diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4a86dfff..0e3dc20f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file.
## [Unreleased]
-
+- feat: Add `ignore_source_code_hash` variable to allow the lambda function resource to be managed by terraform but have the function code managed externally
## [v2.9.0] - 2021-08-20
diff --git a/README.md b/README.md
index 1715f143..b657f60f 100644
--- a/README.md
+++ b/README.md
@@ -106,6 +106,32 @@ module "lambda_function_existing_package_local" {
}
```
+### Lambda Function or Lambda Layer with the deployable artifact maintained separately from the infrastructure
+
+If you want to manage function code and infrastructure resources (such as IAM permissions, policies, events, etc) in separate flows (e.g., different repositories, teams, CI/CD pipelines).
+
+Disable source code tracking to turn off deployments (and rollbacks) using the module by setting `ignore_source_code_hash = true` and deploy a _dummy function_.
+
+When the infrastructure and the dummy function is deployed, you can use external tool to update the source code of the function (eg, using [AWS CLI](https://docs.aws.amazon.com/cli/latest/reference/lambda/update-function-code.html)) and keep using this module via Terraform to manage the infrastructure.
+
+Be aware that changes in `local_existing_package` value may trigger deployment via Terraform.
+
+```hcl
+module "lambda_function_externally_managed_package" {
+ source = "terraform-aws-modules/lambda/aws"
+
+ function_name = "my-lambda-externally-managed-package"
+ description = "My lambda function code is deployed separately"
+ handler = "index.lambda_handler"
+ runtime = "python3.8"
+
+ create_package = false
+ local_existing_package = "./lambda_functions/code.zip"
+
+ ignore_source_code_hash = true
+}
+```
+
### Lambda Function with existing package (prebuilt) stored in S3 bucket
Note that this module does not copy prebuilt packages into S3 bucket. This module can only store packages it builds locally and in S3 bucket.
@@ -664,6 +690,7 @@ No modules.
| [function\_name](#input\_function\_name) | A unique name for your Lambda Function | `string` | `""` | no |
| [handler](#input\_handler) | Lambda Function entrypoint in your code | `string` | `""` | no |
| [hash\_extra](#input\_hash\_extra) | The string to add into hashing function. Useful when building same source path for different functions. | `string` | `""` | no |
+| [ignore\_source\_code\_hash](#input\_ignore\_source\_code\_hash) | Whether to ignore changes to the function's source code hash. Set to true if you manage infrastructure and code deployments separately. | `bool` | `false` | no |
| [image\_config\_command](#input\_image\_config\_command) | The CMD for the docker image | `list(string)` | `[]` | no |
| [image\_config\_entry\_point](#input\_image\_config\_entry\_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no |
| [image\_config\_working\_directory](#input\_image\_config\_working\_directory) | The working directory for the docker image | `string` | `null` | no |
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 5cbdce79..94d81913 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -40,8 +40,10 @@ Note that this example may create resources which cost money. Run `terraform des
| [lambda\_function](#module\_lambda\_function) | ../../ | |
| [lambda\_function\_existing\_package\_local](#module\_lambda\_function\_existing\_package\_local) | ../../ | |
| [lambda\_function\_for\_each](#module\_lambda\_function\_for\_each) | ../../ | |
+| [lambda\_function\_with\_package\_deploying\_externally](#module\_lambda\_function\_with\_package\_deploying\_externally) | ../../ | |
| [lambda\_layer\_local](#module\_lambda\_layer\_local) | ../../ | |
| [lambda\_layer\_s3](#module\_lambda\_layer\_s3) | ../../ | |
+| [lambda\_layer\_with\_package\_deploying\_externally](#module\_lambda\_layer\_with\_package\_deploying\_externally) | ../../ | |
| [lambda\_with\_mixed\_trusted\_entities](#module\_lambda\_with\_mixed\_trusted\_entities) | ../../ | |
| [lambda\_with\_provisioned\_concurrency](#module\_lambda\_with\_provisioned\_concurrency) | ../../ | |
| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 7a189597..348aab8c 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -167,6 +167,26 @@ module "lambda_layer_local" {
source_path = "${path.module}/../fixtures/python3.8-app1"
}
+####################################################
+# Lambda Layer with package deploying externally
+# (e.g., using separate CI/CD pipeline)
+####################################################
+
+module "lambda_layer_with_package_deploying_externally" {
+ source = "../../"
+
+ create_layer = true
+
+ layer_name = "${random_pet.this.id}-layer-local"
+ description = "My amazing lambda layer (deployed from local)"
+ compatible_runtimes = ["python3.8"]
+
+ create_package = false
+ local_existing_package = "../fixtures/python3.8-zip/existing_package.zip"
+
+ ignore_source_code_hash = true
+}
+
###############################
# Lambda Layer (storing on S3)
###############################
@@ -277,6 +297,24 @@ module "lambda_function_for_each" {
local_existing_package = "${path.module}/../fixtures/python3.8-zip/existing_package.zip"
}
+####################################################
+# Lambda Function with package deploying externally
+# (e.g., using separate CI/CD pipeline)
+####################################################
+
+module "lambda_function_with_package_deploying_externally" {
+ source = "../../"
+
+ function_name = "${random_pet.this.id}-lambda-with-package-deploying-externally"
+ handler = "index.lambda_handler"
+ runtime = "python3.8"
+
+ create_package = false
+ local_existing_package = "../fixtures/python3.8-zip/existing_package.zip"
+
+ ignore_source_code_hash = true
+}
+
###########
# Disabled
###########
diff --git a/main.tf b/main.tf
index a400077f..5608b816 100644
--- a/main.tf
+++ b/main.tf
@@ -29,7 +29,7 @@ resource "aws_lambda_function" "this" {
package_type = var.package_type
filename = local.filename
- source_code_hash = (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null
+ source_code_hash = var.ignore_source_code_hash ? null : (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null
s3_bucket = local.s3_bucket
s3_key = local.s3_key
@@ -100,7 +100,7 @@ resource "aws_lambda_layer_version" "this" {
compatible_runtimes = length(var.compatible_runtimes) > 0 ? var.compatible_runtimes : [var.runtime]
filename = local.filename
- source_code_hash = (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null
+ source_code_hash = var.ignore_source_code_hash ? null : (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null
s3_bucket = local.s3_bucket
s3_key = local.s3_key
diff --git a/variables.tf b/variables.tf
index 6a683ed0..56af85ca 100644
--- a/variables.tf
+++ b/variables.tf
@@ -493,6 +493,12 @@ variable "artifacts_dir" {
default = "builds"
}
+variable "ignore_source_code_hash" {
+ description = "Whether to ignore changes to the function's source code hash. Set to true if you manage infrastructure and code deployments separately."
+ type = bool
+ default = false
+}
+
variable "local_existing_package" {
description = "The absolute path to an existing zip-file to use"
type = string