Skip to content

pbs-common/terraform-aws-lambda-module

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

350 Commits
.github
.github
 
 
docs
docs
 
 
examples
examples
 
 
scripts
scripts
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.golang-pkgs
.golang-pkgs
 
 
.terraform-docs.yml
.terraform-docs.yml
 
 
.terraform.lock.hcl
.terraform.lock.hcl
 
 
.tflint.hcl
.tflint.hcl
 
 
.tool-versions
.tool-versions
 
 
LICENSE
LICENSE
 
 
README-HEADER.md
README-HEADER.md
 
 
README.md
README.md
 
 
data.tf
data.tf
 
 
go.work
go.work
 
 
go.work.sum
go.work.sum
 
 
locals.tf
locals.tf
 
 
logs.tf
logs.tf
 
 
main.tf
main.tf
 
 
optional.tf
optional.tf
 
 
outputs.tf
outputs.tf
 
 
required.tf
required.tf
 
 
security.tf
security.tf
 
 
tags.tf
tags.tf
 
 
terraform.tf
terraform.tf
 
 

Repository files navigation

PBS TF Lambda Module

Installation

Using the Repo Source

github.com/pbs/terraform-aws-lambda-module?ref=2.0.0

Alternative Installation Methods

More information can be found on these install methods and more in the documentation here.

Usage

This module creates a Lambda function with a basic IAM role with SSM parameter authentication configured, along with logging.

By default, the Lambda function that is created also has integration with X-Ray and Lambda Insights enabled.

Integrate this module like so:

module "role" {
  source = "github.com/pbs/terraform-aws-lambda-module?ref=2.0.0"

  handler  = "main"
  filename = "../artifacts/handler.zip"
  runtime  = "go1.x"

  # Tagging Parameters
  organization = var.organization
  environment  = var.environment
  product      = var.product
  repo         = var.repo

  # Optional Parameters
}

Adding This Version of the Module

If this repo is added as a subtree, then the version of the module should be close to the version shown here:

2.0.0

Note, however that subtrees can be altered as desired within repositories.

Further documentation on usage can be found here.

Below is automatically generated documentation on this Terraform module using terraform-docs

Requirements

Name Version
terraform >= 1.13.0
aws >= 6.0.0

Providers

Name Version
aws 6.16.0

Modules

Name Source Version
default_role github.com/pbs/terraform-aws-iam-role-module 1.0.0

Resources

Name Type
aws_cloudwatch_log_group.log_group resource
aws_lambda_function.lambda resource
aws_security_group.sg resource
aws_security_group_rule.egress resource
aws_caller_identity.current data source
aws_default_tags.common_tags data source
aws_iam_policy_document.default_policy_document data source
aws_region.current data source
aws_subnets.private_subnets data source
aws_vpc.vpc data source

Inputs

Name Description Type Default Required
environment Environment (sharedtools, dev, staging, qa, prod) string n/a yes
organization Organization using this module. Used to prefix tags so that they are easily identified as being from your organization string n/a yes
owner Tag used to group resources according to product string n/a yes
product Tag used to group resources according to product string n/a yes
repo Tag used to point to the repo using this module string n/a yes
add_app_config_extension_layer Add the AWS-AppConfig-Lambda-Extension layer to the Lambda function. Ignored if layers is not null or if image_uri is defined. bool true no
add_ssm_extension_layer Add the AWS-Parameters-and-Secrets-Lambda-Extension layer to the Lambda function. Ignored if layers is not null or if image_uri is defined. bool true no
add_vpc_config Add VPC configuration to the Lambda function bool false no
allow_app_config_access Allow AppConfig access from the Lambda function. Ignored if policy_json or role_arn are set. bool true no
app_config_extension_account_number Account number for the AWS-AppConfig-Extension layer string "027255383542" no
app_config_extension_version Lambda layer version for the AWS-AppConfig-Extension layer number null no
architectures Architectures to target for the Lambda function list(string) 
[
  "x86_64"
]
 no
description Description for this lambda function string null no
environment_vars Map of environment variables for the Lambda. If null, defaults to setting an SSM_PATH based on the environment and name of the function. Set to {} if you would like for there to be no environment variables present. This is important if you are creating a Lambda@Edge. map(any) null no
ephemeral_storage_size Size of the ephemeral storage in MB. Ignored if runtime is not supported. number 512 no
file_system_config File system configuration for the Lambda function map(any) null no
filename Filename for the artifact to use for the Lambda string null no
handler Handler for the lambda function string null no
image_uri URI of the container image to use for the Lambda string null no
lambda_insights_extension_account_number Account number for the LambdaInsightsExtension layer string "580247275435" no
lambda_insights_extension_version Lambda layer version for the LambdaInsightsExtension layer number null no
layers Lambda layers to apply to function. If null, a Lambda Layer extension is added by default. list(string) null no
log_group_class Log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS string "STANDARD" no
log_retention_in_days Number of days to retain CloudWatch Log entries number 7 no
memory_size Amount of memory in MB your Lambda Function can use at runtime number 128 no
name Name of the Lambda function string null no
package_type Package type for the Lambda function. Valid values are Zip and Image. string "Zip" no
parameters_and_secrets_extension_account_number Account number for the AWS-Parameters-and-Secrets-Lambda-Extension layer string "177933569100" no
parameters_and_secrets_extension_version Lambda layer version for the AWS-Parameters-and-Secrets-Lambda-Extension layer number null no
permissions_boundary_arn ARN of the permissions boundary to use on the role created for this lambda string null no
policy_json Policy JSON. If null, default policy granting access to SSM and cloudwatch logs is used string null no
publish Whether to publish creation/change as new Lambda Function Version bool true no
role_arn ARN of the role to be used for this Lambda string null no
runtime Runtime for the lambda function string null no
security_group_id Security group ID. If null, one will be created. string null no
ssm_path SSM path to use for environment variables. If null, defaults to /${var.environment}/${local.name} string null no
subnets Subnets to use for the Lambda function. Ignored if add_vpc_config is false. If null, one will be looked up based on environment tag. list(string) null no
tags Extra tags map(string) {} no
timeout Timeout in seconds of the Lambda number 20 no
tracing_config_mode Tracing config mode for X-Ray integration on Lambda string "Active" no
use_prefix Use prefix for resources instead of explicitly defining whole name where possible bool true no
vpc_id VPC ID. If null, one will be looked up based on environment tag. string null no

Outputs

Name Description
arn ARN of the lambda function
invoke_arn Invocation ARN of the lambda function
name Name of the lambda function
qualified_arn Qualified ARN of the lambda function
sg Security group of the lambda function if there is one

About

Standard PBS TF Lambda Module

Resources

Readme

License

MIT license

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 56

2.0.0 Latest
Oct 20, 2025
+ 55 releases

Packages

No packages published

Contributors 6

Languages