created module for lambda

Author: pransh62390

modules/lambda/lambda_layers/layers.tf

@@ -0,0 +1,10 @@
+resource "aws_lambda_layer_version" "lambda_layer" {
+  # filename   = var.lambda_layer_filename
+  layer_name = var.lambda_layer_name
+  compatible_runtimes = var.lambda_layer_compatible_runtimes
+  compatible_architectures = var.lambda_layer_compatible_architectures
+  description = var.lambda_layer_description
+  s3_bucket = var.lambda_layer_s3_bucket_name
+  s3_key = var.lambda_layer_s3_key != "" ? var.lambda_layer_s3_key : "${var.lambda_layer_tags["Environment"]}.lambda.layers/${var.lambda_layer_name}/${var.lambda_layer_name}.zip"
+  skip_destroy = var.lambda_layer_skip_destroy
+}

modules/lambda/lambda_layers/outputs.tf

@@ -0,0 +1 @@
+output "lambda_layer_arn" { value = aws_lambda_layer_version.lambda_layer.arn }

modules/lambda/lambda_layers/variables.tf

@@ -0,0 +1,31 @@
+# lambda layer variables
+
+variable "lambda_layer_name" {
+  type = string
+}
+
+variable "lambda_layer_compatible_runtimes" {
+  type = list(string)
+}
+
+variable "lambda_layer_compatible_architectures" {
+  type = list(string)
+}
+
+variable "lambda_layer_description" {
+  type = string
+}
+
+variable "lambda_layer_s3_bucket_name" {
+  type = string
+}
+
+variable "lambda_layer_s3_key" {
+  type = string
+}
+
+variable "lambda_layer_skip_destroy" {
+  type = bool
+}
+
+variable "lambda_layer_tags" {}

