From 54b825648913efee0b5e2085a93e86c7eceabc82 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 5 Apr 2024 13:40:33 +0200 Subject: [PATCH 01/70] chore: Added example for container-image with ECR module (#559) --- examples/container-image/README.md | 9 +++-- examples/container-image/main.tf | 63 ++++++++++++++++++++++++++--- examples/container-image/outputs.tf | 42 +++++++++---------- modules/docker-build/README.md | 4 +- 4 files changed, 88 insertions(+), 30 deletions(-) diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 0733612f..4ee6505a 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -1,6 +1,6 @@ # AWS Lambda Function deployed from Docker Container Image example -Configuration in this directory creates AWS Lambda Function deployed with a Container Image. +Configuration in this directory creates several AWS Lambda Functions deployed from Container Images (using `modules/docker-build` and `terraform-aws-modules/terraform-aws-ecr`). ## Usage @@ -35,8 +35,11 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| -| [docker\_image](#module\_docker\_image) | ../../modules/docker-build | n/a | -| [lambda\_function\_from\_container\_image](#module\_lambda\_function\_from\_container\_image) | ../../ | n/a | +| [docker\_build](#module\_docker\_build) | ../../modules/docker-build | n/a | +| [docker\_build\_from\_ecr](#module\_docker\_build\_from\_ecr) | ../../modules/docker-build | n/a | +| [ecr](#module\_ecr) | terraform-aws-modules/ecr/aws | n/a | +| [lambda\_function\_with\_docker\_build](#module\_lambda\_function\_with\_docker\_build) | ../../ | n/a | +| [lambda\_function\_with\_docker\_build\_from\_ecr](#module\_lambda\_function\_with\_docker\_build\_from\_ecr) | ../../ | n/a | ## Resources diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index 46c1bf77..3258960f 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -32,11 +32,11 @@ provider "docker" { } } -module "lambda_function_from_container_image" { +module "lambda_function_with_docker_build" { source = "../../" - function_name = "${random_pet.this.id}-lambda-from-container-image" - description = "My awesome lambda function from container image" + function_name = "${random_pet.this.id}-lambda-with-docker-build" + description = "My awesome lambda function with container image by modules/docker-build" create_package = false @@ -46,10 +46,27 @@ module "lambda_function_from_container_image" { package_type = "Image" architectures = ["arm64"] # ["x86_64"] - image_uri = module.docker_image.image_uri + image_uri = module.docker_build.image_uri } -module "docker_image" { +module "lambda_function_with_docker_build_from_ecr" { + source = "../../" + + function_name = "${random_pet.this.id}-lambda-with-docker-build-from-ecr" + description = "My awesome lambda function with container image by modules/docker-build and ECR repository created by terraform-aws-ecr module" + + create_package = false + + ################## + # Container Image + ################## + package_type = "Image" + architectures = ["arm64"] # ["x86_64"] + + image_uri = module.docker_build_from_ecr.image_uri +} + +module "docker_build" { source = "../../modules/docker-build" create_ecr_repo = true @@ -87,6 +104,42 @@ module "docker_image" { } } +############################################ +# Docker Image and ECR by terraform-aws-ecr +############################################ + +module "docker_build_from_ecr" { + source = "../../modules/docker-build" + + ecr_repo = module.ecr.repository_name + + use_image_tag = false # If false, sha of the image will be used + + # use_image_tag = true + # image_tag = "2.0" + + source_path = local.source_path + platform = "linux/amd64" + build_args = { + FOO = "bar" + } + + triggers = { + dir_sha = local.dir_sha + } +} + +module "ecr" { + source = "terraform-aws-modules/ecr/aws" + + repository_name = "${random_pet.this.id}-ecr" + repository_force_delete = true + + create_lifecycle_policy = false + + repository_lambda_read_access_arns = [module.lambda_function_with_docker_build_from_ecr.lambda_function_arn] +} + resource "random_pet" "this" { length = 2 } diff --git a/examples/container-image/outputs.tf b/examples/container-image/outputs.tf index 34755681..7e6f0d2c 100644 --- a/examples/container-image/outputs.tf +++ b/examples/container-image/outputs.tf @@ -1,106 +1,106 @@ # Lambda Function output "lambda_function_arn" { description = "The ARN of the Lambda Function" - value = module.lambda_function_from_container_image.lambda_function_arn + value = module.lambda_function_with_docker_build.lambda_function_arn } output "lambda_function_arn_static" { description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" - value = module.lambda_function_from_container_image.lambda_function_arn_static + value = module.lambda_function_with_docker_build.lambda_function_arn_static } output "lambda_function_invoke_arn" { description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function_from_container_image.lambda_function_invoke_arn + value = module.lambda_function_with_docker_build.lambda_function_invoke_arn } output "lambda_function_name" { description = "The name of the Lambda Function" - value = module.lambda_function_from_container_image.lambda_function_name + value = module.lambda_function_with_docker_build.lambda_function_name } output "lambda_function_qualified_arn" { description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function_from_container_image.lambda_function_qualified_arn + value = module.lambda_function_with_docker_build.lambda_function_qualified_arn } output "lambda_function_version" { description = "Latest published version of Lambda Function" - value = module.lambda_function_from_container_image.lambda_function_version + value = module.lambda_function_with_docker_build.lambda_function_version } output "lambda_function_last_modified" { description = "The date Lambda Function resource was last modified" - value = module.lambda_function_from_container_image.lambda_function_last_modified + value = module.lambda_function_with_docker_build.lambda_function_last_modified } output "lambda_function_kms_key_arn" { description = "The ARN for the KMS encryption key of Lambda Function" - value = module.lambda_function_from_container_image.lambda_function_kms_key_arn + value = module.lambda_function_with_docker_build.lambda_function_kms_key_arn } output "lambda_function_source_code_hash" { description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function_from_container_image.lambda_function_source_code_hash + value = module.lambda_function_with_docker_build.lambda_function_source_code_hash } output "lambda_function_source_code_size" { description = "The size in bytes of the function .zip file" - value = module.lambda_function_from_container_image.lambda_function_source_code_size + value = module.lambda_function_with_docker_build.lambda_function_source_code_size } # Lambda Layer output "lambda_layer_arn" { description = "The ARN of the Lambda Layer with version" - value = module.lambda_function_from_container_image.lambda_layer_arn + value = module.lambda_function_with_docker_build.lambda_layer_arn } output "lambda_layer_layer_arn" { description = "The ARN of the Lambda Layer without version" - value = module.lambda_function_from_container_image.lambda_layer_layer_arn + value = module.lambda_function_with_docker_build.lambda_layer_layer_arn } output "lambda_layer_created_date" { description = "The date Lambda Layer resource was created" - value = module.lambda_function_from_container_image.lambda_layer_created_date + value = module.lambda_function_with_docker_build.lambda_layer_created_date } output "lambda_layer_source_code_size" { description = "The size in bytes of the Lambda Layer .zip file" - value = module.lambda_function_from_container_image.lambda_layer_source_code_size + value = module.lambda_function_with_docker_build.lambda_layer_source_code_size } output "lambda_layer_version" { description = "The Lambda Layer version" - value = module.lambda_function_from_container_image.lambda_layer_version + value = module.lambda_function_with_docker_build.lambda_layer_version } # IAM Role output "lambda_role_arn" { description = "The ARN of the IAM role created for the Lambda Function" - value = module.lambda_function_from_container_image.lambda_role_arn + value = module.lambda_function_with_docker_build.lambda_role_arn } output "lambda_role_name" { description = "The name of the IAM role created for the Lambda Function" - value = module.lambda_function_from_container_image.lambda_role_name + value = module.lambda_function_with_docker_build.lambda_role_name } # CloudWatch Log Group output "lambda_cloudwatch_log_group_arn" { description = "The ARN of the Cloudwatch Log Group" - value = module.lambda_function_from_container_image.lambda_cloudwatch_log_group_arn + value = module.lambda_function_with_docker_build.lambda_cloudwatch_log_group_arn } -# Docker Image +# Docker Image by modules/docker-build output "docker_image_uri" { description = "The ECR Docker image URI used to deploy Lambda Function" - value = module.docker_image.image_uri + value = module.docker_build.image_uri } output "docker_image_id" { description = "The ID of the Docker image" - value = module.docker_image.image_id + value = module.docker_build.image_id } output "docker_image_files_to_hash" { diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 4588ee8c..d2c0aef8 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -2,6 +2,8 @@ Terraform module that builds Docker image from `Dockerfile` and pushes it to ECR repository. Lambda can deploy container images from private ECR. +If you need to create ECR resources in flexible way, you should use [terraform-aws-ecr module](https://github.com/terraform-aws-modules/terraform-aws-ecr/). See `examples/container-image` for related examples. + This Terraform module is the part of [serverless.tf framework](https://github.com/antonbabenko/serverless.tf), which aims to simplify all operations when working with the serverless in Terraform. ## Usage @@ -47,7 +49,7 @@ module "docker_image" { ## Examples -* [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Creates Docker Image and deploy Lambda Function using it. +* [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Creates Docker Image, ECR resository and deploys it Lambda Function. From f7866811bc1429ce224bf6a35448cb44aa5155e7 Mon Sep 17 00:00:00 2001 From: ANGkeith Date: Fri, 12 Apr 2024 17:04:07 +0800 Subject: [PATCH 02/70] fix: Zip source directory should read from sh_work_dir (#560) * fix: :zip:embedded source directory should read from sh_work_dir Signed-off-by: ANGkeith * refactor: write to a tempfile instead of using fd * refactor: move tests out to own file * docs: add comments to explain code --------- Signed-off-by: ANGkeith --- package.py | 48 ++++++++++++++++++++++++---------------- tests/test_zip_source.py | 46 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 19 deletions(-) create mode 100644 tests/test_zip_source.py diff --git a/package.py b/package.py index d5ae6703..e1c5c910 100644 --- a/package.py +++ b/package.py @@ -916,27 +916,37 @@ def execute(self, build_plan, zip_stream, query): # XXX: timestamp=0 - what actually do with it? zs.write_dirs(rd, prefix=prefix, timestamp=0) elif cmd == "sh": - path, script = action[1:] - p = subprocess.Popen( - script, - shell=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - cwd=path, - ) + with tempfile.NamedTemporaryFile(mode="w+t", delete=True) as temp_file: + path, script = action[1:] + # NOTE: Execute `pwd` to determine the subprocess shell's working directory after having executed all other commands. + script = f"{script} && pwd >{temp_file.name}" + p = subprocess.Popen( + script, + shell=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + cwd=path, + ) - p.wait() - call_stdout, call_stderr = p.communicate() - exit_code = p.returncode - log.info("exit_code: %s", exit_code) - if exit_code != 0: - raise RuntimeError( - "Script did not run successfully, exit code {}: {} - {}".format( - exit_code, - call_stdout.decode("utf-8").strip(), - call_stderr.decode("utf-8").strip(), + p.wait() + temp_file.seek(0) + + # NOTE: This var `sh_work_dir` is consumed in cmd == "zip" loop + sh_work_dir = temp_file.read().strip() + + log.info("WD: %s", sh_work_dir) + + call_stdout, call_stderr = p.communicate() + exit_code = p.returncode + log.info("exit_code: %s", exit_code) + if exit_code != 0: + raise RuntimeError( + "Script did not run successfully, exit code {}: {} - {}".format( + exit_code, + call_stdout.decode("utf-8").strip(), + call_stderr.decode("utf-8").strip(), + ) ) - ) elif cmd == "set:filter": patterns = action[1] pf = ZipContentFilter(args=self._args) diff --git a/tests/test_zip_source.py b/tests/test_zip_source.py new file mode 100644 index 00000000..f46466e1 --- /dev/null +++ b/tests/test_zip_source.py @@ -0,0 +1,46 @@ +import os +from unittest.mock import MagicMock, Mock + +from package import BuildPlanManager + + +def test_zip_source_path_sh_work_dir(): + zs = Mock() + zs.write_dirs = MagicMock() + + bpm = BuildPlanManager(args=Mock()) + + bpm.execute( + build_plan=[ + ["sh", ".", "cd $(mktemp -d)\n echo pip install"], + ["zip:embedded", ".", "./python"], + ], + zip_stream=zs, + query=None, + ) + + zs.write_dirs.assert_called_once() + + zip_source_path = zs.write_dirs.call_args_list[0][0][0] + assert zip_source_path != f"{os.getcwd()}" + + +def test_zip_source_path(): + zs = Mock() + zs.write_dirs = MagicMock() + + bpm = BuildPlanManager(args=Mock()) + + bpm.execute( + build_plan=[ + ["sh", ".", "echo pip install"], + ["zip:embedded", ".", "./python"], + ], + zip_stream=zs, + query=None, + ) + + zs.write_dirs.assert_called_once() + + zip_source_path = zs.write_dirs.call_args_list[0][0][0] + assert zip_source_path == f"{os.getcwd()}" From 2e3dc9566520072450a9fe358d2855682358ddc4 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 12 Apr 2024 09:04:38 +0000 Subject: [PATCH 03/70] chore(release): version 7.2.6 [skip ci] ## [7.2.6](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.5...v7.2.6) (2024-04-12) ### Bug Fixes * Zip source directory should read from sh_work_dir ([#560](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/560)) ([f786681](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/f7866811bc1429ce224bf6a35448cb44aa5155e7)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ba3465d..01f8181a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.2.6](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.5...v7.2.6) (2024-04-12) + + +### Bug Fixes + +* Zip source directory should read from sh_work_dir ([#560](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/560)) ([f786681](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/f7866811bc1429ce224bf6a35448cb44aa5155e7)) + ## [7.2.5](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.4...v7.2.5) (2024-03-29) From e9c467688de057a454646d5f947f3d4527f78a19 Mon Sep 17 00:00:00 2001 From: Jinn Koriech Date: Fri, 3 May 2024 11:39:34 +0100 Subject: [PATCH 04/70] feat: Added create before destroy on aws_lambda_permission (#561) --- main.tf | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/main.tf b/main.tf index 68c2f9b6..c479bc9a 100644 --- a/main.tf +++ b/main.tf @@ -273,13 +273,17 @@ resource "aws_lambda_permission" "current_version_triggers" { function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version - statement_id = try(each.value.statement_id, each.key) - action = try(each.value.action, "lambda:InvokeFunction") - principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) - principal_org_id = try(each.value.principal_org_id, null) - source_arn = try(each.value.source_arn, null) - source_account = try(each.value.source_account, null) - event_source_token = try(each.value.event_source_token, null) + statement_id_prefix = try(each.value.statement_id, each.key) + action = try(each.value.action, "lambda:InvokeFunction") + principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + principal_org_id = try(each.value.principal_org_id, null) + source_arn = try(each.value.source_arn, null) + source_account = try(each.value.source_account, null) + event_source_token = try(each.value.event_source_token, null) + + lifecycle { + create_before_destroy = true + } } # Error: Error adding new Lambda Permission for lambda: InvalidParameterValueException: We currently do not support adding policies for $LATEST. @@ -288,13 +292,17 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" { function_name = aws_lambda_function.this[0].function_name - statement_id = try(each.value.statement_id, each.key) - action = try(each.value.action, "lambda:InvokeFunction") - principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) - principal_org_id = try(each.value.principal_org_id, null) - source_arn = try(each.value.source_arn, null) - source_account = try(each.value.source_account, null) - event_source_token = try(each.value.event_source_token, null) + statement_id_prefix = try(each.value.statement_id, each.key) + action = try(each.value.action, "lambda:InvokeFunction") + principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + principal_org_id = try(each.value.principal_org_id, null) + source_arn = try(each.value.source_arn, null) + source_account = try(each.value.source_account, null) + event_source_token = try(each.value.event_source_token, null) + + lifecycle { + create_before_destroy = true + } } resource "aws_lambda_event_source_mapping" "this" { From 73cd5bd98540778f85bd7d9deecf555d6622690d Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 3 May 2024 10:40:02 +0000 Subject: [PATCH 05/70] chore(release): version 7.3.0 [skip ci] ## [7.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.6...v7.3.0) (2024-05-03) ### Features * Added create before destroy on aws_lambda_permission ([#561](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/561)) ([e9c4676](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/e9c467688de057a454646d5f947f3d4527f78a19)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 01f8181a..6f3d9553 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.6...v7.3.0) (2024-05-03) + + +### Features + +* Added create before destroy on aws_lambda_permission ([#561](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/561)) ([e9c4676](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/e9c467688de057a454646d5f947f3d4527f78a19)) + ## [7.2.6](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.5...v7.2.6) (2024-04-12) From 7256f7c226adf294bb6280f1fc4326d015e78d83 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 3 May 2024 13:04:36 +0200 Subject: [PATCH 06/70] feat: Added support for CW log_group_class and skip_destroy (#565) --- .pre-commit-config.yaml | 4 ++-- README.md | 2 ++ examples/complete/main.tf | 2 ++ main.tf | 2 ++ variables.tf | 12 ++++++++++++ wrappers/alias/versions.tf | 9 ++++++++- wrappers/deploy/versions.tf | 17 ++++++++++++++++- wrappers/docker-build/versions.tf | 17 ++++++++++++++++- wrappers/main.tf | 2 ++ wrappers/versions.tf | 21 ++++++++++++++++++++- 10 files changed, 82 insertions(+), 6 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 1e10e593..936a1c28 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.88.4 + rev: v1.89.1 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each @@ -24,7 +24,7 @@ repos: - "--args=--only=terraform_workspace_remote" - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 + rev: v4.6.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/README.md b/README.md index 90640480..8387b1ca 100644 --- a/README.md +++ b/README.md @@ -756,7 +756,9 @@ No modules. | [authorization\_type](#input\_authorization\_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS\_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no | | [build\_in\_docker](#input\_build\_in\_docker) | Whether to build dependencies in Docker | `bool` | `false` | no | | [cloudwatch\_logs\_kms\_key\_id](#input\_cloudwatch\_logs\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no | +| [cloudwatch\_logs\_log\_group\_class](#input\_cloudwatch\_logs\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no | | [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no | +| [cloudwatch\_logs\_skip\_destroy](#input\_cloudwatch\_logs\_skip\_destroy) | Whether to keep the log group (and any logs it may contain) at destroy time. | `bool` | `false` | no | | [cloudwatch\_logs\_tags](#input\_cloudwatch\_logs\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no | | [code\_signing\_config\_arn](#input\_code\_signing\_config\_arn) | Amazon Resource Name (ARN) for a Code Signing Configuration | `string` | `null` | no | | [compatible\_architectures](#input\_compatible\_architectures) | A list of Architectures Lambda layer is compatible with. Currently x86\_64 and arm64 can be specified. | `list(string)` | `null` | no | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 7f16007b..a8c6ff66 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -51,6 +51,8 @@ module "lambda_function" { Serverless = "Terraform" } + cloudwatch_logs_log_group_class = "INFREQUENT_ACCESS" + role_path = "/tf-managed/" policy_path = "/tf-managed/" diff --git a/main.tf b/main.tf index c479bc9a..eb5b5a8b 100644 --- a/main.tf +++ b/main.tf @@ -221,6 +221,8 @@ resource "aws_cloudwatch_log_group" "lambda" { name = coalesce(var.logging_log_group, "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}") retention_in_days = var.cloudwatch_logs_retention_in_days kms_key_id = var.cloudwatch_logs_kms_key_id + skip_destroy = var.cloudwatch_logs_skip_destroy + log_group_class = var.cloudwatch_logs_log_group_class tags = merge(var.tags, var.cloudwatch_logs_tags) } diff --git a/variables.tf b/variables.tf index c5c10395..42a18fe5 100644 --- a/variables.tf +++ b/variables.tf @@ -432,6 +432,18 @@ variable "cloudwatch_logs_kms_key_id" { default = null } +variable "cloudwatch_logs_skip_destroy" { + description = "Whether to keep the log group (and any logs it may contain) at destroy time." + type = bool + default = false +} + +variable "cloudwatch_logs_log_group_class" { + description = "Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS`" + type = string + default = null +} + variable "cloudwatch_logs_tags" { description = "A map of tags to assign to the resource." type = map(string) diff --git a/wrappers/alias/versions.tf b/wrappers/alias/versions.tf index 51cad108..dbc484ad 100644 --- a/wrappers/alias/versions.tf +++ b/wrappers/alias/versions.tf @@ -1,3 +1,10 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.9" + } + } } diff --git a/wrappers/deploy/versions.tf b/wrappers/deploy/versions.tf index 51cad108..5a82f93b 100644 --- a/wrappers/deploy/versions.tf +++ b/wrappers/deploy/versions.tf @@ -1,3 +1,18 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.35" + } + local = { + source = "hashicorp/local" + version = ">= 1.0" + } + null = { + source = "hashicorp/null" + version = ">= 2.0" + } + } } diff --git a/wrappers/docker-build/versions.tf b/wrappers/docker-build/versions.tf index 51cad108..93aadf1a 100644 --- a/wrappers/docker-build/versions.tf +++ b/wrappers/docker-build/versions.tf @@ -1,3 +1,18 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.22" + } + docker = { + source = "kreuzwerker/docker" + version = ">= 3.0" + } + null = { + source = "hashicorp/null" + version = ">= 2.0" + } + } } diff --git a/wrappers/main.tf b/wrappers/main.tf index b719de05..6816a5e1 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -21,7 +21,9 @@ module "wrapper" { authorization_type = try(each.value.authorization_type, var.defaults.authorization_type, "NONE") build_in_docker = try(each.value.build_in_docker, var.defaults.build_in_docker, false) cloudwatch_logs_kms_key_id = try(each.value.cloudwatch_logs_kms_key_id, var.defaults.cloudwatch_logs_kms_key_id, null) + cloudwatch_logs_log_group_class = try(each.value.cloudwatch_logs_log_group_class, var.defaults.cloudwatch_logs_log_group_class, null) cloudwatch_logs_retention_in_days = try(each.value.cloudwatch_logs_retention_in_days, var.defaults.cloudwatch_logs_retention_in_days, null) + cloudwatch_logs_skip_destroy = try(each.value.cloudwatch_logs_skip_destroy, var.defaults.cloudwatch_logs_skip_destroy, false) cloudwatch_logs_tags = try(each.value.cloudwatch_logs_tags, var.defaults.cloudwatch_logs_tags, {}) code_signing_config_arn = try(each.value.code_signing_config_arn, var.defaults.code_signing_config_arn, null) compatible_architectures = try(each.value.compatible_architectures, var.defaults.compatible_architectures, null) diff --git a/wrappers/versions.tf b/wrappers/versions.tf index 51cad108..6c511ac4 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -1,3 +1,22 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.32" + } + external = { + source = "hashicorp/external" + version = ">= 1.0" + } + local = { + source = "hashicorp/local" + version = ">= 1.0" + } + null = { + source = "hashicorp/null" + version = ">= 2.0" + } + } } From 8a370bab3e5eb6425ee6b8fbb8fbde00ab300f7a Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 3 May 2024 11:05:03 +0000 Subject: [PATCH 07/70] chore(release): version 7.4.0 [skip ci] ## [7.4.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.3.0...v7.4.0) (2024-05-03) ### Features * Added support for CW log_group_class and skip_destroy ([#565](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/565)) ([7256f7c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/7256f7c226adf294bb6280f1fc4326d015e78d83)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f3d9553..de1304e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.4.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.3.0...v7.4.0) (2024-05-03) + + +### Features + +* Added support for CW log_group_class and skip_destroy ([#565](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/565)) ([7256f7c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/7256f7c226adf294bb6280f1fc4326d015e78d83)) + ## [7.3.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.2.6...v7.3.0) (2024-05-03) From 4f77bfcd4083857d6aefccb5a891ee00ffd559b0 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Mon, 20 May 2024 17:37:21 -0400 Subject: [PATCH 08/70] chore: Add Python zip archive that is agnostic of a specific Python runtime version (#573) --- examples/fixtures/python-function.zip | Bin 0 -> 348 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 examples/fixtures/python-function.zip diff --git a/examples/fixtures/python-function.zip b/examples/fixtures/python-function.zip new file mode 100644 index 0000000000000000000000000000000000000000..d713a91254d967fb6e5e8b58f854a700a88306ec GIT binary patch literal 348 zcmWIWW@Zs#U|`^2xSq8;z@k;!#}CL00gEs&Wag!$R_GN}dVBf?pYS~6>*d*V-s6n- zNl)EN9=hIVwJ!#GoI9`WxmM%imPbJhO-+l=>=EKs?Y}Z-PEG5UMSo&ik2EnkyQ=!? zZ72!M^2`jJ#}uJ0&JX~%Q*Y(YfP+gPFVh3s2f~6toSB}NUz8eOkdvBNoT^t+QNn%l zgie^p=`)_88s|>vpY;qpaaupn!z=W}8SitNzMj5}Mj}GplZ=f{2YubK186uSlL#|z uF9B@;gC&h13g$s%UDzB2(Zj&7q_G5~3*CtU-mGjOB}_nA3ZyTBI1B*cYGn2R literal 0 HcmV?d00001 From 02ab668458c87792861a54f54fd1b00e97afcc68 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 7 Jun 2024 23:20:53 +0200 Subject: [PATCH 09/70] feat: Renamed python3.8-11 to python3.12 in examples, added tag to resources (#583) --- .pre-commit-config.yaml | 2 +- README.md | 50 +++---- examples/alias/main.tf | 4 +- examples/async/main.tf | 4 +- examples/build-package/main.tf | 130 +++++++++--------- examples/code-signing/main.tf | 4 +- examples/complete/main.tf | 52 +++---- examples/deploy/main.tf | 4 +- examples/event-source-mapping/main.tf | 4 +- .../docker/Dockerfile | 2 +- .../ignore_please.txt | 0 .../index.py | 0 .../poetry.lock | 0 .../poetry.toml | 0 .../pyproject.toml | 2 +- .../README.md | 0 .../poetry.lock | 0 .../pyproject.toml | 4 +- .../src/python_app_src_poetry}/__init__.py | 0 .../tests/__init__.py | 0 .../dir1/dir2/ignore2.txt | 0 .../docker/Dockerfile | 4 +- .../docker/automake-1.13-to-1.16-spec.patch | 0 .../docker/entrypoint.sh | 0 .../ignore_please.txt | 0 .../{python3.8-app1 => python-app1}/index.py | 0 .../requirements.txt | 0 .../{python3.8-app2 => python-app2}/index.py | 0 .../fixtures/python-zip/existing_package.zip | Bin 0 -> 348 bytes .../fixtures/python3.9-app-poetry/index.py | 4 - examples/multiple-regions/main.tf | 8 +- examples/simple-cicd/main.tf | 5 +- examples/simple-cicd/test.sh | 4 +- examples/simple/main.tf | 56 ++++---- examples/triggers/main.tf | 4 +- examples/with-efs/main.tf | 4 +- examples/with-vpc-s3-endpoint/main.tf | 4 +- examples/with-vpc/main.tf | 4 +- main.tf | 6 +- modules/alias/README.md | 2 +- modules/deploy/README.md | 2 +- package.py | 2 +- tests/test_package_toml.py | 2 +- 43 files changed, 186 insertions(+), 187 deletions(-) rename examples/fixtures/{python3.9-app-poetry => python-app-poetry}/docker/Dockerfile (74%) rename examples/fixtures/{python3.8-app1 => python-app-poetry}/ignore_please.txt (100%) rename examples/fixtures/{python3.10-app1 => python-app-poetry}/index.py (100%) rename examples/fixtures/{python3.9-app-poetry => python-app-poetry}/poetry.lock (100%) rename examples/fixtures/{python3.9-app-poetry => python-app-poetry}/poetry.toml (100%) rename examples/fixtures/{python3.9-app-poetry => python-app-poetry}/pyproject.toml (90%) rename examples/fixtures/{python3.9-app-src-poetry => python-app-src-poetry}/README.md (100%) rename examples/fixtures/{python3.9-app-src-poetry => python-app-src-poetry}/poetry.lock (100%) rename examples/fixtures/{python3.9-app-src-poetry => python-app-src-poetry}/pyproject.toml (72%) rename examples/fixtures/{python3.9-app-src-poetry/src/python39_app_src_poetry => python-app-src-poetry/src/python_app_src_poetry}/__init__.py (100%) rename examples/fixtures/{python3.9-app-src-poetry => python-app-src-poetry}/tests/__init__.py (100%) rename examples/fixtures/{python3.8-app1 => python-app1}/dir1/dir2/ignore2.txt (100%) rename examples/fixtures/{python3.8-app1 => python-app1}/docker/Dockerfile (87%) rename examples/fixtures/{python3.8-app1 => python-app1}/docker/automake-1.13-to-1.16-spec.patch (100%) rename examples/fixtures/{python3.8-app1 => python-app1}/docker/entrypoint.sh (100%) rename examples/fixtures/{python3.9-app-poetry => python-app1}/ignore_please.txt (100%) rename examples/fixtures/{python3.8-app1 => python-app1}/index.py (100%) rename examples/fixtures/{python3.8-app1 => python-app1}/requirements.txt (100%) rename examples/fixtures/{python3.8-app2 => python-app2}/index.py (100%) create mode 100644 examples/fixtures/python-zip/existing_package.zip delete mode 100644 examples/fixtures/python3.9-app-poetry/index.py diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 936a1c28..74e21201 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.89.1 + rev: v1.91.0 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/README.md b/README.md index 8387b1ca..d28a8b57 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ module "lambda_function" { function_name = "my-lambda1" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" source_path = "../src/lambda-function1" @@ -56,7 +56,7 @@ module "lambda_function" { function_name = "lambda-with-layer" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" publish = true source_path = "../src/lambda-function1" @@ -84,7 +84,7 @@ module "lambda_layer_s3" { layer_name = "lambda-layer-s3" description = "My amazing lambda layer (deployed from S3)" - compatible_runtimes = ["python3.8"] + compatible_runtimes = ["python3.12"] source_path = "../src/lambda-layer" @@ -102,7 +102,7 @@ module "lambda_function_existing_package_local" { function_name = "my-lambda-existing-package-local" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" create_package = false local_existing_package = "../existing_package.zip" @@ -126,7 +126,7 @@ module "lambda_function_externally_managed_package" { function_name = "my-lambda-externally-managed-package" description = "My lambda function code is deployed separately" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" create_package = false local_existing_package = "./lambda_functions/code.zip" @@ -161,7 +161,7 @@ module "lambda_function_existing_package_s3" { function_name = "my-lambda-existing-package-local" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" create_package = false s3_existing_package = { @@ -197,9 +197,9 @@ module "lambda_layer_local" { layer_name = "my-layer-local" description = "My amazing lambda layer (deployed from local)" - compatible_runtimes = ["python3.8"] + compatible_runtimes = ["python3.12"] - source_path = "../fixtures/python3.8-app1" + source_path = "../fixtures/python-app1" } module "lambda_layer_s3" { @@ -209,9 +209,9 @@ module "lambda_layer_s3" { layer_name = "my-layer-s3" description = "My amazing lambda layer (deployed from S3)" - compatible_runtimes = ["python3.8"] + compatible_runtimes = ["python3.12"] - source_path = "../fixtures/python3.8-app1" + source_path = "../fixtures/python-app1" store_on_s3 = true s3_bucket = "my-bucket-id-with-lambda-builds" @@ -231,9 +231,9 @@ module "lambda_at_edge" { function_name = "my-lambda-at-edge" description = "My awesome lambda@edge function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" - source_path = "../fixtures/python3.8-app1" + source_path = "../fixtures/python-app1" tags = { Module = "lambda-at-edge" @@ -250,9 +250,9 @@ module "lambda_function_in_vpc" { function_name = "my-lambda-in-vpc" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" - source_path = "../fixtures/python3.8-app1" + source_path = "../fixtures/python-app1" vpc_subnet_ids = module.vpc.intra_subnets vpc_security_group_ids = [module.vpc.default_security_group_id] @@ -396,12 +396,12 @@ source_path = [ "!.*/.*\\.txt", # Skip all txt files recursively ] }, { - path = "src/python3.8-app1", + path = "src/python-app1", pip_requirements = true, pip_tmp_dir = "/tmp/dir/location" prefix_in_zip = "foo/bar1", }, { - path = "src/python3.8-app2", + path = "src/python-app2", pip_requirements = "requirements-large.txt", patterns = [ "!vendor/colorful-0.5.4.dist-info/RECORD", @@ -414,7 +414,7 @@ source_path = [ npm_tmp_dir = "/tmp/dir/location" prefix_in_zip = "foo/bar1", }, { - path = "src/python3.8-app3", + path = "src/python-app3", commands = [ "npm install", ":zip" @@ -424,7 +424,7 @@ source_path = [ "node_modules/.