{"id":16307050,"url":"https://github.com/fujiwara/lambroll","last_synced_at":"2025-05-16T02:07:54.936Z","repository":{"id":35502635,"uuid":"217447668","full_name":"fujiwara/lambroll","owner":"fujiwara","description":"lambroll is a minimal deployment tool for AWS Lambda.","archived":false,"fork":false,"pushed_at":"2025-04-19T07:06:31.000Z","size":792,"stargazers_count":393,"open_issues_count":4,"forks_count":32,"subscribers_count":4,"default_branch":"v1","last_synced_at":"2025-04-19T11:09:20.845Z","etag":null,"topics":["aws","aws-lambda","deploy","lambda"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fujiwara.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["fujiwara"]}},"created_at":"2019-10-25T04:00:43.000Z","updated_at":"2025-04-19T07:06:18.000Z","dependencies_parsed_at":"2023-11-18T06:27:18.373Z","dependency_job_id":"36f2b97b-2d87-4f91-9cb8-c88da7658b6d","html_url":"https://github.com/fujiwara/lambroll","commit_stats":null,"previous_names":[],"tags_count":80,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fujiwara%2Flambroll","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fujiwara%2Flambroll/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fujiwara%2Flambroll/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fujiwara%2Flambroll/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fujiwara","download_url":"https://codeload.github.com/fujiwara/lambroll/tar.gz/refs/heads/v1","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254453653,"owners_count":22073617,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-lambda","deploy","lambda"],"created_at":"2024-10-10T21:12:20.847Z","updated_at":"2025-05-16T02:07:54.920Z","avatar_url":"https://github.com/fujiwara.png","language":"Go","funding_links":["https://github.com/sponsors/fujiwara"],"categories":[],"sub_categories":[],"readme":"# lambroll\n\nlambroll is a simple deployment tool for [AWS Lambda](https://aws.amazon.com/lambda/).\n\nlambroll does,\n\n- Create a function.\n- Create a Zip archive from a local directory.\n- Deploy function code / configuration / tags / aliases / function URLs.\n- Rollback a function to the previous version.\n- Invoke a function with payloads.\n- Manage function versions.\n- Show status of a function.\n- Show function logs.\n- Show diff of function code / configuration.\n- Delete a function.\n\nlambroll does not,\n\n- Manage resources related to the Lambda function.\n  - For example, IAM Role, function triggers, API Gateway, and etc.\n  - Only the function URLs can be managed by lambroll if you want.\n- Build native binaries or extensions for Linux (AWS Lambda running environment).\n\nWhen you hope to manage these resources, we recommend other deployment tools ([AWS SAM](https://aws.amazon.com/serverless/sam/), [Serverless Framework](https://serverless.com/), etc.).\n\n## Differences of lambroll v0 and v1.\n\nSee [docs/v0-v1.md](docs/v0-v1.md).\n\n## Install\n\n### Homebrew (macOS and Linux)\n\n```console\n$ brew install fujiwara/tap/lambroll\n```\n\n### aqua\n\n[aqua](https://aquaproj.github.io/) is a declarative CLI Version Manager.\n\n```console\n$ aqua g -i fujiwara/lambroll\n```\n\n### Binary packages\n\n[Releases](https://github.com/fujiwara/lambroll/releases)\n\n### CircleCI Orb\n\nhttps://circleci.com/orbs/registry/orb/fujiwara/lambroll\n\n```yml\nversion: 2.1\norbs:\n  lambroll: fujiwara/lambroll@2.0.1\njobs:\n  deploy:\n    docker:\n      - image: cimg/base\n    steps:\n      - checkout\n      - lambroll/install:\n          version: v1.1.0\n      - run:\n          command: |\n            lambroll deploy\n```\n\n### GitHub Actions\n\nAction fujiwara/lambroll@v1 installs lambroll binary for Linux into /usr/local/bin. This action runs install only.