98655a2fd2d6a8f2583d3b6)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0f52f38..7c9c3eeb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [8.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.0.1...v8.1.0) (2025-08-22) + + +### Features + +* Respect the package-lock.json for a NodeJS Lambda function ([#681](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/681)) ([5e4391c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/5e4391c55605d11ac98655a2fd2d6a8f2583d3b6)) + ## [8.0.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.0.0...v8.0.1) (2025-06-25) From feb456187b3727b6b94562cc39d3cbce509b3d03 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Tue, 21 Oct 2025 03:49:54 -0500 Subject: [PATCH 382/385] fix: Update CI workflow versions to latest (#713) --- .github/workflows/pr-title.yml | 2 +- .github/workflows/pre-commit.yml | 111 ++++++++++++++++++++++----- .github/workflows/release.yml | 22 ++++-- .github/workflows/stale-actions.yaml | 2 +- .gitignore | 10 ++- .pre-commit-config.yaml | 4 +- examples/README.md | 8 ++ 7 files changed, 123 insertions(+), 36 deletions(-) create mode 100644 examples/README.md diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 1e50760e..6419f3aa 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5.5.3 + - uses: amannn/action-semantic-pull-request@v6.1.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index a19ff831..057b9c42 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,8 +7,8 @@ on: - master env: - TERRAFORM_DOCS_VERSION: v0.19.0 - TFLINT_VERSION: v0.53.0 + TERRAFORM_DOCS_VERSION: v0.20.0 + TFLINT_VERSION: v0.59.1 jobs: collectInputs: @@ -18,11 +18,11 @@ jobs: directories: ${{ steps.dirs.outputs.directories }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.9.0 + uses: clowdhaus/terraform-composite-actions/directories@v1.14.0 preCommitMinVersions: name: Min TF pre-commit @@ -32,27 +32,49 @@ jobs: matrix: directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} steps: + - name: Install rmz + uses: jaxxstorm/action-install-gh-release@v2.1.0 + with: + repo: SUPERCILEX/fuc + asset-name: x86_64-unknown-linux-gnu-rmz + rename-to: rmz + chmod: 0755 + extension-matching: disable + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 - - name: Delete huge unnecessary tools folder + - name: Delete unnecessary files run: | - rm -rf /opt/hostedtoolcache/CodeQL - rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk - rm -rf /opt/hostedtoolcache/Ruby - rm -rf /opt/hostedtoolcache/go + formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); } + getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); } + + BEFORE=$(getAvailableSpace) + + ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz + rmz -f /opt/hostedtoolcache/CodeQL & + rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & + rmz -f /opt/hostedtoolcache/PyPy & + rmz -f /opt/hostedtoolcache/Ruby & + rmz -f /opt/hostedtoolcache/go & + + wait + + AFTER=$(getAvailableSpace) + SAVED=$((AFTER-BEFORE)) + echo "=> Saved $(formatByteCount $SAVED)" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.1 + uses: clowdhaus/terraform-min-max@v2.1.0 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -61,7 +83,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -72,26 +94,73 @@ jobs: runs-on: ubuntu-latest needs: collectInputs steps: + - name: Install rmz + uses: jaxxstorm/action-install-gh-release@v2.1.0 + with: + repo: SUPERCILEX/fuc + asset-name: x86_64-unknown-linux-gnu-rmz + rename-to: rmz + chmod: 0755 + extension-matching: disable + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 - - name: Delete huge unnecessary tools folder + - name: Delete unnecessary files run: | - rm -rf /opt/hostedtoolcache/CodeQL - rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk - rm -rf /opt/hostedtoolcache/Ruby - rm -rf /opt/hostedtoolcache/go + formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); } + getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); } + + BEFORE=$(getAvailableSpace) + + ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz + rmz -f /opt/hostedtoolcache/CodeQL & + rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & + rmz -f /opt/hostedtoolcache/PyPy & + rmz -f /opt/hostedtoolcache/Ruby & + rmz -f /opt/hostedtoolcache/go & + sudo rmz -f /usr/local/lib/android & + + if [[ ${{ github.repository }} == terraform-aws-modules/terraform-aws-security-group ]]; then + sudo rmz -f /usr/share/dotnet & + sudo rmz -f /usr/local/.ghcup & + sudo apt-get -qq remove -y 'azure-.