{"id":13505653,"url":"https://github.com/terraform-aws-modules/terraform-aws-lambda","last_synced_at":"2026-02-02T20:12:46.877Z","repository":{"id":37087331,"uuid":"268826962","full_name":"terraform-aws-modules/terraform-aws-lambda","owner":"terraform-aws-modules","description":"Terraform module, which takes care of a lot of AWS Lambda/serverless tasks (build dependencies, packages, updates, deployments) in countless combinations πŸ‡ΊπŸ‡¦","archived":false,"fork":false,"pushed_at":"2025-04-09T02:16:14.000Z","size":892,"stargazers_count":963,"open_issues_count":9,"forks_count":710,"subscribers_count":22,"default_branch":"master","last_synced_at":"2025-04-11T04:11:29.307Z","etag":null,"topics":["aws","aws-lambda","serverless","terraform-module","terraform-serverless"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/terraform-aws-modules/lambda/aws","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/terraform-aws-modules.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["antonbabenko"],"custom":"https://www.paypal.me/antonbabenko"}},"created_at":"2020-06-02T14:42:42.000Z","updated_at":"2025-04-09T02:16:16.000Z","dependencies_parsed_at":"2022-07-09T14:46:21.995Z","dependency_job_id":"d9ab1fc3-0cde-4e4a-99e6-0b9695bbcb87","html_url":"https://github.com/terraform-aws-modules/terraform-aws-lambda","commit_stats":{"total_commits":422,"total_committers":105,"mean_commits":4.019047619047619,"dds":0.6658767772511849,"last_synced_commit":"00a71723bbefb191c3fb622b3e34c693a2ca4930"},"previous_names":[],"tags_count":182,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-aws-modules%2Fterraform-aws-lambda","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-aws-modules%2Fterraform-aws-lambda/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-aws-modules%2Fterraform-aws-lambda/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-aws-modules%2Fterraform-aws-lambda/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/terraform-aws-modules","download_url":"https://codeload.github.com/terraform-aws-modules/terraform-aws-lambda/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254310515,"owners_count":22049469,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-lambda","serverless","terraform-module","terraform-serverless"],"created_at":"2024-08-01T00:01:11.153Z","updated_at":"2026-02-02T20:12:46.868Z","avatar_url":"https://github.com/terraform-aws-modules.png","language":"HCL","funding_links":["https://github.com/sponsors/antonbabenko","https://www.paypal.me/antonbabenko"],"categories":["Community Modules"],"sub_categories":["Miscellaneous"],"readme":"# AWS Lambda Terraform module\n\nTerraform module, which creates almost all supported AWS Lambda resources as well as taking care of building and packaging of required Lambda dependencies for functions and layers.\n\n[![SWUbanner](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner2-direct.svg)](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md)\n\nThis Terraform module is the part of [serverless.tf framework](https://github.com/antonbabenko/serverless.tf), which aims to simplify all operations when working with the serverless in Terraform:\n\n1. Build and install dependencies - [read more](#build). Requires Python 3.6 or newer.\n2. Create, store, and use deployment packages - [read more](#package).\n3. Create, update, and publish AWS Lambda Function and Lambda Layer - [see usage](#usage).\n4. Create static and dynamic aliases for AWS Lambda Function - [see usage](#usage), see [modules/alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/modules/alias).\n5. Do complex deployments (eg, rolling, canary, rollbacks, triggers) - [read more](#deployment), see [modules/deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/modules/deploy).\n6. Use AWS SAM CLI to test Lambda Function - [read more](#sam_cli_integration).\n\n## Features\n\n- Build dependencies for your Lambda Function and Layer.\n- Support builds locally and in Docker (with or without SSH agent support for private builds) for any runtime and architecture supported by AWS Lambda.\n- Create deployment package or deploy existing (previously built package) from local, from S3, from URL, or from AWS ECR repository.\n- Store deployment packages locally or in the S3 bucket.\n- Support almost all features of Lambda resources (function, layer, alias, etc.)\n- Lambda@Edge\n- Conditional creation for many types of resources.\n- Control execution of nearly any step in the process - build, package, store package, deploy, update.\n- Control nearly all aspects of Lambda resources (provisioned concurrency, VPC, EFS, dead-letter notification, tracing, async events, event source mapping, IAM role, IAM policies, and more).\n- Support integration with other `serverless.tf` modules like [HTTP API Gateway](https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2) (see [examples there](https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2/tree/master/examples/complete-http)).\n\n## Usage\n\n### Lambda Function (store package locally)\n\n```hcl\nmodule \"lambda_function\" {\n source = \"terraform-aws-modules/lambda/aws\"\n\n function_name = \"my-lambda1\"\n description = \"My awesome lambda function\"\n handler = \"index.lambda_handler\"\n runtime = \"python3.12\"\n\n source_path = \"../src/lambda-function1\"\n\n tags = {\n Name = \"my-lambda1\"\n }\n}\n```\n\n### Lambda Function and Lambda Layer (store packages on S3)\n\n```hcl\nmodule \"lambda_function\" {\n source = \"terraform-aws-modules/lambda/aws\"\n\n function_name = \"lambda-with-layer\"\n description = \"My awesome lambda function\"\n handler = \"index.lambda_handler\"\n runtime = \"python3.12\"\n publish = true\n\n source_path = \"../src/lambda-function1\"\n\n store_on_s3 = true\n s3_bucket = \"my-bucket-id-with-lambda-builds\"\n\n layers = [\n module.lambda_layer_s3.lambda_layer_arn,\n ]\n\n environment_variables = {\n Serverless = \"Terraform\"\n }\n\n tags = {\n Module = \"lambda-with-layer\"\n }\n}\n\nmodule \"lambda_layer_s3\" {\n source = \"terraform-aws-modules/lambda/aws\"\n\n create_layer = true\n\n layer_name = \"lambda-layer-s3\"\n description = \"My amazing lambda layer (deployed from S3)\"\n compatible_runtimes = [\"python3.12\"]\n\n source_path = \"../src/lambda-layer\"\n\n store_on_s3 = true\n s3_bucket = \"my-bucket-id-with-lambda-builds\"\n}\n```\n\n### Lambda Functions with existing package (prebuilt) stored locally\n\n```hcl\nmodule \"lambda_function_existing_package_local\" {\n source = \"terraform-aws-modules/lambda/aws\"\n\n function_name = \"my-lambda-existing-package-local\"\n description = \"My awesome lambda function\"\n handler = \"index.lambda_handler\"\n runtime = \"python3.12\"\n\n create_package = false\n local_existing_package = \"../existing_package.zip\"\n}\n```\n\n### Lambda Function or Lambda Layer with the deployable artifact maintained separately from the infrastructure\n\nIf you want to manage function code and infrastructure resources (such as IAM permissions, policies, events, etc) in separate flows (e.g., different repositories, teams, CI/CD pipelines).\n\nDisable source code tracking to turn off deployments (and rollbacks) using the module by setting `ignore_source_code_hash = true` and deploy a _dummy function_.\n\nWhen the infrastructure and the dummy function is deployed, you can use external tool to update the source code of the function (eg, using [AWS CLI](https://docs.aws.amazon.com/cli/latest/reference/lambda/update-function-code.html)) and keep using this module via Terraform to manage the infrastructure.\n\nBe aware that changes in `local_existing_package` value may trigger deployment via Terraform.\n\n```hcl\nmodule \"lambda_function_externally_managed_package\" {\n source = \"terraform-aws-modules/lambda/aws\"\n\n function_name = \"my-lambda-externally-managed-package\"\n description = \"My lambda function code is deployed separately\"\n handler = \"index.lambda_handler\"\n runtime = \"python3.12\"\n\n create_package = false\n local_existing_package = \"./lambda_functions/code.zip\"\n\n ignore_source_code_hash = true\n}\n```\n\n### Lambda Function with existing package (prebuilt) stored in S3 bucket\n\nNote that this module does not copy prebuilt packages into S3 bucket. This module can only store packages it builds locally and in S3 bucket.\n\n```hcl\nlocals {\n my_function_source = \"../path/to/package.zip\"\n}\n\nresource \"aws_s3_bucket\" \"builds\" {\n bucket = \"my-builds\"\n acl = \"private\"\n}\n\nresource \"aws_s3_object\" \"my_function\" {\n bucket = aws_s3_bucket.builds.id\n key = \"${filemd5(local.my_function_source)}.zip\"\n source = local.my_function_source\n}\n\nmodule \"lambda_function_existing_package_s3\" {\n source = \"terraform-aws-modules/lambda/aws\"\n\n function_name = \"my-lambda-existing-package-local\"\n description = \"My awesome lambda function\"\n handler = \"index.lambda_handler\"\n runtime = \"python3.12\"\n\n create_package = false\n s3_existing_package = {\n bucket = aws_s3_bucket.builds.id\n key = aws_s3_object.my_function.id\n }\n}\n```\n\n### Lambda Functions from Container Image stored on AWS ECR\n\n```hcl\nmodule \"lambda_function_container_image\" {\n source = \"terraform-aws-modules/lambda/aws\"\n\n function_name = \"my-lambda-existing-package-local\"\n description = \"My awesome lambda function\"\n\n create_package = false\n\n image_uri = \"132367819851.dkr.ecr.eu-west-1.amazonaws.com/complete-cow:1.0\"\n package_type = \"Image\"\n}\n```\n\n### Lambda Layers (store packages locally and on S3)\n\n```hcl\nmodule \"lambda_layer_local\" {\n source = \"terraform-aws-modules/lambda/aws\"\n\n create_layer = true\n\n layer_name = \"my-layer-local\"\n description = \"My amazing lambda layer (deployed from local)\"\n compatible_runtimes = [\"python3.12\"]\n\n source_path = \"../fixtures/python-app1\"\n}\n\nmodule \"lambda_layer_s3\" {\n source = \"terraform-aws-modules/lambda/aws\"\n\n create_layer = true\n\n layer_name = \"my-layer-s3\"\n description = \"My amazing lambda layer (deployed from S3)\"\n compatible_runtimes = [\"python3.12\"]\n\n source_path = \"../fixtures/python-app1\"\n\n store_on_s3 = true\n s3_bucket = \"my-bucket-id-with-lambda-builds\"\n}\n```\n\n### Lambda@Edge\n\nMake sure, you deploy Lambda@Edge functions into US East (N. Virginia) region (`us-east-1`). See [Requirements and Restrictions on Lambda Functions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-requirements-limits.html#lambda-requirements-cloudfront-triggers).