Lambda@Edge

New Features

This module now supports creating Lambda@Edge ready versions of your Node.js or Python functions. Required trust relationship and publishing of function versions will be configured automatically (see AWS docs for details).

Example:

provider "aws" {
  region = "eu-west-1"
}

module "lambda" {
  source = "moritzzimmer/lambda/aws"

  description      = "Example usage for an AWS Lambda without an event trigger."
  filename         = module.source.output_path
  function_name    = "example-without-event"
  handler          = "handler"
  lambda_at_edge   = true
  runtime          = "nodejs12.x"
  source_code_hash = module.source.output_base64sha256
}

What's Changed

• added support for Lambda@Edge by @moritzzimmer in #27

Full Changelog: v5.9.1...v5.10.0

Lambda deployments

New Features

Controlled, blue/green deployments of Lambda functions with (automatic) rolebacks and traffic shifting can be implemented using Lambda aliases and AWS CodeDeploy.

This release provides a new optional module to create AWS resources and permissions for creating and starting such CodeDeploy deployments as part of AWS CodePipelines.

Highlights:

• fully automated AWS CodePipelines triggered by ECR pushes of containerized Lambda functions
• creation of IAM roles with permissions following the principle of least privilege for CodePipeline, CodeBuild and CodeDeploy or bring your own roles
• optional CodeStar notifications via SNS
• ignore changes to Terraform state of your Lambda function by CodeDeploy deployments

see here for a real world example

backwards compatibility

The deployment is an optional add-on. In case you enhance existing Lambda functions using ignore_external_function_updates your function will be recreated using the new lambda_external_lifecycle resource with
a lifecycle block:

lifecycle {
    ignore_changes = [
      image_uri, last_modified, qualified_arn, version
    ]
  }

Special thanks

Thanks @thisismana for collaborating on this feature

What's Changed

• Deployment of Lambda functions using AWS CodePipeline and CodeDeploy by @moritzzimmer in #23

Full Changelog: v5.8.0...v5.9.0

Event sources and SNS subscriptions

New Features

Possibilities to configure SNS subscriptions and event source mappings for Dynamodb, Kinesis and SQS have been enhanced with this release.

Event source mappings

A new variable event_source_mappings has been introduced. The new configuration supports:

• configuration of N event sources instead of only one
• using Lambda aliases in event source mappings
• event sources like SQS queues or Dynamodb tables can be part of the same terraform stack as resources
• inline configuration of attributes of event source mappings like batch_size
• required IAM permissions depending on the event source type will be generated

simple example

module "lambda" {
  event_source_mappings = {
    queue_1 = {
      event_source_arn = aws_sqs_queue.queue_1.arn
    }
    queue_2 = {
      event_source_arn = aws_sqs_queue.queue_2.arn
    }
  }
}

see examples for further details.

SNS subscriptions

A new variable sns_subscriptions has been introduced. The new configuration supports:

• configuration of N subscriptions instead of only one
• using Lambda aliases in subscriptions
• SNS topics can be part of the same terraform stack as resources
• required permissions to trigger Lambda by SNS will be generated

simple example

module "lambda" {
  sns_subscriptions = {
    topic_1 = {
      topic_arn = aws_sns_topic.topic_1.arn
    }

    topic_2 = {
      topic_arn = aws_sns_topic.topic_2.arn
    }
  }
}

see example for further details.

Deprecations

Using the event variable to configure sns, dynamodb, kinesis and sqs terraform sub-modules is deprecated and will be removed in the next major release. Users should be able to migrate to the new variables without downtime.

Special thanks

Thanks @machadovilaca for providing the new sns subscriptions implementation!

Misc

• new/updated examples have been enhanced to contain working nodejs12.x handlers for real world testing
• first terratest for new event source implementation

What's Changed

• use tf version matrix on ci by @moritzzimmer in #16
• Allow multiple SNS topic subscriptions by @machadovilaca in #17
• Refactoring of event source mappings by @moritzzimmer in #19
• added support for using aliases in sns subscriptions by @moritzzimmer in #21

New Contributors

• @machadovilaca made their first contribution in #17

Full Changelog: v5.7.0...v5.8.0

Container images

• added support container images
• minimum aws provider version is now 3.19

What's Changed

• added support for using container images by @moritzzimmer in #15

Full Changelog: v5.6.0...v5.7.0

X-Ray tracing

Added support to configure tracing with x-ray including IAM permissions.

What's Changed

• tracing config by @moritzzimmer in #12

Full Changelog: v5.5.2...v5.6.0

SSM configuration refactored

Introducing a new configuration object ssm to specify SSM parameter names. The IAM role will be enhanced with read permissions to those parameters.

In addition the variable kms_key_arn will (also) be set in the aws_lambda_function as described in https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#kms_key_arn.

(for spring-media users, this fixes spring-media/terraform-aws-lambda#61 and spring-media/terraform-aws-lambda#59)

Deprecations:

• the old ssm_parameter_names variable is deprecated and scheduled for deletion in the next major release of this module
• using kms_key_arn to create an IAM role attachment to allow kms:Decrypt for custom keys is deprecated and will be removed in the next major release of this module

Lambda layers

Added support for Lambda layers:

locals {
  artifact  = "${path.module}/../build/distributions/java-sqs-lambda.zip"
  libraries = "${path.module}/../build/distributions/libraries.zip"
}

data "aws_sqs_queue" "primary" {
  name = "cms-updates-primary"
}

resource "aws_lambda_layer_version" "libraries" {
  filename   = local.libraries
  layer_name = "libraries"

  compatible_runtimes = ["java11"]
}

module "lambda" {
  source  = "moritzzimmer/lambda/aws"
  version = "5.3.0"

  description           = "Java lambda with SQS trigger and lambda layers"
  filename              = local.artifact
  function_name         = "java-sqs-example"
  handler               = "example.Handler"
  layers                = [aws_lambda_layer_version.libraries.arn]
  memory_size           = 1024
  log_retention_in_days = 1
  runtime               = "java11"
  source_code_hash      = filebase64sha256(local.artifact)

  event = {
    type             = "sqs"
    event_source_arn = data.aws_sqs_queue.primary.arn
  }
}