diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 3973df44..6419f3aa 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5.4.0 + - uses: amannn/action-semantic-pull-request@v6.1.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index c2632d1a..057b9c42 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,8 +7,8 @@ on: - master env: - TERRAFORM_DOCS_VERSION: v0.16.0 - TFLINT_VERSION: v0.50.3 + TERRAFORM_DOCS_VERSION: v0.20.0 + TFLINT_VERSION: v0.59.1 jobs: collectInputs: @@ -18,11 +18,11 @@ jobs: directories: ${{ steps.dirs.outputs.directories }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.9.0 + uses: clowdhaus/terraform-composite-actions/directories@v1.14.0 preCommitMinVersions: name: Min TF pre-commit @@ -32,27 +32,49 @@ jobs: matrix: directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} steps: + - name: Install rmz + uses: jaxxstorm/action-install-gh-release@v2.1.0 + with: + repo: SUPERCILEX/fuc + asset-name: x86_64-unknown-linux-gnu-rmz + rename-to: rmz + chmod: 0755 + extension-matching: disable + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 - - name: Delete huge unnecessary tools folder + - name: Delete unnecessary files run: | - rm -rf /opt/hostedtoolcache/CodeQL - rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk - rm -rf /opt/hostedtoolcache/Ruby - rm -rf /opt/hostedtoolcache/go + formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); } + getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); } + + BEFORE=$(getAvailableSpace) + + ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz + rmz -f /opt/hostedtoolcache/CodeQL & + rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & + rmz -f /opt/hostedtoolcache/PyPy & + rmz -f /opt/hostedtoolcache/Ruby & + rmz -f /opt/hostedtoolcache/go & + + wait + + AFTER=$(getAvailableSpace) + SAVED=$((AFTER-BEFORE)) + echo "=> Saved $(formatByteCount $SAVED)" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.0 + uses: clowdhaus/terraform-min-max@v2.1.0 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -61,7 +83,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -72,26 +94,73 @@ jobs: runs-on: ubuntu-latest needs: collectInputs steps: + - name: Install rmz + uses: jaxxstorm/action-install-gh-release@v2.1.0 + with: + repo: SUPERCILEX/fuc + asset-name: x86_64-unknown-linux-gnu-rmz + rename-to: rmz + chmod: 0755 + extension-matching: disable + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 - - name: Delete huge unnecessary tools folder + - name: Delete unnecessary files run: | - rm -rf /opt/hostedtoolcache/CodeQL - rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk - rm -rf /opt/hostedtoolcache/Ruby - rm -rf /opt/hostedtoolcache/go + formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); } + getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); } + + BEFORE=$(getAvailableSpace) + + ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz + rmz -f /opt/hostedtoolcache/CodeQL & + rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & + rmz -f /opt/hostedtoolcache/PyPy & + rmz -f /opt/hostedtoolcache/Ruby & + rmz -f /opt/hostedtoolcache/go & + sudo rmz -f /usr/local/lib/android & + + if [[ ${{ github.repository }} == terraform-aws-modules/terraform-aws-security-group ]]; then + sudo rmz -f /usr/share/dotnet & + sudo rmz -f /usr/local/.ghcup & + sudo apt-get -qq remove -y 'azure-.*' + sudo apt-get -qq remove -y 'cpp-.*' + sudo apt-get -qq remove -y 'dotnet-runtime-.*' + sudo apt-get -qq remove -y 'google-.*' + sudo apt-get -qq remove -y 'libclang-.*' + sudo apt-get -qq remove -y 'libllvm.*' + sudo apt-get -qq remove -y 'llvm-.*' + sudo apt-get -qq remove -y 'mysql-.*' + sudo apt-get -qq remove -y 'postgresql-.*' + sudo apt-get -qq remove -y 'php.*' + sudo apt-get -qq remove -y 'temurin-.*' + sudo apt-get -qq remove -y kubectl firefox mono-devel + sudo apt-get -qq autoremove -y + sudo apt-get -qq clean + fi + + wait + + AFTER=$(getAvailableSpace) + SAVED=$((AFTER-BEFORE)) + echo "=> Saved $(formatByteCount $SAVED)" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.0 + uses: clowdhaus/terraform-min-max@v2.1.0 + + - name: Hide template dir + # Special to this repo, we don't want to check this dir + if: ${{ github.repository == 'terraform-aws-modules/terraform-aws-security-group' }} + run: rm -rf modules/_templates - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4a942261..e739b790 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,18 +20,26 @@ jobs: if: github.repository_owner == 'terraform-aws-modules' steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: persist-credentials: false fetch-depth: 0 + - name: Set correct Node.js version + uses: actions/setup-node@v6 + with: + node-version: 24 + + - name: Install dependencies + run: | + npm install \ + @semantic-release/changelog@6.0.3 \ + @semantic-release/git@10.0.1 \ + conventional-changelog-conventionalcommits@9.1.0 + - name: Release - uses: cycjimmy/semantic-release-action@v4 + uses: cycjimmy/semantic-release-action@v5 with: - semantic_version: 23.0.2 - extra_plugins: | - @semantic-release/changelog@6.0.3 - @semantic-release/git@10.0.1 - conventional-changelog-conventionalcommits@7.0.2 + semantic_version: 25.0.0 env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml index 6ccd0ed8..3e826dcf 100644 --- a/.github/workflows/stale-actions.yaml +++ b/.github/workflows/stale-actions.yaml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v9 + - uses: actions/stale@v10 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Staling issues and PR's diff --git a/.gitignore b/.gitignore index d5763d01..fd39819e 100644 --- a/.gitignore +++ b/.gitignore @@ -7,7 +7,6 @@ # .tfstate files *.tfstate *.tfstate.* -*.tfplan # Crash log files crash.log @@ -29,9 +28,12 @@ override.tf.json .terraformrc terraform.rc -# Lambda directories +# Lambda build artifacts builds/ __pycache__/ - -# Test directories +*.zip .tox + +# Local editors/macos files +.DS_Store +.idea diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 1e10e593..991a8bbf 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.88.4 + rev: v1.103.0 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each @@ -24,8 +24,10 @@ repos: - "--args=--only=terraform_workspace_remote" - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 + rev: v6.0.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer - id: trailing-whitespace + - id: mixed-line-ending + args: [--fix=lf] diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ba3465d..7b60d567 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,244 @@ All notable changes to this project will be documented in this file. +## [8.1.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.1.1...v8.1.2) (2025-10-22) + +### Bug Fixes + +* Make quiet_archive_local_exec properly suppress Poetry/pip/npm output ([#709](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/709)) ([bae0385](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/bae03859f4b7a389c20e52dcbd5c83d58f1916a8)) + +## [8.1.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.1.0...v8.1.1) (2025-10-21) + +### Bug Fixes + +* Update CI workflow versions to latest ([#713](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/713)) ([feb4561](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/feb456187b3727b6b94562cc39d3cbce509b3d03)) + +## [8.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.0.1...v8.1.0) (2025-08-22) + + +### Features + +* Respect the package-lock.json for a NodeJS Lambda function ([#681](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/681)) ([5e4391c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/5e4391c55605d11ac98655a2fd2d6a8f2583d3b6)) + +## [8.0.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.0.0...v8.0.1) (2025-06-25) + + +### Bug Fixes + +* Lower minimum Terraform version to 1.5.7 ([#688](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/688)) ([ab60651](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/ab606514be095d7ad55ebd920069cb090fa39cd5)) + +## [8.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.21.1...v8.0.0) (2025-06-25) + + +### ⚠ BREAKING CHANGES + +* Upgrade AWS provider and min required Terraform version to 6.0 and 1.10 respectively (#687) + +### Features + +* Upgrade AWS provider and min required Terraform version to 6.0 and 1.10 respectively ([#687](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/687)) ([367e9a2](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/367e9a2c5c7e6a4335fcc7c13c14e54f8e347f9c)) + +## [7.21.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.21.0...v7.21.1) (2025-06-19) + + +### Bug Fixes + +* Add .NET 8 runtime example ([#685](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/685)) ([d5c657c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/d5c657c96234b1ee352af418243690c297f3f3b2)) + +## [7.21.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.3...v7.21.0) (2025-05-16) + + +### Features + +* Add buildx and multi-stage build support to docker-build module ([#679](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/679)) ([29893ab](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/29893ab17086b6ec45955f1f5d2f1be4f7cf2285)) + +## [7.20.3](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.2...v7.20.3) (2025-05-16) + + +### Bug Fixes + +* Do not expose output from build command in Docker ([#677](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/677)) ([75ee97d](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/75ee97d184231a45bdb8d8398ecccb6f2558d0a5)) + +## [7.20.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.1...v7.20.2) (2025-04-09) + + +### Bug Fixes + +* Add aws_partition to support usage of this module in aws-cn and gov ([64433c0](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/64433c096e690b767a8b106b67383edfe8263ba7)) + +## [7.20.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.0...v7.20.1) (2025-01-26) + + +### Bug Fixes + +* Make default tag `terraform-aws-modules` optional ([#657](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/657)) ([685af53](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/685af5370e580a89cee68aeae06bb40dc3257892)) + +## [7.20.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.19.0...v7.20.0) (2025-01-08) + + +### Features + +* Use inline instead of managed policies ([#615](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/615)) ([394d337](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/394d337450d88aa877ec560cd49080bb8b9a45ba)) + +## [7.19.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.18.0...v7.19.0) (2025-01-08) + + +### Features + +* Add `cache_from` option in the docker-build module ([#641](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/641)) ([55cdaa6](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/55cdaa68a63413f4ae5724c8b3a09a6b10d72f12)) + +## [7.18.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.17.1...v7.18.0) (2025-01-08) + + +### Features + +* Allow temp dir for poetry docker builds ([#638](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/638)) ([65ffea2](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/65ffea2cfd99a27b6be3fc3e48482cf0fb821f2f)) + +## [7.17.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.17.0...v7.17.1) (2025-01-07) + + +### Bug Fixes + +* Rename npm_package_json to npm_requirements ([#621](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/621)) ([4bc61eb](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/4bc61eb58005e149dc1ca87ba79f42b0cba944fd)) + +## [7.17.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.16.0...v7.17.0) (2024-12-08) + + +### Features + +* Support Event Source Mapping `metrics_config`, `provisioned_poller_config`, and Lambda Recursion Loop ([#649](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/649)) ([002d7ec](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/002d7ec3c9bc3e7a44fac536c3443ba640ff9828)) + +## [7.16.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.15.0...v7.16.0) (2024-11-26) + + +### Features + +* Radically redesign the build plan form ([#646](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/646)) ([32d8d06](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/32d8d060a660b0ec5702403da1b970118f62a314)) + +## [7.15.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.14.1...v7.15.0) (2024-11-18) + + +### Features + +* Make `source_path` blocks independent ([#640](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/640)) ([0fdac2e](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/0fdac2ec54fdcd5fd34787f348803000c1e21eb6)) + +## [7.14.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.14.0...v7.14.1) (2024-11-17) + + +### Bug Fixes + +* Skip broken symlinks on hash computing ([#639](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/639)) ([c28b940](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/c28b940c8b8a8ea8b423728e05883942f5eaf661)) + +## [7.14.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.13.0...v7.14.0) (2024-10-11) + + +### Features + +* Support lambda function `vpc_config.ipv6_allowed_for_dual_stack` and event source mapping `tags` ([#628](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/628)) ([2a602f9](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2a602f9a4f76d11005d1dba56d9c966a87553f4e)) + + +### Bug Fixes + +* Update CI workflow versions to latest ([#631](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/631)) ([d06718f](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/d06718f605294f59a42ae6e3db70bfd7b9fa35f3)) + +## [7.13.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.12.0...v7.13.0) (2024-10-05) + + +### Features + +* Support `aws_lambda_event_source_mapping.document_db_event_source_config` ([#626](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/626)) ([5d48199](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/5d481996ed6ef5ce784847b7e5bae1bae1ee8bfd)) + +## [7.12.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.11.0...v7.12.0) (2024-10-05) + + +### Features + +* Add support for kafka event source config ([#617](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/617)) ([2c077cb](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2c077cb1450af76cf44b56bfeba796ee9d9d9a00)) + +## [7.11.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.10.0...v7.11.0) (2024-10-01) + + +### Features + +* Add function_url_auth_type option to aws_lambda_permission ([#625](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/625)) ([9f13397](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/9f13397f20467e660eba0ae5fcf98c66c75187ba)) + +## [7.10.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.9.0...v7.10.0) (2024-09-29) + + +### Features + +* Add `tumbling_window_in_seconds` ([#623](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/623)) ([eedacff](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/eedacffef287cb02f776da4950e8345d9ec0200f)) + +## [7.9.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.8.1...v7.9.0) (2024-09-10) + + +### Features + +* Added more examples for Rust, Go, Java runtimes ([#612](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/612)) ([a6fe411](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/a6fe4115ac96592ecbda27f72d42536da6518add)) + +## [7.8.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.8.0...v7.8.1) (2024-08-23) + + +### Bug Fixes + +* Fix package.py commands after :zip not being executed ([#606](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/606)) ([801e69c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/801e69c08b74217e7f1319b128d5efd264162aaf)) + +## [7.8.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.7.1...v7.8.0) (2024-08-23) + + +### Features + +* Added the skip_destroy argument for functions ([#600](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/600)) ([36c6109](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/36c61093dbb6114f9880d40b225e7f00f83493f9)) + +## [7.7.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.7.0...v7.7.1) (2024-07-25) + + +### Bug Fixes + +* Always use absolute path to temp folders ([#599](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/599)) ([a058372](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/a058372431c552a0cb740a76beffe77285edeb91)) + +## [7.7.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.6.0...v7.7.0) (2024-06-18) + + +### Features + +* Added support for alias to have multiple filter criteria same as function ([#585](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/585)) ([6549ca1](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/6549ca1301c74880e41440aa314e732739283e8a)) + +## [7.6.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.5.0...v7.6.0) (2024-06-12) + + +### Features + +* Support passing extra args to poetry export ([#584](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/584)) ([3aa288f](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/3aa288fee324e64a8db409e5a32abaeebe38e6c2)) + +## [7.5.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.4.0...v7.5.0) (2024-06-07) + + +### Features + +* Renamed python3.8-11 to python3.12 in examples, added tag to resources ([#583](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/583)) ([02ab668](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/02ab668458c87792861a54f54fd1b00e97afcc68)) + +## [7.4.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.3.0...v7.4.0) (2024-05-03) + + +### Features + +* Added support for CW log_group_class and skip_destroy ([#565](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/565)) ([7256f7c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/7256f7c226adf294bb6280f1fc4326d015e78d83)) + +## [7.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.6...v7.3.0) (2024-05-03) + + +### Features + +* Added create before destroy on aws_lambda_permission ([#561](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/561)) ([e9c4676](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/e9c467688de057a454646d5f947f3d4527f78a19)) + +## [7.2.6](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.5...v7.2.6) (2024-04-12) + + +### Bug Fixes + +* Zip source directory should read from sh_work_dir ([#560](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/560)) ([f786681](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/f7866811bc1429ce224bf6a35448cb44aa5155e7)) + ## [7.2.5](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.4...v7.2.5) (2024-03-29) diff --git a/README.md b/README.md index 90640480..3d045ce0 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ This Terraform module is the part of [serverless.tf framework](https://github.co ## Features - Build dependencies for your Lambda Function and Layer. -- Support builds locally and in Docker (with or without SSH agent support for private builds). +- Support builds locally and in Docker (with or without SSH agent support for private builds) for any runtime and architecture supported by AWS Lambda. - Create deployment package or deploy existing (previously built package) from local, from S3, from URL, or from AWS ECR repository. - Store deployment packages locally or in the S3 bucket. - Support almost all features of Lambda resources (function, layer, alias, etc.) @@ -37,7 +37,7 @@ module "lambda_function" { function_name = "my-lambda1" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" source_path = "../src/lambda-function1" @@ -56,7 +56,7 @@ module "lambda_function" { function_name = "lambda-with-layer" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" publish = true source_path = "../src/lambda-function1" @@ -84,7 +84,7 @@ module "lambda_layer_s3" { layer_name = "lambda-layer-s3" description = "My amazing lambda layer (deployed from S3)" - compatible_runtimes = ["python3.8"] + compatible_runtimes = ["python3.12"] source_path = "../src/lambda-layer" @@ -102,7 +102,7 @@ module "lambda_function_existing_package_local" { function_name = "my-lambda-existing-package-local" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" create_package = false local_existing_package = "../existing_package.zip" @@ -126,7 +126,7 @@ module "lambda_function_externally_managed_package" { function_name = "my-lambda-externally-managed-package" description = "My lambda function code is deployed separately" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" create_package = false local_existing_package = "./lambda_functions/code.zip" @@ -161,7 +161,7 @@ module "lambda_function_existing_package_s3" { function_name = "my-lambda-existing-package-local" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" create_package = false s3_existing_package = { @@ -197,9 +197,9 @@ module "lambda_layer_local" { layer_name = "my-layer-local" description = "My amazing lambda layer (deployed from local)" - compatible_runtimes = ["python3.8"] + compatible_runtimes = ["python3.12"] - source_path = "../fixtures/python3.8-app1" + source_path = "../fixtures/python-app1" } module "lambda_layer_s3" { @@ -209,9 +209,9 @@ module "lambda_layer_s3" { layer_name = "my-layer-s3" description = "My amazing lambda layer (deployed from S3)" - compatible_runtimes = ["python3.8"] + compatible_runtimes = ["python3.12"] - source_path = "../fixtures/python3.8-app1" + source_path = "../fixtures/python-app1" store_on_s3 = true s3_bucket = "my-bucket-id-with-lambda-builds" @@ -231,9 +231,9 @@ module "lambda_at_edge" { function_name = "my-lambda-at-edge" description = "My awesome lambda@edge function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" - source_path = "../fixtures/python3.8-app1" + source_path = "../fixtures/python-app1" tags = { Module = "lambda-at-edge" @@ -250,9 +250,9 @@ module "lambda_function_in_vpc" { function_name = "my-lambda-in-vpc" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" - source_path = "../fixtures/python3.8-app1" + source_path = "../fixtures/python-app1" vpc_subnet_ids = module.vpc.intra_subnets vpc_security_group_ids = [module.vpc.default_security_group_id] @@ -384,7 +384,7 @@ When `source_path` is set to a list of directories the content of each will be t ### Combine various options for extreme flexibility -This is the most complete way of creating a deployment package from multiple sources with multiple dependencies. This example is showing some of the available options (see [examples/build-package](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) for more): +This is the most complete way of creating a deployment package from multiple sources with multiple dependencies. This example is showing some of the available options (see [examples/build-package](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) and [examples/runtimes](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/runtimes) for more): ```hcl source_path = [ @@ -396,12 +396,12 @@ source_path = [ "!.