Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/launchbynttdata/tf-aws-module_collection-lambda_function


https://github.com/launchbynttdata/tf-aws-module_collection-lambda_function

aws infrastructure-as-code platform-automation reference terraform

Last synced: 2 months ago
JSON representation

Awesome Lists containing this project

README 

          
# tf-aws-module_collection-lambda_function



[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)

[![License: CC BY-NC-ND 4.0](https://img.shields.io/badge/License-CC_BY--NC--ND_4.0-lightgrey.svg)](https://creativecommons.org/licenses/by-nc-nd/4.0/)



## Overview



This terrform module creates a Memcached cluster in AWS



## Pre-Commit hooks



[.pre-commit-config.yaml](.pre-commit-config.yaml) file defines certain `pre-commit` hooks that are relevant to terraform, golang and common linting tasks. There are no custom hooks added.



`commitlint` hook enforces commit message in certain format. The commit contains the following structural elements, to communicate intent to the consumers of your commit messages:



- **fix**: a commit of the type `fix` patches a bug in your codebase (this correlates with PATCH in Semantic Versioning).

- **feat**: a commit of the type `feat` introduces a new feature to the codebase (this correlates with MINOR in Semantic Versioning).

- **BREAKING CHANGE**: a commit that has a footer `BREAKING CHANGE:`, or appends a `!` after the type/scope, introduces a breaking API change (correlating with MAJOR in Semantic Versioning). A BREAKING CHANGE can be part of commits of any type.

footers other than BREAKING CHANGE:  may be provided and follow a convention similar to git trailer format.

- **build**: a commit of the type `build` adds changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)

- **chore**: a commit of the type `chore` adds changes that don't modify src or test files

- **ci**: a commit of the type `ci` adds changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)

- **docs**: a commit of the type `docs` adds documentation only changes

- **perf**: a commit of the type `perf` adds code change that improves performance

- **refactor**: a commit of the type `refactor` adds code change that neither fixes a bug nor adds a feature

- **revert**: a commit of the type `revert` reverts a previous commit

- **style**: a commit of the type `style` adds code changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)

- **test**: a commit of the type `test` adds missing tests or correcting existing tests



Base configuration used for this project is [commitlint-config-conventional (based on the Angular convention)](https://github.com/conventional-changelog/commitlint/tree/master/@commitlint/config-conventional#type-enum)



If you are a developer using vscode, [this](https://marketplace.visualstudio.com/items?itemName=joshbolduc.commitlint) plugin may be helpful.



`detect-secrets-hook` prevents new secrets from being introduced into the baseline. TODO: INSERT DOC LINK ABOUT HOOKS



In order for `pre-commit` hooks to work properly



- You need to have the pre-commit package manager installed. [Here](https://pre-commit.com/#install) are the installation instructions.

- `pre-commit` would install all the hooks when commit message is added by default except for `commitlint` hook. `commitlint` hook would need to be installed manually using the command below



```

pre-commit install --hook-type commit-msg

```



## To test the resource group module locally



1. For development/enhancements to this module locally, you'll need to install all of its components. This is controlled by the `configure` target in the project's [`Makefile`](./Makefile). Before you can run `configure`, familiarize yourself with the variables in the `Makefile` and ensure they're pointing to the right places.



```

make configure

```



This adds in several files and directories that are ignored by `git`. They expose many new Make targets.



2. The first target you care about is `env`. This is the common interface for setting up environment variables. The values of the environment variables will be used to authenticate with cloud provider from local development workstation.



`make configure` command will bring down `aws_env.sh` file on local workstation. Developer would need to modify this file, replace the environment variable values with relevant values.



These environment variables are used by `terratest` integration suit.



Then run this make target to set the environment variables on developer workstation.



```

make env

```



3. The first target you care about is `check`.



**Pre-requisites**

Before running this target it is important to ensure that, developer has created files mentioned below on local workstation under root directory of git repository that contains code for primitives/segments. Note that these files are `aws` specific. If primitive/segment under development uses any other cloud provider than AWS, this section may not be relevant.



- A file named `provider.tf` with contents below



```

provider "aws" {

  profile = ""

  region  = ""

}

```



- A file named `terraform.tfvars` which contains key value pair of variables used.



Note that since these files are added in `gitignore` they would not be checked in into primitive/segment's git repo.



After creating these files, for running tests associated with the primitive/segment, run



```

make check

```



If `make check` target is successful, developer is good to commit the code to primitive/segment's git repo.



`make check` target



- runs `terraform commands` to `lint`,`validate` and `plan` terraform code.

- runs `conftests`. `conftests` make sure `policy` checks are successful.

- runs `terratest`. This is integration test suit.

