Terraform module to create AWS Lambda resources with configurable event sources, IAM configuration (following the principal of least privilege), VPC as well as SSM/KMS and log streaming support.
The following event sources are supported (see examples):
- cloudwatch-scheduled-event: configures a CloudWatch Event Rule to trigger the Lambda on a regular, scheduled basis
- dynamodb: configures an Event Source Mapping to trigger the Lambda by DynamoDb events
- s3: configures permission to trigger the Lambda by S3
- sns: to trigger Lambda by SNS Topic Subscription
Furthermore this module supports:
- reading configuration and secrets from AWS Systems Manager Parameter Store including decryption of SecureString parameters
- CloudWatch Log group configuration including retention time and subscription filters e.g. to stream logs via Lambda to Elasticsearch
| module | terraform | branch |
|---|---|---|
| 4.x.x | 0.12.x | master |
| 3.x.x | 0.11.x | terraform_0.11x |
The module can be used for all runtimes supported by AWS Lambda (defaults to go1.x).
In general configure the Lambda function with all required variables and add an (optional) event source (see variables.tf for all available options).
provider "aws" {
region = "eu-west-1"
}
module "lambda" {
source = "spring-media/lambda/aws"
version = "4.3.0"
filename = "my-package.zip"
function_name = "my-function"
handler = "my-handler"
runtime = "go1.x"
// configurable event trigger, see examples
event = {
type = "cloudwatch-scheduled-event"
schedule_expression = "rate(1 minute)"
}
// optionally set environment configuration
environment = {
variables {
loglevel = "INFO"
}
}
// optionally enable VPC access
vpc_config = {
security_group_ids = ["sg-1"]
subnet_ids = ["subnet-1", "subnet-2"]
}
# optionally configure Parameter Store access with decryption
ssm_parameter_names = ["some/config/root/*"]
kms_key_arn = "arn:aws:kms:eu-west-1:647379381847:key/f79f2b-04684-4ad9-f9de8a-79d72f"
# optionally create a log subscription for streaming log events from CloudWatch to ElasticSearch
logfilter_destination_arn = "arn:aws:lambda:eu-west-1:647379381847:function:cloudwatch_logs_to_es_production"
}
- example-with-cloudwatch-scheduled-event
- example-with-dynamodb-event-source
- example-with-s3-event
- example-with-sns-event
- example-with-vpc
- example-without-event
In case you are using go for developing your Lambda functions, you can also use func to bootstrap your project and get started quickly.
Contributions are very welcome! Check out the Contribution Guidelines for instructions.
This Module follows the principles of Semantic Versioning. You can find each new release in the releases page.
During initial development, the major version will be 0 (e.g., 0.x.y), which indicates the code does not yet have a
stable API. Once we hit 1.0.0, we will make every effort to maintain a backwards compatible API and use the MAJOR,
MINOR, and PATCH versions on each release to indicate any incompatibilities.