*/.*\\.txt", # Skip all txt files recursively ] }, { - path = "src/python3.8-app1", + path = "src/python-app1", pip_requirements = true, pip_tmp_dir = "/tmp/dir/location" prefix_in_zip = "foo/bar1", }, { - path = "src/python3.8-app2", + path = "src/python-app2", pip_requirements = "requirements-large.txt", patterns = [ "!vendor/colorful-0.5.4.dist-info/RECORD", @@ -414,7 +414,7 @@ source_path = [ npm_tmp_dir = "/tmp/dir/location" prefix_in_zip = "foo/bar1", }, { - path = "src/python3.8-app3", + path = "src/python-app3", commands = [ "npm install", ":zip" @@ -424,7 +424,7 @@ source_path = [ "node_modules/.+", # Include all node_modules ], }, { - path = "src/python3.8-app3", + path = "src/python-app3", commands = ["go build"], patterns = < + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -674,7 +676,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 6.0 | | [external](#provider\_external) | >= 1.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | @@ -688,28 +690,21 @@ No modules. | Name | Type | |------|------| | [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | -| [aws_iam_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | | [aws_iam_role_policy_attachment.additional_many](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_role_policy_attachment.additional_one](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | | [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | | [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | +| [aws_lambda_function_recursion_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_recursion_config) | resource | | [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource | | [aws_lambda_layer_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_layer_version) | resource | | [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | @@ -756,7 +751,9 @@ No modules. | [authorization\_type](#input\_authorization\_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS\_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no | | [build\_in\_docker](#input\_build\_in\_docker) | Whether to build dependencies in Docker | `bool` | `false` | no | | [cloudwatch\_logs\_kms\_key\_id](#input\_cloudwatch\_logs\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | +| [cloudwatch\_logs\_log\_group\_class](#input\_cloudwatch\_logs\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no | | [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | +| [cloudwatch\_logs\_skip\_destroy](#input\_cloudwatch\_logs\_skip\_destroy) | Whether to keep the log group (and any logs it may contain) at destroy time. | `bool` | `false` | no | | [cloudwatch\_logs\_tags](#input\_cloudwatch\_logs\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | | [code\_signing\_config\_arn](#input\_code\_signing\_config\_arn) | Amazon Resource Name (ARN) for a Code Signing Configuration | `string` | `null` | no | | [compatible\_architectures](#input\_compatible\_architectures) | A list of Architectures Lambda layer is compatible with. Currently x86\_64 and arm64 can be specified. | `list(string)` | `null` | no | @@ -800,7 +797,9 @@ No modules. | [image\_config\_entry\_point](#input\_image\_config\_entry\_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | | [image\_config\_working\_directory](#input\_image\_config\_working\_directory) | The working directory for the docker image | `string` | `null` | no | | [image\_uri](#input\_image\_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no | +| [include\_default\_tag](#input\_include\_default\_tag) | Set to false to not include the default tag in the tags map. | `bool` | `true` | no | | [invoke\_mode](#input\_invoke\_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE\_STREAM. | `string` | `null` | no | +| [ipv6\_allowed\_for\_dual\_stack](#input\_ipv6\_allowed\_for\_dual\_stack) | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets | `bool` | `null` | no | | [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | | [lambda\_at\_edge](#input\_lambda\_at\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | | [lambda\_at\_edge\_logs\_all\_regions](#input\_lambda\_at\_edge\_logs\_all\_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no | @@ -825,12 +824,14 @@ No modules. | [policy\_json](#input\_policy\_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | | [policy\_jsons](#input\_policy\_jsons) | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no | | [policy\_name](#input\_policy\_name) | IAM policy name. It override the default value, which is the same as role\_name | `string` | `null` | no | -| [policy\_path](#input\_policy\_path) | Path of policies to that should be added to IAM role for Lambda Function | `string` | `null` | no | | [policy\_statements](#input\_policy\_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | | [provisioned\_concurrent\_executions](#input\_provisioned\_concurrent\_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | | [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | | [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | +| [quiet\_archive\_local\_exec](#input\_quiet\_archive\_local\_exec) | Whether to disable archive local execution output | `bool` | `true` | no | | [recreate\_missing\_package](#input\_recreate\_missing\_package) | Whether to recreate missing Lambda package if it is missing locally or not | `bool` | `true` | no | +| [recursive\_loop](#input\_recursive\_loop) | Lambda function recursion configuration. Valid values are Allow or Terminate. | `string` | `null` | no | +| [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no | | [replace\_security\_groups\_on\_destroy](#input\_replace\_security\_groups\_on\_destroy) | (Optional) When true, all security groups defined in vpc\_security\_group\_ids will be replaced with the default security group after the function is destroyed. Set the replacement\_security\_group\_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no | | [replacement\_security\_group\_ids](#input\_replacement\_security\_group\_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace\_security\_groups\_on\_destroy must be set to true to use this attribute. | `list(string)` | `null` | no | | [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | @@ -852,6 +853,7 @@ No modules. | [s3\_object\_tags\_only](#input\_s3\_object\_tags\_only) | Set to true to not merge tags with s3\_object\_tags. Useful to avoid breaching S3 Object 10 tag limit. | `bool` | `false` | no | | [s3\_prefix](#input\_s3\_prefix) | Directory name where artifacts should be stored in the S3 bucket. If unset, the path from `artifacts_dir` is used | `string` | `null` | no | | [s3\_server\_side\_encryption](#input\_s3\_server\_side\_encryption) | Specifies server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms". | `string` | `null` | no | +| [skip\_destroy](#input\_skip\_destroy) | Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. Useful for Lambda@Edge functions attached to CloudFront distributions. | `bool` | `null` | no | | [snap\_start](#input\_snap\_start) | (Optional) Snap start settings for low-latency startups | `bool` | `false` | no | | [source\_path](#input\_source\_path) | The absolute path to a local file or directory containing your Lambda source code | `any` | `null` | no | | [store\_on\_s3](#input\_store\_on\_s3) | Whether to store produced artifacts on S3 or locally. | `bool` | `false` | no | @@ -871,6 +873,7 @@ No modules. |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | | [lambda\_cloudwatch\_log\_group\_name](#output\_lambda\_cloudwatch\_log\_group\_name) | The name of the Cloudwatch Log Group | +| [lambda\_event\_source\_mapping\_arn](#output\_lambda\_event\_source\_mapping\_arn) | The event source mapping ARN | | [lambda\_event\_source\_mapping\_function\_arn](#output\_lambda\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | | [lambda\_event\_source\_mapping\_state](#output\_lambda\_event\_source\_mapping\_state) | The state of the event source mapping | | [lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | @@ -900,7 +903,7 @@ No modules. | [lambda\_role\_unique\_id](#output\_lambda\_role\_unique\_id) | The unique id of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + ## Development diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 00000000..f417c0ad --- /dev/null +++ b/examples/README.md @@ -0,0 +1,8 @@ +# Examples + +Please note - the examples provided serve two primary means: + +1. Show users working examples of the various ways in which the module can be configured and features supported +2. A means of testing/validating module changes + +Please do not mistake the examples provided as "best practices". It is up to users to consult the AWS service documentation for best practices, usage recommendations, etc. diff --git a/examples/alias/README.md b/examples/alias/README.md index 6326614c..6bcb2530 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -14,20 +14,20 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -83,4 +83,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/alias/main.tf b/examples/alias/main.tf index 1dc58511..5fed7678 100644 --- a/examples/alias/main.tf +++ b/examples/alias/main.tf @@ -25,10 +25,10 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" publish = true - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" hash_extra = "yo" create_async_event_config = true diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index 55278d04..d2f4f3e8 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/async/README.md b/examples/async/README.md index 40c6fbb9..3bca0e68 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -14,20 +14,20 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -72,4 +72,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/async/main.tf b/examples/async/main.tf index 8c234026..ff1b361c 100644 --- a/examples/async/main.tf +++ b/examples/async/main.tf @@ -16,10 +16,10 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda-async" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" architectures = ["arm64"] - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" create_async_event_config = true attach_async_event_policy = true diff --git a/examples/async/versions.tf b/examples/async/versions.tf index 55278d04..d2f4f3e8 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 671fa45c..1b8701cd 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -2,6 +2,15 @@ Configuration in this directory creates deployment packages in a variety of combinations. +This example demonstrates various packaging scenarios including: +- Python packages with pip requirements +- Poetry-based Python packages +- Node.js packages with npm +- Docker-based builds +- Quiet packaging - suppressing Poetry/pip/npm output during builds using `quiet_archive_local_exec = true` + +Look into [Runtimes Examples](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/runtimes) for more ways to build and deploy AWS Lambda Functions using supported runtimes (Rust, Go, Java). + ## Usage To run this example you need to execute: @@ -14,13 +23,13 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers @@ -37,11 +46,14 @@ Note that this example may create resources which cost money. Run `terraform des | [lambda\_layer](#module\_lambda\_layer) | ../../ | n/a | | [lambda\_layer\_pip\_requirements](#module\_lambda\_layer\_pip\_requirements) | ../.. | n/a | | [lambda\_layer\_poetry](#module\_lambda\_layer\_poetry) | ../../ | n/a | +| [npm\_package\_with\_commands\_and\_patterns](#module\_npm\_package\_with\_commands\_and\_patterns) | ../../ | n/a | | [package\_dir](#module\_package\_dir) | ../../ | n/a | | [package\_dir\_pip\_dir](#module\_package\_dir\_pip\_dir) | ../../ | n/a | | [package\_dir\_poetry](#module\_package\_dir\_poetry) | ../../ | n/a | | [package\_dir\_poetry\_no\_docker](#module\_package\_dir\_poetry\_no\_docker) | ../../ | n/a | +| [package\_dir\_poetry\_quiet](#module\_package\_dir\_poetry\_quiet) | ../../ | n/a | | [package\_dir\_with\_npm\_install](#module\_package\_dir\_with\_npm\_install) | ../../ | n/a | +| [package\_dir\_with\_npm\_install\_lock\_file](#module\_package\_dir\_with\_npm\_install\_lock\_file) | ../../ | n/a | | [package\_dir\_without\_npm\_install](#module\_package\_dir\_without\_npm\_install) | ../../ | n/a | | [package\_dir\_without\_pip\_install](#module\_package\_dir\_without\_pip\_install) | ../../ | n/a | | [package\_file](#module\_package\_file) | ../../ | n/a | @@ -50,6 +62,7 @@ Note that this example may create resources which cost money. Run `terraform des | [package\_src\_poetry2](#module\_package\_src\_poetry2) | ../../ | n/a | | [package\_with\_commands\_and\_patterns](#module\_package\_with\_commands\_and\_patterns) | ../../ | n/a | | [package\_with\_docker](#module\_package\_with\_docker) | ../../ | n/a | +| [package\_with\_npm\_lock\_in\_docker](#module\_package\_with\_npm\_lock\_in\_docker) | ../../ | n/a | | [package\_with\_npm\_requirements\_in\_docker](#module\_package\_with\_npm\_requirements\_in\_docker) | ../../ | n/a | | [package\_with\_patterns](#module\_package\_with\_patterns) | ../../ | n/a | | [package\_with\_pip\_requirements\_in\_docker](#module\_package\_with\_pip\_requirements\_in\_docker) | ../../ | n/a | @@ -68,4 +81,4 @@ No inputs. ## Outputs No outputs. - + diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 869d4428..ec843b68 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -22,8 +22,8 @@ module "package_dir" { create_function = false build_in_docker = true - runtime = "python3.8" - source_path = "${path.module}/../fixtures/python3.8-app1" + runtime = "python3.12" + source_path = "${path.module}/../fixtures/python-app1" artifacts_dir = "${path.root}/builds/package_dir/" } @@ -34,11 +34,11 @@ module "package_dir_pip_dir" { create_function = false build_in_docker = true - runtime = "python3.8" + runtime = "python3.12" source_path = [{ - path = "${path.module}/../fixtures/python3.8-app1" + path = "${path.module}/../fixtures/python-app1" pip_tmp_dir = "${path.cwd}/../fixtures" - pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" + pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" }] artifacts_dir = "${path.root}/builds/package_dir_pip_dir/" } @@ -50,13 +50,13 @@ module "package_dir_poetry" { create_function = false build_in_docker = true - runtime = "python3.9" - docker_image = "build-python3.9-poetry" - docker_file = "${path.module}/../fixtures/python3.9-app-poetry/docker/Dockerfile" + runtime = "python3.12" + docker_image = "build-python-poetry" + docker_file = "${path.module}/../fixtures/python-app-poetry/docker/Dockerfile" source_path = [ { - path = "${path.module}/../fixtures/python3.9-app-poetry" + path = "${path.module}/../fixtures/python-app-poetry" poetry_install = true } ] @@ -70,14 +70,14 @@ module "package_src_poetry" { create_function = false build_in_docker = true - runtime = "python3.9" - docker_image = "build-python3.9-poetry" - docker_file = "${path.module}/../fixtures/python3.9-app-src-poetry/docker/Dockerfile" + runtime = "python3.12" + docker_image = "build-python-poetry" + docker_file = "${path.module}/../fixtures/python-app-src-poetry/docker/Dockerfile" source_path = [ - "${path.module}/../fixtures/python3.9-app-src-poetry/src", + "${path.module}/../fixtures/python-app-src-poetry/src", { - path = "${path.module}/../fixtures/python3.9-app-src-poetry/pyproject.toml" + path = "${path.module}/../fixtures/python-app-src-poetry/pyproject.toml" poetry_install = true } ] @@ -91,13 +91,13 @@ module "package_src_poetry2" { create_function = false build_in_docker = true - runtime = "python3.9" - docker_image = "build-python3.9-poetry" - docker_file = "${path.module}/../fixtures/python3.9-app-src-poetry/docker/Dockerfile" + runtime = "python3.12" + docker_image = "build-python-poetry" + docker_file = "${path.module}/../fixtures/python-app-src-poetry/docker/Dockerfile" source_path = [ - "${path.module}/../fixtures/python3.9-app-src-poetry/src", - "${path.module}/../fixtures/python3.9-app-src-poetry/pyproject.toml" + "${path.module}/../fixtures/python-app-src-poetry/src", + "${path.module}/../fixtures/python-app-src-poetry/pyproject.toml" ] artifacts_dir = "${path.root}/builds/package_src_poetry2/" } @@ -108,27 +108,45 @@ module "package_dir_poetry_no_docker" { create_function = false - runtime = "python3.9" + runtime = "python3.12" source_path = [ { - path = "${path.module}/../fixtures/python3.9-app-poetry" + path = "${path.module}/../fixtures/python-app-poetry" poetry_install = true } ] artifacts_dir = "${path.root}/builds/package_dir_poetry/" } +# Create zip-archive with Poetry dependencies and demonstrate quiet packaging output +module "package_dir_poetry_quiet" { + source = "../../" + + create_function = false + + runtime = "python3.12" + + source_path = [ + { + path = "${path.module}/../fixtures/python-app-poetry" + poetry_install = true + } + ] + artifacts_dir = "${path.root}/builds/package_dir_poetry_quiet/" + quiet_archive_local_exec = true # Suppress Poetry/pip output during packaging +} + # Create zip-archive of a single directory without running "pip install" (which is default for python runtime) module "package_dir_without_pip_install" { source = "../../" create_function = false - runtime = "python3.8" + runtime = "python3.12" source_path = [ { - path = "${path.module}/../fixtures/python3.8-app1" + path = "${path.module}/../fixtures/python-app1" pip_requirements = false # pip_requirements = true # Will run "pip install" with default requirements.txt } @@ -141,8 +159,8 @@ module "package_file" { create_function = false - runtime = "python3.8" - source_path = "${path.module}/../fixtures/python3.8-app1/index.py" + runtime = "python3.12" + source_path = "${path.module}/../fixtures/python-app1/index.py" } # Create zip-archive which contains: @@ -153,11 +171,11 @@ module "package_file_with_pip_requirements" { create_function = false - runtime = "python3.8" + runtime = "python3.12" source_path = [ - "${path.module}/../fixtures/python3.8-app1/index.py", + "${path.module}/../fixtures/python-app1/index.py", { - pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" + pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" prefix_in_zip = "vendor" } ] @@ -173,12 +191,12 @@ module "package_with_pip_requirements_in_docker" { create_function = false - runtime = "python3.8" + runtime = "python3.12" source_path = [ - "${path.module}/../fixtures/python3.8-app1/index.py", - "${path.module}/../fixtures/python3.8-app1/dir1/dir2", + "${path.module}/../fixtures/python-app1/index.py", + "${path.module}/../fixtures/python-app1/dir1/dir2", { - pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" + pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" } ] @@ -196,12 +214,12 @@ module "package_with_pip_requirements_in_docker_overriding_entrypoint" { create_function = false - runtime = "python3.8" + runtime = "python3.12" source_path = [ - "${path.module}/../fixtures/python3.8-app1/index.py", - "${path.module}/../fixtures/python3.8-app1/dir1/dir2", + "${path.module}/../fixtures/python-app1/index.py", + "${path.module}/../fixtures/python-app1/dir1/dir2", { - pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" + pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" } ] hash_extra = "package_with_pip_requirements_in_docker_overriding_entrypoint" @@ -209,7 +227,7 @@ module "package_with_pip_requirements_in_docker_overriding_entrypoint" { build_in_docker = true docker_additional_options = [ "-e", "MY_ENV_VAR='My environment variable value'", - "-v", "${abspath(path.module)}/../fixtures/python3.8-app1/docker/entrypoint.sh:/entrypoint/entrypoint.sh:ro", + "-v", "${abspath(path.module)}/../fixtures/python-app1/docker/entrypoint.sh:/entrypoint/entrypoint.sh:ro", ] docker_entrypoint = "/entrypoint/entrypoint.sh" } @@ -225,14 +243,14 @@ module "package_with_commands_and_patterns" { create_function = false - runtime = "python3.8" + runtime = "python3.12" source_path = [ { - path = "${path.module}/../fixtures/python3.8-app1" + path = "${path.module}/../fixtures/python-app1" commands = [ ":zip", "cd `mktemp -d`", - "pip install --target=. -r ${abspath(path.module)}/../fixtures/python3.8-app1/requirements.txt", + "pip install --target=. -r ${abspath(path.module)}/../fixtures/python-app1/requirements.txt", ":zip . vendor/", ] patterns = [ @@ -244,6 +262,31 @@ module "package_with_commands_and_patterns" { ] } +# Some use cases might require the production packages are deployed while maintaining local node_modules folder +# This example saves the node_modules folder by moving it to an ignored directory +# After the zip file is created with production node_modules, the dev node_modules folder is restored +module "npm_package_with_commands_and_patterns" { + source = "../../" + + create_function = false + + runtime = "nodejs18.x" + source_path = [ + { + path = "${path.module}/../fixtures/node-app" + commands = [ + "[ ! -d node_modules ] || mv node_modules node_modules_temp", + "npm install --production", + ":zip", + "rm -rf node_modules", + "[ ! -d node_modules_temp ] || mv node_modules_temp node_modules", + ] + patterns = [ + "!node_modules_temp/.