modules/lambda/lambda_new/lambda.tf

@@ -0,0 +1,136 @@
+data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
+locals {
+  dead_letter_config = {
+    lambda_dead_letter_target_arn = {
+      arn = var.lambda_dead_letter_target_arn
+    }
+  }
+  is_dynamodb = var.lambda_trigger_resource_type == "dynamodb"
+  is_sqs      = var.lambda_trigger_resource_type == "sqs"
+}
+
+#retrieve dynamodb table stream arn if trigger is dynamo
+data "aws_dynamodb_table" "dynamodb_table" {
+  count = var.lambda_create_trigger && local.is_dynamodb ? 1 : 0
+  name  = var.lambda_trigger_resource_name
+}
+
+resource "aws_iam_role" "iam_role" {
+  name                  = substr("${var.lambda_name}-lambda", 0, 64)
+  assume_role_policy    =  var.lambda_assume_role_policy
+  managed_policy_arns   =  var.lambda_managed_policy_arn_list
+
+  tags                  = merge(var.lambda_tags, tomap({"Name" = "${var.lambda_name}-lambda"}))
+}
+
+resource "aws_lambda_function" "lambda_function" {
+  s3_bucket             = var.lambda_bucket_name
+  s3_key                = "${var.lambda_tags["Environment"]}.lambda/${var.lambda_name}/${var.lambda_name}.zip"
+  function_name         = var.lambda_name
+  role                  = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${substr("${var.lambda_name}-lambda", 0, 64)}"
+  handler               = var.lambda_handler
+  runtime               = var.lambda_runtime
+  architectures         = var.lambda_architectures
+  description           = var.lambda_description
+  memory_size           = var.lambda_memory_size
+  reserved_concurrent_executions = var.lambda_reserved_concurrent_executions
+  timeout               = var.lambda_timeout
+  package_type          = var.lambda_package_type
+  vpc_config {
+    subnet_ids          = var.lambda_enable_vpc ? var.subnet_ids : []
+    security_group_ids  = var.lambda_enable_vpc ? var.security_group_ids : []
+  }
+  dynamic "snap_start" {
+    for_each = var.lambda_enable_snap_start ? var.lambda_snap_start_config_list : {}
+    content {
+      apply_on = snap_start.value.LAMBDA_SNAP_START_APPLY_ON
+    }
+  }  
+  dynamic "dead_letter_config" {
+    for_each              = {
+      for k,v in local.dead_letter_config : k => v
+      if v.arn != null
+    }
+    content {
+      target_arn          = var.lambda_dead_letter_target_arn
+    }  
+  }
+
+  environment {
+    variables           = try(var.lambda_env_variables, {})
+  }
+
+  ephemeral_storage {
+    size = var.lambda_ephemeral_memory_size
+  }
+
+  layers                = var.lambda_layers_arns != null ? var.lambda_layers_arns : null
+
+  tags                  = merge(var.lambda_tags, tomap({"Name" = var.lambda_name}))
+}
+
+resource "aws_lambda_event_source_mapping" "trigger" {
+  count                                 = var.lambda_create_trigger ? 1 : 0
+  function_name                         = aws_lambda_function.lambda_function.arn
+  batch_size                            = var.lambda_trigger_batch_size
+  enabled                               = var.lambda_enable_trigger
+  maximum_batching_window_in_seconds    = var.lambda_trigger_maximum_batching_window_in_seconds
+  function_response_types               = var.lambda_trigger_function_response_types
+  dynamic "scaling_config" {
+    for_each = local.is_sqs && var.lambda_maximum_concurrency > 0 ? [1] : []
+    content {
+      maximum_concurrency = var.lambda_maximum_concurrency
+    }
+  }  
+
+  dynamic "filter_criteria"  { 
+      for_each = length(var.lambda_trigger_filter_criteria_list) > 0 ? var.lambda_trigger_filter_criteria_list : []
+      content {
+          filter  {
+            pattern  = can(jsondecode(filter_criteria.value)) ? jsondecode(filter_criteria.value) : null
+          }
+      }
+  }
+
+  bisect_batch_on_function_error = lookup(var.optional_config, "bisect_batch_on_function_error", null)
+  maximum_retry_attempts = lookup(var.optional_config, "maximum_retry_attempts", null)
+  maximum_record_age_in_seconds = lookup(var.optional_config, "maximum_record_age_in_seconds", null)
+  parallelization_factor = lookup(var.optional_config, "parallelization_factor", null)
+  tumbling_window_in_seconds = lookup(var.optional_config, "tumbling_window_in_seconds", null)
+  starting_position = lookup(var.optional_config, "starting_position", null)
+  starting_position_timestamp = lookup(var.optional_config, "starting_position_timestamp", null)
+  event_source_arn = lookup(var.optional_config, "event_source_arn", "arn:aws:${var.lambda_trigger_resource_type}:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:${var.lambda_trigger_resource_name}")
+
+  dynamic "destination_config" {
+    for_each = length(var.destination_config) > 0 ? [1] : []
+    content {
+      dynamic "on_failure" {
+        for_each = lookup(var.destination_config, "on_failure", null) != null ? [1] : []
+        content {
+          destination_arn = var.destination_config["on_failure"]["destination_arn"]
+        }
+      }
+    }
+  }
+
+  tags                                 = var.lambda_tags
+  depends_on                            = [ aws_lambda_function.lambda_function ]
+}
+
+resource "aws_lambda_function_event_invoke_config" "asynchronous_invocation" {
+  count                         = var.lambda_asynchronous_invocation_config ? 1 : 0
+  function_name                 = var.lambda_name
+  maximum_event_age_in_seconds  = var.lambda_trigger_maximum_event_age_in_seconds
+  maximum_retry_attempts        = var.lambda_trigger_maximum_retry_attempts
+  depends_on                    = [ aws_lambda_function.lambda_function ]
+}
+
+module "lambda_log_group" {
+  source                                                = "../../cloudwatch/log_group"
+  cloudwatch_log_group_name                             = "/aws/lambda/${var.lambda_name}"
+  cloudwatch_log_group_skip_destroy                     = var.lambda_cloudwatch_log_group_skip_destroy
+  cloudwatch_log_group_retention_in_days                = var.lambda_cloudwatch_log_group_retention_in_days
+  cloudwatch_log_group_class                            = var.lambda_cloudwatch_log_group_class
+  cloudwatch_log_group_tags                             = var.lambda_tags
+}

modules/lambda/lambda_new/outputs.tf

@@ -0,0 +1,2 @@
+output "lambda_function_arn" { value = aws_lambda_function.lambda_function.arn }
+output "lambda_function_invoke_arn" { value = aws_lambda_function.lambda_function.invoke_arn }

