Skip to main content

Lambda

Deploy a Lambda on AWS.

View on GitHub

Reference

  • assume_role_policy A custom assume role policy for the IAM role for this Lambda function. If not set, the default is a policy that allows the Lambda service to assume the IAM role, which is what most users will need. However, you can use this variable to override the policy for special cases, such as using a Lambda function to rotate AWS Secrets Manager secrets.
  • command The CMD for the docker image. Only used if you specify a Docker image via image_uri.
  • comparison_operator The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. Additionally, the values LessThanLowerOrGreaterThanUpperThreshold, LessThanLowerThreshold, and GreaterThanUpperThreshold are used only for alarms based on anomaly detection models.
  • create_resources Set to false to have this module skip creating resources. This weird parameter exists solely because Terraform does not support conditional modules. Therefore, this is a hack to allow you to conditionally decide if this module should create anything or not.
  • dead_letter_target_arn The ARN of an SNS topic or an SQS queue to notify when invocation of a Lambda function fails. If this option is used, you must grant this function's IAM role (the ID is outputted as iam_role_id) access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.
  • description A description of what the Lambda function does.
  • enable_versioning Set to true to enable versioning for this Lambda function. This allows you to use aliases to refer to execute different versions of the function in different environments. Note that an alternative way to run Lambda functions in multiple environments is to version your Terraform code.
  • entry_point The ENTRYPOINT for the docker image. Only used if you specify a Docker image via image_uri.
  • environment_variables A map of environment variables to pass to the Lambda function. AWS will automatically encrypt these with KMS and decrypt them when running the function.
  • evaluation_periods The number of periods over which data is compared to the specified threshold.
  • handler The function entrypoint in your code. This is typically the name of a function or method in your code that AWS will execute when this Lambda function is triggered.
  • kms_key_arn A custom KMS key to use to encrypt and decrypt Lambda function environment variables. Leave it blank to use the default KMS key provided in your AWS account.
  • layers The list of Lambda Layer Version ARNs to attach to your Lambda Function. You can have a maximum of 5 Layers attached to each function.
  • memory_size The maximum amount of memory, in MB, your Lambda function will be able to use at runtime. Can be set in 64MB increments from 128MB up to 1536MB. Note that the amount of CPU power given to a Lambda function is proportional to the amount of memory you request, so a Lambda function with 256MB of memory has twice as much CPU power as one with 128MB.
  • metric_name The name for the alarm's associated metric.
  • mount_to_file_system Set to true to mount your Lambda function on an EFS. Note that the lambda must also be deployed inside a VPC [(run_in_vpc](#(run_in_vpc) must be set to true) for this config to have any effect.
  • name The name of the Lambda function. Used to namespace all resources created by this module.
  • namespace The namespace to use for all resources created by this module. If not set, lambda_function_name, with '-scheduled' as a suffix, is used.
  • period The period in seconds over which the specified statistic is applied.
  • run_in_vpc Set to true to give your Lambda function access to resources within a VPC.
  • s3_bucket An S3 bucket location containing the function's deployment package. Exactly one of source_path or the s3_xxx variables must be specified.
  • should_create_outbound_rule If true, create an egress rule allowing all outbound traffic from Lambda function to the entire Internet (e.g. 0.0.0.0/0).
  • skip_zip Set to true to skip zip archive creation and assume that source_path points to a pregenerated zip archive.
  • source_path The path to the directory that contains your Lambda function source code. This code will be zipped up and uploaded to Lambda as your deployment package. If skip_zip is set to true, then this is assumed to be the path to an already-zipped file, and it will be uploaded directly to Lambda as a deployment package. Exactly one of source_path or the s3_xxx variables must be specified.
  • statistic The statistic to apply to the alarm's associated metric.
  • subnet_ids A list of subnet IDs the Lambda function should be able to access within your VPC. Only used if run_in_vpc is true.
  • tags A map of tags to apply to the Lambda function.
  • threshold The value against which the specified statistic is compared. This parameter is required for alarms based on static thresholds, but should not be used for alarms based on anomaly detection models.
  • timeout The maximum amount of time, in seconds, your Lambda function will be allowed to run. Must be between 1 and 900 seconds.
  • vpc_id The ID of the VPC the Lambda function should be able to access. Only used if run_in_vpc is true.
  • zip_output_path The path to store the output zip file of your source code. If empty, defaults to module path. This should be the full path to the zip file, not a directory.