+", # Include all node_modules ], }, { - path = "src/python3.8-app3", + path = "src/python-app3", commands = ["go build"], patterns = <"] diff --git a/examples/fixtures/python3.9-app-src-poetry/README.md b/examples/fixtures/python-app-src-poetry/README.md similarity index 100% rename from examples/fixtures/python3.9-app-src-poetry/README.md rename to examples/fixtures/python-app-src-poetry/README.md diff --git a/examples/fixtures/python3.9-app-src-poetry/poetry.lock b/examples/fixtures/python-app-src-poetry/poetry.lock similarity index 100% rename from examples/fixtures/python3.9-app-src-poetry/poetry.lock rename to examples/fixtures/python-app-src-poetry/poetry.lock diff --git a/examples/fixtures/python3.9-app-src-poetry/pyproject.toml b/examples/fixtures/python-app-src-poetry/pyproject.toml similarity index 72% rename from examples/fixtures/python3.9-app-src-poetry/pyproject.toml rename to examples/fixtures/python-app-src-poetry/pyproject.toml index 2b890b79..7ceca4c4 100644 --- a/examples/fixtures/python3.9-app-src-poetry/pyproject.toml +++ b/examples/fixtures/python-app-src-poetry/pyproject.toml @@ -1,10 +1,10 @@ [tool.poetry] -name = "python3-9-app-src-poetry" +name = "python-app-src-poetry" version = "0.1.0" description = "" authors = ["Your Name "] readme = "README.md" -packages = [{include = "python39_app_src_poetry", from = "src"}] +packages = [{include = "python_app_src_poetry", from = "src"}] [tool.poetry.dependencies] python = "^3.9" diff --git a/examples/fixtures/python3.9-app-src-poetry/src/python39_app_src_poetry/__init__.py b/examples/fixtures/python-app-src-poetry/src/python_app_src_poetry/__init__.py similarity index 100% rename from examples/fixtures/python3.9-app-src-poetry/src/python39_app_src_poetry/__init__.py rename to examples/fixtures/python-app-src-poetry/src/python_app_src_poetry/__init__.py diff --git a/examples/fixtures/python3.9-app-src-poetry/tests/__init__.py b/examples/fixtures/python-app-src-poetry/tests/__init__.py similarity index 100% rename from examples/fixtures/python3.9-app-src-poetry/tests/__init__.py rename to examples/fixtures/python-app-src-poetry/tests/__init__.py diff --git a/examples/fixtures/python3.8-app1/dir1/dir2/ignore2.txt b/examples/fixtures/python-app1/dir1/dir2/ignore2.txt similarity index 100% rename from examples/fixtures/python3.8-app1/dir1/dir2/ignore2.txt rename to examples/fixtures/python-app1/dir1/dir2/ignore2.txt diff --git a/examples/fixtures/python3.8-app1/docker/Dockerfile b/examples/fixtures/python-app1/docker/Dockerfile similarity index 87% rename from examples/fixtures/python3.8-app1/docker/Dockerfile rename to examples/fixtures/python-app1/docker/Dockerfile index aeab9fee..fa0eb25f 100644 --- a/examples/fixtures/python3.8-app1/docker/Dockerfile +++ b/examples/fixtures/python-app1/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM public.ecr.aws/sam/build-python3.8 as build +FROM public.ecr.aws/sam/build-python3.12 as build LABEL maintainer="Betajob AS" \ description="Patched AWS Lambda build container" @@ -20,7 +20,7 @@ RUN \ && rpmbuild -ba SPECS/automake.spec --nocheck \ && yum install -y RPMS/noarch/* -FROM public.ecr.aws/sam/build-python3.8 +FROM public.ecr.aws/sam/build-python3.12 COPY --from=build /root/rpmbuild/RPMS/noarch/*.rpm . RUN yum install -y *.rpm \ && rm *.rpm diff --git a/examples/fixtures/python3.8-app1/docker/automake-1.13-to-1.16-spec.patch b/examples/fixtures/python-app1/docker/automake-1.13-to-1.16-spec.patch similarity index 100% rename from examples/fixtures/python3.8-app1/docker/automake-1.13-to-1.16-spec.patch rename to examples/fixtures/python-app1/docker/automake-1.13-to-1.16-spec.patch diff --git a/examples/fixtures/python3.8-app1/docker/entrypoint.sh b/examples/fixtures/python-app1/docker/entrypoint.sh similarity index 100% rename from examples/fixtures/python3.8-app1/docker/entrypoint.sh rename to examples/fixtures/python-app1/docker/entrypoint.sh diff --git a/examples/fixtures/python3.9-app-poetry/ignore_please.txt b/examples/fixtures/python-app1/ignore_please.txt similarity index 100% rename from examples/fixtures/python3.9-app-poetry/ignore_please.txt rename to examples/fixtures/python-app1/ignore_please.txt diff --git a/examples/fixtures/python3.8-app1/index.py b/examples/fixtures/python-app1/index.py similarity index 100% rename from examples/fixtures/python3.8-app1/index.py rename to examples/fixtures/python-app1/index.py diff --git a/examples/fixtures/python3.8-app1/requirements.txt b/examples/fixtures/python-app1/requirements.txt similarity index 100% rename from examples/fixtures/python3.8-app1/requirements.txt rename to examples/fixtures/python-app1/requirements.txt diff --git a/examples/fixtures/python3.8-app2/index.py b/examples/fixtures/python-app2/index.py similarity index 100% rename from examples/fixtures/python3.8-app2/index.py rename to examples/fixtures/python-app2/index.py diff --git a/examples/fixtures/python-zip/existing_package.zip b/examples/fixtures/python-zip/existing_package.zip new file mode 100644 index 0000000000000000000000000000000000000000..d713a91254d967fb6e5e8b58f854a700a88306ec GIT binary patch literal 348 zcmWIWW@Zs#U|`^2xSq8;z@k;!#}CL00gEs&Wag!$R_GN}dVBf?pYS~6>*d*V-s6n- zNl)EN9=hIVwJ!#GoI9`WxmM%imPbJhO-+l=>=EKs?Y}Z-PEG5UMSo&ik2EnkyQ=!? zZ72!M^2`jJ#}uJ0&JX~%Q*Y(YfP+gPFVh3s2f~6toSB}NUz8eOkdvBNoT^t+QNn%l zgie^p=`)_88s|>vpY;qpaaupn!z=W}8SitNzMj5}Mj}GplZ=f{2YubK186uSlL#|z uF9B@;gC&h13g$s%UDzB2(Zj&7q_G5~3*CtU-mGjOB}_nA3ZyTBI1B*cYGn2R literal 0 HcmV?d00001 diff --git a/examples/fixtures/python3.9-app-poetry/index.py b/examples/fixtures/python3.9-app-poetry/index.py deleted file mode 100644 index 396c5054..00000000 --- a/examples/fixtures/python3.9-app-poetry/index.py +++ /dev/null @@ -1,4 +0,0 @@ -def lambda_handler(event, context): - print("Hello from app1!") - - return event diff --git a/examples/multiple-regions/main.tf b/examples/multiple-regions/main.tf index dd2e229c..d30e1c2a 100644 --- a/examples/multiple-regions/main.tf +++ b/examples/multiple-regions/main.tf @@ -27,10 +27,10 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda1" description = "My awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" publish = true - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" attach_dead_letter_policy = true dead_letter_target_arn = aws_sqs_queue.dlq.arn @@ -124,10 +124,10 @@ module "lambda_function_another_region" { function_name = "${random_pet.this.id}-lambda1" description = "Copy of my awesome lambda function" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" publish = true - source_path = "${path.module}/../fixtures/python3.8-app1" + source_path = "${path.module}/../fixtures/python-app1" attach_dead_letter_policy = true dead_letter_target_arn = aws_sqs_queue.dlq_us_east_1.arn diff --git a/examples/simple-cicd/main.tf b/examples/simple-cicd/main.tf index 66afc150..deefc9aa 100644 --- a/examples/simple-cicd/main.tf +++ b/examples/simple-cicd/main.tf @@ -1,6 +1,5 @@ provider "aws" { region = "eu-west-1" - # region = "us-east-1" # Make it faster by skipping something skip_metadata_api_check = true @@ -17,10 +16,10 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda-simple" handler = "index.lambda_handler" - runtime = "python3.10" + runtime = "python3.12" source_path = [ - "${path.module}/src/python3.10-app1", + "${path.module}/src/python-app1", ] trigger_on_package_timestamp = false } diff --git a/examples/simple-cicd/test.sh b/examples/simple-cicd/test.sh index 90ce9804..64cfbf57 100755 --- a/examples/simple-cicd/test.sh +++ b/examples/simple-cicd/test.sh @@ -65,7 +65,7 @@ terraform() { :note "Preparing ..." rm -rf src mkdir -p src -cp -r "../fixtures/python3.10-app1" src +cp -r "../fixtures/python-app1" src terraform init :echo "Destroy / Remove ZIP files" terraform destroy @@ -96,7 +96,7 @@ rm -rf builds 2>/dev/null || true :note "Starting Part 2: Check that CICD environment will detect diff if lambda code changes" :note "Change the source code / Remove 'builds' dir" -echo "" >> src/python3.10-app1/index.py +echo "" >> src/python-app1/index.py rm -rf builds :case "Plan / Expect diff" && { diff --git a/examples/simple/main.tf b/examples/simple/main.tf index ab9aba1a..20c51910 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -17,12 +17,12 @@ resource "random_pet" "this" { # # function_name = "${random_pet.this.id}-lambda-edge" # handler = "index.lambda_handler" -# runtime = "python3.8" +# runtime = "python3.12" # lambda_at_edge = true # # attach_cloudwatch_logs_policy = true # -# source_path = "${path.module}/../fixtures/python3.8-app1/" +# source_path = "${path.module}/../fixtures/python-app1/" #} #resource "aws_cloudwatch_log_group" "this" { @@ -36,7 +36,7 @@ module "lambda_function" { function_name = "${random_pet.this.id}-lambda-simple" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" # role_maximum_session_duration = 7200 @@ -87,51 +87,51 @@ module "lambda_function" { # } # } - # source_path = "${path.module}/../fixtures/python3.8-app1/" + # source_path = "${path.module}/../fixtures/python-app1/" # source_path = [ - # "${path.module}/../fixtures/python3.8-app1/index.py", + # "${path.module}/../fixtures/python-app1/index.py", # { - # pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" + # pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" # prefix_in_zip = "vendor" # } # ] # source_path = [ - # "${path.module}/../fixtures/python3.8-app1/index.py", - # "${path.module}/../fixtures/python3.8-app1/dir1/dir2", + # "${path.module}/../fixtures/python-app1/index.py", + # "${path.module}/../fixtures/python-app1/dir1/dir2", # { - # pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" + # pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" # } # ] # source_path = [ # { - # path = "${path.module}/../fixtures/python3.8-app1" + # path = "${path.module}/../fixtures/python-app1" # } # ] # source_path = [ # { - # path = "${path.module}/../fixtures/python3.8-app1" + # path = "${path.module}/../fixtures/python-app1" # pip_requirements = false # } # ] # source_path = [ # { - # path = "${path.module}/../fixtures/python3.8-app1" + # path = "${path.module}/../fixtures/python-app1" # pip_requirements = true # } # ] # source_path = [ # { - # path = "${path.module}/../fixtures/python3.8-app1" + # path = "${path.module}/../fixtures/python-app1" # commands = [ # ":zip", # "cd `mktemp -d`", - # "pip install --target=. -r ${path.module}/../fixtures/python3.8-app1/requirements.txt", + # "pip install --target=. -r ${path.module}/../fixtures/python-app1/requirements.txt", # ":zip . vendor/", # ] # patterns = [ @@ -144,12 +144,12 @@ module "lambda_function" { source_path = [ # { - # pip_requirements = "${path.module}/../fixtures/python3.8-app1/requirements.txt" + # pip_requirements = "${path.module}/../fixtures/python-app1/requirements.txt" # pip_requirements = "${path.module}/../deploy/requirements.txt" # }, - "${path.module}/../fixtures/python3.8-app1/index.py", + "${path.module}/../fixtures/python-app1/index.py", # { - # path = "${path.module}/../fixtures/python3.8-app1/index.py" + # path = "${path.module}/../fixtures/python-app1/index.py" # patterns = < Date: Fri, 7 Jun 2024 21:21:22 +0000 Subject: [PATCH 10/70] chore(release): version 7.5.0 [skip ci] ## [7.5.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.4.0...v7.5.0) (2024-06-07) ### Features * Renamed python3.8-11 to python3.12 in examples, added tag to resources ([#583](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/583)) ([02ab668](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/02ab668458c87792861a54f54fd1b00e97afcc68)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index de1304e2..fc0d1019 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.5.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.4.0...v7.5.0) (2024-06-07) + + +### Features + +* Renamed python3.8-11 to python3.12 in examples, added tag to resources ([#583](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/583)) ([02ab668](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/02ab668458c87792861a54f54fd1b00e97afcc68)) + ## [7.4.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.3.0...v7.4.0) (2024-05-03) From 3aa288fee324e64a8db409e5a32abaeebe38e6c2 Mon Sep 17 00:00:00 2001 From: Morgan Chorlton <32246773+morganchorlton3@users.noreply.github.com> Date: Wed, 12 Jun 2024 09:03:57 +0100 Subject: [PATCH 11/70] feat: Support passing extra args to poetry export (#584) --- README.md | 1 + package.py | 49 ++++++++++++++++++++++++++++++++++--------------- 2 files changed, 35 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index d28a8b57..7fdbe539 100644 --- a/README.md +++ b/README.md @@ -459,6 +459,7 @@ source_path = [ - `pip_requirements` - Controls whether to execute `pip install`. Set to `false` to disable this feature, `true` to run `pip install` with `requirements.txt` found in `path`. Or set to another filename which you want to use instead. When `source_path` is passed as a string containing a path (and not a list of maps), and `requirements.txt` is present, `pip install` is automatically executed. - `pip_tmp_dir` - Set the base directory to make the temporary directory for pip installs. Can be useful for Docker in Docker builds. - `poetry_install` - Controls whether to execute `poetry export` and `pip install`. Set to `false` to disable this feature, `true` to run `poetry export` with `pyproject.toml` and `poetry.lock` found in `path`. When `source_path` is passed as a string containing a path (and not a list of maps), and `pyproject.toml` with a build system `poetry` is present, `poetry export` and `pip install` are automatically executed. +- `poetry_export_extra_args` - A list of additional poetry arguments to add to the poetry export command - `npm_requirements` - Controls whether to execute `npm install`. Set to `false` to disable this feature, `true` to run `npm install` with `package.json` found in `path`. Or set to another filename which you want to use instead. - `npm_tmp_dir` - Set the base directory to make the temporary directory for npm installs. Can be useful for Docker in Docker builds. - `prefix_in_zip` - If specified, will be used as a prefix inside zip-archive. By default, everything installs into the root of zip-archive. diff --git a/package.py b/package.py index 7e96d784..1552e8e2 100644 --- a/package.py +++ b/package.py @@ -693,7 +693,9 @@ def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): step("pip", runtime, requirements, prefix, tmp_dir) hash(requirements) - def poetry_install_step(path, prefix=None, required=False): + def poetry_install_step( + path, poetry_export_extra_args=[], prefix=None, required=False + ): pyproject_file = path if os.path.isdir(path): pyproject_file = os.path.join(path, "pyproject.toml") @@ -703,7 +705,7 @@ def poetry_install_step(path, prefix=None, required=False): "poetry configuration not found: {}".format(pyproject_file) ) else: - step("poetry", runtime, path, prefix) + step("poetry", runtime, path, poetry_export_extra_args, prefix) hash(pyproject_file) pyproject_path = os.path.dirname(pyproject_file) poetry_lock_file = os.path.join(pyproject_path, "poetry.lock") @@ -807,6 +809,7 @@ def commands_step(path, commands): prefix = claim.get("prefix_in_zip") pip_requirements = claim.get("pip_requirements") poetry_install = claim.get("poetry_install") + poetry_export_extra_args = claim.get("poetry_export_extra_args", []) npm_requirements = claim.get("npm_package_json") runtime = claim.get("runtime", query.runtime) @@ -828,7 +831,12 @@ def commands_step(path, commands): if poetry_install and runtime.startswith("python"): if path: - poetry_install_step(path, prefix, required=True) + poetry_install_step( + path, + prefix=prefix, + poetry_export_extra_args=poetry_export_extra_args, + required=True, + ) if npm_requirements and runtime.startswith("nodejs"): if isinstance(npm_requirements, bool) and path: @@ -898,8 +906,16 @@ def execute(self, build_plan, zip_stream, query): # XXX: timestamp=0 - what actually do with it? zs.write_dirs(rd, prefix=prefix, timestamp=0) elif cmd == "poetry": - runtime, path, prefix = action[1:] - with install_poetry_dependencies(query, path) as rd: + ( + runtime, + path, + poetry_export_extra_args, + prefix, + ) = action[1:] + log.info("poetry_export_extra_args: %s", poetry_export_extra_args) + with install_poetry_dependencies( + query, path, poetry_export_extra_args + ) as rd: if rd: if pf: self._zip_write_with_filter(zs, pf, rd, prefix, timestamp=0) @@ -1094,7 +1110,7 @@ def install_pip_requirements(query, requirements_file, tmp_dir): @contextmanager -def install_poetry_dependencies(query, path): +def install_poetry_dependencies(query, path, poetry_export_extra_args): # TODO: # 1. Emit files instead of temp_dir @@ -1183,6 +1199,17 @@ def copy_file_to_target(file, temp_dir): # NOTE: poetry must be available in the build environment, which is the case with lambci/lambda:build-python* docker images but not public.ecr.aws/sam/build-python* docker images # FIXME: poetry install does not currently allow to specify the target directory so we export the # requirements then install them with "pip --no-deps" to avoid using pip dependency resolver + + poetry_export = [ + poetry_exec, + "export", + "--format", + "requirements.txt", + "--output", + "requirements.txt", + "--with-credentials", + ] + poetry_export_extra_args + poetry_commands = [ [ poetry_exec, @@ -1198,15 +1225,7 @@ def copy_file_to_target(file, temp_dir): "virtualenvs.in-project", "true", ], - [ - poetry_exec, - "export", - "--format", - "requirements.txt", - "--output", - "requirements.txt", - "--with-credentials", - ], + poetry_export, [ python_exec, "-m", From 3aa5b7ef58095ab1217c81a756f54501dd21d9e1 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 12 Jun 2024 08:04:33 +0000 Subject: [PATCH 12/70] chore(release): version 7.6.0 [skip ci] ## [7.6.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.5.0...v7.6.0) (2024-06-12) ### Features * Support passing extra args to poetry export ([#584](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/584)) ([3aa288f](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/3aa288fee324e64a8db409e5a32abaeebe38e6c2)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fc0d1019..0a859646 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.6.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.5.0...v7.6.0) (2024-06-12) + + +### Features + +* Support passing extra args to poetry export ([#584](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/584)) ([3aa288f](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/3aa288fee324e64a8db409e5a32abaeebe38e6c2)) + ## [7.5.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.4.0...v7.5.0) (2024-06-07) From 6549ca1301c74880e41440aa314e732739283e8a Mon Sep 17 00:00:00 2001 From: Alexandra Boarna <69867920+aleboarna@users.noreply.github.com> Date: Tue, 18 Jun 2024 10:41:41 +0300 Subject: [PATCH 13/70] feat: Added support for alias to have multiple filter criteria same as function (#585) --- modules/alias/main.tf | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/alias/main.tf b/modules/alias/main.tf index c2151c9f..b5f24f0f 100644 --- a/modules/alias/main.tf +++ b/modules/alias/main.tf @@ -167,8 +167,12 @@ resource "aws_lambda_event_source_mapping" "this" { for_each = try(each.value.filter_criteria, null) != null ? [true] : [] content { - filter { - pattern = try(each.value["filter_criteria"].pattern, null) + dynamic "filter" { + for_each = try(flatten([each.value.filter_criteria]), []) + + content { + pattern = try(filter.value.pattern, null) + } } } } From b88a85627c84a4e9d1ad2a655455d10b386bc63f Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 18 Jun 2024 07:42:24 +0000 Subject: [PATCH 14/70] chore(release): version 7.7.0 [skip ci] ## [7.7.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.6.0...v7.7.0) (2024-06-18) ### Features * Added support for alias to have multiple filter criteria same as function ([#585](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/585)) ([6549ca1](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/6549ca1301c74880e41440aa314e732739283e8a)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0a859646..378fed3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.7.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.6.0...v7.7.0) (2024-06-18) + + +### Features + +* Added support for alias to have multiple filter criteria same as function ([#585](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/585)) ([6549ca1](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/6549ca1301c74880e41440aa314e732739283e8a)) + ## [7.6.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.5.0...v7.6.0) (2024-06-12) From a058372431c552a0cb740a76beffe77285edeb91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sass=20D=C3=A1vid?= <51000212+sassdavid@users.noreply.github.com> Date: Thu, 25 Jul 2024 11:36:25 +0200 Subject: [PATCH 15/70] fix: Always use absolute path to temp folders (#599) --- package.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/package.py b/package.py index 1552e8e2..ded4056e 100644 --- a/package.py +++ b/package.py @@ -124,11 +124,12 @@ def tempdir(dir=None): """Creates a temporary directory and then deletes it afterwards.""" prefix = "terraform-aws-lambda-" path = tempfile.mkdtemp(prefix=prefix, dir=dir) - cmd_log.info("mktemp -d %sXXXXXXXX # %s", prefix, shlex.quote(path)) + abs_path = os.path.abspath(path) + cmd_log.info("mktemp -d %sXXXXXXXX # %s", prefix, shlex.quote(abs_path)) try: - yield path + yield abs_path finally: - shutil.rmtree(path) + shutil.rmtree(abs_path) def list_files(top_path, log=None): From f48be17ec03a53b85b7da1f2ad8787792f2425ee Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 25 Jul 2024 09:36:53 +0000 Subject: [PATCH 16/70] chore(release): version 7.7.1 [skip ci] ## [7.7.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.7.0...v7.7.1) (2024-07-25) ### Bug Fixes * Always use absolute path to temp folders ([#599](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/599)) ([a058372](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/a058372431c552a0cb740a76beffe77285edeb91)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 378fed3f..2e64b424 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.7.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.7.0...v7.7.1) (2024-07-25) + + +### Bug Fixes + +* Always use absolute path to temp folders ([#599](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/599)) ([a058372](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/a058372431c552a0cb740a76beffe77285edeb91)) + ## [7.7.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.6.0...v7.7.0) (2024-06-18) From 36c61093dbb6114f9880d40b225e7f00f83493f9 Mon Sep 17 00:00:00 2001 From: catrielg <122532038+catrielg@users.noreply.github.com> Date: Fri, 23 Aug 2024 22:46:35 +0300 Subject: [PATCH 17/70] feat: Added the skip_destroy argument for functions (#600) Co-authored-by: Anton Babenko --- .pre-commit-config.yaml | 2 +- README.md | 1 + main.tf | 1 + variables.tf | 6 ++++++ wrappers/main.tf | 1 + 5 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 74e21201..3ae4b8ba 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.91.0 + rev: v1.92.2 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/README.md b/README.md index 7fdbe539..dbbf0fb1 100644 --- a/README.md +++ b/README.md @@ -855,6 +855,7 @@ No modules. | [s3\_object\_tags\_only](#input\_s3\_object\_tags\_only) | Set to true to not merge tags with s3\_object\_tags. Useful to avoid breaching S3 Object 10 tag limit. | `bool` | `false` | no | | [s3\_prefix](#input\_s3\_prefix) | Directory name where artifacts should be stored in the S3 bucket. If unset, the path from `artifacts_dir` is used | `string` | `null` | no | | [s3\_server\_side\_encryption](#input\_s3\_server\_side\_encryption) | Specifies server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms". | `string` | `null` | no | +| [skip\_destroy](#input\_skip\_destroy) | Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. Useful for Lambda@Edge functions attached to CloudFront distributions. | `bool` | `null` | no | | [snap\_start](#input\_snap\_start) | (Optional) Snap start settings for low-latency startups | `bool` | `false` | no | | [source\_path](#input\_source\_path) | The absolute path to a local file or directory containing your Lambda source code | `any` | `null` | no | | [store\_on\_s3](#input\_store\_on\_s3) | Whether to store produced artifacts on S3 or locally. | `bool` | `false` | no | diff --git a/main.tf b/main.tf index 855da1a4..fc231abe 100644 --- a/main.tf +++ b/main.tf @@ -41,6 +41,7 @@ resource "aws_lambda_function" "this" { code_signing_config_arn = var.code_signing_config_arn replace_security_groups_on_destroy = var.replace_security_groups_on_destroy replacement_security_group_ids = var.replacement_security_group_ids + skip_destroy = var.skip_destroy /* ephemeral_storage is not supported in gov-cloud region, so it should be set to `null` */ dynamic "ephemeral_storage" { diff --git a/variables.tf b/variables.tf index 42a18fe5..829019c7 100644 --- a/variables.tf +++ b/variables.tf @@ -254,6 +254,12 @@ variable "timeouts" { default = {} } +variable "skip_destroy" { + description = "Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. Useful for Lambda@Edge functions attached to CloudFront distributions." + type = bool + default = null +} + ############### # Function URL ############### diff --git a/wrappers/main.tf b/wrappers/main.tf index 6816a5e1..72695c41 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -119,6 +119,7 @@ module "wrapper" { s3_object_tags_only = try(each.value.s3_object_tags_only, var.defaults.s3_object_tags_only, false) s3_prefix = try(each.value.s3_prefix, var.defaults.s3_prefix, null) s3_server_side_encryption = try(each.value.s3_server_side_encryption, var.defaults.s3_server_side_encryption, null) + skip_destroy = try(each.value.skip_destroy, var.defaults.skip_destroy, null) snap_start = try(each.value.snap_start, var.defaults.snap_start, false) source_path = try(each.value.source_path, var.defaults.source_path, null) store_on_s3 = try(each.value.store_on_s3, var.defaults.store_on_s3, false) From a84d8af737ed7b5a23e241a8bba46011b8b5743b Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 23 Aug 2024 19:47:02 +0000 Subject: [PATCH 18/70] chore(release): version 7.8.0 [skip ci] ## [7.8.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.7.1...v7.8.0) (2024-08-23) ### Features * Added the skip_destroy argument for functions ([#600](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/600)) ([36c6109](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/36c61093dbb6114f9880d40b225e7f00f83493f9)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2e64b424..115c6b0a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.8.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.7.1...v7.8.0) (2024-08-23) + + +### Features + +* Added the skip_destroy argument for functions ([#600](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/600)) ([36c6109](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/36c61093dbb6114f9880d40b225e7f00f83493f9)) + ## [7.7.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.7.0...v7.7.1) (2024-07-25) From 801e69c08b74217e7f1319b128d5efd264162aaf Mon Sep 17 00:00:00 2001 From: PaC#man Date: Fri, 23 Aug 2024 15:02:24 -0500 Subject: [PATCH 19/70] fix: Fix package.py commands after :zip not being executed (#606) Co-authored-by: Anton Babenko --- examples/build-package/README.md | 1 + examples/build-package/main.tf | 25 +++++++++++++++++++++++++ package.py | 3 +++ tests/fixtures/node-app/index.js | 1 + tests/fixtures/node-app/package.json | 16 ++++++++++++++++ 5 files changed, 46 insertions(+) create mode 100644 tests/fixtures/node-app/index.js create mode 100644 tests/fixtures/node-app/package.json diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 671fa45c..e77c0c59 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -37,6 +37,7 @@ Note that this example may create resources which cost money. Run `terraform des | [lambda\_layer](#module\_lambda\_layer) | ../../ | n/a | | [lambda\_layer\_pip\_requirements](#module\_lambda\_layer\_pip\_requirements) | ../.. | n/a | | [lambda\_layer\_poetry](#module\_lambda\_layer\_poetry) | ../../ | n/a | +| [npm\_package\_with\_commands\_and\_patterns](#module\_npm\_package\_with\_commands\_and\_patterns) | ../../ | n/a | | [package\_dir](#module\_package\_dir) | ../../ | n/a | | [package\_dir\_pip\_dir](#module\_package\_dir\_pip\_dir) | ../../ | n/a | | [package\_dir\_poetry](#module\_package\_dir\_poetry) | ../../ | n/a | diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 4c4ecb71..7119a5d5 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -244,6 +244,31 @@ module "package_with_commands_and_patterns" { ] } +# Some use cases might require the production packages are deployed while maintaining local node_modules folder +# This example saves the node_modules folder by moving it to an ignored directory +# After the zip file is created with production node_modules, the dev node_modules folder is restored +module "npm_package_with_commands_and_patterns" { + source = "../../" + + create_function = false + + runtime = "nodejs18.x" + source_path = [ + { + path = "${path.module}/../fixtures/node-app" + commands = [ + "[ ! -d node_modules ] || mv node_modules node_modules_temp", + "npm install --production", + ":zip", + "rm -rf node_modules", + "[ ! -d node_modules_temp ] || mv node_modules_temp node_modules", + ] + patterns = [ + "!node_modules_temp/.*" + ] + } + ] +} # Create zip-archive with various sources and patterns. # Note, that it is possible to write comments in patterns. module "package_with_patterns" { diff --git a/package.py b/package.py index ded4056e..620be347 100644 --- a/package.py +++ b/package.py @@ -779,6 +779,9 @@ def commands_step(path, commands): ) else: batch.append(c) + if batch: + step("sh", path, "\n".join(batch)) + batch.clear() for claim in claims: if isinstance(claim, str): diff --git a/tests/fixtures/node-app/index.js b/tests/fixtures/node-app/index.js new file mode 100644 index 00000000..09d4352e --- /dev/null +++ b/tests/fixtures/node-app/index.js @@ -0,0 +1 @@ +// test diff --git a/tests/fixtures/node-app/package.json b/tests/fixtures/node-app/package.json new file mode 100644 index 00000000..1bd4d69d --- /dev/null +++ b/tests/fixtures/node-app/package.json @@ -0,0 +1,16 @@ +{ + "name": "app", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "ISC", + "dependencies": { + }, + "devDependencies": { + "axios": "^1.7.3" + } +} From 1d122404c2a3834ce39a7c5a319a3e754d5b0c29 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 23 Aug 2024 20:02:55 +0000 Subject: [PATCH 20/70] chore(release): version 7.8.1 [skip ci] ## [7.8.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.8.0...v7.8.1) (2024-08-23) ### Bug Fixes * Fix package.py commands after :zip not being executed ([#606](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/606)) ([801e69c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/801e69c08b74217e7f1319b128d5efd264162aaf)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 115c6b0a..230339a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.8.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.8.0...v7.8.1) (2024-08-23) + + +### Bug Fixes + +* Fix package.py commands after :zip not being executed ([#606](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/606)) ([801e69c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/801e69c08b74217e7f1319b128d5efd264162aaf)) + ## [7.8.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.7.1...v7.8.0) (2024-08-23) From a6fe4115ac96592ecbda27f72d42536da6518add Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 10 Sep 2024 14:39:20 -0700 Subject: [PATCH 21/70] feat: Added more examples for Rust, Go, Java runtimes (#612) Co-authored-by: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com> --- .pre-commit-config.yaml | 4 +- README.md | 9 +- examples/alias/README.md | 4 +- examples/async/README.md | 4 +- examples/build-package/README.md | 6 +- examples/code-signing/README.md | 4 +- examples/complete/README.md | 4 +- examples/container-image/README.md | 4 +- examples/deploy/README.md | 4 +- examples/event-source-mapping/README.md | 63 ++++++++++++ examples/fixtures/runtimes/go/.gitignore | 2 + examples/fixtures/runtimes/go/go.mod | 5 + examples/fixtures/runtimes/go/main.go | 23 +++++ examples/fixtures/runtimes/java21/.gitignore | 2 + .../fixtures/runtimes/java21/build.gradle | 40 ++++++++ .../java21/src/main/java/example/Handler.java | 19 ++++ examples/fixtures/runtimes/rust/.gitignore | 2 + examples/fixtures/runtimes/rust/Cargo.toml | 20 ++++ examples/fixtures/runtimes/rust/src/main.rs | 30 ++++++ examples/multiple-regions/README.md | 4 +- examples/runtimes/README.md | 68 +++++++++++++ examples/runtimes/checks.tf | 37 +++++++ examples/runtimes/main.tf | 98 +++++++++++++++++++ examples/runtimes/outputs.tf | 24 +++++ examples/runtimes/variables.tf | 0 examples/runtimes/versions.tf | 18 ++++ examples/simple-cicd/README.md | 4 +- examples/simple/README.md | 4 +- examples/triggers/README.md | 4 +- examples/with-efs/README.md | 4 +- examples/with-vpc-s3-endpoint/README.md | 4 +- examples/with-vpc/README.md | 4 +- modules/alias/README.md | 4 +- modules/deploy/README.md | 4 +- modules/docker-build/README.md | 4 +- 35 files changed, 495 insertions(+), 39 deletions(-) create mode 100644 examples/fixtures/runtimes/go/.gitignore create mode 100644 examples/fixtures/runtimes/go/go.mod create mode 100644 examples/fixtures/runtimes/go/main.go create mode 100644 examples/fixtures/runtimes/java21/.gitignore create mode 100644 examples/fixtures/runtimes/java21/build.gradle create mode 100644 examples/fixtures/runtimes/java21/src/main/java/example/Handler.java create mode 100644 examples/fixtures/runtimes/rust/.gitignore create mode 100644 examples/fixtures/runtimes/rust/Cargo.toml create mode 100644 examples/fixtures/runtimes/rust/src/main.rs create mode 100644 examples/runtimes/README.md create mode 100644 examples/runtimes/checks.tf create mode 100644 examples/runtimes/main.tf create mode 100644 examples/runtimes/outputs.tf create mode 100644 examples/runtimes/variables.tf create mode 100644 examples/runtimes/versions.