\n\n```yml\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: fujiwara/lambroll@v1\n        with:\n          version: v1.1.0\n          # version-file: .lambroll-version\n      - run: |\n          lambroll deploy\n```\n\nNote:\n- `version` is not required, but it is recommended that the version be specified.\n  - The default version is not fixed and may change in the future.\n- `version-file` can also be used to specify lambroll version by using the file that contains lambroll version (e.g. 1.1.0).\n- `os` and `arch` are automatically detected. (Some previous versions use `os` and `arch` as inputs, but they are deprecated.)\n\n## Quick start\n\nTry migrate your existing Lambda function `hello`.\n\n```console\n$ mkdir hello\n$ cd hello\n$ lambroll init --function-name hello --download\n2019/10/26 01:19:23 [info] function hello found\n2019/10/26 01:19:23 [info] downloading function.zip\n2019/10/26 01:19:23 [info] creating function.json\n2019/10/26 01:19:23 [info] completed\n\n$ unzip -l function.zip\nArchive:  function.zip\n  Length      Date    Time    Name\n---------  ---------- -----   ----\n      408  10-26-2019 00:30   index.js\n---------                     -------\n      408                     1 file\n\n$ unzip function.zip\nArchive:  function.zip\n extracting: index.js\n\n$ rm function.zip\n```\n\nSee or edit `function.json` or `index.js`.\n\nNow you can deploy `hello` function using `lambroll deploy`.\n\n```console\n$ lambroll deploy\n2019/10/26 01:24:52 [info] starting deploy function hello\n2019/10/26 01:24:53 [info] creating zip archive from .\n2019/10/26 01:24:53 [info] zip archive wrote 1042 bytes\n2019/10/26 01:24:53 [info] updating function configuration\n2019/10/26 01:24:53 [info] updating function code hello\n2019/10/26 01:24:53 [info] completed\n```\n\n## Usage\n\n```console\nUsage: lambroll \u003ccommand\u003e [flags]\n\nFlags:\n  -h, --help                              Show context-sensitive help.\n      --option=STRING                     option file path ($LAMBROLL_OPTION)\n      --function=STRING                   Function file path ($LAMBROLL_FUNCTION)\n      --log-level=\"info\"                  log level (trace, debug, info, warn, error) ($LAMBROLL_LOGLEVEL)\n      --[no-]color                        enable colored output ($LAMBROLL_COLOR)\n      --region=REGION                     AWS region ($AWS_REGION)\n      --profile=PROFILE                   AWS credential profile name ($AWS_PROFILE)\n      --tfstate=TFSTATE                   URL to terraform.tfstate ($LAMBROLL_TFSTATE)\n      --prefixed-tfstate=KEY=VALUE;...    key value pair of the prefix for template function name and URL to\n                                          terraform.tfstate ($LAMBROLL_PREFIXED_TFSTATE)\n      --endpoint=ENDPOINT                 AWS API Lambda Endpoint ($AWS_LAMBDA_ENDPOINT)\n      --envfile=ENVFILE,...               environment files ($LAMBROLL_ENVFILE)\n      --ext-str=KEY=VALUE;...             external string values for Jsonnet ($LAMBROLL_EXTSTR)\n      --ext-code=KEY=VALUE;...            