Merge pull request #1 from babbel/initial-version

Initial version

.github/workflows/validate.yml

@@ -0,0 +1,17 @@
+name: Validate
+
+on: push
+
+env:
+  AWS_REGION: local
+
+jobs:
+  validate:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/[email protected]
+      - uses: hashicorp/[email protected]
+        with:
+          terraform_version: 0.14.5
+      - run: terraform init
+      - run: terraform validate

.gitignore

@@ -0,0 +1,2 @@
+/.terraform
+/.terraform.lock.hcl

CHANGELOG.md

@@ -0,0 +1,5 @@
+# Changelog
+
+## v1.0.0
+
+- [Initial version](https://github.com/babbel/terraform-aws-lambda-with-inline-code/pull/1)

LICENSE

@@ -0,0 +1,7 @@
+Copyright 2021 Lesson Nine GmbH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -1,2 +1,32 @@
-# terraform-aws-lambda-with-inline-code
-Terraform module creating a Lambda function with inline code
+# Lambda Function with Inline Code
+
+This module creates a Lambda function, as well as its IAM role and CloudWatch Logs group with inline code, i.e. the code of the Lambda function is uploaded by Terraform.
+
+## Usage
+
+```tf
+module "lambda" {
+  source  = "babbel/lambda-with-inline-code/aws"
+  version = "~> 1.0"
+
+  function_name = "example"
+  description   = "This is an example"
+
+  runtime                        = "nodejs12.x"
+  handler                        = "index.handler"
+  memory_size                    = 128
+  timeout                        = 3
+  reserved_concurrent_executions = 1
+
+  environment_variables = {
+    NODE_ENV = "production"
+  }
+
+  source_dir = "lambda/src"
+
+  tags = {
+    app = "example"
+    env = "production"
+  }
+}
+```

main.tf

@@ -0,0 +1,80 @@
+resource "aws_lambda_function" "this" {
+  function_name = var.function_name
+  description   = var.description
+
+  runtime                        = var.runtime
+  handler                        = var.handler
+  memory_size                    = var.memory_size
+  timeout                        = var.timeout
+  reserved_concurrent_executions = var.reserved_concurrent_executions
+
+  role = aws_iam_role.this.arn
+
+  dynamic "environment" {
+    for_each = var.environment_variables != null ? [{ variables = var.environment_variables }] : []
+
+    content {
+      variables = environment.value.variables
+    }
+  }
+
+  filename         = try(var.archive_file.output_path, data.archive_file.this[0].output_path)
+  source_code_hash = try(var.archive_file.output_base64sha256, data.archive_file.this[0].output_base64sha256)
+
+  tags = var.tags
+
+  depends_on = [aws_cloudwatch_log_group.this]
+}
+
+data "archive_file" "this" {
+  count = var.archive_file != null ? 0 : 1
+
+  type        = "zip"
+  source_dir  = var.source_dir
+  output_path = ".terraform/tmp/lambda/${var.function_name}.zip"
+}
+
+resource "aws_iam_role" "this" {
+  name = "lambda-${var.function_name}"
+
+  assume_role_policy = data.aws_iam_policy_document.lambda-assume-role.json
+
+  tags = var.tags
+}
+
+data "aws_iam_policy_document" "lambda-assume-role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["lambda.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy" "cloudwatch-log-group" {
+  role   = aws_iam_role.this.name
+  name   = "cloudwatch-log-group"
+  policy = data.aws_iam_policy_document.cloudwatch-log-group.json
+}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name = "/aws/lambda/${var.function_name}"
+
+  retention_in_days = var.cloudwatch_log_group_retention_in_days
+
+  tags = var.tags
+}
+
+data "aws_iam_policy_document" "cloudwatch-log-group" {
+  statement {
+    actions   = ["logs:DescribeLogStreams"]
+    resources = ["${join(":", slice(split(":", aws_cloudwatch_log_group.this.arn), 0, 5))}:*"]
+  }
+
+  statement {
+    actions   = ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"]
+    resources = ["${aws_cloudwatch_log_group.this.arn}:*"]
+  }
+}

outputs.tf

@@ -0,0 +1,17 @@
+output "this" {
+  value = aws_lambda_function.this
+
+  description = "The Lambda function."
+}
+
+output "cloudwatch_log_group" {
+  value = aws_cloudwatch_log_group.this
+
+  description = "The CloudWatch Logs group the Lambda function use for its logs."
+}
+
+output "iam_role" {
+  value = aws_iam_role.this
+
+  description = "The IAM role the Lambda function will assume."
+}

variables.tf

@@ -0,0 +1,79 @@
+variable "archive_file" {
+  type = object({
+    output_path         = string
+    output_base64sha256 = string
+  })
+  default = null
+
+  description = "An instance of the `archive_file` data source containing the code of the Lambda function. Conflicts with `source_dir`."
+}
+
+variable "cloudwatch_log_group_retention_in_days" {
+  type    = number
+  default = 3
+
+  description = "The number of days to retain the log of the Lambda function."
+}
+
+variable "description" {
+  type = string
+
+  description = "Description of the Lambda function."
+}
+
+variable "environment_variables" {
+  type    = map(string)
+  default = null
+
+  description = "Environment variable key-value pairs."
+}
+
+variable "function_name" {
+  type = string
+
+  description = "Name of the Lambda function."
+}
+
+variable "handler" {
+  type = string
+
+  description = "The name of the method within your code that Lambda calls to execute your function."
+}
+
+variable "memory_size" {
+  type = number
+
+  description = "The amount of memory (in MB) available to the function at runtime. Increasing the Lambda function memory also increases its CPU allocation."
+}
+
+variable "reserved_concurrent_executions" {
+  type = number
+
+  description = "The number of simultaneous executions to reserve for the Lambda function."
+}
+
+variable "runtime" {
+  type = string
+
+  description = "The identifier of the Lambda function [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html)."
+}
+
+variable "source_dir" {
+  type    = string
+  default = null
+
+  description = "Path of the directory which shall be packed as code of the Lambda function. Conflicts with `archive_file`."
+}
+
+variable "tags" {
+  type    = map(string)
+  default = {}
+
+  description = "Tags which will be assigned to all resources."
+}
+
+variable "timeout" {
+  type = number
+
+  description = "The amount of time (in seconds) per execution before stopping it."
+}

versions.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 0.13"
+
+  required_providers {
+    archive = {
+      source  = "hashicorp/archive"
+      version = "~> 2.0"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+  }
+}