| allowed_triggers |
Map of allowed triggers to create Lambda permissions |
map(any) |
{} |
no |
| apigw_arn |
API Gateway ARN |
string |
null |
no |
| architectures |
Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. |
list(string) |
null |
no |
| attach_network_policy |
Flag to attach network policy to use VPC subnet and security group |
bool |
false |
no |
| attach_policies |
Controls whether AWS managed policies should be added to IAM role for Lambda Function (e.g AWSLambdaBasicExecutionRole) |
bool |
false |
no |
| attach_policy_json |
Controls whether policy_json should be added to IAM role for Lambda Function |
bool |
false |
no |
| attach_policy_jsons |
Controls whether policy_jsons should be added to IAM role for Lambda Function |
bool |
false |
no |
| attach_policy_statements |
Controls whether policy_jsons should be added to IAM role for Lambda Function |
bool |
false |
no |
| attach_tracing_policy |
whether to attach tracing policy to lambda role |
bool |
false |
no |
| authorization_type |
The type of authentication that the Lambda Function URL uses. Set to 'AWS_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint. |
string |
"NONE" |
no |
| cf_distribution_id |
distribution id to allow oidc role to update edge functions that are attached |
string |
null |
no |
| cloudwatch_logs_retention_in_days |
Number of days the cloudwatch logs will be retained. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. |
number |
7 |
no |
| code_signing_config_arn |
Amazon Resource Name (ARN) for a Code Signing Configuration |
string |
null |
no |
| cors |
CORS settings to be used by the Lambda Function URL |
any |
{} |
no |
| create_current_version_allowed_triggers |
Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) |
bool |
true |
no |
| create_github_actions_edge_role |
Controls whether to create for lambda edge functions |
bool |
false |
no |
| create_github_actions_oidc_provider |
Controls Whether to create openid connect provider. |
bool |
false |
no |
| create_github_actions_role |
Controls whether to create AWS OIDC integration GitHub Actions |
bool |
true |
no |
| create_github_actions_signed_code_role |
Controls whether to grant s3 access and signer access to GitHub Actions |
bool |
false |
no |
| create_lambda_cloudwatch_log_group |
Controls whether the Lambda Role |
bool |
true |
no |
| create_lambda_function_url |
Controls whether the Lambda Function URL resource should be created |
bool |
false |
no |
| create_lambda_role |
Controls whether the Lambda Role |
bool |
true |
no |
| create_unqualified_alias_lambda_function_url |
Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL |
bool |
true |
no |
| dead_letter_target_arn |
The ARN of an SNS topic or SQS queue to notify when an invocation fails. |
string |
null |
no |
| default_conditions |
(Optional) Default condtions to apply, at least one of the following is madatory: 'allow_main', 'allow_environment', 'deny_pull_request' and 'allow_all'. |
list(string) |
[
"allow_main",
"allow_environment"
] |
no |
| deployer_lambda_additional_permission |
Additional permission needed by lambda deployer in json format |
string |
null |
no |
| deployer_lambda_edge_additional_permission |
Additional permission needed by lambda edge deployer in json format |
string |
null |
no |
| description |
Lambda Function Description |
string |
"" |
no |
| enable_version_identifier |
Enable version identifier for lambda function |
bool |
false |
no |
| environment_variables |
A map that defines environment variables for the Lambda Function. |
map(string) |
{} |
no |
| ephemeral_storage_size |
Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). |
number |
512 |
no |
| event_source_mapping |
Map of event source mapping |
any |
{} |
no |
| function_name |
Lambda Function Name |
string |
n/a |
yes |
| function_prefix |
Prefix for the IAM role for lambda functions |
string |
"" |
no |
| function_tags |
A map of tags to assign only to the lambda function |
map(string) |
{} |
no |
| github_repo |
GitHub repo to grant access to assume a role via OIDC. |
object({
repo = string
branches = optional(list(string), [])
environments = optional(list(string), ["*"])
tags = optional(list(string), [])
# Custom Role name. It will autocreate based on repo if not provided
role_name = optional(string)
}) |
n/a |
yes |
| handler |
Lambda Function Index Handler |
string |
"index.handler" |
no |
| image_config_command |
The CMD for the docker image |
list(string) |
[] |
no |
| image_config_entry_point |
The ENTRYPOINT for the docker image |
list(string) |
[] |
no |
| image_config_working_directory |
The working directory for the docker image |
string |
null |
no |
| image_uri |
The ECR image URI containing the function's deployment package. |
string |
null |
no |
| kms_key_arn |
The ARN of KMS key to use by your Lambda Function |
string |
null |
no |
| lambda_at_edge |
Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function |
bool |
false |
no |
| lambda_role |
IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. |
string |
"" |
no |
| layers |
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. |
list(string) |
null |
no |
| logging_application_log_level |
The application log level of your lambda |
string |
"INFO" |
no |
| logging_log_format |
Logging format of your lambda |
string |
"Text" |
no |
| logging_log_group |
Log group that your lambda will use |
string |
null |
no |
| logging_system_log_level |
System log level of your lambda |
string |
"INFO" |
no |
| managed_policy_arns |
List of AWS managed policies to attach to IAM role for Lambda Function |
list(string) |
null |
no |
| memory_size |
Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. |
number |
128 |
no |
| number_of_managed_policies |
Number of AWS managed policies to attach to IAM role for Lambda Function |
number |
0 |
no |
| number_of_policy_jsons |
Number of policies JSON to attach to IAM role for Lambda Function |
number |
0 |
no |
| package_type |
The Lambda deployment package type. Valid options: Zip or Image |
string |
"Zip" |
no |
| policy_json |
An additional policy document as JSON to attach to the Lambda Function role |
string |
null |
no |
| policy_jsons |
List of additional policies for the lambda execution |
list(string) |
[] |
no |
| policy_statements |
Additional Inline Lambda Policy Statements |
any |
{} |
no |
| provisioned_concurrent_executions |
Amount of capacity to allocate. Set to 1 or greater to enable, or set to -1 to disable provisioned concurrency. |
number |
-1 |
no |
| publish |
Whether to publish creation/change as new Lambda Function Version. |
bool |
false |
no |
| recreate_missing_package |
Controls whether to recreate the package if it is missing |
bool |
true |
no |
| reserved_concurrent_executions |
The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. |
number |
-1 |
no |
| role_name |
Name of IAM role to use for Lambda Function. |
string |
null |
no |
| runtime |
Lambda Function runtime |
string |
"nodejs18.x" |
no |
| signing_bucket_name |
Name of the S3 bucket to store code for signing job |
string |
null |
no |
| signing_profile_name |
Name of the signer signing profile to use for signing job |
string |
null |
no |
| snap_start |
(Optional) Snap start settings for low-latency startups |
bool |
false |
no |
| source_path |
The absolute path to a local file or directory containing your Lambda source code |
string |
null |
no |
| tags |
A map of tags to assign to resources. |
map(string) |
{} |
no |
| timeout |
The amount of time your Lambda Function has to run in seconds. |
number |
3 |
no |
| tracing_mode |
Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. |
string |
null |
no |
| vpc_security_group_ids |
List of security group ids when Lambda Function should run in the VPC. |
list(string) |
null |
no |
| vpc_subnet_ids |
List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. |
list(string) |
null |
no |