external code values for Jsonnet ($LAMBROLL_EXTCODE)\n\nCommands:\n  deploy\n    deploy or create function\n\n  init --function-name=\n    init function.json\n\n  list\n    list functions\n\n  rollback\n    rollback function\n\n  invoke\n    invoke function\n\n  archive\n    archive function\n\n  logs\n    show logs of function\n\n  diff\n    show diff of function\n\n  render\n    render function.json\n\n  status\n    show status of function\n\n  delete\n    delete function\n\n  versions\n    show versions of function\n\n  version\n    show version\n\nRun \"lambroll \u003ccommand\u003e --help\" for more information on a command.\n```\n\n### Global flags\n\nlambroll has global flags for all commands.\n\nThese flags can be set by environment variables or option file (`--option`).\n\n#### Environment variables\n\nFor example, `--log-level=debug` can be set by `LAMBROLL_LOGLEVEL=debug`.\n\nSee the above usage for the environment variable names.\n\n#### Option file\n\n`--option=filename` can be used as an option file.\n\nIf the option file is specified, lambroll reads the file and applies to the default values of global flags.\n\nThe file format is JSON or Jsonnet.\n\n```jsonnet\n// option.jsonnet\n{\n  log_level: 'info',\n  color: true,\n  region: 'ap-northeast-1',\n  profile: 'default',\n  tfstate: 's3://my-bucket/terraform.tfstate',\n  prefixed_tfstate: {\n    my_first_: 's3://my-bucket/first.tfstate',\n    my_second_: 's3://my-bucket/second.tfstate',\n  },\n  endpoint: 'http://localhost:9001',\n  envfile: ['.env1', '.env2'],\n  ext_str: {\n    accountID: '0123456789012',\n  },\n  ext_code: {\n    memorySize: '128 * 4',\n  },\n}\n```\n\nAll fields are optional. If the field is not defined, the default value is used.\nWhen command-line flags are specified, they take precedence over the options file.\n\nThe priority of the option values is as follows:\n\n1. Command-line flags. (`--log-level=debug`)\n2. The values defined in the option file. (`{\"log_level\": \"debug\"}`)\n3. Environment variables. (`LAMBROLL_LOGLEVEL=debug`)\n\nWhile parsing the option file, lambroll evaluates only the `{{env}}` and `{{must_env}}` template functions and `env` and `must_env` native functions in Jsonnet. Other functions are not available.\n\n### Init\n\n`lambroll init` initialize function.json by existing function.\n\n```console\nUsage: lambroll init --function-name=\n\ninit function.json\n\nFlags:\n      --function-name=                    Function name for init\n      --download                          Download function.zip\n      --jsonnet                           render function.json as jsonnet\n      --qualifier=QUALIFIER               function version or alias\n      --function-url                      create function url definition file\n```\n\n`init` creates `function.json` as a configuration file of the function.\n\n### Deploy\n\n```console\nUsage: lambroll deploy\n\ndeploy or create function\n\nFlags:\n      --src=\".\"                   function zip archive or src dir\n      --publish                   publish function\n      --alias=\"current\"           alias name for publish\n      --alias-to-latest           set alias to unpublished $LATEST version\n      --dry-run                   dry run\n      --skip-archive              skip to create zip archive. requires Code.S3Bucket\n                                  and Code.S3Key in function definition\n      --keep-versions=0           Number of latest versions to keep. Older versions\n                                  will be deleted. (Optional value: default 0).