- runs `opa` tests



# Know Issues

Currently, the `encrypt at transit` is not supported in terraform. There is an open issue for this logged with Hashicorp - https://github.com/hashicorp/terraform-provider-aws/pull/26987



## Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.5.0, <= 1.5.5 |

|  [aws](#requirement\_aws) | ~> 5.0 |



## Providers



No providers.



## Modules



| Name | Source | Version |

|------|--------|---------|

|  [lambda\_function](#module\_lambda\_function) | terraform-aws-modules/lambda/aws | ~> 5.2.0 |

|  [resource\_names](#module\_resource\_names) | git::https://github.com/launchbynttdata/tf-launch-module_library-resource_name.git | 1.0.0 |

|  [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.17.1 |

|  [alb](#module\_alb) | terraform-aws-modules/alb/aws | ~> 8.6.0 |

|  [kms\_key](#module\_kms\_key) | terraform-aws-modules/kms/aws | ~> 1.5.0 |

|  [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.10.1 |

|  [dns\_record](#module\_dns\_record) | git::https://github.com/launchbynttdata/tf-aws-module_primitive-dns_record.git | 1.0.0 |

|  [acm](#module\_acm) | terraform-aws-modules/acm/aws | ~> 4.3.2 |

|  [eventbridge](#module\_eventbridge) | terraform-aws-modules/eventbridge/aws | ~> 3.7 |



## Resources



No resources.



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [security\_group](#input\_security\_group) | Default security group to be attached | 
object({
    ingress_rules            = optional(list(string))
    ingress_cidr_blocks      = optional(list(string))
    ingress_with_cidr_blocks = optional(list(map(string)))
    egress_rules             = optional(list(string))
    egress_cidr_blocks       = optional(list(string))
    egress_with_cidr_blocks  = optional(list(map(string)))
  })
 | `null` | no |

|  [zip\_file\_path](#input\_zip\_file\_path) | Path of the source zip file with respect to module root | `string` | `null` | no |

|  [environment](#input\_environment) | Environment in which the resource should be provisioned like dev, qa, prod etc. | `string` | `"dev"` | no |

|  [environment\_number](#input\_environment\_number) | The environment count for the respective environment. Defaults to 000. Increments in value of 1 | `string` | `"000"` | no |

|  [region](#input\_region) | AWS Region in which the infra needs to be provisioned | `string` | `"us-east-2"` | no |

|  [resource\_number](#input\_resource\_number) | The resource count for the respective resource. Defaults to 000. Increments in value of 1 | `string` | `"000"` | no |

|  [logical\_product\_family](#input\_logical\_product\_family) | (Required) Name of the product family for which the resource is created.
    Example: org\_name, department\_name. | `string` | n/a | yes |

|  [logical\_product\_service](#input\_logical\_product\_service) | (Required) Name of the product service for which the resource is created.
    For example, backend, frontend, middleware etc. | `string` | n/a | yes |

|  [resource\_names\_map](#input\_resource\_names\_map) | A map of key to resource\_name that will be used by tf-launch-module\_library-resource\_name to generate resource names | 
map(object(
    {
      name       = string
      max_length = optional(number, 60)
    }
  ))
 | 
{
  "acm": {
    "max_length": 31,
    "name": "acm"
  },
  "alb": {
    "max_length": 31,
    "name": "alb"
  },
  "alb_http_listener": {
    "max_length": 60,
    "name": "http"
  },
  "alb_tg": {
    "max_length": 31,
    "name": "albtg"
  },
  "eventbridge_role": {
    "max_length": 60,
    "name": "ebrole"
  },
  "function": {
    "max_length": 60,
    "name": "fn"
  },
  "s3_kms": {
    "max_length": 60,
    "name": "s3kms"
  },
  "s3_logs": {
    "max_length": 63,
    "name": "logs"
  },
  "security_group": {
    "max_length": 60,
    "name": "sg"
  }
}
 | no |

|  [create\_alb](#input\_create\_alb) | Set false if you do not want to create an ALB with the MQ | `bool` | `true` | no |

|  [is\_internal](#input\_is\_internal) | Whether this load balancer is internal or public facing | `bool` | `true` | no |

|  [http\_tcp\_listeners](#input\_http\_tcp\_listeners) | Ingress rules to be attached to ECS Service Security Group | 
list(object({
    port               = number
    protocol           = string
    target_group_index = number
    action_type        = optional(string)
    redirect           = optional(map(string))
  }))
 | 
[
  {
    "action_type": "redirect",
    "port": 80,
    "protocol": "HTTP",
    "redirect": {
      "port": "443",
      "protocol": "HTTPS",
      "status_code": "HTTP_301"
    },
    "target_group_index": 0
  }
]
 | no |