*' + sudo apt-get -qq remove -y 'cpp-.*' + sudo apt-get -qq remove -y 'dotnet-runtime-.*' + sudo apt-get -qq remove -y 'google-.*' + sudo apt-get -qq remove -y 'libclang-.*' + sudo apt-get -qq remove -y 'libllvm.*' + sudo apt-get -qq remove -y 'llvm-.*' + sudo apt-get -qq remove -y 'mysql-.*' + sudo apt-get -qq remove -y 'postgresql-.*' + sudo apt-get -qq remove -y 'php.*' + sudo apt-get -qq remove -y 'temurin-.*' + sudo apt-get -qq remove -y kubectl firefox mono-devel + sudo apt-get -qq autoremove -y + sudo apt-get -qq clean + fi + + wait + + AFTER=$(getAvailableSpace) + SAVED=$((AFTER-BEFORE)) + echo "=> Saved $(formatByteCount $SAVED)" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.1 + uses: clowdhaus/terraform-min-max@v2.1.0 + + - name: Hide template dir + # Special to this repo, we don't want to check this dir + if: ${{ github.repository == 'terraform-aws-modules/terraform-aws-security-group' }} + run: rm -rf modules/_templates - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4a942261..e739b790 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,18 +20,26 @@ jobs: if: github.repository_owner == 'terraform-aws-modules' steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: persist-credentials: false fetch-depth: 0 + - name: Set correct Node.js version + uses: actions/setup-node@v6 + with: + node-version: 24 + + - name: Install dependencies + run: | + npm install \ + @semantic-release/changelog@6.0.3 \ + @semantic-release/git@10.0.1 \ + conventional-changelog-conventionalcommits@9.1.0 + - name: Release - uses: cycjimmy/semantic-release-action@v4 + uses: cycjimmy/semantic-release-action@v5 with: - semantic_version: 23.0.2 - extra_plugins: | - @semantic-release/changelog@6.0.3 - @semantic-release/git@10.0.1 - conventional-changelog-conventionalcommits@7.0.2 + semantic_version: 25.0.0 env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml index 6ccd0ed8..3e826dcf 100644 --- a/.github/workflows/stale-actions.yaml +++ b/.github/workflows/stale-actions.yaml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v9 + - uses: actions/stale@v10 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Staling issues and PR's diff --git a/.gitignore b/.gitignore index d5763d01..fd39819e 100644 --- a/.gitignore +++ b/.gitignore @@ -7,7 +7,6 @@ # .tfstate files *.tfstate *.tfstate.* -*.tfplan # Crash log files crash.log @@ -29,9 +28,12 @@ override.tf.json .terraformrc terraform.rc -# Lambda directories +# Lambda build artifacts builds/ __pycache__/ - -# Test directories +*.zip .tox + +# Local editors/macos files +.DS_Store +.idea diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7b4e83b2..991a8bbf 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.99.4 + rev: v1.103.0 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each @@ -24,7 +24,7 @@ repos: - "--args=--only=terraform_workspace_remote" - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v5.0.0 + rev: v6.0.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 00000000..f417c0ad --- /dev/null +++ b/examples/README.md @@ -0,0 +1,8 @@ +# Examples + +Please note - the examples provided serve two primary means: + +1. Show users working examples of the various ways in which the module can be configured and features supported +2. A means of testing/validating module changes + +Please do not mistake the examples provided as "best practices". It is up to users to consult the AWS service documentation for best practices, usage recommendations, etc. From 335289d708271c8db1c44e57f56cd7056a231642 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 21 Oct 2025 08:50:32 +0000 Subject: [PATCH 383/385] chore(release): version 8.1.1 [skip ci] ## [8.1.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.1.0...v8.1.1) (2025-10-21) ### Bug Fixes * Update CI workflow versions to latest ([#713](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/713)) ([feb4561](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/feb456187b3727b6b94562cc39d3cbce509b3d03)) --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c9c3eeb..1d11144a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to this project will be documented in this file. +## [8.1.