\n      --ignore=\"\"                 ignore fields by jq queries in function.json\n      --function-url=\"\"           path to function-url definition\n                                  ($LAMBROLL_FUNCTION_URL)\n      --skip-configuration        skip updating function configuration, deploy function\n                                  code and aliases only\n      --skip-function             skip to deploy a function. deploy function-url only\n      --exclude-file=\".lambdaignore\"\n                                  exclude file\n      --symlink                   keep symlink (same as zip --symlink,-y)\n```\n\n`deploy` works as below.\n\n- Create a zip archive from `--src` directory.\n  - Excludes files matched (wildcard pattern) in `--exclude-file`.\n- Create / Update Lambda function\n  - If the function does not exist, create a new function.\n  - If the function exists, update the function code.\n  - Create / Update function configuration\n    - If `--skip-configuration` is specified, skip to update the configuration.\n  - Create / Update function code\n- Create an alias to the published version when `--publish` (default).\n\n#### Ignore some configurations\n\nlambroll can ignore some fields in function.json by using `--ignore` flag.\n\n```console\n$ lambroll deploy --ignore='.Tags, .Environment'\n```\nWhen `--ignore` is specified, lambroll ignores the fields in function.json.\n\nTo confirm the ignored fields, you can use `lambroll diff` command.\n\n```console\n$ lambroll diff --ignore='.Tags, .Environment'\n```\n\n#### Deploy via S3\n\nWhen the zip archive is too large to upload directly, you can deploy via S3.\n\nSet `Code.S3Bucket` and `Code.S3Key` in function.json. lambroll uploads the zip archive to the specified S3 bucket and deploys the function.\n\n```json\n{\n  \"Code\": {\n    \"S3Bucket\": \"my-bucket\",\n    \"S3Key\": \"function.zip\"\n  }\n}\n```\n\nIf you want to upload the zip archive yourself, you can skip creating the zip archive by using the `--skip-archive` flag.\n\n#### Deploy container image\n\nlambroll also support to deploy a container image for Lambda.\n\n`PackageType=Image` and `Code.ImageUri` are required in function.json.\n`ImageConfig` is optional.\n\n```json\n{\n  \"FunctionName\": \"container\",\n  \"MemorySize\": 128,\n  \"Role\": \"arn:aws:iam::012345678912:role/test_lambda_function\",\n  \"PackageType\": \"Image\",\n  \"Code\": {\n    \"ImageUri\": \"012345678912.dkr.ecr.ap-northeast-1.amazonaws.com/lambda/test:latest\"\n  },\n  \"ImageConfig\": {\n    \"Command\": [\n      \"/path/to/bootstrap\"\n    ],\n    \"WorkingDirectory\": \"/var/task\",\n    \"EntryPoint\": [\n      \"/path/to/entrypoint\"\n    ],\n  }\n}\n```\n\n### Rollback\n\n```\nUsage: lambroll rollback\n\nrollback function\n\nFlags:\n      --dry-run                   dry run\n      --alias=\"current\"           alias to rollback\n      --version=\"\"                version to rollback (default: previous version auto detected)\n      --delete-version            delete rolled back version\n```\n\n`lambroll deploy` create/update alias to the published function version on deploy.\n\n`lambroll rollback` works as below.\n\n1. Find the previous version from the alias with no other aliases.\n2. Update the alias to the previous version.\n   - If `--version` is specified, update the alias to the specified version.\n3. When `--delete-version` is specified, delete the old version of the function.\n\nIf you add multiple aliases to the function, `lambroll rollback --alias={some-alias}` may not work as expected. Because the previous version that auto-detected may be the older version of other aliases.\n\nSo you should specify the version to rollback with `--version` flag to clear the ambiguity.