modules/lambda/lambda_new/variables.tf

@@ -0,0 +1,76 @@
+variable "lambda_name"  {}
+
+# IAM
+variable "lambda_assume_role_policy" {}
+variable "lambda_managed_policy_arn_list" {}
+variable "lambda_tags" {}
+
+# LAMBDA
+variable "lambda_bucket_name" {}
+variable "lambda_handler" {}
+variable "lambda_runtime" {}
+variable "lambda_architectures" {}
+variable "lambda_description" {}
+variable "lambda_memory_size" {}
+variable "lambda_reserved_concurrent_executions" {}
+variable "lambda_timeout" {}
+variable "lambda_package_type" {}
+variable "lambda_enable_vpc" {}
+variable "subnet_ids" {}
+variable "security_group_ids" {}
+variable "lambda_env_variables" {}
+variable "lambda_dead_letter_target_arn" {}
+variable "lambda_ephemeral_memory_size" {default = 512}
+variable "lambda_enable_snap_start" {default = false}
+variable "lambda_snap_start_config_list" {
+  type = map(object({
+    LAMBDA_SNAP_START_APPLY_ON = string
+  }))
+  default = {}
+}
+variable "lambda_maximum_concurrency" {}
+
+# TRIGGER
+variable "lambda_create_trigger" {
+  type = bool
+  default = true
+}
+variable "lambda_enable_trigger" {}
+variable "lambda_trigger_resource_type" {}
+variable "lambda_trigger_batch_size" {}
+variable "lambda_trigger_maximum_batching_window_in_seconds" {}
+variable "lambda_trigger_function_response_types" {}
+variable "lambda_trigger_resource_name" {}
+variable "lambda_trigger_filter_criteria_list" {
+  type = list(string)
+  default = []
+}
+
+# INVOKE
+variable "lambda_asynchronous_invocation_config" {
+  type = bool
+  default = true
+}
+variable "lambda_trigger_maximum_event_age_in_seconds" {}
+variable "lambda_trigger_maximum_retry_attempts" {}
+
+
+#CLOUDWATCH LOG
+variable "lambda_cloudwatch_log_group_skip_destroy" {}
+variable "lambda_cloudwatch_log_group_retention_in_days" {}
+variable "lambda_cloudwatch_log_group_class" {}
+
+variable "optional_config" {
+  type        = map(any)
+  default     = {}
+}
+
+variable "destination_config" {
+  type        = map(any)
+  default     = {}
+}
+
+variable "lambda_layers_arns" {
+  type = list(string)
+  default = null
+}