*" + ] + } + ] +} # Create zip-archive with various sources and patterns. # Note, that it is possible to write comments in patterns. module "package_with_patterns" { @@ -251,14 +294,14 @@ module "package_with_patterns" { create_function = false - runtime = "python3.8" + runtime = "python3.12" source_path = [ { - pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" + pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" }, - "${path.module}/../fixtures/python3.8-app1/index.py", + "${path.module}/../fixtures/python-app1/index.py", { - path = "${path.module}/../fixtures/python3.8-app1/index.py" + path = "${path.module}/../fixtures/python-app1/index.py" patterns = < + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -35,7 +35,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| | [lambda](#module\_lambda) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | +| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 | ## Resources @@ -59,4 +59,4 @@ No inputs. | [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | | [lambda\_function\_signing\_job\_arn](#output\_lambda\_function\_signing\_job\_arn) | ARN of the signing job | | [lambda\_function\_signing\_profile\_version\_arn](#output\_lambda\_function\_signing\_profile\_version\_arn) | ARN of the signing profile version | - + diff --git a/examples/code-signing/main.tf b/examples/code-signing/main.tf index 7ce74e1b..8b8e9e3e 100644 --- a/examples/code-signing/main.tf +++ b/examples/code-signing/main.tf @@ -16,7 +16,7 @@ module "lambda" { function_name = random_pet.this.id handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" code_signing_config_arn = aws_lambda_code_signing_config.this.arn create_package = false @@ -33,7 +33,7 @@ module "lambda" { resource "aws_s3_object" "unsigned" { bucket = module.s3_bucket.s3_bucket_id key = "unsigned/existing_package.zip" - source = "${path.module}/../fixtures/python3.8-zip/existing_package.zip" + source = "${path.module}/../fixtures/python-zip/existing_package.zip" # Making sure that S3 versioning configuration is propagated properly depends_on = [ @@ -93,7 +93,7 @@ resource "random_pet" "this" { module "s3_bucket" { source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 3.0" + version = "~> 5.0" bucket_prefix = "${random_pet.this.id}-" force_destroy = true diff --git a/examples/code-signing/versions.tf b/examples/code-signing/versions.tf index 55278d04..d2f4f3e8 100644 --- a/examples/code-signing/versions.tf +++ b/examples/code-signing/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/complete/README.md b/examples/complete/README.md index 92c3256b..552ea09c 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -15,20 +15,20 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -49,7 +49,7 @@ Note that this example may create resources which cost money. Run `terraform des | [lambda\_layer\_with\_package\_deploying\_externally](#module\_lambda\_layer\_with\_package\_deploying\_externally) | ../../ | n/a | | [lambda\_with\_mixed\_trusted\_entities](#module\_lambda\_with\_mixed\_trusted\_entities) | ../../ | n/a | | [lambda\_with\_provisioned\_concurrency](#module\_lambda\_with\_provisioned\_concurrency) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | +| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 | ## Resources @@ -92,4 +92,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 7f16007b..356d9f3e 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -22,12 +22,13 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda1" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" ephemeral_storage_size = 10240 architectures = ["x86_64"] publish = true + # recursive_loop = "Allow" - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" store_on_s3 = true s3_bucket = module.s3_bucket.s3_bucket_id @@ -51,8 +52,9 @@ module "lambda_function" { Serverless = "Terraform" } - role_path = "/tf-managed/" - policy_path = "/tf-managed/" + cloudwatch_logs_log_group_class = "INFREQUENT_ACCESS" + + role_path = "/tf-managed/" attach_dead_letter_policy = true dead_letter_target_arn = aws_sqs_queue.dlq.arn @@ -196,11 +198,11 @@ module "lambda_function_existing_package_local" { function_name = "${random_pet.this.id}-lambda-existing-package-local" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" publish = true create_package = false - local_existing_package = "${path.module}/../fixtures/python3.8-zip/existing_package.zip" + local_existing_package = "${path.module}/../fixtures/python-zip/existing_package.zip" # s3_existing_package = { # bucket = "humane-bear-bucket" # key = "builds/506df8bef5a4fb01883cce3673c9ff0ed88fb52e8583410e0cca7980a72211a0.zip" @@ -224,10 +226,10 @@ module "lambda_layer_local" { layer_name = "${random_pet.this.id}-layer-local" description = "My amazing lambda layer (deployed from local)" - compatible_runtimes = ["python3.8"] + compatible_runtimes = ["python3.12"] compatible_architectures = ["arm64"] - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" } #################################################### @@ -242,10 +244,10 @@ module "lambda_layer_with_package_deploying_externally" { layer_name = "${random_pet.this.id}-layer-local" description = "My amazing lambda layer (deployed from local)" - compatible_runtimes = ["python3.8"] + compatible_runtimes = ["python3.12"] create_package = false - local_existing_package = "../fixtures/python3.8-zip/existing_package.zip" + local_existing_package = "../fixtures/python-zip/existing_package.zip" ignore_source_code_hash = true } @@ -261,9 +263,9 @@ module "lambda_layer_s3" { layer_name = "${random_pet.this.id}-layer-s3" description = "My amazing lambda layer (deployed from S3)" - compatible_runtimes = ["python3.8"] + compatible_runtimes = ["python3.12"] - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" store_on_s3 = true s3_bucket = module.s3_bucket.s3_bucket_id @@ -281,9 +283,9 @@ module "lambda_at_edge" { function_name = "${random_pet.this.id}-lambda-at-edge" description = "My awesome lambda@edge function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" hash_extra = "this string should be included in hash function to produce different filename for the same source" # this is also a build trigger if this changes tags = { @@ -300,9 +302,9 @@ module "lambda_with_provisioned_concurrency" { function_name = "${random_pet.this.id}-lambda-provisioned" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" publish = true hash_extra = "hash-extra-lambda-provisioned" @@ -319,9 +321,9 @@ module "lambda_with_mixed_trusted_entities" { function_name = "${random_pet.this.id}-lambda-mixed-trusted-entities" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" trusted_entities = [ "appsync.amazonaws.com", @@ -350,14 +352,16 @@ module "lambda_function_for_each" { for_each = toset(["dev", "staging", "prod"]) + region = "us-east-1" + function_name = "my-${each.value}" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" publish = true create_package = false - local_existing_package = "${path.module}/../fixtures/python3.8-zip/existing_package.zip" + local_existing_package = "${path.module}/../fixtures/python-zip/existing_package.zip" } #################################################### @@ -370,10 +374,10 @@ module "lambda_function_with_package_deploying_externally" { function_name = "${random_pet.this.id}-lambda-with-package-deploying-externally" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" create_package = false - local_existing_package = "../fixtures/python3.8-zip/existing_package.zip" + local_existing_package = "../fixtures/python-zip/existing_package.zip" ignore_source_code_hash = true } @@ -387,10 +391,10 @@ module "lambda_function_no_create_log_group_permission" { function_name = "${random_pet.this.id}-lambda-no-create-log-group-permission" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" create_package = false - local_existing_package = "../fixtures/python3.8-zip/existing_package.zip" + local_existing_package = "../fixtures/python-zip/existing_package.zip" attach_create_log_group_permission = false } @@ -404,10 +408,10 @@ module "lambda_function_with_custom_log_group" { function_name = "${random_pet.this.id}-lambda-with-custom-log-group" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" create_package = false - local_existing_package = "../fixtures/python3.8-zip/existing_package.zip" + local_existing_package = "../fixtures/python-zip/existing_package.zip" use_existing_cloudwatch_log_group = true @@ -426,10 +430,10 @@ module "lambda_function_with_custom_auto_log_group" { function_name = "${random_pet.this.id}-lambda-with-custom-auto-log-group" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" create_package = false - local_existing_package = "../fixtures/python3.8-zip/existing_package.zip" + local_existing_package = "../fixtures/python-zip/existing_package.zip" logging_log_group = "/example-auto/${random_pet.this.id}" logging_log_format = "JSON" @@ -457,7 +461,7 @@ resource "random_pet" "this" { module "s3_bucket" { source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 3.0" + version = "~> 5.0" bucket_prefix = "${random_pet.this.id}-" force_destroy = true diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 55278d04..d2f4f3e8 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 0733612f..8c2bf290 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -1,6 +1,6 @@ # AWS Lambda Function deployed from Docker Container Image example -Configuration in this directory creates AWS Lambda Function deployed with a Container Image. +Configuration in this directory creates several AWS Lambda Functions deployed from Container Images (using `modules/docker-build` and `terraform-aws-modules/terraform-aws-ecr`). ## Usage @@ -14,13 +14,13 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | | [docker](#requirement\_docker) | >= 3.0 | | [random](#requirement\_random) | >= 2.0 | @@ -28,15 +28,19 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [docker\_image](#module\_docker\_image) | ../../modules/docker-build | n/a | -| [lambda\_function\_from\_container\_image](#module\_lambda\_function\_from\_container\_image) | ../../ | n/a | +| [docker\_build](#module\_docker\_build) | ../../modules/docker-build | n/a | +| [docker\_build\_from\_ecr](#module\_docker\_build\_from\_ecr) | ../../modules/docker-build | n/a | +| [docker\_build\_multistage](#module\_docker\_build\_multistage) | ../../modules/docker-build | n/a | +| [ecr](#module\_ecr) | terraform-aws-modules/ecr/aws | n/a | +| [lambda\_function\_with\_docker\_build](#module\_lambda\_function\_with\_docker\_build) | ../../ | n/a | +| [lambda\_function\_with\_docker\_build\_from\_ecr](#module\_lambda\_function\_with\_docker\_build\_from\_ecr) | ../../ | n/a | ## Resources @@ -76,4 +80,4 @@ No inputs. | [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | | [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | - + diff --git a/examples/container-image/context/Dockerfile b/examples/container-image/context/Dockerfile index d6e7662a..64350ec5 100644 --- a/examples/container-image/context/Dockerfile +++ b/examples/container-image/context/Dockerfile @@ -1,8 +1,12 @@ # `--platform` argument is used to be able to build docker images when using another platform (e.g. Apple M1) -FROM --platform=linux/x86_64 scratch +FROM --platform=linux/x86_64 scratch AS first_stage ARG FOO ENV FOO $FOO COPY empty /empty + +FROM first_stage AS second_stage + +COPY empty /empty_two diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index 46c1bf77..9e0ee33d 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -26,17 +26,17 @@ provider "aws" { provider "docker" { registry_auth { - address = format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.name) + address = format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.region) username = data.aws_ecr_authorization_token.token.user_name password = data.aws_ecr_authorization_token.token.password } } -module "lambda_function_from_container_image" { +module "lambda_function_with_docker_build" { source = "../../" - function_name = "${random_pet.this.id}-lambda-from-container-image" - description = "My awesome lambda function from container image" + function_name = "${random_pet.this.id}-lambda-with-docker-build" + description = "My awesome lambda function with container image by modules/docker-build" create_package = false @@ -46,10 +46,27 @@ module "lambda_function_from_container_image" { package_type = "Image" architectures = ["arm64"] # ["x86_64"] - image_uri = module.docker_image.image_uri + image_uri = module.docker_build.image_uri } -module "docker_image" { +module "lambda_function_with_docker_build_from_ecr" { + source = "../../" + + function_name = "${random_pet.this.id}-lambda-with-docker-build-from-ecr" + description = "My awesome lambda function with container image by modules/docker-build and ECR repository created by terraform-aws-ecr module" + + create_package = false + + ################## + # Container Image + ################## + package_type = "Image" + architectures = ["arm64"] # ["x86_64"] + + image_uri = module.docker_build_from_ecr.image_uri +} + +module "docker_build" { source = "../../modules/docker-build" create_ecr_repo = true @@ -87,6 +104,73 @@ module "docker_image" { } } +############################################ +# Docker Image and ECR by terraform-aws-ecr +############################################ + +module "docker_build_from_ecr" { + source = "../../modules/docker-build" + + ecr_repo = module.ecr.repository_name + + use_image_tag = false # If false, sha of the image will be used + + # use_image_tag = true + # image_tag = "2.0" + + source_path = local.source_path + platform = "linux/amd64" + build_args = { + FOO = "bar" + } + # Can also use buildx + builder = "default" + docker_file_path = "${local.source_path}/Dockerfile" + + triggers = { + dir_sha = local.dir_sha + } + + cache_from = ["${module.ecr.repository_url}:latest"] +} + +module "docker_build_multistage" { + source = "../../modules/docker-build" + + ecr_repo = module.ecr.repository_name + + use_image_tag = true + image_tag = "first_stage" + + source_path = local.source_path + platform = "linux/amd64" + build_args = { + FOO = "bar" + } + builder = "default" + docker_file_path = "${local.source_path}/Dockerfile" + + # multi-stage builds + build_target = "first_stage" + + triggers = { + dir_sha = local.dir_sha + } + + cache_from = ["${module.ecr.repository_url}:latest"] +} + +module "ecr" { + source = "terraform-aws-modules/ecr/aws" + + repository_name = "${random_pet.this.id}-ecr" + repository_force_delete = true + + create_lifecycle_policy = false + + repository_lambda_read_access_arns = [module.lambda_function_with_docker_build_from_ecr.lambda_function_arn] +} + resource "random_pet" "this" { length = 2 } diff --git a/examples/container-image/outputs.tf b/examples/container-image/outputs.tf index 34755681..7e6f0d2c 100644 --- a/examples/container-image/outputs.tf +++ b/examples/container-image/outputs.tf @@ -1,106 +1,106 @@ # Lambda Function output "lambda_function_arn" { description = "The ARN of the Lambda Function" - value = module.lambda_function_from_container_image.lambda_function_arn + value = module.lambda_function_with_docker_build.lambda_function_arn } output "lambda_function_arn_static" { description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" - value = module.lambda_function_from_container_image.lambda_function_arn_static + value = module.lambda_function_with_docker_build.lambda_function_arn_static } output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function_from_container_image.lambda_function_invoke_arn + value = module.lambda_function_with_docker_build.lambda_function_invoke_arn } output "lambda_function_name" { description = "The name of the Lambda Function" - value = module.lambda_function_from_container_image.lambda_function_name + value = module.lambda_function_with_docker_build.lambda_function_name } output "lambda_function_qualified_arn" { description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function_from_container_image.lambda_function_qualified_arn + value = module.lambda_function_with_docker_build.lambda_function_qualified_arn } output "lambda_function_version" { description = "Latest published version of Lambda Function" - value = module.lambda_function_from_container_image.lambda_function_version + value = module.lambda_function_with_docker_build.lambda_function_version } output "lambda_function_last_modified" { description = "The date Lambda Function resource was last modified" - value = module.lambda_function_from_container_image.lambda_function_last_modified + value = module.lambda_function_with_docker_build.lambda_function_last_modified } output "lambda_function_kms_key_arn" { description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function_from_container_image.lambda_function_kms_key_arn + value = module.lambda_function_with_docker_build.lambda_function_kms_key_arn } output "lambda_function_source_code_hash" { description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function_from_container_image.lambda_function_source_code_hash + value = module.lambda_function_with_docker_build.lambda_function_source_code_hash } output "lambda_function_source_code_size" { description = "The size in bytes of the function .zip file" - value = module.lambda_function_from_container_image.lambda_function_source_code_size + value = module.lambda_function_with_docker_build.lambda_function_source_code_size } # Lambda Layer output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" - value = module.lambda_function_from_container_image.lambda_layer_arn + value = module.lambda_function_with_docker_build.lambda_layer_arn } output "lambda_layer_layer_arn" { description = "The ARN of the Lambda Layer without version" - value = module.lambda_function_from_container_image.lambda_layer_layer_arn + value = module.lambda_function_with_docker_build.lambda_layer_layer_arn } output "lambda_layer_created_date" { description = "The date Lambda Layer resource was created" - value = module.lambda_function_from_container_image.lambda_layer_created_date + value = module.lambda_function_with_docker_build.lambda_layer_created_date } output "lambda_layer_source_code_size" { description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function_from_container_image.lambda_layer_source_code_size + value = module.lambda_function_with_docker_build.lambda_layer_source_code_size } output "lambda_layer_version" { description = "The Lambda Layer version" - value = module.lambda_function_from_container_image.lambda_layer_version + value = module.lambda_function_with_docker_build.lambda_layer_version } # IAM Role output "lambda_role_arn" { description = "The ARN of the IAM role created for the Lambda Function" - value = module.lambda_function_from_container_image.lambda_role_arn + value = module.lambda_function_with_docker_build.lambda_role_arn } output "lambda_role_name" { description = "The name of the IAM role created for the Lambda Function" - value = module.lambda_function_from_container_image.lambda_role_name + value = module.lambda_function_with_docker_build.lambda_role_name } # CloudWatch Log Group output "lambda_cloudwatch_log_group_arn" { description = "The ARN of the Cloudwatch Log Group" - value = module.lambda_function_from_container_image.lambda_cloudwatch_log_group_arn + value = module.lambda_function_with_docker_build.lambda_cloudwatch_log_group_arn } -# Docker Image +# Docker Image by modules/docker-build output "docker_image_uri" { description = "The ECR Docker image URI used to deploy Lambda Function" - value = module.docker_image.image_uri + value = module.docker_build.image_uri } output "docker_image_id" { description = "The ID of the Docker image" - value = module.docker_image.image_id + value = module.docker_build.image_id } output "docker_image_files_to_hash" { diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index a774c835..dbb8009c 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 6.0" } docker = { source = "kreuzwerker/docker" diff --git a/examples/deploy/README.md b/examples/deploy/README.md index b900c919..829a0468 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -14,20 +14,20 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -63,4 +63,4 @@ No inputs. | [codedeploy\_iam\_role\_name](#output\_codedeploy\_iam\_role\_name) | Name of IAM role used by CodeDeploy | | [deploy\_script](#output\_deploy\_script) | Path to a deployment script | | [script](#output\_script) | Deployment script | - + diff --git a/examples/deploy/main.tf b/examples/deploy/main.tf index 96269036..ee8c8bed 100644 --- a/examples/deploy/main.tf +++ b/examples/deploy/main.tf @@ -16,10 +16,10 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" publish = true - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" hash_extra = "yo1" } diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index 55278d04..d2f4f3e8 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md index 0f34132e..49d4fa75 100644 --- a/examples/event-source-mapping/README.md +++ b/examples/event-source-mapping/README.md @@ -13,3 +13,67 @@ $ terraform apply ``` Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | +| [random](#requirement\_random) | >= 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 6.0 | +| [random](#provider\_random) | >= 2.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | + +## Resources + +| Name | Type | +|------|------| +| [aws_dynamodb_table.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource | +| [aws_kinesis_stream.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_stream) | resource | +| [aws_mq_broker.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker) | resource | +| [aws_secretsmanager_secret.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource | +| [aws_secretsmanager_secret_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource | +| [aws_sqs_queue.failure](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | +| [aws_sqs_queue.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | +| [random_password.