|  [load\_balancer\_type](#input\_load\_balancer\_type) | The type of the load balancer. Default is 'application' | `string` | `"application"` | no |

|  [target\_groups](#input\_target\_groups) | Egress rules to be attached to ECS Service Security Group | 
list(object({
    name        = string
    target_type = string
  }))
 | `[]` | no |

|  [use\_https\_listeners](#input\_use\_https\_listeners) | Set true if you want to use HTTPS and a private cert | `bool` | `true` | no |

|  [create\_dns](#input\_create\_dns) | Set false if you do not want to create a DNS record for the ALBs | `bool` | `true` | no |

|  [zone\_id](#input\_zone\_id) | Zone ID of the hosted zone. Conflicts with zone\_name | `string` | `null` | no |

|  [zone\_name](#input\_zone\_name) | DNS Hosted zone in this record for this cluster will be created. Required when create\_custom\_dns\_record=true | `string` | `"test10534.demo.local"` | no |

|  [vpc\_id](#input\_vpc\_id) | The VPC ID of the VPC where infrastructure will be provisioned | `string` | `null` | no |

|  [create\_security\_group](#input\_create\_security\_group) | Set false if you do not want to create a security group (no VPC) | `bool` | `true` | no |

|  [create\_package](#input\_create\_package) | Controls whether Lambda package should be created | `bool` | `false` | no |

|  [create\_lambda\_function\_url](#input\_create\_lambda\_function\_url) | Controls whether the Lambda Function URL resource should be created | `bool` | `true` | no |

|  [block\_public\_acls](#input\_block\_public\_acls) | Whether Amazon S3 should block public ACLs for this bucket. | `bool` | `true` | no |

|  [block\_public\_policy](#input\_block\_public\_policy) | Whether Amazon S3 should block public bucket policies for this bucket. | `bool` | `true` | no |

|  [ignore\_public\_acls](#input\_ignore\_public\_acls) | Whether Amazon S3 should ignore public ACLs for this bucket. | `bool` | `true` | no |

|  [kms\_s3\_key\_arn](#input\_kms\_s3\_key\_arn) | ARN of the AWS S3 key used for S3 bucket encryption | `string` | `null` | no |

|  [kms\_s3\_key\_sse\_algorithm](#input\_kms\_s3\_key\_sse\_algorithm) | Server-side encryption algorithm to use. Valid values are AES256 and aws:kms | `string` | `"aws:kms"` | no |

|  [restrict\_public\_buckets](#input\_restrict\_public\_buckets) | Whether Amazon S3 should restrict public bucket policies for this bucket. | `bool` | `true` | no |

|  [authorization\_type](#input\_authorization\_type) | The type of authentication that the Lambda Function URL uses. Set to 'AWS\_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. | `string` | `"NONE"` | no |

|  [cors](#input\_cors) | CORS settings to be used by the Lambda Function URL | `any` | `{}` | no |

|  [invoke\_mode](#input\_invoke\_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE\_STREAM. | `string` | `null` | no |

|  [lambda\_at\_edge](#input\_lambda\_at\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no |

|  [handler](#input\_handler) | Lambda Function entrypoint in your code | `string` | `"index.lambda_handler"` | no |

|  [runtime](#input\_runtime) | Lambda Function runtime | `string` | `"python3.9"` | no |

|  [description](#input\_description) | Description of your Lambda Function | `string` | `""` | no |

|  [memory\_size](#input\_memory\_size) | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | `number` | `128` | no |

|  [ephemeral\_storage\_size](#input\_ephemeral\_storage\_size) | Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | `number` | `512` | no |

|  [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `true` | no |

|  [timeout](#input\_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no |

|  [dead\_letter\_target\_arn](#input\_dead\_letter\_target\_arn) | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | `string` | `null` | no |

|  [environment\_variables](#input\_environment\_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no |

|  [vpc\_subnet\_ids](#input\_vpc\_subnet\_ids) | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | `list(string)` | `null` | no |

|  [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no |

|  [attach\_dead\_letter\_policy](#input\_attach\_dead\_letter\_policy) | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | `bool` | `false` | no |

|  [attach\_network\_policy](#input\_attach\_network\_policy) | Controls whether VPC/network policy should be added to IAM role for Lambda Function | `bool` | `true` | no |

|  [attach\_policy\_json](#input\_attach\_policy\_json) | Controls whether policy\_json should be added to IAM role for Lambda Function | `bool` | `false` | no |

|  [attach\_policies](#input\_attach\_policies) | Controls whether list of policies should be added to IAM role for Lambda Function | `bool` | `false` | no |

|  [number\_of\_policies](#input\_number\_of\_policies) | Number of policies to attach to IAM role for Lambda Function | `number` | `0` | no |