\n\n```hcl\nmodule \"lambda_at_edge\" {\n source = \"terraform-aws-modules/lambda/aws\"\n\n lambda_at_edge = true\n\n function_name = \"my-lambda-at-edge\"\n description = \"My awesome lambda@edge function\"\n handler = \"index.lambda_handler\"\n runtime = \"python3.12\"\n\n source_path = \"../fixtures/python-app1\"\n\n tags = {\n Module = \"lambda-at-edge\"\n }\n}\n```\n\n### Lambda Function in VPC\n\n```hcl\nmodule \"lambda_function_in_vpc\" {\n source = \"terraform-aws-modules/lambda/aws\"\n\n function_name = \"my-lambda-in-vpc\"\n description = \"My awesome lambda function\"\n handler = \"index.lambda_handler\"\n runtime = \"python3.12\"\n\n source_path = \"../fixtures/python-app1\"\n\n vpc_subnet_ids = module.vpc.intra_subnets\n vpc_security_group_ids = [module.vpc.default_security_group_id]\n attach_network_policy = true\n}\n\nmodule \"vpc\" {\n source = \"terraform-aws-modules/vpc/aws\"\n\n name = \"my-vpc\"\n cidr = \"10.10.0.0/16\"\n\n # Specify at least one of: intra_subnets, private_subnets, or public_subnets\n azs = [\"eu-west-1a\", \"eu-west-1b\", \"eu-west-1c\"]\n intra_subnets = [\"10.10.101.0/24\", \"10.10.102.0/24\", \"10.10.103.0/24\"]\n}\n```\n\n## Additional IAM policies for Lambda Functions\n\nThere are 6 supported ways to attach IAM policies to IAM role used by Lambda Function:\n\n1. `policy_json` - JSON string or heredoc, when `attach_policy_json = true`.\n1. `policy_jsons` - List of JSON strings or heredoc, when `attach_policy_jsons = true` and `number_of_policy_jsons \u003e 0`.\n1. `policy` - ARN of existing IAM policy, when `attach_policy = true`.\n1. `policies` - List of ARNs of existing IAM policies, when `attach_policies = true` and `number_of_policies \u003e 0`.\n1. `policy_statements` - Map of maps to define IAM statements which will be generated as IAM policy. Requires `attach_policy_statements = true`. See `examples/complete` for more information.\n1. `assume_role_policy_statements` - Map of maps to define IAM statements which will be generated as IAM policy for assuming Lambda Function role (trust relationship). See `examples/complete` for more information.\n\n## Lambda Permissions for allowed triggers\n\nLambda Permissions should be specified to allow certain resources to invoke Lambda Function.\n\n```hcl\nmodule \"lambda_function\" {\n source = \"terraform-aws-modules/lambda/aws\"\n\n # ...omitted for brevity\n\n allowed_triggers = {\n Config = {\n principal = \"config.amazonaws.com\"\n principal_org_id = \"o-abcdefghij\"\n }\n APIGatewayAny = {\n service = \"apigateway\"\n source_arn = \"arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*\"\n },\n APIGatewayDevPost = {\n service = \"apigateway\"\n source_arn = \"arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/dev/POST/*\"\n },\n OneRule = {\n principal = \"events.amazonaws.com\"\n source_arn = \"arn:aws:events:eu-west-1:135367859851:rule/RunDaily\"\n }\n }\n}\n```\n\n## Conditional creation\n\nSometimes you need to have a way to create resources conditionally but Terraform does not allow usage of `count` inside `module` block, so the solution is to specify `create` arguments.\n\n```hcl\nmodule \"lambda\" {\n source = \"terraform-aws-modules/lambda/aws\"\n\n create = false # to disable all resources\n\n create_package = false # to control build package process\n create_function = false # to control creation of the Lambda Function and related resources\n create_layer = false # to control creation of the Lambda Layer and related resources\n create_role = false # to control creation of the IAM role and policies required for Lambda Function\n\n attach_cloudwatch_logs_policy = false\n attach_dead_letter_policy = false\n attach_network_policy = false\n attach_tracing_policy = false\n attach_async_event_policy = false\n\n # ... omitted\n}\n```\n\n## \u003ca name=\"build-package\"\u003e\u003c/a\u003e How does building and packaging work?\n\nThis is one of the most complicated part done by the module and normally you don't have to know internals.\n\n`package.py` is Python script which does it. Make sure, Python 3.6 or newer is installed. The main functions of the script are to generate a filename of zip-archive based on the content of the files, verify if zip-archive has been already created, and create zip-archive only when it is necessary (during `apply`, not `plan`).\n\nHash of zip-archive created with the same content of the files is always identical which prevents unnecessary force-updates of the Lambda resources unless content modifies. If you need to have different filenames for the same content you can specify extra string argument `hash_extra`.\n\nWhen calling this module multiple times in one execution to create packages with the same `source_path`, zip-archives will be corrupted due to concurrent writes into the same file. There are two solutions - set different values for `hash_extra` to create different archives, or create package once outside (using this module) and then pass `local_existing_package` argument to create other Lambda resources.\n\n## \u003ca name=\"debug\"\u003e\u003c/a\u003e Debug\n\nBuilding and packaging has been historically hard to debug (especially with Terraform), so we made an effort to make it easier for user to see debug info. There are 3 different debug levels: `DEBUG` - to see only what is happening during planning phase and how a zip file content filtering in case of applied patterns, `DEBUG2` - to see more logging output, `DEBUG3` - to see all logging values, `DUMP_ENV` - to see all logging values and env variables (be careful sharing your env variables as they may contain secrets!).\n\nUser can specify debug level like this:\n\n```\nexport TF_LAMBDA_PACKAGE_LOG_LEVEL=DEBUG2\nterraform apply\n```\n\nUser can enable comments in heredoc strings in `patterns` which can be helpful in some situations. To do this set this environment variable:\n\n```\nexport TF_LAMBDA_PACKAGE_PATTERN_COMMENTS=true\nterraform apply\n```\n\n## \u003ca name=\"build\"\u003e\u003c/a\u003e Build Dependencies\n\nYou can specify `source_path` in a variety of ways to achieve desired flexibility when building deployment packages locally or in Docker. You can use absolute or relative paths. If you have placed terraform files in subdirectories, note that relative paths are specified from the directory where `terraform plan` is run and not the location of your terraform file.\n\nNote that, when building locally, files are not copying anywhere from the source directories when making packages, we use fast Python regular expressions to find matching files and directories, which makes packaging very fast and easy to understand.\n\n### Simple build from single directory\n\nWhen `source_path` is set to a string, the content of that path will be used to create deployment package as-is:\n\n`source_path = \"src/function1\"`\n\n### Static build from multiple source directories\n\nWhen `source_path` is set to a list of directories the content of each will be taken and one archive will be created.\n\n### Combine various options for extreme flexibility\n\nThis is the most complete way of creating a deployment package from multiple sources with multiple dependencies. This example is showing some of the available options (see [examples/build-package](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) and [examples/runtimes](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/runtimes) for more):\n\n```hcl\nsource_path = [\n \"src/main-source\",\n \"src/another-source/index.py\",\n {\n path = \"src/function1-dep\",\n patterns = [\n \"!.*/.*\\\\.txt\", # Skip all txt files recursively\n ]\n }, {\n path = \"src/python-app1\",\n pip_requirements = true,\n pip_tmp_dir = \"/tmp/dir/location\"\n prefix_in_zip = \"foo/bar1\",\n }, {\n path = \"src/python-app2\",\n pip_requirements = \"requirements-large.txt\",\n patterns = [\n \"!vendor/colorful-0.5.4.dist-info/RECORD\",\n \"!vendor/colorful-.+.dist-info/.*\",\n \"!vendor/colorful/__pycache__/?.*\",\n ]\n }, {\n path = \"src/nodejs14.x-app1\",\n npm_requirements = true,\n npm_tmp_dir = \"/tmp/dir/location\"\n prefix_in_zip = \"foo/bar1\",\n }, {\n path = \"src/nodejs-app2\",\n commands = [\n \"npm install\",\n \":zip\"\n ],\n patterns = [\n \"!.*/.*\\\\.txt\", # Skip all txt files recursively\n \"node_modules/.+\", # Include all node_modules\n ],\n }, {\n path = \"src/go-app1\",\n commands = [\"go build\"],\n patterns = \u003c\u003cEND\n bin/.*\n abc/def/.