Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/spectralops/spectral-terraform-lambda-integration

Terraform configuration used to create the required AWS resources for integrating between Spectral and external service providers.
https://github.com/spectralops/spectral-terraform-lambda-integration

Last synced: about 1 month ago
JSON representation

Terraform configuration used to create the required AWS resources for integrating between Spectral and external service providers.

Awesome Lists containing this project

README 

        
drawing



# spectral-lambda-integration



Terraform configuration used to create the required AWS resources for integrating between Spectral and external service providers.



## Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.3.0 |

|  [aws](#requirement\_aws) | >= 5.26.0 |



## Providers



| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | >= 5.26.0 |

|  [random](#provider\_random) | n/a |



## Modules



| Name | Source | Version |

|------|--------|---------|

|  [api\_gateway](#module\_api\_gateway) | ./modules/api_gateway | n/a |

|  [backend\_lambda\_function](#module\_backend\_lambda\_function) | ./modules/lambda | n/a |

|  [frontend\_lambda\_function](#module\_frontend\_lambda\_function) | ./modules/lambda | n/a |

|  [lambda\_function](#module\_lambda\_function) | ./modules/lambda | n/a |

|  [lambda\_role](#module\_lambda\_role) | ./modules/role | n/a |

|  [secrets\_manager](#module\_secrets\_manager) | ./modules/secrets_manager | n/a |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [backend\_lambda\_source\_code\_path](#input\_backend\_lambda\_source\_code\_path) | Path to the lambda source code zip file of the backend lambda | `string` | `null` | no |

|  [env\_vars](#input\_env\_vars) | Extendable object contains all required environment variables required for the integration. | `map(string)` | 
{
  "CHECK_POLICY": "Fail on errors only",
  "SPECTRAL_DSN": ""
}
 | no |

|  [environment](#input\_environment) | The target environment name for deployment. | `string` | `"prod"` | no |

|  [frontend\_lambda\_source\_code\_path](#input\_frontend\_lambda\_source\_code\_path) | Path to the lambda source code zip file of the frontend lambda | `string` | `null` | no |

|  [gateway\_api\_integration\_timeout\_milliseconds](#input\_gateway\_api\_integration\_timeout\_milliseconds) | Timeout for the API Gateway to wait for lambda response | `number` | `29000` | no |

|  [global\_tags](#input\_global\_tags) | A list of tags to apply on all newly created resources. | `map(string)` | 
{
  "BusinessUnit": "Spectral"
}
 | no |

|  [integration\_type](#input\_integration\_type) | Spectral integration type (A unique phrase describing the integration) - Available values: `github`, `terraform`, `jira` and `gitlab` | `string` | n/a | yes |

|  [lambda\_enable\_logs](#input\_lambda\_enable\_logs) | Specifies if Lambda should have CloudWatch a dedicated logs group. | `bool` | `false` | no |

|  [lambda\_function\_memory\_size](#input\_lambda\_function\_memory\_size) | Amount of memory in MB your Lambda Function can use at runtime. Defaults to 1024. | `number` | `1024` | no |

|  [lambda\_function\_timeout](#input\_lambda\_function\_timeout) | Amount of time your Lambda Function has to run in seconds. | `number` | `300` | no |

|  [lambda\_logs\_retention\_in\_days](#input\_lambda\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. | `number` | `30` | no |

|  [lambda\_publish](#input\_lambda\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no |

|  [lambda\_source\_code\_path](#input\_lambda\_source\_code\_path) | Path to the lambda source code zip file | `string` | `null` | no |

|  [resource\_name\_common\_part](#input\_resource\_name\_common\_part) | A common part for all resources created under the stack | `string` | `null` | no |

|  [secrets\_names](#input\_secrets\_names) | Names of secrets to create | `list(string)` | `null` | no |

|  [store\_secret\_in\_secrets\_manager](#input\_store\_secret\_in\_secrets\_manager) | Whether to store your secrets in secrets manager, default is false | `bool` | `false` | no |

|  [tags](#input\_tags) | A collection of tags grouped by key representing it's target resource. | `map(map(string))` | 
{
  "api_gateway": {},
  "iam": {},
  "lambda": {}
}
 | no |



### env_vars



In some integrations, Spectral requires some environment variables besides the default ones.

