https://github.com/oozou/terraform-aws-lambda
Terraform Module to create lambda
https://github.com/oozou/terraform-aws-lambda
lambda terraform terraform-aws-lambda terraform-module terraform-public-module
Last synced: 4 months ago
JSON representation
Terraform Module to create lambda
- Host: GitHub
- URL: https://github.com/oozou/terraform-aws-lambda
- Owner: oozou
- License: apache-2.0
- Created: 2022-05-11T06:48:35.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2025-07-11T09:30:46.000Z (11 months ago)
- Last Synced: 2025-07-11T12:34:00.026Z (11 months ago)
- Topics: lambda, terraform, terraform-aws-lambda, terraform-module, terraform-public-module
- Language: HCL
- Homepage:
- Size: 925 KB
- Stars: 0
- Watchers: 8
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
README
# terraform-aws-lambda
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
| [archive](#requirement\_archive) | >= 2.0.0 |
| [aws](#requirement\_aws) | >= 5.0.0 |
| [null](#requirement\_null) | >= 3.0.0 |
## Providers
| Name | Version |
|------|---------|
| [archive](#provider\_archive) | >= 2.0.0 |
| [aws](#provider\_aws) | >= 5.0.0 |
| [null](#provider\_null) | >= 3.0.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [cloudwatch\_log\_group\_kms](#module\_cloudwatch\_log\_group\_kms) | oozou/kms-key/aws | 2.0.1 |
| [s3](#module\_s3) | oozou/s3/aws | 2.0.1 |
## Resources
| Name | Type |
|------|------|
| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
| [aws_iam_policy.ssm_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy.logs_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy_attachment.ssm_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
| [aws_lambda_permission.allow_serivce](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
| [aws_s3_object.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource |
| [aws_ssm_parameter.params](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |
| [null_resource.lambda](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [archive_file.this](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy_document.assume_role_policy_doc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.cloudwatch_log_group_kms_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.lambda_access_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.lambda_logs_policy_doc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.lambda_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.secret_access_policy_doc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_region.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [additional\_lambda\_log\_group\_kms\_policy](#input\_additional\_lambda\_log\_group\_kms\_policy) | Additional IAM policy document for the Lambda log group KMS key. | `string` | `null` | no |
| [additional\_lambda\_role\_policy\_arns](#input\_additional\_lambda\_role\_policy\_arns) | List of policies ARNs to attach to the lambda's created role | `list(string)` | `[]` | no |
| [archive\_file\_trigger](#input\_archive\_file\_trigger) | The map of string that will be used to determine trigger to do archive | `map(string)` | `{}` | no |
| [bucket\_name](#input\_bucket\_name) | Name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified. | `string` | `""` | no |
| [cloudwatch\_log\_group\_kms\_key\_arn](#input\_cloudwatch\_log\_group\_kms\_key\_arn) | The ARN for the KMS encryption key. | `string` | `null` | no |
| [cloudwatch\_log\_retention\_in\_days](#input\_cloudwatch\_log\_retention\_in\_days) | Retention day for cloudwatch log group | `number` | `90` | no |
| [compressed\_local\_file\_dir](#input\_compressed\_local\_file\_dir) | A path to the directory to store plan time generated local files | `string` | `""` | no |
| [dead\_letter\_target\_arn](#input\_dead\_letter\_target\_arn) | Dead letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. | `string` | `null` | no |
| [environment](#input\_environment) | Environment Variable used as a prefix | `string` | n/a | yes |
| [environment\_variables](#input\_environment\_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no |
| [handler](#input\_handler) | Function entrypoint in your code. | `string` | n/a | yes |
| [is\_create\_cloudwatch\_log\_group](#input\_is\_create\_cloudwatch\_log\_group) | Whether to create cloudwatch log group or not | `bool` | `true` | no |
| [is\_create\_default\_kms](#input\_is\_create\_default\_kms) | Whether to create cloudwatch log group kms or not | `bool` | `true` | no |
| [is\_create\_lambda\_bucket](#input\_is\_create\_lambda\_bucket) | Whether to create lambda bucket or not | `bool` | `false` | no |
| [is\_create\_lambda\_role](#input\_is\_create\_lambda\_role) | Whether to create lamda role or not | `bool` | `true` | no |
| [is\_edge](#input\_is\_edge) | Whether lambda is lambda@Edge or not | `bool` | `false` | no |
| [lambda\_permission\_configurations](#input\_lambda\_permission\_configurations) | principal - (Required) The principal who is getting this permission e.g., s3.amazonaws.com, an AWS account ID, or any valid AWS service principal such as events.amazonaws.com or sns.amazonaws.com.
source\_arn - (Optional) When the principal is an AWS service, the ARN of the specific resource within that service to grant permission to. Without this, any resource from
source\_account - (Optional) This parameter is used for S3 and SES. The AWS account ID (without a hyphen) of the source owner. | `any` | `{}` | no |
| [lambda\_role\_arn](#input\_lambda\_role\_arn) | The arn of role that already created by something to asso with lambda | `string` | `""` | no |
| [layer\_arns](#input\_layer\_arns) | (Optional) List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `[]` | no |
| [memory\_size](#input\_memory\_size) | (Optional) Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. | `number` | `128` | no |
| [name](#input\_name) | Name of the ECS cluster to create | `string` | n/a | yes |
| [prefix](#input\_prefix) | The prefix name of customer to be displayed in AWS console and resource | `string` | n/a | yes |
| [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | (Optional) Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency | `number` | `-1` | no |
| [runtime](#input\_runtime) | The runtime of the lambda function | `string` | n/a | yes |
| [source\_code\_dir](#input\_source\_code\_dir) | An absolute path to the directory containing the code to upload to lambda | `string` | `""` | no |
| [ssm\_params](#input\_ssm\_params) | Lambda@Edge does not support env vars, so it is a common pattern to exchange Env vars for SSM params.
! SECRET
you would have lookups in SSM, like:
`const someEnvValue = await ssmClient.getParameter({ Name: 'SOME_SSM_PARAM_NAME', WithDecryption: true })` | `map(string)` | `{}` | no |
| [tags](#input\_tags) | Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys | `map(any)` | `{}` | no |
| [timeout](#input\_timeout) | (Optional) Amount of time your Lambda Function has to run in seconds. Defaults to 3. | `number` | `3` | no |
| [tracing\_mode](#input\_tracing\_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `"PassThrough"` | no |
| [vpc\_config](#input\_vpc\_config) | For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC.
When you connect a function to a VPC, it can only access resources and the internet through that VPC. See VPC Settings.
security\_group\_ids - (Required) List of security group IDs associated with the Lambda function.
subnet\_ids\_to\_associate - (Required) List of subnet IDs associated with the Lambda function. |
object({
security_group_ids = list(string)
subnet_ids_to_associate = list(string)
}) | {
"security_group_ids": [],
"subnet_ids_to_associate": []
} | no |
## Outputs
| Name | Description |
|------|-------------|
| [arn](#output\_arn) | Amazon Resource Name (ARN) identifying your Lambda Function. |
| [execution\_role\_arn](#output\_execution\_role\_arn) | Role arn of lambda |
| [function\_arn](#output\_function\_arn) | function arn |
| [function\_name](#output\_function\_name) | Name of AWS Lambda function |