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3ae4b8ba..7523e5a5 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.92.2 + rev: v1.94.3 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each @@ -29,3 +29,5 @@ repos: - id: check-merge-conflict - id: end-of-file-fixer - id: trailing-whitespace + - id: mixed-line-ending + args: [--fix=lf] diff --git a/README.md b/README.md index dbbf0fb1..8661d7ee 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ This Terraform module is the part of [serverless.tf framework](https://github.co ## Features - Build dependencies for your Lambda Function and Layer. -- Support builds locally and in Docker (with or without SSH agent support for private builds). +- Support builds locally and in Docker (with or without SSH agent support for private builds) for any runtime and architecture supported by AWS Lambda. - Create deployment package or deploy existing (previously built package) from local, from S3, from URL, or from AWS ECR repository. - Store deployment packages locally or in the S3 bucket. - Support almost all features of Lambda resources (function, layer, alias, etc.) @@ -384,7 +384,7 @@ When `source_path` is set to a list of directories the content of each will be t ### Combine various options for extreme flexibility -This is the most complete way of creating a deployment package from multiple sources with multiple dependencies. This example is showing some of the available options (see [examples/build-package](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) for more): +This is the most complete way of creating a deployment package from multiple sources with multiple dependencies. This example is showing some of the available options (see [examples/build-package](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) and [examples/runtimes](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/runtimes) for more): ```hcl source_path = [ @@ -643,6 +643,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo - [Complete](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/complete) - Create Lambda resources in various combinations with all supported features. - [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Create a Docker image with a platform specified in the Dockerfile (using [docker provider](https://registry.terraform.io/providers/kreuzwerker/docker)), push it to AWS ECR, and create Lambda function from it. - [Build and Package](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) - Build and create deployment packages in various ways. +- [Runtimes](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) - Build and create deployment packages for various runtimes (such as Rust, Go, Java). - [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create static and dynamic aliases in various ways. - [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Complete end-to-end build/update/deploy process using AWS CodeDeploy. - [Async Invocations](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/async) - Create Lambda Function with async event configuration (with SQS, SNS, and EventBridge integration). @@ -660,7 +661,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo - [1Mill/serverless-tf-examples](https://github.com/1Mill/serverless-tf-examples/tree/main/src) - + ## Requirements | Name | Version | @@ -904,7 +905,7 @@ No modules. | [lambda\_role\_unique\_id](#output\_lambda\_role\_unique\_id) | The unique id of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + ## Development diff --git a/examples/alias/README.md b/examples/alias/README.md index 6326614c..bc734f66 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -14,7 +14,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -83,4 +83,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/async/README.md b/examples/async/README.md index 40c6fbb9..5223af96 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -14,7 +14,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -72,4 +72,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/build-package/README.md b/examples/build-package/README.md index e77c0c59..f4856320 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -2,6 +2,8 @@ Configuration in this directory creates deployment packages in a variety of combinations. +Look into [Runtimes Examples](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/runtimes) for more ways to build and deploy AWS Lambda Functions using supported runtimes (Rust, Go, Java). + ## Usage To run this example you need to execute: @@ -14,7 +16,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -69,4 +71,4 @@ No inputs. ## Outputs No outputs. - + diff --git a/examples/code-signing/README.md b/examples/code-signing/README.md index feaa1b38..e1a5a692 100644 --- a/examples/code-signing/README.md +++ b/examples/code-signing/README.md @@ -14,7 +14,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -59,4 +59,4 @@ No inputs. | [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | | [lambda\_function\_signing\_job\_arn](#output\_lambda\_function\_signing\_job\_arn) | ARN of the signing job | | [lambda\_function\_signing\_profile\_version\_arn](#output\_lambda\_function\_signing\_profile\_version\_arn) | ARN of the signing profile version | - + diff --git a/examples/complete/README.md b/examples/complete/README.md index 92c3256b..eba6ef49 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -15,7 +15,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -92,4 +92,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 4ee6505a..4053da3a 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -14,7 +14,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -79,4 +79,4 @@ No inputs. | [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version | | [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | - + diff --git a/examples/deploy/README.md b/examples/deploy/README.md index b900c919..198f5cf4 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -14,7 +14,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -63,4 +63,4 @@ No inputs. | [codedeploy\_iam\_role\_name](#output\_codedeploy\_iam\_role\_name) | Name of IAM role used by CodeDeploy | | [deploy\_script](#output\_deploy\_script) | Path to a deployment script | | [script](#output\_script) | Deployment script | - + diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md index 0f34132e..fcf53677 100644 --- a/examples/event-source-mapping/README.md +++ b/examples/event-source-mapping/README.md @@ -13,3 +13,66 @@ $ terraform apply ``` Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 5.32 | +| [random](#requirement\_random) | >= 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 5.32 | +| [random](#provider\_random) | >= 2.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | + +## Resources + +| Name | Type | +|------|------| +| [aws_dynamodb_table.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource | +| [aws_kinesis_stream.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_stream) | resource | +| [aws_mq_broker.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker) | resource | +| [aws_secretsmanager_secret.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource | +| [aws_secretsmanager_secret_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource | +| [aws_sqs_queue.failure](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | +| [aws_sqs_queue.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | +| [random_password.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | +| [aws_organizations_organization.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [lambda\_event\_source\_mapping\_function\_arn](#output\_lambda\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | +| [lambda\_event\_source\_mapping\_state](#output\_lambda\_event\_source\_mapping\_state) | The state of the event source mapping | +| [lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | +| [lambda\_event\_source\_mapping\_uuid](#output\_lambda\_event\_source\_mapping\_uuid) | The UUID of the created event source mapping | +| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | +| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | +| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | +| [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function | +| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | +| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | +| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | +| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | +| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | +| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | + diff --git a/examples/fixtures/runtimes/go/.gitignore b/examples/fixtures/runtimes/go/.gitignore new file mode 100644 index 00000000..2da3a426 --- /dev/null +++ b/examples/fixtures/runtimes/go/.gitignore @@ -0,0 +1,2 @@ +go.sum +bootstrap diff --git a/examples/fixtures/runtimes/go/go.mod b/examples/fixtures/runtimes/go/go.mod new file mode 100644 index 00000000..c572c2e4 --- /dev/null +++ b/examples/fixtures/runtimes/go/go.mod @@ -0,0 +1,5 @@ +module main + +go 1.22.6 + +require github.com/aws/aws-lambda-go v1.47.0 // indirect diff --git a/examples/fixtures/runtimes/go/main.go b/examples/fixtures/runtimes/go/main.go new file mode 100644 index 00000000..6a5defa1 --- /dev/null +++ b/examples/fixtures/runtimes/go/main.go @@ -0,0 +1,23 @@ +package main + +import ( + "context" + "fmt" + "github.com/aws/aws-lambda-go/lambda" +) + +type MyEvent struct { + Name string `json:"name"` +} + +func HandleRequest(ctx context.Context, event *MyEvent) (*string, error) { + if event == nil { + return nil, fmt.Errorf("received nil event") + } + message := fmt.Sprintf("Hello %s! serverless.tf was here!", event.Name) + return &message, nil +} + +func main() { + lambda.Start(HandleRequest) +} diff --git a/examples/fixtures/runtimes/java21/.gitignore b/examples/fixtures/runtimes/java21/.gitignore new file mode 100644 index 00000000..67bcc2f7 --- /dev/null +++ b/examples/fixtures/runtimes/java21/.gitignore @@ -0,0 +1,2 @@ +.gradle/ +build/ diff --git a/examples/fixtures/runtimes/java21/build.gradle b/examples/fixtures/runtimes/java21/build.gradle new file mode 100644 index 00000000..53f6f6ee --- /dev/null +++ b/examples/fixtures/runtimes/java21/build.gradle @@ -0,0 +1,40 @@ +plugins { + id 'java' +} + +repositories { + mavenCentral() +} + +dependencies { + implementation 'com.amazonaws:aws-lambda-java-core:1.2.1' + implementation 'org.slf4j:slf4j-nop:2.0.6' + implementation 'com.fasterxml.jackson.core:jackson-databind:2.17.0' + testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.2' + testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.8.2' +} + +test { + useJUnitPlatform() +} + +// Using terraform-aws-lambda module, there is no need to make Zip archive by Gradle. Terraform AWS module will make it for you. +// task buildZip(type: Zip) { +// from compileJava +// from processResources +// into('lib') { +// from configurations.runtimeClasspath +// } +// } + +task copyFiles(type: Copy) { + into("$buildDir/output") + + from sourceSets.main.output + + into('lib') { + from configurations.runtimeClasspath + } +} + +build.dependsOn copyFiles diff --git a/examples/fixtures/runtimes/java21/src/main/java/example/Handler.java b/examples/fixtures/runtimes/java21/src/main/java/example/Handler.java new file mode 100644 index 00000000..08b14d81 --- /dev/null +++ b/examples/fixtures/runtimes/java21/src/main/java/example/Handler.java @@ -0,0 +1,19 @@ +package example; + +import com.amazonaws.services.lambda.runtime.Context; +import com.amazonaws.services.lambda.runtime.LambdaLogger; +import com.amazonaws.services.lambda.runtime.RequestHandler; + +import java.util.Map; + +// Handler value: example.Handler +public class Handler implements RequestHandler, String>{ + + @Override + public String handleRequest(Map event, Context context) + { + LambdaLogger logger = context.getLogger(); + logger.log("EVENT TYPE: " + event.getClass()); + return "Hello from serverless.tf!!!"; + } +} diff --git a/examples/fixtures/runtimes/rust/.gitignore b/examples/fixtures/runtimes/rust/.gitignore new file mode 100644 index 00000000..96ef6c0b --- /dev/null +++ b/examples/fixtures/runtimes/rust/.gitignore @@ -0,0 +1,2 @@ +/target +Cargo.lock diff --git a/examples/fixtures/runtimes/rust/Cargo.toml b/examples/fixtures/runtimes/rust/Cargo.toml new file mode 100644 index 00000000..781f306b --- /dev/null +++ b/examples/fixtures/runtimes/rust/Cargo.toml @@ -0,0 +1,20 @@ +[package] +name = "rust-app1" +version = "0.1.0" +edition = "2021" + +# Starting in Rust 1.62 you can use `cargo add` to add dependencies +# to your project. +# +# If you're using an older Rust version, +# download cargo-edit(https://github.com/killercup/cargo-edit#installation) +# to install the `add` subcommand. +# +# Running `cargo add DEPENDENCY_NAME` will +# add the latest version of a dependency to the list, +# and it will keep the alphabetic ordering for you. + +[dependencies] +lambda_http = "0.13.0" + +tokio = { version = "1", features = ["macros"] } diff --git a/examples/fixtures/runtimes/rust/src/main.rs b/examples/fixtures/runtimes/rust/src/main.rs new file mode 100644 index 00000000..4432a31c --- /dev/null +++ b/examples/fixtures/runtimes/rust/src/main.rs @@ -0,0 +1,30 @@ +use lambda_http::{run, service_fn, tracing, Body, Error, Request, RequestExt, Response}; + +/// This is the main body for the function. +/// Write your code inside it. +/// There are some code example in the following URLs: +/// - https://github.com/awslabs/aws-lambda-rust-runtime/tree/main/examples +async fn function_handler(event: Request) -> Result, Error> { + // Extract some useful information from the request + let who = event + .query_string_parameters_ref() + .and_then(|params| params.first("name")) + .unwrap_or("world"); + let message = format!("Hello {who}, this is an AWS Lambda HTTP request. serverless.tf was here!"); + + // Return something that implements IntoResponse. + // It will be serialized to the right response event automatically by the runtime + let resp = Response::builder() + .status(200) + .header("content-type", "text/html") + .body(message.into()) + .map_err(Box::new)?; + Ok(resp) +} + +#[tokio::main] +async fn main() -> Result<(), Error> { + tracing::init_default_subscriber(); + + run(service_fn(function_handler)).await +} diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index af982fc8..52da31c0 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -15,7 +15,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -75,4 +75,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/runtimes/README.md b/examples/runtimes/README.md new file mode 100644 index 00000000..7455299d --- /dev/null +++ b/examples/runtimes/README.md @@ -0,0 +1,68 @@ +# Runtimes Examples + +Configuration in this directory creates deployment packages for [various runtimes and programming languages (Rust, Go, Java)](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). + +Each runtime is executable by calling created Lambda Functions at the end. + +Look into [Build Package Examples](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) for more ways to build package (regardless of the runtime). + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.2 | +| [aws](#requirement\_aws) | >= 5.32 | +| [http](#requirement\_http) | >= 3.0 | +| [random](#requirement\_random) | >= 3.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 5.32 | +| [http](#provider\_http) | >= 3.0 | +| [random](#provider\_random) | >= 3.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [go\_lambda\_function](#module\_go\_lambda\_function) | ../../ | n/a | +| [java21\_lambda\_function](#module\_java21\_lambda\_function) | ../../ | n/a | +| [rust\_lambda\_function](#module\_rust\_lambda\_function) | ../../ | n/a | + +## Resources + +| Name | Type | +|------|------| +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_lambda_invocation.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_invocation) | data source | +| [http_http.this](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [go\_lambda\_function\_url](#output\_go\_lambda\_function\_url) | The URL of the Lambda Function in Go | +| [java21\_lambda\_function\_arn](#output\_java21\_lambda\_function\_arn) | The ARN of the Lambda Function in Java 21 | +| [lambda\_function\_result](#output\_lambda\_function\_result) | The results of the Lambda Function calls | +| [lambda\_function\_status\_codes](#output\_lambda\_function\_status\_codes) | The status codes of the Lambda Function calls | +| [rust\_lambda\_function\_url](#output\_rust\_lambda\_function\_url) | The URL of the Lambda Function in Rust | + diff --git a/examples/runtimes/checks.tf b/examples/runtimes/checks.tf new file mode 100644 index 00000000..cbf0f2b8 --- /dev/null +++ b/examples/runtimes/checks.tf @@ -0,0 +1,37 @@ +locals { + successful_response_keyword = "serverless.tf" +} + +data "http" "this" { + for_each = { + rust = module.rust_lambda_function.lambda_function_url, + go = module.go_lambda_function.lambda_function_url, + } + + url = each.value + + lifecycle { + postcondition { + condition = length(regexall(local.successful_response_keyword, self.response_body)) > 0 + error_message = "${each.key}: ${local.successful_response_keyword} should be in the response." + } + } +} + +# I don't know how to make Java21 example to work with Lambda Function URL, so using Lambda Function invocation instead +data "aws_lambda_invocation" "this" { + for_each = { + java21 = module.java21_lambda_function.lambda_function_name, + } + + function_name = each.value + + input = jsonencode({}) + + lifecycle { + postcondition { + condition = length(regexall(local.successful_response_keyword, jsondecode(self.result))) > 0 + error_message = "${each.key}: ${local.successful_response_keyword} should be in the response." + } + } +} diff --git a/examples/runtimes/main.tf b/examples/runtimes/main.tf new file mode 100644 index 00000000..b9bd61a9 --- /dev/null +++ b/examples/runtimes/main.tf @@ -0,0 +1,98 @@ +provider "aws" { + region = "eu-west-1" +} + +module "rust_lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-rust" + + attach_cloudwatch_logs_policy = false + cloudwatch_logs_retention_in_days = 1 + + create_lambda_function_url = true + + handler = "bootstrap" + runtime = "provided.al2023" + architectures = ["arm64"] # x86_64 (empty); arm64 (cargo lambda build --arm64) + + trigger_on_package_timestamp = false + + source_path = [ + { + path = "${path.module}/../fixtures/runtimes/rust" + commands = [ + # https://www.cargo-lambda.info/ + "cargo lambda build --release --arm64", + "cd target/lambda/rust-app1", + ":zip", + ] + patterns = [ + "!.*", + "bootstrap", + ] + } + ] +} + +module "go_lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-go" + + attach_cloudwatch_logs_policy = false + cloudwatch_logs_retention_in_days = 1 + + create_lambda_function_url = true + + handler = "bootstrap" + runtime = "provided.al2023" + architectures = ["arm64"] # x86_64 (GOARCH=amd64); arm64 (GOARCH=arm64) + + trigger_on_package_timestamp = false + + source_path = [ + { + path = "${path.module}/../fixtures/runtimes/go" + commands = [ + "GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -o bootstrap main.go", + ":zip", + ] + patterns = [ + "!.*", + "bootstrap", + ] + } + ] +} + +module "java21_lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-java21" + + attach_cloudwatch_logs_policy = false + cloudwatch_logs_retention_in_days = 1 + + handler = "example.Handler" + runtime = "java21" + architectures = ["arm64"] # x86_64 or arm64 + timeout = 30 + + trigger_on_package_timestamp = false + + source_path = [ + { + path = "${path.module}/../fixtures/runtimes/java21" + commands = [ + "gradle build -i", + "cd build/output", + ":zip", + ] + } + ] +} + +resource "random_pet" "this" { + length = 2 +} diff --git a/examples/runtimes/outputs.tf b/examples/runtimes/outputs.tf new file mode 100644 index 00000000..9c12c1d6 --- /dev/null +++ b/examples/runtimes/outputs.tf @@ -0,0 +1,24 @@ +output "rust_lambda_function_url" { + description = "The URL of the Lambda Function in Rust" + value = module.rust_lambda_function.lambda_function_url +} + +output "go_lambda_function_url" { + description = "The URL of the Lambda Function in Go" + value = module.go_lambda_function.lambda_function_url +} + +output "java21_lambda_function_arn" { + description = "The ARN of the Lambda Function in Java 21" + value = module.java21_lambda_function.lambda_function_arn +} + +output "lambda_function_result" { + description = "The results of the Lambda Function calls" + value = { for k, v in data.aws_lambda_invocation.this : k => jsondecode(v.result) } +} + +output "lambda_function_status_codes" { + description = "The status codes of the Lambda Function calls" + value = { for k, v in data.http.this : k => v.status_code } +} diff --git a/examples/runtimes/variables.tf b/examples/runtimes/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/runtimes/versions.tf b/examples/runtimes/versions.tf new file mode 100644 index 00000000..74bf322c --- /dev/null +++ b/examples/runtimes/versions.tf @@ -0,0 +1,18 @@ +terraform { + required_version = ">= 1.2" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.32" + } + random = { + source = "hashicorp/random" + version = ">= 3.0" + } + http = { + source = "hashicorp/http" + version = ">= 3.0" + } + } +} diff --git a/examples/simple-cicd/README.md b/examples/simple-cicd/README.md index 93d1e4c5..c9ba9046 100644 --- a/examples/simple-cicd/README.md +++ b/examples/simple-cicd/README.md @@ -16,7 +16,7 @@ To run this example you need to execute: Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -50,4 +50,4 @@ No inputs. ## Outputs No outputs. - + diff --git a/examples/simple/README.md b/examples/simple/README.md index 4c093861..f57d2c72 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -14,7 +14,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -69,4 +69,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/triggers/README.md b/examples/triggers/README.md index 0bfc0a69..ca40c3aa 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -15,7 +15,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -73,4 +73,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index f835445d..0e008c4b 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -15,7 +15,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -75,4 +75,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index d84f6bdc..1eebf085 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -16,7 +16,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -81,4 +81,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 28844bbd..b1237350 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -16,7 +16,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -72,4 +72,4 @@ No inputs. | [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | | [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) | | [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - + diff --git a/modules/alias/README.md b/modules/alias/README.md index 7744bbcc..4d1871d3 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -110,7 +110,7 @@ module "lambda" { * [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create Lambda function and aliases in various combinations with all supported features. - + ## Requirements | Name | Version | @@ -177,7 +177,7 @@ No modules. | [lambda\_alias\_function\_version](#output\_lambda\_alias\_function\_version) | Lambda function version which the alias uses | | [lambda\_alias\_invoke\_arn](#output\_lambda\_alias\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway | | [lambda\_alias\_name](#output\_lambda\_alias\_name) | The name of the Lambda Function Alias | - + ## Authors diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 26f2b00f..f5f5d8ec 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -95,7 +95,7 @@ module "lambda" { * [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Creates Lambda Function, Alias, and all resources required to create deployments using AWS CodeDeploy. - + ## Requirements | Name | Version | @@ -191,7 +191,7 @@ No modules. | [codedeploy\_iam\_role\_name](#output\_codedeploy\_iam\_role\_name) | Name of IAM role used by CodeDeploy | | [deploy\_script](#output\_deploy\_script) | Path to a deployment script | | [script](#output\_script) | Deployment script | - + ## Authors diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index d2c0aef8..bd223aaf 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -52,7 +52,7 @@ module "docker_image" { * [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Creates Docker Image, ECR resository and deploys it Lambda Function. - + ## Requirements | Name | Version | @@ -116,7 +116,7 @@ No modules. |------|-------------| | [image\_id](#output\_image\_id) | The ID of the Docker image | | [image\_uri](#output\_image\_uri) | The ECR image URI for deploying lambda | - + ## Authors From 4b643eb08539bdb8ca3beb94867a38fc92e5a433 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 10 Sep 2024 21:39:49 +0000 Subject: [PATCH 22/70] chore(release): version 7.9.0 [skip ci] ## [7.9.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.8.1...v7.9.0) (2024-09-10) ### Features * Added more examples for Rust, Go, Java runtimes ([#612](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/612)) ([a6fe411](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/a6fe4115ac96592ecbda27f72d42536da6518add)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 230339a5..3fda0b24 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.9.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.8.1...v7.9.0) (2024-09-10) + + +### Features + +* Added more examples for Rust, Go, Java runtimes ([#612](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/612)) ([a6fe411](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/a6fe4115ac96592ecbda27f72d42536da6518add)) + ## [7.8.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.8.0...v7.8.1) (2024-08-23) From eedacffef287cb02f776da4950e8345d9ec0200f Mon Sep 17 00:00:00 2001 From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com> Date: Sun, 29 Sep 2024 01:33:35 -0700 Subject: [PATCH 23/70] feat: Add `tumbling_window_in_seconds` (#623) --- examples/event-source-mapping/main.tf | 2 +- main.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index fd3d29bf..5c2c20ce 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -247,7 +247,7 @@ module "vpc" { resource "aws_mq_broker" "this" { broker_name = random_pet.this.id engine_type = "RabbitMQ" - engine_version = "3.10.10" + engine_version = "3.12.13" host_instance_type = "mq.t3.micro" security_groups = [module.vpc.default_security_group_id] subnet_ids = slice(module.vpc.public_subnets, 0, 1) diff --git a/main.tf b/main.tf index fc231abe..2c8a1559 100644 --- a/main.tf +++ b/main.tf @@ -331,6 +331,7 @@ resource "aws_lambda_event_source_mapping" "this" { topics = try(each.value.topics, null) queues = try(each.value.queues, null) function_response_types = try(each.value.function_response_types, null) + tumbling_window_in_seconds = try(each.value.tumbling_window_in_seconds, null) dynamic "destination_config" { for_each = try(each.value.destination_arn_on_failure, null) != null ? [true] : [] From 520c8455ebc8d80f9f602f27e677bec8f54decc9 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sun, 29 Sep 2024 08:34:01 +0000 Subject: [PATCH 24/70] chore(release): version 7.10.0 [skip ci] ## [7.10.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.9.0...v7.10.0) (2024-09-29) ### Features * Add `tumbling_window_in_seconds` ([#623](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/623)) ([eedacff](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/eedacffef287cb02f776da4950e8345d9ec0200f)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3fda0b24..2a281a3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.10.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.9.0...v7.10.0) (2024-09-29) + + +### Features + +* Add `tumbling_window_in_seconds` ([#623](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/623)) ([eedacff](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/eedacffef287cb02f776da4950e8345d9ec0200f)) + ## [7.9.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.8.1...v7.9.0) (2024-09-10) From 9f13397f20467e660eba0ae5fcf98c66c75187ba Mon Sep 17 00:00:00 2001 From: Marcos M M Rocha <43329254+mmurilo@users.noreply.github.com> Date: Tue, 1 Oct 2024 13:28:08 -0700 Subject: [PATCH 25/70] feat: Add function_url_auth_type option to aws_lambda_permission (#625) --- main.tf | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/main.tf b/main.tf index 2c8a1559..fe8ae9e1 100644 --- a/main.tf +++ b/main.tf @@ -280,13 +280,14 @@ resource "aws_lambda_permission" "current_version_triggers" { function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version - statement_id_prefix = try(each.value.statement_id, each.key) - action = try(each.value.action, "lambda:InvokeFunction") - principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) - principal_org_id = try(each.value.principal_org_id, null) - source_arn = try(each.value.source_arn, null) - source_account = try(each.value.source_account, null) - event_source_token = try(each.value.event_source_token, null) + statement_id_prefix = try(each.value.statement_id, each.key) + action = try(each.value.action, "lambda:InvokeFunction") + principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + principal_org_id = try(each.value.principal_org_id, null) + source_arn = try(each.value.source_arn, null) + source_account = try(each.value.source_account, null) + event_source_token = try(each.value.event_source_token, null) + function_url_auth_type = try(each.value.function_url_auth_type, null) lifecycle { create_before_destroy = true @@ -299,13 +300,14 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" { function_name = aws_lambda_function.this[0].function_name - statement_id_prefix = try(each.value.statement_id, each.key) - action = try(each.value.action, "lambda:InvokeFunction") - principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) - principal_org_id = try(each.value.principal_org_id, null) - source_arn = try(each.value.source_arn, null) - source_account = try(each.value.source_account, null) - event_source_token = try(each.value.event_source_token, null) + statement_id_prefix = try(each.value.statement_id, each.key) + action = try(each.value.action, "lambda:InvokeFunction") + principal = try(each.value.principal, format("%s.amazonaws.com", try(each.value.service, ""))) + principal_org_id = try(each.value.principal_org_id, null) + source_arn = try(each.value.source_arn, null) + source_account = try(each.value.source_account, null) + event_source_token = try(each.value.event_source_token, null) + function_url_auth_type = try(each.value.function_url_auth_type, null) lifecycle { create_before_destroy = true From aa94b91d9ef5a33efb159663c41cc021832b7791 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 1 Oct 2024 20:28:35 +0000 Subject: [PATCH 26/70] chore(release): version 7.11.0 [skip ci] ## [7.11.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.10.0...v7.11.0) (2024-10-01) ### Features * Add function_url_auth_type option to aws_lambda_permission ([#625](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/625)) ([9f13397](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/9f13397f20467e660eba0ae5fcf98c66c75187ba)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2a281a3f..a9b191da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.11.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.10.0...v7.11.0) (2024-10-01) + + +### Features + +* Add function_url_auth_type option to aws_lambda_permission ([#625](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/625)) ([9f13397](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/9f13397f20467e660eba0ae5fcf98c66c75187ba)) + ## [7.10.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.9.0...v7.10.0) (2024-09-29) From 2c077cb1450af76cf44b56bfeba796ee9d9d9a00 Mon Sep 17 00:00:00 2001 From: Sergio Correa Date: Sat, 5 Oct 2024 09:44:02 +0100 Subject: [PATCH 27/70] feat: Add support for kafka event source config (#617) Co-authored-by: Sergio Correa Co-authored-by: Anton Babenko --- modules/alias/main.tf | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/modules/alias/main.tf b/modules/alias/main.tf index b5f24f0f..e57079a2 100644 --- a/modules/alias/main.tf +++ b/modules/alias/main.tf @@ -155,6 +155,20 @@ resource "aws_lambda_event_source_mapping" "this" { } } + dynamic "self_managed_kafka_event_source_config" { + for_each = try(each.value.self_managed_kafka_event_source_config, []) + content { + consumer_group_id = try(self_managed_kafka_event_source_config.value.consumer_group_id, null) + } + } + + dynamic "amazon_managed_kafka_event_source_config" { + for_each = try(each.value.amazon_managed_kafka_event_source_config, []) + content { + consumer_group_id = try(amazon_managed_kafka_event_source_config.value.consumer_group_id, null) + } + } + dynamic "source_access_configuration" { for_each = try(each.value.source_access_configuration, []) content { From 9be9b1a48d4698cbb2b8e53b85e042612f5bc70f Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 5 Oct 2024 08:44:28 +0000 Subject: [PATCH 28/70] chore(release): version 7.12.0 [skip ci] ## [7.12.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.11.0...v7.12.0) (2024-10-05) ### Features * Add support for kafka event source config ([#617](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/617)) ([2c077cb](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2c077cb1450af76cf44b56bfeba796ee9d9d9a00)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a9b191da..c0660871 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.12.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.11.0...v7.12.0) (2024-10-05) + + +### Features + +* Add support for kafka event source config ([#617](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/617)) ([2c077cb](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2c077cb1450af76cf44b56bfeba796ee9d9d9a00)) + ## [7.11.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.10.0...v7.11.0) (2024-10-01) From 5d481996ed6ef5ce784847b7e5bae1bae1ee8bfd Mon Sep 17 00:00:00 2001 From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com> Date: Sat, 5 Oct 2024 04:45:52 -0400 Subject: [PATCH 29/70] feat: Support `aws_lambda_event_source_mapping.document_db_event_source_config` (#626) Co-authored-by: Anton Babenko --- main.tf | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/main.tf b/main.tf index fe8ae9e1..e3eab113 100644 --- a/main.tf +++ b/main.tf @@ -393,6 +393,16 @@ resource "aws_lambda_event_source_mapping" "this" { } } } + + dynamic "document_db_event_source_config" { + for_each = try(each.value.document_db_event_source_config, []) + + content { + database_name = document_db_event_source_config.value.database_name + collection_name = try(document_db_event_source_config.value.collection_name, null) + full_document = try(document_db_event_source_config.value.full_document, null) + } + } } resource "aws_lambda_function_url" "this" { From 7bd028b18432d86c7184b14eca1c59b40d43b4f6 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 5 Oct 2024 08:46:19 +0000 Subject: [PATCH 30/70] chore(release): version 7.13.0 [skip ci] ## [7.13.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.12.0...v7.13.0) (2024-10-05) ### Features * Support `aws_lambda_event_source_mapping.document_db_event_source_config` ([#626](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/626)) ([5d48199](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/5d481996ed6ef5ce784847b7e5bae1bae1ee8bfd)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0660871..e3931388 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.13.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.12.0...v7.13.0) (2024-10-05) + + +### Features + +* Support `aws_lambda_event_source_mapping.document_db_event_source_config` ([#626](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/626)) ([5d48199](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/5d481996ed6ef5ce784847b7e5bae1bae1ee8bfd)) + ## [7.12.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.11.0...v7.12.0) (2024-10-05) From d06718f605294f59a42ae6e3db70bfd7b9fa35f3 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 11 Oct 2024 16:09:57 +0000 Subject: [PATCH 31/70] fix: Update CI workflow versions to latest (#631) --- .github/workflows/pr-title.yml | 2 +- .github/workflows/pre-commit.yml | 14 +++++++------- .pre-commit-config.yaml | 4 ++-- modules/deploy/README.md | 6 +++--- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 3973df44..1e50760e 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5.4.0 + - uses: amannn/action-semantic-pull-request@v5.5.