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | +| [aws_organizations_organization.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [lambda\_event\_source\_mapping\_arn](#output\_lambda\_event\_source\_mapping\_arn) | The event source mapping ARN | +| [lambda\_event\_source\_mapping\_function\_arn](#output\_lambda\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | +| [lambda\_event\_source\_mapping\_state](#output\_lambda\_event\_source\_mapping\_state) | The state of the event source mapping | +| [lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | +| [lambda\_event\_source\_mapping\_uuid](#output\_lambda\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | +| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | + diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index 977ace23..f76d30c8 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -26,9 +26,9 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda-event-source-mapping" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" - source_path = "${path.module}/../fixtures/python3.8-app1/index.py" + source_path = "${path.module}/../fixtures/python-app1/index.py" event_source_mapping = { sqs = { @@ -37,6 +37,9 @@ module "lambda_function" { scaling_config = { maximum_concurrency = 20 } + metrics_config = { + metrics = ["EventCount"] + } } dynamodb = { event_source_arn = aws_dynamodb_table.this.stream_arn @@ -83,6 +86,7 @@ module "lambda_function" { uri = "/" } ] + tags = { mapping = "amq" } } # self_managed_kafka = { # batch_size = 1 @@ -179,6 +183,10 @@ module "lambda_function" { "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole", "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole", ] + + tags = { + example = "event-source-mapping" + } } ################## @@ -247,7 +255,7 @@ module "vpc" { resource "aws_mq_broker" "this" { broker_name = random_pet.this.id engine_type = "RabbitMQ" - engine_version = "3.10.10" + engine_version = "3.12.13" host_instance_type = "mq.t3.micro" security_groups = [module.vpc.default_security_group_id] subnet_ids = slice(module.vpc.public_subnets, 0, 1) diff --git a/examples/event-source-mapping/outputs.tf b/examples/event-source-mapping/outputs.tf index 5b69eeb5..764a91c5 100644 --- a/examples/event-source-mapping/outputs.tf +++ b/examples/event-source-mapping/outputs.tf @@ -69,3 +69,8 @@ output "lambda_event_source_mapping_uuid" { description = "The UUID of the created event source mapping" value = module.lambda_function.lambda_event_source_mapping_uuid } + +output "lambda_event_source_mapping_arn" { + description = "The event source mapping ARN" + value = module.lambda_function.lambda_event_source_mapping_arn +} diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 55278d04..d2f4f3e8 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/fixtures/nodejs14.x-app2/index.js b/examples/fixtures/nodejs14.x-app2/index.js new file mode 100644 index 00000000..97968e4a --- /dev/null +++ b/examples/fixtures/nodejs14.x-app2/index.js @@ -0,0 +1,16 @@ +'use strict'; + +module.exports.hello = async (event) => { + console.log(event); + return { + statusCode: 200, + body: JSON.stringify( + { + message: `Go Serverless.tf! Your Nodejs function executed successfully!`, + input: event, + }, + null, + 2 + ), + }; +}; diff --git a/examples/fixtures/nodejs14.x-app2/package-lock.json b/examples/fixtures/nodejs14.x-app2/package-lock.json new file mode 100644 index 00000000..adf88ca6 --- /dev/null +++ b/examples/fixtures/nodejs14.x-app2/package-lock.json @@ -0,0 +1,83 @@ +{ + "name": "nodejs14.x-app1", + "version": "1.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "axo": { + "version": "0.0.2", + "resolved": "https://registry.npmjs.org/axo/-/axo-0.0.2.tgz", + "integrity": "sha512-8CC4Mb+OhK97UEng0PgiqUDNZjzVcWDsV+G2vLYCQn1jEL7y6VqiRVlZlRu+aA/ckSznmNzW6X1I6nj2As/haQ==" + }, + "eventemitter3": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-2.0.3.tgz", + "integrity": "sha512-jLN68Dx5kyFHaePoXWPsCGW5qdyZQtLYHkxkg02/Mz6g0kYpDx4FyP6XfArhQdlOC4b8Mv+EMxPo/8La7Tzghg==" + }, + "extendible": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/extendible/-/extendible-0.1.1.tgz", + "integrity": "sha512-AglckQA0TJV8/ZmhQcNmaaFcFFPXFIoZbfuoQOlGDK7Jh/roWotYzJ7ik1FBBCHBr8n7CgTR8lXXPAN8Rfb7rw==" + }, + "failure": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/failure/-/failure-1.1.1.tgz", + "integrity": "sha512-lzrrk0NUfjVeU3jLmfU01zP5bfg4XVFxHREYGvgJowaCqHLSQtqIGENH/CU+oSs6yfYObdSM7b9UY/3p2VJOSg==" + }, + "hang": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/hang/-/hang-1.0.0.tgz", + "integrity": "sha512-vtBz98Bt/Tbm03cZO5Ymc7ZL8ead/jIx9T5Wg/xuz+9BXPAJNJSdGQW63LoaesogUQKTpHyal339hxTaTf/APg==" + }, + "loads": { + "version": "0.0.4", + "resolved": "https://registry.npmjs.org/loads/-/loads-0.0.4.tgz", + "integrity": "sha512-XjPzzYIHkuMNqYyvh6AECQAHi682nyKO9TMdMYnaz7QbPDI/KIeSIjRhAlXIbRMPYAgtLUYgPlD3mtKZ4Q8SYA==", + "requires": { + "failure": "1.1.x", + "one-time": "0.0.x", + "xhr-response": "1.0.x", + "xhr-status": "1.0.x" + } + }, + "node-http-xhr": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/node-http-xhr/-/node-http-xhr-1.2.1.tgz", + "integrity": "sha512-eRKOQNY8V2BNp/P8A2A+eVwprVFI64ciunsBimQ4WBb1m841vn7ksDRGlmWBCyE/tLRoPwvH/sUig9krKMehwA==" + }, + "one-time": { + "version": "0.0.4", + "resolved": "https://registry.npmjs.org/one-time/-/one-time-0.0.4.tgz", + "integrity": "sha512-qAMrwuk2xLEutlASoiPiAMW3EN3K96Ka/ilSXYr6qR1zSVXw2j7+yDSqGTC4T9apfLYxM3tLLjKvgPdAUK7kYQ==" + }, + "requests": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/requests/-/requests-0.2.1.tgz", + "integrity": "sha512-SlvQm7cl4z285qs5ZrthHjr4TI0Ngb0pzX4jLzSOr7rsA4AlFj+0qhkzF3zKsVBFuU+HseU+iUz4qBA6bV087Q==", + "requires": { + "axo": "0.0.x", + "eventemitter3": "~2.0.2", + "extendible": "0.1.x", + "hang": "1.0.x", + "loads": "0.0.x", + "node-http-xhr": "~1.2.1", + "xhr-send": "1.0.x" + } + }, + "xhr-response": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/xhr-response/-/xhr-response-1.0.1.tgz", + "integrity": "sha512-m2FlVRCl3VqDcpc8UaWZJpwuHpFR2vYeXv6ipXU2Uuu4vNKFYVEFI0emuJN370Fge+JCbiAnS+JJmSoWVmWrjQ==" + }, + "xhr-send": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/xhr-send/-/xhr-send-1.0.0.tgz", + "integrity": "sha512-789EG4qW6Z0nPvG74AV3WWQCnBG5HxJXNiBsnEivZ8OpbvVA0amH0+g+MNT99o5kt/XLdRezm5KS1wJzcGJztw==" + }, + "xhr-status": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/xhr-status/-/xhr-status-1.0.1.tgz", + "integrity": "sha512-VF0WSqtmkf56OmF26LCWsWvRb1a+WYGdHDoQnPPCVUQTM8CVUAOBcUDsm7nP7SQcgEEdrvF4DmhEADuXdGieyw==" + } + } +} diff --git a/examples/fixtures/nodejs14.x-app2/package.json b/examples/fixtures/nodejs14.x-app2/package.json new file mode 100644 index 00000000..b332ac7e --- /dev/null +++ b/examples/fixtures/nodejs14.x-app2/package.json @@ -0,0 +1,8 @@ +{ + "name": "nodejs14.x-app1", + "version": "1.0.0", + "main": "index.js", + "dependencies": { + "requests": "^0.2.0" + } +} diff --git a/examples/fixtures/python3.9-app-poetry/docker/Dockerfile b/examples/fixtures/python-app-poetry/docker/Dockerfile similarity index 74% rename from examples/fixtures/python3.9-app-poetry/docker/Dockerfile rename to examples/fixtures/python-app-poetry/docker/Dockerfile index 9d19957b..9b6c9ed4 100644 --- a/examples/fixtures/python3.9-app-poetry/docker/Dockerfile +++ b/examples/fixtures/python-app-poetry/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM public.ecr.aws/sam/build-python3.9 +FROM public.ecr.aws/sam/build-python3.12 LABEL maintainer="Betajob AS" \ description="Patched AWS Lambda build container" diff --git a/examples/fixtures/python3.8-app1/ignore_please.txt b/examples/fixtures/python-app-poetry/ignore_please.txt similarity index 100% rename from examples/fixtures/python3.8-app1/ignore_please.txt rename to examples/fixtures/python-app-poetry/ignore_please.txt diff --git a/examples/fixtures/python3.10-app1/index.py b/examples/fixtures/python-app-poetry/index.py similarity index 100% rename from examples/fixtures/python3.10-app1/index.py rename to examples/fixtures/python-app-poetry/index.py diff --git a/examples/fixtures/python3.9-app-poetry/poetry.lock b/examples/fixtures/python-app-poetry/poetry.lock similarity index 100% rename from examples/fixtures/python3.9-app-poetry/poetry.lock rename to examples/fixtures/python-app-poetry/poetry.lock diff --git a/examples/fixtures/python3.9-app-poetry/poetry.toml b/examples/fixtures/python-app-poetry/poetry.toml similarity index 100% rename from examples/fixtures/python3.9-app-poetry/poetry.toml rename to examples/fixtures/python-app-poetry/poetry.toml diff --git a/examples/fixtures/python3.9-app-poetry/pyproject.toml b/examples/fixtures/python-app-poetry/pyproject.toml similarity index 90% rename from examples/fixtures/python3.9-app-poetry/pyproject.toml rename to examples/fixtures/python-app-poetry/pyproject.toml index c09d58aa..ea289d4a 100644 --- a/examples/fixtures/python3.9-app-poetry/pyproject.toml +++ b/examples/fixtures/python-app-poetry/pyproject.toml @@ -1,5 +1,5 @@ [tool.poetry] -name = "python3.9-app-poetry" +name = "python-app-poetry" version = "0.1.0" description = "" authors = ["Your Name "] diff --git a/examples/fixtures/python3.9-app-src-poetry/README.md b/examples/fixtures/python-app-src-poetry/README.md similarity index 100% rename from examples/fixtures/python3.9-app-src-poetry/README.md rename to examples/fixtures/python-app-src-poetry/README.md diff --git a/examples/fixtures/python3.9-app-src-poetry/poetry.lock b/examples/fixtures/python-app-src-poetry/poetry.lock similarity index 100% rename from examples/fixtures/python3.9-app-src-poetry/poetry.lock rename to examples/fixtures/python-app-src-poetry/poetry.lock diff --git a/examples/fixtures/python3.9-app-src-poetry/pyproject.toml b/examples/fixtures/python-app-src-poetry/pyproject.toml similarity index 72% rename from examples/fixtures/python3.9-app-src-poetry/pyproject.toml rename to examples/fixtures/python-app-src-poetry/pyproject.toml index 2b890b79..7ceca4c4 100644 --- a/examples/fixtures/python3.9-app-src-poetry/pyproject.toml +++ b/examples/fixtures/python-app-src-poetry/pyproject.toml @@ -1,10 +1,10 @@ [tool.poetry] -name = "python3-9-app-src-poetry" +name = "python-app-src-poetry" version = "0.1.0" description = "" authors = ["Your Name "] readme = "README.md" -packages = [{include = "python39_app_src_poetry", from = "src"}] +packages = [{include = "python_app_src_poetry", from = "src"}] [tool.poetry.dependencies] python = "^3.9" diff --git a/examples/fixtures/python3.9-app-src-poetry/src/python39_app_src_poetry/__init__.py b/examples/fixtures/python-app-src-poetry/src/python_app_src_poetry/__init__.py similarity index 100% rename from examples/fixtures/python3.9-app-src-poetry/src/python39_app_src_poetry/__init__.py rename to examples/fixtures/python-app-src-poetry/src/python_app_src_poetry/__init__.py diff --git a/examples/fixtures/python3.9-app-src-poetry/tests/__init__.py b/examples/fixtures/python-app-src-poetry/tests/__init__.py similarity index 100% rename from examples/fixtures/python3.9-app-src-poetry/tests/__init__.py rename to examples/fixtures/python-app-src-poetry/tests/__init__.py diff --git a/examples/fixtures/python3.8-app1/dir1/dir2/ignore2.txt b/examples/fixtures/python-app1/dir1/dir2/ignore2.txt similarity index 100% rename from examples/fixtures/python3.8-app1/dir1/dir2/ignore2.txt rename to examples/fixtures/python-app1/dir1/dir2/ignore2.txt diff --git a/examples/fixtures/python3.8-app1/docker/Dockerfile b/examples/fixtures/python-app1/docker/Dockerfile similarity index 87% rename from examples/fixtures/python3.8-app1/docker/Dockerfile rename to examples/fixtures/python-app1/docker/Dockerfile index aeab9fee..fa0eb25f 100644 --- a/examples/fixtures/python3.8-app1/docker/Dockerfile +++ b/examples/fixtures/python-app1/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM public.ecr.aws/sam/build-python3.8 as build +FROM public.ecr.aws/sam/build-python3.12 as build LABEL maintainer="Betajob AS" \ description="Patched AWS Lambda build container" @@ -20,7 +20,7 @@ RUN \ && rpmbuild -ba SPECS/automake.spec --nocheck \ && yum install -y RPMS/noarch/* -FROM public.ecr.aws/sam/build-python3.8 +FROM public.ecr.aws/sam/build-python3.12 COPY --from=build /root/rpmbuild/RPMS/noarch/*.rpm . RUN yum install -y *.rpm \ && rm *.rpm diff --git a/examples/fixtures/python3.8-app1/docker/automake-1.13-to-1.16-spec.patch b/examples/fixtures/python-app1/docker/automake-1.13-to-1.16-spec.patch similarity index 100% rename from examples/fixtures/python3.8-app1/docker/automake-1.13-to-1.16-spec.patch rename to examples/fixtures/python-app1/docker/automake-1.13-to-1.16-spec.patch diff --git a/examples/fixtures/python3.8-app1/docker/entrypoint.sh b/examples/fixtures/python-app1/docker/entrypoint.sh similarity index 100% rename from examples/fixtures/python3.8-app1/docker/entrypoint.sh rename to examples/fixtures/python-app1/docker/entrypoint.sh diff --git a/examples/fixtures/python3.9-app-poetry/ignore_please.txt b/examples/fixtures/python-app1/ignore_please.txt similarity index 100% rename from examples/fixtures/python3.9-app-poetry/ignore_please.txt rename to examples/fixtures/python-app1/ignore_please.txt diff --git a/examples/fixtures/python3.8-app1/index.py b/examples/fixtures/python-app1/index.py similarity index 100% rename from examples/fixtures/python3.8-app1/index.py rename to examples/fixtures/python-app1/index.py diff --git a/examples/fixtures/python3.8-app1/requirements.txt b/examples/fixtures/python-app1/requirements.txt similarity index 100% rename from examples/fixtures/python3.8-app1/requirements.txt rename to examples/fixtures/python-app1/requirements.txt diff --git a/examples/fixtures/python3.8-app2/index.py b/examples/fixtures/python-app2/index.py similarity index 100% rename from examples/fixtures/python3.8-app2/index.py rename to examples/fixtures/python-app2/index.py diff --git a/examples/fixtures/python-function.zip b/examples/fixtures/python-function.zip new file mode 100644 index 00000000..d713a912 Binary files /dev/null and b/examples/fixtures/python-function.zip differ diff --git a/examples/fixtures/python-zip/existing_package.zip b/examples/fixtures/python-zip/existing_package.zip new file mode 100644 index 00000000..d713a912 Binary files /dev/null and b/examples/fixtures/python-zip/existing_package.zip differ diff --git a/examples/fixtures/python3.9-app-poetry/index.py b/examples/fixtures/python3.9-app-poetry/index.py deleted file mode 100644 index 396c5054..00000000 --- a/examples/fixtures/python3.9-app-poetry/index.py +++ /dev/null @@ -1,4 +0,0 @@ -def lambda_handler(event, context): - print("Hello from app1!") - - return event diff --git a/examples/fixtures/runtimes/dotnet8/.gitignore b/examples/fixtures/runtimes/dotnet8/.gitignore new file mode 100644 index 00000000..bc78471d --- /dev/null +++ b/examples/fixtures/runtimes/dotnet8/.gitignore @@ -0,0 +1,484 @@ +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. +## +## Get latest from `dotnet new gitignore` + +# dotenv files +.env + +# User-specific files +*.rsuser +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Mono auto generated files +mono_crash.* + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +x64/ +x86/ +[Ww][Ii][Nn]32/ +[Aa][Rr][Mm]/ +[Aa][Rr][Mm]64/ +bld/ +[Bb]in/ +[Oo]bj/ +[Ll]og/ +[Ll]ogs/ + +# Visual Studio 2015/2017 cache/options directory +.vs/ +# Uncomment if you have tasks that create the project's static files in wwwroot +#wwwroot/ + +# Visual Studio 2017 auto generated files +Generated\ Files/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUnit +*.VisualState.xml +TestResult.xml +nunit-*.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# Benchmark Results +BenchmarkDotNet.Artifacts/ + +# .NET +project.lock.json +project.fragment.lock.json +artifacts/ + +# Tye +.tye/ + +# ASP.NET Scaffolding +ScaffoldingReadMe.txt + +# StyleCop +StyleCopReport.xml + +# Files built by Visual Studio +*_i.c +*_p.c +*_h.h +*.ilk +*.meta +*.obj +*.iobj +*.pch +*.pdb +*.ipdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*_wpftmp.csproj +*.log +*.tlog +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opendb +*.opensdf +*.sdf +*.cachefile +*.VC.db +*.VC.VC.opendb + +# Visual Studio profiler +*.psess +*.vsp +*.vspx +*.sap + +# Visual Studio Trace Files +*.e2e + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# AxoCover is a Code Coverage Tool +.axoCover/* +!.axoCover/settings.json + +# Coverlet is a free, cross platform Code Coverage Tool +coverage*.json +coverage*.xml +coverage*.info + +# Visual Studio code coverage results +*.coverage +*.coveragexml + +# NCrunch +_NCrunch_* +.*crunch*.local.xml +nCrunchTemp_* + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml +# Note: Comment the next line if you want to checkin your web deploy settings, +# but database connection strings (with potential passwords) will be unencrypted +*.pubxml +*.publishproj + +# Microsoft Azure Web App publish settings. Comment the next line if you want to +# checkin your Azure Web App publish settings, but sensitive information contained +# in these scripts will be unencrypted +PublishScripts/ + +# NuGet Packages +*.nupkg +# NuGet Symbol Packages +*.snupkg +# The packages folder can be ignored because of Package Restore +**/[Pp]ackages/* +# except build/, which is used as an MSBuild target. +!**/[Pp]ackages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/[Pp]ackages/repositories.config +# NuGet v3's project.json files produces more ignorable files +*.nuget.props +*.nuget.targets + +# Microsoft Azure Build Output +csx/ +*.build.csdef + +# Microsoft Azure Emulator +ecf/ +rcf/ + +# Windows Store app package directories and files +AppPackages/ +BundleArtifacts/ +Package.StoreAssociation.xml +_pkginfo.txt +*.appx +*.appxbundle +*.appxupload + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!?*.[Cc]ache/ + +# Others +ClientBin/ +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.jfm +*.pfx +*.publishsettings +orleans.codegen.cs + +# Including strong name files can present a security risk +# (https://github.com/github/gitignore/pull/2483#issue-259490424) +#*.snk + +# Since there are multiple workflows, uncomment next line to ignore bower_components +# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) +#bower_components/ + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm +ServiceFabricBackup/ +*.rptproj.bak + +# SQL Server files +*.mdf +*.ldf +*.ndf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings +*.rptproj.rsuser +*- [Bb]ackup.rdl +*- [Bb]ackup ([0-9]).rdl +*- [Bb]ackup ([0-9][0-9]).rdl + +# Microsoft Fakes +FakesAssemblies/ + +# GhostDoc plugin setting file +*.GhostDoc.xml + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat +node_modules/ + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt + +# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) +*.vbw + +# Visual Studio 6 auto-generated project file (contains which files were open etc.) +*.vbp + +# Visual Studio 6 workspace and project file (working project files containing files to include in project) +*.dsw +*.dsp + +# Visual Studio 6 technical files +*.ncb +*.aps + +# Visual Studio LightSwitch build output +**/*.HTMLClient/GeneratedArtifacts +**/*.DesktopClient/GeneratedArtifacts +**/*.DesktopClient/ModelManifest.xml +**/*.Server/GeneratedArtifacts +**/*.Server/ModelManifest.xml +_Pvt_Extensions + +# Paket dependency manager +.paket/paket.exe +paket-files/ + +# FAKE - F# Make +.fake/ + +# CodeRush personal settings +.cr/personal + +# Python Tools for Visual Studio (PTVS) +__pycache__/ +*.pyc + +# Cake - Uncomment if you are using it +# tools/** +# !tools/packages.config + +# Tabs Studio +*.tss + +# Telerik's JustMock configuration file +*.jmconfig + +# BizTalk build output +*.btp.cs +*.btm.cs +*.odx.cs +*.xsd.cs + +# OpenCover UI analysis results +OpenCover/ + +# Azure Stream Analytics local run output +ASALocalRun/ + +# MSBuild Binary and Structured Log +*.binlog + +# NVidia Nsight GPU debugger configuration file +*.nvuser + +# MFractors (Xamarin productivity tool) working folder +.mfractor/ + +# Local History for Visual Studio +.localhistory/ + +# Visual Studio History (VSHistory) files +.vshistory/ + +# BeatPulse healthcheck temp database +healthchecksdb + +# Backup folder for Package Reference Convert tool in Visual Studio 2017 +MigrationBackup/ + +# Ionide (cross platform F# VS Code tools) working folder +.ionide/ + +# Fody - auto-generated XML schema +FodyWeavers.xsd + +# VS Code files for those working on multiple tools +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +*.code-workspace + +# Local History for Visual Studio Code +.history/ + +# Windows Installer files from build outputs +*.cab +*.msi +*.msix +*.msm +*.msp + +# JetBrains Rider +*.sln.iml +.idea/ + +## +## Visual studio for Mac +## + + +# globs +Makefile.in +*.userprefs +*.usertasks +config.make +config.status +aclocal.m4 +install-sh +autom4te.cache/ +*.tar.gz +tarballs/ +test-results/ + +# Mac bundle stuff +*.dmg +*.app + +# content below from: https://github.com/github/gitignore/blob/main/Global/macOS.gitignore +# General +.