Skip to content

lambda

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

lambda

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
bin
bin
 
 
examples
examples
 
 
layer
layer
 
 
trigger/schedule
trigger/schedule
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

lambda

Creates an AWS Lambda function

Perpetual aws_lambda_function diffs

As reported in hashicorp/terraform-provider-aws#15952, whenever you create a lambda function that both:

  • publishes versions on any code/configuration change by specifying publish = true (which is the default)
  • is placed in a VPC by providing security_group_ids and subnet_ids

terraform plan will always report that the lambda version and qualified_arn will change, even though neither the lambda source or its configuration changed.

In other words the plan will never be empty and terraform will never show "No changes. Infrastructure is up-to-date."

There's no good workaround for this. You will have to either:

  • disable publishing versions with publish = false and switch to always using the latest version
  • remove the lambda function from the VPC if it's possible to refactor the code so it doesn't have to have access to private subnets

Requirements

Name Version
terraform >= 0.12, <2.0
aws >= 3.19.0

Providers

Name Version
aws >= 3.19.0

Modules

Name Source Version
package ./../zip n/a

Resources

Name Type
aws_cloudwatch_log_group.lambda resource
aws_iam_role.lambda resource
aws_iam_role_policy_attachment.basic resource
aws_iam_role_policy_attachment.custom resource
aws_iam_role_policy_attachment.vpc resource
aws_lambda_function.lambda resource
aws_iam_policy_document.assume_lambda data source
aws_region.current data source

Inputs

Name Description Type Default Required
assume_role_principals Which additional AWS services can assume the lambda role and invoke it list(string) [] no
create Should resources be created bool true no
environment_variables Environment variables map(string) {} no
file_exclude_patterns Deprecated. Use the zip module and package_path input instead.

Source code file exclusion patterns in case some unnecessary files are matched by file_paths.		 list(string) [] no
file_patterns Deprecated. Use the zip module and package_path input instead.

Source code file path patterns to narrow files_dir contents.		 list(string) 
[
  "**"
]
 no
files Deprecated. Use the zip module and package_path input instead.

Source code map. Either files or files_dir has to be specified		 map(string) null no
files_dir Deprecated. Use the zip module and package_path input instead.

Source code directory path. Either files or files_dir has to be specified		 string null no
files_package_path Deprecated. Use the zip module and package_path input instead.

Path where the lambda package will be created when using files or files_dir.
See zip output_path input for details.		 string null no
handler Path to the event handler string "index.handler" no
image URI of a container image with the Lambda's source. Either package_path, package_s3 or image is required. string null no
layer_qualified_arns Lambda layers to include list(string) [] no
memory_size Amount of memory in MB your Lambda Function can use at runtime number 128 no
name Lambda name string n/a yes
package_path Path to the zip that contains the Lambda's source. Either package_path, package_s3 or image is required. string null no
package_s3 S3 zip object that contains the Lambda's source. Either package_path, package_s3 or image is required. 
object({
    bucket = string
    key    = string
  })
 null no
package_s3_version Version number of the S3 object to use string null no
policy_arns Additional policy ARNs to attach to the Lambda role map(string) {} no
publish Whether to create lambda versions when it's created and on any code or configuration changes.
When disabled the only available version will be $LATEST.		 bool true no
runtime Runtime string "nodejs18.x" no
security_group_ids Security groups to assign list(string) null no
subnet_ids Subnet ids to place the lambda in list(string) null no
tags Tags to set on resources that support them map(string) {} no
timeout The amount of time your Lambda Function has to run in seconds number 60 no

Outputs

Name Description
arn The ARN identifying the Lambda Function
invoke_arn The ARN to be used for invoking Lambda Function from API Gateway
metrics Cloudwatch monitoring metrics
name The Lambda Function name
qualified_arn The ARN identifying the Lambda Function Version
role_arn ARN of the role assumed by the lambda function
role_name Role assumed by the Lambda function
version Latest published version of the Lambda Function
widgets Cloudwatch dashboard widgets