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.1.0...v8.1.1) (2025-10-21) + +### Bug Fixes + +* Update CI workflow versions to latest ([#713](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/713)) ([feb4561](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/feb456187b3727b6b94562cc39d3cbce509b3d03)) + ## [8.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.0.1...v8.1.0) (2025-08-22) From bae03859f4b7a389c20e52dcbd5c83d58f1916a8 Mon Sep 17 00:00:00 2001 From: Ryan Ragnell <45602420+ruhrohraggy@users.noreply.github.com> Date: Wed, 22 Oct 2025 14:33:31 -0500 Subject: [PATCH 384/385] fix: Make quiet_archive_local_exec properly suppress Poetry/pip/npm output (#709) Co-authored-by: Ryan Ragnell Co-authored-by: Anton Babenko <393243+antonbabenko@users.noreply.github.com> --- examples/build-package/README.md | 8 +++++ examples/build-package/main.tf | 18 +++++++++++ package.py | 53 +++++++++++++++++++++++++------- package.tf | 1 + 4 files changed, 69 insertions(+), 11 deletions(-) diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 7c354473..1b8701cd 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -2,6 +2,13 @@ Configuration in this directory creates deployment packages in a variety of combinations. +This example demonstrates various packaging scenarios including: +- Python packages with pip requirements +- Poetry-based Python packages +- Node.js packages with npm +- Docker-based builds +- Quiet packaging - suppressing Poetry/pip/npm output during builds using `quiet_archive_local_exec = true` + Look into [Runtimes Examples](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/runtimes) for more ways to build and deploy AWS Lambda Functions using supported runtimes (Rust, Go, Java). ## Usage @@ -44,6 +51,7 @@ Note that this example may create resources which cost money. Run `terraform des | [package\_dir\_pip\_dir](#module\_package\_dir\_pip\_dir) | ../../ | n/a | | [package\_dir\_poetry](#module\_package\_dir\_poetry) | ../../ | n/a | | [package\_dir\_poetry\_no\_docker](#module\_package\_dir\_poetry\_no\_docker) | ../../ | n/a | +| [package\_dir\_poetry\_quiet](#module\_package\_dir\_poetry\_quiet) | ../../ | n/a | | [package\_dir\_with\_npm\_install](#module\_package\_dir\_with\_npm\_install) | ../../ | n/a | | [package\_dir\_with\_npm\_install\_lock\_file](#module\_package\_dir\_with\_npm\_install\_lock\_file) | ../../ | n/a | | [package\_dir\_without\_npm\_install](#module\_package\_dir\_without\_npm\_install) | ../../ | n/a | diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 48f7bc8c..ec843b68 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -119,6 +119,24 @@ module "package_dir_poetry_no_docker" { artifacts_dir = "${path.root}/builds/package_dir_poetry/" } +# Create zip-archive with Poetry dependencies and demonstrate quiet packaging output +module "package_dir_poetry_quiet" { + source = "../../" + + create_function = false + + runtime = "python3.12" + + source_path = [ + { + path = "${path.module}/../fixtures/python-app-poetry" + poetry_install = true + } + ] + artifacts_dir = "${path.root}/builds/package_dir_poetry_quiet/" + quiet_archive_local_exec = true # Suppress Poetry/pip output during packaging +} + # Create zip-archive of a single directory without running "pip install" (which is default for python runtime) module "package_dir_without_pip_install" { source = "../../" diff --git a/package.py b/package.py index 74af6e7c..3261a282 100644 --- a/package.py +++ b/package.py @@ -293,9 +293,11 @@ def __init__( compress_type=zipfile.ZIP_DEFLATED, compresslevel=None, timestamp=None, + quiet=False, ): self.timestamp = timestamp self.filename = zip_filename + self.quiet = quiet if not (self.filename and isinstance(self.filename, str)): raise ValueError("Zip file path must be provided") @@ -312,7 +314,8 @@ def open(self): raise zipfile.BadZipFile("ZipStream object can't be reused") self._ensure_base_path(self.filename) self._tmp_filename = "{}.tmp".format(self.filename) - self._log.info("creating '%s' archive", self.filename) + if not self.quiet: + self._log.info("creating '%s' archive", self.filename) self._zip = zipfile.ZipFile(self._tmp_filename, "w", self._compress_type) return self @@ -356,7 +359,8 @@ def write_dirs(self, *base_dirs, prefix=None, timestamp=None): """ self._ensure_open() for base_dir in base_dirs: - self._log.info("adding content of directory: %s", base_dir) + if not self.quiet: + self._log.info("adding content of directory: %s", base_dir) for path in