Releases: moritzzimmer/terraform-aws-lambda
Lambda@Edge
New Features
This module now supports creating Lambda@Edge ready versions of your Node.js or Python functions. Required trust relationship and publishing of function versions will be configured automatically (see AWS docs for details).
Example:
provider "aws" {
region = "eu-west-1"
}
module "lambda" {
source = "moritzzimmer/lambda/aws"
description = "Example usage for an AWS Lambda without an event trigger."
filename = module.source.output_path
function_name = "example-without-event"
handler = "handler"
lambda_at_edge = true
runtime = "nodejs12.x"
source_code_hash = module.source.output_base64sha256
}
What's Changed
- added support for Lambda@Edge by @moritzzimmer in #27
Full Changelog: v5.9.1...v5.10.0
Lambda deployments
New Features
Controlled, blue/green deployments of Lambda functions with (automatic) rolebacks and traffic shifting can be implemented using Lambda aliases and AWS CodeDeploy.
This release provides a new optional module to create AWS resources and permissions for creating and starting such CodeDeploy deployments as part of AWS CodePipelines.
Highlights:
- fully automated AWS CodePipelines triggered by ECR pushes of containerized Lambda functions
- creation of IAM roles with permissions following the principle of least privilege for CodePipeline, CodeBuild and CodeDeploy or bring your own roles
- optional CodeStar notifications via SNS
- ignore changes to Terraform state of your Lambda function by CodeDeploy deployments
see here for a real world example
backwards compatibility
The deployment is an optional add-on. In case you enhance existing Lambda functions using ignore_external_function_updates
your function will be recreated using the new lambda_external_lifecycle
resource with
a lifecycle block:
lifecycle {
ignore_changes = [
image_uri, last_modified, qualified_arn, version
]
}
Special thanks
Thanks @thisismana for collaborating on this feature
What's Changed
- Deployment of Lambda functions using AWS CodePipeline and CodeDeploy by @moritzzimmer in #23
Full Changelog: v5.8.0...v5.9.0
Event sources and SNS subscriptions
New Features
Possibilities to configure SNS subscriptions and event source mappings for Dynamodb, Kinesis and SQS have been enhanced with this release.
Event source mappings
A new variable event_source_mappings
has been introduced. The new configuration supports:
- configuration of N event sources instead of only one
- using Lambda aliases in event source mappings
- event sources like SQS queues or Dynamodb tables can be part of the same terraform stack as resources
- inline configuration of attributes of event source mappings like
batch_size
- required IAM permissions depending on the event source type will be generated
simple example
module "lambda" {
event_source_mappings = {
queue_1 = {
event_source_arn = aws_sqs_queue.queue_1.arn
}
queue_2 = {
event_source_arn = aws_sqs_queue.queue_2.arn
}
}
}
see examples for further details.
SNS subscriptions
A new variable sns_subscriptions
has been introduced. The new configuration supports:
- configuration of N subscriptions instead of only one
- using Lambda aliases in subscriptions
- SNS topics can be part of the same terraform stack as resources
- required permissions to trigger Lambda by SNS will be generated
simple example
module "lambda" {
sns_subscriptions = {
topic_1 = {
topic_arn = aws_sns_topic.topic_1.arn
}
topic_2 = {
topic_arn = aws_sns_topic.topic_2.arn
}
}
}
see example for further details.
Deprecations
Using the event
variable to configure sns
, dynamodb
, kinesis
and sqs
terraform sub-modules is deprecated and will be removed in the next major release. Users should be able to migrate to the new variables without downtime.
Special thanks
Thanks @machadovilaca for providing the new sns subscriptions implementation!
Misc
- new/updated examples have been enhanced to contain working
nodejs12.x
handlers for real world testing - first terratest for new event source implementation
What's Changed
- use tf version matrix on ci by @moritzzimmer in #16
- Allow multiple SNS topic subscriptions by @machadovilaca in #17
- Refactoring of event source mappings by @moritzzimmer in #19
- added support for using aliases in sns subscriptions by @moritzzimmer in #21
New Contributors
- @machadovilaca made their first contribution in #17
Full Changelog: v5.7.0...v5.8.0
Container images
- added support container images
- minimum aws provider version is now
3.19
What's Changed
- added support for using container images by @moritzzimmer in #15
Full Changelog: v5.6.0...v5.7.0
X-Ray tracing
Added support to configure tracing with x-ray including IAM permissions.
What's Changed
- tracing config by @moritzzimmer in #12
Full Changelog: v5.5.2...v5.6.0
SSM configuration refactored
Introducing a new configuration object ssm
to specify SSM parameter names. The IAM role will be enhanced with read permissions to those parameters.
In addition the variable kms_key_arn
will (also) be set in the aws_lambda_function
as described in https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#kms_key_arn.
(for spring-media users, this fixes spring-media/terraform-aws-lambda#61 and spring-media/terraform-aws-lambda#59)
Deprecations:
- the old
ssm_parameter_names
variable is deprecated and scheduled for deletion in the next major release of this module - using
kms_key_arn
to create an IAM role attachment to allowkms:Decrypt
for custom keys is deprecated and will be removed in the next major release of this module
Lambda layers
Added support for Lambda layers:
locals {
artifact = "${path.module}/../build/distributions/java-sqs-lambda.zip"
libraries = "${path.module}/../build/distributions/libraries.zip"
}
data "aws_sqs_queue" "primary" {
name = "cms-updates-primary"
}
resource "aws_lambda_layer_version" "libraries" {
filename = local.libraries
layer_name = "libraries"
compatible_runtimes = ["java11"]
}
module "lambda" {
source = "moritzzimmer/lambda/aws"
version = "5.3.0"
description = "Java lambda with SQS trigger and lambda layers"
filename = local.artifact
function_name = "java-sqs-example"
handler = "example.Handler"
layers = [aws_lambda_layer_version.libraries.arn]
memory_size = 1024
log_retention_in_days = 1
runtime = "java11"
source_code_hash = filebase64sha256(local.artifact)
event = {
type = "sqs"
event_source_arn = data.aws_sqs_queue.primary.arn
}
}