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index c2632d1a..a19ff831 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,8 +7,8 @@ on: - master env: - TERRAFORM_DOCS_VERSION: v0.16.0 - TFLINT_VERSION: v0.50.3 + TERRAFORM_DOCS_VERSION: v0.19.0 + TFLINT_VERSION: v0.53.0 jobs: collectInputs: @@ -45,14 +45,14 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.0 + uses: clowdhaus/terraform-min-max@v1.3.1 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -61,7 +61,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -88,10 +88,10 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.0 + uses: clowdhaus/terraform-min-max@v1.3.1 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7523e5a5..38f92f23 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.94.3 + rev: v1.96.1 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each @@ -24,7 +24,7 @@ repos: - "--args=--only=terraform_workspace_remote" - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.6.0 + rev: v5.0.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/modules/deploy/README.md b/modules/deploy/README.md index f5f5d8ec..6da1f6e8 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -151,10 +151,10 @@ No modules. | [attach\_hooks\_policy](#input\_attach\_hooks\_policy) | Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined. | `bool` | `true` | no | | [attach\_triggers\_policy](#input\_attach\_triggers\_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | | [auto\_rollback\_enabled](#input\_auto\_rollback\_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | -| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | +| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | | [aws\_cli\_command](#input\_aws\_cli\_command) | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | | [before\_allow\_traffic\_hook\_arn](#input\_before\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | +| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | | [codedeploy\_role\_name](#input\_codedeploy\_role\_name) | IAM role name to create or use by CodeDeploy | `string` | `""` | no | | [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | | [create\_app](#input\_create\_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | @@ -168,7 +168,7 @@ No modules. | [force\_deploy](#input\_force\_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | | [function\_name](#input\_function\_name) | The name of the Lambda function to deploy | `string` | `""` | no | | [get\_deployment\_sleep\_timer](#input\_get\_deployment\_sleep\_timer) | Adds additional sleep time to get-deployment command to avoid the service throttling | `number` | `5` | no | -| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | +| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | | [run\_deployment](#input\_run\_deployment) | Run AWS CLI command to start the deployment | `bool` | `false` | no | | [save\_deploy\_script](#input\_save\_deploy\_script) | Save deploy script locally | `bool` | `false` | no | | [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | From 2a602f9a4f76d11005d1dba56d9c966a87553f4e Mon Sep 17 00:00:00 2001 From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com> Date: Fri, 11 Oct 2024 12:13:05 -0400 Subject: [PATCH 32/70] feat: Support lambda function `vpc_config.ipv6_allowed_for_dual_stack` and event source mapping `tags` (#628) Co-authored-by: Anton Babenko --- README.md | 6 ++++-- examples/alias/README.md | 4 ++-- examples/alias/versions.tf | 2 +- examples/async/README.md | 4 ++-- examples/async/versions.tf | 2 +- examples/build-package/README.md | 2 +- examples/build-package/versions.tf | 2 +- examples/code-signing/README.md | 4 ++-- examples/code-signing/versions.tf | 2 +- examples/complete/README.md | 4 ++-- examples/complete/versions.tf | 2 +- examples/container-image/README.md | 4 ++-- examples/container-image/versions.tf | 2 +- examples/deploy/README.md | 4 ++-- examples/deploy/versions.tf | 2 +- examples/event-source-mapping/README.md | 5 +++-- examples/event-source-mapping/main.tf | 5 +++++ examples/event-source-mapping/outputs.tf | 5 +++++ examples/event-source-mapping/versions.tf | 2 +- examples/multiple-regions/README.md | 6 +++--- examples/multiple-regions/versions.tf | 2 +- examples/runtimes/README.md | 4 ++-- examples/runtimes/versions.tf | 2 +- examples/simple-cicd/README.md | 2 +- examples/simple-cicd/versions.tf | 2 +- examples/simple/README.md | 2 +- examples/simple/versions.tf | 2 +- examples/triggers/README.md | 4 ++-- examples/triggers/versions.tf | 2 +- examples/with-efs/README.md | 4 ++-- examples/with-efs/versions.tf | 2 +- examples/with-vpc-s3-endpoint/README.md | 4 ++-- examples/with-vpc-s3-endpoint/versions.tf | 2 +- examples/with-vpc/README.md | 2 +- examples/with-vpc/versions.tf | 2 +- main.tf | 7 +++++-- outputs.tf | 5 +++++ variables.tf | 6 ++++++ versions.tf | 2 +- wrappers/main.tf | 1 + wrappers/versions.tf | 2 +- 41 files changed, 79 insertions(+), 51 deletions(-) diff --git a/README.md b/README.md index 8661d7ee..441726e3 100644 --- a/README.md +++ b/README.md @@ -667,7 +667,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -676,7 +676,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [external](#provider\_external) | >= 1.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | @@ -805,6 +805,7 @@ No modules. | [image\_config\_working\_directory](#input\_image\_config\_working\_directory) | The working directory for the docker image | `string` | `null` | no | | [image\_uri](#input\_image\_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no | | [invoke\_mode](#input\_invoke\_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE\_STREAM. | `string` | `null` | no | +| [ipv6\_allowed\_for\_dual\_stack](#input\_ipv6\_allowed\_for\_dual\_stack) | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets | `bool` | `null` | no | | [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | | [lambda\_at\_edge](#input\_lambda\_at\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | | [lambda\_at\_edge\_logs\_all\_regions](#input\_lambda\_at\_edge\_logs\_all\_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no | @@ -876,6 +877,7 @@ No modules. |------|-------------| | [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | | [lambda\_cloudwatch\_log\_group\_name](#output\_lambda\_cloudwatch\_log\_group\_name) | The name of the Cloudwatch Log Group | +| [lambda\_event\_source\_mapping\_arn](#output\_lambda\_event\_source\_mapping\_arn) | The event source mapping ARN | | [lambda\_event\_source\_mapping\_function\_arn](#output\_lambda\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | | [lambda\_event\_source\_mapping\_state](#output\_lambda\_event\_source\_mapping\_state) | The state of the event source mapping | | [lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | diff --git a/examples/alias/README.md b/examples/alias/README.md index bc734f66..eea4262c 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/async/README.md b/examples/async/README.md index 5223af96..370ec6aa 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/async/versions.tf b/examples/async/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/build-package/README.md b/examples/build-package/README.md index f4856320..bfb77c4c 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/code-signing/README.md b/examples/code-signing/README.md index e1a5a692..cebebfc7 100644 --- a/examples/code-signing/README.md +++ b/examples/code-signing/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/code-signing/versions.tf b/examples/code-signing/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/code-signing/versions.tf +++ b/examples/code-signing/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/complete/README.md b/examples/complete/README.md index eba6ef49..c82da9aa 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 4053da3a..114eaba4 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [docker](#requirement\_docker) | >= 3.0 | | [random](#requirement\_random) | >= 2.0 | @@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index a774c835..b3e66a3f 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } docker = { source = "kreuzwerker/docker" diff --git a/examples/deploy/README.md b/examples/deploy/README.md index 198f5cf4..040e3354 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md index fcf53677..857b018f 100644 --- a/examples/event-source-mapping/README.md +++ b/examples/event-source-mapping/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -61,6 +61,7 @@ No inputs. | Name | Description | |------|-------------| +| [lambda\_event\_source\_mapping\_arn](#output\_lambda\_event\_source\_mapping\_arn) | The event source mapping ARN | | [lambda\_event\_source\_mapping\_function\_arn](#output\_lambda\_event\_source\_mapping\_function\_arn) | The the ARN of the Lambda function the event source mapping is sending events to | | [lambda\_event\_source\_mapping\_state](#output\_lambda\_event\_source\_mapping\_state) | The state of the event source mapping | | [lambda\_event\_source\_mapping\_state\_transition\_reason](#output\_lambda\_event\_source\_mapping\_state\_transition\_reason) | The reason the event source mapping is in its current state | diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index 5c2c20ce..b7a714cc 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -83,6 +83,7 @@ module "lambda_function" { uri = "/" } ] + tags = { mapping = "amq" } } # self_managed_kafka = { # batch_size = 1 @@ -179,6 +180,10 @@ module "lambda_function" { "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole", "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole", ] + + tags = { + example = "event-source-mapping" + } } ################## diff --git a/examples/event-source-mapping/outputs.tf b/examples/event-source-mapping/outputs.tf index 5b69eeb5..764a91c5 100644 --- a/examples/event-source-mapping/outputs.tf +++ b/examples/event-source-mapping/outputs.tf @@ -69,3 +69,8 @@ output "lambda_event_source_mapping_uuid" { description = "The UUID of the created event source mapping" value = module.lambda_function.lambda_event_source_mapping_uuid } + +output "lambda_event_source_mapping_arn" { + description = "The event source mapping ARN" + value = module.lambda_function.lambda_event_source_mapping_arn +} diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 52da31c0..41bed35c 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -21,15 +21,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | -| [aws.us-east-1](#provider\_aws.us-east-1) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | +| [aws.us-east-1](#provider\_aws.us-east-1) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/runtimes/README.md b/examples/runtimes/README.md index 7455299d..9487e0a1 100644 --- a/examples/runtimes/README.md +++ b/examples/runtimes/README.md @@ -24,7 +24,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.2 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [http](#requirement\_http) | >= 3.0 | | [random](#requirement\_random) | >= 3.0 | @@ -32,7 +32,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [http](#provider\_http) | >= 3.0 | | [random](#provider\_random) | >= 3.0 | diff --git a/examples/runtimes/versions.tf b/examples/runtimes/versions.tf index 74bf322c..6d7b7626 100644 --- a/examples/runtimes/versions.tf +++ b/examples/runtimes/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/simple-cicd/README.md b/examples/simple-cicd/README.md index c9ba9046..dff217d9 100644 --- a/examples/simple-cicd/README.md +++ b/examples/simple-cicd/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/simple-cicd/versions.tf b/examples/simple-cicd/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/simple-cicd/versions.tf +++ b/examples/simple-cicd/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/simple/README.md b/examples/simple/README.md index f57d2c72..3d408a17 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/triggers/README.md b/examples/triggers/README.md index ca40c3aa..58e28d8e 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/triggers/versions.tf b/examples/triggers/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/triggers/versions.tf +++ b/examples/triggers/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index 0e008c4b..6a2c5983 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index 1eebf085..33fe46cd 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -22,14 +22,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 3.4 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.32 | +| [aws](#provider\_aws) | >= 5.70 | | [random](#provider\_random) | >= 3.4 | ## Modules diff --git a/examples/with-vpc-s3-endpoint/versions.tf b/examples/with-vpc-s3-endpoint/versions.tf index fd604c66..c07ee92d 100644 --- a/examples/with-vpc-s3-endpoint/versions.tf +++ b/examples/with-vpc-s3-endpoint/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index b1237350..2fe7760d 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.32 | +| [aws](#requirement\_aws) | >= 5.70 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index 55278d04..6d9488f3 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } random = { source = "hashicorp/random" diff --git a/main.tf b/main.tf index e3eab113..5e3ed5de 100644 --- a/main.tf +++ b/main.tf @@ -92,8 +92,9 @@ resource "aws_lambda_function" "this" { dynamic "vpc_config" { for_each = var.vpc_subnet_ids != null && var.vpc_security_group_ids != null ? [true] : [] content { - security_group_ids = var.vpc_security_group_ids - subnet_ids = var.vpc_subnet_ids + security_group_ids = var.vpc_security_group_ids + subnet_ids = var.vpc_subnet_ids + ipv6_allowed_for_dual_stack = var.ipv6_allowed_for_dual_stack } } @@ -403,6 +404,8 @@ resource "aws_lambda_event_source_mapping" "this" { full_document = try(document_db_event_source_config.value.full_document, null) } } + + tags = merge(var.tags, try(each.value.tags, {})) } resource "aws_lambda_function_url" "this" { diff --git a/outputs.tf b/outputs.tf index 6d53a66c..59197585 100644 --- a/outputs.tf +++ b/outputs.tf @@ -102,6 +102,11 @@ output "lambda_layer_version" { } # Lambda Event Source Mapping +output "lambda_event_source_mapping_arn" { + description = "The event source mapping ARN" + value = { for k, v in aws_lambda_event_source_mapping.this : k => v.arn } +} + output "lambda_event_source_mapping_function_arn" { description = "The the ARN of the Lambda function the event source mapping is sending events to" value = { for k, v in aws_lambda_event_source_mapping.this : k => v.function_arn } diff --git a/variables.tf b/variables.tf index 829019c7..ae55c936 100644 --- a/variables.tf +++ b/variables.tf @@ -176,6 +176,12 @@ variable "vpc_security_group_ids" { default = null } +variable "ipv6_allowed_for_dual_stack" { + description = "Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets" + type = bool + default = null +} + variable "tags" { description = "A map of tags to assign to resources." type = map(string) diff --git a/versions.tf b/versions.tf index 6c511ac4..303bc003 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } external = { source = "hashicorp/external" diff --git a/wrappers/main.tf b/wrappers/main.tf index 72695c41..bd3e58f2 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -68,6 +68,7 @@ module "wrapper" { image_config_working_directory = try(each.value.image_config_working_directory, var.defaults.image_config_working_directory, null) image_uri = try(each.value.image_uri, var.defaults.image_uri, null) invoke_mode = try(each.value.invoke_mode, var.defaults.invoke_mode, null) + ipv6_allowed_for_dual_stack = try(each.value.ipv6_allowed_for_dual_stack, var.defaults.ipv6_allowed_for_dual_stack, null) kms_key_arn = try(each.value.kms_key_arn, var.defaults.kms_key_arn, null) lambda_at_edge = try(each.value.lambda_at_edge, var.defaults.lambda_at_edge, false) lambda_at_edge_logs_all_regions = try(each.value.lambda_at_edge_logs_all_regions, var.defaults.lambda_at_edge_logs_all_regions, true) diff --git a/wrappers/versions.tf b/wrappers/versions.tf index 6c511ac4..303bc003 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.32" + version = ">= 5.70" } external = { source = "hashicorp/external" From 00a71723bbefb191c3fb622b3e34c693a2ca4930 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 11 Oct 2024 16:13:30 +0000 Subject: [PATCH 33/70] chore(release): version 7.14.0 [skip ci] ## [7.14.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.13.0...v7.14.0) (2024-10-11) ### Features * Support lambda function `vpc_config.ipv6_allowed_for_dual_stack` and event source mapping `tags` ([#628](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/628)) ([2a602f9](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2a602f9a4f76d11005d1dba56d9c966a87553f4e)) ### Bug Fixes * Update CI workflow versions to latest ([#631](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/631)) ([d06718f](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/d06718f605294f59a42ae6e3db70bfd7b9fa35f3)) --- CHANGELOG.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e3931388..a60fd513 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ All notable changes to this project will be documented in this file. +## [7.14.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.13.0...v7.14.0) (2024-10-11) + + +### Features + +* Support lambda function `vpc_config.ipv6_allowed_for_dual_stack` and event source mapping `tags` ([#628](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/628)) ([2a602f9](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/2a602f9a4f76d11005d1dba56d9c966a87553f4e)) + + +### Bug Fixes + +* Update CI workflow versions to latest ([#631](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/631)) ([d06718f](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/d06718f605294f59a42ae6e3db70bfd7b9fa35f3)) + ## [7.13.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.12.0...v7.13.0) (2024-10-05) From c28b940c8b8a8ea8b423728e05883942f5eaf661 Mon Sep 17 00:00:00 2001 From: Andrew Hlynskyi Date: Sun, 17 Nov 2024 23:17:37 +0200 Subject: [PATCH 34/70] fix: Skip broken symlinks on hash computing (#639) --- package.py | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/package.py b/package.py index 620be347..dfdbb65b 100644 --- a/package.py +++ b/package.py @@ -272,12 +272,16 @@ def update_hash(hash_obj, file_root, file_path): relative_path = os.path.join(file_root, file_path) hash_obj.update(relative_path.encode()) - with open(relative_path, "rb") as open_file: - while True: - data = open_file.read(1024 * 8) - if not data: - break - hash_obj.update(data) + try: + with open(relative_path, "rb") as open_file: + while True: + data = open_file.read(1024 * 8) + if not data: + break + hash_obj.update(data) + # ignore broken symlinks content to don't fail on `terraform destroy` command + except FileNotFoundError: + pass class ZipWriteStream: @@ -939,7 +943,15 @@ def execute(self, build_plan, zip_stream, query): with tempfile.NamedTemporaryFile(mode="w+t", delete=True) as temp_file: path, script = action[1:] # NOTE: Execute `pwd` to determine the subprocess shell's working directory after having executed all other commands. - script = f"{script} && pwd >{temp_file.name}" + script = "\n".join( + ( + script, + "retcode=$?", + f"pwd >{temp_file.name}", + "exit $retcode", + ) + ) + p = subprocess.Popen( script, shell=True, From ce8417e042d20282a94bfed845849017c39efe01 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sun, 17 Nov 2024 21:18:03 +0000 Subject: [PATCH 35/70] chore(release): version 7.14.1 [skip ci] ## [7.14.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.14.0...v7.14.1) (2024-11-17) ### Bug Fixes * Skip broken symlinks on hash computing ([#639](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/639)) ([c28b940](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/c28b940c8b8a8ea8b423728e05883942f5eaf661)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a60fd513..6f63a333 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.14.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.14.0...v7.14.1) (2024-11-17) + + +### Bug Fixes + +* Skip broken symlinks on hash computing ([#639](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/639)) ([c28b940](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/c28b940c8b8a8ea8b423728e05883942f5eaf661)) + ## [7.14.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.13.0...v7.14.0) (2024-10-11) From 0fdac2ec54fdcd5fd34787f348803000c1e21eb6 Mon Sep 17 00:00:00 2001 From: Andrew Hlynskyi Date: Mon, 18 Nov 2024 09:36:24 +0200 Subject: [PATCH 36/70] feat: Make `source_path` blocks independent (#640) --- package.py | 79 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 54 insertions(+), 25 deletions(-) diff --git a/package.py b/package.py index dfdbb65b..8cbeba30 100644 --- a/package.py +++ b/package.py @@ -572,6 +572,10 @@ def compile(self, patterns): rules.append((None, r)) self._rules = rules + def reset(self): + self._log.debug("reset filter patterns") + self._rules = None + def filter(self, path, prefix=None): path = os.path.normpath(path) if prefix: @@ -676,8 +680,11 @@ def plan(self, source_path, query): source_paths = [] build_plan = [] - step = lambda *x: build_plan.append(x) - hash = source_paths.append + def step(*x): + build_plan.append(x) + + def hash(path): + source_paths.append(path) def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): command = runtime @@ -753,13 +760,6 @@ def commands_step(path, commands): if c.startswith(":zip"): if path: hash(path) - else: - # If path doesn't defined for a block with - # commands it will be set to Terraform's - # current working directory - # NB: cwd may vary when using Terraform 0.14+ like: - # `terraform -chdir=...` - path = query.paths.cwd if batch: step("sh", path, "\n".join(batch)) batch.clear() @@ -770,12 +770,14 @@ def commands_step(path, commands): _path = os.path.normpath(os.path.join(path, _path)) step("zip:embedded", _path, prefix) elif len(c) == 2: - prefix = None _, _path = c + prefix = None + _path = os.path.normpath(_path) step("zip:embedded", _path, prefix) elif len(c) == 1: prefix = None - step("zip:embedded", path, prefix) + _path = None + step("zip:embedded", _path, prefix) else: raise ValueError( ":zip invalid call signature, use: " @@ -787,6 +789,8 @@ def commands_step(path, commands): step("sh", path, "\n".join(batch)) batch.clear() + step("reset:workdir") + for claim in claims: if isinstance(claim, str): path = claim @@ -862,6 +866,7 @@ def commands_step(path, commands): tmp_dir=claim.get("npm_tmp_dir"), ) if path: + path = os.path.normpath(path) step("zip", path, prefix) if patterns: # Take patterns into account when computing hash @@ -882,6 +887,10 @@ def commands_step(path, commands): return build_plan def execute(self, build_plan, zip_stream, query): + sh_log = logging.getLogger("sh") + + tf_work_dir = os.getcwd() + zs = zip_stream sh_work_dir = None pf = None @@ -891,10 +900,16 @@ def execute(self, build_plan, zip_stream, query): if cmd.startswith("zip"): ts = 0 if cmd == "zip:embedded" else None source_path, prefix = action[1:] - if sh_work_dir: - if source_path != sh_work_dir: - if not os.path.isfile(source_path): - source_path = sh_work_dir + if not sh_work_dir: + sh_work_dir = tf_work_dir + log.debug("WORKDIR: %s", sh_work_dir) + if source_path: + if not os.path.isabs(source_path): + source_path = os.path.normpath( + os.path.join(sh_work_dir, source_path) + ) + else: + source_path = sh_work_dir if os.path.isdir(source_path): if pf: self._zip_write_with_filter( @@ -942,10 +957,22 @@ def execute(self, build_plan, zip_stream, query): elif cmd == "sh": with tempfile.NamedTemporaryFile(mode="w+t", delete=True) as temp_file: path, script = action[1:] - # NOTE: Execute `pwd` to determine the subprocess shell's working directory after having executed all other commands. + + if not path: + path = tf_work_dir + if not os.path.isabs(path): + path = os.path.normpath(os.path.join(tf_work_dir, path)) + + if log.isEnabledFor(DEBUG2): + log.debug("exec shell script ...") + for line in script.splitlines(): + sh_log.debug(line) + script = "\n".join( ( script, + # NOTE: Execute `pwd` to determine the subprocess shell's + # working directory after having executed all other commands. "retcode=$?", f"pwd >{temp_file.name}", "exit $retcode", @@ -960,17 +987,9 @@ def execute(self, build_plan, zip_stream, query): cwd=path, ) - p.wait() - temp_file.seek(0) - - # NOTE: This var `sh_work_dir` is consumed in cmd == "zip" loop - sh_work_dir = temp_file.read().strip() - - log.info("WD: %s", sh_work_dir) - call_stdout, call_stderr = p.communicate() exit_code = p.returncode - log.info("exit_code: %s", exit_code) + log.debug("exit_code: %s", exit_code) if exit_code != 0: raise RuntimeError( "Script did not run successfully, exit code {}: {} - {}".format( @@ -979,11 +998,21 @@ def execute(self, build_plan, zip_stream, query): call_stderr.decode("utf-8").strip(), ) ) + + temp_file.seek(0) + # NOTE: This var `sh_work_dir` is consumed in cmd == "zip" loop + sh_work_dir = temp_file.read().strip() + log.debug("WORKDIR: %s", sh_work_dir) + + elif cmd == "reset:workdir": + sh_work_dir = tf_work_dir + log.debug("WORKDIR: %s", sh_work_dir) elif cmd == "set:filter": patterns = action[1] pf = ZipContentFilter(args=self._args) pf.compile(patterns) elif cmd == "clear:filter": + pf.reset() pf = None @staticmethod From 1fe3e4ac2552ac4fd20126aac874186f27de8edb Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 18 Nov 2024 07:36:50 +0000 Subject: [PATCH 37/70] chore(release): version 7.15.0 [skip ci] ## [7.15.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.14.1...v7.15.0) (2024-11-18) ### Features * Make `source_path` blocks independent ([#640](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/640)) ([0fdac2e](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/0fdac2ec54fdcd5fd34787f348803000c1e21eb6)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f63a333..8fc4ea8f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.15.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.14.1...v7.15.0) (2024-11-18) + + +### Features + +* Make `source_path` blocks independent ([#640](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/640)) ([0fdac2e](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/0fdac2ec54fdcd5fd34787f348803000c1e21eb6)) + ## [7.14.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.14.0...v7.14.1) (2024-11-17) From 32d8d060a660b0ec5702403da1b970118f62a314 Mon Sep 17 00:00:00 2001 From: Andrew Hlynskyi Date: Tue, 26 Nov 2024 21:56:04 +0200 Subject: [PATCH 38/70] feat: Radically redesign the build plan form (#646) --- package.py | 280 ++++++++++++++++++++----------------- tests/test_package_toml.py | 2 +- tests/test_zip_source.py | 12 +- 3 files changed, 159 insertions(+), 135 deletions(-) diff --git a/package.py b/package.py index 8cbeba30..09bc23e6 100644 --- a/package.py +++ b/package.py @@ -679,9 +679,10 @@ def plan(self, source_path, query): source_paths = [] build_plan = [] + build_step = [] def step(*x): - build_plan.append(x) + build_step.append(x) def hash(path): source_paths.append(path) @@ -754,6 +755,8 @@ def commands_step(path, commands): if path: path = os.path.normpath(path) + step("set:workdir", path) + batch = [] for c in commands: if isinstance(c, str): @@ -761,23 +764,21 @@ def commands_step(path, commands): if path: hash(path) if batch: - step("sh", path, "\n".join(batch)) + step("sh", "\n".join(batch)) batch.clear() c = shlex.split(c) - if len(c) == 3: + n = len(c) + if n == 3: _, _path, prefix = c prefix = prefix.strip() - _path = os.path.normpath(os.path.join(path, _path)) + _path = os.path.normpath(_path) step("zip:embedded", _path, prefix) - elif len(c) == 2: + elif n == 2: _, _path = c - prefix = None _path = os.path.normpath(_path) - step("zip:embedded", _path, prefix) - elif len(c) == 1: - prefix = None - _path = None - step("zip:embedded", _path, prefix) + step("zip:embedded", _path) + elif n == 1: + step("zip:embedded") else: raise ValueError( ":zip invalid call signature, use: " @@ -786,11 +787,9 @@ def commands_step(path, commands): else: batch.append(c) if batch: - step("sh", path, "\n".join(batch)) + step("sh", "\n".join(batch)) batch.clear() - step("reset:workdir") - for claim in claims: if isinstance(claim, str): path = claim @@ -877,12 +876,13 @@ def commands_step(path, commands): hash(path_from_pattern) else: hash(path) - - if patterns: - step("clear:filter") else: raise ValueError("Unsupported source_path item: {}".format(claim)) + if build_step: + build_plan.append(build_step) + build_step = [] + self._source_paths = source_paths return build_plan @@ -895,125 +895,145 @@ def execute(self, build_plan, zip_stream, query): sh_work_dir = None pf = None - for action in build_plan: - cmd = action[0] - if cmd.startswith("zip"): - ts = 0 if cmd == "zip:embedded" else None - source_path, prefix = action[1:] - if not sh_work_dir: - sh_work_dir = tf_work_dir - log.debug("WORKDIR: %s", sh_work_dir) - if source_path: - if not os.path.isabs(source_path): - source_path = os.path.normpath( - os.path.join(sh_work_dir, source_path) - ) - else: - source_path = sh_work_dir - if os.path.isdir(source_path): - if pf: - self._zip_write_with_filter( - zs, pf, source_path, prefix, timestamp=ts - ) + for step in build_plan: + # init step + sh_work_dir = tf_work_dir + if pf: + pf.reset() + pf = None + + log.debug("STEPDIR: %s", sh_work_dir) + + # execute step actions + for action in step: + cmd = action[0] + if cmd.startswith("zip"): + ts = 0 if cmd == "zip:embedded" else None + + source_path, prefix = None, None + n = len(action) + if n == 2: + source_path = action[1] + elif n == 3: + source_path, prefix = action[1:] + + if source_path: + if not os.path.isabs(source_path): + source_path = os.path.normpath( + os.path.join(sh_work_dir, source_path) + ) else: - zs.write_dirs(source_path, prefix=prefix, timestamp=ts) - else: - zs.write_file(source_path, prefix=prefix, timestamp=ts) - elif cmd == "pip": - runtime, pip_requirements, prefix, tmp_dir = action[1:] - with install_pip_requirements(query, pip_requirements, tmp_dir) as rd: - if rd: + source_path = sh_work_dir + if os.path.isdir(source_path): if pf: - self._zip_write_with_filter(zs, pf, rd, prefix, timestamp=0) - else: - # XXX: timestamp=0 - what actually do with it? - zs.write_dirs(rd, prefix=prefix, timestamp=0) - elif cmd == "poetry": - ( - runtime, - path, - poetry_export_extra_args, - prefix, - ) = action[1:] - log.info("poetry_export_extra_args: %s", poetry_export_extra_args) - with install_poetry_dependencies( - query, path, poetry_export_extra_args - ) as rd: - if rd: - if pf: - self._zip_write_with_filter(zs, pf, rd, prefix, timestamp=0) - else: - # XXX: timestamp=0 - what actually do with it? - zs.write_dirs(rd, prefix=prefix, timestamp=0) - elif cmd == "npm": - runtime, npm_requirements, prefix, tmp_dir = action[1:] - with install_npm_requirements(query, npm_requirements, tmp_dir) as rd: - if rd: - if pf: - self._zip_write_with_filter(zs, pf, rd, prefix, timestamp=0) + self._zip_write_with_filter( + zs, pf, source_path, prefix, timestamp=ts + ) else: - # XXX: timestamp=0 - what actually do with it? - zs.write_dirs(rd, prefix=prefix, timestamp=0) - elif cmd == "sh": - with tempfile.NamedTemporaryFile(mode="w+t", delete=True) as temp_file: - path, script = action[1:] - - if not path: - path = tf_work_dir - if not os.path.isabs(path): - path = os.path.normpath(os.path.join(tf_work_dir, path)) - - if log.isEnabledFor(DEBUG2): - log.debug("exec shell script ...") - for line in script.splitlines(): - sh_log.debug(line) - - script = "\n".join( - ( - script, - # NOTE: Execute `pwd` to determine the subprocess shell's - # working directory after having executed all other commands. - "retcode=$?", - f"pwd >{temp_file.name}", - "exit $retcode", + zs.write_dirs(source_path, prefix=prefix, timestamp=ts) + else: + zs.write_file(source_path, prefix=prefix, timestamp=ts) + elif cmd == "pip": + runtime, pip_requirements, prefix, tmp_dir = action[1:] + with install_pip_requirements( + query, pip_requirements, tmp_dir + ) as rd: + if rd: + if pf: + self._zip_write_with_filter( + zs, pf, rd, prefix, timestamp=0 + ) + else: + # XXX: timestamp=0 - what actually do with it? + zs.write_dirs(rd, prefix=prefix, timestamp=0) + elif cmd == "poetry": + ( + runtime, + path, + poetry_export_extra_args, + prefix, + ) = action[1:] + log.info("poetry_export_extra_args: %s", poetry_export_extra_args) + with install_poetry_dependencies( + query, path, poetry_export_extra_args + ) as rd: + if rd: + if pf: + self._zip_write_with_filter( + zs, pf, rd, prefix, timestamp=0 + ) + else: + # XXX: timestamp=0 - what actually do with it? + zs.write_dirs(rd, prefix=prefix, timestamp=0) + elif cmd == "npm": + runtime, npm_requirements, prefix, tmp_dir = action[1:] + with install_npm_requirements( + query, npm_requirements, tmp_dir + ) as rd: + if rd: + if pf: + self._zip_write_with_filter( + zs, pf, rd, prefix, timestamp=0 + ) + else: + # XXX: timestamp=0 - what actually do with it? + zs.write_dirs(rd, prefix=prefix, timestamp=0) + elif cmd == "sh": + with tempfile.NamedTemporaryFile( + mode="w+t", delete=True + ) as temp_file: + script = action[1] + + if log.isEnabledFor(DEBUG2): + log.debug("exec shell script ...") + for line in script.splitlines(): + sh_log.debug(line) + + script = "\n".join( + ( + script, + # NOTE: Execute `pwd` to determine the subprocess shell's + # working directory after having executed all other commands. + "retcode=$?", + f"pwd >{temp_file.name}", + "exit $retcode", + ) ) - ) - p = subprocess.Popen( - script, - shell=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - cwd=path, - ) + p = subprocess.Popen( + script, + shell=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + cwd=sh_work_dir, + ) - call_stdout, call_stderr = p.communicate() - exit_code = p.returncode - log.debug("exit_code: %s", exit_code) - if exit_code != 0: - raise RuntimeError( - "Script did not run successfully, exit code {}: {} - {}".format( - exit_code, - call_stdout.decode("utf-8").strip(), - call_stderr.decode("utf-8").strip(), + call_stdout, call_stderr = p.communicate() + exit_code = p.returncode + log.debug("exit_code: %s", exit_code) + if exit_code != 0: + raise RuntimeError( + "Script did not run successfully, exit code {}: {} - {}".format( + exit_code, + call_stdout.decode("utf-8").strip(), + call_stderr.decode("utf-8").strip(), + ) ) - ) - temp_file.seek(0) - # NOTE: This var `sh_work_dir` is consumed in cmd == "zip" loop - sh_work_dir = temp_file.read().strip() + temp_file.seek(0) + # NOTE: This var `sh_work_dir` is consumed in cmd == "zip" loop + sh_work_dir = temp_file.read().strip() + log.debug("WORKDIR: %s", sh_work_dir) + + elif cmd == "set:workdir": + path = action[1] + sh_work_dir = os.path.normpath(os.path.join(tf_work_dir, path)) log.debug("WORKDIR: %s", sh_work_dir) - elif cmd == "reset:workdir": - sh_work_dir = tf_work_dir - log.debug("WORKDIR: %s", sh_work_dir) - elif cmd == "set:filter": - patterns = action[1] - pf = ZipContentFilter(args=self._args) - pf.compile(patterns) - elif cmd == "clear:filter": - pf.reset() - pf = None + elif cmd == "set:filter": + patterns = action[1] + pf = ZipContentFilter(args=self._args) + pf.compile(patterns) @staticmethod def _zip_write_with_filter( @@ -1616,11 +1636,11 @@ def prepare_command(args): content_hash = content_hash.hexdigest() # Generate a unique filename based on the hash. - filename = os.path.join(artifacts_dir, "{}.zip".format(content_hash)) + zip_filename = os.path.join(artifacts_dir, "{}.zip".format(content_hash)) # Compute timestamp trigger was_missing = False - filename_path = os.path.join(os.getcwd(), filename) + filename_path = os.path.join(os.getcwd(), zip_filename) if recreate_missing_package: if os.path.exists(filename_path): st = os.stat(filename_path) @@ -1633,7 +1653,7 @@ def prepare_command(args): # Replace variables in the build command with calculated values. build_data = { - "filename": filename, + "filename": zip_filename, "runtime": runtime, "artifacts_dir": artifacts_dir, "build_plan": build_plan, @@ -1653,7 +1673,7 @@ def prepare_command(args): # Output the result to Terraform. json.dump( { - "filename": filename, + "filename": zip_filename, "build_plan": build_plan, "build_plan_filename": build_plan_filename, "timestamp": str(timestamp), diff --git a/tests/test_package_toml.py b/tests/test_package_toml.py index b60550a4..9eba3f4a 100644 --- a/tests/test_package_toml.py +++ b/tests/test_package_toml.py @@ -26,7 +26,7 @@ def test_build_manager_failing_command(): bpm = BuildPlanManager(args=Mock()) with raises(Exception): bpm.execute( - build_plan=[["sh", "/tmp", "NOTACOMMAND"]], + build_plan=[[["sh", "/tmp", "NOTACOMMAND"]]], zip_stream=None, query=None, ) diff --git a/tests/test_zip_source.py b/tests/test_zip_source.py index f46466e1..dd6750ca 100644 --- a/tests/test_zip_source.py +++ b/tests/test_zip_source.py @@ -12,8 +12,10 @@ def test_zip_source_path_sh_work_dir(): bpm.execute( build_plan=[ - ["sh", ".", "cd $(mktemp -d)\n echo pip install"], - ["zip:embedded", ".", "./python"], + [ + ["sh", "cd $(mktemp -d)\n echo pip install"], + ["zip:embedded", ".", "./python"], + ] ], zip_stream=zs, query=None, @@ -33,8 +35,10 @@ def test_zip_source_path(): bpm.execute( build_plan=[ - ["sh", ".", "echo pip install"], - ["zip:embedded", ".", "./python"], + [ + ["sh", "echo pip install"], + ["zip:embedded", ".", "./python"], + ] ], zip_stream=zs, query=None, From abd5a15fd73ddd6ed36569b94f5f7667d73d5f4a Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 26 Nov 2024 19:56:33 +0000 Subject: [PATCH 39/70] chore(release): version 7.16.0 [skip ci] ## [7.16.