*\n END\n }\n]\n```\n\n*Few notes:*\n\n- If you specify a source path as a string that references a folder and the runtime begins with `python` or `nodejs`, the build process will automatically build python and nodejs dependencies if `requirements.txt` or `package.json` file will be found in the source folder. If you want to customize this behavior, please use the object notation as explained below.\n- If you use the `commands` option and chain multiple commands, only the exit code of last command will be checked for success. If you prefer to fail fast, start the commands with the bash option `set -e` or powershell option `$ErrorActionPreference=\"Stop\"`\n- All arguments except `path` are optional.\n- `patterns` - List of Python regex filenames should satisfy. Default value is \"include everything\" which is equal to `patterns = [\".*\"]`. This can also be specified as multiline heredoc string (no comments allowed). Some examples of valid patterns:\n\n```txt\n !.*/.*\\.txt # Filter all txt files recursively\n node_modules/.* # Include empty dir or with a content if it exists\n node_modules/.+ # Include full non empty node_modules dir with its content\n node_modules/ # Include node_modules itself without its content\n # It's also a way to include an empty dir if it exists\n node_modules # Include a file or an existing dir only\n\n !abc/.* # Filter out everything in an abc folder\n abc/def/.* # Re-include everything in abc/def sub folder\n !abc/def/hgk/.* # Filter out again in abc/def/hgk sub folder\n```\n\n- `commands` - List of commands to run. If specified, this argument overrides `pip_requirements` and `npm_requirements`.\n - `:zip [source] [destination]` is a special command which creates content of current working directory (first argument) and places it inside of path (second argument).\n- `pip_requirements` - Controls whether to execute `pip install`. Set to `false` to disable this feature, `true` to run `pip install` with `requirements.txt` found in `path`. Or set to another filename which you want to use instead. When `source_path` is passed as a string containing a path (and not a list of maps), and `requirements.txt` is present, `pip install` is automatically executed.\n- `pip_tmp_dir` - Set the base directory to make the temporary directory for pip installs. Can be useful for Docker in Docker builds.\n- `poetry_install` - Controls whether to execute `poetry export` and `pip install`. Set to `false` to disable this feature, `true` to run `poetry export` with `pyproject.toml` and `poetry.lock` found in `path`. When `source_path` is passed as a string containing a path (and not a list of maps), and `pyproject.toml` with a build system `poetry` is present, `poetry export` and `pip install` are automatically executed.\n- `poetry_export_extra_args` - A list of additional poetry arguments to add to the poetry export command\n- `npm_requirements` - Controls whether to execute `npm install`. Set to `false` to disable this feature, `true` to run `npm install` with `package.json` found in `path`. Or set to another filename which you want to use instead.\n- `npm_tmp_dir` - Set the base directory to make the temporary directory for npm installs. Can be useful for Docker in Docker builds.\n- `prefix_in_zip` - If specified, will be used as a prefix inside zip-archive. By default, everything installs into the root of zip-archive.\n\n### Building in Docker\n\nIf your Lambda Function or Layer uses some dependencies you can build them in Docker and have them included into deployment package. Here is how you can do it:\n\n build_in_docker = true\n docker_file = \"src/python-app1/docker/Dockerfile\"\n docker_build_root = \"src/python-app1/docker\"\n docker_image = \"public.ecr.aws/sam/build-python\"\n runtime = \"python3.12\" # Setting runtime is required when building package in Docker and Lambda Layer resource.\n\nUsing this module you can install dependencies from private hosts. To do this, you need for forward SSH agent:\n\n docker_with_ssh_agent = true\n\nNote that by default, the `docker_image` used comes from the registry `public.ecr.aws/sam/`, and will be based on the `runtime` that you specify. In other words, if you specify a runtime of `python3.12` and do not specify `docker_image`, then the `docker_image` will resolve to `public.ecr.aws/sam/build-python3.12`. This ensures that by default the `runtime` is available in the docker container.\n\nIf you override `docker_image`, be sure to keep the image in sync with your `runtime`. During the plan phase, when using docker, there is no check that the `runtime` is available to build the package. That means that if you use an image that does not have the runtime, the plan will still succeed, but then the apply will fail.\n\n#### Passing additional Docker options\n\nTo add flexibility when building in docker, you can pass any number of additional options that you require (see [Docker run reference](https://docs.docker.com/engine/reference/run/) for available options):\n\n```hcl\n docker_additional_options = [\n \"-e\", \"MY_ENV_VAR='My environment variable value'\",\n \"-v\", \"/local:/docker-vol\",\n ]\n```\n\n#### Overriding Docker Entrypoint\n\nTo override the docker entrypoint when building in docker, set `docker_entrypoint`:\n\n```hcl\n docker_entrypoint = \"/entrypoint/entrypoint.sh\"\n```\n\nThe entrypoint must map to a path within your container, so you need to either build your own image that contains the entrypoint or map it to a file on the host by mounting a volume (see [Passing additional Docker options](#passing-additional-docker-options)).\n\n## \u003ca name=\"package\"\u003e\u003c/a\u003e Deployment package - Create or use existing\n\nBy default, this module creates deployment package and uses it to create or update Lambda Function or Lambda Layer.\n\nSometimes, you may want to separate build of deployment package (eg, to compile and install dependencies) from the deployment of a package into two separate steps.\n\nWhen creating archive locally outside of this module you need to set `create_package = false` and then argument `local_existing_package = \"existing_package.zip\"`. Alternatively, you may prefer to keep your deployment packages into S3 bucket and provide a reference to them like this:\n\n```hcl\n create_package = false\n s3_existing_package = {\n bucket = \"my-bucket-with-lambda-builds\"\n key = \"existing_package.zip\"\n }\n```\n\n### Using deployment package from remote URL\n\nThis can be implemented in two steps: download file locally using CURL, and pass path to deployment package as `local_existing_package` argument.\n\n```hcl\nlocals {\n package_url = \"https://raw.githubusercontent.com/terraform-aws-modules/terraform-aws-lambda/master/examples/fixtures/python-zip/existing_package.zip\"\n downloaded = \"downloaded_package_${md5(local.package_url)}.zip\"\n}\n\nresource \"null_resource\" \"download_package\" {\n triggers = {\n downloaded = local.downloaded\n }\n\n provisioner \"local-exec\" {\n command = \"curl -L -o ${local.downloaded} ${local.package_url}\"\n }\n}\n\ndata \"null_data_source\" \"downloaded_package\" {\n inputs = {\n id = null_resource.download_package.id\n filename = local.downloaded\n }\n}\n\nmodule \"lambda_function_existing_package_from_remote_url\" {\n source = \"terraform-aws-modules/lambda/aws\"\n\n function_name = \"my-lambda-existing-package-local\"\n description = \"My awesome lambda function\"\n handler = \"index.lambda_handler\"\n runtime = \"python3.12\"\n\n create_package = false\n local_existing_package = data.null_data_source.downloaded_package.outputs[\"filename\"]\n}\n```\n\n## \u003ca name=\"sam_cli_integration\"\u003e\u003c/a\u003e How to use AWS SAM CLI to test Lambda Function?\n[AWS SAM CLI](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-command-reference.html) is an open source tool that help the developers to initiate, build, test, and deploy serverless\napplications. SAM CLI tool [supports Terraform applications](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/what-is-terraform-support.html).\n\nSAM CLI provides two ways of testing: local testing and testing on-cloud (Accelerate).\n\n### Local Testing\nUsing SAM CLI, you can invoke the lambda functions defined in the terraform application locally using the [sam local invoke](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-local-invoke.html)\ncommand, providing the function terraform address, or function name, and to set the `hook-name` to `terraform` to tell SAM CLI that the underlying project is a terraform application.\n\nYou can execute the `sam local invoke` command from your terraform application root directory as following:\n```\nsam local invoke --hook-name terraform module.hello_world_function.aws_lambda_function.this[0]\n```\nYou can also pass an event to your lambda function, or overwrite its environment variables. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-invoke.html) for more information.\n\nYou can also invoke your lambda function in debugging mode, and step-through your lambda function source code locally in your preferred editor. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-debugging.html) for more information.\n\n### Testing on-cloud (Accelerate)\nYou can use AWS SAM CLI to quickly test your application on your AWS development account. Using SAM Accelerate, you will be able to develop your lambda functions locally,\nand once you save your updates, SAM CLI will update your development account with the updated Lambda functions. So, you can test it on cloud, and if there is any bug,\nyou can quickly update the code, and SAM CLI will take care of pushing it to the cloud. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/accelerate.html) for more information about SAM Accelerate.\n\nYou can execute the `sam sync` command from your terraform application root directory as following:\n```\nsam sync --hook-name terraform --watch\n```\n\n## \u003ca name=\"deployment\"\u003e\u003c/a\u003e How to deploy and manage Lambda Functions?\n\n### Simple deployments\n\nTypically, Lambda Function resource updates when source code changes. If `publish = true` is specified a new [Lambda Function version](https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html) will also be created.\n\nPublished Lambda Function can be invoked using either by version number or using `$LATEST`. This is the simplest way of deployment which does not required any additional tool or service.\n\n### Controlled deployments (rolling, canary, rollbacks)\n\nIn order to do controlled deployments (rolling, canary, rollbacks) of Lambda Functions we need to use [Lambda Function aliases](https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html).\n\nIn simple terms, Lambda alias is like a pointer to either one version of Lambda Function (when deployment complete), or to two weighted versions of Lambda Function (during rolling or canary deployment).\n\nOne Lambda Function can be used in multiple aliases. Using aliases gives large control of which version deployed when having multiple environments.\n\nThere is [alias module](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/modules/alias), which simplifies working with alias (create, manage configurations, updates, etc). See [examples/alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) for various use-cases how aliases can be configured and used.\n\nThere is [deploy module](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/modules/deploy), which creates required resources to do deployments using AWS CodeDeploy. It also creates the deployment, and wait for completion. See [examples/deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) for complete end-to-end build/update/deploy process.\n\n## \u003ca name=\"terraform-cloud\"\u003e\u003c/a\u003e Terraform CI/CD\n\nTerraform Cloud, Terraform Enterprise, and many other SaaS for running Terraform do not have Python pre-installed on the workers. You will need to provide an [alternative Docker image](https://www.terraform.io/docs/enterprise/install/installer.html#alternative-terraform-worker-image) with Python installed to be able to use this module there.\n\n## FAQ\n\nQ1: Why deployment package not recreating every time I change something? Or why deployment package is being recreated every time but content has not been changed?\n\n\u003e Answer: There can be several reasons related to concurrent executions, or to content hash. Sometimes, changes has happened inside of dependency which is not used in calculating content hash. Or multiple packages are creating at the same time from the same sources. You can force it by setting value of `hash_extra` to distinct values.\n\nQ2: How to force recreate deployment package?\n\n\u003e Answer: Delete an existing zip-archive from `builds` directory, or make a change in your source code. If there is no zip-archive for the current content hash, it will be recreated during `terraform apply`.\n\nQ3: `null_resource.archive[0] must be replaced`\n\n\u003e Answer: This probably mean that zip-archive has been deployed, but is currently absent locally, and it has to be recreated locally. When you run into this issue during CI/CD process (where workspace is clean) or from multiple workspaces, you can set environment variable `TF_RECREATE_MISSING_LAMBDA_PACKAGE=false` or pass `recreate_missing_package = false` as a parameter to the module and run `terraform apply`. Alternatively, you can pass `trigger_on_package_timestamp = false` as a parameter to ignore the file timestamp when deciding to create the archive or not.\n\nQ4: What does this error mean - `\"We currently do not support adding policies for $LATEST.\"` ?\n\n\u003e Answer: When the Lambda function is created with `publish = true` the new version is automatically increased and a qualified identifier (version number) becomes available and will be used when setting Lambda permissions.\n\u003e\n\u003e When `publish = false` (default), only unqualified identifier (`$LATEST`) is available which leads to the error.\n\u003e\n\u003e The solution is to either disable the creation of Lambda permissions for the current version by setting `create_current_version_allowed_triggers = false`, or to enable publish of Lambda function (`publish = true`).\n\n## Notes\n\n1. Creation of Lambda Functions and Lambda Layers is very similar and both support the same features (building from source path, using existing package, storing package locally or on S3)\n2. Check out this [Awesome list of AWS Lambda Layers](https://github.com/mthenw/awesome-layers)\n\n## Examples\n\n- [Complete](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/complete) - Create Lambda resources in various combinations with all supported features.\n- [Container Image](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/container-image) - Create a Docker image with a platform specified in the Dockerfile (using [docker provider](https://registry.terraform.io/providers/kreuzwerker/docker)), push it to AWS ECR, and create Lambda function from it.\n- [Build and Package](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) - Build and create deployment packages in various ways.\n- [Runtimes](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/build-package) - Build and create deployment packages for various runtimes (such as Rust, Go, Java).\n- [Alias](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/alias) - Create static and dynamic aliases in various ways.\n- [Deploy](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/deploy) - Complete end-to-end build/update/deploy process using AWS CodeDeploy.\n- [Async Invocations](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/async) - Create Lambda Function with async event configuration (with SQS, SNS, and EventBridge integration).\n- [With VPC](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-vpc) - Create Lambda Function with VPC.\n- [With VPC and VPC Endpoint for S3](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-vpc-s3-endpoint) - Create Lambda Function with VPC and VPC Endpoint for S3.\n- [With EFS](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/with-efs) - Create Lambda Function with Elastic File System attached (Terraform 0.13+ is recommended).\n- [Multiple regions](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/multiple-regions) - Create the same Lambda Function in multiple regions with non-conflicting IAM roles and policies.\n- [Event Source Mapping](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/event-source-mapping) - Create Lambda Function with event source mapping configuration (SQS, DynamoDB, Amazon MQ, and Kinesis).\n- [Triggers](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/triggers) - Create Lambda Function with some triggers (eg, Cloudwatch Events, EventBridge).\n- [Code Signing](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/code-signing) - Create Lambda Function with code signing configuration.\n- [Simple CI/CD](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/simple-cicd) - Create Lambda Function as if it runs on CI/CD platform where `builds` directory is often absent.\n\n# Examples by the users of this module\n\n- [1Mill/serverless-tf-examples](https://github.com/1Mill/serverless-tf-examples/tree/main/src)\n\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.5.7 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 6.28 |\n| \u003ca name=\"requirement_external\"\u003e\u003c/a\u003e [external](#requirement\\_external) | \u003e= 1.0 |\n| \u003ca name=\"requirement_local\"\u003e\u003c/a\u003e [local](#requirement\\_local) | \u003e= 1.0 |\n| \u003ca name=\"requirement_null\"\u003e\u003c/a\u003e [null](#requirement\\_null) | \u003e= 2.0 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | \u003e= 6.28 |\n| \u003ca name=\"provider_external\"\u003e\u003c/a\u003e [external](#provider\\_external) | \u003e= 1.0 |\n| \u003ca name=\"provider_local\"\u003e\u003c/a\u003e [local](#provider\\_local) | \u003e= 1.0 |\n| \u003ca name=\"provider_null\"\u003e\u003c/a\u003e [null](#provider\\_null) | \u003e= 2.0 |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |\n| [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_iam_role_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_iam_role_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_iam_role_policy.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_iam_role_policy.