\n\n### Invoke\n\n```\nUsage: lambroll invoke\n\ninvoke function\n\nFlags:\n      --async                             invocation type async\n      --log-tail                          output tail of log to STDERR\n      --qualifier=QUALIFIER               version or alias to invoke\n      --payload=PAYLOAD                   payload to invoke. if not specified, read from STDIN\n```\n\n`lambroll invoke` accepts multiple JSON payloads for invocations from `--payload` flag or STDIN.\n\nIf the payload is a concatenation of multiple JSON payloads, `lambroll invoke` will invoke the function for each JSON payload.\n\nOutputs from the function invoked are printed to STDOUT.\n\n```console\n$ lambroll invoke --payload='{\"foo\":1} --log-tail'\n{\"success\": true, \"payload\": {\"foo\":1}}\n2019/10/28 23:16:43 [info] StatusCode:200 ExecutionVersion:$LATEST\nSTART RequestId: aa38233f-a179-4192-8469-c86414fe463c Version: $LATEST\nEND RequestId: aa38233f-a179-4192-8469-c86414fe463c\nREPORT RequestId: 60140e16-018e-41b1-bb46-3f021d4960c0\tDuration: 561.77 ms\tBilled Duration: 600 ms\tMemory Size: 128 MB\tMax Memory Used: 50 MB\n\n$ echo '{\"foo\":1}{\"foo\":2}' | lambroll invoke --log-tail\n{\"success\": true, payload{\"foo\":1}}\n2019/10/28 23:16:43 [info] StatusCode:200 ExecutionVersion:$LATEST\nSTART RequestId: 60140e16-018e-41b1-bb46-3f021d4960c0 Version: $LATEST\nEND RequestId: 60140e16-018e-41b1-bb46-3f021d4960c0\nREPORT RequestId: 60140e16-018e-41b1-bb46-3f021d4960c0\tDuration: 561.77 ms\tBilled Duration: 600 ms\tMemory Size: 128 MB\tMax Memory Used: 50 MB\n{\"success\": true, payload:{\"foo\":2}}\n2019/10/28 23:16:43 [info] StatusCode:200 ExecutionVersion:$LATEST\nSTART RequestId: dcc584f5-ceaf-4109-b405-8e59ca7ae92f Version: $LATEST\nEND RequestId: dcc584f5-ceaf-4109-b405-8e59ca7ae92f\nREPORT RequestId: dcc584f5-ceaf-4109-b405-8e59ca7ae92f\tDuration: 597.87 ms\tBilled Duration: 600 ms\tMemory Size: 128 MB\tMax Memory Used: 50 MB\n2019/10/28 23:16:43 [info] completed\n```\n\n### function.json\n\nfunction.json is a definition for Lambda function. JSON structure is based from [`CreateFunction` for Lambda API](https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html).\n\n```json\n{\n  \"Architectures\": [\n    \"arm64\"\n  ],\n  \"Description\": \"hello function for {{ must_env `ENV` }}\",\n  \"EphemeralStorage\": {\n    \"Size\": 1024\n  },\n  \"Environment\": {\n    \"Variables\": {\n      \"BAR\": \"baz\",\n      \"FOO\": \"{{ env `FOO` `default for FOO` }}\"\n    }\n  },\n  \"FunctionName\": \"{{ must_env `ENV` }}-hello\",\n  \"FileSystemConfigs\": [\n    {\n      \"Arn\": \"arn:aws:elasticfilesystem:ap-northeast-1:123456789012:access-point/fsap-04fc0858274e7dd9a\",\n      \"LocalMountPath\": \"/mnt/lambda\"\n    }\n  ],\n  \"Handler\": \"index.js\",\n  \"MemorySize\": 128,\n  \"Role\": \"arn:aws:iam::123456789012:role/hello_lambda_function\",\n  \"Runtime\": \"nodejs18.x\",\n  \"Tags\": {\n    \"Env\": \"dev\"\n  },\n  \"Timeout\": 5,\n  \"TracingConfig\": {\n    \"Mode\": \"PassThrough\"\n  }\n}\n```\n\nThe template functions is available in `{{ }}`.\n- `env` function expands environment variables.\n- `must_env` function expands environment variables. If the environment variable is not defined, lambroll will panic and abort.\n\n#### Tags\n\nWhen \"Tags\" key exists in function.json, lambroll set / remove tags to the lambda function at deploy.\n\n```json5\n{\n  // ...\n  \"Tags\": {\n    \"Env\": \"dev\",\n    \"Foo\": \"Bar\"\n  }\n}\n```\n\nWhen \"Tags\" key does not exist, lambroll doesn't manage tags.