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.15.0...v7.16.0) (2024-11-26) ### Features * Radically redesign the build plan form ([#646](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/646)) ([32d8d06](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/32d8d060a660b0ec5702403da1b970118f62a314)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8fc4ea8f..68a68c17 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.16.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.15.0...v7.16.0) (2024-11-26) + + +### Features + +* Radically redesign the build plan form ([#646](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/646)) ([32d8d06](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/32d8d060a660b0ec5702403da1b970118f62a314)) + ## [7.15.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.14.1...v7.15.0) (2024-11-18) From 002d7ec3c9bc3e7a44fac536c3443ba640ff9828 Mon Sep 17 00:00:00 2001 From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com> Date: Sun, 8 Dec 2024 16:48:09 -0500 Subject: [PATCH 40/70] feat: Support Event Source Mapping `metrics_config`, `provisioned_poller_config`, and Lambda Recursion Loop (#649) Co-authored-by: Anton Babenko --- README.md | 6 ++++-- examples/alias/README.md | 4 ++-- examples/alias/versions.tf | 2 +- examples/async/README.md | 4 ++-- examples/async/versions.tf | 2 +- examples/build-package/README.md | 2 +- examples/build-package/versions.tf | 2 +- examples/code-signing/README.md | 4 ++-- examples/code-signing/versions.tf | 2 +- examples/complete/README.md | 4 ++-- examples/complete/main.tf | 1 + examples/complete/versions.tf | 2 +- examples/container-image/README.md | 4 ++-- examples/container-image/versions.tf | 2 +- examples/deploy/README.md | 4 ++-- examples/deploy/versions.tf | 2 +- examples/event-source-mapping/README.md | 4 ++-- examples/event-source-mapping/main.tf | 3 +++ examples/event-source-mapping/versions.tf | 2 +- examples/multiple-regions/README.md | 6 +++--- examples/multiple-regions/versions.tf | 2 +- examples/runtimes/README.md | 4 ++-- examples/runtimes/versions.tf | 2 +- examples/simple-cicd/README.md | 2 +- examples/simple-cicd/versions.tf | 2 +- examples/simple/README.md | 2 +- examples/simple/versions.tf | 2 +- examples/triggers/README.md | 4 ++-- examples/triggers/versions.tf | 2 +- examples/with-efs/README.md | 4 ++-- examples/with-efs/versions.tf | 2 +- examples/with-vpc-s3-endpoint/README.md | 4 ++-- examples/with-vpc-s3-endpoint/versions.tf | 2 +- examples/with-vpc/README.md | 2 +- examples/with-vpc/versions.tf | 2 +- main.tf | 23 +++++++++++++++++++++++ variables.tf | 10 ++++++++++ versions.tf | 2 +- wrappers/main.tf | 1 + wrappers/versions.tf | 2 +- 40 files changed, 89 insertions(+), 49 deletions(-) diff --git a/README.md b/README.md index 441726e3..928224cd 100644 --- a/README.md +++ b/README.md @@ -667,7 +667,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -676,7 +676,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [external](#provider\_external) | >= 1.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | @@ -712,6 +712,7 @@ No modules. | [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | | [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | | [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | +| [aws_lambda_function_recursion_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_recursion_config) | resource | | [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource | | [aws_lambda_layer_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_layer_version) | resource | | [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | @@ -836,6 +837,7 @@ No modules. | [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | | [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | | [recreate\_missing\_package](#input\_recreate\_missing\_package) | Whether to recreate missing Lambda package if it is missing locally or not | `bool` | `true` | no | +| [recursive\_loop](#input\_recursive\_loop) | Lambda function recursion configuration. Valid values are Allow or Terminate. | `string` | `null` | no | | [replace\_security\_groups\_on\_destroy](#input\_replace\_security\_groups\_on\_destroy) | (Optional) When true, all security groups defined in vpc\_security\_group\_ids will be replaced with the default security group after the function is destroyed. Set the replacement\_security\_group\_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no | | [replacement\_security\_group\_ids](#input\_replacement\_security\_group\_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace\_security\_groups\_on\_destroy must be set to true to use this attribute. | `list(string)` | `null` | no | | [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | diff --git a/examples/alias/README.md b/examples/alias/README.md index eea4262c..c4037dd6 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/async/README.md b/examples/async/README.md index 370ec6aa..bfc7647b 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/async/versions.tf b/examples/async/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/build-package/README.md b/examples/build-package/README.md index bfb77c4c..d26739dd 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/code-signing/README.md b/examples/code-signing/README.md index cebebfc7..6d4317d8 100644 --- a/examples/code-signing/README.md +++ b/examples/code-signing/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/code-signing/versions.tf b/examples/code-signing/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/code-signing/versions.tf +++ b/examples/code-signing/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/complete/README.md b/examples/complete/README.md index c82da9aa..edebc13a 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/complete/main.tf b/examples/complete/main.tf index fbb97cc3..0d87f3c1 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -26,6 +26,7 @@ module "lambda_function" { ephemeral_storage_size = 10240 architectures = ["x86_64"] publish = true + # recursive_loop = "Allow" source_path = "${path.module}/../fixtures/python-app1" diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 114eaba4..d7d83e0d 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [docker](#requirement\_docker) | >= 3.0 | | [random](#requirement\_random) | >= 2.0 | @@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index b3e66a3f..5b04c7cd 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } docker = { source = "kreuzwerker/docker" diff --git a/examples/deploy/README.md b/examples/deploy/README.md index 040e3354..86d5e5a5 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md index 857b018f..60c28525 100644 --- a/examples/event-source-mapping/README.md +++ b/examples/event-source-mapping/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/event-source-mapping/main.tf b/examples/event-source-mapping/main.tf index b7a714cc..f76d30c8 100644 --- a/examples/event-source-mapping/main.tf +++ b/examples/event-source-mapping/main.tf @@ -37,6 +37,9 @@ module "lambda_function" { scaling_config = { maximum_concurrency = 20 } + metrics_config = { + metrics = ["EventCount"] + } } dynamodb = { event_source_arn = aws_dynamodb_table.this.stream_arn diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 41bed35c..7c09e0b0 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -21,15 +21,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | -| [aws.us-east-1](#provider\_aws.us-east-1) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | +| [aws.us-east-1](#provider\_aws.us-east-1) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/runtimes/README.md b/examples/runtimes/README.md index 9487e0a1..9e67eeb7 100644 --- a/examples/runtimes/README.md +++ b/examples/runtimes/README.md @@ -24,7 +24,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.2 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [http](#requirement\_http) | >= 3.0 | | [random](#requirement\_random) | >= 3.0 | @@ -32,7 +32,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [http](#provider\_http) | >= 3.0 | | [random](#provider\_random) | >= 3.0 | diff --git a/examples/runtimes/versions.tf b/examples/runtimes/versions.tf index 6d7b7626..6c4e77fa 100644 --- a/examples/runtimes/versions.tf +++ b/examples/runtimes/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/simple-cicd/README.md b/examples/simple-cicd/README.md index dff217d9..2edb2e51 100644 --- a/examples/simple-cicd/README.md +++ b/examples/simple-cicd/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/simple-cicd/versions.tf b/examples/simple-cicd/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/simple-cicd/versions.tf +++ b/examples/simple-cicd/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/simple/README.md b/examples/simple/README.md index 3d408a17..bee54ded 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/triggers/README.md b/examples/triggers/README.md index 58e28d8e..c6a6fde9 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/triggers/versions.tf b/examples/triggers/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/triggers/versions.tf +++ b/examples/triggers/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index 6a2c5983..742816ba 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index 33fe46cd..60a93661 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -22,14 +22,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 3.4 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.79 | | [random](#provider\_random) | >= 3.4 | ## Modules diff --git a/examples/with-vpc-s3-endpoint/versions.tf b/examples/with-vpc-s3-endpoint/versions.tf index c07ee92d..7a4d860b 100644 --- a/examples/with-vpc-s3-endpoint/versions.tf +++ b/examples/with-vpc-s3-endpoint/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 2fe7760d..a29f0bb3 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.79 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index 6d9488f3..5cf868aa 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } random = { source = "hashicorp/random" diff --git a/main.tf b/main.tf index 5e3ed5de..c37d445c 100644 --- a/main.tf +++ b/main.tf @@ -405,6 +405,22 @@ resource "aws_lambda_event_source_mapping" "this" { } } + dynamic "metrics_config" { + for_each = try([each.value.metrics_config], []) + + content { + metrics = metrics_config.value.metrics + } + } + + dynamic "provisioned_poller_config" { + for_each = try([each.value.provisioned_poller_config], []) + content { + maximum_pollers = try(provisioned_poller_config.value.maximum_pollers, null) + minimum_pollers = try(provisioned_poller_config.value.minimum_pollers, null) + } + } + tags = merge(var.tags, try(each.value.tags, {})) } @@ -432,6 +448,13 @@ resource "aws_lambda_function_url" "this" { } } +resource "aws_lambda_function_recursion_config" "this" { + count = local.create && var.create_function && !var.create_layer && var.recursive_loop == "Allow" ? 1 : 0 + + function_name = aws_lambda_function.this[0].function_name + recursive_loop = var.recursive_loop +} + # This resource contains the extra information required by SAM CLI to provide the testing capabilities # to the TF application. The required data is where SAM CLI can find the Lambda function source code # and what are the resources that contain the building logic. diff --git a/variables.tf b/variables.tf index ae55c936..91ff6961 100644 --- a/variables.tf +++ b/variables.tf @@ -825,3 +825,13 @@ variable "logging_log_group" { type = string default = null } + +############################################ +# Lambda Recursive Loop Settings +############################################ + +variable "recursive_loop" { + description = "Lambda function recursion configuration. Valid values are Allow or Terminate." + type = string + default = null +} diff --git a/versions.tf b/versions.tf index 303bc003..bf462c65 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } external = { source = "hashicorp/external" diff --git a/wrappers/main.tf b/wrappers/main.tf index bd3e58f2..d1acc1cf 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -99,6 +99,7 @@ module "wrapper" { publish = try(each.value.publish, var.defaults.publish, false) putin_khuylo = try(each.value.putin_khuylo, var.defaults.putin_khuylo, true) recreate_missing_package = try(each.value.recreate_missing_package, var.defaults.recreate_missing_package, true) + recursive_loop = try(each.value.recursive_loop, var.defaults.recursive_loop, null) replace_security_groups_on_destroy = try(each.value.replace_security_groups_on_destroy, var.defaults.replace_security_groups_on_destroy, null) replacement_security_group_ids = try(each.value.replacement_security_group_ids, var.defaults.replacement_security_group_ids, null) reserved_concurrent_executions = try(each.value.reserved_concurrent_executions, var.defaults.reserved_concurrent_executions, -1) diff --git a/wrappers/versions.tf b/wrappers/versions.tf index 303bc003..bf462c65 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.79" } external = { source = "hashicorp/external" From 5da19e5827002cd7155d83178e7e5c906e2d0c19 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sun, 8 Dec 2024 21:48:34 +0000 Subject: [PATCH 41/70] chore(release): version 7.17.0 [skip ci] ## [7.17.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.16.0...v7.17.0) (2024-12-08) ### Features * Support Event Source Mapping `metrics_config`, `provisioned_poller_config`, and Lambda Recursion Loop ([#649](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/649)) ([002d7ec](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/002d7ec3c9bc3e7a44fac536c3443ba640ff9828)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 68a68c17..47cc6eeb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.17.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.16.0...v7.17.0) (2024-12-08) + + +### Features + +* Support Event Source Mapping `metrics_config`, `provisioned_poller_config`, and Lambda Recursion Loop ([#649](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/649)) ([002d7ec](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/002d7ec3c9bc3e7a44fac536c3443ba640ff9828)) + ## [7.16.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.15.0...v7.16.0) (2024-11-26) From 4bc61eb58005e149dc1ca87ba79f42b0cba944fd Mon Sep 17 00:00:00 2001 From: Zadkiel AHARONIAN Date: Wed, 8 Jan 2025 00:44:59 +0100 Subject: [PATCH 42/70] fix: Rename npm_package_json to npm_requirements (#621) --- package.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/package.py b/package.py index 09bc23e6..a0944342 100644 --- a/package.py +++ b/package.py @@ -821,7 +821,9 @@ def commands_step(path, commands): pip_requirements = claim.get("pip_requirements") poetry_install = claim.get("poetry_install") poetry_export_extra_args = claim.get("poetry_export_extra_args", []) - npm_requirements = claim.get("npm_package_json") + npm_requirements = claim.get( + "npm_requirements", claim.get("npm_package_json") + ) runtime = claim.get("runtime", query.runtime) if pip_requirements and runtime.startswith("python"): From 9bbe65dc9a6183ef6de204b1afce92c0e9b543a1 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 7 Jan 2025 23:45:29 +0000 Subject: [PATCH 43/70] chore(release): version 7.17.1 [skip ci] ## [7.17.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.17.0...v7.17.1) (2025-01-07) ### Bug Fixes * Rename npm_package_json to npm_requirements ([#621](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/621)) ([4bc61eb](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/4bc61eb58005e149dc1ca87ba79f42b0cba944fd)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 47cc6eeb..77515096 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.17.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.17.0...v7.17.1) (2025-01-07) + + +### Bug Fixes + +* Rename npm_package_json to npm_requirements ([#621](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/621)) ([4bc61eb](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/4bc61eb58005e149dc1ca87ba79f42b0cba944fd)) + ## [7.17.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.16.0...v7.17.0) (2024-12-08) From 65ffea2cfd99a27b6be3fc3e48482cf0fb821f2f Mon Sep 17 00:00:00 2001 From: Richard Gilmore Date: Wed, 8 Jan 2025 01:05:06 +0000 Subject: [PATCH 44/70] feat: Allow temp dir for poetry docker builds (#638) Co-authored-by: Anton Babenko --- examples/build-package/main.tf | 1 + package.py | 20 +++++++++----------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 7119a5d5..2afce855 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -426,6 +426,7 @@ module "lambda_layer_poetry" { { path = "${path.module}/../fixtures/python-app-poetry" poetry_install = true + poetry_tmp_dir = "${path.cwd}/../fixtures" } ] hash_extra = "extra-hash-to-prevent-conflicts-with-module.package_dir" diff --git a/package.py b/package.py index a0944342..6e19846c 100644 --- a/package.py +++ b/package.py @@ -707,7 +707,7 @@ def pip_requirements_step(path, prefix=None, required=False, tmp_dir=None): hash(requirements) def poetry_install_step( - path, poetry_export_extra_args=[], prefix=None, required=False + path, poetry_export_extra_args=[], prefix=None, required=False, tmp_dir=None ): pyproject_file = path if os.path.isdir(path): @@ -718,7 +718,7 @@ def poetry_install_step( "poetry configuration not found: {}".format(pyproject_file) ) else: - step("poetry", runtime, path, poetry_export_extra_args, prefix) + step("poetry", runtime, path, poetry_export_extra_args, prefix, tmp_dir) hash(pyproject_file) pyproject_path = os.path.dirname(pyproject_file) poetry_lock_file = os.path.join(pyproject_path, "poetry.lock") @@ -849,6 +849,7 @@ def commands_step(path, commands): prefix=prefix, poetry_export_extra_args=poetry_export_extra_args, required=True, + tmp_dir=claim.get("poetry_tmp_dir"), ) if npm_requirements and runtime.startswith("nodejs"): @@ -949,15 +950,12 @@ def execute(self, build_plan, zip_stream, query): # XXX: timestamp=0 - what actually do with it? zs.write_dirs(rd, prefix=prefix, timestamp=0) elif cmd == "poetry": - ( - runtime, - path, - poetry_export_extra_args, - prefix, - ) = action[1:] + (runtime, path, poetry_export_extra_args, prefix, tmp_dir) = action[ + 1: + ] log.info("poetry_export_extra_args: %s", poetry_export_extra_args) with install_poetry_dependencies( - query, path, poetry_export_extra_args + query, path, poetry_export_extra_args, tmp_dir ) as rd: if rd: if pf: @@ -1177,7 +1175,7 @@ def install_pip_requirements(query, requirements_file, tmp_dir): @contextmanager -def install_poetry_dependencies(query, path, poetry_export_extra_args): +def install_poetry_dependencies(query, path, poetry_export_extra_args, tmp_dir): # TODO: # 1. Emit files instead of temp_dir @@ -1231,7 +1229,7 @@ def install_poetry_dependencies(query, path, poetry_export_extra_args): working_dir = os.getcwd() log.info("Installing python dependencies with poetry & pip: %s", poetry_lock_file) - with tempdir() as temp_dir: + with tempdir(tmp_dir) as temp_dir: def copy_file_to_target(file, temp_dir): filename = os.path.basename(file) From 3e553e95b14b498788badae654dd317e1d7427f6 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 8 Jan 2025 01:05:31 +0000 Subject: [PATCH 45/70] chore(release): version 7.18.0 [skip ci] ## [7.18.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.17.1...v7.18.0) (2025-01-08) ### Features * Allow temp dir for poetry docker builds ([#638](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/638)) ([65ffea2](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/65ffea2cfd99a27b6be3fc3e48482cf0fb821f2f)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 77515096..0913782d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.18.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.17.1...v7.18.0) (2025-01-08) + + +### Features + +* Allow temp dir for poetry docker builds ([#638](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/638)) ([65ffea2](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/65ffea2cfd99a27b6be3fc3e48482cf0fb821f2f)) + ## [7.17.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.17.0...v7.17.1) (2025-01-07) From 55cdaa68a63413f4ae5724c8b3a09a6b10d72f12 Mon Sep 17 00:00:00 2001 From: Jean-Simon Barry <156705104+jean-simon-barry1@users.noreply.github.com> Date: Tue, 7 Jan 2025 20:18:12 -0500 Subject: [PATCH 46/70] feat: Add `cache_from` option in the docker-build module (#641) Co-authored-by: Anton Babenko --- examples/container-image/main.tf | 2 ++ modules/docker-build/README.md | 1 + modules/docker-build/main.tf | 1 + modules/docker-build/variables.tf | 6 ++++++ wrappers/docker-build/main.tf | 1 + 5 files changed, 11 insertions(+) diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index 3258960f..75a36ffc 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -127,6 +127,8 @@ module "docker_build_from_ecr" { triggers = { dir_sha = local.dir_sha } + + cache_from = ["${module.ecr.repository_url}:latest"] } module "ecr" { diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index bd223aaf..0bfb506c 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -91,6 +91,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [build\_args](#input\_build\_args) | A map of Docker build arguments. | `map(string)` | `{}` | no | +| [cache\_from](#input\_cache\_from) | List of images to consider as cache sources when building the image. | `list(string)` | `[]` | no | | [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | | [create\_sam\_metadata](#input\_create\_sam\_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no | | [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index 6ed24831..1bf27a1f 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -17,6 +17,7 @@ resource "docker_image" "this" { dockerfile = var.docker_file_path build_args = var.build_args platform = var.platform + cache_from = var.cache_from } force_remove = var.force_remove diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf index 509f35f3..e153fa7f 100644 --- a/modules/docker-build/variables.tf +++ b/modules/docker-build/variables.tf @@ -112,3 +112,9 @@ variable "triggers" { type = map(string) default = {} } + +variable "cache_from" { + description = "List of images to consider as cache sources when building the image." + type = list(string) + default = [] +} diff --git a/wrappers/docker-build/main.tf b/wrappers/docker-build/main.tf index 0375d4eb..7d7614cf 100644 --- a/wrappers/docker-build/main.tf +++ b/wrappers/docker-build/main.tf @@ -4,6 +4,7 @@ module "wrapper" { for_each = var.items build_args = try(each.value.build_args, var.defaults.build_args, {}) + cache_from = try(each.value.cache_from, var.defaults.cache_from, []) create_ecr_repo = try(each.value.create_ecr_repo, var.defaults.create_ecr_repo, false) create_sam_metadata = try(each.value.create_sam_metadata, var.defaults.create_sam_metadata, false) docker_file_path = try(each.value.docker_file_path, var.defaults.docker_file_path, "Dockerfile") From 45c67201eec499893c4496c01daf383b1feccff1 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 8 Jan 2025 01:18:39 +0000 Subject: [PATCH 47/70] chore(release): version 7.19.0 [skip ci] ## [7.19.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.18.0...v7.19.0) (2025-01-08) ### Features * Add `cache_from` option in the docker-build module ([#641](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/641)) ([55cdaa6](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/55cdaa68a63413f4ae5724c8b3a09a6b10d72f12)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0913782d..c0096f6a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.19.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.18.0...v7.19.0) (2025-01-08) + + +### Features + +* Add `cache_from` option in the docker-build module ([#641](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/641)) ([55cdaa6](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/55cdaa68a63413f4ae5724c8b3a09a6b10d72f12)) + ## [7.18.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.17.1...v7.18.0) (2025-01-08) From 394d337450d88aa877ec560cd49080bb8b9a45ba Mon Sep 17 00:00:00 2001 From: RafaelWO <38643099+RafaelWO@users.noreply.github.com> Date: Wed, 8 Jan 2025 21:43:57 +0100 Subject: [PATCH 48/70] feat: Use inline instead of managed policies (#615) Co-authored-by: Anton Babenko --- .pre-commit-config.yaml | 2 +- README.md | 24 ++++------ examples/complete/main.tf | 3 +- iam.tf | 96 +++++++-------------------------------- main.tf | 16 +++---- variables.tf | 2 + 6 files changed, 36 insertions(+), 107 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 38f92f23..2fb09edb 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.96.1 + rev: v1.96.3 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/README.md b/README.md index 928224cd..ed1f32c8 100644 --- a/README.md +++ b/README.md @@ -690,25 +690,17 @@ No modules. | Name | Type | |------|------| | [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | -| [aws_iam_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | | [aws_iam_role_policy_attachment.additional_many](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_role_policy_attachment.additional_one](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource | | [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | | [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 0d87f3c1..d0ae09c8 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -54,8 +54,7 @@ module "lambda_function" { cloudwatch_logs_log_group_class = "INFREQUENT_ACCESS" - role_path = "/tf-managed/" - policy_path = "/tf-managed/" + role_path = "/tf-managed/" attach_dead_letter_policy = true dead_letter_target_arn = aws_sqs_queue.dlq.arn diff --git a/iam.tf b/iam.tf index 436a4398..8b0440e1 100644 --- a/iam.tf +++ b/iam.tf @@ -131,20 +131,12 @@ data "aws_iam_policy_document" "logs" { } } -resource "aws_iam_policy" "logs" { +resource "aws_iam_role_policy" "logs" { count = local.create_role && var.attach_cloudwatch_logs_policy ? 1 : 0 name = "${local.policy_name}-logs" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy_document.logs[0].json - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "logs" { - count = local.create_role && var.attach_cloudwatch_logs_policy ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.logs[0].arn } ##################### @@ -168,20 +160,12 @@ data "aws_iam_policy_document" "dead_letter" { } } -resource "aws_iam_policy" "dead_letter" { +resource "aws_iam_role_policy" "dead_letter" { count = local.create_role && var.attach_dead_letter_policy ? 1 : 0 name = "${local.policy_name}-dl" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy_document.dead_letter[0].json - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "dead_letter" { - count = local.create_role && var.attach_dead_letter_policy ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.dead_letter[0].arn } ###### @@ -195,20 +179,12 @@ data "aws_iam_policy" "vpc" { arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSLambdaENIManagementAccess" } -resource "aws_iam_policy" "vpc" { +resource "aws_iam_role_policy" "vpc" { count = local.create_role && var.attach_network_policy ? 1 : 0 name = "${local.policy_name}-vpc" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy.vpc[0].policy - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "vpc" { - count = local.create_role && var.attach_network_policy ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.vpc[0].arn } ##################### @@ -222,20 +198,12 @@ data "aws_iam_policy" "tracing" { arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AWSXRayDaemonWriteAccess" } -resource "aws_iam_policy" "tracing" { +resource "aws_iam_role_policy" "tracing" { count = local.create_role && var.attach_tracing_policy ? 1 : 0 name = "${local.policy_name}-tracing" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy.tracing[0].policy - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "tracing" { - count = local.create_role && var.attach_tracing_policy ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.tracing[0].arn } ############################### @@ -259,60 +227,36 @@ data "aws_iam_policy_document" "async" { } } -resource "aws_iam_policy" "async" { +resource "aws_iam_role_policy" "async" { count = local.create_role && var.attach_async_event_policy ? 1 : 0 name = "${local.policy_name}-async" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy_document.async[0].json - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "async" { - count = local.create_role && var.attach_async_event_policy ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.async[0].arn } ########################### # Additional policy (JSON) ########################### -resource "aws_iam_policy" "additional_json" { +resource "aws_iam_role_policy" "additional_json" { count = local.create_role && var.attach_policy_json ? 1 : 0 name = local.policy_name - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = var.policy_json - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "additional_json" { - count = local.create_role && var.attach_policy_json ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.additional_json[0].arn } ##################################### # Additional policies (list of JSON) ##################################### -resource "aws_iam_policy" "additional_jsons" { +resource "aws_iam_role_policy" "additional_jsons" { count = local.create_role && var.attach_policy_jsons ? var.number_of_policy_jsons : 0 name = "${local.policy_name}-${count.index}" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = var.policy_jsons[count.index] - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "additional_jsons" { - count = local.create_role && var.attach_policy_jsons ? var.number_of_policy_jsons : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.additional_jsons[count.index].arn } ########################### @@ -383,18 +327,10 @@ data "aws_iam_policy_document" "additional_inline" { } } -resource "aws_iam_policy" "additional_inline" { +resource "aws_iam_role_policy" "additional_inline" { count = local.create_role && var.attach_policy_statements ? 1 : 0 name = "${local.policy_name}-inline" - path = var.policy_path + role = aws_iam_role.lambda[0].name policy = data.aws_iam_policy_document.additional_inline[0].json - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "additional_inline" { - count = local.create_role && var.attach_policy_statements ? 1 : 0 - - role = aws_iam_role.lambda[0].name - policy_arn = aws_iam_policy.additional_inline[0].arn } diff --git a/main.tf b/main.tf index c37d445c..6c3f0940 100644 --- a/main.tf +++ b/main.tf @@ -154,16 +154,16 @@ resource "aws_lambda_function" "this" { aws_cloudwatch_log_group.lambda, # Before the lambda is created the execution role with all its policies should be ready - aws_iam_role_policy_attachment.additional_inline, - aws_iam_role_policy_attachment.additional_json, - aws_iam_role_policy_attachment.additional_jsons, + aws_iam_role_policy.additional_inline, + aws_iam_role_policy.additional_json, + aws_iam_role_policy.additional_jsons, + aws_iam_role_policy.async, + aws_iam_role_policy.dead_letter, + aws_iam_role_policy.logs, + aws_iam_role_policy.tracing, + aws_iam_role_policy.vpc, aws_iam_role_policy_attachment.additional_many, aws_iam_role_policy_attachment.additional_one, - aws_iam_role_policy_attachment.async, - aws_iam_role_policy_attachment.logs, - aws_iam_role_policy_attachment.dead_letter, - aws_iam_role_policy_attachment.vpc, - aws_iam_role_policy_attachment.tracing, ] } diff --git a/variables.tf b/variables.tf index 91ff6961..c4aac208 100644 --- a/variables.tf +++ b/variables.tf @@ -578,6 +578,8 @@ variable "attach_policies" { default = false } +# TODO: DEPRECATED: Remove this variable in the next major version +# tflint-ignore: all variable "policy_path" { description = "Path of policies to that should be added to IAM role for Lambda Function" type = string From de6ae344e72819ac57f06096538b21849decc16e Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 8 Jan 2025 20:44:22 +0000 Subject: [PATCH 49/70] chore(release): version 7.20.0 [skip ci] ## [7.20.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.19.0...v7.20.0) (2025-01-08) ### Features * Use inline instead of managed policies ([#615](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/615)) ([394d337](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/394d337450d88aa877ec560cd49080bb8b9a45ba)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0096f6a..867f2939 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.20.