add support for apigw identifier change

Author: hong-yi

data.tf

@@ -23,6 +23,7 @@ data "aws_iam_policy_document" "update_lambda" {
     sid = "LambdaUpdateEvent"
 
     actions = [
+      "lambda:AddPermission",
       "lambda:UpdateFunctionCode",
       "lambda:UpdateFunctionConfiguration",
       "lambda:UpdateAlias",
@@ -33,6 +34,20 @@ data "aws_iam_policy_document" "update_lambda" {
     ]
     resources = ["arn:aws:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:${var.function_prefix}*"]
   }
+
+  dynamic "statement" {
+    for_each = var.enable_version_identifier ? [1] : []
+    content {
+      sid = "AllowApiGatewayInvoke"
+      actions = [
+        "apigateway:POST",
+        "apigateway:PUT",
+      ]
+      resources = [
+        var.apigw_arn,
+      ]
+    }
+  }
 }
 
 data "aws_iam_policy_document" "update_lambda_combined" {

variables.tf

@@ -457,3 +457,16 @@ variable "function_tags" {
   type        = map(string)
   default     = {}
 }
+
+# to allow deployments with api gateway triggers and update version whenever there is new deployment
+variable "enable_version_identifier" {
+  description = "Enable version identifier for lambda function"
+  type        = bool
+  default     = false
+}
+
+variable "apigw_arn" {
+  description = "API Gateway ARN"
+  type        = string
+  default     = null
+}