Merge branch 'master' into enh/multipleCollections

# Conflicts:
#	README.md

Author: yoshutch

README.md

@@ -4,10 +4,9 @@
 
 Terraform module that creates a generic lambda function that runs newman tests against a postman collection.
 
-This lambda function is intended for use
-with [CodeDeploy's lifecycle hooks](https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file-structure-hooks.html)
-. This lambda function will attempt to run the [newman](https://www.npmjs.com/package/newman) CLI to run your Postman
-collection as a test. This lambda function will tell CodeDeploy if the tests pass or fail.
+This lambda function is intended for use with [CodeDeploy's lifecycle hooks](https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file-structure-hooks.html).
+This lambda function will attempt to run the [newman](https://www.npmjs.com/package/newman) CLI to run your Postman collection as a test.
+This lambda function will tell CodeDeploy if the tests pass or fail.
 
 #### [New to Terraform Modules at BYU?](https://github.com/byu-oit/terraform-documentation)
 
@@ -47,11 +46,11 @@ module "fargate_api" {
   source = "github.com/byu-oit/terraform-aws-fargate-api?ref=" # latest version
   # .. all other variables
   codedeploy_lifecycle_hooks = {
-    BeforeInstall = null
-    AfterInstall = null
+    BeforeInstall         = null
+    AfterInstall          = null
     AfterAllowTestTraffic = module.postman_test_lambda.lambda_function.function_name
-    BeforeAllowTraffic = null
-    AfterAllowTraffic = null
+    BeforeAllowTraffic    = null
+    AfterAllowTraffic     = null
   }
 }
 ```
@@ -66,7 +65,7 @@ module "lambda_api" {
   # .. all other variables
   codedeploy_lifecycle_hooks = {
     BeforeAllowTraffic = module.postman_test_lambda.lambda_function.function_name
-    AfterAllowTraffic = null
+    AfterAllowTraffic  = null
   }
 }
 ```
@@ -117,6 +116,8 @@ module "postman_test_lambda" {
 | tags                          | map(string) | A map of AWS Tags to attach to each resource created                                                                                                 | {}      |
 | timeout                       | number      | The max number of seconds the lambda will run for without stopping.                                                | 30      |
 | memory_size                   | number      | The size of the memory of the lambda                                                                               | 128     |
+| vpc_id                        | string      | The id of the VPC the lambda will be behind if VPC configuration is desired. (must be provided with lambda_vpc_subnet_ids)          | null      |
+| vpc_subnet_ids         | list(string) | A list of subnet ids the lambda will be put in if VPC configuration is desired. (must be provided with vpc_id) | [] |
 
 ### postman_collection
 Object defining the collection and environment to run.
@@ -131,6 +132,7 @@ Object defining the collection and environment to run.
 | lambda_iam_role | [object](https://www.terraform.io/docs/providers/aws/r/iam_role.html#attributes-reference)        | Created IAM role for the `lambda_function`                                |
 | postman_files_bucket | [object](https://www.terraform.io/docs/providers/aws/r/s3_bucket.html#attributes-reference)  | Created S3 Bucket where local postman files are uploaded                  |
 | cloudwatch_log_group | [object](https://www.terraform.io/docs/providers/aws/r/cloudwatch_log_group.html#attributes-reference)  | Created CloudWatch Log Group for the postman lambda logs       |
+| lambda_security_group | [object](https://www.terraform.io/docs/providers/aws/r/security_group.html#attributes-reference) | Created security group for the lambda's VPC configuration. |
 
 ## Contributing
 

main.tf

@@ -29,6 +29,7 @@ locals {
     POSTMAN_API_KEY     = var.postman_api_key
   }
   lambda_function_name = "${var.app_name}-postman-tests"
+  using_vpc_config     = length(var.vpc_subnet_ids) > 0
 }
 
 # -----------------------------------------------------------------------------
@@ -187,6 +188,11 @@ resource "aws_lambda_function" "test_lambda" {
   depends_on = [
     aws_cloudwatch_log_group.lambda_logs,
   ]
+
+  vpc_config {
+    subnet_ids         = var.vpc_subnet_ids
+    security_group_ids = local.using_vpc_config ? [aws_security_group.lambda_vpc_sg[0].id] : []
+  }
 }
 
 resource "aws_iam_role" "test_lambda" {
@@ -238,6 +244,47 @@ resource "aws_iam_role_policy" "test_lambda" {
 EOF
 }
 
+# Role that allows lambda to create vpc config
+resource "aws_iam_role_policy" "lambda_vpc_policy" {
+  count = local.using_vpc_config ? 1 : 0
+
+  name = "${var.app_name}-postman-tests-vpc-policy"
+  role = aws_iam_role.test_lambda.name
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "ec2:CreateNetworkInterface",
+        "ec2:DescribeNetworkInterfaces",
+        "ec2:DeleteNetworkInterface"
+      ],
+      "Effect": "Allow",
+      "Resource": "*"
+    }
+  ]
+}
+  EOF
+}
+
+# A bare minimum security group for doing vpc config.
+resource "aws_security_group" "lambda_vpc_sg" {
+  count = local.using_vpc_config ? 1 : 0
+
+  name        = "${var.app_name}-postman-tests"
+  description = "Bare minimum security group for lambda."
+  vpc_id      = var.vpc_id
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
 resource "aws_cloudwatch_log_group" "lambda_logs" {
   name              = "/aws/lambda/${local.lambda_function_name}"
   retention_in_days = var.log_retention_in_days

outputs.tf

@@ -13,3 +13,7 @@ output "postman_files_bucket" {
 output "cloudwatch_log_group" {
   value = aws_cloudwatch_log_group.lambda_logs
 }
+
+output "lambda_security_group" {
+  value = local.using_vpc_config ? aws_security_group.lambda_vpc_sg[0] : null
+}

variables.tf

@@ -51,3 +51,15 @@ variable "timeout" {
   description = "the amount of time the lambda is allowed to run for"
   default     = 30
 }
+
+variable "vpc_subnet_ids" {
+  type        = list(string)
+  description = "Subnet ids that the lambda should be in."
+  default     = []
+}
+
+variable "vpc_id" {
+  type        = string
+  description = "ID for the lambda's VPC"
+  default     = null
+}