Module: Function

This module provides a Lambda function which logs to CloudWatch. If no image URI is provided it will also create an ECR repository for one to upload.

Contents

• Requirements
• Inputs
• Outputs
• Example
• Contributing

Requirements

Name	Version
terraform	>= 1.0
aws	>= 5.20

Inputs

Name	Description	Type	Default	Required
identifier	Unique identifier to differentiate global resources.	string	n/a	yes
policies	List of IAM policy ARNs for the Lambda's IAM role.	list(string)	[]	no
trigger	Object to define trigger of the Lambda function.	object	null	no
vpc_config	Object to define the subnets and security groups for the Lambda function.	object	null	no
log_config	Object to define logging configuration of the Lambda function to CloudWatch.	object	null	no
image	Object of the image which will be pulled by the Lambda function to execute.	object	null	no
architecture	Instruction set architecture for the Lambda function. Valid values are: 'x86_64' and 'arm64'.	string	"x86_64"	no
memory_size	Amount of memory in MB the Lambda function can use at runtime.	number	128	no
timeout	Amount of time the Lambda function has to run in seconds.	number	3	no
env_variables	A map of environment variables for the Lambda function at runtime.	map(string)	{}	no
tags	A map of tags to add to all resources.	map(string)	{}	no

trigger

Name	Description	Type	Default	Required
queue_arn	The ARN of the SQS queue, which triggers the Lambda function. Must be defined if 'stream_arn' is not defined.	string	null	no
batch_size	Amount of items a single Lambda invocation processes from the source.	number	1	no
max_concurrency	Maximum amount of Lambda functions the SQS queue invokes concurrently.	number	1000	no
max_retries	Maximum retry attempts the Lambda function makes to process the DynamoDB stream. The value '-1' means it tries infinitely.	number	-1	no
filter	A filter pattern of which messages the Lambda function processes. Must be in JSON format.	string	null	no

vpc_config

Name	Description	Type	Default	Required
subnets	List of subnet IDs in which the Lambda function will run in.	list(string)	n/a	yes
security_groups	List of security group IDs the Lambda function will hold.	list(string)	[]	no

log_config

Name	Description	Type	Default	Required
retention_in_days	Specifies the number of days the log events shall be retained. Valid values: 1, 3, 5, 7, 14, 30, 365 and 0 (never expire).	number	n/a	yes

image

Name	Description	Type	Default	Required
uri	URI to the image.	string	n/a	yes

Outputs

Name	Description
arn	The ARN of the Lambda function.
invoke_arn	The invoke ARN of the Lambda function.
log_group_name	The name of the CloudWatch log group created for the Lambda function to log to.
log_group_arn	The ARN of the CloudWatch log group created for the Lambda function to log to.

Example

module "function" {
  source = "github.com/custom-terraform-aws-modules/function"

  identifier   = "example-function-dev"
  architecture = "x86_64"
  memory_size  = 128
  timeout      = 3

  policies = [
    "arn:aws:iam::aws:policy/aws-service-role/AccessAnalyzerServiceRolePolicy",
    "arn:aws:iam::aws:policy/AdministratorAccess-Amplify"
  ]

  trigger = {
    queue_arn       = "arn:aws:sqs:eu-central-1:444455556666:queue1"
    batch_size      = 10
    max_concurrency = 100
    filter = jsonencode({
      body = {
        Temperature : [{ numeric : [">", 0, "<=", 100] }]
        Location : ["New York"]
      }
    })
  }

  log_config = {
    retention_in_days = 7
  }

  image = {
    uri = "test.registry:latest"
  }

  env_variables = {
    TEST_VAR = 3
  }

  vpc_config = {
    subnets         = ["subnet-938y92g2", "subnet-a98yewgwe"]
    security_groups = ["sg-woht9328g23", "sg-3429yfwlefhwe"]
  }

  tags = {
    Project     = "example-project"
    Environment = "dev"
  }
}

Contributing

In order for a seamless CI workflow copy the pre-commit git hook from .github/hooks into your local .git/hooks. The hook formats the terraform code automatically before each commit.

cp ./.github/hooks/pre-commit ./.git/hooks/pre-commit