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.19.0...v7.20.0) (2025-01-08) + + +### Features + +* Use inline instead of managed policies ([#615](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/615)) ([394d337](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/394d337450d88aa877ec560cd49080bb8b9a45ba)) + ## [7.19.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.18.0...v7.19.0) (2025-01-08) From 685af5370e580a89cee68aeae06bb40dc3257892 Mon Sep 17 00:00:00 2001 From: Sebastian Czech Date: Sun, 26 Jan 2025 07:23:30 +0100 Subject: [PATCH 50/70] fix: Make default tag `terraform-aws-modules` optional (#657) Co-authored-by: Anton Babenko --- README.md | 1 + main.tf | 2 +- variables.tf | 6 ++++++ wrappers/main.tf | 1 + 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ed1f32c8..10cdbe39 100644 --- a/README.md +++ b/README.md @@ -797,6 +797,7 @@ No modules. | [image\_config\_entry\_point](#input\_image\_config\_entry\_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | | [image\_config\_working\_directory](#input\_image\_config\_working\_directory) | The working directory for the docker image | `string` | `null` | no | | [image\_uri](#input\_image\_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no | +| [include\_default\_tag](#input\_include\_default\_tag) | Set to false to not include the default tag in the tags map. | `bool` | `true` | no | | [invoke\_mode](#input\_invoke\_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE\_STREAM. | `string` | `null` | no | | [ipv6\_allowed\_for\_dual\_stack](#input\_ipv6\_allowed\_for\_dual\_stack) | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets | `bool` | `null` | no | | [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | diff --git a/main.tf b/main.tf index 6c3f0940..c67f1bbb 100644 --- a/main.tf +++ b/main.tf @@ -138,7 +138,7 @@ resource "aws_lambda_function" "this" { } tags = merge( - { terraform-aws-modules = "lambda" }, + var.include_default_tag ? { terraform-aws-modules = "lambda" } : {}, var.tags, var.function_tags ) diff --git a/variables.tf b/variables.tf index c4aac208..c71f68ae 100644 --- a/variables.tf +++ b/variables.tf @@ -188,6 +188,12 @@ variable "tags" { default = {} } +variable "include_default_tag" { + description = "Set to false to not include the default tag in the tags map." + type = bool + default = true +} + variable "function_tags" { description = "A map of tags to assign only to the lambda function" type = map(string) diff --git a/wrappers/main.tf b/wrappers/main.tf index d1acc1cf..1092b4d3 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -67,6 +67,7 @@ module "wrapper" { image_config_entry_point = try(each.value.image_config_entry_point, var.defaults.image_config_entry_point, []) image_config_working_directory = try(each.value.image_config_working_directory, var.defaults.image_config_working_directory, null) image_uri = try(each.value.image_uri, var.defaults.image_uri, null) + include_default_tag = try(each.value.include_default_tag, var.defaults.include_default_tag, true) invoke_mode = try(each.value.invoke_mode, var.defaults.invoke_mode, null) ipv6_allowed_for_dual_stack = try(each.value.ipv6_allowed_for_dual_stack, var.defaults.ipv6_allowed_for_dual_stack, null) kms_key_arn = try(each.value.kms_key_arn, var.defaults.kms_key_arn, null) From 84dfbfddf9483bc56afa0aff516177c03652f0c7 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sun, 26 Jan 2025 06:24:00 +0000 Subject: [PATCH 51/70] chore(release): version 7.20.1 [skip ci] ## [7.20.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.0...v7.20.1) (2025-01-26) ### Bug Fixes * Make default tag `terraform-aws-modules` optional ([#657](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/657)) ([685af53](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/685af5370e580a89cee68aeae06bb40dc3257892)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 867f2939..dd782fb7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.20.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.0...v7.20.1) (2025-01-26) + + +### Bug Fixes + +* Make default tag `terraform-aws-modules` optional ([#657](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/657)) ([685af53](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/685af5370e580a89cee68aeae06bb40dc3257892)) + ## [7.20.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.19.0...v7.20.0) (2025-01-08) From 64433c096e690b767a8b106b67383edfe8263ba7 Mon Sep 17 00:00:00 2001 From: Uladzislau Orlovskiy Date: Fri, 4 Apr 2025 14:27:54 +0200 Subject: [PATCH 52/70] fix: Add aws_partition to support usage of this module in aws-cn and gov --- modules/deploy/README.md | 7 ++++--- modules/deploy/main.tf | 4 +++- outputs.tf | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 6da1f6e8..c1a60861 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -137,6 +137,7 @@ No modules. | [aws_iam_role.codedeploy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | | [aws_lambda_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_alias) | data source | | [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_function) | data source | +| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | ## Inputs @@ -151,10 +152,10 @@ No modules. | [attach\_hooks\_policy](#input\_attach\_hooks\_policy) | Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined. | `bool` | `true` | no | | [attach\_triggers\_policy](#input\_attach\_triggers\_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | | [auto\_rollback\_enabled](#input\_auto\_rollback\_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | -| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | +| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | | [aws\_cli\_command](#input\_aws\_cli\_command) | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | | [before\_allow\_traffic\_hook\_arn](#input\_before\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | +| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | | [codedeploy\_role\_name](#input\_codedeploy\_role\_name) | IAM role name to create or use by CodeDeploy | `string` | `""` | no | | [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | | [create\_app](#input\_create\_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | @@ -168,7 +169,7 @@ No modules. | [force\_deploy](#input\_force\_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | | [function\_name](#input\_function\_name) | The name of the Lambda function to deploy | `string` | `""` | no | | [get\_deployment\_sleep\_timer](#input\_get\_deployment\_sleep\_timer) | Adds additional sleep time to get-deployment command to avoid the service throttling | `number` | `5` | no | -| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | +| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | | [run\_deployment](#input\_run\_deployment) | Run AWS CLI command to start the deployment | `bool` | `false` | no | | [save\_deploy\_script](#input\_save\_deploy\_script) | Save deploy script locally | `bool` | `false` | no | | [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index 4504f099..d88c0894 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -86,6 +86,8 @@ EOF } +data "aws_partition" "current" {} + data "aws_lambda_alias" "this" { count = var.create && var.create_deployment ? 1 : 0 @@ -209,7 +211,7 @@ resource "aws_iam_role_policy_attachment" "codedeploy" { count = var.create && var.create_codedeploy_role ? 1 : 0 role = try(aws_iam_role.codedeploy[0].id, "") - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda" + policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda" } data "aws_iam_policy_document" "hooks" { diff --git a/outputs.tf b/outputs.tf index 59197585..29c47fe1 100644 --- a/outputs.tf +++ b/outputs.tf @@ -6,7 +6,7 @@ output "lambda_function_arn" { output "lambda_function_arn_static" { description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" - value = local.create && var.create_function && !var.create_layer ? "arn:aws:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:${var.function_name}" : "" + value = local.create && var.create_function && !var.create_layer ? "arn:${data.aws_partition.current.partition}:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:${var.function_name}" : "" } output "lambda_function_invoke_arn" { From 7305b7484fc03e30dc05f9fab6f8f37ea35e21fc Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 8 Apr 2025 19:15:03 -0700 Subject: [PATCH 53/70] Fixed docs --- .pre-commit-config.yaml | 2 +- modules/deploy/README.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2fb09edb..b362de29 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.96.3 + rev: v1.98.1 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/modules/deploy/README.md b/modules/deploy/README.md index c1a60861..3addc40b 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -152,10 +152,10 @@ No modules. | [attach\_hooks\_policy](#input\_attach\_hooks\_policy) | Whether to attach Invoke policy to CodeDeploy role when before allow traffic or after allow traffic hooks are defined. | `bool` | `true` | no | | [attach\_triggers\_policy](#input\_attach\_triggers\_policy) | Whether to attach SNS policy to CodeDeploy role when triggers are defined | `bool` | `false` | no | | [auto\_rollback\_enabled](#input\_auto\_rollback\_enabled) | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | -| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | +| [auto\_rollback\_events](#input\_auto\_rollback\_events) | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` | 
[
  "DEPLOYMENT_STOP_ON_ALARM"
]
| no | | [aws\_cli\_command](#input\_aws\_cli\_command) | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | | [before\_allow\_traffic\_hook\_arn](#input\_before\_allow\_traffic\_hook\_arn) | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | -| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | +| [codedeploy\_principals](#input\_codedeploy\_principals) | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` | 
[
  "codedeploy.amazonaws.com"
]
| no | | [codedeploy\_role\_name](#input\_codedeploy\_role\_name) | IAM role name to create or use by CodeDeploy | `string` | `""` | no | | [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | | [create\_app](#input\_create\_app) | Whether to create new AWS CodeDeploy app | `bool` | `false` | no | @@ -169,7 +169,7 @@ No modules. | [force\_deploy](#input\_force\_deploy) | Force deployment every time (even when nothing changes) | `bool` | `false` | no | | [function\_name](#input\_function\_name) | The name of the Lambda function to deploy | `string` | `""` | no | | [get\_deployment\_sleep\_timer](#input\_get\_deployment\_sleep\_timer) | Adds additional sleep time to get-deployment command to avoid the service throttling | `number` | `5` | no | -| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | +| [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | 
[
  "/bin/bash",
  "-c"
]
| no | | [run\_deployment](#input\_run\_deployment) | Run AWS CLI command to start the deployment | `bool` | `false` | no | | [save\_deploy\_script](#input\_save\_deploy\_script) | Save deploy script locally | `bool` | `false` | no | | [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | From dedc7369e53cb5926475ab03536d08fe8d52f4a9 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 9 Apr 2025 02:16:12 +0000 Subject: [PATCH 54/70] chore(release): version 7.20.2 [skip ci] ## [7.20.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.1...v7.20.2) (2025-04-09) ### Bug Fixes * Add aws_partition to support usage of this module in aws-cn and gov ([64433c0](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/64433c096e690b767a8b106b67383edfe8263ba7)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index dd782fb7..37355ef2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.20.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.1...v7.20.2) (2025-04-09) + + +### Bug Fixes + +* Add aws_partition to support usage of this module in aws-cn and gov ([64433c0](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/64433c096e690b767a8b106b67383edfe8263ba7)) + ## [7.20.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.0...v7.20.1) (2025-01-26) From 75ee97d184231a45bdb8d8398ecccb6f2558d0a5 Mon Sep 17 00:00:00 2001 From: pawelpesz <81652898+pawelpesz@users.noreply.github.com> Date: Fri, 16 May 2025 12:05:17 +0100 Subject: [PATCH 55/70] fix: Do not expose output from build command in Docker (#677) --- package.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.tf b/package.tf index 34322514..bbff086c 100644 --- a/package.tf +++ b/package.tf @@ -49,7 +49,7 @@ data "external" "archive_prepare" { resource "local_file" "archive_plan" { count = var.create && var.create_package ? 1 : 0 - content = data.external.archive_prepare[0].result.build_plan + content = var.build_in_docker ? sensitive(data.external.archive_prepare[0].result.build_plan) : data.external.archive_prepare[0].result.build_plan filename = data.external.archive_prepare[0].result.build_plan_filename directory_permission = "0755" file_permission = "0644" From c7ee15f48dbc5c3553ac3ccbb408c2838dc48d39 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 16 May 2025 11:05:47 +0000 Subject: [PATCH 56/70] chore(release): version 7.20.3 [skip ci] ## [7.20.3](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.2...v7.20.3) (2025-05-16) ### Bug Fixes * Do not expose output from build command in Docker ([#677](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/677)) ([75ee97d](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/75ee97d184231a45bdb8d8398ecccb6f2558d0a5)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 37355ef2..6c9b1efc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.20.3](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.2...v7.20.3) (2025-05-16) + + +### Bug Fixes + +* Do not expose output from build command in Docker ([#677](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/677)) ([75ee97d](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/75ee97d184231a45bdb8d8398ecccb6f2558d0a5)) + ## [7.20.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.1...v7.20.2) (2025-04-09) From 29893ab17086b6ec45955f1f5d2f1be4f7cf2285 Mon Sep 17 00:00:00 2001 From: Sami Jawhar Date: Fri, 16 May 2025 04:18:25 -0700 Subject: [PATCH 57/70] feat: Add buildx and multi-stage build support to docker-build module (#679) --- examples/container-image/README.md | 1 + examples/container-image/context/Dockerfile | 6 ++++- examples/container-image/main.tf | 29 +++++++++++++++++++++ modules/docker-build/README.md | 6 +++-- modules/docker-build/main.tf | 2 ++ modules/docker-build/variables.tf | 12 +++++++++ modules/docker-build/versions.tf | 2 +- wrappers/docker-build/main.tf | 2 ++ wrappers/docker-build/versions.tf | 2 +- 9 files changed, 57 insertions(+), 5 deletions(-) diff --git a/examples/container-image/README.md b/examples/container-image/README.md index d7d83e0d..3a0a4f47 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -37,6 +37,7 @@ Note that this example may create resources which cost money. Run `terraform des |------|--------|---------| | [docker\_build](#module\_docker\_build) | ../../modules/docker-build | n/a | | [docker\_build\_from\_ecr](#module\_docker\_build\_from\_ecr) | ../../modules/docker-build | n/a | +| [docker\_build\_multistage](#module\_docker\_build\_multistage) | ../../modules/docker-build | n/a | | [ecr](#module\_ecr) | terraform-aws-modules/ecr/aws | n/a | | [lambda\_function\_with\_docker\_build](#module\_lambda\_function\_with\_docker\_build) | ../../ | n/a | | [lambda\_function\_with\_docker\_build\_from\_ecr](#module\_lambda\_function\_with\_docker\_build\_from\_ecr) | ../../ | n/a | diff --git a/examples/container-image/context/Dockerfile b/examples/container-image/context/Dockerfile index d6e7662a..64350ec5 100644 --- a/examples/container-image/context/Dockerfile +++ b/examples/container-image/context/Dockerfile @@ -1,8 +1,12 @@ # `--platform` argument is used to be able to build docker images when using another platform (e.g. Apple M1) -FROM --platform=linux/x86_64 scratch +FROM --platform=linux/x86_64 scratch AS first_stage ARG FOO ENV FOO $FOO COPY empty /empty + +FROM first_stage AS second_stage + +COPY empty /empty_two diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index 75a36ffc..4db21302 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -123,6 +123,35 @@ module "docker_build_from_ecr" { build_args = { FOO = "bar" } + # Can also use buildx + builder = "default" + docker_file_path = "${local.source_path}/Dockerfile" + + triggers = { + dir_sha = local.dir_sha + } + + cache_from = ["${module.ecr.repository_url}:latest"] +} + +module "docker_build_multistage" { + source = "../../modules/docker-build" + + ecr_repo = module.ecr.repository_name + + use_image_tag = true + image_tag = "first_stage" + + source_path = local.source_path + platform = "linux/amd64" + build_args = { + FOO = "bar" + } + builder = "default" + docker_file_path = "${local.source_path}/Dockerfile" + + # multi-stage builds + build_target = "first_stage" triggers = { dir_sha = local.dir_sha diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 0bfb506c..17e6c972 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -59,7 +59,7 @@ module "docker_image" { |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 4.22 | -| [docker](#requirement\_docker) | >= 3.0 | +| [docker](#requirement\_docker) | >= 3.5.0 | | [null](#requirement\_null) | >= 2.0 | ## Providers @@ -67,7 +67,7 @@ module "docker_image" { | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 4.22 | -| [docker](#provider\_docker) | >= 3.0 | +| [docker](#provider\_docker) | >= 3.5.0 | | [null](#provider\_null) | >= 2.0 | ## Modules @@ -91,6 +91,8 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [build\_args](#input\_build\_args) | A map of Docker build arguments. | `map(string)` | `{}` | no | +| [build\_target](#input\_build\_target) | Set the target build stage to build | `string` | `null` | no | +| [builder](#input\_builder) | The buildx builder to use for the Docker build. | `string` | `null` | no | | [cache\_from](#input\_cache\_from) | List of images to consider as cache sources when building the image. | `list(string)` | `[]` | no | | [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | | [create\_sam\_metadata](#input\_create\_sam\_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index 1bf27a1f..565027f4 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -16,6 +16,8 @@ resource "docker_image" "this" { context = var.source_path dockerfile = var.docker_file_path build_args = var.build_args + builder = var.builder + target = var.build_target platform = var.platform cache_from = var.cache_from } diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf index e153fa7f..110ce554 100644 --- a/modules/docker-build/variables.tf +++ b/modules/docker-build/variables.tf @@ -71,12 +71,24 @@ variable "ecr_repo_tags" { default = {} } +variable "builder" { + description = "The buildx builder to use for the Docker build." + type = string + default = null +} + variable "build_args" { description = "A map of Docker build arguments." type = map(string) default = {} } +variable "build_target" { + description = "Set the target build stage to build" + type = string + default = null +} + variable "ecr_repo_lifecycle_policy" { description = "A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images." type = string diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index 93aadf1a..454fc7ae 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -8,7 +8,7 @@ terraform { } docker = { source = "kreuzwerker/docker" - version = ">= 3.0" + version = ">= 3.5.0" } null = { source = "hashicorp/null" diff --git a/wrappers/docker-build/main.tf b/wrappers/docker-build/main.tf index 7d7614cf..61a99a93 100644 --- a/wrappers/docker-build/main.tf +++ b/wrappers/docker-build/main.tf @@ -4,6 +4,8 @@ module "wrapper" { for_each = var.items build_args = try(each.value.build_args, var.defaults.build_args, {}) + build_target = try(each.value.build_target, var.defaults.build_target, null) + builder = try(each.value.builder, var.defaults.builder, null) cache_from = try(each.value.cache_from, var.defaults.cache_from, []) create_ecr_repo = try(each.value.create_ecr_repo, var.defaults.create_ecr_repo, false) create_sam_metadata = try(each.value.create_sam_metadata, var.defaults.create_sam_metadata, false) diff --git a/wrappers/docker-build/versions.tf b/wrappers/docker-build/versions.tf index 93aadf1a..454fc7ae 100644 --- a/wrappers/docker-build/versions.tf +++ b/wrappers/docker-build/versions.tf @@ -8,7 +8,7 @@ terraform { } docker = { source = "kreuzwerker/docker" - version = ">= 3.0" + version = ">= 3.5.0" } null = { source = "hashicorp/null" From f1f06ed88f567ec75815bd37897d612092e7941c Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 16 May 2025 11:18:51 +0000 Subject: [PATCH 58/70] chore(release): version 7.21.0 [skip ci] ## [7.21.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.3...v7.21.0) (2025-05-16) ### Features * Add buildx and multi-stage build support to docker-build module ([#679](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/679)) ([29893ab](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/29893ab17086b6ec45955f1f5d2f1be4f7cf2285)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c9b1efc..f1a3108c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.21.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.3...v7.21.0) (2025-05-16) + + +### Features + +* Add buildx and multi-stage build support to docker-build module ([#679](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/679)) ([29893ab](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/29893ab17086b6ec45955f1f5d2f1be4f7cf2285)) + ## [7.20.3](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.2...v7.20.3) (2025-05-16) From d5c657c96234b1ee352af418243690c297f3f3b2 Mon Sep 17 00:00:00 2001 From: Vlad Ionescu Date: Thu, 19 Jun 2025 20:38:06 +0300 Subject: [PATCH 59/70] fix: Add .NET 8 runtime example (#685) --- examples/fixtures/runtimes/dotnet8/.gitignore | 484 ++++++++++++++++++ examples/fixtures/runtimes/dotnet8/Program.cs | 16 + .../fixtures/runtimes/dotnet8/Program.csproj | 18 + examples/runtimes/README.md | 4 +- examples/runtimes/checks.tf | 5 +- examples/runtimes/main.tf | 29 ++ examples/runtimes/outputs.tf | 5 + 7 files changed, 558 insertions(+), 3 deletions(-) create mode 100644 examples/fixtures/runtimes/dotnet8/.gitignore create mode 100644 examples/fixtures/runtimes/dotnet8/Program.cs create mode 100644 examples/fixtures/runtimes/dotnet8/Program.csproj diff --git a/examples/fixtures/runtimes/dotnet8/.gitignore b/examples/fixtures/runtimes/dotnet8/.gitignore new file mode 100644 index 00000000..bc78471d --- /dev/null +++ b/examples/fixtures/runtimes/dotnet8/.gitignore @@ -0,0 +1,484 @@ +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. +## +## Get latest from `dotnet new gitignore` + +# dotenv files +.env + +# User-specific files +*.rsuser +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Mono auto generated files +mono_crash.* + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +x64/ +x86/ +[Ww][Ii][Nn]32/ +[Aa][Rr][Mm]/ +[Aa][Rr][Mm]64/ +bld/ +[Bb]in/ +[Oo]bj/ +[Ll]og/ +[Ll]ogs/ + +# Visual Studio 2015/2017 cache/options directory +.vs/ +# Uncomment if you have tasks that create the project's static files in wwwroot +#wwwroot/ + +# Visual Studio 2017 auto generated files +Generated\ Files/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUnit +*.VisualState.xml +TestResult.xml +nunit-*.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# Benchmark Results +BenchmarkDotNet.Artifacts/ + +# .NET +project.lock.json +project.fragment.lock.json +artifacts/ + +# Tye +.tye/ + +# ASP.NET Scaffolding +ScaffoldingReadMe.txt + +# StyleCop +StyleCopReport.xml + +# Files built by Visual Studio +*_i.c +*_p.c +*_h.h +*.ilk +*.meta +*.obj +*.iobj +*.pch +*.pdb +*.ipdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*_wpftmp.csproj +*.log +*.tlog +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opendb +*.opensdf +*.sdf +*.cachefile +*.VC.db +*.VC.VC.opendb + +# Visual Studio profiler +*.psess +*.vsp +*.vspx +*.sap + +# Visual Studio Trace Files +*.e2e + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# AxoCover is a Code Coverage Tool +.axoCover/* +!.axoCover/settings.json + +# Coverlet is a free, cross platform Code Coverage Tool +coverage*.json +coverage*.xml +coverage*.info + +# Visual Studio code coverage results +*.coverage +*.coveragexml + +# NCrunch +_NCrunch_* +.*crunch*.local.xml +nCrunchTemp_* + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml +# Note: Comment the next line if you want to checkin your web deploy settings, +# but database connection strings (with potential passwords) will be unencrypted +*.pubxml +*.publishproj + +# Microsoft Azure Web App publish settings. Comment the next line if you want to +# checkin your Azure Web App publish settings, but sensitive information contained +# in these scripts will be unencrypted +PublishScripts/ + +# NuGet Packages +*.nupkg +# NuGet Symbol Packages +*.snupkg +# The packages folder can be ignored because of Package Restore +**/[Pp]ackages/* +# except build/, which is used as an MSBuild target. +!**/[Pp]ackages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/[Pp]ackages/repositories.config +# NuGet v3's project.json files produces more ignorable files +*.nuget.props +*.nuget.targets + +# Microsoft Azure Build Output +csx/ +*.build.csdef + +# Microsoft Azure Emulator +ecf/ +rcf/ + +# Windows Store app package directories and files +AppPackages/ +BundleArtifacts/ +Package.StoreAssociation.xml +_pkginfo.txt +*.appx +*.appxbundle +*.appxupload + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!?*.[Cc]ache/ + +# Others +ClientBin/ +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.jfm +*.pfx +*.publishsettings +orleans.codegen.cs + +# Including strong name files can present a security risk +# (https://github.com/github/gitignore/pull/2483#issue-259490424) +#*.snk + +# Since there are multiple workflows, uncomment next line to ignore bower_components +# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) +#bower_components/ + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm +ServiceFabricBackup/ +*.rptproj.bak + +# SQL Server files +*.mdf +*.ldf +*.ndf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings +*.rptproj.rsuser +*- [Bb]ackup.rdl +*- [Bb]ackup ([0-9]).rdl +*- [Bb]ackup ([0-9][0-9]).rdl + +# Microsoft Fakes +FakesAssemblies/ + +# GhostDoc plugin setting file +*.GhostDoc.xml + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat +node_modules/ + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt + +# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) +*.vbw + +# Visual Studio 6 auto-generated project file (contains which files were open etc.) +*.vbp + +# Visual Studio 6 workspace and project file (working project files containing files to include in project) +*.dsw +*.dsp + +# Visual Studio 6 technical files +*.ncb +*.aps + +# Visual Studio LightSwitch build output +**/*.HTMLClient/GeneratedArtifacts +**/*.DesktopClient/GeneratedArtifacts +**/*.DesktopClient/ModelManifest.xml +**/*.Server/GeneratedArtifacts +**/*.Server/ModelManifest.xml +_Pvt_Extensions + +# Paket dependency manager +.paket/paket.exe +paket-files/ + +# FAKE - F# Make +.fake/ + +# CodeRush personal settings +.cr/personal + +# Python Tools for Visual Studio (PTVS) +__pycache__/ +*.pyc + +# Cake - Uncomment if you are using it +# tools/** +# !tools/packages.config + +# Tabs Studio +*.tss + +# Telerik's JustMock configuration file +*.jmconfig + +# BizTalk build output +*.btp.cs +*.btm.cs +*.odx.cs +*.xsd.cs + +# OpenCover UI analysis results +OpenCover/ + +# Azure Stream Analytics local run output +ASALocalRun/ + +# MSBuild Binary and Structured Log +*.binlog + +# NVidia Nsight GPU debugger configuration file +*.nvuser + +# MFractors (Xamarin productivity tool) working folder +.mfractor/ + +# Local History for Visual Studio +.localhistory/ + +# Visual Studio History (VSHistory) files +.vshistory/ + +# BeatPulse healthcheck temp database +healthchecksdb + +# Backup folder for Package Reference Convert tool in Visual Studio 2017 +MigrationBackup/ + +# Ionide (cross platform F# VS Code tools) working folder +.ionide/ + +# Fody - auto-generated XML schema +FodyWeavers.xsd + +# VS Code files for those working on multiple tools +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +*.code-workspace + +# Local History for Visual Studio Code +.history/ + +# Windows Installer files from build outputs +*.cab +*.msi +*.msix +*.msm +*.msp + +# JetBrains Rider +*.sln.iml +.idea/ + +## +## Visual studio for Mac +## + + +# globs +Makefile.in +*.userprefs +*.usertasks +config.make +config.status +aclocal.m4 +install-sh +autom4te.cache/ +*.tar.gz +tarballs/ +test-results/ + +# Mac bundle stuff +*.dmg +*.app + +# content below from: https://github.com/github/gitignore/blob/main/Global/macOS.gitignore +# General +.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon + + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +# content below from: https://github.com/github/gitignore/blob/main/Global/Windows.gitignore +# Windows thumbnail cache files +Thumbs.db +ehthumbs.db +ehthumbs_vista.db + +# Dump file +*.stackdump + +# Folder config file +[Dd]esktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msix +*.msm +*.msp + +# Windows shortcuts +*.lnk + +# Vim temporary swap files +*.swp diff --git a/examples/fixtures/runtimes/dotnet8/Program.cs b/examples/fixtures/runtimes/dotnet8/Program.cs new file mode 100644 index 00000000..0b1448d7 --- /dev/null +++ b/examples/fixtures/runtimes/dotnet8/Program.cs @@ -0,0 +1,16 @@ +using System.Text.Json; +using Amazon.Lambda.Core; +using Amazon.Lambda.RuntimeSupport; +using Amazon.Lambda.Serialization.SystemTextJson; + +[assembly: LambdaSerializer(typeof(DefaultLambdaJsonSerializer))] + +var handler = (JsonElement input, ILambdaContext context) => +{ + context.Logger.LogInformation($"Processing input: {input}"); + return "Hello from serverless.tf!!!"; +}; + +await LambdaBootstrapBuilder.Create(handler, new DefaultLambdaJsonSerializer()) + .Build() + .RunAsync(); diff --git a/examples/fixtures/runtimes/dotnet8/Program.csproj b/examples/fixtures/runtimes/dotnet8/Program.csproj new file mode 100644 index 00000000..a1f71466 --- /dev/null +++ b/examples/fixtures/runtimes/dotnet8/Program.csproj @@ -0,0 +1,18 @@ + + + net8.0 + bootstrap + Exe + true + false + enable + enable + true + + + + + + + + diff --git a/examples/runtimes/README.md b/examples/runtimes/README.md index 9e67eeb7..fde279e2 100644 --- a/examples/runtimes/README.md +++ b/examples/runtimes/README.md @@ -1,6 +1,6 @@ # Runtimes Examples -Configuration in this directory creates deployment packages for [various runtimes and programming languages (Rust, Go, Java)](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). +Configuration in this directory creates deployment packages for [various runtimes and programming languages (Rust, Go, Java, .NET)](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). Each runtime is executable by calling created Lambda Functions at the end. @@ -40,6 +40,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| +| [dotnet8\_lambda\_function](#module\_dotnet8\_lambda\_function) | ../../ | n/a | | [go\_lambda\_function](#module\_go\_lambda\_function) | ../../ | n/a | | [java21\_lambda\_function](#module\_java21\_lambda\_function) | ../../ | n/a | | [rust\_lambda\_function](#module\_rust\_lambda\_function) | ../../ | n/a | @@ -60,6 +61,7 @@ No inputs. | Name | Description | |------|-------------| +| [dotnet8\_lambda\_function\_url](#output\_dotnet8\_lambda\_function\_url) | The URL of the Lambda Function in .NET 8 | | [go\_lambda\_function\_url](#output\_go\_lambda\_function\_url) | The URL of the Lambda Function in Go | | [java21\_lambda\_function\_arn](#output\_java21\_lambda\_function\_arn) | The ARN of the Lambda Function in Java 21 | | [lambda\_function\_result](#output\_lambda\_function\_result) | The results of the Lambda Function calls | diff --git a/examples/runtimes/checks.tf b/examples/runtimes/checks.tf index cbf0f2b8..ce95562f 100644 --- a/examples/runtimes/checks.tf +++ b/examples/runtimes/checks.tf @@ -4,8 +4,9 @@ locals { data "http" "this" { for_each = { - rust = module.rust_lambda_function.lambda_function_url, - go = module.go_lambda_function.lambda_function_url, + rust = module.rust_lambda_function.lambda_function_url, + go = module.go_lambda_function.lambda_function_url, + dotnet8 = module.dotnet8_lambda_function.lambda_function_url, } url = each.value diff --git a/examples/runtimes/main.tf b/examples/runtimes/main.tf index b9bd61a9..960b0375 100644 --- a/examples/runtimes/main.tf +++ b/examples/runtimes/main.tf @@ -93,6 +93,35 @@ module "java21_lambda_function" { ] } +module "dotnet8_lambda_function" { + source = "../../" + + function_name = "${random_pet.this.id}-dotnet8" + + attach_cloudwatch_logs_policy = false + cloudwatch_logs_retention_in_days = 1 + + create_lambda_function_url = true + + handler = "bootstrap" + runtime = "dotnet8" + architectures = ["arm64"] # x86_64 (--runtime linux-x64) or arm64 (--runtime linux-arm64) + timeout = 30 + + trigger_on_package_timestamp = false + + source_path = [ + { + path = "${path.module}/../fixtures/runtimes/dotnet8" + commands = [ + "dotnet publish --framework net8.0 --configuration Relesase --runtime linux-arm64 --output ./publish", + "cd publish", + ":zip", + ] + } + ] +} + resource "random_pet" "this" { length = 2 } diff --git a/examples/runtimes/outputs.tf b/examples/runtimes/outputs.tf index 9c12c1d6..f3583367 100644 --- a/examples/runtimes/outputs.tf +++ b/examples/runtimes/outputs.tf @@ -13,6 +13,11 @@ output "java21_lambda_function_arn" { value = module.java21_lambda_function.lambda_function_arn } +output "dotnet8_lambda_function_url" { + description = "The URL of the Lambda Function in .NET 8" + value = module.dotnet8_lambda_function.lambda_function_url +} + output "lambda_function_result" { description = "The results of the Lambda Function calls" value = { for k, v in data.aws_lambda_invocation.this : k => jsondecode(v.result) } From 2fea1c09a7ae0b5b93bdf8af48713ab7f2780f7c Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 19 Jun 2025 17:38:32 +0000 Subject: [PATCH 60/70] chore(release): version 7.21.1 [skip ci] ## [7.21.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.21.0...v7.21.1) (2025-06-19) ### Bug Fixes * Add .NET 8 runtime example ([#685](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/685)) ([d5c657c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/d5c657c96234b1ee352af418243690c297f3f3b2)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f1a3108c..742e6d57 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [7.21.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.21.0...v7.21.1) (2025-06-19) + + +### Bug Fixes + +* Add .NET 8 runtime example ([#685](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/685)) ([d5c657c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/d5c657c96234b1ee352af418243690c297f3f3b2)) + ## [7.21.