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon + + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +# content below from: https://github.com/github/gitignore/blob/main/Global/Windows.gitignore +# Windows thumbnail cache files +Thumbs.db +ehthumbs.db +ehthumbs_vista.db + +# Dump file +*.stackdump + +# Folder config file +[Dd]esktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msix +*.msm +*.msp + +# Windows shortcuts +*.lnk + +# Vim temporary swap files +*.swp diff --git a/examples/fixtures/runtimes/dotnet8/Program.cs b/examples/fixtures/runtimes/dotnet8/Program.cs new file mode 100644 index 00000000..0b1448d7 --- /dev/null +++ b/examples/fixtures/runtimes/dotnet8/Program.cs @@ -0,0 +1,16 @@ +using System.Text.Json; +using Amazon.Lambda.Core; +using Amazon.Lambda.RuntimeSupport; +using Amazon.Lambda.Serialization.SystemTextJson; + +[assembly: LambdaSerializer(typeof(DefaultLambdaJsonSerializer))] + +var handler = (JsonElement input, ILambdaContext context) => +{ + context.Logger.LogInformation($"Processing input: {input}"); + return "Hello from serverless.tf!!!"; +}; + +await LambdaBootstrapBuilder.Create(handler, new DefaultLambdaJsonSerializer()) + .Build() + .RunAsync(); diff --git a/examples/fixtures/runtimes/dotnet8/Program.csproj b/examples/fixtures/runtimes/dotnet8/Program.csproj new file mode 100644 index 00000000..a1f71466 --- /dev/null +++ b/examples/fixtures/runtimes/dotnet8/Program.csproj @@ -0,0 +1,18 @@ + + + net8.0 + bootstrap + Exe + true + false + enable + enable + true + + + + + + + + diff --git a/examples/fixtures/runtimes/go/.gitignore b/examples/fixtures/runtimes/go/.gitignore new file mode 100644 index 00000000..2da3a426 --- /dev/null +++ b/examples/fixtures/runtimes/go/.gitignore @@ -0,0 +1,2 @@ +go.sum +bootstrap diff --git a/examples/fixtures/runtimes/go/go.mod b/examples/fixtures/runtimes/go/go.mod new file mode 100644 index 00000000..c572c2e4 --- /dev/null +++ b/examples/fixtures/runtimes/go/go.mod @@ -0,0 +1,5 @@ +module main + +go 1.22.6 + +require github.com/aws/aws-lambda-go v1.47.0 // indirect diff --git a/examples/fixtures/runtimes/go/main.go b/examples/fixtures/runtimes/go/main.go new file mode 100644 index 00000000..6a5defa1 --- /dev/null +++ b/examples/fixtures/runtimes/go/main.go @@ -0,0 +1,23 @@ +package main + +import ( + "context" + "fmt" + "github.com/aws/aws-lambda-go/lambda" +) + +type MyEvent struct { + Name string `json:"name"` +} + +func HandleRequest(ctx context.Context, event *MyEvent) (*string, error) { + if event == nil { + return nil, fmt.Errorf("received nil event") + } + message := fmt.Sprintf("Hello %s! serverless.tf was here!", event.Name) + return &message, nil +} + +func main() { + lambda.Start(HandleRequest) +} diff --git a/examples/fixtures/runtimes/java21/.gitignore b/examples/fixtures/runtimes/java21/.gitignore new file mode 100644 index 00000000..67bcc2f7 --- /dev/null +++ b/examples/fixtures/runtimes/java21/.gitignore @@ -0,0 +1,2 @@ +.gradle/ +build/ diff --git a/examples/fixtures/runtimes/java21/build.gradle b/examples/fixtures/runtimes/java21/build.gradle new file mode 100644 index 00000000..53f6f6ee --- /dev/null +++ b/examples/fixtures/runtimes/java21/build.gradle @@ -0,0 +1,40 @@ +plugins { + id 'java' +} + +repositories { + mavenCentral() +} + +dependencies { + implementation 'com.amazonaws:aws-lambda-java-core:1.2.1' + implementation 'org.slf4j:slf4j-nop:2.0.6' + implementation 'com.fasterxml.jackson.core:jackson-databind:2.17.0' + testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.2' + testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.8.2' +} + +test { + useJUnitPlatform() +} + +// Using terraform-aws-lambda module, there is no need to make Zip archive by Gradle. Terraform AWS module will make it for you. +// task buildZip(type: Zip) { +// from compileJava +// from processResources +// into('lib') { +// from configurations.runtimeClasspath +// } +// } + +task copyFiles(type: Copy) { + into("$buildDir/output") + + from sourceSets.main.output + + into('lib') { + from configurations.runtimeClasspath + } +} + +build.dependsOn copyFiles diff --git a/examples/fixtures/runtimes/java21/src/main/java/example/Handler.java b/examples/fixtures/runtimes/java21/src/main/java/example/Handler.java new file mode 100644 index 00000000..08b14d81 --- /dev/null +++ b/examples/fixtures/runtimes/java21/src/main/java/example/Handler.java @@ -0,0 +1,19 @@ +package example; + +import com.amazonaws.services.lambda.runtime.Context; +import com.amazonaws.services.lambda.runtime.LambdaLogger; +import com.amazonaws.services.lambda.runtime.RequestHandler; + +import java.util.Map; + +// Handler value: example.Handler +public class Handler implements RequestHandler, String>{ + + @Override + public String handleRequest(Map event, Context context) + { + LambdaLogger logger = context.getLogger(); + logger.log("EVENT TYPE: " + event.getClass()); + return "Hello from serverless.tf!!!"; + } +} diff --git a/examples/fixtures/runtimes/rust/.gitignore b/examples/fixtures/runtimes/rust/.gitignore new file mode 100644 index 00000000..96ef6c0b --- /dev/null +++ b/examples/fixtures/runtimes/rust/.gitignore @@ -0,0 +1,2 @@ +/target +Cargo.lock diff --git a/examples/fixtures/runtimes/rust/Cargo.toml b/examples/fixtures/runtimes/rust/Cargo.toml new file mode 100644 index 00000000..781f306b --- /dev/null +++ b/examples/fixtures/runtimes/rust/Cargo.toml @@ -0,0 +1,20 @@ +[package] +name = "rust-app1" +version = "0.1.0" +edition = "2021" + +# Starting in Rust 1.62 you can use `cargo add` to add dependencies +# to your project. +# +# If you're using an older Rust version, +# download cargo-edit(https://github.com/killercup/cargo-edit#installation) +# to install the `add` subcommand. +# +# Running `cargo add DEPENDENCY_NAME` will +# add the latest version of a dependency to the list, +# and it will keep the alphabetic ordering for you. + +[dependencies] +lambda_http = "0.13.0" + +tokio = { version = "1", features = ["macros"] } diff --git a/examples/fixtures/runtimes/rust/src/main.rs b/examples/fixtures/runtimes/rust/src/main.rs new file mode 100644 index 00000000..4432a31c --- /dev/null +++ b/examples/fixtures/runtimes/rust/src/main.rs @@ -0,0 +1,30 @@ +use lambda_http::{run, service_fn, tracing, Body, Error, Request, RequestExt, Response}; + +/// This is the main body for the function. +/// Write your code inside it. +/// There are some code example in the following URLs: +/// - https://github.com/awslabs/aws-lambda-rust-runtime/tree/main/examples +async fn function_handler(event: Request) -> Result, Error> { + // Extract some useful information from the request + let who = event + .query_string_parameters_ref() + .and_then(|params| params.first("name")) + .unwrap_or("world"); + let message = format!("Hello {who}, this is an AWS Lambda HTTP request. serverless.tf was here!"); + + // Return something that implements IntoResponse. + // It will be serialized to the right response event automatically by the runtime + let resp = Response::builder() + .status(200) + .header("content-type", "text/html") + .body(message.into()) + .map_err(Box::new)?; + Ok(resp) +} + +#[tokio::main] +async fn main() -> Result<(), Error> { + tracing::init_default_subscriber(); + + run(service_fn(function_handler)).await +} diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index af982fc8..ed4c573a 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -15,21 +15,21 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | -| [aws.us-east-1](#provider\_aws.us-east-1) | >= 5.32 | +| [aws](#provider\_aws) | >= 6.0 | +| [aws.us-east-1](#provider\_aws.us-east-1) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -75,4 +75,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/multiple-regions/main.tf b/examples/multiple-regions/main.tf index dd2e229c..d30e1c2a 100644 --- a/examples/multiple-regions/main.tf +++ b/examples/multiple-regions/main.tf @@ -27,10 +27,10 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda1" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" publish = true - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" attach_dead_letter_policy = true dead_letter_target_arn = aws_sqs_queue.dlq.arn @@ -124,10 +124,10 @@ module "lambda_function_another_region" { function_name = "${random_pet.this.id}-lambda1" description = "Copy of my awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" publish = true - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" attach_dead_letter_policy = true dead_letter_target_arn = aws_sqs_queue.dlq_us_east_1.arn diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index 55278d04..d2f4f3e8 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/runtimes/README.md b/examples/runtimes/README.md new file mode 100644 index 00000000..95a28a08 --- /dev/null +++ b/examples/runtimes/README.md @@ -0,0 +1,70 @@ +# Runtimes Examples + +Configuration in this directory creates deployment packages for [various runtimes and programming languages (Rust, Go, Java, .NET)](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). + +Each runtime is executable by calling created Lambda Functions at the end. + +Look into [Build Package Examples](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) for more ways to build package (regardless of the runtime). + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | +| [http](#requirement\_http) | >= 3.0 | +| [random](#requirement\_random) | >= 3.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 6.0 | +| [http](#provider\_http) | >= 3.0 | +| [random](#provider\_random) | >= 3.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [dotnet8\_lambda\_function](#module\_dotnet8\_lambda\_function) | ../../ | n/a | +| [go\_lambda\_function](#module\_go\_lambda\_function) | ../../ | n/a | +| [java21\_lambda\_function](#module\_java21\_lambda\_function) | ../../ | n/a | +| [rust\_lambda\_function](#module\_rust\_lambda\_function) | ../../ | n/a | + +## Resources + +| Name | Type | +|------|------| +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_lambda_invocation.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_invocation) | data source | +| [http_http.this](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [dotnet8\_lambda\_function\_url](#output\_dotnet8\_lambda\_function\_url) | The URL of the Lambda Function in .NET 8 | +| [go\_lambda\_function\_url](#output\_go\_lambda\_function\_url) | The URL of the Lambda Function in Go | +| [java21\_lambda\_function\_arn](#output\_java21\_lambda\_function\_arn) | The ARN of the Lambda Function in Java 21 | +| [lambda\_function\_result](#output\_lambda\_function\_result) | The results of the Lambda Function calls | +| [lambda\_function\_status\_codes](#output\_lambda\_function\_status\_codes) | The status codes of the Lambda Function calls | +| [rust\_lambda\_function\_url](#output\_rust\_lambda\_function\_url) | The URL of the Lambda Function in Rust | + diff --git a/examples/runtimes/checks.tf b/examples/runtimes/checks.tf new file mode 100644 index 00000000..ce95562f --- /dev/null +++ b/examples/runtimes/checks.tf @@ -0,0 +1,38 @@ +locals { + successful_response_keyword = "serverless.tf" +} + +data "http" "this" { + for_each = { + rust = module.rust_lambda_function.lambda_function_url, + go = module.go_lambda_function.lambda_function_url, + dotnet8 = module.dotnet8_lambda_function.lambda_function_url, + } + + url = each.value + + lifecycle { + postcondition { + condition = length(regexall(local.successful_response_keyword, self.response_body)) > 0 + error_message = "${each.key}: ${local.successful_response_keyword} should be in the response." + } + } +} + +# I don't know how to make Java21 example to work with Lambda Function URL, so using Lambda Function invocation instead +data "aws_lambda_invocation" "this" { + for_each = { + java21 = module.java21_lambda_function.lambda_function_name, + } + + function_name = each.value + + input = jsonencode({}) + + lifecycle { + postcondition { + condition = length(regexall(local.successful_response_keyword, jsondecode(self.result))) > 0 + error_message = "${each.key}: ${local.successful_response_keyword} should be in the response." + } + } +} diff --git a/examples/runtimes/main.tf b/examples/runtimes/main.tf new file mode 100644 index 00000000..960b0375 --- /dev/null +++ b/examples/runtimes/main.tf @@ -0,0 +1,127 @@ +provider "aws" { + region = "eu-west-1" +} + +module "rust_lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-rust" + + attach_cloudwatch_logs_policy = false + cloudwatch_logs_retention_in_days = 1 + + create_lambda_function_url = true + + handler = "bootstrap" + runtime = "provided.al2023" + architectures = ["arm64"] # x86_64 (empty); arm64 (cargo lambda build --arm64) + + trigger_on_package_timestamp = false + + source_path = [ + { + path = "${path.module}/../fixtures/runtimes/rust" + commands = [ + # https://www.cargo-lambda.info/ + "cargo lambda build --release --arm64", + "cd target/lambda/rust-app1", + ":zip", + ] + patterns = [ + "!.*", + "bootstrap", + ] + } + ] +} + +module "go_lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-go" + + attach_cloudwatch_logs_policy = false + cloudwatch_logs_retention_in_days = 1 + + create_lambda_function_url = true + + handler = "bootstrap" + runtime = "provided.al2023" + architectures = ["arm64"] # x86_64 (GOARCH=amd64); arm64 (GOARCH=arm64) + + trigger_on_package_timestamp = false + + source_path = [ + { + path = "${path.module}/../fixtures/runtimes/go" + commands = [ + "GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -o bootstrap main.go", + ":zip", + ] + patterns = [ + "!.*", + "bootstrap", + ] + } + ] +} + +module "java21_lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-java21" + + attach_cloudwatch_logs_policy = false + cloudwatch_logs_retention_in_days = 1 + + handler = "example.Handler" + runtime = "java21" + architectures = ["arm64"] # x86_64 or arm64 + timeout = 30 + + trigger_on_package_timestamp = false + + source_path = [ + { + path = "${path.module}/../fixtures/runtimes/java21" + commands = [ + "gradle build -i", + "cd build/output", + ":zip", + ] + } + ] +} + +module "dotnet8_lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-dotnet8" + + attach_cloudwatch_logs_policy = false + cloudwatch_logs_retention_in_days = 1 + + create_lambda_function_url = true + + handler = "bootstrap" + runtime = "dotnet8" + architectures = ["arm64"] # x86_64 (--runtime linux-x64) or arm64 (--runtime linux-arm64) + timeout = 30 + + trigger_on_package_timestamp = false + + source_path = [ + { + path = "${path.module}/../fixtures/runtimes/dotnet8" + commands = [ + "dotnet publish --framework net8.0 --configuration Relesase --runtime linux-arm64 --output ./publish", + "cd publish", + ":zip", + ] + } + ] +} + +resource "random_pet" "this" { + length = 2 +} diff --git a/examples/runtimes/outputs.tf b/examples/runtimes/outputs.tf new file mode 100644 index 00000000..f3583367 --- /dev/null +++ b/examples/runtimes/outputs.tf @@ -0,0 +1,29 @@ +output "rust_lambda_function_url" { + description = "The URL of the Lambda Function in Rust" + value = module.rust_lambda_function.lambda_function_url +} + +output "go_lambda_function_url" { + description = "The URL of the Lambda Function in Go" + value = module.go_lambda_function.lambda_function_url +} + +output "java21_lambda_function_arn" { + description = "The ARN of the Lambda Function in Java 21" + value = module.java21_lambda_function.lambda_function_arn +} + +output "dotnet8_lambda_function_url" { + description = "The URL of the Lambda Function in .NET 8" + value = module.dotnet8_lambda_function.lambda_function_url +} + +output "lambda_function_result" { + description = "The results of the Lambda Function calls" + value = { for k, v in data.aws_lambda_invocation.this : k => jsondecode(v.result) } +} + +output "lambda_function_status_codes" { + description = "The status codes of the Lambda Function calls" + value = { for k, v in data.http.this : k => v.status_code } +} diff --git a/examples/runtimes/variables.tf b/examples/runtimes/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/runtimes/versions.tf b/examples/runtimes/versions.tf new file mode 100644 index 00000000..36f51034 --- /dev/null +++ b/examples/runtimes/versions.tf @@ -0,0 +1,18 @@ +terraform { + required_version = ">= 1.5.7" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 6.0" + } + random = { + source = "hashicorp/random" + version = ">= 3.0" + } + http = { + source = "hashicorp/http" + version = ">= 3.0" + } + } +} diff --git a/examples/simple-cicd/README.md b/examples/simple-cicd/README.md index 93d1e4c5..8afef1be 100644 --- a/examples/simple-cicd/README.md +++ b/examples/simple-cicd/README.md @@ -16,13 +16,13 @@ To run this example you need to execute: Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers @@ -50,4 +50,4 @@ No inputs. ## Outputs No outputs. - + diff --git a/examples/simple-cicd/main.tf b/examples/simple-cicd/main.tf index 66afc150..deefc9aa 100644 --- a/examples/simple-cicd/main.tf +++ b/examples/simple-cicd/main.tf @@ -1,6 +1,5 @@ provider "aws" { region = "eu-west-1" - # region = "us-east-1" # Make it faster by skipping something skip_metadata_api_check = true @@ -17,10 +16,10 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda-simple" handler = "index.lambda_handler" - runtime = "python3.10" + runtime = "python3.12" source_path = [ - "${path.module}/src/python3.10-app1", + "${path.module}/src/python-app1", ] trigger_on_package_timestamp = false } diff --git a/examples/simple-cicd/test.sh b/examples/simple-cicd/test.sh index 90ce9804..64cfbf57 100755 --- a/examples/simple-cicd/test.sh +++ b/examples/simple-cicd/test.sh @@ -65,7 +65,7 @@ terraform() { :note "Preparing ..." rm -rf src mkdir -p src -cp -r "../fixtures/python3.10-app1" src +cp -r "../fixtures/python-app1" src terraform init :echo "Destroy / Remove ZIP files" terraform destroy @@ -96,7 +96,7 @@ rm -rf builds 2>/dev/null || true :note "Starting Part 2: Check that CICD environment will detect diff if lambda code changes" :note "Change the source code / Remove 'builds' dir" -echo "" >> src/python3.10-app1/index.py +echo "" >> src/python-app1/index.py rm -rf builds :case "Plan / Expect diff" && { diff --git a/examples/simple-cicd/versions.tf b/examples/simple-cicd/versions.tf index 55278d04..d2f4f3e8 100644 --- a/examples/simple-cicd/versions.tf +++ b/examples/simple-cicd/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/simple/README.md b/examples/simple/README.md index 4c093861..b9a4f785 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -14,13 +14,13 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers @@ -69,4 +69,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/simple/main.tf b/examples/simple/main.tf index ab9aba1a..20c51910 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -17,12 +17,12 @@ resource "random_pet" "this" { # # function_name = "${random_pet.this.id}-lambda-edge" # handler = "index.lambda_handler" -# runtime = "python3.8" +# runtime = "python3.12" # lambda_at_edge = true # # attach_cloudwatch_logs_policy = true # -# source_path = "${path.module}/../fixtures/python3.8-app1/" +# source_path = "${path.module}/../fixtures/python-app1/" #} #resource "aws_cloudwatch_log_group" "this" { @@ -36,7 +36,7 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda-simple" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" # role_maximum_session_duration = 7200 @@ -87,51 +87,51 @@ module "lambda_function" { # } # } - # source_path = "${path.module}/../fixtures/python3.8-app1/" + # source_path = "${path.module}/../fixtures/python-app1/" # source_path = [ - # "${path.module}/../fixtures/python3.8-app1/index.py", + # "${path.module}/../fixtures/python-app1/index.py", # { - # pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" + # pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" # prefix_in_zip = "vendor" # } # ] # source_path = [ - # "${path.module}/../fixtures/python3.8-app1/index.py", - # "${path.module}/../fixtures/python3.8-app1/dir1/dir2", + # "${path.module}/../fixtures/python-app1/index.py", + # "${path.module}/../fixtures/python-app1/dir1/dir2", # { - # pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" + # pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" # } # ] # source_path = [ # { - # path = "${path.module}/../fixtures/python3.8-app1" + # path = "${path.module}/../fixtures/python-app1" # } # ] # source_path = [ # { - # path = "${path.module}/../fixtures/python3.8-app1" + # path = "${path.module}/../fixtures/python-app1" # pip_requirements = false # } # ] # source_path = [ # { - # path = "${path.module}/../fixtures/python3.8-app1" + # path = "${path.module}/../fixtures/python-app1" # pip_requirements = true # } # ] # source_path = [ # { - # path = "${path.module}/../fixtures/python3.8-app1" + # path = "${path.module}/../fixtures/python-app1" # commands = [ # ":zip", # "cd `mktemp -d`", - # "pip install --target=. -r ${path.module}/../fixtures/python3.8-app1/requirements.txt", + # "pip install --target=. -r ${path.module}/../fixtures/python-app1/requirements.txt", # ":zip . vendor/", # ] # patterns = [ @@ -144,12 +144,12 @@ module "lambda_function" { source_path = [ # { - # pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" + # pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" # pip_requirements = "${path.module}/../deploy/requirements.txt" # }, - "${path.module}/../fixtures/python3.8-app1/index.py", + "${path.module}/../fixtures/python-app1/index.py", # { - # path = "${path.module}/../fixtures/python3.8-app1/index.py" + # path = "${path.module}/../fixtures/python-app1/index.py" # patterns = < + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -73,4 +73,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/triggers/main.tf b/examples/triggers/main.tf index 06627afd..8317a81a 100644 --- a/examples/triggers/main.tf +++ b/examples/triggers/main.tf @@ -17,11 +17,11 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda-triggers" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" publish = true create_package = false - local_existing_package = "${path.module}/../fixtures/python3.8-zip/existing_package.zip" + local_existing_package = "${path.module}/../fixtures/python-zip/existing_package.zip" allowed_triggers = { ScanAmiRule = { diff --git a/examples/triggers/versions.tf b/examples/triggers/versions.tf index 55278d04..d2f4f3e8 100644 --- a/examples/triggers/versions.tf +++ b/examples/triggers/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index f835445d..ce9cc15e 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -15,20 +15,20 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -75,4 +75,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/with-efs/main.tf b/examples/with-efs/main.tf index 8fcd8787..90a0abed 100644 --- a/examples/with-efs/main.tf +++ b/examples/with-efs/main.tf @@ -17,9 +17,9 @@ module "lambda_function_with_efs" { function_name = "${random_pet.this.id}-lambda-in-vpc" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" vpc_subnet_ids = module.vpc.intra_subnets vpc_security_group_ids = [module.vpc.default_security_group_id] diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index 55278d04..d2f4f3e8 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index d84f6bdc..f84ba32c 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -16,20 +16,20 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 3.4 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 3.4 | ## Modules @@ -38,7 +38,7 @@ Note that this example may create resources which cost money. Run `terraform des |------|--------|---------| | [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.0 | | [lambda\_s3\_write](#module\_lambda\_s3\_write) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | +| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 | | [security\_group\_lambda](#module\_security\_group\_lambda) | terraform-aws-modules/security-group/aws | ~> 4.0 | | [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | | [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | ~> 5.0 | @@ -81,4 +81,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/with-vpc-s3-endpoint/main.tf b/examples/with-vpc-s3-endpoint/main.tf index 3c37db51..29de6eba 100644 --- a/examples/with-vpc-s3-endpoint/main.tf +++ b/examples/with-vpc-s3-endpoint/main.tf @@ -20,13 +20,13 @@ module "lambda_s3_write" { function_name = random_pet.this.id handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" - source_path = "${path.module}/../fixtures/python3.8-app2" + source_path = "${path.module}/../fixtures/python-app2" environment_variables = { BUCKET_NAME = module.s3_bucket.s3_bucket_id - REGION_NAME = data.aws_region.current.name + REGION_NAME = data.aws_region.current.region } # Let the module create a role for us @@ -54,7 +54,7 @@ resource "random_pet" "this" { } data "aws_ec2_managed_prefix_list" "this" { - name = "com.amazonaws.