\nIf you hope to remove all tags, set `\"Tags\": {}` expressly.\n\n#### Environment variables from envfile\n\n`lambroll --envfile .env1 .env2` reads files named .env1 and .env2 as environment files and export variables in these files.\n\nThese files are parsed by [hashicorp/go-envparse](https://github.com/hashicorp/go-envparse).\n\n```env\nFOO=foo\nexport BAR=\"bar\"\n```\n\n#### Jsonnet support for function configuration\n\nlambroll also can read function.jsonnet as [Jsonnet](https://jsonnet.org/) format instead of plain JSON.\n\n```jsonnet\n{\n  FunctionName: 'hello',\n  Handler: 'index.handler',\n  MemorySize: std.extVar('memorySize'),\n  Role: 'arn:aws:iam::%s:role/lambda_role' % [ std.extVar('accountID') ],\n  Runtime: 'nodejs20.x',\n}\n```\n\n```console\n$ lambroll \\\n    --function function.jsonnet \\\n    --ext-str accountID=0123456789012 \\\n    --ext-code memorySize=\"128 * 4\" \\\n    deploy\n```\n\n- `--ext-str` sets external string values for Jsonnet.\n- `--ext-code` sets external code values for Jsonnet.\n\nv1.1.0 and later, lambroll supports Jsonnet native functions. See below for details.\n\n#### Expand SSM parameter values\n\nAt reading the file, lambroll evaluates `{{ ssm }}` syntax in JSON.\n\nFor example,\n\n```\n{{ ssm `/path/to/param` }}\n```\n\nSSM parameter value of `/path/to/param` is expanded here.\n\nFor Jsonnet, the `ssm` function is available.\n\n```jsonnet\nlocal ssm = std.native('ssm');\n{\n  Environment: {\n    Variables: {\n      FOO: ssm('/path/to/param'),\n    },\n  },\n}\n```\n\n#### Expand environment variables\n\nAt reading the file, lambroll evaluates `{{ env }}` and `{{ must_env }}` syntax in JSON.\n\nFor example,\n\n```\n{{ env `FOO` `default for FOO` }}\n```\n\nEnvironment variable `FOO` is expanded here. When `FOO` is not defined, use default value.\n\n```\n{{ must_env `FOO` }}\n```\n\nEnvironment variable `FOO` is expanded. When `FOO` is not defined, lambroll will panic and abort.\n\n`json_escape` template function escapes JSON meta characters in string values. This is useful for inject structured values into environment variables.\n\n```json\n{\n    \"Environment\": {\n        \"Variables\": {\n            \"JSON\": \"{{ env `JSON` | json_escape }}\"\n        }\n    }\n}\n```\n\nFor Jsonnet, the `env` and `must_env` native functions are available.\n\n```jsonnet\nlocal env = std.native('env');\nlocal must_env = std.native('must_env');\n{\n  Environment: {\n    Variables: {\n      FOO: env('FOO', 'default for FOO'),\n      BAR: must_env('BAR'),\n    },\n  },\n}\n```\n\n#### Resolve AWS caller identity\n\nThe `caller_identity` template function resolves the AWS caller identity.\n\n```json\n{\n  \"Account\": \"{{ caller_identity.Account }}\",\n  \"Arn\": \"{{ caller_identity.Arn }}\",\n  \"UserId\": \"{{ caller_identity.UserId }}\"\n}\n```\n\nThe `caller_identity` native function also available in Jsonnet.\n\n```jsonnet\nlocal caller = std.native('caller_identity')();\n{\n  Account: caller.Account,\n  Arn: caller.Arn,\n  UserId: caller.UserId,\n}\n```\n\nThe `caller_identity` function returns an object containing the following fields: `Account`, `Arn`, and `UserId`.\n\nThis object is the same as the result of [GetCallerIdentity](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html) API.\n\n#### Resolve Lambda layer ARN\n\nThe `layer_arn` template/Jsonnet function resolves the Lambda layer ARN.\n\n```json\n{\n  \"Layers\": [\n    \"{{ layer_arn `my-layer` `latest` }}\"\n  ]\n}\n```\n\n```jsonnet\nlocal layer_arn = std.native('layer_arn');\n{\n  Layers: [\n    layer_arn('my-layer', 'latest'),\n  ],\n}\n```\n\nThe `layer_arn` function takes two string arguments: `LayerName` and `Version`.