Skip to content

Commit b717331

Browse files
authored
Add variables for lambda permissions (#4)
1 parent cce84a3 commit b717331

File tree

4 files changed

+52
-15
lines changed

4 files changed

+52
-15
lines changed

EXAMPLE.md

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -40,14 +40,15 @@ module "lambda_test" {
4040
Api gateway will invoke the lambda function where function is created from zip file named lambda.zip uploaded in s3 bucket where key is path for zip file in the bucket.
4141
```
4242
module "lambda_test" {
43-
source = "./lambda"
44-
function_name = "${var.prefix}-test-lambda"
45-
handler = "lambda.handler"
46-
lambda_runtime = "python3.x"
47-
s3_bucket = "${var.prefix}-test-lambda"
48-
s3_key = "lambda.zip"
49-
description = "Allow apigw to invoke lambda"
50-
apigw_execution_arn = "arn:aws:apigateway:region::resource-path-specifier"
43+
source = "./lambda"
44+
function_name = "${var.prefix}-test-lambda"
45+
handler = "lambda.handler"
46+
lambda_runtime = "python3.x"
47+
s3_bucket = "${var.prefix}-test-lambda"
48+
s3_key = "lambda.zip"
49+
description = "Allow apigw to invoke lambda"
50+
enable_api_invoke_permission = true
51+
apigw_execution_arn = "arn:aws:apigateway:region::resource-path-specifier"
5152
logs_retention = 14
5253
}
5354
```

README.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,12 @@ No modules.
4545
| <a name="input_cloudwatch_scheduler_arn"></a> [cloudwatch\_scheduler\_arn](#input\_cloudwatch\_scheduler\_arn) | Cloudwatch scheduler arn | `string` | `""` | no |
4646
| <a name="input_cognito_pool_arn"></a> [cognito\_pool\_arn](#input\_cognito\_pool\_arn) | Cognito pool arn | `string` | `""` | no |
4747
| <a name="input_description"></a> [description](#input\_description) | Lambda function description | `any` | n/a | yes |
48+
| <a name="input_enable_api_invoke_permission"></a> [enable\_api\_invoke\_permission](#input\_enable\_api\_invoke\_permission) | Enable api invoke permission | `bool` | `false` | no |
49+
| <a name="input_enable_cognito_invoke_permission"></a> [enable\_cognito\_invoke\_permission](#input\_enable\_cognito\_invoke\_permission) | Enable cognito invoke permission | `bool` | `false` | no |
50+
| <a name="input_enable_eventbridge_invoke_permission"></a> [enable\_eventbridge\_invoke\_permission](#input\_enable\_eventbridge\_invoke\_permission) | Enable eventbridge invoke permission | `bool` | `false` | no |
51+
| <a name="input_enable_scheduler_invoke_permission"></a> [enable\_scheduler\_invoke\_permission](#input\_enable\_scheduler\_invoke\_permission) | Enable scheduler invoke permission | `bool` | `false` | no |
52+
| <a name="input_enable_sns_invoke_permission"></a> [enable\_sns\_invoke\_permission](#input\_enable\_sns\_invoke\_permission) | Enable sns invoke permission | `bool` | `false` | no |
53+
| <a name="input_enable_sqs_invoke_permission"></a> [enable\_sqs\_invoke\_permission](#input\_enable\_sqs\_invoke\_permission) | Enable sqs invoke permission | `bool` | `false` | no |
4854
| <a name="input_env_vars_from_parameter_store"></a> [env\_vars\_from\_parameter\_store](#input\_env\_vars\_from\_parameter\_store) | Lambda environment variables from SSM parameter store | `map(any)` | `{}` | no |
4955
| <a name="input_environment_variables"></a> [environment\_variables](#input\_environment\_variables) | Environment Variables for Lambda Functions | `map(any)` | `{}` | no |
5056
| <a name="input_eventbridge_rule_arn"></a> [eventbridge\_rule\_arn](#input\_eventbridge\_rule\_arn) | Eventbridge rule arn | `string` | `""` | no |

main.tf

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@ resource "aws_lambda_function" "lambda" {
7070
# ------------------------------------------------------------------------------------------
7171