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_iam_role_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_iam_role_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_iam_role_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_iam_role_policy_attachment.additional_many](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.additional_one](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource |\n| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |\n| [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource |\n| [aws_lambda_function_recursion_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_recursion_config) | resource |\n| [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource |\n| [aws_lambda_layer_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_layer_version) | resource |\n| [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |\n| [aws_lambda_permission.unqualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |\n| [aws_lambda_provisioned_concurrency_config.current_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_provisioned_concurrency_config) | resource |\n| [aws_s3_object.lambda_package](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource |\n| [local_file.archive_plan](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |\n| [null_resource.archive](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |\n| [null_resource.sam_metadata_aws_lambda_function](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |\n| [null_resource.sam_metadata_aws_lambda_layer_version](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |\n| [aws_arn.log_group_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | data source |\n| [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |\n| [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |\n| [aws_iam_policy_document.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |\n| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |\n| [external_external.archive_prepare](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_allowed_triggers\"\u003e\u003c/a\u003e [allowed\\_triggers](#input\\_allowed\\_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no |\n| \u003ca name=\"input_architectures\"\u003e\u003c/a\u003e [architectures](#input\\_architectures) | Instruction set architecture for your Lambda function. Valid values are [\"x86\\_64\"] and [\"arm64\"]. | `list(string)` | `null` | no |\n| \u003ca name=\"input_artifacts_dir\"\u003e\u003c/a\u003e [artifacts\\_dir](#input\\_artifacts\\_dir) | Directory name where artifacts should be stored | `string` | `\"builds\"` | no |\n| \u003ca name=\"input_assume_role_policy_statements\"\u003e\u003c/a\u003e [assume\\_role\\_policy\\_statements](#input\\_assume\\_role\\_policy\\_statements) | Map of dynamic policy statements for assuming Lambda Function role (trust relationship) | `any` | `{}` | no |\n| \u003ca name=\"input_attach_async_event_policy\"\u003e\u003c/a\u003e [attach\\_async\\_event\\_policy](#input\\_attach\\_async\\_event\\_policy) | Controls whether async event policy should be added to IAM role for Lambda Function | `bool` | `false` | no |\n| \u003ca name=\"input_attach_cloudwatch_logs_policy\"\u003e\u003c/a\u003e [attach\\_cloudwatch\\_logs\\_policy](#input\\_attach\\_cloudwatch\\_logs\\_policy) | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | `bool` | `true` | no |\n| \u003ca name=\"input_attach_create_log_group_permission\"\u003e\u003c/a\u003e [attach\\_create\\_log\\_group\\_permission](#input\\_attach\\_create\\_log\\_group\\_permission) | Controls whether to add the create log group permission to the CloudWatch logs policy | `bool` | `true` | no |\n| \u003ca name=\"input_attach_dead_letter_policy\"\u003e\u003c/a\u003e [attach\\_dead\\_letter\\_policy](#input\\_attach\\_dead\\_letter\\_policy) | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | `bool` | `false` | no |\n| \u003ca name=\"input_attach_network_policy\"\u003e\u003c/a\u003e [attach\\_network\\_policy](#input\\_attach\\_network\\_policy) | Controls whether VPC/network policy should be added to IAM role for Lambda Function | `bool` | `false` | no |\n| \u003ca name=\"input_attach_policies\"\u003e\u003c/a\u003e [attach\\_policies](#input\\_attach\\_policies) | Controls whether list of policies should be added to IAM role for Lambda Function | `bool` | `false` | no |\n| \u003ca name=\"input_attach_policy\"\u003e\u003c/a\u003e [attach\\_policy](#input\\_attach\\_policy) | Controls whether policy should be added to IAM role for Lambda Function | `bool` | `false` | no |\n| \u003ca name=\"input_attach_policy_json\"\u003e\u003c/a\u003e [attach\\_policy\\_json](#input\\_attach\\_policy\\_json) | Controls whether policy\\_json should be added to IAM role for Lambda Function | `bool` | `false` | no |\n| \u003ca name=\"input_attach_policy_jsons\"\u003e\u003c/a\u003e [attach\\_policy\\_jsons](#input\\_attach\\_policy\\_jsons) | Controls whether policy\\_jsons should be added to IAM role for Lambda Function | `bool` | `false` | no |\n| \u003ca name=\"input_attach_policy_statements\"\u003e\u003c/a\u003e [attach\\_policy\\_statements](#input\\_attach\\_policy\\_statements) | Controls whether policy\\_statements should be added to IAM role for Lambda Function | `bool` | `false` | no |\n| \u003ca name=\"input_attach_tracing_policy\"\u003e\u003c/a\u003e [attach\\_tracing\\_policy](#input\\_attach\\_tracing\\_policy) | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | `bool` | `false` | no |\n| \u003ca name=\"input_authorization_type\"\u003e\u003c/a\u003e [authorization\\_type](#input\\_authorization\\_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS\\_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `\"NONE\"` | no |\n| \u003ca name=\"input_build_in_docker\"\u003e\u003c/a\u003e [build\\_in\\_docker](#input\\_build\\_in\\_docker) | Whether to build dependencies in Docker | `bool` | `false` | no |\n| \u003ca name=\"input_cloudwatch_logs_kms_key_id\"\u003e\u003c/a\u003e [cloudwatch\\_logs\\_kms\\_key\\_id](#input\\_cloudwatch\\_logs\\_kms\\_key\\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no |\n| \u003ca name=\"input_cloudwatch_logs_log_group_class\"\u003e\u003c/a\u003e [cloudwatch\\_logs\\_log\\_group\\_class](#input\\_cloudwatch\\_logs\\_log\\_group\\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no |\n| \u003ca name=\"input_cloudwatch_logs_retention_in_days\"\u003e\u003c/a\u003e [cloudwatch\\_logs\\_retention\\_in\\_days](#input\\_cloudwatch\\_logs\\_retention\\_in\\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no |\n| \u003ca name=\"input_cloudwatch_logs_skip_destroy\"\u003e\u003c/a\u003e [cloudwatch\\_logs\\_skip\\_destroy](#input\\_cloudwatch\\_logs\\_skip\\_destroy) | Whether to keep the log group (and any logs it may contain) at destroy time. | `bool` | `false` | no |\n| \u003ca name=\"input_cloudwatch_logs_tags\"\u003e\u003c/a\u003e [cloudwatch\\_logs\\_tags](#input\\_cloudwatch\\_logs\\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_code_signing_config_arn\"\u003e\u003c/a\u003e [code\\_signing\\_config\\_arn](#input\\_code\\_signing\\_config\\_arn) | Amazon Resource Name (ARN) for a Code Signing Configuration | `string` | `null` | no |\n| \u003ca name=\"input_compatible_architectures\"\u003e\u003c/a\u003e [compatible\\_architectures](#input\\_compatible\\_architectures) | A list of Architectures Lambda layer is compatible with. Currently x86\\_64 and arm64 can be specified. | `list(string)` | `null` | no |\n| \u003ca name=\"input_compatible_runtimes\"\u003e\u003c/a\u003e [compatible\\_runtimes](#input\\_compatible\\_runtimes) | A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_cors\"\u003e\u003c/a\u003e [cors](#input\\_cors) | CORS settings to be used by the Lambda Function URL | `any` | `{}` | no |\n| \u003ca name=\"input_create\"\u003e\u003c/a\u003e [create](#input\\_create) | Controls whether resources should be created | `bool` | `true` | no |\n| \u003ca name=\"input_create_async_event_config\"\u003e\u003c/a\u003e [create\\_async\\_event\\_config](#input\\_create\\_async\\_event\\_config) | Controls whether async event configuration for Lambda Function/Alias should be created | `bool` | `false` | no |\n| \u003ca name=\"input_create_current_version_allowed_triggers\"\u003e\u003c/a\u003e [create\\_current\\_version\\_allowed\\_triggers](#input\\_create\\_current\\_version\\_allowed\\_triggers) | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no |\n| \u003ca name=\"input_create_current_version_async_event_config\"\u003e\u003c/a\u003e [create\\_current\\_version\\_async\\_event\\_config](#input\\_create\\_current\\_version\\_async\\_event\\_config) | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | `bool` | `true` | no |\n| \u003ca name=\"input_create_function\"\u003e\u003c/a\u003e [create\\_function](#input\\_create\\_function) | Controls whether Lambda Function resource should be created | `bool` | `true` | no |\n| \u003ca name=\"input_create_lambda_function_url\"\u003e\u003c/a\u003e [create\\_lambda\\_function\\_url](#input\\_create\\_lambda\\_function\\_url) | Controls whether the Lambda Function URL resource should be created | `bool` | `false` | no |\n| \u003ca name=\"input_create_layer\"\u003e\u003c/a\u003e [create\\_layer](#input\\_create\\_layer) | Controls whether Lambda Layer resource should be created | `bool` | `false` | no |\n| \u003ca name=\"input_create_package\"\u003e\u003c/a\u003e [create\\_package](#input\\_create\\_package) | Controls whether Lambda package should be created | `bool` | `true` | no |\n| \u003ca name=\"input_create_role\"\u003e\u003c/a\u003e [create\\_role](#input\\_create\\_role) | Controls whether IAM role for Lambda Function should be created | `bool` | `true` | no |\n| \u003ca name=\"input_create_sam_metadata\"\u003e\u003c/a\u003e [create\\_sam\\_metadata](#input\\_create\\_sam\\_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no |\n| \u003ca name=\"input_create_unqualified_alias_allowed_triggers\"\u003e\u003c/a\u003e [create\\_unqualified\\_alias\\_allowed\\_triggers](#input\\_create\\_unqualified\\_alias\\_allowed\\_triggers) | Whether to allow triggers on unqualified alias pointing to $LATEST version | `bool` | `true` | no |\n| \u003ca name=\"input_create_unqualified_alias_async_event_config\"\u003e\u003c/a\u003e [create\\_unqualified\\_alias\\_async\\_event\\_config](#input\\_create\\_unqualified\\_alias\\_async\\_event\\_config) | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | `bool` | `true` | no |\n| \u003ca name=\"input_create_unqualified_alias_lambda_function_url\"\u003e\u003c/a\u003e [create\\_unqualified\\_alias\\_lambda\\_function\\_url](#input\\_create\\_unqualified\\_alias\\_lambda\\_function\\_url) | Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL | `bool` | `true` | no |\n| \u003ca name=\"input_dead_letter_target_arn\"\u003e\u003c/a\u003e [dead\\_letter\\_target\\_arn](#input\\_dead\\_letter\\_target\\_arn) | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | `string` | `null` | no |\n| \u003ca name=\"input_description\"\u003e\u003c/a\u003e [description](#input\\_description) | Description of your Lambda Function (or Layer) | `string` | `\"\"` | no |\n| \u003ca name=\"input_destination_on_failure\"\u003e\u003c/a\u003e [destination\\_on\\_failure](#input\\_destination\\_on\\_failure) | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | `string` | `null` | no |\n| \u003ca name=\"input_destination_on_success\"\u003e\u003c/a\u003e [destination\\_on\\_success](#input\\_destination\\_on\\_success) | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | `string` | `null` | no |\n| \u003ca name=\"input_docker_additional_options\"\u003e\u003c/a\u003e [docker\\_additional\\_options](#input\\_docker\\_additional\\_options) | Additional options to pass to the docker run command (e.g. to set environment variables, volumes, etc.) | `list(string)` | `[]` | no |\n| \u003ca name=\"input_docker_build_root\"\u003e\u003c/a\u003e [docker\\_build\\_root](#input\\_docker\\_build\\_root) | Root dir where to build in Docker | `string` | `\"\"` | no |\n| \u003ca name=\"input_docker_entrypoint\"\u003e\u003c/a\u003e [docker\\_entrypoint](#input\\_docker\\_entrypoint) | Path to the Docker entrypoint to use | `string` | `null` | no |\n| \u003ca name=\"input_docker_file\"\u003e\u003c/a\u003e [docker\\_file](#input\\_docker\\_file) | Path to a Dockerfile when building in Docker | `string` | `\"\"` | no |\n| \u003ca name=\"input_docker_image\"\u003e\u003c/a\u003e [docker\\_image](#input\\_docker\\_image) | Docker image to use for the build | `string` | `\"\"` | no |\n| \u003ca name=\"input_docker_pip_cache\"\u003e\u003c/a\u003e [docker\\_pip\\_cache](#input\\_docker\\_pip\\_cache) | Whether to mount a shared pip cache folder into docker environment or not | `any` | `null` | no |\n| \u003ca name=\"input_docker_with_ssh_agent\"\u003e\u003c/a\u003e [docker\\_with\\_ssh\\_agent](#input\\_docker\\_with\\_ssh\\_agent) | Whether to pass SSH\\_AUTH\\_SOCK into docker environment or not | `bool` | `false` | no |\n| \u003ca name=\"input_environment_variables\"\u003e\u003c/a\u003e [environment\\_variables](#input\\_environment\\_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_ephemeral_storage_size\"\u003e\u003c/a\u003e [ephemeral\\_storage\\_size](#input\\_ephemeral\\_storage\\_size) | Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | `number` | `512` | no |\n| \u003ca name=\"input_event_source_mapping\"\u003e\u003c/a\u003e [event\\_source\\_mapping](#input\\_event\\_source\\_mapping) | Map of event source mapping | `any` | `{}` | no |\n| \u003ca name=\"input_file_system_arn\"\u003e\u003c/a\u003e [file\\_system\\_arn](#input\\_file\\_system\\_arn) | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | `string` | `null` | no |\n| \u003ca name=\"input_file_system_local_mount_path\"\u003e\u003c/a\u003e [file\\_system\\_local\\_mount\\_path](#input\\_file\\_system\\_local\\_mount\\_path) | The path where the function can access the file system, starting with /mnt/. | `string` | `null` | no |\n| \u003ca name=\"input_function_name\"\u003e\u003c/a\u003e [function\\_name](#input\\_function\\_name) | A unique name for your Lambda Function | `string` | `\"\"` | no |\n| \u003ca name=\"input_function_tags\"\u003e\u003c/a\u003e [function\\_tags](#input\\_function\\_tags) | A map of tags to assign only to the lambda function | `map(string)` | `{}` | no |\n| \u003ca name=\"input_handler\"\u003e\u003c/a\u003e [handler](#input\\_handler) | Lambda Function entrypoint in your code | `string` | `\"\"` | no |\n| \u003ca name=\"input_hash_extra\"\u003e\u003c/a\u003e [hash\\_extra](#input\\_hash\\_extra) | The string to add into hashing function. Useful when building same source path for different functions. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ignore_source_code_hash\"\u003e\u003c/a\u003e [ignore\\_source\\_code\\_hash](#input\\_ignore\\_source\\_code\\_hash) | Whether to ignore changes to the function's source code hash. Set to true if you manage infrastructure and code deployments separately. | `bool` | `false` | no |\n| \u003ca name=\"input_image_config_command\"\u003e\u003c/a\u003e [image\\_config\\_command](#input\\_image\\_config\\_command) | The CMD for the docker image | `list(string)` | `[]` | no |\n| \u003ca name=\"input_image_config_entry_point\"\u003e\u003c/a\u003e [image\\_config\\_entry\\_point](#input\\_image\\_config\\_entry\\_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no |\n| \u003ca name=\"input_image_config_working_directory\"\u003e\u003c/a\u003e [image\\_config\\_working\\_directory](#input\\_image\\_config\\_working\\_directory) | The working directory for the docker image | `string` | `null` | no |\n| \u003ca name=\"input_image_uri\"\u003e\u003c/a\u003e [image\\_uri](#input\\_image\\_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no |\n| \u003ca name=\"input_include_default_tag\"\u003e\u003c/a\u003e [include\\_default\\_tag](#input\\_include\\_default\\_tag) | [Deprecated] Set to false to not include the default tag in the tags map. | `bool` | `true` | no |\n| \u003ca name=\"input_invoke_mode\"\u003e\u003c/a\u003e [invoke\\_mode](#input\\_invoke\\_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE\\_STREAM. | `string` | `null` | no |\n| \u003ca name=\"input_ipv6_allowed_for_dual_stack\"\u003e\u003c/a\u003e [ipv6\\_allowed\\_for\\_dual\\_stack](#input\\_ipv6\\_allowed\\_for\\_dual\\_stack) | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets | `bool` | `null` | no |\n| \u003ca name=\"input_kms_key_arn\"\u003e\u003c/a\u003e [kms\\_key\\_arn](#input\\_kms\\_key\\_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no |\n| \u003ca name=\"input_lambda_at_edge\"\u003e\u003c/a\u003e [lambda\\_at\\_edge](#input\\_lambda\\_at\\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no |\n| \u003ca name=\"input_lambda_at_edge_logs_all_regions\"\u003e\u003c/a\u003e [lambda\\_at\\_edge\\_logs\\_all\\_regions](#input\\_lambda\\_at\\_edge\\_logs\\_all\\_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no |\n| \u003ca name=\"input_lambda_role\"\u003e\u003c/a\u003e [lambda\\_role](#input\\_lambda\\_role) | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `\"\"` | no |\n| \u003ca name=\"input_layer_name\"\u003e\u003c/a\u003e [layer\\_name](#input\\_layer\\_name) | Name of Lambda Layer to create | `string` | `\"\"` | no |\n| \u003ca name=\"input_layer_skip_destroy\"\u003e\u003c/a\u003e [layer\\_skip\\_destroy](#input\\_layer\\_skip\\_destroy) | Whether to retain the old version of a previously deployed Lambda Layer. | `bool` | `false` | no |\n| \u003ca name=\"input_layers\"\u003e\u003c/a\u003e [layers](#input\\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `null` | no |\n| \u003ca name=\"input_license_info\"\u003e\u003c/a\u003e [license\\_info](#input\\_license\\_info) | License info for your Lambda Layer. Eg, MIT or full url of a license. | `string` | `\"\"` | no |\n| \u003ca name=\"input_local_existing_package\"\u003e\u003c/a\u003e [local\\_existing\\_package](#input\\_local\\_existing\\_package) | The absolute path to an existing zip-file to use | `string` | `null` | no |\n| \u003ca name=\"input_logging_application_log_level\"\u003e\u003c/a\u003e [logging\\_application\\_log\\_level](#input\\_logging\\_application\\_log\\_level) | The application log level of the Lambda Function. Valid values are \"TRACE\", \"DEBUG\", \"INFO\", \"WARN\", \"ERROR\", or \"FATAL\". | `string` | `\"INFO\"` | no |\n| \u003ca name=\"input_logging_log_format\"\u003e\u003c/a\u003e [logging\\_log\\_format](#input\\_logging\\_log\\_format) | The log format of the Lambda Function. Valid values are \"JSON\" or \"Text\". | `string` | `\"Text\"` | no |\n| \u003ca name=\"input_logging_log_group\"\u003e\u003c/a\u003e [logging\\_log\\_group](#input\\_logging\\_log\\_group) | The CloudWatch log group to send logs to. | `string` | `null` | no |\n| \u003ca name=\"input_logging_system_log_level\"\u003e\u003c/a\u003e [logging\\_system\\_log\\_level](#input\\_logging\\_system\\_log\\_level) | The system log level of the Lambda Function. Valid values are \"DEBUG\", \"INFO\", or \"WARN\". | `string` | `\"INFO\"` | no |\n| \u003ca name=\"input_maximum_event_age_in_seconds\"\u003e\u003c/a\u003e [maximum\\_event\\_age\\_in\\_seconds](#input\\_maximum\\_event\\_age\\_in\\_seconds) | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | `number` | `null` | no |\n| \u003ca name=\"input_maximum_retry_attempts\"\u003e\u003c/a\u003e [maximum\\_retry\\_attempts](#input\\_maximum\\_retry\\_attempts) | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | `number` | `null` | no |\n| \u003ca name=\"input_memory_size\"\u003e\u003c/a\u003e [memory\\_size](#input\\_memory\\_size) | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | `number` | `128` | no |\n| \u003ca name=\"input_number_of_policies\"\u003e\u003c/a\u003e [number\\_of\\_policies](#input\\_number\\_of\\_policies) | Number of policies to attach to IAM role for Lambda Function | `number` | `0` | no |\n| \u003ca name=\"input_number_of_policy_jsons\"\u003e\u003c/a\u003e [number\\_of\\_policy\\_jsons](#input\\_number\\_of\\_policy\\_jsons) | Number of policies JSON to attach to IAM role for Lambda Function | `number` | `0` | no |\n| \u003ca name=\"input_package_type\"\u003e\u003c/a\u003e [package\\_type](#input\\_package\\_type) | The Lambda deployment package type. Valid options: Zip or Image | `string` | `\"Zip\"` | no |\n| \u003ca name=\"input_policies\"\u003e\u003c/a\u003e [policies](#input\\_policies) | List of policy statements ARN to attach to Lambda Function role | `list(string)` | `[]` | no |\n| \u003ca name=\"input_policy\"\u003e\u003c/a\u003e [policy](#input\\_policy) | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no |\n| \u003ca name=\"input_policy_json\"\u003e\u003c/a\u003e [policy\\_json](#input\\_policy\\_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no |\n| \u003ca name=\"input_policy_jsons\"\u003e\u003c/a\u003e [policy\\_jsons](#input\\_policy\\_jsons) | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no |\n| \u003ca name=\"input_policy_name\"\u003e\u003c/a\u003e [policy\\_name](#input\\_policy\\_name) | IAM policy name. It override the default value, which is the same as role\\_name | `string` | `null` | no |\n| \u003ca name=\"input_policy_statements\"\u003e\u003c/a\u003e [policy\\_statements](#input\\_policy\\_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no |\n| \u003ca name=\"input_provisioned_concurrent_executions\"\u003e\u003c/a\u003e [provisioned\\_concurrent\\_executions](#input\\_provisioned\\_concurrent\\_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no |\n| \u003ca name=\"input_publish\"\u003e\u003c/a\u003e [publish](#input\\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no |\n| \u003ca name=\"input_putin_khuylo\"\u003e\u003c/a\u003e [putin\\_khuylo](#input\\_putin\\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no |\n| \u003ca name=\"input_quiet_archive_local_exec\"\u003e\u003c/a\u003e [quiet\\_archive\\_local\\_exec](#input\\_quiet\\_archive\\_local\\_exec) | Whether to disable archive local execution output | `bool` | `true` | no |\n| \u003ca name=\"input_recreate_missing_package\"\u003e\u003c/a\u003e [recreate\\_missing\\_package](#input\\_recreate\\_missing\\_package) | Whether to recreate missing Lambda package if it is missing locally or not | `bool` | `true` | no |\n| \u003ca name=\"input_recursive_loop\"\u003e\u003c/a\u003e [recursive\\_loop](#input\\_recursive\\_loop) | Lambda function recursion configuration. Valid values are Allow or Terminate. | `string` | `null` | no |\n| \u003ca name=\"input_region\"\u003e\u003c/a\u003e [region](#input\\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no |\n| \u003ca name=\"input_replace_security_groups_on_destroy\"\u003e\u003c/a\u003e [replace\\_security\\_groups\\_on\\_destroy](#input\\_replace\\_security\\_groups\\_on\\_destroy) | (Optional) When true, all security groups defined in vpc\\_security\\_group\\_ids will be replaced with the default security group after the function is destroyed. Set the replacement\\_security\\_group\\_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no |\n| \u003ca name=\"input_replacement_security_group_ids\"\u003e\u003c/a\u003e [replacement\\_security\\_group\\_ids](#input\\_replacement\\_security\\_group\\_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace\\_security\\_groups\\_on\\_destroy must be set to true to use this attribute. | `list(string)` | `null` | no |\n| \u003ca name=\"input_reserved_concurrent_executions\"\u003e\u003c/a\u003e [reserved\\_concurrent\\_executions](#input\\_reserved\\_concurrent\\_executions) | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | `number` | `-1` | no |\n| \u003ca name=\"input_role_description\"\u003e\u003c/a\u003e [role\\_description](#input\\_role\\_description) | Description of IAM role to use for Lambda Function | `string` | `null` | no |\n| \u003ca name=\"input_role_force_detach_policies\"\u003e\u003c/a\u003e [role\\_force\\_detach\\_policies](#input\\_role\\_force\\_detach\\_policies) | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no |\n| \u003ca name=\"input_role_maximum_session_duration\"\u003e\u003c/a\u003e [role\\_maximum\\_session\\_duration](#input\\_role\\_maximum\\_session\\_duration) | Maximum session duration, in seconds, for the IAM role | `number` | `3600` | no |\n| \u003ca name=\"input_role_name\"\u003e\u003c/a\u003e [role\\_name](#input\\_role\\_name) | Name of IAM role to use for Lambda Function | `string` | `null` | no |\n| \u003ca name=\"input_role_path\"\u003e\u003c/a\u003e [role\\_path](#input\\_role\\_path) | Path of IAM role to use for Lambda Function | `string` | `null` | no |\n| \u003ca name=\"input_role_permissions_boundary\"\u003e\u003c/a\u003e [role\\_permissions\\_boundary](#input\\_role\\_permissions\\_boundary) | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | `string` | `null` | no |\n| \u003ca name=\"input_role_tags\"\u003e\u003c/a\u003e [role\\_tags](#input\\_role\\_tags) | A map of tags to assign to IAM role | `map(string)` | `{}` | no |\n| \u003ca name=\"input_runtime\"\u003e\u003c/a\u003e [runtime](#input\\_runtime) | Lambda Function runtime | `string` | `\"\"` | no |\n| \u003ca name=\"input_s3_acl\"\u003e\u003c/a\u003e [s3\\_acl](#input\\_s3\\_acl) | The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, and bucket-owner-full-control. Defaults to private. | `string` | `\"private\"` | no |\n| \u003ca name=\"input_s3_bucket\"\u003e\u003c/a\u003e [s3\\_bucket](#input\\_s3\\_bucket) | S3 bucket to store artifacts | `string` | `null` | no |\n| \u003ca name=\"input_s3_existing_package\"\u003e\u003c/a\u003e [s3\\_existing\\_package](#input\\_s3\\_existing\\_package) | The S3 bucket object with keys bucket, key, version pointing to an existing zip-file to use | `map(string)` | `null` | no |\n| \u003ca name=\"input_s3_kms_key_id\"\u003e\u003c/a\u003e [s3\\_kms\\_key\\_id](#input\\_s3\\_kms\\_key\\_id) | Specifies a custom KMS key to use for S3 object encryption. | `string` | `null` | no |\n| \u003ca name=\"input_s3_object_override_default_tags\"\u003e\u003c/a\u003e [s3\\_object\\_override\\_default\\_tags](#input\\_s3\\_object\\_override\\_default\\_tags) | Whether to override the default\\_tags from provider? NB: S3 objects support a maximum of 10 tags. | `bool` | `false` | no |\n| \u003ca name=\"input_s3_object_storage_class\"\u003e\u003c/a\u003e [s3\\_object\\_storage\\_class](#input\\_s3\\_object\\_storage\\_class) | Specifies the desired Storage Class for the artifact uploaded to S3. Can be either STANDARD, REDUCED\\_REDUNDANCY, ONEZONE\\_IA, INTELLIGENT\\_TIERING, or STANDARD\\_IA. | `string` | `\"ONEZONE_IA\"` | no |\n| \u003ca name=\"input_s3_object_tags\"\u003e\u003c/a\u003e [s3\\_object\\_tags](#input\\_s3\\_object\\_tags) | A map of tags to assign to S3 bucket object. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_s3_object_tags_only\"\u003e\u003c/a\u003e [s3\\_object\\_tags\\_only](#input\\_s3\\_object\\_tags\\_only) | Set to true to not merge tags with s3\\_object\\_tags. Useful to avoid breaching S3 Object 10 tag limit. | `bool` | `false` | no |\n| \u003ca name=\"input_s3_prefix\"\u003e\u003c/a\u003e [s3\\_prefix](#input\\_s3\\_prefix) | Directory name where artifacts should be stored in the S3 bucket. If unset, the path from `artifacts_dir` is used | `string` | `null` | no |\n| \u003ca name=\"input_s3_server_side_encryption\"\u003e\u003c/a\u003e [s3\\_server\\_side\\_encryption](#input\\_s3\\_server\\_side\\_encryption) | Specifies server-side encryption of the object in S3. Valid values are \"AES256\" and \"aws:kms\". | `string` | `null` | no |\n| \u003ca name=\"input_skip_destroy\"\u003e\u003c/a\u003e [skip\\_destroy](#input\\_skip\\_destroy) | Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. Useful for Lambda@Edge functions attached to CloudFront distributions. | `bool` | `null` | no |\n| \u003ca name=\"input_snap_start\"\u003e\u003c/a\u003e [snap\\_start](#input\\_snap\\_start) | (Optional) Snap start settings for low-latency startups | `bool` | `false` | no |\n| \u003ca name=\"input_source_path\"\u003e\u003c/a\u003e [source\\_path](#input\\_source\\_path) | The absolute path to a local file or directory containing your Lambda source code | `any` | `null` | no |\n| \u003ca name=\"input_store_on_s3\"\u003e\u003c/a\u003e [store\\_on\\_s3](#input\\_store\\_on\\_s3) | Whether to store produced artifacts on S3 or locally. | `bool` | `false` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_tenant_isolation_mode\"\u003e\u003c/a\u003e [tenant\\_isolation\\_mode](#input\\_tenant\\_isolation\\_mode) | Enable tenant isolation mode for the Lambda Function | `bool` | `false` | no |\n| \u003ca name=\"input_timeout\"\u003e\u003c/a\u003e [timeout](#input\\_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no |\n| \u003ca name=\"input_timeouts\"\u003e\u003c/a\u003e [timeouts](#input\\_timeouts) | Define maximum timeout for creating, updating, and deleting Lambda Function resources | `map(string)` | `{}` | no |\n| \u003ca name=\"input_tracing_mode\"\u003e\u003c/a\u003e [tracing\\_mode](#input\\_tracing\\_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no |\n| \u003ca name=\"input_trigger_on_package_timestamp\"\u003e\u003c/a\u003e [trigger\\_on\\_package\\_timestamp](#input\\_trigger\\_on\\_package\\_timestamp) | Whether to recreate the Lambda package if the timestamp changes | `bool` | `true` | no |\n| \u003ca name=\"input_trusted_entities\"\u003e\u003c/a\u003e [trusted\\_entities](#input\\_trusted\\_entities) | List of additional trusted entities for assuming Lambda Function role (trust relationship) | `any` | `[]` | no |\n| \u003ca name=\"input_use_existing_cloudwatch_log_group\"\u003e\u003c/a\u003e [use\\_existing\\_cloudwatch\\_log\\_group](#input\\_use\\_existing\\_cloudwatch\\_log\\_group) | Whether to use an existing CloudWatch log group or create new | `bool` | `false` | no |\n| \u003ca name=\"input_vpc_security_group_ids\"\u003e\u003c/a\u003e [vpc\\_security\\_group\\_ids](#input\\_vpc\\_security\\_group\\_ids) | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no |\n| \u003ca name=\"input_vpc_subnet_ids\"\u003e\u003c/a\u003e [vpc\\_subnet\\_ids](#input\\_vpc\\_subnet\\_ids) | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | `list(string)` | `null` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_lambda_cloudwatch_log_group_arn\"\u003e\u003c/a\u003e [lambda\\_cloudwatch\\_log\\_group\\_arn](#output\\_lambda\\_cloudwatch\\_log\\_group\\_arn) | The ARN of the Cloudwatch Log Group |\n| \u003ca name=\"output_lambda_cloudwatch_log_group_name\"\u003e\u003c/a\u003e [lambda\\_cloudwatch\\_log\\_group\\_name](#output\\_lambda\\_cloudwatch\\_log\\_group\\_name) | The name of the Cloudwatch Log Group |\n| \u003ca name=\"output_lambda_event_source_mapping_arn\"\u003e\u003c/a\u003e [lambda\\_event\\_source\\_mapping\\_arn](#output\\_lambda\\_event\\_source\\_mapping\\_arn) | The event source mapping ARN |\n| \u003ca name=\"output_lambda_event_source_mapping_function_arn\"\u003e\u003c/a\u003e [lambda\\_event\\_source\\_mapping\\_function\\_arn](#output\\_lambda\\_event\\_source\\_mapping\\_function\\_arn) | The the ARN of the Lambda function the event source mapping is sending events to |\n| \u003ca name=\"output_lambda_event_source_mapping_state\"\u003e\u003c/a\u003e [lambda\\_event\\_source\\_mapping\\_state](#output\\_lambda\\_event\\_source\\_mapping\\_state) | The state of the event source mapping |\n| \u003ca name=\"output_lambda_event_source_mapping_state_transition_reason\"\u003e\u003c/a\u003e [lambda\\_event\\_source\\_mapping\\_state\\_transition\\_reason](#output\\_lambda\\_event\\_source\\_mapping\\_state\\_transition\\_reason) | The reason the event source mapping is in its current state |\n| \u003ca name=\"output_lambda_event_source_mapping_uuid\"\u003e\u003c/a\u003e [lambda\\_event\\_source\\_mapping\\_uuid](#output\\_lambda\\_event\\_source\\_mapping\\_uuid) | The UUID of the created event source mapping |\n| \u003ca name=\"output_lambda_function_arn\"\u003e\u003c/a\u003e [lambda\\_function\\_arn](#output\\_lambda\\_function\\_arn) | The ARN of the Lambda Function |\n| \u003ca name=\"output_lambda_function_arn_static\"\u003e\u003c/a\u003e [lambda\\_function\\_arn\\_static](#output\\_lambda\\_function\\_arn\\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) |\n| \u003ca name=\"output_lambda_function_invoke_arn\"\u003e\u003c/a\u003e [lambda\\_function\\_invoke\\_arn](#output\\_lambda\\_function\\_invoke\\_arn) | The Invoke ARN of the Lambda Function |\n| \u003ca name=\"output_lambda_function_kms_key_arn\"\u003e\u003c/a\u003e [lambda\\_function\\_kms\\_key\\_arn](#output\\_lambda\\_function\\_kms\\_key\\_arn) | The ARN for the KMS encryption key of Lambda Function |\n| \u003ca name=\"output_lambda_function_last_modified\"\u003e\u003c/a\u003e [lambda\\_function\\_last\\_modified](#output\\_lambda\\_function\\_last\\_modified) | The date Lambda Function resource was last modified |\n| \u003ca name=\"output_lambda_function_name\"\u003e\u003c/a\u003e [lambda\\_function\\_name](#output\\_lambda\\_function\\_name) | The name of the Lambda Function |\n| \u003ca name=\"output_lambda_function_qualified_arn\"\u003e\u003c/a\u003e [lambda\\_function\\_qualified\\_arn](#output\\_lambda\\_function\\_qualified\\_arn) | The ARN identifying your Lambda Function Version |\n| \u003ca name=\"output_lambda_function_qualified_invoke_arn\"\u003e\u003c/a\u003e [lambda\\_function\\_qualified\\_invoke\\_arn](#output\\_lambda\\_function\\_qualified\\_invoke\\_arn) | The Invoke ARN identifying your Lambda Function Version |\n| \u003ca name=\"output_lambda_function_signing_job_arn\"\u003e\u003c/a\u003e [lambda\\_function\\_signing\\_job\\_arn](#output\\_lambda\\_function\\_signing\\_job\\_arn) | ARN of the signing job |\n| \u003ca name=\"output_lambda_function_signing_profile_version_arn\"\u003e\u003c/a\u003e [lambda\\_function\\_signing\\_profile\\_version\\_arn](#output\\_lambda\\_function\\_signing\\_profile\\_version\\_arn) | ARN of the signing profile version |\n| \u003ca name=\"output_lambda_function_source_code_hash\"\u003e\u003c/a\u003e [lambda\\_function\\_source\\_code\\_hash](#output\\_lambda\\_function\\_source\\_code\\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file |\n| \u003ca name=\"output_lambda_function_source_code_size\"\u003e\u003c/a\u003e [lambda\\_function\\_source\\_code\\_size](#output\\_lambda\\_function\\_source\\_code\\_size) | The size in bytes of the function .zip file |\n| \u003ca name=\"output_lambda_function_url\"\u003e\u003c/a\u003e [lambda\\_function\\_url](#output\\_lambda\\_function\\_url) | The URL of the Lambda Function URL |\n| \u003ca name=\"output_lambda_function_url_id\"\u003e\u003c/a\u003e [lambda\\_function\\_url\\_id](#output\\_lambda\\_function\\_url\\_id) | The Lambda Function URL generated id |\n| \u003ca name=\"output_lambda_function_version\"\u003e\u003c/a\u003e [lambda\\_function\\_version](#output\\_lambda\\_function\\_version) | Latest published version of Lambda Function |\n| \u003ca name=\"output_lambda_layer_arn\"\u003e\u003c/a\u003e [lambda\\_layer\\_arn](#output\\_lambda\\_layer\\_arn) | The ARN of the Lambda Layer with version |\n| \u003ca name=\"output_lambda_layer_created_date\"\u003e\u003c/a\u003e [lambda\\_layer\\_created\\_date](#output\\_lambda\\_layer\\_created\\_date) | The date Lambda Layer resource was created |\n| \u003ca name=\"output_lambda_layer_layer_arn\"\u003e\u003c/a\u003e [lambda\\_layer\\_layer\\_arn](#output\\_lambda\\_layer\\_layer\\_arn) | The ARN of the Lambda Layer without version |\n| \u003ca name=\"output_lambda_layer_source_code_size\"\u003e\u003c/a\u003e [lambda\\_layer\\_source\\_code\\_size](#output\\_lambda\\_layer\\_source\\_code\\_size) | The size in bytes of the Lambda Layer .zip file |\n| \u003ca name=\"output_lambda_layer_version\"\u003e\u003c/a\u003e [lambda\\_layer\\_version](#output\\_lambda\\_layer\\_version) | The Lambda Layer version |\n| \u003ca name=\"output_lambda_role_arn\"\u003e\u003c/a\u003e [lambda\\_role\\_arn](#output\\_lambda\\_role\\_arn) | The ARN of the IAM role created for the Lambda Function |\n| \u003ca name=\"output_lambda_role_name\"\u003e\u003c/a\u003e [lambda\\_role\\_name](#output\\_lambda\\_role\\_name) | The name of the IAM role created for the Lambda Function |\n| \u003ca name=\"output_lambda_role_unique_id\"\u003e\u003c/a\u003e [lambda\\_role\\_unique\\_id](#output\\_lambda\\_role\\_unique\\_id) | The unique id of the IAM role created for the Lambda Function |\n| \u003ca name=\"output_local_filename\"\u003e\u003c/a\u003e [local\\_filename](#output\\_local\\_filename) | The filename of zip archive deployed (if deployment was from local) |\n| \u003ca name=\"output_s3_object\"\u003e\u003c/a\u003e [s3\\_object](#output\\_s3\\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) |\n\u003c!-- END_TF_DOCS --\u003e\n\n## Development\n\n### Python\n\nDuring development involving modifying python files, use tox to run unit tests:\n\n```\ntox\n```\n\nThis will try to run unit tests which each supported python version, reporting errors for python versions which are not installed locally.\n\nIf you only want to test against your main python version:\n\n```\ntox -e py\n```\n\nYou can also pass additional positional arguments to pytest which is used to run test, e.g. to make it verbose:\n```\ntox -e py -- -vvv\n```\n\n## Authors\n\nModule managed by [Anton Babenko](https://github.com/antonbabenko). Check out [serverless.tf](https://serverless.tf) to learn more about doing serverless with Terraform.\n\nPlease reach out to [Betajob](https://www.betajob.com/) if you are looking for commercial support for your Terraform, AWS, or serverless project.\n\n## License\n\nApache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/LICENSE) for full details.\n\n## Additional information for users from Russia and Belarus\n\n* Russia has [illegally annexed Crimea in 2014](https://en.wikipedia.org/wiki/Annexation_of_Crimea_by_the_Russian_Federation) and [brought the war in Donbas](https://en.wikipedia.org/wiki/War_in_Donbas) followed by [full-scale invasion of Ukraine in 2022](https://en.wikipedia.org/wiki/2022_Russian_invasion_of_Ukraine).\n* Russia has brought sorrow and devastations to millions of Ukrainians, killed hundreds of innocent people, damaged thousands of buildings, and forced several million people to flee.\n* [Putin khuylo!](https://en.wikipedia.org/wiki/Putin_khuylo!)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fterraform-aws-modules%2Fterraform-aws-lambda","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fterraform-aws-modules%2Fterraform-aws-lambda","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fterraform-aws-modules%2Fterraform-aws-lambda/lists"}