\n- `LayerName` is the name of the Lambda layer.\n- `Version` is the version of the Lambda layer. If `Version` is empty or `latest`, the latest version is used. Otherwise, the specified version is used.\n\n#### Lookup resource attributes in tfstate ([Terraform state](https://www.terraform.io/docs/state/index.html))\n\nWhen `--tfstate` option set to an URL to `terraform.tfstate`, tfstate template function enabled.\n\nFor example, define your AWS resources by terraform.\n\n```terraform\ndata \"aws_iam_role\" \"lambda\" {\n  name = \"hello_lambda_function\"\n}\n```\n\n`terraform apply` creates a terraform.tfstate file.\n\n`lambroll --tfstate URL ...` enables to lookup resource attributes in the tfstate URL.\n\n```json\n{\n  \"Description\": \"hello function\",\n  \"FunctionName\": \"hello\",\n  \"Handler\": \"index.js\",\n  \"MemorySize\": 128,\n  \"Role\": \"{{ tfstate `data.aws_iam_role.lambda.arn` }}\",\n  \"Runtime\": \"nodejs20.x\",\n  \"Timeout\": 5,\n  \"TracingConfig\": {\n    \"Mode\": \"PassThrough\"\n  },\n  \"VpcConfig\": {\n    \"SubnetIds\": [\n      \"{{ tfstate `aws_subnet.lambda['az-a'].id` }}\",\n      \"{{ tfstate `aws_subnet.lambda['az-b'].id` }}\"\n    ],\n    \"SecurityGroupIds\": [\n      \"{{ tfstatef `aws_security_group.internal['%s'].id` (must_env `WORLD`) }}\"\n    ]\n  }\n}\n```\n\nFor Jsonnet, the `tfstate` native function is available.\n\n```jsonnet\nlocal tfstate = std.native('tfstate');\n{\n  Description: 'hello function',\n  FunctionName: 'hello',\n  Handler: 'index.js',\n  MemorySize: 128,\n  Role: tfstate('data.aws_iam_role.lambda.arn'),\n  Runtime: 'nodejs20.x',\n  Timeout: 5,\n  TracingConfig: {\n    Mode: 'PassThrough',\n  },\n  VpcConfig: {\n    SubnetIds: [\n      tfstate('aws_subnet.lambda[\"az-a\"].id'),\n      tfstate('aws_subnet.lambda[\"az-b\"].id'),\n    ],\n    SecurityGroupIds: [\n      tfstate('aws_security_group.internal[\"%s\"].id' % must_env('WORLD')),\n    ],\n  },\n}\n```\n\nLikewise, if you have AWS resource definitions spread across multiple tfstate files, you can utilize `--prefixed-tfstate` option:\n\ne.g.\n```shell\nlambroll --prefixed-tfstate=\"my_first_=s3://my-bucket/first.tfstate\" --prefixed-tfstate=\"my_second_=s3://my-bucket/second.tfstate\" ...\n```\n\nwhich then exposes additional template functions available like:\n\n```json\n{\n  \"Description\": \"hello function\",\n  \"Environment\": {\n    \"Variables\": {\n      \"FIRST_VALUE\": \"{{ my_first_tfstate `data.aws_iam_role.lambda.arn` }}\",\n      \"SECOND_VALUE\": \"{{ my_second_tfstate `data.aws_iam_role.lambda.arn` }}\"\n    }\n  },\n  \"rest of the parameters\": \"...\"\n}\n```\n\nFor Jsonnet, a `{prefix}_tfstate` native function is generated by the `--prefixed-tfstate` option.\n\n```jsonnet\nlocal first_tfstate = std.native('my_first_tfstate');\nlocal second_tfstate = std.native('my_second_tfstate');\n{\n  Description: 'hello function',\n  Environment: {\n    Variables: {\n      FIRST_VALUE: first_tfstate('data.aws_iam_role.lambda.arn'),\n      SECOND_VALUE: second_tfstate('data.aws_iam_role.lambda.arn'),\n    },\n  },\n  \"rest of the parameters\": \"...\",\n}\n```\n\n### .lambdaignore\n\nlambroll will ignore files defined in `.lambdaignore` file at creating a zip archive.\n\nFor example,\n\n```\n# comment\n\n*.zip\n*~\n```\n\nFor each line in `.lambdaignore` are evaluated as Go's [`path/filepath#Match`](https://godoc.org/path/filepath#Match).