AWS Lambda Terraform module
Deprecation warning
Further development of this module will be continued in moritzzimmer/terraform-aws-lambda. Users of spring-media/lambda/aws
should migrate to this module as a drop-in replacement for all provisions up to release/tag 5.2.1 to benefit from new features and bugfixes.
module "lambda" {
source = "moritzzimmer/lambda/aws"
version = "5.2.1"
filename = "my-package.zip"
function_name = "my-function"
handler = "my-handler"
runtime = "go1.x"
source_code_hash = filebase64sha256("${path.module}/my-package.zip")
}Terraform module to create AWS Lambda resources with configurable event sources, IAM configuration (following the principal of least privilege), VPC as well as SSM/KMS and log streaming support.
The following event sources are supported (see examples):
- cloudwatch-event: configures a CloudWatch Event Rule to trigger the Lambda by CloudWatch event pattern or on a regular, scheduled basis
- dynamodb: configures an Event Source Mapping to trigger the Lambda by DynamoDb events
- kinesis: configures an Event Source Mapping to trigger the Lambda by Kinesis events
- s3: configures permission to trigger the Lambda by S3
- sns: to trigger Lambda by SNS Topic Subscription
- sqs: configures an Event Source Mapping to trigger the Lambda by SQS events
Furthermore this module supports:
- reading configuration and secrets from AWS Systems Manager Parameter Store including decryption of SecureString parameters
- CloudWatch Log group configuration including retention time and subscription filters e.g. to stream logs via Lambda to Elasticsearch
Terraform version compatibility
| module | terraform | branch |
|---|---|---|
| 4.x.x | 0.12+ | master |
| 3.x.x | 0.11.x | terraform_0.11x |
How do I use this module?
The module can be used for all runtimes supported by AWS Lambda.
Deployment packages can be specified either directly as a local file (using the filename argument) or indirectly via Amazon S3 (using the s3_bucket, s3_key and s3_object_versions arguments), see documentation for details.
basic
provider "aws" {
region = "eu-west-1"
}
module "lambda" {
source = "spring-media/lambda/aws"
version = "5.2.1"
filename = "my-package.zip"
function_name = "my-function"
handler = "my-handler"
runtime = "go1.x"
source_code_hash = filebase64sha256("${path.module}/my-package.zip")
}with event trigger
module "lambda" {
// see above
event = {
type = "cloudwatch-event"
schedule_expression = "rate(1 minute)"
}
}in a VPC
module "lambda" {
// see above
vpc_config = {
security_group_ids = ["sg-1"]
subnet_ids = ["subnet-1", "subnet-2"]
}
}with access to parameter store
module "lambda" {
// see above
ssm_parameter_names = ["some/config/root/*"]
kms_key_arn = "arn:aws:kms:eu-west-1:647379381847:key/f79f2b-04684-4ad9-f9de8a-79d72f"
}with log subscription (stream to ElasticSearch)
module "lambda" {
// see above
logfilter_destination_arn = "arn:aws:lambda:eu-west-1:647379381847:function:cloudwatch_logs_to_es_production"
}Examples
- example-with-cloudwatch-event
- example-with-dynamodb-event
- example-with-kinesis-event
- example-with-s3-event
- example-with-sns-event
- example-with-sqs-event
- example-with-vpc
- example-without-event
How do I contribute to this module?
Contributions are very welcome! Check out the Contribution Guidelines for instructions.
How is this module versioned?
This Module follows the principles of Semantic Versioning. You can find each new release in the releases page.
During initial development, the major version will be 0 (e.g., 0.x.y), which indicates the code does not yet have a
stable API. Once we hit 1.0.0, we will make every effort to maintain a backwards compatible API and use the MAJOR,
MINOR, and PATCH versions on each release to indicate any incompatibilities.