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.20.3...v7.21.0) (2025-05-16) From 367e9a2c5c7e6a4335fcc7c13c14e54f8e347f9c Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 25 Jun 2025 13:22:21 +0200 Subject: [PATCH 61/70] feat!: Upgrade AWS provider and min required Terraform version to 6.0 and 1.10 respectively (#687) --- .pre-commit-config.yaml | 2 +- README.md | 9 +++++---- examples/alias/README.md | 6 +++--- examples/alias/versions.tf | 4 ++-- examples/async/README.md | 6 +++--- examples/async/versions.tf | 4 ++-- examples/build-package/README.md | 4 ++-- examples/build-package/versions.tf | 4 ++-- examples/code-signing/README.md | 8 ++++---- examples/code-signing/main.tf | 2 +- examples/code-signing/versions.tf | 4 ++-- examples/complete/README.md | 8 ++++---- examples/complete/main.tf | 4 +++- examples/complete/versions.tf | 4 ++-- examples/container-image/README.md | 6 +++--- examples/container-image/main.tf | 2 +- examples/container-image/versions.tf | 4 ++-- examples/deploy/README.md | 6 +++--- examples/deploy/versions.tf | 4 ++-- examples/event-source-mapping/README.md | 6 +++--- examples/event-source-mapping/versions.tf | 4 ++-- examples/multiple-regions/README.md | 8 ++++---- examples/multiple-regions/versions.tf | 4 ++-- examples/runtimes/README.md | 6 +++--- examples/runtimes/versions.tf | 4 ++-- examples/simple-cicd/README.md | 4 ++-- examples/simple-cicd/versions.tf | 4 ++-- examples/simple/README.md | 4 ++-- examples/simple/versions.tf | 4 ++-- examples/triggers/README.md | 6 +++--- examples/triggers/versions.tf | 4 ++-- examples/with-efs/README.md | 6 +++--- examples/with-efs/versions.tf | 4 ++-- examples/with-vpc-s3-endpoint/README.md | 8 ++++---- examples/with-vpc-s3-endpoint/main.tf | 8 ++++---- examples/with-vpc-s3-endpoint/versions.tf | 4 ++-- examples/with-vpc/README.md | 4 ++-- examples/with-vpc/versions.tf | 4 ++-- main.tf | 24 +++++++++++++++++++++++ modules/alias/README.md | 6 +++--- modules/alias/versions.tf | 4 ++-- modules/deploy/README.md | 6 +++--- modules/deploy/versions.tf | 4 ++-- modules/docker-build/README.md | 6 +++--- modules/docker-build/main.tf | 2 +- modules/docker-build/versions.tf | 4 ++-- outputs.tf | 2 +- package.tf | 1 + variables.tf | 20 +++++++++++-------- versions.tf | 4 ++-- wrappers/alias/versions.tf | 4 ++-- wrappers/deploy/versions.tf | 4 ++-- wrappers/docker-build/versions.tf | 4 ++-- wrappers/main.tf | 3 ++- wrappers/versions.tf | 4 ++-- 55 files changed, 161 insertions(+), 128 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b362de29..7b4e83b2 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.98.1 + rev: v1.99.4 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/README.md b/README.md index 10cdbe39..825feb28 100644 --- a/README.md +++ b/README.md @@ -666,8 +666,8 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -676,7 +676,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [external](#provider\_external) | >= 1.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | @@ -824,13 +824,14 @@ No modules. | [policy\_json](#input\_policy\_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | | [policy\_jsons](#input\_policy\_jsons) | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no | | [policy\_name](#input\_policy\_name) | IAM policy name. It override the default value, which is the same as role\_name | `string` | `null` | no | -| [policy\_path](#input\_policy\_path) | Path of policies to that should be added to IAM role for Lambda Function | `string` | `null` | no | | [policy\_statements](#input\_policy\_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no | | [provisioned\_concurrent\_executions](#input\_provisioned\_concurrent\_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no | | [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | | [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | +| [quiet\_archive\_local\_exec](#input\_quiet\_archive\_local\_exec) | Whether to disable archive local execution output | `bool` | `true` | no | | [recreate\_missing\_package](#input\_recreate\_missing\_package) | Whether to recreate missing Lambda package if it is missing locally or not | `bool` | `true` | no | | [recursive\_loop](#input\_recursive\_loop) | Lambda function recursion configuration. Valid values are Allow or Terminate. | `string` | `null` | no | +| [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no | | [replace\_security\_groups\_on\_destroy](#input\_replace\_security\_groups\_on\_destroy) | (Optional) When true, all security groups defined in vpc\_security\_group\_ids will be replaced with the default security group after the function is destroyed. Set the replacement\_security\_group\_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no | | [replacement\_security\_group\_ids](#input\_replacement\_security\_group\_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace\_security\_groups\_on\_destroy must be set to true to use this attribute. | `list(string)` | `null` | no | | [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no | diff --git a/examples/alias/README.md b/examples/alias/README.md index c4037dd6..cb8ce50a 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -19,15 +19,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/async/README.md b/examples/async/README.md index bfc7647b..b2e53fd3 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -19,15 +19,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/async/versions.tf b/examples/async/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/build-package/README.md b/examples/build-package/README.md index d26739dd..8f558bc1 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -21,8 +21,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/code-signing/README.md b/examples/code-signing/README.md index 6d4317d8..dfa7bfac 100644 --- a/examples/code-signing/README.md +++ b/examples/code-signing/README.md @@ -19,15 +19,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -35,7 +35,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| | [lambda](#module\_lambda) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | +| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 | ## Resources diff --git a/examples/code-signing/main.tf b/examples/code-signing/main.tf index b899a401..8b8e9e3e 100644 --- a/examples/code-signing/main.tf +++ b/examples/code-signing/main.tf @@ -93,7 +93,7 @@ resource "random_pet" "this" { module "s3_bucket" { source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 3.0" + version = "~> 5.0" bucket_prefix = "${random_pet.this.id}-" force_destroy = true diff --git a/examples/code-signing/versions.tf b/examples/code-signing/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/code-signing/versions.tf +++ b/examples/code-signing/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/complete/README.md b/examples/complete/README.md index edebc13a..ee0b620e 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -20,15 +20,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -49,7 +49,7 @@ Note that this example may create resources which cost money. Run `terraform des | [lambda\_layer\_with\_package\_deploying\_externally](#module\_lambda\_layer\_with\_package\_deploying\_externally) | ../../ | n/a | | [lambda\_with\_mixed\_trusted\_entities](#module\_lambda\_with\_mixed\_trusted\_entities) | ../../ | n/a | | [lambda\_with\_provisioned\_concurrency](#module\_lambda\_with\_provisioned\_concurrency) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | +| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 | ## Resources diff --git a/examples/complete/main.tf b/examples/complete/main.tf index d0ae09c8..356d9f3e 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -352,6 +352,8 @@ module "lambda_function_for_each" { for_each = toset(["dev", "staging", "prod"]) + region = "us-east-1" + function_name = "my-${each.value}" description = "My awesome lambda function" handler = "index.lambda_handler" @@ -459,7 +461,7 @@ resource "random_pet" "this" { module "s3_bucket" { source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 3.0" + version = "~> 5.0" bucket_prefix = "${random_pet.this.id}-" force_destroy = true diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/container-image/README.md b/examples/container-image/README.md index 3a0a4f47..ecc3e4d3 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [docker](#requirement\_docker) | >= 3.0 | | [random](#requirement\_random) | >= 2.0 | @@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/container-image/main.tf b/examples/container-image/main.tf index 4db21302..9e0ee33d 100644 --- a/examples/container-image/main.tf +++ b/examples/container-image/main.tf @@ -26,7 +26,7 @@ provider "aws" { provider "docker" { registry_auth { - address = format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.name) + address = format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.region) username = data.aws_ecr_authorization_token.token.user_name password = data.aws_ecr_authorization_token.token.password } diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index 5b04c7cd..ea997b2d 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } docker = { source = "kreuzwerker/docker" diff --git a/examples/deploy/README.md b/examples/deploy/README.md index 86d5e5a5..0e1b52db 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -19,15 +19,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md index 60c28525..5575a9ca 100644 --- a/examples/event-source-mapping/README.md +++ b/examples/event-source-mapping/README.md @@ -19,15 +19,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 7c09e0b0..4340822a 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -20,16 +20,16 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | -| [aws.us-east-1](#provider\_aws.us-east-1) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | +| [aws.us-east-1](#provider\_aws.us-east-1) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/runtimes/README.md b/examples/runtimes/README.md index fde279e2..58660bc1 100644 --- a/examples/runtimes/README.md +++ b/examples/runtimes/README.md @@ -23,8 +23,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.2 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [http](#requirement\_http) | >= 3.0 | | [random](#requirement\_random) | >= 3.0 | @@ -32,7 +32,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [http](#provider\_http) | >= 3.0 | | [random](#provider\_random) | >= 3.0 | diff --git a/examples/runtimes/versions.tf b/examples/runtimes/versions.tf index 6c4e77fa..1ef908d3 100644 --- a/examples/runtimes/versions.tf +++ b/examples/runtimes/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.2" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/simple-cicd/README.md b/examples/simple-cicd/README.md index 2edb2e51..c2b31ea5 100644 --- a/examples/simple-cicd/README.md +++ b/examples/simple-cicd/README.md @@ -21,8 +21,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/simple-cicd/versions.tf b/examples/simple-cicd/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/simple-cicd/versions.tf +++ b/examples/simple-cicd/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/simple/README.md b/examples/simple/README.md index bee54ded..5277ac26 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/triggers/README.md b/examples/triggers/README.md index c6a6fde9..a3cd6a62 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -20,15 +20,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/triggers/versions.tf b/examples/triggers/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/triggers/versions.tf +++ b/examples/triggers/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index 742816ba..b8d43ac6 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -20,15 +20,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index 60a93661..8d12d182 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -21,15 +21,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 3.4 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.79 | +| [aws](#provider\_aws) | >= 6.0 | | [random](#provider\_random) | >= 3.4 | ## Modules @@ -38,7 +38,7 @@ Note that this example may create resources which cost money. Run `terraform des |------|--------|---------| | [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.0 | | [lambda\_s3\_write](#module\_lambda\_s3\_write) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | +| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 | | [security\_group\_lambda](#module\_security\_group\_lambda) | terraform-aws-modules/security-group/aws | ~> 4.0 | | [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | | [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | ~> 5.0 | diff --git a/examples/with-vpc-s3-endpoint/main.tf b/examples/with-vpc-s3-endpoint/main.tf index 50faeb21..29de6eba 100644 --- a/examples/with-vpc-s3-endpoint/main.tf +++ b/examples/with-vpc-s3-endpoint/main.tf @@ -26,7 +26,7 @@ module "lambda_s3_write" { environment_variables = { BUCKET_NAME = module.s3_bucket.s3_bucket_id - REGION_NAME = data.aws_region.current.name + REGION_NAME = data.aws_region.current.region } # Let the module create a role for us @@ -54,7 +54,7 @@ resource "random_pet" "this" { } data "aws_ec2_managed_prefix_list" "this" { - name = "com.amazonaws.${data.aws_region.current.name}.s3" + name = "com.amazonaws.${data.aws_region.current.region}.s3" } module "vpc" { @@ -64,7 +64,7 @@ module "vpc" { name = random_pet.this.id cidr = "10.0.0.0/16" - azs = ["${data.aws_region.current.name}a", "${data.aws_region.current.name}b", "${data.aws_region.current.name}c"] + azs = ["${data.aws_region.current.region}a", "${data.aws_region.current.region}b", "${data.aws_region.current.region}c"] # Intra subnets are designed to have no Internet access via NAT Gateway. intra_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] @@ -160,7 +160,7 @@ module "kms" { module "s3_bucket" { source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 3.0" + version = "~> 5.0" bucket_prefix = "${random_pet.this.id}-" force_destroy = true diff --git a/examples/with-vpc-s3-endpoint/versions.tf b/examples/with-vpc-s3-endpoint/versions.tf index 7a4d860b..9344b2c9 100644 --- a/examples/with-vpc-s3-endpoint/versions.tf +++ b/examples/with-vpc-s3-endpoint/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index a29f0bb3..0a3bf423 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -21,8 +21,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.79 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index 5cf868aa..9af58496 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } random = { source = "hashicorp/random" diff --git a/main.tf b/main.tf index c67f1bbb..cc7d011a 100644 --- a/main.tf +++ b/main.tf @@ -24,6 +24,8 @@ locals { resource "aws_lambda_function" "this" { count = local.create && var.create_function && !var.create_layer ? 1 : 0 + region = var.region + function_name = var.function_name description = var.description role = var.create_role ? aws_iam_role.lambda[0].arn : var.lambda_role @@ -170,6 +172,8 @@ resource "aws_lambda_function" "this" { resource "aws_lambda_layer_version" "this" { count = local.create && var.create_layer ? 1 : 0 + region = var.region + layer_name = var.layer_name description = var.description license_info = var.license_info @@ -191,6 +195,8 @@ resource "aws_lambda_layer_version" "this" { resource "aws_s3_object" "lambda_package" { count = local.create && var.store_on_s3 && var.create_package ? 1 : 0 + region = var.region + bucket = var.s3_bucket acl = var.s3_acl key = local.s3_key @@ -218,12 +224,16 @@ resource "aws_s3_object" "lambda_package" { data "aws_cloudwatch_log_group" "lambda" { count = local.create && var.create_function && !var.create_layer && var.use_existing_cloudwatch_log_group ? 1 : 0 + region = var.region + name = coalesce(var.logging_log_group, "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}") } resource "aws_cloudwatch_log_group" "lambda" { count = local.create && var.create_function && !var.create_layer && !var.use_existing_cloudwatch_log_group ? 1 : 0 + region = var.region + name = coalesce(var.logging_log_group, "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}") retention_in_days = var.cloudwatch_logs_retention_in_days kms_key_id = var.cloudwatch_logs_kms_key_id @@ -236,6 +246,8 @@ resource "aws_cloudwatch_log_group" "lambda" { resource "aws_lambda_provisioned_concurrency_config" "current_version" { count = local.create && var.create_function && !var.create_layer && var.provisioned_concurrent_executions > -1 ? 1 : 0 + region = var.region + function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version @@ -249,6 +261,8 @@ locals { resource "aws_lambda_function_event_invoke_config" "this" { for_each = { for k, v in local.qualifiers : k => v if v != null && local.create && var.create_function && !var.create_layer && var.create_async_event_config } + region = var.region + function_name = aws_lambda_function.this[0].function_name qualifier = each.key == "current_version" ? aws_lambda_function.this[0].version : null @@ -278,6 +292,8 @@ resource "aws_lambda_function_event_invoke_config" "this" { resource "aws_lambda_permission" "current_version_triggers" { for_each = { for k, v in var.allowed_triggers : k => v if local.create && var.create_function && !var.create_layer && var.create_current_version_allowed_triggers } + region = var.region + function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version @@ -299,6 +315,8 @@ resource "aws_lambda_permission" "current_version_triggers" { resource "aws_lambda_permission" "unqualified_alias_triggers" { for_each = { for k, v in var.allowed_triggers : k => v if local.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers } + region = var.region + function_name = aws_lambda_function.this[0].function_name statement_id_prefix = try(each.value.statement_id, each.key) @@ -318,6 +336,8 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" { resource "aws_lambda_event_source_mapping" "this" { for_each = { for k, v in var.event_source_mapping : k => v if local.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers } + region = var.region + function_name = aws_lambda_function.this[0].arn event_source_arn = try(each.value.event_source_arn, null) @@ -427,6 +447,8 @@ resource "aws_lambda_event_source_mapping" "this" { resource "aws_lambda_function_url" "this" { count = local.create && var.create_function && !var.create_layer && var.create_lambda_function_url ? 1 : 0 + region = var.region + function_name = aws_lambda_function.this[0].function_name # Error: error creating Lambda Function URL: ValidationException @@ -451,6 +473,8 @@ resource "aws_lambda_function_url" "this" { resource "aws_lambda_function_recursion_config" "this" { count = local.create && var.create_function && !var.create_layer && var.recursive_loop == "Allow" ? 1 : 0 + region = var.region + function_name = aws_lambda_function.this[0].function_name recursive_loop = var.recursive_loop } diff --git a/modules/alias/README.md b/modules/alias/README.md index 4d1871d3..837f8552 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -115,14 +115,14 @@ module "lambda" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.9 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.9 | +| [aws](#provider\_aws) | >= 6.0 | ## Modules diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index dbc484ad..f648e20c 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.9" + version = ">= 6.0" } } } diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 3addc40b..7840572e 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -100,8 +100,8 @@ module "lambda" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 3.35 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | @@ -109,7 +109,7 @@ module "lambda" { | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.35 | +| [aws](#provider\_aws) | >= 6.0 | | [local](#provider\_local) | >= 1.0 | | [null](#provider\_null) | >= 2.0 | diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index 5a82f93b..e7881b92 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.35" + version = ">= 6.0" } local = { source = "hashicorp/local" diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 17e6c972..61476b07 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -57,8 +57,8 @@ module "docker_image" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.22 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.0 | | [docker](#requirement\_docker) | >= 3.5.0 | | [null](#requirement\_null) | >= 2.0 | @@ -66,7 +66,7 @@ module "docker_image" { | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.22 | +| [aws](#provider\_aws) | >= 6.0 | | [docker](#provider\_docker) | >= 3.5.0 | | [null](#provider\_null) | >= 2.0 | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index 565027f4..559060cb 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -3,7 +3,7 @@ data "aws_region" "current" {} data "aws_caller_identity" "this" {} locals { - ecr_address = coalesce(var.ecr_address, format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.name)) + ecr_address = coalesce(var.ecr_address, format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.region)) ecr_repo = var.create_ecr_repo ? aws_ecr_repository.this[0].id : var.ecr_repo image_tag = var.use_image_tag ? coalesce(var.image_tag, formatdate("YYYYMMDDhhmmss", timestamp())) : null ecr_image_name = var.use_image_tag ? format("%v/%v:%v", local.ecr_address, local.ecr_repo, local.image_tag) : format("%v/%v", local.ecr_address, local.ecr_repo) diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index 454fc7ae..8b20e477 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.22" + version = ">= 6.0" } docker = { source = "kreuzwerker/docker" diff --git a/outputs.tf b/outputs.tf index 29c47fe1..93624833 100644 --- a/outputs.tf +++ b/outputs.tf @@ -6,7 +6,7 @@ output "lambda_function_arn" { output "lambda_function_arn_static" { description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" - value = local.create && var.create_function && !var.create_layer ? "arn:${data.aws_partition.current.partition}:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:${var.function_name}" : "" + value = local.create && var.create_function && !var.create_layer ? "arn:${data.aws_partition.current.partition}:lambda:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:function:${var.function_name}" : "" } output "lambda_function_invoke_arn" { diff --git a/package.tf b/package.tf index bbff086c..7f761ef9 100644 --- a/package.tf +++ b/package.tf @@ -70,6 +70,7 @@ resource "null_resource" "archive" { "--timestamp", data.external.archive_prepare[0].result.timestamp ] command = data.external.archive_prepare[0].result.build_plan_filename + quiet = var.quiet_archive_local_exec } depends_on = [local_file.archive_plan] diff --git a/variables.tf b/variables.tf index c71f68ae..6ea454f6 100644 --- a/variables.tf +++ b/variables.tf @@ -46,6 +46,12 @@ variable "putin_khuylo" { default = true } +variable "region" { + description = "Region where the resource(s) will be managed. Defaults to the region set in the provider configuration" + type = string + default = null +} + ########### # Function ########### @@ -584,14 +590,6 @@ variable "attach_policies" { default = false } -# TODO: DEPRECATED: Remove this variable in the next major version -# tflint-ignore: all -variable "policy_path" { - description = "Path of policies to that should be added to IAM role for Lambda Function" - type = string - default = null -} - variable "number_of_policy_jsons" { description = "Number of policies JSON to attach to IAM role for Lambda Function" type = number @@ -806,6 +804,12 @@ variable "trigger_on_package_timestamp" { default = true } +variable "quiet_archive_local_exec" { + description = "Whether to disable archive local execution output" + type = bool + default = true +} + ############################################ # Lambda Advanced Logging Settings ############################################ diff --git a/versions.tf b/versions.tf index bf462c65..a80f6eb3 100644 --- a/versions.tf +++ b/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } external = { source = "hashicorp/external" diff --git a/wrappers/alias/versions.tf b/wrappers/alias/versions.tf index dbc484ad..f648e20c 100644 --- a/wrappers/alias/versions.tf +++ b/wrappers/alias/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.9" + version = ">= 6.0" } } } diff --git a/wrappers/deploy/versions.tf b/wrappers/deploy/versions.tf index 5a82f93b..e7881b92 100644 --- a/wrappers/deploy/versions.tf +++ b/wrappers/deploy/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.35" + version = ">= 6.0" } local = { source = "hashicorp/local" diff --git a/wrappers/docker-build/versions.tf b/wrappers/docker-build/versions.tf index 454fc7ae..8b20e477 100644 --- a/wrappers/docker-build/versions.tf +++ b/wrappers/docker-build/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.22" + version = ">= 6.0" } docker = { source = "kreuzwerker/docker" diff --git a/wrappers/main.tf b/wrappers/main.tf index 1092b4d3..eb78bb41 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -94,13 +94,14 @@ module "wrapper" { policy_json = try(each.value.policy_json, var.defaults.policy_json, null) policy_jsons = try(each.value.policy_jsons, var.defaults.policy_jsons, []) policy_name = try(each.value.policy_name, var.defaults.policy_name, null) - policy_path = try(each.value.policy_path, var.defaults.policy_path, null) policy_statements = try(each.value.policy_statements, var.defaults.policy_statements, {}) provisioned_concurrent_executions = try(each.value.provisioned_concurrent_executions, var.defaults.provisioned_concurrent_executions, -1) publish = try(each.value.publish, var.defaults.publish, false) putin_khuylo = try(each.value.putin_khuylo, var.defaults.putin_khuylo, true) + quiet_archive_local_exec = try(each.value.quiet_archive_local_exec, var.defaults.quiet_archive_local_exec, true) recreate_missing_package = try(each.value.recreate_missing_package, var.defaults.recreate_missing_package, true) recursive_loop = try(each.value.recursive_loop, var.defaults.recursive_loop, null) + region = try(each.value.region, var.defaults.region, null) replace_security_groups_on_destroy = try(each.value.replace_security_groups_on_destroy, var.defaults.replace_security_groups_on_destroy, null) replacement_security_group_ids = try(each.value.replacement_security_group_ids, var.defaults.replacement_security_group_ids, null) reserved_concurrent_executions = try(each.value.reserved_concurrent_executions, var.defaults.reserved_concurrent_executions, -1) diff --git a/wrappers/versions.tf b/wrappers/versions.tf index bf462c65..a80f6eb3 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.79" + version = ">= 6.0" } external = { source = "hashicorp/external" From 47971243d52b67e44597e6fbcb8811b9ee4f57d0 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 25 Jun 2025 11:22:48 +0000 Subject: [PATCH 62/70] chore(release): version 8.0.0 [skip ci] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## [8.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.21.1...v8.0.0) (2025-06-25) ### ⚠ BREAKING CHANGES * Upgrade AWS provider and min required Terraform version to 6.0 and 1.10 respectively (#687) ### Features * Upgrade AWS provider and min required Terraform version to 6.0 and 1.10 respectively ([#687](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/687)) ([367e9a2](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/367e9a2c5c7e6a4335fcc7c13c14e54f8e347f9c)) --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 742e6d57..66963786 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ All notable changes to this project will be documented in this file. +## [8.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.21.1...v8.0.0) (2025-06-25) + + +### ⚠ BREAKING CHANGES + +* Upgrade AWS provider and min required Terraform version to 6.0 and 1.10 respectively (#687) + +### Features + +* Upgrade AWS provider and min required Terraform version to 6.0 and 1.10 respectively ([#687](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/687)) ([367e9a2](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/367e9a2c5c7e6a4335fcc7c13c14e54f8e347f9c)) + ## [7.21.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.21.0...v7.21.1) (2025-06-19) From ab606514be095d7ad55ebd920069cb090fa39cd5 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 25 Jun 2025 19:18:36 +0200 Subject: [PATCH 63/70] fix: Lower minimum Terraform version to 1.5.7 (#688) --- README.md | 2 +- examples/alias/README.md | 2 +- examples/alias/versions.tf | 2 +- examples/async/README.md | 2 +- examples/async/versions.tf | 2 +- examples/build-package/README.md | 2 +- examples/build-package/versions.tf | 2 +- examples/code-signing/README.md | 2 +- examples/code-signing/versions.tf | 2 +- examples/complete/README.md | 2 +- examples/complete/versions.tf | 2 +- examples/container-image/README.md | 2 +- examples/container-image/versions.tf | 2 +- examples/deploy/README.md | 2 +- examples/deploy/versions.tf | 2 +- examples/event-source-mapping/README.md | 2 +- examples/event-source-mapping/versions.tf | 2 +- examples/multiple-regions/README.md | 2 +- examples/multiple-regions/versions.tf | 2 +- examples/runtimes/README.md | 2 +- examples/runtimes/versions.tf | 2 +- examples/simple-cicd/README.md | 2 +- examples/simple-cicd/versions.tf | 2 +- examples/simple/README.md | 2 +- examples/simple/versions.tf | 2 +- examples/triggers/README.md | 2 +- examples/triggers/versions.tf | 2 +- examples/with-efs/README.md | 2 +- examples/with-efs/versions.tf | 2 +- examples/with-vpc-s3-endpoint/README.md | 2 +- examples/with-vpc-s3-endpoint/versions.tf | 2 +- examples/with-vpc/README.md | 2 +- examples/with-vpc/versions.tf | 2 +- modules/alias/README.md | 2 +- modules/alias/versions.tf | 2 +- modules/deploy/README.md | 2 +- modules/deploy/versions.tf | 2 +- modules/docker-build/README.md | 2 +- modules/docker-build/versions.tf | 2 +- versions.tf | 2 +- wrappers/alias/versions.tf | 2 +- wrappers/deploy/versions.tf | 2 +- wrappers/docker-build/versions.tf | 2 +- wrappers/versions.tf | 2 +- 44 files changed, 44 insertions(+), 44 deletions(-) diff --git a/README.md b/README.md index 825feb28..3d045ce0 100644 --- a/README.md +++ b/README.md @@ -666,7 +666,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [external](#requirement\_external) | >= 1.0 | | [local](#requirement\_local) | >= 1.0 | diff --git a/examples/alias/README.md b/examples/alias/README.md index cb8ce50a..6bcb2530 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/alias/versions.tf b/examples/alias/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/alias/versions.tf +++ b/examples/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/async/README.md b/examples/async/README.md index b2e53fd3..3bca0e68 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/async/versions.tf b/examples/async/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/async/versions.tf +++ b/examples/async/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 8f558bc1..7263ca6d 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/build-package/versions.tf b/examples/build-package/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/build-package/versions.tf +++ b/examples/build-package/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/code-signing/README.md b/examples/code-signing/README.md index dfa7bfac..74d1062f 100644 --- a/examples/code-signing/README.md +++ b/examples/code-signing/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/code-signing/versions.tf b/examples/code-signing/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/code-signing/versions.tf +++ b/examples/code-signing/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/complete/README.md b/examples/complete/README.md index ee0b620e..552ea09c 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/container-image/README.md b/examples/container-image/README.md index ecc3e4d3..8c2bf290 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [docker](#requirement\_docker) | >= 3.