\n\n### Lambda@Edge support\n\nlambroll can deploy [Lambda@Edge](https://aws.amazon.com/lambda/edge/) functions.\n\nEdge functions require two preconditions:\n\n- `--region` must set to `us-east-1`.\n- The IAM Role must be assumed by `lambda.amazonaws.com` and `edgelambda.amazonaws.com` both.\n\nOtherwise, it works as usual.\n\n### Lambda function URLs support\n\nlambroll can deploy [Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/lambda-urls.html).\n\n`lambroll deploy --function-url=function_url.json` deploys a function URL after the function deploied.\n\nEven if your Lambda function already has a function URL, `lambroll deploy` without `--function-url` option does not touch the function URLs resources.\n\nWhen you want to deploy a public (without authentication) function URL, `function_url.json` is shown below.\n\n```json\n{\n  \"Config\": {\n    \"AuthType\": \"NONE\"\n  }\n}\n```\n\nWhen you want to deploy a private (requires AWS IAM authentication) function URL, `function_url.json` is shown below.\n\n```json\n{\n  \"Config\": {\n    \"AuthType\": \"AWS_IAM\",\n    \"Cors\": {\n      \"AllowOrigins\": [\n        \"*\"\n      ],\n      \"AllowMethods\": [\n        \"GET\",\n        \"POST\"\n      ]\n    },\n  },\n  \"Permissions\": [\n    {\n      \"Principal\": \"0123456789012\"\n    },\n    {\n      \"PrincipalOrgID\": \"o-123456789\",\n      \"Principal\": \"*\"\n    }\n  ]\n}\n```\n\n- `Config` maps to [CreateFunctionUrlConfigInput](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/lambda#CreateFunctionUrlConfigInput) in AWS SDK Go v2.\n  - `Config.AuthType` must be `AWS_IAM` or `NONE`.\n  - `Config.Qualifier` is optional. Default is `$LATEST`.\n- `Permissions` is optional.\n  - If `Permissions` is not defined and `AuthType` is `NONE`, `Principal` is set to `*` automatically.\n  - When `AuthType` is `AWS_IAM`, you must define `Permissions` to specify allowed principals.\n  - Each elements of `Permissions` maps to [AddPermissionInput](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/lambda#AddPermissionInput) in AWS SDK Go v2.\n- `function_url.jsonnet` is also supported like `function.jsonnet`.\n\n#### CloudFront origin access control (OAC) support\n\nCloudFront provides origin access control (OAC) for restricting access to a Lambda function URL origin.\n\nWhen you want to restrict access to a Lambda function URL origin by CloudFront, you can specify `Principal` as `cloudfront.amazonaws.com` and `SourceArn` as the ARN of the CloudFront distribution.\n\nSee also [Restricting access to an AWS Lambda function URL origin](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-lambda.html).\n\n```json\n{\n  \"Config\": {\n    \"AuthType\": \"AWS_IAM\",\n  },\n  \"Permissions\": [\n    {\n      \"Principal\": \"cloudfront.amazonaws.com\",\n      \"SourceArn\": \"arn:aws:cloudfront::123456789012:distribution/EXXXXXXXX\"\n    }\n  ]\n}\n```\n\nIf you need to allow access from any CloudFront distributions in your account, you can specify `SourceArn` as `arn:aws:cloudfront::123456789012:distribution/*`.\n\nSpecifying `SourceArn` as `*` is not recommended because it allows access from any CloudFront distribution in any AWS account.\n\n## LICENSE\n\nMIT License\n\nCopyright (c) 2019 FUJIWARA Shunichiro\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffujiwara%2Flambroll","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffujiwara%2Flambroll","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffujiwara%2Flambroll/lists"}