${data.aws_region.current.name}.s3" + name = "com.amazonaws.${data.aws_region.current.region}.s3" } module "vpc" { @@ -64,7 +64,7 @@ module "vpc" { name = random_pet.this.id cidr = "10.0.0.0/16" - azs = ["${data.aws_region.current.name}a", "${data.aws_region.current.name}b", "${data.aws_region.current.name}c"] + azs = ["${data.aws_region.current.region}a", "${data.aws_region.current.region}b", "${data.aws_region.current.region}c"] # Intra subnets are designed to have no Internet access via NAT Gateway. intra_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] @@ -160,7 +160,7 @@ module "kms" { module "s3_bucket" { source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 3.0" + version = "~> 5.0" bucket_prefix = "${random_pet.this.id}-" force_destroy = true diff --git a/examples/with-vpc-s3-endpoint/versions.tf b/examples/with-vpc-s3-endpoint/versions.tf index fd604c66..7f27783c 100644 --- a/examples/with-vpc-s3-endpoint/versions.tf +++ b/examples/with-vpc-s3-endpoint/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 28844bbd..e1808811 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -16,13 +16,13 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers @@ -72,4 +72,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/with-vpc/main.tf b/examples/with-vpc/main.tf index 1d4b6179..d373d724 100644 --- a/examples/with-vpc/main.tf +++ b/examples/with-vpc/main.tf @@ -17,9 +17,9 @@ module "lambda_function_in_vpc" { function_name = "${random_pet.this.id}-lambda-in-vpc" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" vpc_subnet_ids = module.vpc.intra_subnets vpc_security_group_ids = [module.vpc.default_security_group_id] diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index 55278d04..d2f4f3e8 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/iam.tf b/iam.tf index 436a4398..8b0440e1 100644 --- a/iam.tf +++ b/iam.tf @@ -131,20 +131,12 @@ data "aws_iam_policy_document" "logs" { } } -resource "aws_iam_policy" "logs" { +resource "aws_iam_role_policy" "logs" { count = local.create_role && var.attach_cloudwatch_logs_policy ? 1 : 0 name = "${local.policy_name}-logs" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy_document.logs[0].json - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "logs" { - count = local.create_role && var.attach_cloudwatch_logs_policy ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.logs[0].arn } ##################### @@ -168,20 +160,12 @@ data "aws_iam_policy_document" "dead_letter" { } } -resource "aws_iam_policy" "dead_letter" { +resource "aws_iam_role_policy" "dead_letter" { count = local.create_role && var.attach_dead_letter_policy ? 1 : 0 name = "${local.policy_name}-dl" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy_document.dead_letter[0].json - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "dead_letter" { - count = local.create_role && var.attach_dead_letter_policy ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.dead_letter[0].arn } ###### @@ -195,20 +179,12 @@ data "aws_iam_policy" "vpc" { arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSLambdaENIManagementAccess" } -resource "aws_iam_policy" "vpc" { +resource "aws_iam_role_policy" "vpc" { count = local.create_role && var.attach_network_policy ? 1 : 0 name = "${local.policy_name}-vpc" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy.vpc[0].policy - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "vpc" { - count = local.create_role && var.attach_network_policy ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.vpc[0].arn } ##################### @@ -222,20 +198,12 @@ data "aws_iam_policy" "tracing" { arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AWSXRayDaemonWriteAccess" } -resource "aws_iam_policy" "tracing" { +resource "aws_iam_role_policy" "tracing" { count = local.create_role && var.attach_tracing_policy ? 1 : 0 name = "${local.policy_name}-tracing" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy.tracing[0].policy - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "tracing" { - count = local.create_role && var.attach_tracing_policy ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.tracing[0].arn } ############################### @@ -259,60 +227,36 @@ data "aws_iam_policy_document" "async" { } } -resource "aws_iam_policy" "async" { +resource "aws_iam_role_policy" "async" { count = local.create_role && var.attach_async_event_policy ? 1 : 0 name = "${local.policy_name}-async" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy_document.async[0].json - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "async" { - count = local.create_role && var.attach_async_event_policy ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.async[0].arn } ########################### # Additional policy (JSON) ########################### -resource "aws_iam_policy" "additional_json" { +resource "aws_iam_role_policy" "additional_json" { count = local.create_role && var.attach_policy_json ? 1 : 0 name = local.policy_name - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = var.policy_json - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "additional_json" { - count = local.create_role && var.attach_policy_json ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.additional_json[0].arn } ##################################### # Additional policies (list of JSON) ##################################### -resource "aws_iam_policy" "additional_jsons" { +resource "aws_iam_role_policy" "additional_jsons" { count = local.create_role && var.attach_policy_jsons ? var.number_of_policy_jsons : 0 name = "${local.policy_name}-${count.index}" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = var.policy_jsons[count.index] - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "additional_jsons" { - count = local.create_role && var.attach_policy_jsons ? var.number_of_policy_jsons : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.additional_jsons[count.index].arn } ########################### @@ -383,18 +327,10 @@ data "aws_iam_policy_document" "additional_inline" { } } -resource "aws_iam_policy" "additional_inline" { +resource "aws_iam_role_policy" "additional_inline" { count = local.create_role && var.attach_policy_statements ? 1 : 0 name = "${local.policy_name}-inline" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy_document.additional_inline[0].json - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "additional_inline" { - count = local.create_role && var.attach_policy_statements ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.additional_inline[0].arn } diff --git a/main.tf b/main.tf index 68c2f9b6..cc7d011a 100644 --- a/main.tf +++ b/main.tf @@ -24,6 +24,8 @@ locals { resource "aws_lambda_function" "this" { count = local.create && var.create_function && !var.create_layer ? 1 : 0 + region = var.region + function_name = var.function_name description = var.description role = var.create_role ? aws_iam_role.lambda[0].arn : var.lambda_role @@ -41,6 +43,7 @@ resource "aws_lambda_function" "this" { code_signing_config_arn = var.code_signing_config_arn replace_security_groups_on_destroy = var.replace_security_groups_on_destroy replacement_security_group_ids = var.replacement_security_group_ids + skip_destroy = var.skip_destroy /* ephemeral_storage is not supported in gov-cloud region, so it should be set to `null` */ dynamic "ephemeral_storage" { @@ -91,8 +94,9 @@ resource "aws_lambda_function" "this" { dynamic "vpc_config" { for_each = var.vpc_subnet_ids != null && var.vpc_security_group_ids != null ? [true] : [] content { - security_group_ids = var.vpc_security_group_ids - subnet_ids = var.vpc_subnet_ids + security_group_ids = var.vpc_security_group_ids + subnet_ids = var.vpc_subnet_ids + ipv6_allowed_for_dual_stack = var.ipv6_allowed_for_dual_stack } } @@ -135,7 +139,11 @@ resource "aws_lambda_function" "this" { } } - tags = merge(var.tags, var.function_tags) + tags = merge( + var.include_default_tag ? { terraform-aws-modules = "lambda" } : {}, + var.tags, + var.function_tags + ) depends_on = [ null_resource.archive, @@ -148,22 +156,24 @@ resource "aws_lambda_function" "this" { aws_cloudwatch_log_group.lambda, # Before the lambda is created the execution role with all its policies should be ready - aws_iam_role_policy_attachment.additional_inline, - aws_iam_role_policy_attachment.additional_json, - aws_iam_role_policy_attachment.additional_jsons, + aws_iam_role_policy.additional_inline, + aws_iam_role_policy.additional_json, + aws_iam_role_policy.additional_jsons, + aws_iam_role_policy.async, + aws_iam_role_policy.dead_letter, + aws_iam_role_policy.logs, + aws_iam_role_policy.tracing, + aws_iam_role_policy.vpc, aws_iam_role_policy_attachment.additional_many, aws_iam_role_policy_attachment.additional_one, - aws_iam_role_policy_attachment.async, - aws_iam_role_policy_attachment.logs, - aws_iam_role_policy_attachment.dead_letter, - aws_iam_role_policy_attachment.vpc, - aws_iam_role_policy_attachment.tracing, ] } resource "aws_lambda_layer_version" "this" { count = local.create && var.create_layer ? 1 : 0 + region = var.region + layer_name = var.layer_name description = var.description license_info = var.license_info @@ -185,6 +195,8 @@ resource "aws_lambda_layer_version" "this" { resource "aws_s3_object" "lambda_package" { count = local.create && var.store_on_s3 && var.create_package ? 1 : 0 + region = var.region + bucket = var.s3_bucket acl = var.s3_acl key = local.s3_key @@ -212,15 +224,21 @@ resource "aws_s3_object" "lambda_package" { data "aws_cloudwatch_log_group" "lambda" { count = local.create && var.create_function && !var.create_layer && var.use_existing_cloudwatch_log_group ? 1 : 0 + region = var.region + name = coalesce(var.logging_log_group, "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}") } resource "aws_cloudwatch_log_group" "lambda" { count = local.create && var.create_function && !var.create_layer && !var.use_existing_cloudwatch_log_group ? 1 : 0 + region = var.region + name = coalesce(var.logging_log_group, "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}") retention_in_days = var.cloudwatch_logs_retention_in_days kms_key_id = var.cloudwatch_logs_kms_key_id + skip_destroy = var.cloudwatch_logs_skip_destroy + log_group_class = var.cloudwatch_logs_log_group_class tags = merge(var.tags, var.cloudwatch_logs_tags) } @@ -228,6 +246,8 @@ resource "aws_cloudwatch_log_group" "lambda" { resource "aws_lambda_provisioned_concurrency_config" "current_version" { count = local.create && var.create_function && !var.create_layer && var.provisioned_concurrent_executions > -1 ? 1 : 0 + region = var.region + function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version @@ -241,6 +261,8 @@ locals { resource "aws_lambda_function_event_invoke_config" "this" { for_each = { for k, v in local.qualifiers : k => v if v != null && local.create && var.create_function && !var.create_layer && var.create_async_event_config } + region = var.region + function_name = aws_lambda_function.this[0].function_name qualifier = each.key == "current_version" ? aws_lambda_function.this[0].version : null @@ -270,36 +292,52 @@ resource "aws_lambda_function_event_invoke_config" "this" { resource "aws_lambda_permission" "current_version_triggers" { for_each = { for k, v in var.allowed_triggers : k => v if local.create && var.create_function && !var.create_layer && var.create_current_version_allowed_triggers } + region = var.region + function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version - statement_id = try(each.value.statement_id, each.key) - action = try(each.value.action, "lambda:InvokeFunction") - principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) - principal_org_id = try(each.value.principal_org_id, null) - source_arn = try(each.value.source_arn, null) - source_account = try(each.value.source_account, null) - event_source_token = try(each.value.event_source_token, null) + statement_id_prefix = try(each.value.statement_id, each.key) + action = try(each.value.action, "lambda:InvokeFunction") + principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + principal_org_id = try(each.value.principal_org_id, null) + source_arn = try(each.value.source_arn, null) + source_account = try(each.value.source_account, null) + event_source_token = try(each.value.event_source_token, null) + function_url_auth_type = try(each.value.function_url_auth_type, null) + + lifecycle { + create_before_destroy = true + } } # Error: Error adding new Lambda Permission for lambda: InvalidParameterValueException: We currently do not support adding policies for $LATEST. resource "aws_lambda_permission" "unqualified_alias_triggers" { for_each = { for k, v in var.allowed_triggers : k => v if local.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers } + region = var.region + function_name = aws_lambda_function.this[0].function_name - statement_id = try(each.value.statement_id, each.key) - action = try(each.value.action, "lambda:InvokeFunction") - principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) - principal_org_id = try(each.value.principal_org_id, null) - source_arn = try(each.value.source_arn, null) - source_account = try(each.value.source_account, null) - event_source_token = try(each.value.event_source_token, null) + statement_id_prefix = try(each.value.statement_id, each.key) + action = try(each.value.action, "lambda:InvokeFunction") + principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + principal_org_id = try(each.value.principal_org_id, null) + source_arn = try(each.value.source_arn, null) + source_account = try(each.value.source_account, null) + event_source_token = try(each.value.event_source_token, null) + function_url_auth_type = try(each.value.function_url_auth_type, null) + + lifecycle { + create_before_destroy = true + } } resource "aws_lambda_event_source_mapping" "this" { for_each = { for k, v in var.event_source_mapping : k => v if local.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers } + region = var.region + function_name = aws_lambda_function.this[0].arn event_source_arn = try(each.value.event_source_arn, null) @@ -316,6 +354,7 @@ resource "aws_lambda_event_source_mapping" "this" { topics = try(each.value.topics, null) queues = try(each.value.queues, null) function_response_types = try(each.value.function_response_types, null) + tumbling_window_in_seconds = try(each.value.tumbling_window_in_seconds, null) dynamic "destination_config" { for_each = try(each.value.destination_arn_on_failure, null) != null ? [true] : [] @@ -375,11 +414,41 @@ resource "aws_lambda_event_source_mapping" "this" { } } } + + dynamic "document_db_event_source_config" { + for_each = try(each.value.document_db_event_source_config, []) + + content { + database_name = document_db_event_source_config.value.database_name + collection_name = try(document_db_event_source_config.value.collection_name, null) + full_document = try(document_db_event_source_config.value.full_document, null) + } + } + + dynamic "metrics_config" { + for_each = try([each.value.metrics_config], []) + + content { + metrics = metrics_config.value.metrics + } + } + + dynamic "provisioned_poller_config" { + for_each = try([each.value.provisioned_poller_config], []) + content { + maximum_pollers = try(provisioned_poller_config.value.maximum_pollers, null) + minimum_pollers = try(provisioned_poller_config.value.minimum_pollers, null) + } + } + + tags = merge(var.tags, try(each.value.tags, {})) } resource "aws_lambda_function_url" "this" { count = local.create && var.create_function && !var.create_layer && var.create_lambda_function_url ? 1 : 0 + region = var.region + function_name = aws_lambda_function.this[0].function_name # Error: error creating Lambda Function URL: ValidationException @@ -401,6 +470,15 @@ resource "aws_lambda_function_url" "this" { } } +resource "aws_lambda_function_recursion_config" "this" { + count = local.create && var.create_function && !var.create_layer && var.recursive_loop == "Allow" ? 1 : 0 + + region = var.region + + function_name = aws_lambda_function.this[0].function_name + recursive_loop = var.recursive_loop +} + # This resource contains the extra information required by SAM CLI to provide the testing capabilities # to the TF application. The required data is where SAM CLI can find the Lambda function source code # and what are the resources that contain the building logic. diff --git a/modules/alias/README.md b/modules/alias/README.md index ec1df03b..5ee31171 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -17,7 +17,7 @@ module "lambda_function" { function_name = "my-lambda1" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" source_path = "../src/lambda-function1" } @@ -110,19 +110,19 @@ module "lambda" { * [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create Lambda function and aliases in various combinations with all supported features. - + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.9 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.9 | +| [aws](#provider\_aws) | >= 6.0 | ## Modules @@ -177,7 +177,7 @@ No modules. | [lambda\_alias\_function\_version](#output\_lambda\_alias\_function\_version) | Lambda function version which the alias uses | | [lambda\_alias\_invoke\_arn](#output\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | | [lambda\_alias\_name](#output\_lambda\_alias\_name) | The name of the Lambda Function Alias | - + ## Authors diff --git a/modules/alias/main.tf b/modules/alias/main.tf index c2151c9f..e57079a2 100644 --- a/modules/alias/main.tf +++ b/modules/alias/main.tf @@ -155,6 +155,20 @@ resource "aws_lambda_event_source_mapping" "this" { } } + dynamic "self_managed_kafka_event_source_config" { + for_each = try(each.value.self_managed_kafka_event_source_config, []) + content { + consumer_group_id = try(self_managed_kafka_event_source_config.value.consumer_group_id, null) + } + } + + dynamic "amazon_managed_kafka_event_source_config" { + for_each = try(each.value.amazon_managed_kafka_event_source_config, []) + content { + consumer_group_id = try(amazon_managed_kafka_event_source_config.value.consumer_group_id, null) + } + } + dynamic "source_access_configuration" { for_each = try(each.value.source_access_configuration, []) content { @@ -167,8 +181,12 @@ resource "aws_lambda_event_source_mapping" "this" { for_each = try(each.value.filter_criteria, null) != null ? [true] : [] content { - filter { - pattern = try(each.value["filter_criteria"].pattern, null) + dynamic "filter" { + for_each = try(flatten([each.value.filter_criteria]), []) + + content { + pattern = try(filter.value.pattern, null) + } } } } diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index dbc484ad..db13b0a8 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.9" + version = ">= 6.0" } } } diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 61afceac..b5d535c9 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -22,7 +22,7 @@ module "lambda_function" { function_name = "my-lambda1" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" source_path = "../src/lambda-function1" } @@ -95,13 +95,13 @@ module "lambda" { * [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Creates Lambda Function, Alias, and all resources required to create deployments using AWS CodeDeploy. - + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 3.35 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -109,7 +109,7 @@ module "lambda" { | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.35 | +| [aws](#provider\_aws) | >= 6.