|  [trusted\_entities](#input\_trusted\_entities) | List of additional trusted entities for assuming Lambda Function role (trust relationship) | `any` | `[]` | no |

|  [policy\_json](#input\_policy\_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no |

|  [policies](#input\_policies) | List of policy statements ARN to attach to Lambda Function role | `list(string)` | `[]` | no |

|  [s3\_prefix](#input\_s3\_prefix) | Directory name where artifacts should be stored in the S3 bucket. If unset, the path from `artifacts_dir` is used | `string` | `null` | no |

|  [ignore\_source\_code\_hash](#input\_ignore\_source\_code\_hash) | Whether to ignore changes to the function's source code hash. Set to true if you manage infrastructure and code deployments separately. | `bool` | `false` | no |

|  [s3\_existing\_package](#input\_s3\_existing\_package) | The S3 bucket object with keys bucket, key, version pointing to an existing zip-file to use | `map(string)` | `null` | no |

|  [store\_on\_s3](#input\_store\_on\_s3) | Whether to store produced artifacts on S3 or locally. | `bool` | `false` | no |

|  [s3\_bucket](#input\_s3\_bucket) | S3 bucket to store artifacts | `string` | `null` | no |

|  [source\_path](#input\_source\_path) | The absolute path to a local file or directory containing your Lambda source code | `any` | `null` | no |

|  [hash\_extra](#input\_hash\_extra) | The string to add into hashing function. Useful when building same source path for different functions. | `string` | `""` | no |

|  [create\_schedule](#input\_create\_schedule) | Enable scheduling for the lambda to run at a certain frequency. | `bool` | `false` | no |

|  [lambda\_schedule\_expression](#input\_lambda\_schedule\_expression) | Schedule expression to determine lambda frequency. Supports one-time schedule and recurring schedules, see https://docs.aws.amazon.com/scheduler/latest/UserGuide/schedule-types.html for specifics. | `string` | `null` | no |

|  [lambda\_schedule\_timezone](#input\_lambda\_schedule\_timezone) | IANA Timezone for the schedule expression. Defaults to America/New\_York. | `string` | `"America/New_York"` | no |

|  [lambda\_schedule\_payload](#input\_lambda\_schedule\_payload) | An optional payload to use when invoking the lambda function through EventBridge | `map(any)` | `{}` | no |

|  [lambda\_layers](#input\_lambda\_layers) | (Optional) List of ARNs of Lambda Layers to include with this function, up to a maximum of 5. | `list(string)` | `null` | no |

|  [architectures](#input\_architectures) | (Optional) Instruction set architecture for your Lambda function. Valid architectures are x86\_64 (default) and arm64. | `list(string)` | 
[
  "x86_64"
]
 | no |

|  [attach\_tracing\_policy](#input\_attach\_tracing\_policy) | Controls whether X-Ray tracing policy should be added to the IAM role for this Lambda function. | `bool` | `false` | no |

|  [tracing\_mode](#input\_tracing\_mode) | (Optional) Tracing mode for your Lambda function. Valid tracing modes are `PassThrough` and `Active`. | `string` | `null` | no |



## Outputs



| Name | Description |

|------|-------------|

|  [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function |

|  [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) |

|  [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function |

|  [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function |

|  [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version |

|  [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function |

|  [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified |

|  [lambda\_function\_kms\_key\_arn](#output\_lambda\_function\_kms\_key\_arn) | The ARN for the KMS encryption key of Lambda Function |

|  [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file |

|  [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file |

|  [lambda\_function\_url](#output\_lambda\_function\_url) | The URL of the Lambda Function URL |

|  [lambda\_function\_url\_id](#output\_lambda\_function\_url\_id) | The Lambda Function URL generated id |

|  [lambda\_layer\_arn](#output\_lambda\_layer\_arn) | The ARN of the Lambda Layer with version |

|  [lambda\_layer\_layer\_arn](#output\_lambda\_layer\_layer\_arn) | The ARN of the Lambda Layer without version |

|  [lambda\_layer\_created\_date](#output\_lambda\_layer\_created\_date) | The date Lambda Layer resource was created |

|  [lambda\_layer\_source\_code\_size](#output\_lambda\_layer\_source\_code\_size) | The size in bytes of the Lambda Layer .zip file |

|  [lambda\_layer\_version](#output\_lambda\_layer\_version) | The Lambda Layer version |

|  [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function |

|  [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function |

|  [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group |

|  [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) |

|  [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) |

|  [record\_fqdns](#output\_record\_fqdns) | FQDNs of the Route53 private DNS record(if enabled) |

|  [record\_names](#output\_record\_names) | Record names of the Route53 private DNS record (if enabled) |