7272
resource "aws_lambda_permission" "api" {
73-
count = length(var.apigw_execution_arn) > 0 ? 1 : 0
73+
count = var.enable_api_invoke_permission ? 1 : 0
7474
statement_id = "AllowAPIGWLambdaInvoke"
7575
action = "lambda:InvokeFunction"
7676
function_name = aws_lambda_function.lambda.function_name
@@ -79,7 +79,7 @@ resource "aws_lambda_permission" "api" {
7979
}
8080

8181
resource "aws_lambda_permission" "cognito" {
82-
count = length(var.cognito_pool_arn) > 0 ? 1 : 0
82+
count = var.enable_cognito_invoke_permission ? 1 : 0
8383
statement_id = "AllowCognitoPoolLambdaInvoke"
8484
action = "lambda:InvokeFunction"
8585
function_name = aws_lambda_function.lambda.function_name
@@ -88,7 +88,7 @@ resource "aws_lambda_permission" "cognito" {
8888
}
8989

9090
resource "aws_lambda_permission" "sqs" {
91-
count = length(var.sqs_queue_arn) > 0 ? 1 : 0
91+
count = var.enable_sqs_invoke_permission ? 1 : 0
9292
statement_id = "AllowExecutionFromSQS"
9393
action = "lambda:InvokeFunction"
9494
function_name = aws_lambda_function.lambda.function_name
@@ -97,7 +97,7 @@ resource "aws_lambda_permission" "sqs" {
9797
}
9898

9999
resource "aws_lambda_permission" "eventbridge" {
100-
count = length(var.eventbridge_rule_arn) > 0 ? 1 : 0
100+
count = var.enable_eventbridge_invoke_permission ? 1 : 0
101101
statement_id = "AllowExecutionFromEventBridge"
102102
action = "lambda:InvokeFunction"
103103
function_name = aws_lambda_function.lambda.function_name
@@ -106,7 +106,7 @@ resource "aws_lambda_permission" "eventbridge" {
106106
}
107107

108108
resource "aws_lambda_permission" "sns" {
109-
count = length(var.sns_topic_arn) > 0 ? 1 : 0
109+
count = var.enable_sns_invoke_permission ? 1 : 0
110110
statement_id = "AllowInvocationFromSNS"
111111
action = "lambda:InvokeFunction"
112112
function_name = aws_lambda_function.lambda.function_name
@@ -115,7 +115,7 @@ resource "aws_lambda_permission" "sns" {
115115
}
116116

117117
resource "aws_lambda_permission" "cloudwatch_scheduler" {
118-
count = length(var.cloudwatch_scheduler_arn) > 0 ? 1 : 0
118+
count = var.enable_scheduler_invoke_permission ? 1 : 0
119119
statement_id = "AllowExecutionFromEventbridge"
120120
action = "lambda:InvokeFunction"
121121
function_name = aws_lambda_function.lambda.function_name

variables.tf

Lines changed: 31 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -134,4 +134,34 @@ variable "eventbridge_rule_arn" {
134134
variable "cloudwatch_scheduler_arn" {
135135
description = "Cloudwatch scheduler arn"
136136
default = ""
137-
}
137+
}
138+
139+
variable "enable_api_invoke_permission" {
140+
description = "Enable api invoke permission"
141+
default = false
142+
}
143+
144+
variable "enable_cognito_invoke_permission" {
145+
description = "Enable cognito invoke permission"
146+
default = false
147+
}
148+
149+
variable "enable_sqs_invoke_permission" {
150+
description = "Enable sqs invoke permission"
151+
default = false
152+
}
153+
154+
variable "enable_eventbridge_invoke_permission" {
155+
description = "Enable eventbridge invoke permission"
156+
default = false
157+
}
158+
159+
variable "enable_sns_invoke_permission" {
160+
description = "Enable sns invoke permission"
161+
default = false
162+
}
163+
164+
variable "enable_scheduler_invoke_permission" {
165+
description = "Enable scheduler invoke permission"
166+
default = false
167+
}

0 commit comments

Comments
 (0)