emit_dir_content(base_dir): arcname = os.path.relpath(path, base_dir) self._write_file(path, prefix, arcname, timestamp) @@ -382,10 +386,11 @@ def _write_file(self, file_path, prefix=None, name=None, timestamp=None): if prefix: arcname = os.path.join(prefix, arcname) zinfo = self._make_zinfo_from_file(file_path, arcname) - if zinfo.is_dir(): - self._log.info("adding: %s/", arcname) - else: - self._log.info("adding: %s", arcname) + if not self.quiet: + if zinfo.is_dir(): + self._log.info("adding: %s/", arcname) + else: + self._log.info("adding: %s", arcname) if timestamp is None: timestamp = self.timestamp date_time = self._timestamp_to_date_time(timestamp) @@ -1170,7 +1175,15 @@ def install_pip_requirements(query, requirements_file, tmp_dir): cmd_log.info(shlex_join(pip_command)) log_handler and log_handler.flush() try: - check_call(pip_command, env=subproc_env) + if query.quiet: + check_call( + pip_command, + env=subproc_env, + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL, + ) + else: + check_call(pip_command, env=subproc_env) except FileNotFoundError as e: raise RuntimeError( "Python interpreter version equal " @@ -1346,7 +1359,15 @@ def copy_file_to_target(file, temp_dir): cmd_log.info(poetry_commands) log_handler and log_handler.flush() for poetry_command in poetry_commands: - check_call(poetry_command, env=subproc_env) + if query.quiet: + check_call( + poetry_command, + env=subproc_env, + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL, + ) + else: + check_call(poetry_command, env=subproc_env) os.remove(pyproject_target_file) if poetry_lock_target_file: @@ -1443,7 +1464,15 @@ def install_npm_requirements(query, requirements_file, tmp_dir): cmd_log.info(shlex_join(npm_command)) log_handler and log_handler.flush() try: - check_call(npm_command, env=subproc_env) + if query.quiet: + check_call( + npm_command, + env=subproc_env, + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL, + ) + else: + check_call(npm_command, env=subproc_env) except FileNotFoundError as e: raise RuntimeError( "Nodejs interpreter version equal " @@ -1719,6 +1748,7 @@ def prepare_command(args): "runtime": runtime, "artifacts_dir": artifacts_dir, "build_plan": build_plan, + "quiet": query.quiet, } if docker: build_data["docker"] = docker @@ -1778,12 +1808,13 @@ def build_command(args): # Zip up the build plan and write it to the target filename. # This will be used by the Lambda function as the source code package. - with ZipWriteStream(filename) as zs: + with ZipWriteStream(filename, quiet=getattr(query, "quiet", False)) as zs: bpm = BuildPlanManager(args, log=log) bpm.execute(build_plan, zs, query) os.utime(filename, ns=(timestamp, timestamp)) - log.info("Created: %s", shlex.quote(filename)) + if not getattr(query, "quiet", False): + log.info("Created: %s", shlex.quote(filename)) if log.isEnabledFor(logging.DEBUG): with open(filename, "rb") as f: log.info("Base64sha256: %s", source_code_hash(f.read())) diff --git a/package.tf b/package.tf index 7f761ef9..99078600 100644 --- a/package.tf +++ b/package.tf @@ -40,6 +40,7 @@ data "external" "archive_prepare" { ) recreate_missing_package = var.recreate_missing_package + quiet = var.quiet_archive_local_exec } } From a7db1252f2c2048ab9a61254869eea061eae1318 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 22 Oct 2025 19:34:12 +0000 Subject: [PATCH 385/385] chore(release): version 8.1.2 [skip ci] ## [8.1.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.1.1...v8.1.2) (2025-10-22) ### Bug Fixes * Make quiet_archive_local_exec properly suppress Poetry/pip/npm output ([#709](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/709)) ([bae0385](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/bae03859f4b7a389c20e52dcbd5c83d58f1916a8)) --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1d11144a..7b60d567 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to this project will be documented in this file. +## [8.1.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.1.1...v8.1.2) (2025-10-22) + +### Bug Fixes + +* Make quiet_archive_local_exec properly suppress Poetry/pip/npm output ([#709](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/709)) ([bae0385](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/bae03859f4b7a389c20e52dcbd5c83d58f1916a8)) + ## [8.1.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.1.0...v8.1.1) (2025-10-21) ### Bug Fixes