issue-658

terraform-aws-modules · Fran-Rg · Jan 28, 2025 · Jan 28, 2025 · Jan 28, 2025 · Jan 28, 2025
commit dbbb566e7c97b3680acb9b14d9d59daae2959020
diff --git a/README.md b/README.md
@@ -784,7 +784,7 @@ No modules.
 | <a name="input_docker_image"></a> [docker\_image](#input\_docker\_image) | Docker image to use for the build | `string` | `""` | no |
 | <a name="input_docker_pip_cache"></a> [docker\_pip\_cache](#input\_docker\_pip\_cache) | Whether to mount a shared pip cache folder into docker environment or not | `any` | `null` | no |
 | <a name="input_docker_with_ssh_agent"></a> [docker\_with\_ssh\_agent](#input\_docker\_with\_ssh\_agent) | Whether to pass SSH\_AUTH\_SOCK into docker environment or not | `bool` | `false` | no |
-| <a name="input_enable_code_signing"></a> [enable\_code\_signing](#input\_enable\_code\_signing) | Must be used with a lambda storing code on s3. Set this to true for triggering a signing job creating a signed copy of the lambda zip. https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html | `bool` | `false` | no |
+| <a name="input_enable_code_signing"></a> [enable\_code\_signing](#input\_enable\_code\_signing) | Must be used with a lambda storing code on s3. Set this to true for triggering a signing job creating a signed copy of the lambda zip | `bool` | `false` | no |
 | <a name="input_environment_variables"></a> [environment\_variables](#input\_environment\_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no |
 | <a name="input_ephemeral_storage_size"></a> [ephemeral\_storage\_size](#input\_ephemeral\_storage\_size) | Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | `number` | `512` | no |
 | <a name="input_event_source_mapping"></a> [event\_source\_mapping](#input\_event\_source\_mapping) | Map of event source mapping | `any` | `{}` | no |
@@ -806,7 +806,7 @@ No modules.
 | <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no |
 | <a name="input_lambda_at_edge"></a> [lambda\_at\_edge](#input\_lambda\_at\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no |
 | <a name="input_lambda_at_edge_logs_all_regions"></a> [lambda\_at\_edge\_logs\_all\_regions](#input\_lambda\_at\_edge\_logs\_all\_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no |
-| <a name="input_lambda_code_signing_profile_name"></a> [lambda\_code\_signing\_profile\_name](#input\_lambda\_code\_signing\_profile\_name) | Lambda code signing profile name https://console.aws.amazon.com/lambda/home#/code-signing-configurations | `string` | `null` | no |
+| <a name="input_lambda_code_signing_profile_name"></a> [lambda\_code\_signing\_profile\_name](#input\_lambda\_code\_signing\_profile\_name) | Lambda code signing profile name | `string` | `null` | no |
 | <a name="input_lambda_role"></a> [lambda\_role](#input\_lambda\_role) | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no |
 | <a name="input_layer_name"></a> [layer\_name](#input\_layer\_name) | Name of Lambda Layer to create | `string` | `""` | no |
 | <a name="input_layer_skip_destroy"></a> [layer\_skip\_destroy](#input\_layer\_skip\_destroy) | Whether to retain the old version of a previously deployed Lambda Layer. | `bool` | `false` | no |

diff --git a/examples/code-signing/main.tf b/examples/code-signing/main.tf
@@ -20,30 +20,23 @@ module "lambda" {
   function_name                    = random_pet.this.id
   handler                          = "index.lambda_handler"
   runtime                          = "python3.12"
-  create_package                   = false
+  create_package                   = true
   enable_code_signing              = true
   code_signing_config_arn          = aws_lambda_code_signing_config.this.arn
   lambda_code_signing_profile_name = local.lambda_code_signing_profile_name
   s3_signing_prefix                = "signed/"
 
-  store_on_s3 = true
-  s3_existing_package = {
-    bucket     = module.s3_bucket.s3_bucket_id
-    key        = aws_s3_object.unsigned.key
-    version_id = aws_s3_object.unsigned.version_id
-  }
-
-}
+  source_path = "${path.module}/../fixtures/python-app1"
 
-resource "aws_s3_object" "unsigned" {
-  bucket = module.s3_bucket.s3_bucket_id
-  key    = "unsigned/existing_package.zip"
-  source = "${path.module}/../fixtures/python-zip/existing_package.zip"
+  store_on_s3 = true
+  s3_bucket   = module.s3_bucket.s3_bucket_id
+  s3_prefix   = "lambda-builds/"
 
-  # Making sure that S3 versioning configuration is propagated properly
-  depends_on = [
-    module.s3_bucket
-  ]
+  s3_object_override_default_tags = true
+  s3_object_tags = {
+    S3ObjectName = "lambda1"
+    Override     = "true"
+  }
 }
 
 # ################################################################################

diff --git a/variables.tf b/variables.tf
@@ -853,13 +853,13 @@ variable "recursive_loop" {
 ###############
 
 variable "enable_code_signing" {
-  description = "Must be used with a lambda storing code on s3. Set this to true for triggering a signing job creating a signed copy of the lambda zip. https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html"
+  description = "Must be used with a lambda storing code on s3. Set this to true for triggering a signing job creating a signed copy of the lambda zip"
   type        = bool
   default     = false
 }
 
 variable "lambda_code_signing_profile_name" {
-  description = "Lambda code signing profile name https://console.aws.amazon.com/lambda/home#/code-signing-configurations"
+  description = "Lambda code signing profile name"
   type        = string
   default     = null
 }