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | @@ -137,6 +137,7 @@ No modules. | [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | | [aws_lambda_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | | [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_function) | data source | +| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | ## Inputs @@ -151,10 +152,10 @@ No modules. | [attach\_hooks\_policy](#input\_attach\_hooks\_policy) | Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined. | `bool` | `true` | no | | [attach\_triggers\_policy](#input\_attach\_triggers\_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | | [auto\_rollback\_enabled](#input\_auto\_rollback\_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | -| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | +| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | | [aws\_cli\_command](#input\_aws\_cli\_command) | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | | [before\_allow\_traffic\_hook\_arn](#input\_before\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | +| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | | [codedeploy\_role\_name](#input\_codedeploy\_role\_name) | IAM role name to create or use by CodeDeploy | `string` | `""` | no | | [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | | [create\_app](#input\_create\_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | @@ -168,7 +169,7 @@ No modules. | [force\_deploy](#input\_force\_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | | [function\_name](#input\_function\_name) | The name of the Lambda function to deploy | `string` | `""` | no | | [get\_deployment\_sleep\_timer](#input\_get\_deployment\_sleep\_timer) | Adds additional sleep time to get-deployment command to avoid the service throttling | `number` | `5` | no | -| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | +| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | | [run\_deployment](#input\_run\_deployment) | Run AWS CLI command to start the deployment | `bool` | `false` | no | | [save\_deploy\_script](#input\_save\_deploy\_script) | Save deploy script locally | `bool` | `false` | no | | [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | @@ -191,7 +192,7 @@ No modules. | [codedeploy\_iam\_role\_name](#output\_codedeploy\_iam\_role\_name) | Name of IAM role used by CodeDeploy | | [deploy\_script](#output\_deploy\_script) | Path to a deployment script | | [script](#output\_script) | Deployment script | - + ## Authors diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index 4504f099..d88c0894 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -86,6 +86,8 @@ EOF } +data "aws_partition" "current" {} + data "aws_lambda_alias" "this" { count = var.create && var.create_deployment ? 1 : 0 @@ -209,7 +211,7 @@ resource "aws_iam_role_policy_attachment" "codedeploy" { count = var.create && var.create_codedeploy_role ? 1 : 0 role = try(aws_iam_role.codedeploy[0].id, "") - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda" + policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda" } data "aws_iam_policy_document" "hooks" { diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index 5a82f93b..ddb64c76 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.35" + version = ">= 6.0" } local = { source = "hashicorp/local" diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 4588ee8c..8d9d8315 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -2,6 +2,8 @@ Terraform module that builds Docker image from `Dockerfile` and pushes it to ECR repository. Lambda can deploy container images from private ECR. +If you need to create ECR resources in flexible way, you should use [terraform-aws-ecr module](https://github.com/terraform-aws-modules/terraform-aws-ecr/). See `examples/container-image` for related examples. + This Terraform module is the part of [serverless.tf framework](https://github.com/antonbabenko/serverless.tf), which aims to simplify all operations when working with the serverless in Terraform. ## Usage @@ -47,25 +49,25 @@ module "docker_image" { ## Examples -* [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Creates Docker Image and deploy Lambda Function using it. +* [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Creates Docker Image, ECR resository and deploys it Lambda Function. - + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.22 | -| [docker](#requirement\_docker) | >= 3.0 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | +| [docker](#requirement\_docker) | >= 3.5.0 | | [null](#requirement\_null) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.22 | -| [docker](#provider\_docker) | >= 3.0 | +| [aws](#provider\_aws) | >= 6.0 | +| [docker](#provider\_docker) | >= 3.5.0 | | [null](#provider\_null) | >= 2.0 | ## Modules @@ -89,6 +91,9 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [build\_args](#input\_build\_args) | A map of Docker build arguments. | `map(string)` | `{}` | no | +| [build\_target](#input\_build\_target) | Set the target build stage to build | `string` | `null` | no | +| [builder](#input\_builder) | The buildx builder to use for the Docker build. | `string` | `null` | no | +| [cache\_from](#input\_cache\_from) | List of images to consider as cache sources when building the image. | `list(string)` | `[]` | no | | [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | | [create\_sam\_metadata](#input\_create\_sam\_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no | | [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | @@ -114,7 +119,7 @@ No modules. |------|-------------| | [image\_id](#output\_image\_id) | The ID of the Docker image | | [image\_uri](#output\_image\_uri) | The ECR image URI for deploying lambda | - + ## Authors diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index 6ed24831..559060cb 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -3,7 +3,7 @@ data "aws_region" "current" {} data "aws_caller_identity" "this" {} locals { - ecr_address = coalesce(var.ecr_address, format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.name)) + ecr_address = coalesce(var.ecr_address, format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.region)) ecr_repo = var.create_ecr_repo ? aws_ecr_repository.this[0].id : var.ecr_repo image_tag = var.use_image_tag ? coalesce(var.image_tag, formatdate("YYYYMMDDhhmmss", timestamp())) : null ecr_image_name = var.use_image_tag ? format("%v/%v:%v", local.ecr_address, local.ecr_repo, local.image_tag) : format("%v/%v", local.ecr_address, local.ecr_repo) @@ -16,7 +16,10 @@ resource "docker_image" "this" { context = var.source_path dockerfile = var.docker_file_path build_args = var.build_args + builder = var.builder + target = var.build_target platform = var.platform + cache_from = var.cache_from } force_remove = var.force_remove diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf index 509f35f3..110ce554 100644 --- a/modules/docker-build/variables.tf +++ b/modules/docker-build/variables.tf @@ -71,12 +71,24 @@ variable "ecr_repo_tags" { default = {} } +variable "builder" { + description = "The buildx builder to use for the Docker build." + type = string + default = null +} + variable "build_args" { description = "A map of Docker build arguments." type = map(string) default = {} } +variable "build_target" { + description = "Set the target build stage to build" + type = string + default = null +} + variable "ecr_repo_lifecycle_policy" { description = "A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images." type = string @@ -112,3 +124,9 @@ variable "triggers" { type = map(string) default = {} } + +variable "cache_from" { + description = "List of images to consider as cache sources when building the image." + type = list(string) + default = [] +} diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index 93aadf1a..b203b635 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -1,14 +1,14 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.22" + version = ">= 6.0" } docker = { source = "kreuzwerker/docker" - version = ">= 3.0" + version = ">= 3.5.0" } null = { source = "hashicorp/null" diff --git a/outputs.tf b/outputs.tf index 6d53a66c..93624833 100644 --- a/outputs.tf +++ b/outputs.tf @@ -6,7 +6,7 @@ output "lambda_function_arn" { output "lambda_function_arn_static" { description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" - value = local.create && var.create_function && !var.create_layer ? "arn:aws:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:${var.function_name}" : "" + value = local.create && var.create_function && !var.create_layer ? "arn:${data.aws_partition.current.partition}:lambda:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:function:${var.function_name}" : "" } output "lambda_function_invoke_arn" { @@ -102,6 +102,11 @@ output "lambda_layer_version" { } # Lambda Event Source Mapping +output "lambda_event_source_mapping_arn" { + description = "The event source mapping ARN" + value = { for k, v in aws_lambda_event_source_mapping.this : k => v.arn } +} + output "lambda_event_source_mapping_function_arn" { description = "The the ARN of the Lambda function the event source mapping is sending events to" value = { for k, v in aws_lambda_event_source_mapping.this : k => v.function_arn } diff --git a/package.py b/package.py index d5ae6703..3261a282 100644 --- a/package.py +++ b/package.py @@ -124,11 +124,12 @@ def tempdir(dir=None): """Creates a temporary directory and then deletes it afterwards.""" prefix = "terraform-aws-lambda-" path = tempfile.mkdtemp(prefix=prefix, dir=dir) - cmd_log.info("mktemp -d %sXXXXXXXX # %s", prefix, shlex.quote(path)) + abs_path = os.path.abspath(path) + cmd_log.info("mktemp -d %sXXXXXXXX # %s", prefix, shlex.quote(abs_path)) try: - yield path + yield abs_path finally: - shutil.rmtree(path) + shutil.rmtree(abs_path) def list_files(top_path, log=None): @@ -271,12 +272,16 @@ def update_hash(hash_obj, file_root, file_path): relative_path = os.path.join(file_root, file_path) hash_obj.update(relative_path.encode()) - with open(relative_path, "rb") as open_file: - while True: - data = open_file.read(1024 * 8) - if not data: - break - hash_obj.update(data) + try: + with open(relative_path, "rb") as open_file: + while True: + data = open_file.read(1024 * 8) + if not data: + break + hash_obj.update(data) + # ignore broken symlinks content to don't fail on `terraform destroy` command + except FileNotFoundError: + pass class ZipWriteStream: @@ -288,9 +293,11 @@ def __init__( compress_type=zipfile.ZIP_DEFLATED, compresslevel=None, timestamp=None, + quiet=False, ): self.timestamp = timestamp self.filename = zip_filename + self.quiet = quiet if not (self.filename and isinstance(self.filename, str)): raise ValueError("Zip file path must be provided") @@ -307,7 +314,8 @@ def open(self): raise zipfile.BadZipFile("ZipStream object can't be reused") self._ensure_base_path(self.filename) self._tmp_filename = "{}.tmp".format(self.filename) - self._log.info("creating '%s' archive", self.filename) + if not self.quiet: + self._log.info("creating '%s' archive", self.filename) self._zip = zipfile.ZipFile(self._tmp_filename, "w", self._compress_type) return self @@ -351,7 +359,8 @@ def write_dirs(self, *base_dirs, prefix=None, timestamp=None): """ self._ensure_open() for base_dir in base_dirs: - self._log.info("adding content of directory: %s", base_dir) + if not self.quiet: + self._log.info("adding content of directory: %s", base_dir) for path in emit_dir_content(base_dir): arcname = os.path.relpath(path, base_dir) self._write_file(path, prefix, arcname, timestamp) @@ -377,10 +386,11 @@ def _write_file(self, file_path, prefix=None, name=None, timestamp=None): if prefix: arcname = os.path.join(prefix, arcname) zinfo = self._make_zinfo_from_file(file_path, arcname) - if zinfo.is_dir(): - self._log.info("adding: %s/", arcname) - else: - self._log.info("adding: %s", arcname) + if not self.quiet: + if zinfo.is_dir(): + self._log.info("adding: %s/", arcname) + else: + self._log.info("adding: %s", arcname) if timestamp is None: timestamp = self.timestamp date_time = self._timestamp_to_date_time(timestamp) @@ -567,6 +577,10 @@ def compile(self, patterns): rules.append((None, r)) self._rules = rules + def reset(self): + self._log.debug("reset filter patterns") + self._rules = None + def filter(self, path, prefix=None): path = os.path.normpath(path) if prefix: @@ -670,9 +684,13 @@ def plan(self, source_path, query): source_paths = [] build_plan = [] + build_step = [] - step = lambda *x: build_plan.append(x) - hash = source_paths.append + def step(*x): + build_step.append(x) + + def hash(path): + source_paths.append(path) def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): command = runtime @@ -693,7 +711,9 @@ def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): step("pip", runtime, requirements, prefix, tmp_dir) hash(requirements) - def poetry_install_step(path, prefix=None, required=False): + def poetry_install_step( + path, poetry_export_extra_args=[], prefix=None, required=False, tmp_dir=None + ): pyproject_file = path if os.path.isdir(path): pyproject_file = os.path.join(path, "pyproject.toml") @@ -703,7 +723,7 @@ def poetry_install_step(path, prefix=None, required=False): "poetry configuration not found: {}".format(pyproject_file) ) else: - step("poetry", runtime, path, prefix) + step("poetry", runtime, path, poetry_export_extra_args, prefix, tmp_dir) hash(pyproject_file) pyproject_path = os.path.dirname(pyproject_file) poetry_lock_file = os.path.join(pyproject_path, "poetry.lock") @@ -718,6 +738,14 @@ def npm_requirements_step(path, prefix=None, required=False, tmp_dir=None): requirements = path if os.path.isdir(path): requirements = os.path.join(path, "package.json") + npm_lock_file = os.path.join(path, "package-lock.json") + else: + npm_lock_file = os.path.join(os.path.dirname(path), "package-lock.json") + + if os.path.isfile(npm_lock_file): + hash(npm_lock_file) + log.info("Added npm lock file: %s", npm_lock_file) + if not os.path.isfile(requirements): if required: raise RuntimeError("File not found: {}".format(requirements)) @@ -740,35 +768,30 @@ def commands_step(path, commands): if path: path = os.path.normpath(path) + step("set:workdir", path) + batch = [] for c in commands: if isinstance(c, str): if c.startswith(":zip"): if path: hash(path) - else: - # If path doesn't defined for a block with - # commands it will be set to Terraform's - # current working directory - # NB: cwd may vary when using Terraform 0.14+ like: - # `terraform -chdir=...` - path = query.paths.cwd if batch: - step("sh", path, "\n".join(batch)) + step("sh", "\n".join(batch)) batch.clear() c = shlex.split(c) - if len(c) == 3: + n = len(c) + if n == 3: _, _path, prefix = c prefix = prefix.strip() - _path = os.path.normpath(os.path.join(path, _path)) + _path = os.path.normpath(_path) step("zip:embedded", _path, prefix) - elif len(c) == 2: - prefix = None + elif n == 2: _, _path = c - step("zip:embedded", _path, prefix) - elif len(c) == 1: - prefix = None - step("zip:embedded", path, prefix) + _path = os.path.normpath(_path) + step("zip:embedded", _path) + elif n == 1: + step("zip:embedded") else: raise ValueError( ":zip invalid call signature, use: " @@ -776,6 +799,9 @@ def commands_step(path, commands): ) else: batch.append(c) + if batch: + step("sh", "\n".join(batch)) + batch.clear() for claim in claims: if isinstance(claim, str): @@ -807,7 +833,10 @@ def commands_step(path, commands): prefix = claim.get("prefix_in_zip") pip_requirements = claim.get("pip_requirements") poetry_install = claim.get("poetry_install") - npm_requirements = claim.get("npm_package_json") + poetry_export_extra_args = claim.get("poetry_export_extra_args", []) + npm_requirements = claim.get( + "npm_requirements", claim.get("npm_package_json") + ) runtime = claim.get("runtime", query.runtime) if pip_requirements and runtime.startswith("python"): @@ -828,7 +857,13 @@ def commands_step(path, commands): if poetry_install and runtime.startswith("python"): if path: - poetry_install_step(path, prefix, required=True) + poetry_install_step( + path, + prefix=prefix, + poetry_export_extra_args=poetry_export_extra_args, + required=True, + tmp_dir=claim.get("poetry_tmp_dir"), + ) if npm_requirements and runtime.startswith("nodejs"): if isinstance(npm_requirements, bool) and path: @@ -846,6 +881,7 @@ def commands_step(path, commands): tmp_dir=claim.get("npm_tmp_dir"), ) if path: + path = os.path.normpath(path) step("zip", path, prefix) if patterns: # Take patterns into account when computing hash @@ -856,93 +892,161 @@ def commands_step(path, commands): hash(path_from_pattern) else: hash(path) - - if patterns: - step("clear:filter") else: raise ValueError("Unsupported source_path item: {}".format(claim)) + if build_step: + build_plan.append(build_step) + build_step = [] + self._source_paths = source_paths return build_plan def execute(self, build_plan, zip_stream, query): + sh_log = logging.getLogger("sh") + + tf_work_dir = os.getcwd() + zs = zip_stream sh_work_dir = None pf = None - for action in build_plan: - cmd = action[0] - if cmd.startswith("zip"): - ts = 0 if cmd == "zip:embedded" else None - source_path, prefix = action[1:] - if sh_work_dir: - if source_path != sh_work_dir: - if not os.path.isfile(source_path): - source_path = sh_work_dir - if os.path.isdir(source_path): - if pf: - self._zip_write_with_filter( - zs, pf, source_path, prefix, timestamp=ts - ) + for step in build_plan: + # init step + sh_work_dir = tf_work_dir + if pf: + pf.reset() + pf = None + + log.debug("STEPDIR: %s", sh_work_dir) + + # execute step actions + for action in step: + cmd = action[0] + if cmd.startswith("zip"): + ts = 0 if cmd == "zip:embedded" else None + + source_path, prefix = None, None + n = len(action) + if n == 2: + source_path = action[1] + elif n == 3: + source_path, prefix = action[1:] + + if source_path: + if not os.path.isabs(source_path): + source_path = os.path.normpath( + os.path.join(sh_work_dir, source_path) + ) else: - zs.write_dirs(source_path, prefix=prefix, timestamp=ts) - else: - zs.write_file(source_path, prefix=prefix, timestamp=ts) - elif cmd == "pip": - runtime, pip_requirements, prefix, tmp_dir = action[1:] - with install_pip_requirements(query, pip_requirements, tmp_dir) as rd: - if rd: + source_path = sh_work_dir + if os.path.isdir(source_path): if pf: - self._zip_write_with_filter(zs, pf, rd, prefix, timestamp=0) - else: - # XXX: timestamp=0 - what actually do with it? - zs.write_dirs(rd, prefix=prefix, timestamp=0) - elif cmd == "poetry": - runtime, path, prefix = action[1:] - with install_poetry_dependencies(query, path) as rd: - if rd: - if pf: - self._zip_write_with_filter(zs, pf, rd, prefix, timestamp=0) - else: - # XXX: timestamp=0 - what actually do with it? - zs.write_dirs(rd, prefix=prefix, timestamp=0) - elif cmd == "npm": - runtime, npm_requirements, prefix, tmp_dir = action[1:] - with install_npm_requirements(query, npm_requirements, tmp_dir) as rd: - if rd: - if pf: - self._zip_write_with_filter(zs, pf, rd, prefix, timestamp=0) + self._zip_write_with_filter( + zs, pf, source_path, prefix, timestamp=ts + ) else: - # XXX: timestamp=0 - what actually do with it? - zs.write_dirs(rd, prefix=prefix, timestamp=0) - elif cmd == "sh": - path, script = action[1:] - p = subprocess.Popen( - script, - shell=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - cwd=path, - ) + zs.write_dirs(source_path, prefix=prefix, timestamp=ts) + else: + zs.write_file(source_path, prefix=prefix, timestamp=ts) + elif cmd == "pip": + runtime, pip_requirements, prefix, tmp_dir = action[1:] + with install_pip_requirements( + query, pip_requirements, tmp_dir + ) as rd: + if rd: + if pf: + self._zip_write_with_filter( + zs, pf, rd, prefix, timestamp=0 + ) + else: + # XXX: timestamp=0 - what actually do with it? + zs.write_dirs(rd, prefix=prefix, timestamp=0) + elif cmd == "poetry": + (runtime, path, poetry_export_extra_args, prefix, tmp_dir) = action[ + 1: + ] + log.info("poetry_export_extra_args: %s", poetry_export_extra_args) + with install_poetry_dependencies( + query, path, poetry_export_extra_args, tmp_dir + ) as rd: + if rd: + if pf: + self._zip_write_with_filter( + zs, pf, rd, prefix, timestamp=0 + ) + else: + # XXX: timestamp=0 - what actually do with it? + zs.write_dirs(rd, prefix=prefix, timestamp=0) + elif cmd == "npm": + runtime, npm_requirements, prefix, tmp_dir = action[1:] + with install_npm_requirements( + query, npm_requirements, tmp_dir + ) as rd: + if rd: + if pf: + self._zip_write_with_filter( + zs, pf, rd, prefix, timestamp=0 + ) + else: + # XXX: timestamp=0 - what actually do with it? + zs.write_dirs(rd, prefix=prefix, timestamp=0) + elif cmd == "sh": + with tempfile.NamedTemporaryFile( + mode="w+t", delete=True + ) as temp_file: + script = action[1] + + if log.isEnabledFor(DEBUG2): + log.debug("exec shell script ...") + for line in script.splitlines(): + sh_log.debug(line) + + script = "\n".join( + ( + script, + # NOTE: Execute `pwd` to determine the subprocess shell's + # working directory after having executed all other commands. + "retcode=$?", + f"pwd >{temp_file.name}", + "exit $retcode", + ) + ) - p.wait() - call_stdout, call_stderr = p.communicate() - exit_code = p.returncode - log.info("exit_code: %s", exit_code) - if exit_code != 0: - raise RuntimeError( - "Script did not run successfully, exit code {}: {} - {}".format( - exit_code, - call_stdout.decode("utf-8").strip(), - call_stderr.decode("utf-8").strip(), + p = subprocess.Popen( + script, + shell=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + cwd=sh_work_dir, ) - ) - elif cmd == "set:filter": - patterns = action[1] - pf = ZipContentFilter(args=self._args) - pf.compile(patterns) - elif cmd == "clear:filter": - pf = None + + call_stdout, call_stderr = p.communicate() + exit_code = p.returncode + log.debug("exit_code: %s", exit_code) + if exit_code != 0: + raise RuntimeError( + "Script did not run successfully, exit code {}: {} - {}".format( + exit_code, + call_stdout.decode("utf-8").strip(), + call_stderr.decode("utf-8").strip(), + ) + ) + + temp_file.seek(0) + # NOTE: This var `sh_work_dir` is consumed in cmd == "zip" loop + sh_work_dir = temp_file.read().strip() + log.debug("WORKDIR: %s", sh_work_dir) + + elif cmd == "set:workdir": + path = action[1] + sh_work_dir = os.path.normpath(os.path.join(tf_work_dir, path)) + log.debug("WORKDIR: %s", sh_work_dir) + + elif cmd == "set:filter": + patterns = action[1] + pf = ZipContentFilter(args=self._args) + pf.compile(patterns) @staticmethod def _zip_write_with_filter( @@ -997,7 +1101,7 @@ def install_pip_requirements(query, requirements_file, tmp_dir): ok = True elif docker_file or docker_build_root: raise ValueError( - "docker_image must be specified " "for a custom image future references" + "docker_image must be specified for a custom image future references" ) working_dir = os.getcwd() @@ -1017,7 +1121,7 @@ def install_pip_requirements(query, requirements_file, tmp_dir): elif OSX: # Workaround for OSX when XCode command line tools' # python becomes the main system python interpreter - os_path = "{}:/Library/Developer/CommandLineTools" "/usr/bin".format( + os_path = "{}:/Library/Developer/CommandLineTools/usr/bin".format( os.environ["PATH"] ) subproc_env = os.environ.copy() @@ -1071,7 +1175,15 @@ def install_pip_requirements(query, requirements_file, tmp_dir): cmd_log.info(shlex_join(pip_command)) log_handler and log_handler.flush() try: - check_call(pip_command, env=subproc_env) + if query.quiet: + check_call( + pip_command, + env=subproc_env, + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL, + ) + else: + check_call(pip_command, env=subproc_env) except FileNotFoundError as e: raise RuntimeError( "Python interpreter version equal " @@ -1084,7 +1196,7 @@ def install_pip_requirements(query, requirements_file, tmp_dir): @contextmanager -def install_poetry_dependencies(query, path): +def install_poetry_dependencies(query, path, poetry_export_extra_args, tmp_dir): # TODO: # 1. Emit files instead of temp_dir @@ -1138,7 +1250,7 @@ def install_poetry_dependencies(query, path): working_dir = os.getcwd() log.info("Installing python dependencies with poetry & pip: %s", poetry_lock_file) - with tempdir() as temp_dir: + with tempdir(tmp_dir) as temp_dir: def copy_file_to_target(file, temp_dir): filename = os.path.basename(file) @@ -1173,6 +1285,17 @@ def copy_file_to_target(file, temp_dir): # NOTE: poetry must be available in the build environment, which is the case with lambci/lambda:build-python* docker images but not public.ecr.aws/sam/build-python* docker images # FIXME: poetry install does not currently allow to specify the target directory so we export the # requirements then install them with "pip --no-deps" to avoid using pip dependency resolver + + poetry_export = [ + poetry_exec, + "export", + "--format", + "requirements.txt", + "--output", + "requirements.txt", + "--with-credentials", + ] + poetry_export_extra_args + poetry_commands = [ [ poetry_exec, @@ -1188,15 +1311,7 @@ def copy_file_to_target(file, temp_dir): "virtualenvs.in-project", "true", ], - [ - poetry_exec, - "export", - "--format", - "requirements.txt", - "--output", - "requirements.txt", - "--with-credentials", - ], + poetry_export, [ python_exec, "-m", @@ -1244,7 +1359,15 @@ def copy_file_to_target(file, temp_dir): cmd_log.info(poetry_commands) log_handler and log_handler.flush() for poetry_command in poetry_commands: - check_call(poetry_command, env=subproc_env) + if query.quiet: + check_call( + poetry_command, + env=subproc_env, + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL, + ) + else: + check_call(poetry_command, env=subproc_env) os.remove(pyproject_target_file) if poetry_lock_target_file: @@ -1296,14 +1419,15 @@ def install_npm_requirements(query, requirements_file, tmp_dir): ok = True elif docker_file or docker_build_root: raise ValueError( - "docker_image must be specified " "for a custom image future references" + "docker_image must be specified for a custom image future references" ) log.info("Installing npm requirements: %s", requirements_file) with tempdir(tmp_dir) as temp_dir: - requirements_filename = os.path.basename(requirements_file) - target_file = os.path.join(temp_dir, requirements_filename) - shutil.copyfile(requirements_file, target_file) + temp_copy = TemporaryCopy(os.path.dirname(requirements_file), temp_dir, log) + temp_copy.add(os.path.basename(requirements_file)) + temp_copy.add("package-lock.json", required=False) + temp_copy.copy_to_target_dir() subproc_env = None npm_exec = "npm" @@ -1340,7 +1464,15 @@ def install_npm_requirements(query, requirements_file, tmp_dir): cmd_log.info(shlex_join(npm_command)) log_handler and log_handler.flush() try: - check_call(npm_command, env=subproc_env) + if query.quiet: + check_call( + npm_command, + env=subproc_env, + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL, + ) + else: + check_call(npm_command, env=subproc_env) except FileNotFoundError as e: raise RuntimeError( "Nodejs interpreter version equal " @@ -1348,10 +1480,63 @@ def install_npm_requirements(query, requirements_file, tmp_dir): "available in system PATH".format(runtime) ) from e - os.remove(target_file) + temp_copy.remove_from_target_dir() yield temp_dir +class TemporaryCopy: + """Temporarily copy files to a specified location and remove them when + not needed. + """ + + def __init__(self, source_dir_path, target_dir_path, logger=None): + """Initialise with a target and a source directories.""" + self.source_dir_path = source_dir_path + self.target_dir_path = target_dir_path + self._filenames = [] + self._logger = logger + + def _make_source_path(self, filename): + return os.path.join(self.source_dir_path, filename) + + def _make_target_path(self, filename): + return os.path.join(self.target_dir_path, filename) + + def add(self, filename, *, required=True): + """Add a file to be copied from from source to target directory + when `TemporaryCopy.copy_to_target_dir()` is called. + + By default, the file must exist in the source directory. Set `required` + to `False` if the file is optional. + """ + if os.path.exists(self._make_source_path(filename)): + self._filenames.append(filename) + elif required: + raise RuntimeError("File not found: {}".format(filename)) + + def copy_to_target_dir(self): + """Copy files (added so far) to the target directory.""" + for filename in self._filenames: + if self._logger: + self._logger.info("Copying temporarily '%s'", filename) + + shutil.copyfile( + self._make_source_path(filename), + self._make_target_path(filename), + ) + + def remove_from_target_dir(self): + """Remove files (added so far) from the target directory.""" + for filename in self._filenames: + if self._logger: + self._logger.info("Removing temporarily copied '%s'", filename) + + try: + os.remove(self._make_target_path(filename)) + except FileNotFoundError: + pass + + def docker_image_id_command(tag): """""" docker_cmd = ["docker", "images", "--format={{.ID}}", tag] @@ -1542,11 +1727,11 @@ def prepare_command(args): content_hash = content_hash.hexdigest() # Generate a unique filename based on the hash. - filename = os.path.join(artifacts_dir, "{}.zip".format(content_hash)) + zip_filename = os.path.join(artifacts_dir, "{}.zip".format(content_hash)) # Compute timestamp trigger was_missing = False - filename_path = os.path.join(os.getcwd(), filename) + filename_path = os.path.join(os.getcwd(), zip_filename) if recreate_missing_package: if os.path.exists(filename_path): st = os.stat(filename_path) @@ -1555,14 +1740,15 @@ def prepare_command(args): timestamp = timestamp_now_ns() was_missing = True else: - timestamp = "" + timestamp = "" # Replace variables in the build command with calculated values. build_data = { - "filename": filename, + "filename": zip_filename, "runtime": runtime, "artifacts_dir": artifacts_dir, "build_plan": build_plan, + "quiet": query.quiet, } if docker: build_data["docker"] = docker @@ -1579,7 +1765,7 @@ def prepare_command(args): # Output the result to Terraform. json.dump( { - "filename": filename, + "filename": zip_filename, "build_plan": build_plan, "build_plan_filename": build_plan_filename, "timestamp": str(timestamp), @@ -1622,12 +1808,13 @@ def build_command(args): # Zip up the build plan and write it to the target filename. # This will be used by the Lambda function as the source code package. - with ZipWriteStream(filename) as zs: + with ZipWriteStream(filename, quiet=getattr(query, "quiet", False)) as zs: bpm = BuildPlanManager(args, log=log) bpm.execute(build_plan, zs, query) os.utime(filename, ns=(timestamp, timestamp)) - log.info("Created: %s", shlex.quote(filename)) + if not getattr(query, "quiet", False): + log.info("Created: %s", shlex.quote(filename)) if log.isEnabledFor(logging.DEBUG): with open(filename, "rb") as f: log.info("Base64sha256: %s", source_code_hash(f.read())) @@ -1657,7 +1844,7 @@ def hidden_parser(name, **kwargs): nargs=argparse.REMAINDER, ) p.add_argument( - "-r", "--runtime", help="A docker image runtime", default="python3.8" + "-r", "--runtime", help="A docker image runtime", default="python3.12" ) p = hidden_parser("docker-image", help="Run docker build") diff --git a/package.tf b/package.tf index 34322514..99078600 100644 --- a/package.tf +++ b/package.tf @@ -40,6 +40,7 @@ data "external" "archive_prepare" { ) recreate_missing_package = var.recreate_missing_package + quiet = var.quiet_archive_local_exec } } @@ -49,7 +50,7 @@ data "external" "archive_prepare" { resource "local_file" "archive_plan" { count = var.create && var.create_package ? 1 : 0 - content = data.external.archive_prepare[0].result.build_plan + content = var.build_in_docker ? sensitive(data.external.archive_prepare[0].result.build_plan) : data.external.archive_prepare[0].result.build_plan filename = data.external.archive_prepare[0].result.build_plan_filename directory_permission = "0755" file_permission = "0644" @@ -70,6 +71,7 @@ resource "null_resource" "archive" { "--timestamp", data.external.archive_prepare[0].result.timestamp ] command = data.external.archive_prepare[0].result.build_plan_filename + quiet = var.quiet_archive_local_exec } depends_on = [local_file.archive_plan] diff --git a/tests/fixtures/node-app/index.js b/tests/fixtures/node-app/index.js new file mode 100644 index 00000000..09d4352e --- /dev/null +++ b/tests/fixtures/node-app/index.js @@ -0,0 +1 @@ +// test diff --git a/tests/fixtures/node-app/package.json b/tests/fixtures/node-app/package.json new file mode 100644 index 00000000..1bd4d69d --- /dev/null +++ b/tests/fixtures/node-app/package.json @@ -0,0 +1,16 @@ +{ + "name": "app", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "ISC", + "dependencies": { + }, + "devDependencies": { + "axios": "^1.7.3" + } +} diff --git a/tests/test_package_toml.py b/tests/test_package_toml.py index 4861c6f4..9eba3f4a 100644 --- a/tests/test_package_toml.py +++ b/tests/test_package_toml.py @@ -26,7 +26,7 @@ def test_build_manager_failing_command(): bpm = BuildPlanManager(args=Mock()) with raises(Exception): bpm.execute( - build_plan=[["sh", "/tmp", "NOTACOMMAND"]], + build_plan=[[["sh", "/tmp", "NOTACOMMAND"]]], zip_stream=None, query=None, ) @@ -35,7 +35,7 @@ def test_build_manager_failing_command(): def test_get_build_system_from_pyproject_toml_poetry(): assert ( get_build_system_from_pyproject_toml( - "examples/fixtures/python3.9-app-poetry/pyproject.toml" + "examples/fixtures/python-app-poetry/pyproject.toml" ) == "poetry" ) diff --git a/tests/test_zip_source.py b/tests/test_zip_source.py new file mode 100644 index 00000000..dd6750ca --- /dev/null +++ b/tests/test_zip_source.py @@ -0,0 +1,50 @@ +import os +from unittest.mock import MagicMock, Mock + +from package import BuildPlanManager + + +def test_zip_source_path_sh_work_dir(): + zs = Mock() + zs.write_dirs = MagicMock() + + bpm = BuildPlanManager(args=Mock()) + + bpm.execute( + build_plan=[ + [ + ["sh", "cd $(mktemp -d)\n echo pip install"], + ["zip:embedded", ".", "./python"], + ] + ], + zip_stream=zs, + query=None, + ) + + zs.write_dirs.assert_called_once() + + zip_source_path = zs.write_dirs.call_args_list[0][0][0] + assert zip_source_path != f"{os.getcwd()}" + + +def test_zip_source_path(): + zs = Mock() + zs.write_dirs = MagicMock() + + bpm = BuildPlanManager(args=Mock()) + + bpm.execute( + build_plan=[ + [ + ["sh", "echo pip install"], + ["zip:embedded", ".", "./python"], + ] + ], + zip_stream=zs, + query=None, + ) + + zs.write_dirs.assert_called_once() + + zip_source_path = zs.write_dirs.call_args_list[0][0][0] + assert zip_source_path == f"{os.getcwd()}" diff --git a/variables.tf b/variables.tf index c5c10395..6ea454f6 100644 --- a/variables.tf +++ b/variables.tf @@ -46,6 +46,12 @@ variable "putin_khuylo" { default = true } +variable "region" { + description = "Region where the resource(s) will be managed. Defaults to the region set in the provider configuration" + type = string + default = null +} + ########### # Function ########### @@ -176,12 +182,24 @@ variable "vpc_security_group_ids" { default = null } +variable "ipv6_allowed_for_dual_stack" { + description = "Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets" + type = bool + default = null +} + variable "tags" { description = "A map of tags to assign to resources." type = map(string) default = {} } +variable "include_default_tag" { + description = "Set to false to not include the default tag in the tags map." + type = bool + default = true +} + variable "function_tags" { description = "A map of tags to assign only to the lambda function" type = map(string) @@ -254,6 +272,12 @@ variable "timeouts" { default = {} } +variable "skip_destroy" { + description = "Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. Useful for Lambda@Edge functions attached to CloudFront distributions." + type = bool + default = null +} + ############### # Function URL ############### @@ -432,6 +456,18 @@ variable "cloudwatch_logs_kms_key_id" { default = null } +variable "cloudwatch_logs_skip_destroy" { + description = "Whether to keep the log group (and any logs it may contain) at destroy time." + type = bool + default = false +} + +variable "cloudwatch_logs_log_group_class" { + description = "Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS`" + type = string + default = null +} + variable "cloudwatch_logs_tags" { description = "A map of tags to assign to the resource." type = map(string) @@ -554,12 +590,6 @@ variable "attach_policies" { default = false } -variable "policy_path" { - description = "Path of policies to that should be added to IAM role for Lambda Function" - type = string - default = null -} - variable "number_of_policy_jsons" { description = "Number of policies JSON to attach to IAM role for Lambda Function" type = number @@ -774,6 +804,12 @@ variable "trigger_on_package_timestamp" { default = true } +variable "quiet_archive_local_exec" { + description = "Whether to disable archive local execution output" + type = bool + default = true +} + ############################################ # Lambda Advanced Logging Settings ############################################ @@ -801,3 +837,13 @@ variable "logging_log_group" { type = string default = null } + +############################################ +# Lambda Recursive Loop Settings +############################################ + +variable "recursive_loop" { + description = "Lambda function recursion configuration. Valid values are Allow or Terminate." + type = string + default = null +} diff --git a/versions.tf b/versions.tf index 6c511ac4..8dea461c 100644 --- a/versions.tf +++ b/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 6.0" } external = { source = "hashicorp/external" diff --git a/wrappers/alias/versions.tf b/wrappers/alias/versions.tf index 51cad108..db13b0a8 100644 --- a/wrappers/alias/versions.tf +++ b/wrappers/alias/versions.tf @@ -1,3 +1,10 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.5.7" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 6.0" + } + } } diff --git a/wrappers/deploy/versions.tf b/wrappers/deploy/versions.tf index 51cad108..ddb64c76 100644 --- a/wrappers/deploy/versions.tf +++ b/wrappers/deploy/versions.tf @@ -1,3 +1,18 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.5.7" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 6.0" + } + local = { + source = "hashicorp/local" + version = ">= 1.0" + } + null = { + source = "hashicorp/null" + version = ">= 2.0" + } + } } diff --git a/wrappers/docker-build/main.tf b/wrappers/docker-build/main.tf index 0375d4eb..61a99a93 100644 --- a/wrappers/docker-build/main.tf +++ b/wrappers/docker-build/main.tf @@ -4,6 +4,9 @@ module "wrapper" { for_each = var.items build_args = try(each.value.build_args, var.defaults.build_args, {}) + build_target = try(each.value.build_target, var.defaults.build_target, null) + builder = try(each.value.builder, var.defaults.builder, null) + cache_from = try(each.value.cache_from, var.defaults.cache_from, []) create_ecr_repo = try(each.value.create_ecr_repo, var.defaults.create_ecr_repo, false) create_sam_metadata = try(each.value.create_sam_metadata, var.defaults.create_sam_metadata, false) docker_file_path = try(each.value.docker_file_path, var.defaults.docker_file_path, "Dockerfile") diff --git a/wrappers/docker-build/versions.tf b/wrappers/docker-build/versions.tf index 51cad108..b203b635 100644 --- a/wrappers/docker-build/versions.tf +++ b/wrappers/docker-build/versions.tf @@ -1,3 +1,18 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.5.7" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 6.0" + } + docker = { + source = "kreuzwerker/docker" + version = ">= 3.5.0" + } + null = { + source = "hashicorp/null" + version = ">= 2.0" + } + } } diff --git a/wrappers/main.tf b/wrappers/main.tf index b719de05..eb78bb41 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -21,7 +21,9 @@ module "wrapper" { authorization_type = try(each.value.authorization_type, var.defaults.authorization_type, "NONE") build_in_docker = try(each.value.build_in_docker, var.defaults.build_in_docker, false) cloudwatch_logs_kms_key_id = try(each.value.cloudwatch_logs_kms_key_id, var.defaults.cloudwatch_logs_kms_key_id, null) + cloudwatch_logs_log_group_class = try(each.value.cloudwatch_logs_log_group_class, var.defaults.cloudwatch_logs_log_group_class, null) cloudwatch_logs_retention_in_days = try(each.value.cloudwatch_logs_retention_in_days, var.defaults.cloudwatch_logs_retention_in_days, null) + cloudwatch_logs_skip_destroy = try(each.value.cloudwatch_logs_skip_destroy, var.defaults.cloudwatch_logs_skip_destroy, false) cloudwatch_logs_tags = try(each.value.cloudwatch_logs_tags, var.defaults.cloudwatch_logs_tags, {}) code_signing_config_arn = try(each.value.code_signing_config_arn, var.defaults.code_signing_config_arn, null) compatible_architectures = try(each.value.compatible_architectures, var.defaults.compatible_architectures, null) @@ -65,7 +67,9 @@ module "wrapper" { image_config_entry_point = try(each.value.image_config_entry_point, var.defaults.image_config_entry_point, []) image_config_working_directory = try(each.value.image_config_working_directory, var.defaults.image_config_working_directory, null) image_uri = try(each.value.image_uri, var.defaults.image_uri, null) + include_default_tag = try(each.value.include_default_tag, var.defaults.include_default_tag, true) invoke_mode = try(each.value.invoke_mode, var.defaults.invoke_mode, null) + ipv6_allowed_for_dual_stack = try(each.value.ipv6_allowed_for_dual_stack, var.defaults.ipv6_allowed_for_dual_stack, null) kms_key_arn = try(each.value.kms_key_arn, var.defaults.kms_key_arn, null) lambda_at_edge = try(each.value.lambda_at_edge, var.defaults.lambda_at_edge, false) lambda_at_edge_logs_all_regions = try(each.value.lambda_at_edge_logs_all_regions, var.defaults.lambda_at_edge_logs_all_regions, true) @@ -90,12 +94,14 @@ module "wrapper" { policy_json = try(each.value.policy_json, var.defaults.policy_json, null) policy_jsons = try(each.value.policy_jsons, var.defaults.policy_jsons, []) policy_name = try(each.value.policy_name, var.defaults.policy_name, null) - policy_path = try(each.value.policy_path, var.defaults.policy_path, null) policy_statements = try(each.value.policy_statements, var.defaults.policy_statements, {}) provisioned_concurrent_executions = try(each.value.provisioned_concurrent_executions, var.defaults.provisioned_concurrent_executions, -1) publish = try(each.value.publish, var.defaults.publish, false) putin_khuylo = try(each.value.putin_khuylo, var.defaults.putin_khuylo, true) + quiet_archive_local_exec = try(each.value.quiet_archive_local_exec, var.defaults.quiet_archive_local_exec, true) recreate_missing_package = try(each.value.recreate_missing_package, var.defaults.recreate_missing_package, true) + recursive_loop = try(each.value.recursive_loop, var.defaults.recursive_loop, null) + region = try(each.value.region, var.defaults.region, null) replace_security_groups_on_destroy = try(each.value.replace_security_groups_on_destroy, var.defaults.replace_security_groups_on_destroy, null) replacement_security_group_ids = try(each.value.replacement_security_group_ids, var.defaults.replacement_security_group_ids, null) reserved_concurrent_executions = try(each.value.reserved_concurrent_executions, var.defaults.reserved_concurrent_executions, -1) @@ -117,6 +123,7 @@ module "wrapper" { s3_object_tags_only = try(each.value.s3_object_tags_only, var.defaults.s3_object_tags_only, false) s3_prefix = try(each.value.s3_prefix, var.defaults.s3_prefix, null) s3_server_side_encryption = try(each.value.s3_server_side_encryption, var.defaults.s3_server_side_encryption, null) + skip_destroy = try(each.value.skip_destroy, var.defaults.skip_destroy, null) snap_start = try(each.value.snap_start, var.defaults.snap_start, false) source_path = try(each.value.source_path, var.defaults.source_path, null) store_on_s3 = try(each.value.store_on_s3, var.defaults.store_on_s3, false) diff --git a/wrappers/versions.tf b/wrappers/versions.tf index 51cad108..8dea461c 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -1,3 +1,22 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.5.7" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 6.0" + } + external = { + source = "hashicorp/external" + version = ">= 1.0" + } + local = { + source = "hashicorp/local" + version = ">= 1.0" + } + null = { + source = "hashicorp/null" + version = ">= 2.0" + } + } }