diff --git a/README.md b/README.md
index d3dc42f..abed5c9 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,3 @@
-
## Requirements
| Name | Version |
@@ -12,7 +11,7 @@
| Name | Version |
|------|---------|
| [archive](#provider\_archive) | 2.3.0 |
-| [aws](#provider\_aws) | 5.45.0 |
+| [aws](#provider\_aws) | 5.37.0 |
## Modules
@@ -44,6 +43,7 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [allowed\_triggers](#input\_allowed\_triggers) | Map of allowed triggers to create Lambda permissions | `map(any)` | `{}` | no |
+| [apigw\_arn](#input\_apigw\_arn) | API Gateway ARN | `string` | `null` | no |
| [architectures](#input\_architectures) | Instruction set architecture for your Lambda function. Valid values are ["x86\_64"] and ["arm64"]. | `list(string)` | `null` | no |
| [attach\_network\_policy](#input\_attach\_network\_policy) | Flag to attach network policy to use VPC subnet and security group | `bool` | `false` | no |
| [attach\_policies](#input\_attach\_policies) | Controls whether AWS managed policies should be added to IAM role for Lambda Function (e.g AWSLambdaBasicExecutionRole) | `bool` | `false` | no |
@@ -66,16 +66,18 @@
| [create\_lambda\_role](#input\_create\_lambda\_role) | Controls whether the Lambda Role | `bool` | `true` | no |
| [create\_unqualified\_alias\_lambda\_function\_url](#input\_create\_unqualified\_alias\_lambda\_function\_url) | Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL | `bool` | `true` | no |
| [dead\_letter\_target\_arn](#input\_dead\_letter\_target\_arn) | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | `string` | `null` | no |
-| [default\_conditions](#input\_default\_conditions) | (Optional) Default condtions to apply, at least one of the following is madatory: 'allow\_main', 'allow\_environment', 'deny\_pull\_request' and 'allow\_all'. | `list(string)` | [
"allow_main",
"allow_environment"
]
| no |
+| [default\_conditions](#input\_default\_conditions) | (Optional) Default condtions to apply, at least one of the following is madatory: 'allow\_main', 'allow\_environment', 'deny\_pull\_request' and 'allow\_all'. | `list(string)` | [
"allow_main",
"allow_environment"
]
| no |
| [deployer\_lambda\_additional\_permission](#input\_deployer\_lambda\_additional\_permission) | Additional permission needed by lambda deployer in json format | `string` | `null` | no |
| [deployer\_lambda\_edge\_additional\_permission](#input\_deployer\_lambda\_edge\_additional\_permission) | Additional permission needed by lambda edge deployer in json format | `string` | `null` | no |
| [description](#input\_description) | Lambda Function Description | `string` | `""` | no |
+| [enable\_version\_identifier](#input\_enable\_version\_identifier) | Enable version identifier for lambda function | `bool` | `false` | no |
| [environment\_variables](#input\_environment\_variables) | A map that defines environment variables for the Lambda Function. | `map(string)` | `{}` | no |
| [ephemeral\_storage\_size](#input\_ephemeral\_storage\_size) | Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB). | `number` | `512` | no |
| [event\_source\_mapping](#input\_event\_source\_mapping) | Map of event source mapping | `any` | `{}` | no |
| [function\_name](#input\_function\_name) | Lambda Function Name | `string` | n/a | yes |
| [function\_prefix](#input\_function\_prefix) | Prefix for the IAM role for lambda functions | `string` | `""` | no |
-| [github\_repo](#input\_github\_repo) | GitHub repo to grant access to assume a role via OIDC. | object({
repo = string
branches = optional(list(string), [])
environments = optional(list(string), ["*"])
tags = optional(list(string), [])
# Custom Role name. It will autocreate based on repo if not provided
role_name = optional(string)
}) | n/a | yes |
+| [function\_tags](#input\_function\_tags) | A map of tags to assign only to the lambda function | `map(string)` | `{}` | no |
+| [github\_repo](#input\_github\_repo) | GitHub repo to grant access to assume a role via OIDC. | object({
repo = string
branches = optional(list(string), [])
environments = optional(list(string), ["*"])
tags = optional(list(string), [])
# Custom Role name. It will autocreate based on repo if not provided
role_name = optional(string)
}) | n/a | yes |
| [handler](#input\_handler) | Lambda Function Index Handler | `string` | `"index.handler"` | no |
| [image\_config\_command](#input\_image\_config\_command) | The CMD for the docker image | `list(string)` | `[]` | no |
| [image\_config\_entry\_point](#input\_image\_config\_entry\_point) | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no |
@@ -107,6 +109,7 @@
| [signing\_profile\_name](#input\_signing\_profile\_name) | Name of the signer signing profile to use for signing job | `string` | `null` | no |
| [snap\_start](#input\_snap\_start) | (Optional) Snap start settings for low-latency startups | `bool` | `false` | no |
| [source\_path](#input\_source\_path) | The absolute path to a local file or directory containing your Lambda source code | `string` | `null` | no |
+| [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no |
| [timeout](#input\_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no |
| [tracing\_mode](#input\_tracing\_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no |
| [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no |
@@ -129,4 +132,3 @@
| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function |
| [lambda\_role\_unique\_id](#output\_lambda\_role\_unique\_id) | The unique id of the IAM role created for the Lambda Function |
| [qualified\_arn](#output\_qualified\_arn) | The qualified arn of the lambda function to be associated with Cloudfront as a Lambda@Edge function |
-
diff --git a/data.tf b/data.tf
index cb2520b..8e52675 100644
--- a/data.tf
+++ b/data.tf
@@ -23,6 +23,7 @@ data "aws_iam_policy_document" "update_lambda" {
sid = "LambdaUpdateEvent"
actions = [
+ "lambda:AddPermission",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration",
"lambda:UpdateAlias",
@@ -33,6 +34,18 @@ data "aws_iam_policy_document" "update_lambda" {
]
resources = ["arn:aws:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:${var.function_prefix}*"]
}
+
+ dynamic "statement" {
+ for_each = var.enable_version_identifier ? [1] : []
+ content {
+ sid = "AllowApiGatewayInvoke"
+ actions = [
+ "apigateway:POST",
+ "apigateway:PUT",
+ ]
+ resources = ["arn:aws:apigateway:${data.aws_region.current.name}::/restapis/${var.apigw_id}/*"]
+ }
+ }
}
data "aws_iam_policy_document" "update_lambda_combined" {
diff --git a/variables.tf b/variables.tf
index 1f2ed5f..9b48615 100644
--- a/variables.tf
+++ b/variables.tf
@@ -457,3 +457,16 @@ variable "function_tags" {
type = map(string)
default = {}
}
+
+# to allow deployments with api gateway triggers and update version whenever there is new deployment
+variable "enable_version_identifier" {
+ description = "Enable version identifier for lambda function"
+ type = bool
+ default = false
+}
+
+variable "apigw_id" {
+ description = "API Gateway Id"
+ type = string
+ default = null
+}