Those variables should be added to the `env_vars`.



Please refer to our [docs](https://guides.spectralops.io/docs/welcome-to-checkpoint-cloudguard-guides) / source pages to view the extra environment variables needed for the integration.



### global_tags



This variable holds a list of tags be applied on all newly created resources:



```tcl

{

  BusinessUnit = "Spectral"

  ...

}

```



### tags



This variable holds a collection of tags grouped by key representing its target resource:



1. IAM role resource - using the `iam` key

2. Lambda resource - using the `lambda` key

3. ApiGateway resource - using the `api_gateway` key



```tcl

{

  iam = {

    ...

  }

  lambda = {

    ...

  }

  api_gateway = {

    ...

  }

}

```



## Usage



```tcl

module "spectral_lambda_integration" {

  source                        = "github.com/SpectralOps/spectral-terraform-lambda-integration"



  environment                   = "prod"

  integration_type              = "terraform"

  lambda_enable_logs            = true

  lambda_logs_retention_in_days = 30

  lambda_publish                = false

  lambda_function_timeout       = 300

  lambda_function_memory_size   = 1024



  # Environment variables used by the integration

  env_vars = {

    # Mandatory (unless you are using vault) - Your spectral DSN retrieved from SpectralOps

    SPECTRAL_DSN       = ""

    # Additional env-vars should go here

  }



  # Global tags - Tags to be applied on every newly created resource

  global_tags = {

    # Tags to apply to all newly created resources

    BusinessUnit = "Spectral"

  }



  # Tags to be applied on concrete resources

  tags = {

    # Tags to apply on iam related resources

    iam = {

      Resource = "role"

    }

    # Tags to apply on lambda related resources

    lambda = {

      Resource = "lambda"

    }

    # Tags to apply on api_gateway related resources

    api_gateway = {

      Resource = "api_gateway"

    }

  }

}

```



## Resources



| Name      | Type |

| ----------- | ----------- |

| [aws_api_gateway_rest_api](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api) | resource |

| [aws_api_gateway_method](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method) | resource |

| [aws_api_gateway_method_response](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method_response) | resource |

| [aws_api_gateway_integration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_integration) | resource |

| [aws_api_gateway_deployment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_deployment) | resource |

| [aws_api_gateway_stage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_stage) | resource |

| [aws_lambda_permission](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |

| [aws_lambda_function](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |

| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |

| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |

| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data |



## Outputs



### This module has the following outputs



| Name | Description |

|------|-------------|

|  [lambda\_function\_arn](#output\_lambda\_function\_arn) | Amazon Resource Name (ARN) identifying your Lambda Function |

|  [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the lambda function |

|  [lambda\_iam\_role\_arn](#output\_lambda\_iam\_role\_arn) | Amazon Resource Name (ARN) specifying the role |

|  [lambda\_iam\_role\_name](#output\_lambda\_iam\_role\_name) | Name of the role |

|  [rest\_api\_arn](#output\_rest\_api\_arn) | Amazon Resource Name (ARN) identifying your Rest API |

|  [rest\_api\_execution\_arn](#output\_rest\_api\_execution\_arn) | The execution ARN part to be used in lambda\_permission's source\_arn, not concatenated to other allowed API resources |

|  [rest\_api\_id](#output\_rest\_api\_id) | The ID of the REST API |

|  [rest\_api\_lambda\_execution\_arn](#output\_rest\_api\_lambda\_execution\_arn) | The execution ARN part to be used in lambda\_permission's source\_arn, concatenated with allowed API resources (method & path) |

|  [rest\_api\_url](#output\_rest\_api\_url) | The URL for accessing the lambda through the ApiGateway |

|  [secrets\_arns](#output\_secrets\_arns) | Arns of created secrets in secrets manager |



## Support



For GitHub deployment - only bot version 2.x is supported.

The default GitHub bot version that this module deploys is 2.0.4, if you wish to use other versions please set local paths to the relevant ZIP files.