templates/lambda/lambda.tf

@@ -0,0 +1,39 @@
+module "lambda_function" {
+  source                                                = "../../../..//modules/lambda/lambda_new"
+  for_each                                              = var.LAMBDA_FUNCTION_LIST
+  lambda_name                                           = "${var.SHORT_ENV}-${each.key}"
+  lambda_assume_role_policy                             = each.value.LAMBDA_FUNCTION_ASSUME_ROLE_POLICY
+  lambda_managed_policy_arn_list                        = each.value.LAMBDA_FUNCTION_MANAGED_POLICY_ARN_LIST
+  lambda_tags                                           = local.common_tags
+  lambda_bucket_name                                    = each.value.LAMBDA_FUNCTION_BUCKET_NAME
+  lambda_handler                                        = each.value.LAMBDA_FUNCTION_HANDLER
+  lambda_runtime                                        = each.value.LAMBDA_FUNCTION_RUNTIME
+  lambda_architectures                                  = each.value.LAMBDA_FUNCTION_ARCHITECTURES
+  lambda_description                                    = each.value.LAMBDA_FUNCTION_DESCRIPTION
+  lambda_memory_size                                    = each.value.LAMBDA_FUNCTION_MEMORY_SIZE
+  lambda_reserved_concurrent_executions                 = each.value.LAMBDA_FUNCTION_RESERVED_CONCURRENT_EXECUTIONS
+  lambda_timeout                                        = each.value.LAMBDA_FUNCTION_TIMEOUT
+  lambda_package_type                                   = each.value.LAMBDA_FUNCTION_PACKAGE_TYPE
+  lambda_enable_vpc                                     = each.value.ENABLE_LAMBDA_FUNCTION_VPC
+  subnet_ids                                            = each.value.SUBNET_IDS
+  security_group_ids                                    = each.value.SECURITY_GROUP_IDS 
+  lambda_env_variables                                  = each.value.LAMBDA_FUNCTION_ENV_VARIABLES
+  lambda_dead_letter_target_arn                         = each.value.LAMBDA_FUNCTION_DEAD_LETTER_TARGET_ARN
+  lambda_enable_trigger                                 = each.value.LAMBDA_FUNCTION_ENABLE_TRIGGER
+  lambda_trigger_resource_type                          = each.value.LAMBDA_FUNCTION_TRIGGER_RESOURCE_TYPE
+  lambda_trigger_batch_size                             = each.value.LAMBDA_FUNCTION_TRIGGER_BATCH_SIZE
+  lambda_trigger_maximum_batching_window_in_seconds     = each.value.LAMBDA_FUNCTION_TRIGGER_MAXIMUM_BATCHING_WINDOW_IN_SECONDS
+  lambda_trigger_function_response_types                = each.value.LAMBDA_FUNCTION_TRIGGER_FUNCTION_RESPONSE_TYPES 
+  lambda_trigger_resource_name                          = each.value.LAMBDA_FUNCTION_TRIGGER_RESOURCE_NAME
+  lambda_trigger_maximum_event_age_in_seconds           = each.value.LAMBDA_FUNCTION_TRIGGER_MAXIMUM_EVENT_AGE_IN_SECONDS
+  lambda_trigger_maximum_retry_attempts                 = each.value.LAMBDA_FUNCTION_TRIGGER_MAXIMUM_RETRY_ATTEMPTS
+  lambda_cloudwatch_log_group_skip_destroy              = each.value.LAMBDA_CLOUDWATCH_LOG_GROUP_SKIP_DESTROY
+  lambda_cloudwatch_log_group_class                     = each.value.LAMBDA_cloudwatch_LOG_GROUP_CLASS
+  lambda_cloudwatch_log_group_retention_in_days         = each.value.LAMBDA_cloudwatch_LOG_GROUP_RETENTION_IN_DAYS
+  lambda_maximum_concurrency                            = each.value.LAMBDA_MAXIMUM_CONCURRENCY
+  lambda_trigger_filter_criteria_list                   = each.value.LAMBDA_FUNCTION_TRIGGER_FILTER_CRITERIA_LIST
+  optional_config                                       = each.value.LAMBDA_FUNCTION_TRIGGER_OPTIONAL_CONFIG
+  destination_config                                    = each.value.LAMBDA_FUNCTION_TRIGGER_DESTINATION_CONFIG
+  lambda_layers_arns                                    = each.value.LAMBDA_LAYERS_ARNS
+  depends_on = [ module.sqs, module.lambda_layers]
+}

templates/lambda/lambda_layers.tf

@@ -0,0 +1,12 @@
+module "lambda_layers" {
+  source = "../../../..//modules/lambda/lambda_layers"
+  for_each = var.LAMBDA_LAYERS_LIST
+  lambda_layer_name = "${var.SHORT_ENV}-${each.key}"
+  lambda_layer_compatible_runtimes = each.value.LAMBDA_LAYER_COMPATIBLE_RUNTIMES
+  lambda_layer_compatible_architectures = each.value.LAMBDA_LAYER_COMPATIBLE_ARCHITECTURES
+  lambda_layer_description = each.value.LAMBDA_LAYER_DESCRIPTION
+  lambda_layer_s3_bucket_name = each.value.LAMBDA_LAYER_S3_BUCKET_NAME
+  lambda_layer_s3_key = each.value.LAMBDA_LAYER_S3_KEY
+  lambda_layer_skip_destroy = each.value.LAMBDA_LAYER_SKIP_DESTROY
+  lambda_layer_tags = local.common_tags
+}

templates/lambda/locals.tf

@@ -0,0 +1,18 @@
+data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
+
+locals {
+  common_tags = {
+    "App"             = var.APPLICATION
+    "Environment"     = var.LONG_ENV
+    "Env"             = var.SHORT_ENV
+    "BU"              = var.BUSINESS_UNIT
+    "BUSubcategory"   = var.BUSINESS_UNIT_SUBCATEGORY
+    "BUEmail"         = var.BUSINESS_UNIT_EMAIL
+    "CC"              = var.COST_CENTRE
+    "AwsAccountShort" = var.AWS_ACCOUNT_SHORT
+    "AwsAccount"      = var.AWS_ACCOUNT
+    "AwsAccountId"    = data.aws_caller_identity.current.account_id
+    "ManagedBy"       = "terraform"
+  }
+}

templates/lambda/outputs.tf

@@ -0,0 +1 @@
+# output "LAMBDA_LAYER_ARN" {value = module.lambda_layers.arn}