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf index ea997b2d..dbb8009c 100644 --- a/examples/container-image/versions.tf +++ b/examples/container-image/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/deploy/README.md b/examples/deploy/README.md index 0e1b52db..829a0468 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/deploy/versions.tf b/examples/deploy/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/deploy/versions.tf +++ b/examples/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/event-source-mapping/README.md b/examples/event-source-mapping/README.md index 5575a9ca..49d4fa75 100644 --- a/examples/event-source-mapping/README.md +++ b/examples/event-source-mapping/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/event-source-mapping/versions.tf b/examples/event-source-mapping/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/event-source-mapping/versions.tf +++ b/examples/event-source-mapping/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 4340822a..ed4c573a 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/multiple-regions/versions.tf b/examples/multiple-regions/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/multiple-regions/versions.tf +++ b/examples/multiple-regions/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/runtimes/README.md b/examples/runtimes/README.md index 58660bc1..95a28a08 100644 --- a/examples/runtimes/README.md +++ b/examples/runtimes/README.md @@ -23,7 +23,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [http](#requirement\_http) | >= 3.0 | | [random](#requirement\_random) | >= 3.0 | diff --git a/examples/runtimes/versions.tf b/examples/runtimes/versions.tf index 1ef908d3..36f51034 100644 --- a/examples/runtimes/versions.tf +++ b/examples/runtimes/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/simple-cicd/README.md b/examples/simple-cicd/README.md index c2b31ea5..8afef1be 100644 --- a/examples/simple-cicd/README.md +++ b/examples/simple-cicd/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/simple-cicd/versions.tf b/examples/simple-cicd/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/simple-cicd/versions.tf +++ b/examples/simple-cicd/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/simple/README.md b/examples/simple/README.md index 5277ac26..b9a4f785 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/triggers/README.md b/examples/triggers/README.md index a3cd6a62..aa6fb08f 100644 --- a/examples/triggers/README.md +++ b/examples/triggers/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/triggers/versions.tf b/examples/triggers/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/triggers/versions.tf +++ b/examples/triggers/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index b8d43ac6..ce9cc15e 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/with-efs/versions.tf b/examples/with-efs/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/with-efs/versions.tf +++ b/examples/with-efs/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/with-vpc-s3-endpoint/README.md b/examples/with-vpc-s3-endpoint/README.md index 8d12d182..f84ba32c 100644 --- a/examples/with-vpc-s3-endpoint/README.md +++ b/examples/with-vpc-s3-endpoint/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 3.4 | diff --git a/examples/with-vpc-s3-endpoint/versions.tf b/examples/with-vpc-s3-endpoint/versions.tf index 9344b2c9..7f27783c 100644 --- a/examples/with-vpc-s3-endpoint/versions.tf +++ b/examples/with-vpc-s3-endpoint/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 0a3bf423..e1808811 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [random](#requirement\_random) | >= 2.0 | diff --git a/examples/with-vpc/versions.tf b/examples/with-vpc/versions.tf index 9af58496..d2f4f3e8 100644 --- a/examples/with-vpc/versions.tf +++ b/examples/with-vpc/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/modules/alias/README.md b/modules/alias/README.md index 837f8552..5ee31171 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -115,7 +115,7 @@ module "lambda" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | ## Providers diff --git a/modules/alias/versions.tf b/modules/alias/versions.tf index f648e20c..db13b0a8 100644 --- a/modules/alias/versions.tf +++ b/modules/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 7840572e..b5d535c9 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -100,7 +100,7 @@ module "lambda" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [local](#requirement\_local) | >= 1.0 | | [null](#requirement\_null) | >= 2.0 | diff --git a/modules/deploy/versions.tf b/modules/deploy/versions.tf index e7881b92..ddb64c76 100644 --- a/modules/deploy/versions.tf +++ b/modules/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 61476b07..8d9d8315 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -57,7 +57,7 @@ module "docker_image" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | | [docker](#requirement\_docker) | >= 3.5.0 | | [null](#requirement\_null) | >= 2.0 | diff --git a/modules/docker-build/versions.tf b/modules/docker-build/versions.tf index 8b20e477..b203b635 100644 --- a/modules/docker-build/versions.tf +++ b/modules/docker-build/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/versions.tf b/versions.tf index a80f6eb3..8dea461c 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/wrappers/alias/versions.tf b/wrappers/alias/versions.tf index f648e20c..db13b0a8 100644 --- a/wrappers/alias/versions.tf +++ b/wrappers/alias/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/wrappers/deploy/versions.tf b/wrappers/deploy/versions.tf index e7881b92..ddb64c76 100644 --- a/wrappers/deploy/versions.tf +++ b/wrappers/deploy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/wrappers/docker-build/versions.tf b/wrappers/docker-build/versions.tf index 8b20e477..b203b635 100644 --- a/wrappers/docker-build/versions.tf +++ b/wrappers/docker-build/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { diff --git a/wrappers/versions.tf b/wrappers/versions.tf index a80f6eb3..8dea461c 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10" + required_version = ">= 1.5.7" required_providers { aws = { From a5433c0e08a8cb294c1ede5c45066d4aa9364107 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 25 Jun 2025 17:19:04 +0000 Subject: [PATCH 64/70] chore(release): version 8.0.1 [skip ci] ## [8.0.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.0.0...v8.0.1) (2025-06-25) ### Bug Fixes * Lower minimum Terraform version to 1.5.7 ([#688](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/688)) ([ab60651](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/ab606514be095d7ad55ebd920069cb090fa39cd5)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 66963786..c0f52f38 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [8.0.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.0.0...v8.0.1) (2025-06-25) + + +### Bug Fixes + +* Lower minimum Terraform version to 1.5.7 ([#688](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/688)) ([ab60651](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/ab606514be095d7ad55ebd920069cb090fa39cd5)) + ## [8.0.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v7.21.1...v8.0.0) (2025-06-25) From 5e4391c55605d11ac98655a2fd2d6a8f2583d3b6 Mon Sep 17 00:00:00 2001 From: az-wegift <34541726+az-wegift@users.noreply.github.com> Date: Fri, 22 Aug 2025 12:09:37 +0100 Subject: [PATCH 65/70] feat: Respect the package-lock.json for a NodeJS Lambda function (#681) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Amadeusz Żołnowski Co-authored-by: Anton Babenko <393243+antonbabenko@users.noreply.github.com> --- examples/build-package/README.md | 2 + examples/build-package/main.tf | 26 ++++++ examples/fixtures/nodejs14.x-app2/index.js | 16 ++++ .../nodejs14.x-app2/package-lock.json | 83 +++++++++++++++++++ .../fixtures/nodejs14.x-app2/package.json | 8 ++ package.py | 78 +++++++++++++++-- 6 files changed, 205 insertions(+), 8 deletions(-) create mode 100644 examples/fixtures/nodejs14.x-app2/index.js create mode 100644 examples/fixtures/nodejs14.x-app2/package-lock.json create mode 100644 examples/fixtures/nodejs14.x-app2/package.json diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 7263ca6d..7c354473 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -45,6 +45,7 @@ Note that this example may create resources which cost money. Run `terraform des | [package\_dir\_poetry](#module\_package\_dir\_poetry) | ../../ | n/a | | [package\_dir\_poetry\_no\_docker](#module\_package\_dir\_poetry\_no\_docker) | ../../ | n/a | | [package\_dir\_with\_npm\_install](#module\_package\_dir\_with\_npm\_install) | ../../ | n/a | +| [package\_dir\_with\_npm\_install\_lock\_file](#module\_package\_dir\_with\_npm\_install\_lock\_file) | ../../ | n/a | | [package\_dir\_without\_npm\_install](#module\_package\_dir\_without\_npm\_install) | ../../ | n/a | | [package\_dir\_without\_pip\_install](#module\_package\_dir\_without\_pip\_install) | ../../ | n/a | | [package\_file](#module\_package\_file) | ../../ | n/a | @@ -53,6 +54,7 @@ Note that this example may create resources which cost money. Run `terraform des | [package\_src\_poetry2](#module\_package\_src\_poetry2) | ../../ | n/a | | [package\_with\_commands\_and\_patterns](#module\_package\_with\_commands\_and\_patterns) | ../../ | n/a | | [package\_with\_docker](#module\_package\_with\_docker) | ../../ | n/a | +| [package\_with\_npm\_lock\_in\_docker](#module\_package\_with\_npm\_lock\_in\_docker) | ../../ | n/a | | [package\_with\_npm\_requirements\_in\_docker](#module\_package\_with\_npm\_requirements\_in\_docker) | ../../ | n/a | | [package\_with\_patterns](#module\_package\_with\_patterns) | ../../ | n/a | | [package\_with\_pip\_requirements\_in\_docker](#module\_package\_with\_pip\_requirements\_in\_docker) | ../../ | n/a | diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 2afce855..48f7bc8c 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -365,6 +365,18 @@ module "package_dir_with_npm_install" { source_path = "${path.module}/../fixtures/nodejs14.x-app1" } +# Create zip-archive of a single directory where "npm install" will also be +# executed (default for nodejs runtime). This example has package-lock.json which +# is respected when installing dependencies. +module "package_dir_with_npm_install_lock_file" { + source = "../../" + + create_function = false + + runtime = "nodejs14.x" + source_path = "${path.module}/../fixtures/nodejs14.x-app2" +} + # Create zip-archive of a single directory without running "npm install" (which is the default for nodejs runtime) module "package_dir_without_npm_install" { source = "../../" @@ -393,6 +405,20 @@ module "package_with_npm_requirements_in_docker" { hash_extra = "something-unique-to-not-conflict-with-module.package_dir_with_npm_install" } +# Create zip-archive of a single directory where "npm install" will also be +# executed using docker. This example has package-lock.json which is respected +# when installing dependencies. +module "package_with_npm_lock_in_docker" { + source = "../../" + + create_function = false + + runtime = "nodejs14.x" + source_path = "${path.module}/../fixtures/nodejs14.x-app2" + build_in_docker = true + hash_extra = "something-unique-to-not-conflict-with-module.package_dir_with_npm_install" +} + ################################ # Build package in Docker and # use it to deploy Lambda Layer diff --git a/examples/fixtures/nodejs14.x-app2/index.js b/examples/fixtures/nodejs14.x-app2/index.js new file mode 100644 index 00000000..97968e4a --- /dev/null +++ b/examples/fixtures/nodejs14.x-app2/index.js @@ -0,0 +1,16 @@ +'use strict'; + +module.exports.hello = async (event) => { + console.log(event); + return { + statusCode: 200, + body: JSON.stringify( + { + message: `Go Serverless.tf! Your Nodejs function executed successfully!`, + input: event, + }, + null, + 2 + ), + }; +}; diff --git a/examples/fixtures/nodejs14.x-app2/package-lock.json b/examples/fixtures/nodejs14.x-app2/package-lock.json new file mode 100644 index 00000000..adf88ca6 --- /dev/null +++ b/examples/fixtures/nodejs14.x-app2/package-lock.json @@ -0,0 +1,83 @@ +{ + "name": "nodejs14.x-app1", + "version": "1.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "axo": { + "version": "0.0.2", + "resolved": "https://registry.npmjs.org/axo/-/axo-0.0.2.tgz", + "integrity": "sha512-8CC4Mb+OhK97UEng0PgiqUDNZjzVcWDsV+G2vLYCQn1jEL7y6VqiRVlZlRu+aA/ckSznmNzW6X1I6nj2As/haQ==" + }, + "eventemitter3": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-2.0.3.tgz", + "integrity": "sha512-jLN68Dx5kyFHaePoXWPsCGW5qdyZQtLYHkxkg02/Mz6g0kYpDx4FyP6XfArhQdlOC4b8Mv+EMxPo/8La7Tzghg==" + }, + "extendible": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/extendible/-/extendible-0.1.1.tgz", + "integrity": "sha512-AglckQA0TJV8/ZmhQcNmaaFcFFPXFIoZbfuoQOlGDK7Jh/roWotYzJ7ik1FBBCHBr8n7CgTR8lXXPAN8Rfb7rw==" + }, + "failure": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/failure/-/failure-1.1.1.tgz", + "integrity": "sha512-lzrrk0NUfjVeU3jLmfU01zP5bfg4XVFxHREYGvgJowaCqHLSQtqIGENH/CU+oSs6yfYObdSM7b9UY/3p2VJOSg==" + }, + "hang": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/hang/-/hang-1.0.0.tgz", + "integrity": "sha512-vtBz98Bt/Tbm03cZO5Ymc7ZL8ead/jIx9T5Wg/xuz+9BXPAJNJSdGQW63LoaesogUQKTpHyal339hxTaTf/APg==" + }, + "loads": { + "version": "0.0.4", + "resolved": "https://registry.npmjs.org/loads/-/loads-0.0.4.tgz", + "integrity": "sha512-XjPzzYIHkuMNqYyvh6AECQAHi682nyKO9TMdMYnaz7QbPDI/KIeSIjRhAlXIbRMPYAgtLUYgPlD3mtKZ4Q8SYA==", + "requires": { + "failure": "1.1.x", + "one-time": "0.0.x", + "xhr-response": "1.0.x", + "xhr-status": "1.0.x" + } + }, + "node-http-xhr": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/node-http-xhr/-/node-http-xhr-1.2.1.tgz", + "integrity": "sha512-eRKOQNY8V2BNp/P8A2A+eVwprVFI64ciunsBimQ4WBb1m841vn7ksDRGlmWBCyE/tLRoPwvH/sUig9krKMehwA==" + }, + "one-time": { + "version": "0.0.4", + "resolved": "https://registry.npmjs.org/one-time/-/one-time-0.0.4.tgz", + "integrity": "sha512-qAMrwuk2xLEutlASoiPiAMW3EN3K96Ka/ilSXYr6qR1zSVXw2j7+yDSqGTC4T9apfLYxM3tLLjKvgPdAUK7kYQ==" + }, + "requests": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/requests/-/requests-0.2.1.tgz", + "integrity": "sha512-SlvQm7cl4z285qs5ZrthHjr4TI0Ngb0pzX4jLzSOr7rsA4AlFj+0qhkzF3zKsVBFuU+HseU+iUz4qBA6bV087Q==", + "requires": { + "axo": "0.0.x", + "eventemitter3": "~2.0.2", + "extendible": "0.1.x", + "hang": "1.0.x", + "loads": "0.0.x", + "node-http-xhr": "~1.2.1", + "xhr-send": "1.0.x" + } + }, + "xhr-response": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/xhr-response/-/xhr-response-1.0.1.tgz", + "integrity": "sha512-m2FlVRCl3VqDcpc8UaWZJpwuHpFR2vYeXv6ipXU2Uuu4vNKFYVEFI0emuJN370Fge+JCbiAnS+JJmSoWVmWrjQ==" + }, + "xhr-send": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/xhr-send/-/xhr-send-1.0.0.tgz", + "integrity": "sha512-789EG4qW6Z0nPvG74AV3WWQCnBG5HxJXNiBsnEivZ8OpbvVA0amH0+g+MNT99o5kt/XLdRezm5KS1wJzcGJztw==" + }, + "xhr-status": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/xhr-status/-/xhr-status-1.0.1.tgz", + "integrity": "sha512-VF0WSqtmkf56OmF26LCWsWvRb1a+WYGdHDoQnPPCVUQTM8CVUAOBcUDsm7nP7SQcgEEdrvF4DmhEADuXdGieyw==" + } + } +} diff --git a/examples/fixtures/nodejs14.x-app2/package.json b/examples/fixtures/nodejs14.x-app2/package.json new file mode 100644 index 00000000..b332ac7e --- /dev/null +++ b/examples/fixtures/nodejs14.x-app2/package.json @@ -0,0 +1,8 @@ +{ + "name": "nodejs14.x-app1", + "version": "1.0.0", + "main": "index.js", + "dependencies": { + "requests": "^0.2.0" + } +} diff --git a/package.py b/package.py index 6e19846c..74af6e7c 100644 --- a/package.py +++ b/package.py @@ -733,6 +733,14 @@ def npm_requirements_step(path, prefix=None, required=False, tmp_dir=None): requirements = path if os.path.isdir(path): requirements = os.path.join(path, "package.json") + npm_lock_file = os.path.join(path, "package-lock.json") + else: + npm_lock_file = os.path.join(os.path.dirname(path), "package-lock.json") + + if os.path.isfile(npm_lock_file): + hash(npm_lock_file) + log.info("Added npm lock file: %s", npm_lock_file) + if not os.path.isfile(requirements): if required: raise RuntimeError("File not found: {}".format(requirements)) @@ -1088,7 +1096,7 @@ def install_pip_requirements(query, requirements_file, tmp_dir): ok = True elif docker_file or docker_build_root: raise ValueError( - "docker_image must be specified " "for a custom image future references" + "docker_image must be specified for a custom image future references" ) working_dir = os.getcwd() @@ -1108,7 +1116,7 @@ def install_pip_requirements(query, requirements_file, tmp_dir): elif OSX: # Workaround for OSX when XCode command line tools' # python becomes the main system python interpreter - os_path = "{}:/Library/Developer/CommandLineTools" "/usr/bin".format( + os_path = "{}:/Library/Developer/CommandLineTools/usr/bin".format( os.environ["PATH"] ) subproc_env = os.environ.copy() @@ -1390,14 +1398,15 @@ def install_npm_requirements(query, requirements_file, tmp_dir): ok = True elif docker_file or docker_build_root: raise ValueError( - "docker_image must be specified " "for a custom image future references" + "docker_image must be specified for a custom image future references" ) log.info("Installing npm requirements: %s", requirements_file) with tempdir(tmp_dir) as temp_dir: - requirements_filename = os.path.basename(requirements_file) - target_file = os.path.join(temp_dir, requirements_filename) - shutil.copyfile(requirements_file, target_file) + temp_copy = TemporaryCopy(os.path.dirname(requirements_file), temp_dir, log) + temp_copy.add(os.path.basename(requirements_file)) + temp_copy.add("package-lock.json", required=False) + temp_copy.copy_to_target_dir() subproc_env = None npm_exec = "npm" @@ -1442,10 +1451,63 @@ def install_npm_requirements(query, requirements_file, tmp_dir): "available in system PATH".format(runtime) ) from e - os.remove(target_file) + temp_copy.remove_from_target_dir() yield temp_dir +class TemporaryCopy: + """Temporarily copy files to a specified location and remove them when + not needed. + """ + + def __init__(self, source_dir_path, target_dir_path, logger=None): + """Initialise with a target and a source directories.""" + self.source_dir_path = source_dir_path + self.target_dir_path = target_dir_path + self._filenames = [] + self._logger = logger + + def _make_source_path(self, filename): + return os.path.join(self.source_dir_path, filename) + + def _make_target_path(self, filename): + return os.path.join(self.target_dir_path, filename) + + def add(self, filename, *, required=True): + """Add a file to be copied from from source to target directory + when `TemporaryCopy.copy_to_target_dir()` is called. + + By default, the file must exist in the source directory. Set `required` + to `False` if the file is optional. + """ + if os.path.exists(self._make_source_path(filename)): + self._filenames.append(filename) + elif required: + raise RuntimeError("File not found: {}".format(filename)) + + def copy_to_target_dir(self): + """Copy files (added so far) to the target directory.""" + for filename in self._filenames: + if self._logger: + self._logger.info("Copying temporarily '%s'", filename) + + shutil.copyfile( + self._make_source_path(filename), + self._make_target_path(filename), + ) + + def remove_from_target_dir(self): + """Remove files (added so far) from the target directory.""" + for filename in self._filenames: + if self._logger: + self._logger.info("Removing temporarily copied '%s'", filename) + + try: + os.remove(self._make_target_path(filename)) + except FileNotFoundError: + pass + + def docker_image_id_command(tag): """""" docker_cmd = ["docker", "images", "--format={{.ID}}", tag] @@ -1649,7 +1711,7 @@ def prepare_command(args): timestamp = timestamp_now_ns() was_missing = True else: - timestamp = "" + timestamp = "" # Replace variables in the build command with calculated values. build_data = { From 1c3b16a8d9ee8944ba33f5327bdf011c6639cceb Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 22 Aug 2025 11:10:06 +0000 Subject: [PATCH 66/70] chore(release): version 8.1.0 [skip ci] ## [8.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.0.1...v8.1.0) (2025-08-22) ### Features * Respect the package-lock.json for a NodeJS Lambda function ([#681](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/681)) ([5e4391c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/5e4391c55605d11ac98655a2fd2d6a8f2583d3b6)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0f52f38..7c9c3eeb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [8.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.0.1...v8.1.0) (2025-08-22) + + +### Features + +* Respect the package-lock.json for a NodeJS Lambda function ([#681](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/681)) ([5e4391c](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/5e4391c55605d11ac98655a2fd2d6a8f2583d3b6)) + ## [8.0.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.0.0...v8.0.1) (2025-06-25) From feb456187b3727b6b94562cc39d3cbce509b3d03 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Tue, 21 Oct 2025 03:49:54 -0500 Subject: [PATCH 67/70] fix: Update CI workflow versions to latest (#713) --- .github/workflows/pr-title.yml | 2 +- .github/workflows/pre-commit.yml | 111 ++++++++++++++++++++++----- .github/workflows/release.yml | 22 ++++-- .github/workflows/stale-actions.yaml | 2 +- .gitignore | 10 ++- .pre-commit-config.yaml | 4 +- examples/README.md | 8 ++ 7 files changed, 123 insertions(+), 36 deletions(-) create mode 100644 examples/README.md diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 1e50760e..6419f3aa 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5.5.3 + - uses: amannn/action-semantic-pull-request@v6.1.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index a19ff831..057b9c42 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,8 +7,8 @@ on: - master env: - TERRAFORM_DOCS_VERSION: v0.19.0 - TFLINT_VERSION: v0.53.0 + TERRAFORM_DOCS_VERSION: v0.20.0 + TFLINT_VERSION: v0.59.1 jobs: collectInputs: @@ -18,11 +18,11 @@ jobs: directories: ${{ steps.dirs.outputs.directories }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.9.0 + uses: clowdhaus/terraform-composite-actions/directories@v1.14.0 preCommitMinVersions: name: Min TF pre-commit @@ -32,27 +32,49 @@ jobs: matrix: directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} steps: + - name: Install rmz + uses: jaxxstorm/action-install-gh-release@v2.1.0 + with: + repo: SUPERCILEX/fuc + asset-name: x86_64-unknown-linux-gnu-rmz + rename-to: rmz + chmod: 0755 + extension-matching: disable + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 - - name: Delete huge unnecessary tools folder + - name: Delete unnecessary files run: | - rm -rf /opt/hostedtoolcache/CodeQL - rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk - rm -rf /opt/hostedtoolcache/Ruby - rm -rf /opt/hostedtoolcache/go + formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); } + getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); } + + BEFORE=$(getAvailableSpace) + + ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz + rmz -f /opt/hostedtoolcache/CodeQL & + rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & + rmz -f /opt/hostedtoolcache/PyPy & + rmz -f /opt/hostedtoolcache/Ruby & + rmz -f /opt/hostedtoolcache/go & + + wait + + AFTER=$(getAvailableSpace) + SAVED=$((AFTER-BEFORE)) + echo "=> Saved $(formatByteCount $SAVED)" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.1 + uses: clowdhaus/terraform-min-max@v2.1.0 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -61,7 +83,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -72,26 +94,73 @@ jobs: runs-on: ubuntu-latest needs: collectInputs steps: + - name: Install rmz + uses: jaxxstorm/action-install-gh-release@v2.1.0 + with: + repo: SUPERCILEX/fuc + asset-name: x86_64-unknown-linux-gnu-rmz + rename-to: rmz + chmod: 0755 + extension-matching: disable + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 - - name: Delete huge unnecessary tools folder + - name: Delete unnecessary files run: | - rm -rf /opt/hostedtoolcache/CodeQL - rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk - rm -rf /opt/hostedtoolcache/Ruby - rm -rf /opt/hostedtoolcache/go + formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); } + getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); } + + BEFORE=$(getAvailableSpace) + + ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz + rmz -f /opt/hostedtoolcache/CodeQL & + rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & + rmz -f /opt/hostedtoolcache/PyPy & + rmz -f /opt/hostedtoolcache/Ruby & + rmz -f /opt/hostedtoolcache/go & + sudo rmz -f /usr/local/lib/android & + + if [[ ${{ github.repository }} == terraform-aws-modules/terraform-aws-security-group ]]; then + sudo rmz -f /usr/share/dotnet & + sudo rmz -f /usr/local/.ghcup & + sudo apt-get -qq remove -y 'azure-.*' + sudo apt-get -qq remove -y 'cpp-.*' + sudo apt-get -qq remove -y 'dotnet-runtime-.*' + sudo apt-get -qq remove -y 'google-.*' + sudo apt-get -qq remove -y 'libclang-.*' + sudo apt-get -qq remove -y 'libllvm.*' + sudo apt-get -qq remove -y 'llvm-.*' + sudo apt-get -qq remove -y 'mysql-.*' + sudo apt-get -qq remove -y 'postgresql-.*' + sudo apt-get -qq remove -y 'php.*' + sudo apt-get -qq remove -y 'temurin-.*' + sudo apt-get -qq remove -y kubectl firefox mono-devel + sudo apt-get -qq autoremove -y + sudo apt-get -qq clean + fi + + wait + + AFTER=$(getAvailableSpace) + SAVED=$((AFTER-BEFORE)) + echo "=> Saved $(formatByteCount $SAVED)" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.1 + uses: clowdhaus/terraform-min-max@v2.1.0 + + - name: Hide template dir + # Special to this repo, we don't want to check this dir + if: ${{ github.repository == 'terraform-aws-modules/terraform-aws-security-group' }} + run: rm -rf modules/_templates - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4a942261..e739b790 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,18 +20,26 @@ jobs: if: github.repository_owner == 'terraform-aws-modules' steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: persist-credentials: false fetch-depth: 0 + - name: Set correct Node.js version + uses: actions/setup-node@v6 + with: + node-version: 24 + + - name: Install dependencies + run: | + npm install \ + @semantic-release/changelog@6.0.3 \ + @semantic-release/git@10.0.1 \ + conventional-changelog-conventionalcommits@9.1.0 + - name: Release - uses: cycjimmy/semantic-release-action@v4 + uses: cycjimmy/semantic-release-action@v5 with: - semantic_version: 23.0.2 - extra_plugins: | - @semantic-release/changelog@6.0.3 - @semantic-release/git@10.0.1 - conventional-changelog-conventionalcommits@7.0.2 + semantic_version: 25.0.0 env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml index 6ccd0ed8..3e826dcf 100644 --- a/.github/workflows/stale-actions.yaml +++ b/.github/workflows/stale-actions.yaml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v9 + - uses: actions/stale@v10 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Staling issues and PR's diff --git a/.gitignore b/.gitignore index d5763d01..fd39819e 100644 --- a/.gitignore +++ b/.gitignore @@ -7,7 +7,6 @@ # .tfstate files *.tfstate *.tfstate.* -*.tfplan # Crash log files crash.log @@ -29,9 +28,12 @@ override.tf.json .terraformrc terraform.rc -# Lambda directories +# Lambda build artifacts builds/ __pycache__/ - -# Test directories +*.zip .tox + +# Local editors/macos files +.DS_Store +.idea diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7b4e83b2..991a8bbf 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.99.4 + rev: v1.103.0 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each @@ -24,7 +24,7 @@ repos: - "--args=--only=terraform_workspace_remote" - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v5.0.0 + rev: v6.0.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 00000000..f417c0ad --- /dev/null +++ b/examples/README.md @@ -0,0 +1,8 @@ +# Examples + +Please note - the examples provided serve two primary means: + +1. Show users working examples of the various ways in which the module can be configured and features supported +2. A means of testing/validating module changes + +Please do not mistake the examples provided as "best practices". It is up to users to consult the AWS service documentation for best practices, usage recommendations, etc. From 335289d708271c8db1c44e57f56cd7056a231642 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 21 Oct 2025 08:50:32 +0000 Subject: [PATCH 68/70] chore(release): version 8.1.1 [skip ci] ## [8.1.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.1.0...v8.1.1) (2025-10-21) ### Bug Fixes * Update CI workflow versions to latest ([#713](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/713)) ([feb4561](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/feb456187b3727b6b94562cc39d3cbce509b3d03)) --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c9c3eeb..1d11144a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to this project will be documented in this file. +## [8.1.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.1.0...v8.1.1) (2025-10-21) + +### Bug Fixes + +* Update CI workflow versions to latest ([#713](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/713)) ([feb4561](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/feb456187b3727b6b94562cc39d3cbce509b3d03)) + ## [8.1.0](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.0.1...v8.1.0) (2025-08-22) From bae03859f4b7a389c20e52dcbd5c83d58f1916a8 Mon Sep 17 00:00:00 2001 From: Ryan Ragnell <45602420+ruhrohraggy@users.noreply.github.com> Date: Wed, 22 Oct 2025 14:33:31 -0500 Subject: [PATCH 69/70] fix: Make quiet_archive_local_exec properly suppress Poetry/pip/npm output (#709) Co-authored-by: Ryan Ragnell Co-authored-by: Anton Babenko <393243+antonbabenko@users.noreply.github.com> --- examples/build-package/README.md | 8 +++++ examples/build-package/main.tf | 18 +++++++++++ package.py | 53 +++++++++++++++++++++++++------- package.tf | 1 + 4 files changed, 69 insertions(+), 11 deletions(-) diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 7c354473..1b8701cd 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -2,6 +2,13 @@ Configuration in this directory creates deployment packages in a variety of combinations. +This example demonstrates various packaging scenarios including: +- Python packages with pip requirements +- Poetry-based Python packages +- Node.js packages with npm +- Docker-based builds +- Quiet packaging - suppressing Poetry/pip/npm output during builds using `quiet_archive_local_exec = true` + Look into [Runtimes Examples](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/runtimes) for more ways to build and deploy AWS Lambda Functions using supported runtimes (Rust, Go, Java). ## Usage @@ -44,6 +51,7 @@ Note that this example may create resources which cost money. Run `terraform des | [package\_dir\_pip\_dir](#module\_package\_dir\_pip\_dir) | ../../ | n/a | | [package\_dir\_poetry](#module\_package\_dir\_poetry) | ../../ | n/a | | [package\_dir\_poetry\_no\_docker](#module\_package\_dir\_poetry\_no\_docker) | ../../ | n/a | +| [package\_dir\_poetry\_quiet](#module\_package\_dir\_poetry\_quiet) | ../../ | n/a | | [package\_dir\_with\_npm\_install](#module\_package\_dir\_with\_npm\_install) | ../../ | n/a | | [package\_dir\_with\_npm\_install\_lock\_file](#module\_package\_dir\_with\_npm\_install\_lock\_file) | ../../ | n/a | | [package\_dir\_without\_npm\_install](#module\_package\_dir\_without\_npm\_install) | ../../ | n/a | diff --git a/examples/build-package/main.tf b/examples/build-package/main.tf index 48f7bc8c..ec843b68 100644 --- a/examples/build-package/main.tf +++ b/examples/build-package/main.tf @@ -119,6 +119,24 @@ module "package_dir_poetry_no_docker" { artifacts_dir = "${path.root}/builds/package_dir_poetry/" } +# Create zip-archive with Poetry dependencies and demonstrate quiet packaging output +module "package_dir_poetry_quiet" { + source = "../../" + + create_function = false + + runtime = "python3.12" + + source_path = [ + { + path = "${path.module}/../fixtures/python-app-poetry" + poetry_install = true + } + ] + artifacts_dir = "${path.root}/builds/package_dir_poetry_quiet/" + quiet_archive_local_exec = true # Suppress Poetry/pip output during packaging +} + # Create zip-archive of a single directory without running "pip install" (which is default for python runtime) module "package_dir_without_pip_install" { source = "../../" diff --git a/package.py b/package.py index 74af6e7c..3261a282 100644 --- a/package.py +++ b/package.py @@ -293,9 +293,11 @@ def __init__( compress_type=zipfile.ZIP_DEFLATED, compresslevel=None, timestamp=None, + quiet=False, ): self.timestamp = timestamp self.filename = zip_filename + self.quiet = quiet if not (self.filename and isinstance(self.filename, str)): raise ValueError("Zip file path must be provided") @@ -312,7 +314,8 @@ def open(self): raise zipfile.BadZipFile("ZipStream object can't be reused") self._ensure_base_path(self.filename) self._tmp_filename = "{}.tmp".format(self.filename) - self._log.info("creating '%s' archive", self.filename) + if not self.quiet: + self._log.info("creating '%s' archive", self.filename) self._zip = zipfile.ZipFile(self._tmp_filename, "w", self._compress_type) return self @@ -356,7 +359,8 @@ def write_dirs(self, *base_dirs, prefix=None, timestamp=None): """ self._ensure_open() for base_dir in base_dirs: - self._log.info("adding content of directory: %s", base_dir) + if not self.quiet: + self._log.info("adding content of directory: %s", base_dir) for path in emit_dir_content(base_dir): arcname = os.path.relpath(path, base_dir) self._write_file(path, prefix, arcname, timestamp) @@ -382,10 +386,11 @@ def _write_file(self, file_path, prefix=None, name=None, timestamp=None): if prefix: arcname = os.path.join(prefix, arcname) zinfo = self._make_zinfo_from_file(file_path, arcname) - if zinfo.is_dir(): - self._log.info("adding: %s/", arcname) - else: - self._log.info("adding: %s", arcname) + if not self.quiet: + if zinfo.is_dir(): + self._log.info("adding: %s/", arcname) + else: + self._log.info("adding: %s", arcname) if timestamp is None: timestamp = self.timestamp date_time = self._timestamp_to_date_time(timestamp) @@ -1170,7 +1175,15 @@ def install_pip_requirements(query, requirements_file, tmp_dir): cmd_log.info(shlex_join(pip_command)) log_handler and log_handler.flush() try: - check_call(pip_command, env=subproc_env) + if query.quiet: + check_call( + pip_command, + env=subproc_env, + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL, + ) + else: + check_call(pip_command, env=subproc_env) except FileNotFoundError as e: raise RuntimeError( "Python interpreter version equal " @@ -1346,7 +1359,15 @@ def copy_file_to_target(file, temp_dir): cmd_log.info(poetry_commands) log_handler and log_handler.flush() for poetry_command in poetry_commands: - check_call(poetry_command, env=subproc_env) + if query.quiet: + check_call( + poetry_command, + env=subproc_env, + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL, + ) + else: + check_call(poetry_command, env=subproc_env) os.remove(pyproject_target_file) if poetry_lock_target_file: @@ -1443,7 +1464,15 @@ def install_npm_requirements(query, requirements_file, tmp_dir): cmd_log.info(shlex_join(npm_command)) log_handler and log_handler.flush() try: - check_call(npm_command, env=subproc_env) + if query.quiet: + check_call( + npm_command, + env=subproc_env, + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL, + ) + else: + check_call(npm_command, env=subproc_env) except FileNotFoundError as e: raise RuntimeError( "Nodejs interpreter version equal " @@ -1719,6 +1748,7 @@ def prepare_command(args): "runtime": runtime, "artifacts_dir": artifacts_dir, "build_plan": build_plan, + "quiet": query.quiet, } if docker: build_data["docker"] = docker @@ -1778,12 +1808,13 @@ def build_command(args): # Zip up the build plan and write it to the target filename. # This will be used by the Lambda function as the source code package. - with ZipWriteStream(filename) as zs: + with ZipWriteStream(filename, quiet=getattr(query, "quiet", False)) as zs: bpm = BuildPlanManager(args, log=log) bpm.execute(build_plan, zs, query) os.utime(filename, ns=(timestamp, timestamp)) - log.info("Created: %s", shlex.quote(filename)) + if not getattr(query, "quiet", False): + log.info("Created: %s", shlex.quote(filename)) if log.isEnabledFor(logging.DEBUG): with open(filename, "rb") as f: log.info("Base64sha256: %s", source_code_hash(f.read())) diff --git a/package.tf b/package.tf index 7f761ef9..99078600 100644 --- a/package.tf +++ b/package.tf @@ -40,6 +40,7 @@ data "external" "archive_prepare" { ) recreate_missing_package = var.recreate_missing_package + quiet = var.quiet_archive_local_exec } } From a7db1252f2c2048ab9a61254869eea061eae1318 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 22 Oct 2025 19:34:12 +0000 Subject: [PATCH 70/70] chore(release): version 8.1.2 [skip ci] ## [8.1.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.1.1...v8.1.2) (2025-10-22) ### Bug Fixes * Make quiet_archive_local_exec properly suppress Poetry/pip/npm output ([#709](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/709)) ([bae0385](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/bae03859f4b7a389c20e52dcbd5c83d58f1916a8)) --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1d11144a..7b60d567 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to this project will be documented in this file. +## [8.1.2](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.1.1...v8.1.2) (2025-10-22) + +### Bug Fixes + +* Make quiet_archive_local_exec properly suppress Poetry/pip/npm output ([#709](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/709)) ([bae0385](https://github.com/terraform-aws-modules/terraform-aws-lambda/commit/bae03859f4b7a389c20e52dcbd5c83d58f1916a8)) + ## [8.1.1](https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v8.1.0...v8.1.1) (2025-10-21) ### Bug Fixes